diff --git a/.gitignore b/.gitignore index 8c31731..9cc2fff 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/nss-softokn-3.44.tar.gz +SOURCES/nss-softokn-3.53.1.tar.gz SOURCES/nss-softokn-cavs-1.0.tar.gz diff --git a/.nss-softokn.metadata b/.nss-softokn.metadata index 5ef9862..3fd5158 100644 --- a/.nss-softokn.metadata +++ b/.nss-softokn.metadata @@ -1,2 +1,2 @@ -a46411f9b88d1653cd0cfce840b5f932219695d2 SOURCES/nss-softokn-3.44.tar.gz +c44cc9a3297e1e4a6a1bad2885d51d8810e99bd0 SOURCES/nss-softokn-3.53.1.tar.gz d8a7f044570732caf4ed06fd44a63b3e86ea2a16 SOURCES/nss-softokn-cavs-1.0.tar.gz diff --git a/SOURCES/nss-3.44-encrypt-update.patch b/SOURCES/nss-3.44-encrypt-update.patch deleted file mode 100644 index 0c2441a..0000000 --- a/SOURCES/nss-3.44-encrypt-update.patch +++ /dev/null @@ -1,21 +0,0 @@ -# HG changeset patch -# User Craig Disselkoen -# Date 1574189697 25200 -# Tue Nov 19 11:54:57 2019 -0700 -# Branch NSS_3_44_BRANCH -# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec -# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6 -Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus - -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -1321,7 +1321,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes - } - /* encrypt the current padded data */ - rv = (*context->update)(context->cipherInfo, pEncryptedPart, -- &padoutlen, context->blockSize, context->padBuf, -+ &padoutlen, maxout, context->padBuf, - context->blockSize); - if (rv != SECSuccess) { - return sftk_MapCryptError(PORT_GetError()); diff --git a/SOURCES/nss-3.53.1-chacha-len.patch b/SOURCES/nss-3.53.1-chacha-len.patch new file mode 100644 index 0000000..ea83515 --- /dev/null +++ b/SOURCES/nss-3.53.1-chacha-len.patch @@ -0,0 +1,74 @@ + +# HG changeset patch +# User Benjamin Beurdouche +# Date 1595031218 0 +# Node ID c25adfdfab34ddb08d3262aac3242e3399de1095 +# Parent f282556e6cc7715f5754aeaadda6f902590e7e38 +Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea + +Differential Revision: https://phabricator.services.mozilla.com/D74801 + +diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +--- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc ++++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +@@ -40,28 +40,35 @@ class Pkcs11ChaCha20Poly1305Test + aead_params.ulNonceLen = iv_len; + aead_params.pAAD = toUcharPtr(aad); + aead_params.ulAADLen = aad_len; + aead_params.ulTagLen = 16; + + SECItem params = {siBuffer, reinterpret_cast(&aead_params), + sizeof(aead_params)}; + +- // Encrypt with bad parameters. ++ // Encrypt with bad parameters (TagLen is too long). + unsigned int encrypted_len = 0; + std::vector encrypted(data_len + aead_params.ulTagLen); + aead_params.ulTagLen = 158072; + SECStatus rv = + PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, encrypted_len); +- aead_params.ulTagLen = 16; ++ ++ // Encrypt with bad parameters (TagLen is too short). ++ aead_params.ulTagLen = 2; ++ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), ++ &encrypted_len, encrypted.size(), data, data_len); ++ EXPECT_EQ(SECFailure, rv); ++ EXPECT_EQ(0U, encrypted_len); + + // Encrypt. ++ aead_params.ulTagLen = 16; + rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + + // Return if encryption failure was expected due to invalid IV. + // Without valid ciphertext, all further tests can be skipped. + if (invalid_iv) { + EXPECT_EQ(rv, SECFailure); + EXPECT_EQ(0U, encrypted_len) +diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c +--- a/lib/freebl/chacha20poly1305.c ++++ b/lib/freebl/chacha20poly1305.c +@@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol + { + #ifdef NSS_DISABLE_CHACHAPOLY + return SECFailure; + #else + if (keyLen != 32) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } +- if (tagLen == 0 || tagLen > 16) { ++ if (tagLen != 16) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + PORT_Memcpy(ctx->key, key, sizeof(ctx->key)); + ctx->tagLen = tagLen; + + return SECSuccess; + diff --git a/SOURCES/nss-3.53.1-chacha-multi.patch b/SOURCES/nss-3.53.1-chacha-multi.patch new file mode 100644 index 0000000..d7ee5fb --- /dev/null +++ b/SOURCES/nss-3.53.1-chacha-multi.patch @@ -0,0 +1,96 @@ + +# HG changeset patch +# User Benjamin Beurdouche +# Date 1595031194 0 +# Node ID f282556e6cc7715f5754aeaadda6f902590e7e38 +# Parent 89733253df83ef7fe8dd0d49f6370b857e93d325 +Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea + +Depends on D74801 + +Differential Revision: https://phabricator.services.mozilla.com/D83994 + +diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc +--- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc ++++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc +@@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn + ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess); + + PK11_FreeSymKey(key); + PK11_FreeSlot(slot); + PK11_DestroyContext(ctx, PR_TRUE); + NSS_ShutdownContext(globalctx); + } + ++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { ++ PK11SlotInfo* slot; ++ PK11SymKey* key; ++ PK11Context* ctx; ++ ++ NSSInitContext* globalctx = ++ NSS_InitContext("", "", "", "", NULL, ++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | ++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); ++ ++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; ++ ++ slot = PK11_GetInternalSlot(); ++ ASSERT_TRUE(slot); ++ ++ // Use arbitrary bytes for the ChaCha20 key and IV ++ uint8_t key_bytes[32]; ++ for (size_t i = 0; i < 32; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem keyItem = {siBuffer, key_bytes, 32}; ++ ++ uint8_t iv_bytes[16]; ++ for (size_t i = 0; i < 16; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem ivItem = {siBuffer, iv_bytes, 16}; ++ ++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem); ++ ++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, ++ &keyItem, NULL); ++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); ++ ASSERT_TRUE(key); ++ ASSERT_TRUE(ctx); ++ ++ uint8_t outbuf[128]; ++ // This is supposed to fail for Chacha20. This is because the underlying ++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for ++ // which multi-part is disabled for ChaCha20 in counter mode. ++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); ++ ++ PK11_FreeSymKey(key); ++ PK11_FreeSlot(slot); ++ SECITEM_FreeItem(param, PR_TRUE); ++ PK11_DestroyContext(ctx, PR_TRUE); ++ NSS_ShutdownContext(globalctx); ++} ++ + } // namespace nss_test +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio + + case CKM_NSS_CHACHA20_CTR: /* old NSS private version */ + case CKM_CHACHA20: /* PKCS #11 v3 version */ + { + unsigned char *counter; + unsigned char *nonce; + unsigned long counter_len; + unsigned long nonce_len; ++ context->multi = PR_FALSE; + if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) { + if (key_type != CKK_NSS_CHACHA20) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + diff --git a/SOURCES/nss-3.53.1-cmac-kdf-selftests.patch b/SOURCES/nss-3.53.1-cmac-kdf-selftests.patch new file mode 100644 index 0000000..09482c4 --- /dev/null +++ b/SOURCES/nss-3.53.1-cmac-kdf-selftests.patch @@ -0,0 +1,1271 @@ +diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c +--- a/lib/freebl/fipsfreebl.c ++++ b/lib/freebl/fipsfreebl.c +@@ -17,6 +17,7 @@ + #include "prtypes.h" + #include "secitem.h" + #include "pkcs11t.h" ++#include "cmac.h" + + #include "ec.h" /* Required for EC */ + +@@ -99,6 +100,7 @@ + #define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */ + #define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */ + #define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */ ++#define FIPS_AES_CMAC_LENGTH 16 /* 128-bits */ + #define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */ + #define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */ + #define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */ +@@ -310,6 +312,11 @@ + 0x8b, 0xde, 0xbf, 0x16, 0x5e, 0x57, 0x6b, 0x4f + }; + ++ static const PRUint8 aes_cmac128_known_ciphertext[] = { ++ 0x54, 0x11, 0xe2, 0x57, 0xbd, 0x2a, 0xdf, 0x9d, ++ 0x1a, 0x89, 0x72, 0x80, 0x84, 0x4c, 0x7e, 0x93 ++ }; ++ + /* AES Known Ciphertext (192-bit key). */ + static const PRUint8 aes_ecb192_known_ciphertext[] = { + 0xa0, 0x18, 0x62, 0xed, 0x88, 0x19, 0xcb, 0x62, +@@ -328,6 +335,11 @@ + 0x90, 0x2e, 0x44, 0xbb, 0x52, 0x03, 0xe9, 0x07 + }; + ++ static const PRUint8 aes_cmac192_known_ciphertext[] = { ++ 0x0e, 0x07, 0x99, 0x1e, 0xf6, 0xee, 0xfa, 0x2c, ++ 0x1b, 0xfc, 0xce, 0x94, 0x92, 0x2d, 0xf1, 0xab ++ }; ++ + /* AES Known Ciphertext (256-bit key). */ + static const PRUint8 aes_ecb256_known_ciphertext[] = { + 0xdb, 0xa6, 0x52, 0x01, 0x8a, 0x70, 0xae, 0x66, +@@ -346,6 +358,12 @@ + 0xf4, 0xb0, 0xc1, 0x8c, 0x86, 0x51, 0xf5, 0xa1 + }; + ++ static const PRUint8 aes_cmac256_known_ciphertext[] = { ++ 0xc1, 0x26, 0x69, 0x32, 0x51, 0x13, 0x65, 0xac, ++ 0x71, 0x23, 0xe4, 0xe7, 0xb9, 0x0c, 0x88, 0x9f ++ ++ }; ++ + const PRUint8 *aes_ecb_known_ciphertext = + (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext; + +@@ -355,10 +373,14 @@ + const PRUint8 *aes_gcm_known_ciphertext = + (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_gcm192_known_ciphertext : aes_gcm256_known_ciphertext; + ++ const PRUint8 *aes_cmac_known_ciphertext = ++ (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext : aes_cmac256_known_ciphertext; ++ + /* AES variables. */ + PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH * 2]; + PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH * 2]; + AESContext *aes_context; ++ CMACContext *cmac_context; + unsigned int aes_bytes_encrypted; + unsigned int aes_bytes_decrypted; + CK_NSS_GCM_PARAMS gcmParams; +@@ -547,6 +569,44 @@ + return (SECFailure); + } + ++ /******************************************************/ ++ /* AES-CMAC Known Answer Encryption Test. */ ++ /******************************************************/ ++ cmac_context = CMAC_Create(CMAC_AES, aes_known_key, aes_key_size); ++ ++ if (cmac_context == NULL) { ++ PORT_SetError(SEC_ERROR_NO_MEMORY); ++ return (SECFailure); ++ } ++ ++ aes_status = CMAC_Begin(cmac_context); ++ if (aes_status != SECSuccess) { ++ CMAC_Destroy(cmac_context, PR_TRUE); ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++ aes_status = CMAC_Update(cmac_context, aes_known_plaintext, ++ FIPS_AES_DECRYPT_LENGTH); ++ if (aes_status != SECSuccess) { ++ CMAC_Destroy(cmac_context, PR_TRUE); ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++ aes_status = CMAC_Finish(cmac_context, aes_computed_ciphertext, ++ &aes_bytes_encrypted, FIPS_AES_CMAC_LENGTH); ++ ++ CMAC_Destroy(cmac_context, PR_TRUE); ++ ++ if ((aes_status != SECSuccess) || ++ (aes_bytes_encrypted != FIPS_AES_CMAC_LENGTH) || ++ (PORT_Memcmp(aes_computed_ciphertext, aes_cmac_known_ciphertext, ++ FIPS_AES_CMAC_LENGTH) != 0)) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ + return (SECSuccess); + } + +@@ -743,6 +803,170 @@ + return (SECSuccess); + } + ++SECStatus ++freebl_fips_TLS_PowerUpSelfTest(void) ++{ ++ static const PRUint8 TLS_known_secret_key[] = { ++ "Firefox and ThunderBird are awesome!" ++ }; ++ ++ static const PRUint8 TLS_known_secret_key_length = sizeof TLS_known_secret_key; ++ ++ /* known tls prf with sha1/md5 */ ++ static const PRUint8 known_TLS_PRF[] = { ++ 0x87, 0x4c, 0xc0, 0xc5, 0x15, 0x14, 0x2b, 0xdc, ++ 0x73, 0x48, 0x9e, 0x88, 0x9d, 0xf5, 0x83, 0x2f, ++ 0x2d, 0x66, 0x1e, 0x78, 0x6c, 0x54, 0x78, 0x29, ++ 0xb9, 0xa4, 0x4c, 0x90, 0x5e, 0xa2, 0xe6, 0x5c, ++ 0xf1, 0x4f, 0xb5, 0x95, 0xa5, 0x54, 0xc0, 0x9f, ++ 0x84, 0x47, 0xb4, 0x4c, 0xda, 0xae, 0x19, 0x29, ++ 0x2b, 0x91, 0x2a, 0x81, 0x9d, 0x3a, 0x30, 0x40, ++ 0xc5, 0xdf, 0xbb, 0xfa, 0xd8, 0x4c, 0xbc, 0x18 ++ }; ++ ++ /* known SHA256 tls mac */ ++ static const PRUint8 known_TLS_SHA256[] = { ++ 0x66, 0xd6, 0x94, 0xd4, 0x0d, 0x32, 0x61, 0x38, ++ 0x26, 0xf6, 0x8b, 0xfe, 0x9e, 0xac, 0xa2, 0xf5, ++ 0x40, 0x52, 0x74, 0x3f, 0xbe, 0xb8, 0xca, 0x94, ++ 0xc3, 0x64, 0xd6, 0x02, 0xf5, 0x88, 0x98, 0x35, ++ 0x73, 0x9f, 0xce, 0xaa, 0x68, 0xe3, 0x7c, 0x93, ++ 0x30, 0x21, 0x45, 0xec, 0xe9, 0x8f, 0x1c, 0x7e, ++ 0xd1, 0x54, 0xf5, 0xbe, 0xff, 0xc8, 0xd7, 0x72, ++ 0x7f, 0x9c, 0x0c, 0x7f, 0xa9, 0xd3, 0x4a, 0xd2 ++ }; ++ ++#ifdef NSS_FULL_POST ++ /* known SHA224 tls mac */ ++ static const PRUint8 known_TLS_SHA224[] = { ++ 0xd8, 0x68, 0x15, 0xff, 0xa1, 0xa2, 0x5e, 0x16, ++ 0xce, 0xb1, 0xfd, 0xbd, 0xda, 0x39, 0xbc, 0xa7, ++ 0x27, 0x32, 0x78, 0x94, 0x66, 0xf0, 0x84, 0xcf, ++ 0x46, 0xc0, 0x22, 0x76, 0xdc, 0x6b, 0x2e, 0xed, ++ 0x1d, 0x2d, 0xd2, 0x93, 0xfd, 0xae, 0xca, 0xf9, ++ 0xe0, 0x4c, 0x17, 0x23, 0x22, 0x5a, 0x73, 0x93, ++ 0x20, 0x0a, 0xbd, 0xa0, 0x72, 0xf8, 0x8b, 0x74, ++ 0xfb, 0xf1, 0xab, 0xb7, 0xe0, 0xec, 0x34, 0xc9 ++ }; ++ ++ /* known SHA384 tls mac */ ++ static const PRUint8 known_TLS_SHA384[] = { ++ 0xb2, 0xac, 0x06, 0x10, 0xad, 0x50, 0xd5, 0xdc, ++ 0xdb, 0x01, 0xea, 0xa6, 0x2d, 0x8a, 0x34, 0xb6, ++ 0xeb, 0x84, 0xbc, 0x37, 0xc9, 0x9f, 0xa1, 0x9c, ++ 0xd5, 0xbd, 0x4e, 0x66, 0x16, 0x24, 0xe5, 0x3d, ++ 0xce, 0x74, 0xe0, 0x30, 0x41, 0x5c, 0xdb, 0xb7, ++ 0x52, 0x1d, 0x2d, 0x4d, 0x9b, 0xbe, 0x6b, 0x86, ++ 0xda, 0x8a, 0xca, 0x73, 0x39, 0xb4, 0xc7, 0x8f, ++ 0x03, 0xb1, 0xf9, 0x7e, 0x65, 0xae, 0x17, 0x10 ++ }; ++ ++ /* known SHA512 tls mac */ ++ static const PRUint8 known_TLS_SHA512[] = { ++ 0x73, 0x21, 0x4f, 0x40, 0x81, 0x1e, 0x90, 0xa1, ++ 0x16, 0x40, 0x1e, 0x33, 0x69, 0xc5, 0x00, 0xc7, ++ 0xc4, 0x81, 0xa3, 0x4f, 0xa7, 0xcc, 0x4a, 0xeb, ++ 0x1a, 0x66, 0x00, 0x82, 0x52, 0xe2, 0x2f, 0x69, ++ 0x14, 0x59, 0x05, 0x7c, 0xb0, 0x32, 0xce, 0xcc, ++ 0xb7, 0xc9, 0xab, 0x0f, 0x73, 0x00, 0xe5, 0x52, ++ 0x9d, 0x6b, 0x0e, 0x66, 0x4b, 0xb3, 0x0b, 0x0d, ++ 0x34, 0x53, 0x97, 0x13, 0x84, 0x18, 0x31, 0x7a ++ }; ++#endif ++ ++ SECStatus status; ++ PRUint8 tls_computed[HASH_LENGTH_MAX]; ++ SECItem secret; ++ SECItem seed; ++ SECItem result; ++ const char *tls_label = "fips test label"; ++ ++ secret.data = (unsigned char *)TLS_known_secret_key; ++ secret.len = TLS_known_secret_key_length; ++ seed.data = (unsigned char *)known_hash_message; ++ seed.len = FIPS_KNOWN_HASH_MESSAGE_LENGTH; ++ result.data = tls_computed; ++ result.len = sizeof(tls_computed); ++ ++ /***************************************************/ ++ /* TLS 1.0 PRF Known Answer Test */ ++ /***************************************************/ ++ ++ status = TLS_PRF(&secret, tls_label, &seed, &result, PR_TRUE); ++ ++ if ((status != SECSuccess) || ++ (result.len != HASH_LENGTH_MAX) || ++ (PORT_Memcmp(tls_computed, known_TLS_PRF, ++ HASH_LENGTH_MAX) != 0)) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++ /***************************************************/ ++ /* TLS 1.2 SHA-256 Known Answer Test. */ ++ /***************************************************/ ++ ++ status = TLS_P_hash(HASH_AlgSHA256, &secret, tls_label, ++ &seed, &result, PR_TRUE); ++ ++ if ((status != SECSuccess) || ++ (result.len != HASH_LENGTH_MAX) || ++ (PORT_Memcmp(tls_computed, known_TLS_SHA256, ++ HASH_LENGTH_MAX) != 0)) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++#ifdef NSS_FULL_POST ++ /***************************************************/ ++ /* TLS 1.2 SHA-224 Known Answer Test. */ ++ /***************************************************/ ++ ++ status = TLS_P_hash(HASH_AlgSHA224, &secret, tls_label, ++ &seed, &result, PR_TRUE); ++ ++ if ((status != SECSuccess) || ++ (result.len != HASH_LENGTH_MAX) || ++ (PORT_Memcmp(tls_computed, known_TLS_SHA224, ++ HASH_LENGTH_MAX) != 0)) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++ /***************************************************/ ++ /* TLS 1.2 SHA-384 Known Answer Test. */ ++ /***************************************************/ ++ ++ status = TLS_P_hash(HASH_AlgSHA384, &secret, tls_label, ++ &seed, &result, PR_TRUE); ++ ++ if ((status != SECSuccess) || ++ (result.len != HASH_LENGTH_MAX) || ++ (PORT_Memcmp(tls_computed, known_TLS_SHA384, ++ HASH_LENGTH_MAX) != 0)) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++ /***************************************************/ ++ /* TLS 1.2 SHA-512 Known Answer Test. */ ++ /***************************************************/ ++ ++ status = TLS_P_hash(HASH_AlgSHA512, &secret, tls_label, ++ &seed, &result, PR_TRUE); ++ ++ if ((status != SECSuccess) || ++ (result.len != HASH_LENGTH_MAX) || ++ (PORT_Memcmp(tls_computed, known_TLS_SHA512, ++ HASH_LENGTH_MAX) != 0)) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++#endif ++ ++ return (SECSuccess); ++} ++ + static SECStatus + freebl_fips_SHA_PowerUpSelfTest(void) + { +@@ -1842,6 +2066,12 @@ + if (rv != SECSuccess) + return rv; + ++ /* TLS PRF Power-Up SelfTest(s). */ ++ rv = freebl_fips_TLS_PowerUpSelfTest(); ++ ++ if (rv != SECSuccess) ++ return rv; ++ + /* NOTE: RSA can only be tested in full freebl. It requires access to + * the locking primitives */ + /* RSA Power-Up SelfTest(s). */ +diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c +--- a/lib/softoken/fipstest.c ++++ b/lib/softoken/fipstest.c +@@ -13,6 +13,7 @@ + #include "secoid.h" + #include "secerr.h" + #include "pkcs11i.h" ++#include "lowpbe.h" + + /* + * different platforms have different ways of calling and initial entry point +@@ -581,6 +582,106 @@ + return (SECFailure); + } + ++static SECStatus ++sftk_fips_HKDF_PowerUpSelfTest(void) ++{ ++ SECStatus status; ++ static const unsigned char base_key[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, ++ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, ++ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, ++ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f ++ }; ++ static const unsigned char known_hkdf_sha256_key[] = { ++ 0xdd, 0xdb, 0xeb, 0xe5, 0x6d, 0xd2, 0x96, 0xa4, ++ 0x07, 0xc5, 0x7d, 0xda, 0x31, 0x56, 0x8d, 0xa5, ++ 0x41, 0x3e, 0x90, 0xd4, 0xe6, 0x98, 0xeb, 0xf8, ++ 0x5a, 0x49, 0x7f, 0x38, 0xef, 0x01, 0x8a, 0xe5, ++ 0xda, 0x36, 0xe5, 0xcf, 0x21, 0xe3, 0x9f, 0xc3, ++ 0x32, 0xb3, 0x1e, 0xf6, 0xc5, 0x10, 0x4c, 0x86, ++ 0x53, 0x5e, 0x6f, 0xe0, 0x63, 0x6e, 0x43, 0x33, ++ 0x61, 0x35, 0xf4, 0x17, 0x10, 0x77, 0x75, 0x2a ++ }; ++/* current NIST IG's say we only need to test one instance ++ * of kdfs, keep these others around in case the guidance ++ * changes */ ++#ifdef NSS_FULL_POST ++ static const unsigned char known_hkdf_sha384_key[] = { ++ 0x35, 0x64, 0xc4, 0xa1, 0xcc, 0xc1, 0xdc, 0xe4, ++ 0xe2, 0xca, 0x51, 0xae, 0xe8, 0x92, 0x88, 0x30, ++ 0x8b, 0xb0, 0x2b, 0xac, 0x00, 0x15, 0xac, 0x15, ++ 0x97, 0xc9, 0xf4, 0x6b, 0xf6, 0x3f, 0x97, 0xea, ++ 0x48, 0x55, 0x38, 0x25, 0x06, 0x5d, 0x91, 0x64, ++ 0xbd, 0x09, 0xf3, 0x44, 0xbc, 0x82, 0xbe, 0xdb, ++ 0x5c, 0xd7, 0xf2, 0x24, 0xa5, 0x55, 0x8d, 0xa9, ++ 0xa8, 0x85, 0xde, 0x8c, 0x33, 0xe0, 0x4d, 0xc3 ++ }; ++ static const unsigned char known_hkdf_sha512_key[] = { ++ 0x63, 0x4e, 0xbc, 0x42, 0xb3, 0x56, 0x74, 0x7d, ++ 0x1b, 0x55, 0xf0, 0x34, 0x54, 0xcb, 0x6d, 0x58, ++ 0x39, 0x96, 0x10, 0xda, 0x03, 0x20, 0x8f, 0x77, ++ 0x0d, 0xb4, 0xf7, 0xf6, 0x67, 0x0d, 0x5b, 0x6b, ++ 0xd0, 0x30, 0xc4, 0xdd, 0x67, 0x61, 0x5d, 0x9a, ++ 0xf5, 0x18, 0x6e, 0x1b, 0x60, 0x97, 0xc2, 0x4d, ++ 0x23, 0x43, 0x69, 0xe6, 0x3b, 0xa5, 0xdf, 0xe9, ++ 0x7c, 0xf1, 0x87, 0x48, 0x6f, 0xb9, 0xd3, 0x02 ++ }; ++#endif ++ unsigned char outBytes[64] = { 0 }; ++ ++ CK_HKDF_PARAMS hkdf_params; ++ ++ hkdf_params.bExpand = CK_TRUE; ++ hkdf_params.bExtract = CK_TRUE; ++ hkdf_params.ulSaltType = CKF_HKDF_SALT_DATA; ++ hkdf_params.pSalt = (CK_BYTE_PTR)base_key; ++ hkdf_params.ulSaltLen = sizeof(base_key); ++ hkdf_params.pInfo = (CK_BYTE_PTR)base_key; ++ hkdf_params.ulInfoLen = sizeof(base_key); ++ ++ /**************************************************/ ++ /* HKDF tests */ ++ /**************************************************/ ++ ++ hkdf_params.prfHashMechanism = CKM_SHA256_HMAC; ++ status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, ++ base_key, 32, NULL, outBytes, sizeof(outBytes), ++ PR_TRUE, PR_TRUE); ++ if ((status != SECSuccess) || ++ PORT_Memcmp(outBytes, known_hkdf_sha256_key, sizeof(outBytes)) != 0) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++#ifdef NSS_FULL_POST ++ hkdf_params.prfHashMechanism = CKM_SHA384_HMAC; ++ status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, ++ base_key, 48, NULL, outBytes, sizeof(outBytes), ++ PR_TRUE, PR_TRUE); ++ if ((status != SECSuccess) || ++ PORT_Memcmp(outBytes, known_hkdf_sha384_key, sizeof(outBytes)) != 0) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++ ++ hkdf_params.prfHashMechanism = CKM_SHA512_HMAC; ++ status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, ++ base_key, 64, NULL, outBytes, sizeof(outBytes), ++ PR_TRUE, PR_TRUE); ++ if ((status != SECSuccess) || ++ PORT_Memcmp(outBytes, known_hkdf_sha512_key, sizeof(outBytes)) != 0) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return (SECFailure); ++ } ++#endif ++ ++ return (SECSuccess); ++} ++ + static PRBool sftk_self_tests_ran = PR_FALSE; + static PRBool sftk_self_tests_success = PR_FALSE; + +@@ -631,6 +732,22 @@ + if (rv != SECSuccess) { + return; + } ++ ++ rv = sftk_fips_SP800_108_PowerUpSelfTests(); ++ if (rv != SECSuccess) { ++ return; ++ } ++ ++ rv = sftk_fips_HKDF_PowerUpSelfTest(); ++ if (rv != SECSuccess) { ++ return; ++ } ++ ++ rv = sftk_fips_pbkdf_PowerUpSelfTests(); ++ if (rv != SECSuccess) { ++ return; ++ } ++ + sftk_self_tests_success = PR_TRUE; + } + +diff --git a/lib/softoken/kbkdf.c b/lib/softoken/kbkdf.c +--- a/lib/softoken/kbkdf.c ++++ b/lib/softoken/kbkdf.c +@@ -90,7 +90,7 @@ + } + + static CK_RV +-kbkdf_ValidateParameter(CK_MECHANISM_TYPE mech, CK_PRF_DATA_PARAM_PTR data) ++kbkdf_ValidateParameter(CK_MECHANISM_TYPE mech, const CK_PRF_DATA_PARAM *data) + { + /* This function validates that the passed data parameter (data) conforms + * to PKCS#11 v3.0's expectations for KDF parameters. This depends both on +@@ -265,7 +265,7 @@ + } + + static CK_RV +-kbkdf_ValidateParameters(CK_MECHANISM_TYPE mech, CK_SP800_108_KDF_PARAMS_PTR params, CK_ULONG keySize) ++kbkdf_ValidateParameters(CK_MECHANISM_TYPE mech, const CK_SP800_108_KDF_PARAMS *params, CK_ULONG keySize) + { + CK_RV ret = CKR_MECHANISM_PARAM_INVALID; + int param_type_count[5] = { 0, 0, 0, 0, 0 }; +@@ -344,7 +344,7 @@ + /* [ section: parameter helpers ] */ + + static CK_VOID_PTR +-kbkdf_FindParameter(CK_SP800_108_KDF_PARAMS_PTR params, CK_PRF_DATA_TYPE type) ++kbkdf_FindParameter(const CK_SP800_108_KDF_PARAMS *params, CK_PRF_DATA_TYPE type) + { + for (size_t offset = 0; offset < params->ulNumberOfDataParams; offset++) { + if (params->pDataParams[offset].type == type) { +@@ -392,7 +392,7 @@ + } + + static CK_RV +-kbkdf_CalculateLength(CK_SP800_108_KDF_PARAMS_PTR params, sftk_MACCtx *ctx, CK_ULONG ret_key_size, PRUint64 *output_bitlen, size_t *buffer_length) ++kbkdf_CalculateLength(const CK_SP800_108_KDF_PARAMS *params, sftk_MACCtx *ctx, CK_ULONG ret_key_size, PRUint64 *output_bitlen, size_t *buffer_length) + { + /* Two cases: either we have additional derived keys or we don't. In the + * case that we don't, the length of the derivation is the size of the +@@ -465,7 +465,7 @@ + } + + static CK_RV +-kbkdf_CalculateIterations(CK_MECHANISM_TYPE mech, CK_SP800_108_KDF_PARAMS_PTR params, sftk_MACCtx *ctx, size_t buffer_length, PRUint32 *num_iterations) ++kbkdf_CalculateIterations(CK_MECHANISM_TYPE mech, const CK_SP800_108_KDF_PARAMS *params, sftk_MACCtx *ctx, size_t buffer_length, PRUint32 *num_iterations) + { + CK_SP800_108_COUNTER_FORMAT_PTR param_ptr = NULL; + PRUint64 iteration_count; +@@ -519,7 +519,7 @@ + } + + static CK_RV +-kbkdf_AddParameters(CK_MECHANISM_TYPE mech, sftk_MACCtx *ctx, CK_SP800_108_KDF_PARAMS *params, PRUint32 counter, PRUint64 length, unsigned char *chaining_prf, size_t chaining_prf_len, CK_PRF_DATA_TYPE exclude) ++kbkdf_AddParameters(CK_MECHANISM_TYPE mech, sftk_MACCtx *ctx, const CK_SP800_108_KDF_PARAMS *params, PRUint32 counter, PRUint64 length, const unsigned char *chaining_prf, size_t chaining_prf_len, CK_PRF_DATA_TYPE exclude) + { + size_t offset = 0; + CK_RV ret = CKR_OK; +@@ -749,7 +749,7 @@ + /* [ section: KDFs ] */ + + static CK_RV +-kbkdf_CounterRaw(CK_SP800_108_KDF_PARAMS_PTR params, sftk_MACCtx *ctx, unsigned char *ret_buffer, size_t buffer_length, PRUint64 output_bitlen) ++kbkdf_CounterRaw(const CK_SP800_108_KDF_PARAMS *params, sftk_MACCtx *ctx, unsigned char *ret_buffer, size_t buffer_length, PRUint64 output_bitlen) + { + CK_RV ret = CKR_OK; + +@@ -837,7 +837,7 @@ + } + + static CK_RV +-kbkdf_FeedbackRaw(CK_SP800_108_KDF_PARAMS_PTR params, unsigned char *initial_value, CK_ULONG initial_value_length, sftk_MACCtx *ctx, unsigned char *ret_buffer, size_t buffer_length, PRUint64 output_bitlen) ++kbkdf_FeedbackRaw(const CK_SP800_108_KDF_PARAMS *params, const unsigned char *initial_value, CK_ULONG initial_value_length, sftk_MACCtx *ctx, unsigned char *ret_buffer, size_t buffer_length, PRUint64 output_bitlen) + { + CK_RV ret = CKR_OK; + +@@ -859,7 +859,7 @@ + * chaining in this KDF. Note that we have to make it large enough to + * fit the output of the PRF, but we can delay its actual creation until + * the first PRF invocation. Until then, point to the IV value. */ +- unsigned char *chaining_value = initial_value; ++ unsigned char *chaining_value = (unsigned char *)initial_value; + + /* Size of the chaining value discussed above. Defaults to the size of + * the IV value. */ +@@ -962,7 +962,7 @@ + } + + static CK_RV +-kbkdf_PipelineRaw(CK_SP800_108_KDF_PARAMS_PTR params, sftk_MACCtx *ctx, unsigned char *ret_buffer, size_t buffer_length, PRUint64 output_bitlen) ++kbkdf_PipelineRaw(const CK_SP800_108_KDF_PARAMS *params, sftk_MACCtx *ctx, unsigned char *ret_buffer, size_t buffer_length, PRUint64 output_bitlen) + { + CK_RV ret = CKR_OK; + +@@ -1109,31 +1109,17 @@ + return ret; + } + +-/* [ section: PKCS#11 entry ] */ +- +-CK_RV +-kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *prf_key, SFTKObject *ret_key, CK_ULONG ret_key_size) ++static CK_RV ++kbkdf_RawDispatch(CK_MECHANISM_TYPE mech, ++ const CK_SP800_108_KDF_PARAMS *kdf_params, ++ const CK_BYTE *initial_value, ++ CK_ULONG initial_value_length, ++ SFTKObject *prf_key, const unsigned char *prf_key_bytes, ++ unsigned int prf_key_length, unsigned char **out_key_bytes, ++ size_t *out_key_length, unsigned int *mac_size, ++ CK_ULONG ret_key_size) + { +- /* This handles boilerplate common to all KBKDF types. Instead of placing +- * this in pkcs11c.c, place it here to reduce clutter. */ +- + CK_RV ret; +- +- /* Assumptions about our calling environment. */ +- PR_ASSERT(pMechanism != NULL && prf_key != NULL && ret_key != NULL); +- +- /* Validate that the caller passed parameters. */ +- if (pMechanism->pParameter == NULL) { +- return CKR_MECHANISM_PARAM_INVALID; +- } +- +- /* Create a common set of parameters to use for all KDF types. This +- * separates out the KDF parameters from the Feedback-specific IV, +- * allowing us to use a common type for all calls. */ +- CK_SP800_108_KDF_PARAMS kdf_params = { 0 }; +- CK_BYTE_PTR initial_value = NULL; +- CK_ULONG initial_value_length = 0; +- + /* Context for our underlying PRF function. + * + * Zeroing context required unconditional call of sftk_MAC_Destroy. +@@ -1168,28 +1154,27 @@ + */ + PRUint64 output_bitlen = 0; + +- /* Split Feedback-specific IV from remaining KDF parameters. */ +- ret = kbkdf_LoadParameters(mech, pMechanism, &kdf_params, &initial_value, &initial_value_length); +- if (ret != CKR_OK) { +- goto finish; +- } +- + /* First validate our passed input parameters against PKCS#11 v3.0 + * and NIST SP800-108 requirements. */ +- ret = kbkdf_ValidateParameters(mech, &kdf_params, ret_key_size); ++ ret = kbkdf_ValidateParameters(mech, kdf_params, ret_key_size); + if (ret != CKR_OK) { + goto finish; + } + + /* Initialize the underlying PRF state. */ +- ret = sftk_MAC_Init(&ctx, kdf_params.prfType, prf_key); ++ if (prf_key) { ++ ret = sftk_MAC_Init(&ctx, kdf_params->prfType, prf_key); ++ } else { ++ ret = sftk_MAC_InitRaw(&ctx, kdf_params->prfType, prf_key_bytes, ++ prf_key_length, PR_TRUE); ++ } + if (ret != CKR_OK) { + goto finish; + } + + /* Compute the size of our output buffer based on passed parameters and + * the output size of the underlying PRF. */ +- ret = kbkdf_CalculateLength(&kdf_params, &ctx, ret_key_size, &output_bitlen, &buffer_length); ++ ret = kbkdf_CalculateLength(kdf_params, &ctx, ret_key_size, &output_bitlen, &buffer_length); + if (ret != CKR_OK) { + goto finish; + } +@@ -1205,15 +1190,15 @@ + switch (mech) { + case CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA: /* fall through */ + case CKM_SP800_108_COUNTER_KDF: +- ret = kbkdf_CounterRaw(&kdf_params, &ctx, output_buffer, buffer_length, output_bitlen); ++ ret = kbkdf_CounterRaw(kdf_params, &ctx, output_buffer, buffer_length, output_bitlen); + break; + case CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA: /* fall through */ + case CKM_SP800_108_FEEDBACK_KDF: +- ret = kbkdf_FeedbackRaw(&kdf_params, initial_value, initial_value_length, &ctx, output_buffer, buffer_length, output_bitlen); ++ ret = kbkdf_FeedbackRaw(kdf_params, initial_value, initial_value_length, &ctx, output_buffer, buffer_length, output_bitlen); + break; + case CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA: /* fall through */ + case CKM_SP800_108_DOUBLE_PIPELINE_KDF: +- ret = kbkdf_PipelineRaw(&kdf_params, &ctx, output_buffer, buffer_length, output_bitlen); ++ ret = kbkdf_PipelineRaw(kdf_params, &ctx, output_buffer, buffer_length, output_bitlen); + break; + default: + /* Shouldn't happen unless NIST introduces a new KBKDF type. */ +@@ -1226,8 +1211,65 @@ + goto finish; + } + ++ *out_key_bytes = output_buffer; ++ *out_key_length = buffer_length; ++ *mac_size = ctx.mac_size; ++ ++ output_buffer = NULL; /* returning the buffer, don't zero and free it */ ++ ++finish: ++ PORT_ZFree(output_buffer, buffer_length); ++ ++ /* Free the PRF. This should handle clearing all sensitive information. */ ++ sftk_MAC_Destroy(&ctx, PR_FALSE); ++ return ret; ++} ++ ++/* [ section: PKCS#11 entry ] */ ++ ++CK_RV ++kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *prf_key, SFTKObject *ret_key, CK_ULONG ret_key_size) ++{ ++ /* This handles boilerplate common to all KBKDF types. Instead of placing ++ * this in pkcs11c.c, place it here to reduce clutter. */ ++ ++ CK_RV ret; ++ ++ /* Assumptions about our calling environment. */ ++ PR_ASSERT(pMechanism != NULL && prf_key != NULL && ret_key != NULL); ++ ++ /* Validate that the caller passed parameters. */ ++ if (pMechanism->pParameter == NULL) { ++ return CKR_MECHANISM_PARAM_INVALID; ++ } ++ ++ /* Create a common set of parameters to use for all KDF types. This ++ * separates out the KDF parameters from the Feedback-specific IV, ++ * allowing us to use a common type for all calls. */ ++ CK_SP800_108_KDF_PARAMS kdf_params = { 0 }; ++ CK_BYTE_PTR initial_value = NULL; ++ CK_ULONG initial_value_length = 0; ++ unsigned char *output_buffer = NULL; ++ size_t buffer_length = 0; ++ unsigned int mac_size = 0; ++ ++ /* Split Feedback-specific IV from remaining KDF parameters. */ ++ ret = kbkdf_LoadParameters(mech, pMechanism, &kdf_params, &initial_value, &initial_value_length); ++ if (ret != CKR_OK) { ++ goto finish; ++ } ++ /* let rawDispatch handle the rest. We split this out so we could ++ * handle the POST test without accessing pkcs #11 objects. */ ++ ret = kbkdf_RawDispatch(mech, &kdf_params, initial_value, ++ initial_value_length, prf_key, NULL, 0, ++ &output_buffer, &buffer_length, &mac_size, ++ ret_key_size); ++ if (ret != CKR_OK) { ++ goto finish; ++ } ++ + /* Write the output of the PRF into the appropriate keys. */ +- ret = kbkdf_SaveKeys(mech, hSession, &kdf_params, output_buffer, buffer_length, ctx.mac_size, ret_key, ret_key_size); ++ ret = kbkdf_SaveKeys(mech, hSession, &kdf_params, output_buffer, buffer_length, mac_size, ret_key, ret_key_size); + if (ret != CKR_OK) { + goto finish; + } +@@ -1235,8 +1277,242 @@ + finish: + PORT_ZFree(output_buffer, buffer_length); + +- /* Free the PRF. This should handle clearing all sensitive information. */ +- sftk_MAC_Destroy(&ctx, PR_FALSE); +- + return ret; + } ++ ++struct sftk_SP800_Test_struct { ++ CK_MECHANISM_TYPE mech; ++ CK_SP800_108_KDF_PARAMS kdf_params; ++ unsigned int expected_mac_size; ++ unsigned int ret_key_length; ++ const unsigned char expected_key_bytes[64]; ++}; ++ ++static const CK_SP800_108_COUNTER_FORMAT counter_32 = { 0, 32 }; ++static const CK_PRF_DATA_PARAM counter_32_data = ++ { CK_SP800_108_ITERATION_VARIABLE, (CK_VOID_PTR)&counter_32, sizeof(counter_32) }; ++ ++#ifdef NSS_FULL_POST ++static const CK_SP800_108_COUNTER_FORMAT counter_16 = { 0, 16 }; ++static const CK_PRF_DATA_PARAM counter_16_data = ++ { CK_SP800_108_ITERATION_VARIABLE, (CK_VOID_PTR)&counter_16, sizeof(counter_16) }; ++static const CK_PRF_DATA_PARAM counter_null_data = ++ { CK_SP800_108_ITERATION_VARIABLE, NULL, 0 }; ++#endif ++ ++static const struct sftk_SP800_Test_struct sftk_SP800_Tests[] = ++ { ++#ifdef NSS_FULL_POST ++ { ++ CKM_SP800_108_COUNTER_KDF, ++ { CKM_AES_CMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_16_data, 0, NULL }, ++ 16, ++ 64, ++ { 0x7b, 0x1c, 0xe7, 0xf3, 0x14, 0x67, 0x15, 0xdd, ++ 0xde, 0x0c, 0x09, 0x46, 0x3f, 0x47, 0x7b, 0xa6, ++ 0xb8, 0xba, 0x40, 0x07, 0x7c, 0xe3, 0x19, 0x53, ++ 0x26, 0xac, 0x4c, 0x2e, 0x2b, 0x37, 0x41, 0xe4, ++ 0x1b, 0x01, 0x3f, 0x2f, 0x2d, 0x16, 0x95, 0xee, ++ 0xeb, 0x7e, 0x72, 0x7d, 0xa4, 0xab, 0x2e, 0x67, ++ 0x1d, 0xef, 0x6f, 0xa2, 0xc6, 0xee, 0x3c, 0xcf, ++ 0xef, 0x88, 0xfd, 0x5c, 0x1d, 0x7b, 0xa0, 0x5a }, ++ }, ++ { ++ CKM_SP800_108_COUNTER_KDF, ++ { CKM_SHA384_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_32_data, 0, NULL }, ++ 48, ++ 64, ++ { 0xe6, 0x62, 0xa4, 0x32, 0x5c, 0xe4, 0xc2, 0x28, ++ 0x73, 0x8a, 0x5d, 0x94, 0xe7, 0x05, 0xe0, 0x5a, ++ 0x71, 0x61, 0xb2, 0x3c, 0x51, 0x28, 0x03, 0x1d, ++ 0xa7, 0xf5, 0x10, 0x83, 0x34, 0xdb, 0x11, 0x73, ++ 0x92, 0xa6, 0x79, 0x74, 0x81, 0x5d, 0x22, 0x7e, ++ 0x8d, 0xf2, 0x59, 0x14, 0x56, 0x60, 0xcf, 0xb2, ++ 0xb3, 0xfd, 0x46, 0xfd, 0x9b, 0x74, 0xfe, 0x4a, ++ 0x09, 0x30, 0x4a, 0xdf, 0x07, 0x43, 0xfe, 0x85 }, ++ }, ++ { ++ CKM_SP800_108_COUNTER_KDF, ++ { CKM_SHA512_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_32_data, 0, NULL }, ++ 64, ++ 64, ++ { 0xb0, 0x78, 0x36, 0xe1, 0x15, 0xd6, 0xf0, 0xac, ++ 0x68, 0x7b, 0x42, 0xd3, 0xb6, 0x82, 0x51, 0xad, ++ 0x95, 0x0a, 0x69, 0x88, 0x84, 0xc2, 0x2e, 0x07, ++ 0x34, 0x62, 0x8d, 0x42, 0x72, 0x0f, 0x22, 0xe6, ++ 0xd5, 0x7f, 0x80, 0x15, 0xe6, 0x84, 0x00, 0x65, ++ 0xef, 0x64, 0x77, 0x29, 0xd6, 0x3b, 0xc7, 0x9a, ++ 0x15, 0x6d, 0x36, 0xf3, 0x96, 0xc9, 0x14, 0x3f, ++ 0x2d, 0x4a, 0x7c, 0xdb, 0xc3, 0x6c, 0x3d, 0x6a }, ++ }, ++ { ++ CKM_SP800_108_FEEDBACK_KDF, ++ { CKM_AES_CMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 16, ++ 64, ++ { 0xc0, 0xa0, 0x23, 0x96, 0x16, 0x4d, 0xd6, 0xbd, ++ 0x2a, 0x75, 0x8e, 0x72, 0xf5, 0xc3, 0xa0, 0xb8, ++ 0x78, 0x83, 0x15, 0x21, 0x34, 0xd3, 0xd8, 0x71, ++ 0xc9, 0xe7, 0x4b, 0x20, 0xb7, 0x65, 0x5b, 0x13, ++ 0xbc, 0x85, 0x54, 0xe3, 0xb6, 0xee, 0x73, 0xd5, ++ 0xf2, 0xa0, 0x94, 0x1a, 0x79, 0x66, 0x3b, 0x1e, ++ 0x67, 0x3e, 0x69, 0xa4, 0x12, 0x40, 0xa9, 0xda, ++ 0x8d, 0x14, 0xb1, 0xce, 0xf1, 0x4b, 0x79, 0x4e }, ++ }, ++ { ++ CKM_SP800_108_FEEDBACK_KDF, ++ { CKM_SHA256_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 32, ++ 64, ++ { 0x99, 0x9b, 0x08, 0x79, 0x14, 0x2e, 0x58, 0x34, ++ 0xd7, 0x92, 0xa7, 0x7e, 0x7f, 0xc2, 0xf0, 0x34, ++ 0xa3, 0x4e, 0x33, 0xf0, 0x63, 0x95, 0x2d, 0xad, ++ 0xbf, 0x3b, 0xcb, 0x6d, 0x4e, 0x07, 0xd9, 0xe9, ++ 0xbd, 0xbd, 0x77, 0x54, 0xe1, 0xa3, 0x36, 0x26, ++ 0xcd, 0xb1, 0xf9, 0x2d, 0x80, 0x68, 0xa2, 0x01, ++ 0x4e, 0xbf, 0x35, 0xec, 0x65, 0xae, 0xfd, 0x71, ++ 0xa6, 0xd7, 0x62, 0x26, 0x2c, 0x3f, 0x73, 0x63 }, ++ }, ++ { ++ CKM_SP800_108_FEEDBACK_KDF, ++ { CKM_SHA384_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 48, ++ 64, ++ { 0xc8, 0x7a, 0xf8, 0xd9, 0x6b, 0x90, 0x82, 0x35, ++ 0xea, 0xf5, 0x2c, 0x8f, 0xce, 0xaa, 0x3b, 0xa5, ++ 0x68, 0xd3, 0x7f, 0xae, 0x31, 0x93, 0xe6, 0x69, ++ 0x0c, 0xd1, 0x74, 0x7f, 0x8f, 0xc2, 0xe2, 0x33, ++ 0x93, 0x45, 0x23, 0xba, 0xb3, 0x73, 0xc9, 0x2c, ++ 0xd6, 0xd2, 0x10, 0x16, 0xe9, 0x9f, 0x9e, 0xe8, ++ 0xc1, 0x0e, 0x29, 0x95, 0x3d, 0x16, 0x68, 0x24, ++ 0x40, 0x4d, 0x40, 0x21, 0x41, 0xa6, 0xc8, 0xdb }, ++ }, ++ { ++ CKM_SP800_108_FEEDBACK_KDF, ++ { CKM_SHA512_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 64, ++ 64, ++ { 0x81, 0x39, 0x12, 0xc2, 0xf9, 0x31, 0x24, 0x7c, ++ 0x71, 0x12, 0x97, 0x08, 0x82, 0x76, 0x83, 0x55, ++ 0x8c, 0x82, 0xf3, 0x09, 0xd6, 0x1b, 0x7a, 0xa2, ++ 0x6e, 0x71, 0x6b, 0xad, 0x46, 0x57, 0x60, 0x89, ++ 0x38, 0xcf, 0x63, 0xfa, 0xf4, 0x38, 0x27, 0xef, ++ 0xf0, 0xaf, 0x75, 0x4e, 0xc2, 0xe0, 0x31, 0xdb, ++ 0x59, 0x7d, 0x19, 0xc9, 0x6d, 0xbb, 0xed, 0x95, ++ 0xaf, 0x3e, 0xd8, 0x33, 0x76, 0xab, 0xec, 0xfa }, ++ }, ++ { ++ CKM_SP800_108_DOUBLE_PIPELINE_KDF, ++ { CKM_AES_CMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 16, ++ 64, ++ { 0x3e, 0xa8, 0xbf, 0x77, 0x84, 0x90, 0xb0, 0x3a, ++ 0x89, 0x16, 0x32, 0x01, 0x92, 0xd3, 0x1f, 0x1b, ++ 0xc1, 0x06, 0xc5, 0x32, 0x62, 0x03, 0x50, 0x16, ++ 0x3b, 0xb9, 0xa7, 0xdc, 0xb5, 0x68, 0x6a, 0xbb, ++ 0xbb, 0x7d, 0x63, 0x69, 0x24, 0x6e, 0x09, 0xd6, ++ 0x6f, 0x80, 0x57, 0x65, 0xc5, 0x62, 0x33, 0x96, ++ 0x69, 0xe6, 0xab, 0x65, 0x36, 0xd0, 0xe2, 0x5c, ++ 0xd7, 0xbd, 0xe4, 0x68, 0x13, 0xd6, 0xb1, 0x46 }, ++ }, ++ { ++ CKM_SP800_108_DOUBLE_PIPELINE_KDF, ++ { CKM_SHA256_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 32, ++ 64, ++ { 0xeb, 0x28, 0xd9, 0x2c, 0x19, 0x33, 0xb9, 0x2a, ++ 0xf9, 0xac, 0x85, 0xbd, 0xf4, 0xdb, 0xfa, 0x88, ++ 0x73, 0xf4, 0x36, 0x08, 0xdb, 0xfe, 0x13, 0xd1, ++ 0x5a, 0xec, 0x7b, 0x68, 0x13, 0x53, 0xb3, 0xd1, ++ 0x31, 0xf2, 0x83, 0xae, 0x9f, 0x75, 0x47, 0xb6, ++ 0x6d, 0x3c, 0x20, 0x16, 0x47, 0x9c, 0x27, 0x66, ++ 0xec, 0xa9, 0xdf, 0x0c, 0xda, 0x2a, 0xf9, 0xf4, ++ 0x55, 0x74, 0xde, 0x9d, 0x3f, 0xe3, 0x5e, 0x14 }, ++ }, ++ { ++ CKM_SP800_108_DOUBLE_PIPELINE_KDF, ++ { CKM_SHA384_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 48, ++ 64, ++ { 0xa5, 0xca, 0x32, 0x40, 0x00, 0x93, 0xb2, 0xcc, ++ 0x78, 0x3c, 0xa6, 0xc4, 0xaf, 0xa8, 0xb3, 0xd0, ++ 0xa4, 0x6b, 0xb5, 0x31, 0x35, 0x87, 0x33, 0xa2, ++ 0x6a, 0x6b, 0xe1, 0xff, 0xea, 0x1d, 0x6e, 0x9e, ++ 0x0b, 0xde, 0x8b, 0x92, 0x15, 0xd6, 0x56, 0x2f, ++ 0xb6, 0x1a, 0xd7, 0xd2, 0x01, 0x3e, 0x28, 0x2e, ++ 0xfa, 0x84, 0x3c, 0xc0, 0xe8, 0xbe, 0x94, 0xc0, ++ 0x06, 0xbd, 0xbf, 0x87, 0x1f, 0xb8, 0x64, 0xc2 }, ++ }, ++ { ++ CKM_SP800_108_DOUBLE_PIPELINE_KDF, ++ { CKM_SHA512_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_null_data, 0, NULL }, ++ 64, ++ 64, ++ { 0x3f, 0xd9, 0x4e, 0x80, 0x58, 0x21, 0xc8, 0xea, ++ 0x22, 0x17, 0xcf, 0x7d, 0xce, 0xfd, 0xec, 0x03, ++ 0xb9, 0xe4, 0xa2, 0xf7, 0xc0, 0xf1, 0x68, 0x81, ++ 0x53, 0x71, 0xb7, 0x42, 0x14, 0x4e, 0x5b, 0x09, ++ 0x05, 0x31, 0xb9, 0x27, 0x18, 0x2d, 0x23, 0xf8, ++ 0x9c, 0x3d, 0x4e, 0xd0, 0xdd, 0xf3, 0x1e, 0x4b, ++ 0xf2, 0xf9, 0x1a, 0x5d, 0x00, 0x66, 0x22, 0x83, ++ 0xae, 0x3c, 0x53, 0xd2, 0x54, 0x4b, 0x06, 0x4c }, ++ }, ++#endif ++ { ++ CKM_SP800_108_COUNTER_KDF, ++ { CKM_SHA256_HMAC, 1, (CK_PRF_DATA_PARAM_PTR)&counter_32_data, 0, NULL }, ++ 32, ++ 64, ++ { 0xfb, 0x2b, 0xb5, 0xde, 0xce, 0x5a, 0x2b, 0xdc, ++ 0x25, 0x8f, 0x54, 0x17, 0x4b, 0x5a, 0xa7, 0x90, ++ 0x64, 0x36, 0xeb, 0x43, 0x1f, 0x1d, 0xf9, 0x23, ++ 0xb2, 0x22, 0x29, 0xa0, 0xfa, 0x2e, 0x21, 0xb6, ++ 0xb7, 0xfb, 0x27, 0x0a, 0x1c, 0xa6, 0x58, 0x43, ++ 0xa1, 0x16, 0x44, 0x29, 0x4b, 0x1c, 0xb3, 0x72, ++ 0xd5, 0x98, 0x9d, 0x27, 0xd5, 0x75, 0x25, 0xbf, ++ 0x23, 0x61, 0x40, 0x48, 0xbb, 0x0b, 0x49, 0x8e }, ++ } ++ }; ++ ++SECStatus ++sftk_fips_SP800_108_PowerUpSelfTests(void) ++{ ++ int i; ++ CK_RV crv; ++ ++ const unsigned char prf_key[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, ++ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, ++ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, ++ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, ++ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, ++ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78 ++ }; ++ for (i = 0; i < PR_ARRAY_SIZE(sftk_SP800_Tests); i++) { ++ const struct sftk_SP800_Test_struct *test = &sftk_SP800_Tests[i]; ++ unsigned char *output_buffer; ++ size_t buffer_length; ++ unsigned int mac_size; ++ ++ crv = kbkdf_RawDispatch(test->mech, &test->kdf_params, ++ prf_key, test->expected_mac_size, ++ NULL, prf_key, test->expected_mac_size, ++ &output_buffer, &buffer_length, &mac_size, ++ test->ret_key_length); ++ if (crv != CKR_OK) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return SECFailure; ++ } ++ if ((mac_size != test->expected_mac_size) || ++ (buffer_length != test->ret_key_length) || ++ (output_buffer == NULL) || ++ (PORT_Memcmp(output_buffer, test->expected_key_bytes, buffer_length) != 0)) { ++ PORT_ZFree(output_buffer, buffer_length); ++ return SECFailure; ++ } ++ PORT_ZFree(output_buffer, buffer_length); ++ } ++ return SECSuccess; ++} +diff --git a/lib/softoken/lowpbe.h b/lib/softoken/lowpbe.h +--- a/lib/softoken/lowpbe.h ++++ b/lib/softoken/lowpbe.h +@@ -103,6 +103,10 @@ + HASH_HashType HASH_FromHMACOid(SECOidTag oid); + SECOidTag HASH_HMACOidFromHash(HASH_HashType); + ++/* fips selftest */ ++extern SECStatus ++sftk_fips_pbkdf_PowerUpSelfTests(void); ++ + SEC_END_PROTOS + + #endif +diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c +--- a/lib/softoken/lowpbe.c ++++ b/lib/softoken/lowpbe.c +@@ -1743,3 +1743,67 @@ + + return ret_algid; + } ++ ++#define TEST_KEY "pbkdf test key" ++SECStatus ++sftk_fips_pbkdf_PowerUpSelfTests(void) ++{ ++ SECItem *result; ++ SECItem inKey; ++ NSSPKCS5PBEParameter pbe_params; ++ unsigned char iteration_count = 5; ++ unsigned char keyLen = 64; ++ char *inKeyData = TEST_KEY; ++ static const unsigned char saltData[] = ++ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; ++ static const unsigned char pbkdf_known_answer[] = { ++ 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29, ++ 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c, ++ 0x28, 0x59, 0x8b, 0x5c, 0xd8, 0xd4, 0x02, 0x37, ++ 0x18, 0x22, 0xc1, 0x92, 0xd0, 0xfa, 0x72, 0x90, ++ 0x2c, 0x8d, 0x19, 0xd4, 0x56, 0xfb, 0x16, 0xfa, ++ 0x8d, 0x5c, 0x06, 0x33, 0xd1, 0x5f, 0x17, 0xb1, ++ 0x22, 0xd9, 0x9c, 0xaf, 0x5e, 0x3f, 0xf3, 0x66, ++ 0xc6, 0x14, 0xfe, 0x83, 0xfa, 0x1a, 0x2a, 0xc5 ++ }; ++ ++ sftk_PBELockInit(); ++ ++ inKey.data = (unsigned char *)inKeyData; ++ inKey.len = sizeof(TEST_KEY) - 1; ++ ++ pbe_params.salt.data = (unsigned char *)saltData; ++ pbe_params.salt.len = sizeof(saltData); ++ /* the interation and keyLength are used as intermediate ++ * values when decoding the Algorithm ID, set them for completeness, ++ * but they are not used */ ++ pbe_params.iteration.data = &iteration_count; ++ pbe_params.iteration.len = 1; ++ pbe_params.keyLength.data = &keyLen; ++ pbe_params.keyLength.len = 1; ++ /* pkcs5v2 stores the key in the AlgorithmID, so we don't need to ++ * generate it here */ ++ pbe_params.ivLen = 0; ++ pbe_params.ivData = NULL; ++ /* keyID is only used by pkcs12 extensions to pkcs5v1 */ ++ pbe_params.keyID = pbeBitGenCipherKey; ++ /* Algorithm is used by the decryption code after get get our key */ ++ pbe_params.encAlg = SEC_OID_AES_256_CBC; ++ /* these are the fields actually used in nsspkcs5_ComputeKeyAndIV ++ * for NSSPKCS5_PBKDF2 */ ++ pbe_params.iter = iteration_count; ++ pbe_params.keyLen = keyLen; ++ pbe_params.hashType = HASH_AlgSHA256; ++ pbe_params.pbeType = NSSPKCS5_PBKDF2; ++ pbe_params.is2KeyDES = PR_FALSE; ++ ++ result = nsspkcs5_ComputeKeyAndIV(&pbe_params, &inKey, NULL, PR_FALSE); ++ if ((result == NULL) || (result->len != sizeof(pbkdf_known_answer)) || ++ (PORT_Memcmp(result->data, pbkdf_known_answer, sizeof(pbkdf_known_answer)) != 0)) { ++ SECITEM_FreeItem(result, PR_TRUE); ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return SECFailure; ++ } ++ SECITEM_FreeItem(result, PR_TRUE); ++ return SECSuccess; ++} +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -6856,9 +6856,9 @@ + + CK_RV + sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_SESSION_HANDLE hSession, +- SFTKObject *sourceKey, unsigned char *sourceKeyBytes, +- int sourceKeyLen, SFTKObject *key, int keySize, +- PRBool canBeData, PRBool isFIPS) ++ SFTKObject *sourceKey, const unsigned char *sourceKeyBytes, ++ int sourceKeyLen, SFTKObject *key, unsigned char *outKeyBytes, ++ int keySize, PRBool canBeData, PRBool isFIPS) + { + SFTKSession *session; + SFTKAttribute *saltKey_att = NULL; +@@ -6869,9 +6869,9 @@ + unsigned char keyBlock[9 * SFTK_MAX_MAC_LENGTH]; + unsigned char *keyBlockAlloc = NULL; /* allocated keyBlock */ + unsigned char *keyBlockData = keyBlock; /* pointer to current keyBlock */ +- unsigned char *prk; /* psuedo-random key */ ++ const unsigned char *prk; /* psuedo-random key */ + CK_ULONG prkLen; +- unsigned char *okm; /* output keying material */ ++ const unsigned char *okm; /* output keying material */ + HASH_HashType hashType = GetHashTypeFromMechanism(params->prfHashMechanism); + SFTKObject *saltKey = NULL; + CK_RV crv = CKR_OK; +@@ -6896,9 +6896,14 @@ + (params->bExpand && keySize > 255 * hashLen)) { + return CKR_TEMPLATE_INCONSISTENT; + } +- crv = sftk_DeriveSensitiveCheck(sourceKey, key, canBeData); +- if (crv != CKR_OK) +- return crv; ++ ++ /* sourceKey is NULL if we are called from the POST, skip the ++ * sensitiveCheck */ ++ if (sourceKey != NULL) { ++ crv = sftk_DeriveSensitiveCheck(sourceKey, key, canBeData); ++ if (crv != CKR_OK) ++ return crv; ++ } + + /* HKDF-Extract(salt, base key value) */ + if (params->bExtract) { +@@ -7014,9 +7019,15 @@ + HMAC_Destroy(hmac, PR_TRUE); + okm = &keyBlockData[0]; + } +- /* key material = prk */ +- crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize); +- PORT_Memset(okm, 0, genLen); ++ /* key material = okm */ ++ crv = CKR_OK; ++ if (key) { ++ crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize); ++ } else { ++ PORT_Assert(outKeyBytes != NULL); ++ PORT_Memcpy(outKeyBytes, okm, keySize); ++ } ++ PORT_Memset(keyBlockData, 0, genLen); + PORT_Memset(hashbuf, 0, sizeof(hashbuf)); + PORT_Free(keyBlockAlloc); + return CKR_OK; +@@ -8568,7 +8579,7 @@ + + crv = sftk_HKDF(&hkdfParams, hSession, sourceKey, + att->attrib.pValue, att->attrib.ulValueLen, +- key, keySize, PR_FALSE, isFIPS); ++ key, NULL, keySize, PR_FALSE, isFIPS); + } break; + case CKM_HKDF_DERIVE: + case CKM_HKDF_DATA: /* only difference is the class of key */ +@@ -8579,7 +8590,7 @@ + } + crv = sftk_HKDF((CK_HKDF_PARAMS_PTR)pMechanism->pParameter, + hSession, sourceKey, att->attrib.pValue, +- att->attrib.ulValueLen, key, keySize, PR_TRUE, ++ att->attrib.ulValueLen, key, NULL, keySize, PR_TRUE, + isFIPS); + break; + case CKM_NSS_JPAKE_ROUND2_SHA1: +diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h +--- a/lib/softoken/pkcs11i.h ++++ b/lib/softoken/pkcs11i.h +@@ -900,7 +900,7 @@ + CK_RV sftk_MAC_Create(CK_MECHANISM_TYPE mech, SFTKObject *key, sftk_MACCtx **ret_ctx); + CK_RV sftk_MAC_Init(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, SFTKObject *key); + CK_RV sftk_MAC_InitRaw(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, const unsigned char *key, unsigned int key_len, PRBool isFIPS); +-CK_RV sftk_MAC_Update(sftk_MACCtx *ctx, CK_BYTE_PTR data, unsigned int data_len); ++CK_RV sftk_MAC_Update(sftk_MACCtx *ctx, const CK_BYTE *data, unsigned int data_len); + CK_RV sftk_MAC_Finish(sftk_MACCtx *ctx, CK_BYTE_PTR result, unsigned int *result_len, unsigned int max_result_len); + CK_RV sftk_MAC_Reset(sftk_MACCtx *ctx); + void sftk_MAC_Destroy(sftk_MACCtx *ctx, PRBool free_it); +@@ -912,6 +912,15 @@ + + /* NIST 800-108 (kbkdf.c) implementations */ + extern CK_RV kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *base_key, SFTKObject *ret_key, CK_ULONG keySize); ++extern SECStatus sftk_fips_SP800_108_PowerUpSelfTests(void); ++ ++/* export the HKDF function for use in PowerupSelfTests */ ++CK_RV sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_SESSION_HANDLE hSession, ++ SFTKObject *sourceKey, const unsigned char *sourceKeyBytes, ++ int sourceKeyLen, SFTKObject *key, ++ unsigned char *outKeyBytes, int keySize, ++ PRBool canBeData, PRBool isFIPS); ++ + char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args); + + /* dh verify functions */ +diff --git a/lib/softoken/sftkhmac.c b/lib/softoken/sftkhmac.c +--- a/lib/softoken/sftkhmac.c ++++ b/lib/softoken/sftkhmac.c +@@ -355,7 +355,7 @@ + } + + CK_RV +-sftk_MAC_Update(sftk_MACCtx *ctx, CK_BYTE_PTR data, unsigned int data_len) ++sftk_MAC_Update(sftk_MACCtx *ctx, const CK_BYTE *data, unsigned int data_len) + { + switch (ctx->mech) { + case CKM_MD2_HMAC: +diff --git a/lib/softoken/sftkike.c b/lib/softoken/sftkike.c +--- a/lib/softoken/sftkike.c ++++ b/lib/softoken/sftkike.c +@@ -855,10 +855,12 @@ + * K = inKey, S = seedKey | seedData + */ + +-CK_RV +-sftk_ike_prf_plus(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey, +- const CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS *params, SFTKObject *outKey, +- unsigned int keySize) ++static CK_RV ++sftk_ike_prf_plus_raw(CK_SESSION_HANDLE hSession, ++ const unsigned char *inKeyData, CK_ULONG inKeyLen, ++ const CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS *params, ++ unsigned char **outKeyDataPtr, unsigned int *outKeySizePtr, ++ unsigned int keySize) + { + SFTKAttribute *seedValue = NULL; + SFTKObject *seedKeyObj = NULL; +@@ -924,8 +926,7 @@ + crv = CKR_KEY_SIZE_RANGE; + goto fail; + } +- crv = prf_init(&context, inKey->attrib.pValue, +- inKey->attrib.ulValueLen); ++ crv = prf_init(&context, inKeyData, inKeyLen); + if (crv != CKR_OK) { + goto fail; + } +@@ -964,7 +965,9 @@ + lastKey = thisKey; + thisKey += macSize; + } +- crv = sftk_forceAttribute(outKey, CKA_VALUE, outKeyData, keySize); ++ *outKeyDataPtr = outKeyData; ++ *outKeySizePtr = outKeySize; ++ outKeyData = NULL; /* don't free it here, our caller will free it */ + fail: + if (outKeyData) { + PORT_ZFree(outKeyData, outKeySize); +@@ -979,6 +982,30 @@ + return crv; + } + ++/* ++ * ike prf + with code to deliever results tosoftoken objects. ++ */ ++CK_RV ++sftk_ike_prf_plus(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey, ++ const CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS *params, SFTKObject *outKey, ++ unsigned int keySize) ++{ ++ unsigned char *outKeyData = NULL; ++ unsigned int outKeySize; ++ CK_RV crv; ++ ++ crv = sftk_ike_prf_plus_raw(hSession, inKey->attrib.pValue, ++ inKey->attrib.ulValueLen, params, ++ &outKeyData, &outKeySize, keySize); ++ if (crv != CKR_OK) { ++ return crv; ++ } ++ ++ crv = sftk_forceAttribute(outKey, CKA_VALUE, outKeyData, keySize); ++ PORT_ZFree(outKeyData, outKeySize); ++ return crv; ++} ++ + /* sftk_aes_xcbc_new_keys: + * + * aes xcbc creates 3 new keys from the input key. The first key will be the +@@ -1294,7 +1321,21 @@ + 0x7f, 0x6f, 0x77, 0x2e, 0x5d, 0x65, 0xb5, 0x8e, + 0xb1, 0x13, 0x40, 0x96, 0xe8, 0x47, 0x8d, 0x2b + }; ++ static const PRUint8 ike_known_sha256_prf_plus[] = { ++ 0xe6, 0xf1, 0x9b, 0x4a, 0x02, 0xe9, 0x73, 0x72, ++ 0x93, 0x9f, 0xdb, 0x46, 0x1d, 0xb1, 0x49, 0xcb, ++ 0x53, 0x08, 0x98, 0x3d, 0x41, 0x36, 0xfa, 0x8b, ++ 0x47, 0x04, 0x49, 0x11, 0x0d, 0x6e, 0x96, 0x1d, ++ 0xab, 0xbe, 0x94, 0x28, 0xa0, 0xb7, 0x9c, 0xa3, ++ 0x29, 0xe1, 0x40, 0xf8, 0xf8, 0x88, 0xb9, 0xb5, ++ 0x40, 0xd4, 0x54, 0x4d, 0x25, 0xab, 0x94, 0xd4, ++ 0x98, 0xd8, 0x00, 0xbf, 0x6f, 0xef, 0xe8, 0x39 ++ }; + SECStatus rv; ++ CK_RV crv; ++ unsigned char *outKeyData = NULL; ++ unsigned int outKeySize; ++ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS ike_params; + + rv = prf_test(CKM_AES_XCBC_MAC, + ike_xcbc_known_key, sizeof(ike_xcbc_known_key), +@@ -1345,5 +1386,23 @@ + ike_sha512_known_plain_text, + sizeof(ike_sha512_known_plain_text), + ike_sha512_known_mac, sizeof(ike_sha512_known_mac)); ++ ++ ike_params.prfMechanism = CKM_SHA256_HMAC; ++ ike_params.bHasSeedKey = PR_FALSE; ++ ike_params.hSeedKey = CK_INVALID_HANDLE; ++ ike_params.pSeedData = (CK_BYTE_PTR)ike_sha256_known_plain_text; ++ ike_params.ulSeedDataLen = sizeof(ike_sha256_known_plain_text); ++ crv = sftk_ike_prf_plus_raw(CK_INVALID_HANDLE, ike_sha256_known_key, ++ sizeof(ike_sha256_known_key), &ike_params, ++ &outKeyData, &outKeySize, 64); ++ if ((crv != CKR_OK) || ++ (outKeySize != sizeof(ike_known_sha256_prf_plus)) || ++ (PORT_Memcmp(outKeyData, ike_known_sha256_prf_plus, ++ sizeof(ike_known_sha256_prf_plus)) != 0)) { ++ PORT_ZFree(outKeyData, outKeySize); ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return SECFailure; ++ } ++ PORT_ZFree(outKeyData, outKeySize); + return rv; + } + diff --git a/SOURCES/nss-3.53.1-constant-time-p384.patch b/SOURCES/nss-3.53.1-constant-time-p384.patch new file mode 100644 index 0000000..1f4385f --- /dev/null +++ b/SOURCES/nss-3.53.1-constant-time-p384.patch @@ -0,0 +1,19783 @@ + +# HG changeset patch +# User Billy Brumley +# Date 1594909956 0 +# Node ID e55ab3145546ae3cf1333b43956a974675d2d25c +# Parent 688d2a7257586ba8ca7febe46e6ae43c4c1fe04e +Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea + +This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: + +[ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. + +Co-authored-by: Luis Rivera-Zamarripa +Co-authored-by: Jesús-Javier Chi-Domínguez + +Differential Revision: https://phabricator.services.mozilla.com/D79267 + +diff --git a/lib/freebl/ecl/ecl-priv.h b/lib/freebl/ecl/ecl-priv.h +--- a/lib/freebl/ecl/ecl-priv.h ++++ b/lib/freebl/ecl/ecl-priv.h +@@ -240,11 +240,12 @@ mp_err ec_group_set_gfp256(ECGroup *grou + mp_err ec_group_set_gfp384(ECGroup *group, ECCurveName); + mp_err ec_group_set_gfp521(ECGroup *group, ECCurveName); + mp_err ec_group_set_gf2m163(ECGroup *group, ECCurveName name); + mp_err ec_group_set_gf2m193(ECGroup *group, ECCurveName name); + mp_err ec_group_set_gf2m233(ECGroup *group, ECCurveName name); + + /* Optimized point multiplication */ + mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name); ++mp_err ec_group_set_secp384r1(ECGroup *group, ECCurveName name); + + SECStatus ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p); + #endif /* __ecl_priv_h_ */ +diff --git a/lib/freebl/ecl/ecl.c b/lib/freebl/ecl/ecl.c +--- a/lib/freebl/ecl/ecl.c ++++ b/lib/freebl/ecl/ecl.c +@@ -159,16 +159,26 @@ construct_ecgroup(const ECCurveName name + &order, cofactor); + if (group == NULL) { + res = MP_UNDEF; + goto CLEANUP; + } + MP_CHECKOK(ec_group_set_gfp256(group, name)); + MP_CHECKOK(ec_group_set_gfp256_32(group, name)); + break; ++ case ECCurve_SECG_PRIME_384R1: ++ group = ++ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, ++ &order, cofactor); ++ if (group == NULL) { ++ res = MP_UNDEF; ++ goto CLEANUP; ++ } ++ MP_CHECKOK(ec_group_set_secp384r1(group, name)); ++ break; + case ECCurve_SECG_PRIME_521R1: + group = + ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, + &order, cofactor); + if (group == NULL) { + res = MP_UNDEF; + goto CLEANUP; + } +diff --git a/lib/freebl/ecl/ecp_secp384r1.c b/lib/freebl/ecl/ecp_secp384r1.c +new file mode 100644 +--- /dev/null ++++ b/lib/freebl/ecl/ecp_secp384r1.c +@@ -0,0 +1,19668 @@ ++/* Autogenerated: ECCKiila https://gitlab.com/nisec/ecckiila */ ++/*- ++ * MIT License ++ * ++ * Copyright (c) 2020 Luis Rivera-Zamarripa, Jesús-Javier Chi-Domínguez, Billy Bob Brumley ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in all ++ * copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++#if defined(__SIZEOF_INT128__) && !defined(PEDANTIC) ++ ++#include ++#include ++#define LIMB_BITS 64 ++#define LIMB_CNT 6 ++/* Field elements */ ++typedef uint64_t fe_t[LIMB_CNT]; ++typedef uint64_t limb_t; ++ ++#define fe_copy(d, s) memcpy(d, s, sizeof(fe_t)) ++#define fe_set_zero(d) memset(d, 0, sizeof(fe_t)) ++ ++/* Projective points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++ fe_t Z; ++} pt_prj_t; ++ ++/* Affine points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++} pt_aff_t; ++ ++/* BEGIN verbatim fiat code https://github.com/mit-plv/fiat-crypto */ ++/*- ++ * MIT License ++ * ++ * Copyright (c) 2020 the fiat-crypto authors (see the AUTHORS file) ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++ ++/* Autogenerated: word_by_word_montgomery --static secp384r1 64 '2^384 - 2^128 - 2^96 + 2^32 - 1' */ ++/* curve description: secp384r1 */ ++/* machine_wordsize = 64 (from "64") */ ++/* requested operations: (all) */ ++/* m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1") */ ++/* */ ++/* NOTE: In addition to the bounds specified above each function, all */ ++/* functions synthesized for this Montgomery arithmetic require the */ ++/* input to be strictly less than the prime modulus (m), and also */ ++/* require the input to be in the unique saturated representation. */ ++/* All functions also ensure that these two properties are true of */ ++/* return values. */ ++/* */ ++/* Computed values: */ ++/* eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) */ ++/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) */ ++ ++#include ++typedef unsigned char fiat_secp384r1_uint1; ++typedef signed char fiat_secp384r1_int1; ++typedef signed __int128 fiat_secp384r1_int128; ++typedef unsigned __int128 fiat_secp384r1_uint128; ++ ++#if (-1 & 3) != 3 ++#error "This code only works on a two's complement system" ++#endif ++ ++/* ++ * The function fiat_secp384r1_addcarryx_u64 is an addition with carry. ++ * Postconditions: ++ * out1 = (arg1 + arg2 + arg3) mod 2^64 ++ * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffffffffffff] ++ * arg3: [0x0 ~> 0xffffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffffffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp384r1_addcarryx_u64(uint64_t *out1, ++ fiat_secp384r1_uint1 *out2, ++ fiat_secp384r1_uint1 arg1, ++ uint64_t arg2, uint64_t arg3) ++{ ++ fiat_secp384r1_uint128 x1; ++ uint64_t x2; ++ fiat_secp384r1_uint1 x3; ++ x1 = ((arg1 + (fiat_secp384r1_uint128)arg2) + arg3); ++ x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); ++ x3 = (fiat_secp384r1_uint1)(x1 >> 64); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp384r1_subborrowx_u64 is a subtraction with borrow. ++ * Postconditions: ++ * out1 = (-arg1 + arg2 + -arg3) mod 2^64 ++ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffffffffffff] ++ * arg3: [0x0 ~> 0xffffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffffffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp384r1_subborrowx_u64(uint64_t *out1, ++ fiat_secp384r1_uint1 *out2, ++ fiat_secp384r1_uint1 arg1, ++ uint64_t arg2, uint64_t arg3) ++{ ++ fiat_secp384r1_int128 x1; ++ fiat_secp384r1_int1 x2; ++ uint64_t x3; ++ x1 = ((arg2 - (fiat_secp384r1_int128)arg1) - arg3); ++ x2 = (fiat_secp384r1_int1)(x1 >> 64); ++ x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); ++ *out1 = x3; ++ *out2 = (fiat_secp384r1_uint1)(0x0 - x2); ++} ++ ++/* ++ * The function fiat_secp384r1_mulx_u64 is a multiplication, returning the full double-width result. ++ * Postconditions: ++ * out1 = (arg1 * arg2) mod 2^64 ++ * out2 = ⌊arg1 * arg2 / 2^64⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0xffffffffffffffff] ++ * arg2: [0x0 ~> 0xffffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffffffffffff] ++ * out2: [0x0 ~> 0xffffffffffffffff] ++ */ ++static void ++fiat_secp384r1_mulx_u64(uint64_t *out1, uint64_t *out2, ++ uint64_t arg1, uint64_t arg2) ++{ ++ fiat_secp384r1_uint128 x1; ++ uint64_t x2; ++ uint64_t x3; ++ x1 = ((fiat_secp384r1_uint128)arg1 * arg2); ++ x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); ++ x3 = (uint64_t)(x1 >> 64); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp384r1_cmovznz_u64 is a single-word conditional move. ++ * Postconditions: ++ * out1 = (if arg1 = 0 then arg2 else arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffffffffffff] ++ * arg3: [0x0 ~> 0xffffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffffffffffff] ++ */ ++static void ++fiat_secp384r1_cmovznz_u64(uint64_t *out1, ++ fiat_secp384r1_uint1 arg1, uint64_t arg2, ++ uint64_t arg3) ++{ ++ fiat_secp384r1_uint1 x1; ++ uint64_t x2; ++ uint64_t x3; ++ x1 = (!(!arg1)); ++ x2 = ((fiat_secp384r1_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); ++ x3 = ((x2 & arg3) | ((~x2) & arg2)); ++ *out1 = x3; ++} ++ ++/* ++ * The function fiat_secp384r1_mul multiplies two field elements in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * 0 ≤ eval arg2 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_mul(uint64_t out1[6], const uint64_t arg1[6], ++ const uint64_t arg2[6]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ uint64_t x17; ++ uint64_t x18; ++ uint64_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint64_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint64_t x23; ++ fiat_secp384r1_uint1 x24; ++ uint64_t x25; ++ fiat_secp384r1_uint1 x26; ++ uint64_t x27; ++ fiat_secp384r1_uint1 x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint64_t x32; ++ uint64_t x33; ++ uint64_t x34; ++ uint64_t x35; ++ uint64_t x36; ++ uint64_t x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint64_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ fiat_secp384r1_uint1 x45; ++ uint64_t x46; ++ fiat_secp384r1_uint1 x47; ++ uint64_t x48; ++ fiat_secp384r1_uint1 x49; ++ uint64_t x50; ++ fiat_secp384r1_uint1 x51; ++ uint64_t x52; ++ fiat_secp384r1_uint1 x53; ++ uint64_t x54; ++ uint64_t x55; ++ fiat_secp384r1_uint1 x56; ++ uint64_t x57; ++ fiat_secp384r1_uint1 x58; ++ uint64_t x59; ++ fiat_secp384r1_uint1 x60; ++ uint64_t x61; ++ fiat_secp384r1_uint1 x62; ++ uint64_t x63; ++ fiat_secp384r1_uint1 x64; ++ uint64_t x65; ++ fiat_secp384r1_uint1 x66; ++ uint64_t x67; ++ fiat_secp384r1_uint1 x68; ++ uint64_t x69; ++ uint64_t x70; ++ uint64_t x71; ++ uint64_t x72; ++ uint64_t x73; ++ uint64_t x74; ++ uint64_t x75; ++ uint64_t x76; ++ uint64_t x77; ++ uint64_t x78; ++ uint64_t x79; ++ uint64_t x80; ++ uint64_t x81; ++ fiat_secp384r1_uint1 x82; ++ uint64_t x83; ++ fiat_secp384r1_uint1 x84; ++ uint64_t x85; ++ fiat_secp384r1_uint1 x86; ++ uint64_t x87; ++ fiat_secp384r1_uint1 x88; ++ uint64_t x89; ++ fiat_secp384r1_uint1 x90; ++ uint64_t x91; ++ uint64_t x92; ++ fiat_secp384r1_uint1 x93; ++ uint64_t x94; ++ fiat_secp384r1_uint1 x95; ++ uint64_t x96; ++ fiat_secp384r1_uint1 x97; ++ uint64_t x98; ++ fiat_secp384r1_uint1 x99; ++ uint64_t x100; ++ fiat_secp384r1_uint1 x101; ++ uint64_t x102; ++ fiat_secp384r1_uint1 x103; ++ uint64_t x104; ++ fiat_secp384r1_uint1 x105; ++ uint64_t x106; ++ uint64_t x107; ++ uint64_t x108; ++ uint64_t x109; ++ uint64_t x110; ++ uint64_t x111; ++ uint64_t x112; ++ uint64_t x113; ++ uint64_t x114; ++ uint64_t x115; ++ uint64_t x116; ++ uint64_t x117; ++ uint64_t x118; ++ uint64_t x119; ++ uint64_t x120; ++ fiat_secp384r1_uint1 x121; ++ uint64_t x122; ++ fiat_secp384r1_uint1 x123; ++ uint64_t x124; ++ fiat_secp384r1_uint1 x125; ++ uint64_t x126; ++ fiat_secp384r1_uint1 x127; ++ uint64_t x128; ++ fiat_secp384r1_uint1 x129; ++ uint64_t x130; ++ uint64_t x131; ++ fiat_secp384r1_uint1 x132; ++ uint64_t x133; ++ fiat_secp384r1_uint1 x134; ++ uint64_t x135; ++ fiat_secp384r1_uint1 x136; ++ uint64_t x137; ++ fiat_secp384r1_uint1 x138; ++ uint64_t x139; ++ fiat_secp384r1_uint1 x140; ++ uint64_t x141; ++ fiat_secp384r1_uint1 x142; ++ uint64_t x143; ++ fiat_secp384r1_uint1 x144; ++ uint64_t x145; ++ uint64_t x146; ++ uint64_t x147; ++ uint64_t x148; ++ uint64_t x149; ++ uint64_t x150; ++ uint64_t x151; ++ uint64_t x152; ++ uint64_t x153; ++ uint64_t x154; ++ uint64_t x155; ++ uint64_t x156; ++ uint64_t x157; ++ uint64_t x158; ++ fiat_secp384r1_uint1 x159; ++ uint64_t x160; ++ fiat_secp384r1_uint1 x161; ++ uint64_t x162; ++ fiat_secp384r1_uint1 x163; ++ uint64_t x164; ++ fiat_secp384r1_uint1 x165; ++ uint64_t x166; ++ fiat_secp384r1_uint1 x167; ++ uint64_t x168; ++ uint64_t x169; ++ fiat_secp384r1_uint1 x170; ++ uint64_t x171; ++ fiat_secp384r1_uint1 x172; ++ uint64_t x173; ++ fiat_secp384r1_uint1 x174; ++ uint64_t x175; ++ fiat_secp384r1_uint1 x176; ++ uint64_t x177; ++ fiat_secp384r1_uint1 x178; ++ uint64_t x179; ++ fiat_secp384r1_uint1 x180; ++ uint64_t x181; ++ fiat_secp384r1_uint1 x182; ++ uint64_t x183; ++ uint64_t x184; ++ uint64_t x185; ++ uint64_t x186; ++ uint64_t x187; ++ uint64_t x188; ++ uint64_t x189; ++ uint64_t x190; ++ uint64_t x191; ++ uint64_t x192; ++ uint64_t x193; ++ uint64_t x194; ++ uint64_t x195; ++ uint64_t x196; ++ uint64_t x197; ++ fiat_secp384r1_uint1 x198; ++ uint64_t x199; ++ fiat_secp384r1_uint1 x200; ++ uint64_t x201; ++ fiat_secp384r1_uint1 x202; ++ uint64_t x203; ++ fiat_secp384r1_uint1 x204; ++ uint64_t x205; ++ fiat_secp384r1_uint1 x206; ++ uint64_t x207; ++ uint64_t x208; ++ fiat_secp384r1_uint1 x209; ++ uint64_t x210; ++ fiat_secp384r1_uint1 x211; ++ uint64_t x212; ++ fiat_secp384r1_uint1 x213; ++ uint64_t x214; ++ fiat_secp384r1_uint1 x215; ++ uint64_t x216; ++ fiat_secp384r1_uint1 x217; ++ uint64_t x218; ++ fiat_secp384r1_uint1 x219; ++ uint64_t x220; ++ fiat_secp384r1_uint1 x221; ++ uint64_t x222; ++ uint64_t x223; ++ uint64_t x224; ++ uint64_t x225; ++ uint64_t x226; ++ uint64_t x227; ++ uint64_t x228; ++ uint64_t x229; ++ uint64_t x230; ++ uint64_t x231; ++ uint64_t x232; ++ uint64_t x233; ++ uint64_t x234; ++ uint64_t x235; ++ fiat_secp384r1_uint1 x236; ++ uint64_t x237; ++ fiat_secp384r1_uint1 x238; ++ uint64_t x239; ++ fiat_secp384r1_uint1 x240; ++ uint64_t x241; ++ fiat_secp384r1_uint1 x242; ++ uint64_t x243; ++ fiat_secp384r1_uint1 x244; ++ uint64_t x245; ++ uint64_t x246; ++ fiat_secp384r1_uint1 x247; ++ uint64_t x248; ++ fiat_secp384r1_uint1 x249; ++ uint64_t x250; ++ fiat_secp384r1_uint1 x251; ++ uint64_t x252; ++ fiat_secp384r1_uint1 x253; ++ uint64_t x254; ++ fiat_secp384r1_uint1 x255; ++ uint64_t x256; ++ fiat_secp384r1_uint1 x257; ++ uint64_t x258; ++ fiat_secp384r1_uint1 x259; ++ uint64_t x260; ++ uint64_t x261; ++ uint64_t x262; ++ uint64_t x263; ++ uint64_t x264; ++ uint64_t x265; ++ uint64_t x266; ++ uint64_t x267; ++ uint64_t x268; ++ uint64_t x269; ++ uint64_t x270; ++ uint64_t x271; ++ uint64_t x272; ++ uint64_t x273; ++ uint64_t x274; ++ fiat_secp384r1_uint1 x275; ++ uint64_t x276; ++ fiat_secp384r1_uint1 x277; ++ uint64_t x278; ++ fiat_secp384r1_uint1 x279; ++ uint64_t x280; ++ fiat_secp384r1_uint1 x281; ++ uint64_t x282; ++ fiat_secp384r1_uint1 x283; ++ uint64_t x284; ++ uint64_t x285; ++ fiat_secp384r1_uint1 x286; ++ uint64_t x287; ++ fiat_secp384r1_uint1 x288; ++ uint64_t x289; ++ fiat_secp384r1_uint1 x290; ++ uint64_t x291; ++ fiat_secp384r1_uint1 x292; ++ uint64_t x293; ++ fiat_secp384r1_uint1 x294; ++ uint64_t x295; ++ fiat_secp384r1_uint1 x296; ++ uint64_t x297; ++ fiat_secp384r1_uint1 x298; ++ uint64_t x299; ++ uint64_t x300; ++ uint64_t x301; ++ uint64_t x302; ++ uint64_t x303; ++ uint64_t x304; ++ uint64_t x305; ++ uint64_t x306; ++ uint64_t x307; ++ uint64_t x308; ++ uint64_t x309; ++ uint64_t x310; ++ uint64_t x311; ++ uint64_t x312; ++ fiat_secp384r1_uint1 x313; ++ uint64_t x314; ++ fiat_secp384r1_uint1 x315; ++ uint64_t x316; ++ fiat_secp384r1_uint1 x317; ++ uint64_t x318; ++ fiat_secp384r1_uint1 x319; ++ uint64_t x320; ++ fiat_secp384r1_uint1 x321; ++ uint64_t x322; ++ uint64_t x323; ++ fiat_secp384r1_uint1 x324; ++ uint64_t x325; ++ fiat_secp384r1_uint1 x326; ++ uint64_t x327; ++ fiat_secp384r1_uint1 x328; ++ uint64_t x329; ++ fiat_secp384r1_uint1 x330; ++ uint64_t x331; ++ fiat_secp384r1_uint1 x332; ++ uint64_t x333; ++ fiat_secp384r1_uint1 x334; ++ uint64_t x335; ++ fiat_secp384r1_uint1 x336; ++ uint64_t x337; ++ uint64_t x338; ++ uint64_t x339; ++ uint64_t x340; ++ uint64_t x341; ++ uint64_t x342; ++ uint64_t x343; ++ uint64_t x344; ++ uint64_t x345; ++ uint64_t x346; ++ uint64_t x347; ++ uint64_t x348; ++ uint64_t x349; ++ uint64_t x350; ++ uint64_t x351; ++ fiat_secp384r1_uint1 x352; ++ uint64_t x353; ++ fiat_secp384r1_uint1 x354; ++ uint64_t x355; ++ fiat_secp384r1_uint1 x356; ++ uint64_t x357; ++ fiat_secp384r1_uint1 x358; ++ uint64_t x359; ++ fiat_secp384r1_uint1 x360; ++ uint64_t x361; ++ uint64_t x362; ++ fiat_secp384r1_uint1 x363; ++ uint64_t x364; ++ fiat_secp384r1_uint1 x365; ++ uint64_t x366; ++ fiat_secp384r1_uint1 x367; ++ uint64_t x368; ++ fiat_secp384r1_uint1 x369; ++ uint64_t x370; ++ fiat_secp384r1_uint1 x371; ++ uint64_t x372; ++ fiat_secp384r1_uint1 x373; ++ uint64_t x374; ++ fiat_secp384r1_uint1 x375; ++ uint64_t x376; ++ uint64_t x377; ++ uint64_t x378; ++ uint64_t x379; ++ uint64_t x380; ++ uint64_t x381; ++ uint64_t x382; ++ uint64_t x383; ++ uint64_t x384; ++ uint64_t x385; ++ uint64_t x386; ++ uint64_t x387; ++ uint64_t x388; ++ uint64_t x389; ++ fiat_secp384r1_uint1 x390; ++ uint64_t x391; ++ fiat_secp384r1_uint1 x392; ++ uint64_t x393; ++ fiat_secp384r1_uint1 x394; ++ uint64_t x395; ++ fiat_secp384r1_uint1 x396; ++ uint64_t x397; ++ fiat_secp384r1_uint1 x398; ++ uint64_t x399; ++ uint64_t x400; ++ fiat_secp384r1_uint1 x401; ++ uint64_t x402; ++ fiat_secp384r1_uint1 x403; ++ uint64_t x404; ++ fiat_secp384r1_uint1 x405; ++ uint64_t x406; ++ fiat_secp384r1_uint1 x407; ++ uint64_t x408; ++ fiat_secp384r1_uint1 x409; ++ uint64_t x410; ++ fiat_secp384r1_uint1 x411; ++ uint64_t x412; ++ fiat_secp384r1_uint1 x413; ++ uint64_t x414; ++ uint64_t x415; ++ uint64_t x416; ++ uint64_t x417; ++ uint64_t x418; ++ uint64_t x419; ++ uint64_t x420; ++ uint64_t x421; ++ uint64_t x422; ++ uint64_t x423; ++ uint64_t x424; ++ uint64_t x425; ++ uint64_t x426; ++ uint64_t x427; ++ uint64_t x428; ++ fiat_secp384r1_uint1 x429; ++ uint64_t x430; ++ fiat_secp384r1_uint1 x431; ++ uint64_t x432; ++ fiat_secp384r1_uint1 x433; ++ uint64_t x434; ++ fiat_secp384r1_uint1 x435; ++ uint64_t x436; ++ fiat_secp384r1_uint1 x437; ++ uint64_t x438; ++ uint64_t x439; ++ fiat_secp384r1_uint1 x440; ++ uint64_t x441; ++ fiat_secp384r1_uint1 x442; ++ uint64_t x443; ++ fiat_secp384r1_uint1 x444; ++ uint64_t x445; ++ fiat_secp384r1_uint1 x446; ++ uint64_t x447; ++ fiat_secp384r1_uint1 x448; ++ uint64_t x449; ++ fiat_secp384r1_uint1 x450; ++ uint64_t x451; ++ fiat_secp384r1_uint1 x452; ++ uint64_t x453; ++ uint64_t x454; ++ fiat_secp384r1_uint1 x455; ++ uint64_t x456; ++ fiat_secp384r1_uint1 x457; ++ uint64_t x458; ++ fiat_secp384r1_uint1 x459; ++ uint64_t x460; ++ fiat_secp384r1_uint1 x461; ++ uint64_t x462; ++ fiat_secp384r1_uint1 x463; ++ uint64_t x464; ++ fiat_secp384r1_uint1 x465; ++ uint64_t x466; ++ fiat_secp384r1_uint1 x467; ++ uint64_t x468; ++ uint64_t x469; ++ uint64_t x470; ++ uint64_t x471; ++ uint64_t x472; ++ uint64_t x473; ++ x1 = (arg1[1]); ++ x2 = (arg1[2]); ++ x3 = (arg1[3]); ++ x4 = (arg1[4]); ++ x5 = (arg1[5]); ++ x6 = (arg1[0]); ++ fiat_secp384r1_mulx_u64(&x7, &x8, x6, (arg2[5])); ++ fiat_secp384r1_mulx_u64(&x9, &x10, x6, (arg2[4])); ++ fiat_secp384r1_mulx_u64(&x11, &x12, x6, (arg2[3])); ++ fiat_secp384r1_mulx_u64(&x13, &x14, x6, (arg2[2])); ++ fiat_secp384r1_mulx_u64(&x15, &x16, x6, (arg2[1])); ++ fiat_secp384r1_mulx_u64(&x17, &x18, x6, (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x19, &x20, 0x0, x18, x15); ++ fiat_secp384r1_addcarryx_u64(&x21, &x22, x20, x16, x13); ++ fiat_secp384r1_addcarryx_u64(&x23, &x24, x22, x14, x11); ++ fiat_secp384r1_addcarryx_u64(&x25, &x26, x24, x12, x9); ++ fiat_secp384r1_addcarryx_u64(&x27, &x28, x26, x10, x7); ++ x29 = (x28 + x8); ++ fiat_secp384r1_mulx_u64(&x30, &x31, x17, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x32, &x33, x30, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x34, &x35, x30, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x36, &x37, x30, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x38, &x39, x30, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x40, &x41, x30, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x42, &x43, x30, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x44, &x45, 0x0, x43, x40); ++ fiat_secp384r1_addcarryx_u64(&x46, &x47, x45, x41, x38); ++ fiat_secp384r1_addcarryx_u64(&x48, &x49, x47, x39, x36); ++ fiat_secp384r1_addcarryx_u64(&x50, &x51, x49, x37, x34); ++ fiat_secp384r1_addcarryx_u64(&x52, &x53, x51, x35, x32); ++ x54 = (x53 + x33); ++ fiat_secp384r1_addcarryx_u64(&x55, &x56, 0x0, x17, x42); ++ fiat_secp384r1_addcarryx_u64(&x57, &x58, x56, x19, x44); ++ fiat_secp384r1_addcarryx_u64(&x59, &x60, x58, x21, x46); ++ fiat_secp384r1_addcarryx_u64(&x61, &x62, x60, x23, x48); ++ fiat_secp384r1_addcarryx_u64(&x63, &x64, x62, x25, x50); ++ fiat_secp384r1_addcarryx_u64(&x65, &x66, x64, x27, x52); ++ fiat_secp384r1_addcarryx_u64(&x67, &x68, x66, x29, x54); ++ fiat_secp384r1_mulx_u64(&x69, &x70, x1, (arg2[5])); ++ fiat_secp384r1_mulx_u64(&x71, &x72, x1, (arg2[4])); ++ fiat_secp384r1_mulx_u64(&x73, &x74, x1, (arg2[3])); ++ fiat_secp384r1_mulx_u64(&x75, &x76, x1, (arg2[2])); ++ fiat_secp384r1_mulx_u64(&x77, &x78, x1, (arg2[1])); ++ fiat_secp384r1_mulx_u64(&x79, &x80, x1, (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x81, &x82, 0x0, x80, x77); ++ fiat_secp384r1_addcarryx_u64(&x83, &x84, x82, x78, x75); ++ fiat_secp384r1_addcarryx_u64(&x85, &x86, x84, x76, x73); ++ fiat_secp384r1_addcarryx_u64(&x87, &x88, x86, x74, x71); ++ fiat_secp384r1_addcarryx_u64(&x89, &x90, x88, x72, x69); ++ x91 = (x90 + x70); ++ fiat_secp384r1_addcarryx_u64(&x92, &x93, 0x0, x57, x79); ++ fiat_secp384r1_addcarryx_u64(&x94, &x95, x93, x59, x81); ++ fiat_secp384r1_addcarryx_u64(&x96, &x97, x95, x61, x83); ++ fiat_secp384r1_addcarryx_u64(&x98, &x99, x97, x63, x85); ++ fiat_secp384r1_addcarryx_u64(&x100, &x101, x99, x65, x87); ++ fiat_secp384r1_addcarryx_u64(&x102, &x103, x101, x67, x89); ++ fiat_secp384r1_addcarryx_u64(&x104, &x105, x103, x68, x91); ++ fiat_secp384r1_mulx_u64(&x106, &x107, x92, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x108, &x109, x106, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x110, &x111, x106, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x112, &x113, x106, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x114, &x115, x106, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x116, &x117, x106, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x118, &x119, x106, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x120, &x121, 0x0, x119, x116); ++ fiat_secp384r1_addcarryx_u64(&x122, &x123, x121, x117, x114); ++ fiat_secp384r1_addcarryx_u64(&x124, &x125, x123, x115, x112); ++ fiat_secp384r1_addcarryx_u64(&x126, &x127, x125, x113, x110); ++ fiat_secp384r1_addcarryx_u64(&x128, &x129, x127, x111, x108); ++ x130 = (x129 + x109); ++ fiat_secp384r1_addcarryx_u64(&x131, &x132, 0x0, x92, x118); ++ fiat_secp384r1_addcarryx_u64(&x133, &x134, x132, x94, x120); ++ fiat_secp384r1_addcarryx_u64(&x135, &x136, x134, x96, x122); ++ fiat_secp384r1_addcarryx_u64(&x137, &x138, x136, x98, x124); ++ fiat_secp384r1_addcarryx_u64(&x139, &x140, x138, x100, x126); ++ fiat_secp384r1_addcarryx_u64(&x141, &x142, x140, x102, x128); ++ fiat_secp384r1_addcarryx_u64(&x143, &x144, x142, x104, x130); ++ x145 = ((uint64_t)x144 + x105); ++ fiat_secp384r1_mulx_u64(&x146, &x147, x2, (arg2[5])); ++ fiat_secp384r1_mulx_u64(&x148, &x149, x2, (arg2[4])); ++ fiat_secp384r1_mulx_u64(&x150, &x151, x2, (arg2[3])); ++ fiat_secp384r1_mulx_u64(&x152, &x153, x2, (arg2[2])); ++ fiat_secp384r1_mulx_u64(&x154, &x155, x2, (arg2[1])); ++ fiat_secp384r1_mulx_u64(&x156, &x157, x2, (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x158, &x159, 0x0, x157, x154); ++ fiat_secp384r1_addcarryx_u64(&x160, &x161, x159, x155, x152); ++ fiat_secp384r1_addcarryx_u64(&x162, &x163, x161, x153, x150); ++ fiat_secp384r1_addcarryx_u64(&x164, &x165, x163, x151, x148); ++ fiat_secp384r1_addcarryx_u64(&x166, &x167, x165, x149, x146); ++ x168 = (x167 + x147); ++ fiat_secp384r1_addcarryx_u64(&x169, &x170, 0x0, x133, x156); ++ fiat_secp384r1_addcarryx_u64(&x171, &x172, x170, x135, x158); ++ fiat_secp384r1_addcarryx_u64(&x173, &x174, x172, x137, x160); ++ fiat_secp384r1_addcarryx_u64(&x175, &x176, x174, x139, x162); ++ fiat_secp384r1_addcarryx_u64(&x177, &x178, x176, x141, x164); ++ fiat_secp384r1_addcarryx_u64(&x179, &x180, x178, x143, x166); ++ fiat_secp384r1_addcarryx_u64(&x181, &x182, x180, x145, x168); ++ fiat_secp384r1_mulx_u64(&x183, &x184, x169, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x185, &x186, x183, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x187, &x188, x183, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x189, &x190, x183, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x191, &x192, x183, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x193, &x194, x183, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x195, &x196, x183, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x197, &x198, 0x0, x196, x193); ++ fiat_secp384r1_addcarryx_u64(&x199, &x200, x198, x194, x191); ++ fiat_secp384r1_addcarryx_u64(&x201, &x202, x200, x192, x189); ++ fiat_secp384r1_addcarryx_u64(&x203, &x204, x202, x190, x187); ++ fiat_secp384r1_addcarryx_u64(&x205, &x206, x204, x188, x185); ++ x207 = (x206 + x186); ++ fiat_secp384r1_addcarryx_u64(&x208, &x209, 0x0, x169, x195); ++ fiat_secp384r1_addcarryx_u64(&x210, &x211, x209, x171, x197); ++ fiat_secp384r1_addcarryx_u64(&x212, &x213, x211, x173, x199); ++ fiat_secp384r1_addcarryx_u64(&x214, &x215, x213, x175, x201); ++ fiat_secp384r1_addcarryx_u64(&x216, &x217, x215, x177, x203); ++ fiat_secp384r1_addcarryx_u64(&x218, &x219, x217, x179, x205); ++ fiat_secp384r1_addcarryx_u64(&x220, &x221, x219, x181, x207); ++ x222 = ((uint64_t)x221 + x182); ++ fiat_secp384r1_mulx_u64(&x223, &x224, x3, (arg2[5])); ++ fiat_secp384r1_mulx_u64(&x225, &x226, x3, (arg2[4])); ++ fiat_secp384r1_mulx_u64(&x227, &x228, x3, (arg2[3])); ++ fiat_secp384r1_mulx_u64(&x229, &x230, x3, (arg2[2])); ++ fiat_secp384r1_mulx_u64(&x231, &x232, x3, (arg2[1])); ++ fiat_secp384r1_mulx_u64(&x233, &x234, x3, (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x235, &x236, 0x0, x234, x231); ++ fiat_secp384r1_addcarryx_u64(&x237, &x238, x236, x232, x229); ++ fiat_secp384r1_addcarryx_u64(&x239, &x240, x238, x230, x227); ++ fiat_secp384r1_addcarryx_u64(&x241, &x242, x240, x228, x225); ++ fiat_secp384r1_addcarryx_u64(&x243, &x244, x242, x226, x223); ++ x245 = (x244 + x224); ++ fiat_secp384r1_addcarryx_u64(&x246, &x247, 0x0, x210, x233); ++ fiat_secp384r1_addcarryx_u64(&x248, &x249, x247, x212, x235); ++ fiat_secp384r1_addcarryx_u64(&x250, &x251, x249, x214, x237); ++ fiat_secp384r1_addcarryx_u64(&x252, &x253, x251, x216, x239); ++ fiat_secp384r1_addcarryx_u64(&x254, &x255, x253, x218, x241); ++ fiat_secp384r1_addcarryx_u64(&x256, &x257, x255, x220, x243); ++ fiat_secp384r1_addcarryx_u64(&x258, &x259, x257, x222, x245); ++ fiat_secp384r1_mulx_u64(&x260, &x261, x246, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x262, &x263, x260, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x264, &x265, x260, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x266, &x267, x260, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x268, &x269, x260, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x270, &x271, x260, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x272, &x273, x260, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x274, &x275, 0x0, x273, x270); ++ fiat_secp384r1_addcarryx_u64(&x276, &x277, x275, x271, x268); ++ fiat_secp384r1_addcarryx_u64(&x278, &x279, x277, x269, x266); ++ fiat_secp384r1_addcarryx_u64(&x280, &x281, x279, x267, x264); ++ fiat_secp384r1_addcarryx_u64(&x282, &x283, x281, x265, x262); ++ x284 = (x283 + x263); ++ fiat_secp384r1_addcarryx_u64(&x285, &x286, 0x0, x246, x272); ++ fiat_secp384r1_addcarryx_u64(&x287, &x288, x286, x248, x274); ++ fiat_secp384r1_addcarryx_u64(&x289, &x290, x288, x250, x276); ++ fiat_secp384r1_addcarryx_u64(&x291, &x292, x290, x252, x278); ++ fiat_secp384r1_addcarryx_u64(&x293, &x294, x292, x254, x280); ++ fiat_secp384r1_addcarryx_u64(&x295, &x296, x294, x256, x282); ++ fiat_secp384r1_addcarryx_u64(&x297, &x298, x296, x258, x284); ++ x299 = ((uint64_t)x298 + x259); ++ fiat_secp384r1_mulx_u64(&x300, &x301, x4, (arg2[5])); ++ fiat_secp384r1_mulx_u64(&x302, &x303, x4, (arg2[4])); ++ fiat_secp384r1_mulx_u64(&x304, &x305, x4, (arg2[3])); ++ fiat_secp384r1_mulx_u64(&x306, &x307, x4, (arg2[2])); ++ fiat_secp384r1_mulx_u64(&x308, &x309, x4, (arg2[1])); ++ fiat_secp384r1_mulx_u64(&x310, &x311, x4, (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x312, &x313, 0x0, x311, x308); ++ fiat_secp384r1_addcarryx_u64(&x314, &x315, x313, x309, x306); ++ fiat_secp384r1_addcarryx_u64(&x316, &x317, x315, x307, x304); ++ fiat_secp384r1_addcarryx_u64(&x318, &x319, x317, x305, x302); ++ fiat_secp384r1_addcarryx_u64(&x320, &x321, x319, x303, x300); ++ x322 = (x321 + x301); ++ fiat_secp384r1_addcarryx_u64(&x323, &x324, 0x0, x287, x310); ++ fiat_secp384r1_addcarryx_u64(&x325, &x326, x324, x289, x312); ++ fiat_secp384r1_addcarryx_u64(&x327, &x328, x326, x291, x314); ++ fiat_secp384r1_addcarryx_u64(&x329, &x330, x328, x293, x316); ++ fiat_secp384r1_addcarryx_u64(&x331, &x332, x330, x295, x318); ++ fiat_secp384r1_addcarryx_u64(&x333, &x334, x332, x297, x320); ++ fiat_secp384r1_addcarryx_u64(&x335, &x336, x334, x299, x322); ++ fiat_secp384r1_mulx_u64(&x337, &x338, x323, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x339, &x340, x337, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x341, &x342, x337, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x343, &x344, x337, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x345, &x346, x337, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x347, &x348, x337, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x349, &x350, x337, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x351, &x352, 0x0, x350, x347); ++ fiat_secp384r1_addcarryx_u64(&x353, &x354, x352, x348, x345); ++ fiat_secp384r1_addcarryx_u64(&x355, &x356, x354, x346, x343); ++ fiat_secp384r1_addcarryx_u64(&x357, &x358, x356, x344, x341); ++ fiat_secp384r1_addcarryx_u64(&x359, &x360, x358, x342, x339); ++ x361 = (x360 + x340); ++ fiat_secp384r1_addcarryx_u64(&x362, &x363, 0x0, x323, x349); ++ fiat_secp384r1_addcarryx_u64(&x364, &x365, x363, x325, x351); ++ fiat_secp384r1_addcarryx_u64(&x366, &x367, x365, x327, x353); ++ fiat_secp384r1_addcarryx_u64(&x368, &x369, x367, x329, x355); ++ fiat_secp384r1_addcarryx_u64(&x370, &x371, x369, x331, x357); ++ fiat_secp384r1_addcarryx_u64(&x372, &x373, x371, x333, x359); ++ fiat_secp384r1_addcarryx_u64(&x374, &x375, x373, x335, x361); ++ x376 = ((uint64_t)x375 + x336); ++ fiat_secp384r1_mulx_u64(&x377, &x378, x5, (arg2[5])); ++ fiat_secp384r1_mulx_u64(&x379, &x380, x5, (arg2[4])); ++ fiat_secp384r1_mulx_u64(&x381, &x382, x5, (arg2[3])); ++ fiat_secp384r1_mulx_u64(&x383, &x384, x5, (arg2[2])); ++ fiat_secp384r1_mulx_u64(&x385, &x386, x5, (arg2[1])); ++ fiat_secp384r1_mulx_u64(&x387, &x388, x5, (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x389, &x390, 0x0, x388, x385); ++ fiat_secp384r1_addcarryx_u64(&x391, &x392, x390, x386, x383); ++ fiat_secp384r1_addcarryx_u64(&x393, &x394, x392, x384, x381); ++ fiat_secp384r1_addcarryx_u64(&x395, &x396, x394, x382, x379); ++ fiat_secp384r1_addcarryx_u64(&x397, &x398, x396, x380, x377); ++ x399 = (x398 + x378); ++ fiat_secp384r1_addcarryx_u64(&x400, &x401, 0x0, x364, x387); ++ fiat_secp384r1_addcarryx_u64(&x402, &x403, x401, x366, x389); ++ fiat_secp384r1_addcarryx_u64(&x404, &x405, x403, x368, x391); ++ fiat_secp384r1_addcarryx_u64(&x406, &x407, x405, x370, x393); ++ fiat_secp384r1_addcarryx_u64(&x408, &x409, x407, x372, x395); ++ fiat_secp384r1_addcarryx_u64(&x410, &x411, x409, x374, x397); ++ fiat_secp384r1_addcarryx_u64(&x412, &x413, x411, x376, x399); ++ fiat_secp384r1_mulx_u64(&x414, &x415, x400, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x416, &x417, x414, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x418, &x419, x414, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x420, &x421, x414, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x422, &x423, x414, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x424, &x425, x414, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x426, &x427, x414, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x428, &x429, 0x0, x427, x424); ++ fiat_secp384r1_addcarryx_u64(&x430, &x431, x429, x425, x422); ++ fiat_secp384r1_addcarryx_u64(&x432, &x433, x431, x423, x420); ++ fiat_secp384r1_addcarryx_u64(&x434, &x435, x433, x421, x418); ++ fiat_secp384r1_addcarryx_u64(&x436, &x437, x435, x419, x416); ++ x438 = (x437 + x417); ++ fiat_secp384r1_addcarryx_u64(&x439, &x440, 0x0, x400, x426); ++ fiat_secp384r1_addcarryx_u64(&x441, &x442, x440, x402, x428); ++ fiat_secp384r1_addcarryx_u64(&x443, &x444, x442, x404, x430); ++ fiat_secp384r1_addcarryx_u64(&x445, &x446, x444, x406, x432); ++ fiat_secp384r1_addcarryx_u64(&x447, &x448, x446, x408, x434); ++ fiat_secp384r1_addcarryx_u64(&x449, &x450, x448, x410, x436); ++ fiat_secp384r1_addcarryx_u64(&x451, &x452, x450, x412, x438); ++ x453 = ((uint64_t)x452 + x413); ++ fiat_secp384r1_subborrowx_u64(&x454, &x455, 0x0, x441, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x456, &x457, x455, x443, ++ UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_subborrowx_u64(&x458, &x459, x457, x445, ++ UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_subborrowx_u64(&x460, &x461, x459, x447, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x462, &x463, x461, x449, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x464, &x465, x463, x451, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x466, &x467, x465, x453, 0x0); ++ fiat_secp384r1_cmovznz_u64(&x468, x467, x454, x441); ++ fiat_secp384r1_cmovznz_u64(&x469, x467, x456, x443); ++ fiat_secp384r1_cmovznz_u64(&x470, x467, x458, x445); ++ fiat_secp384r1_cmovznz_u64(&x471, x467, x460, x447); ++ fiat_secp384r1_cmovznz_u64(&x472, x467, x462, x449); ++ fiat_secp384r1_cmovznz_u64(&x473, x467, x464, x451); ++ out1[0] = x468; ++ out1[1] = x469; ++ out1[2] = x470; ++ out1[3] = x471; ++ out1[4] = x472; ++ out1[5] = x473; ++} ++ ++/* ++ * The function fiat_secp384r1_square squares a field element in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_square(uint64_t out1[6], const uint64_t arg1[6]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ uint64_t x17; ++ uint64_t x18; ++ uint64_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint64_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint64_t x23; ++ fiat_secp384r1_uint1 x24; ++ uint64_t x25; ++ fiat_secp384r1_uint1 x26; ++ uint64_t x27; ++ fiat_secp384r1_uint1 x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint64_t x32; ++ uint64_t x33; ++ uint64_t x34; ++ uint64_t x35; ++ uint64_t x36; ++ uint64_t x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint64_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ fiat_secp384r1_uint1 x45; ++ uint64_t x46; ++ fiat_secp384r1_uint1 x47; ++ uint64_t x48; ++ fiat_secp384r1_uint1 x49; ++ uint64_t x50; ++ fiat_secp384r1_uint1 x51; ++ uint64_t x52; ++ fiat_secp384r1_uint1 x53; ++ uint64_t x54; ++ uint64_t x55; ++ fiat_secp384r1_uint1 x56; ++ uint64_t x57; ++ fiat_secp384r1_uint1 x58; ++ uint64_t x59; ++ fiat_secp384r1_uint1 x60; ++ uint64_t x61; ++ fiat_secp384r1_uint1 x62; ++ uint64_t x63; ++ fiat_secp384r1_uint1 x64; ++ uint64_t x65; ++ fiat_secp384r1_uint1 x66; ++ uint64_t x67; ++ fiat_secp384r1_uint1 x68; ++ uint64_t x69; ++ uint64_t x70; ++ uint64_t x71; ++ uint64_t x72; ++ uint64_t x73; ++ uint64_t x74; ++ uint64_t x75; ++ uint64_t x76; ++ uint64_t x77; ++ uint64_t x78; ++ uint64_t x79; ++ uint64_t x80; ++ uint64_t x81; ++ fiat_secp384r1_uint1 x82; ++ uint64_t x83; ++ fiat_secp384r1_uint1 x84; ++ uint64_t x85; ++ fiat_secp384r1_uint1 x86; ++ uint64_t x87; ++ fiat_secp384r1_uint1 x88; ++ uint64_t x89; ++ fiat_secp384r1_uint1 x90; ++ uint64_t x91; ++ uint64_t x92; ++ fiat_secp384r1_uint1 x93; ++ uint64_t x94; ++ fiat_secp384r1_uint1 x95; ++ uint64_t x96; ++ fiat_secp384r1_uint1 x97; ++ uint64_t x98; ++ fiat_secp384r1_uint1 x99; ++ uint64_t x100; ++ fiat_secp384r1_uint1 x101; ++ uint64_t x102; ++ fiat_secp384r1_uint1 x103; ++ uint64_t x104; ++ fiat_secp384r1_uint1 x105; ++ uint64_t x106; ++ uint64_t x107; ++ uint64_t x108; ++ uint64_t x109; ++ uint64_t x110; ++ uint64_t x111; ++ uint64_t x112; ++ uint64_t x113; ++ uint64_t x114; ++ uint64_t x115; ++ uint64_t x116; ++ uint64_t x117; ++ uint64_t x118; ++ uint64_t x119; ++ uint64_t x120; ++ fiat_secp384r1_uint1 x121; ++ uint64_t x122; ++ fiat_secp384r1_uint1 x123; ++ uint64_t x124; ++ fiat_secp384r1_uint1 x125; ++ uint64_t x126; ++ fiat_secp384r1_uint1 x127; ++ uint64_t x128; ++ fiat_secp384r1_uint1 x129; ++ uint64_t x130; ++ uint64_t x131; ++ fiat_secp384r1_uint1 x132; ++ uint64_t x133; ++ fiat_secp384r1_uint1 x134; ++ uint64_t x135; ++ fiat_secp384r1_uint1 x136; ++ uint64_t x137; ++ fiat_secp384r1_uint1 x138; ++ uint64_t x139; ++ fiat_secp384r1_uint1 x140; ++ uint64_t x141; ++ fiat_secp384r1_uint1 x142; ++ uint64_t x143; ++ fiat_secp384r1_uint1 x144; ++ uint64_t x145; ++ uint64_t x146; ++ uint64_t x147; ++ uint64_t x148; ++ uint64_t x149; ++ uint64_t x150; ++ uint64_t x151; ++ uint64_t x152; ++ uint64_t x153; ++ uint64_t x154; ++ uint64_t x155; ++ uint64_t x156; ++ uint64_t x157; ++ uint64_t x158; ++ fiat_secp384r1_uint1 x159; ++ uint64_t x160; ++ fiat_secp384r1_uint1 x161; ++ uint64_t x162; ++ fiat_secp384r1_uint1 x163; ++ uint64_t x164; ++ fiat_secp384r1_uint1 x165; ++ uint64_t x166; ++ fiat_secp384r1_uint1 x167; ++ uint64_t x168; ++ uint64_t x169; ++ fiat_secp384r1_uint1 x170; ++ uint64_t x171; ++ fiat_secp384r1_uint1 x172; ++ uint64_t x173; ++ fiat_secp384r1_uint1 x174; ++ uint64_t x175; ++ fiat_secp384r1_uint1 x176; ++ uint64_t x177; ++ fiat_secp384r1_uint1 x178; ++ uint64_t x179; ++ fiat_secp384r1_uint1 x180; ++ uint64_t x181; ++ fiat_secp384r1_uint1 x182; ++ uint64_t x183; ++ uint64_t x184; ++ uint64_t x185; ++ uint64_t x186; ++ uint64_t x187; ++ uint64_t x188; ++ uint64_t x189; ++ uint64_t x190; ++ uint64_t x191; ++ uint64_t x192; ++ uint64_t x193; ++ uint64_t x194; ++ uint64_t x195; ++ uint64_t x196; ++ uint64_t x197; ++ fiat_secp384r1_uint1 x198; ++ uint64_t x199; ++ fiat_secp384r1_uint1 x200; ++ uint64_t x201; ++ fiat_secp384r1_uint1 x202; ++ uint64_t x203; ++ fiat_secp384r1_uint1 x204; ++ uint64_t x205; ++ fiat_secp384r1_uint1 x206; ++ uint64_t x207; ++ uint64_t x208; ++ fiat_secp384r1_uint1 x209; ++ uint64_t x210; ++ fiat_secp384r1_uint1 x211; ++ uint64_t x212; ++ fiat_secp384r1_uint1 x213; ++ uint64_t x214; ++ fiat_secp384r1_uint1 x215; ++ uint64_t x216; ++ fiat_secp384r1_uint1 x217; ++ uint64_t x218; ++ fiat_secp384r1_uint1 x219; ++ uint64_t x220; ++ fiat_secp384r1_uint1 x221; ++ uint64_t x222; ++ uint64_t x223; ++ uint64_t x224; ++ uint64_t x225; ++ uint64_t x226; ++ uint64_t x227; ++ uint64_t x228; ++ uint64_t x229; ++ uint64_t x230; ++ uint64_t x231; ++ uint64_t x232; ++ uint64_t x233; ++ uint64_t x234; ++ uint64_t x235; ++ fiat_secp384r1_uint1 x236; ++ uint64_t x237; ++ fiat_secp384r1_uint1 x238; ++ uint64_t x239; ++ fiat_secp384r1_uint1 x240; ++ uint64_t x241; ++ fiat_secp384r1_uint1 x242; ++ uint64_t x243; ++ fiat_secp384r1_uint1 x244; ++ uint64_t x245; ++ uint64_t x246; ++ fiat_secp384r1_uint1 x247; ++ uint64_t x248; ++ fiat_secp384r1_uint1 x249; ++ uint64_t x250; ++ fiat_secp384r1_uint1 x251; ++ uint64_t x252; ++ fiat_secp384r1_uint1 x253; ++ uint64_t x254; ++ fiat_secp384r1_uint1 x255; ++ uint64_t x256; ++ fiat_secp384r1_uint1 x257; ++ uint64_t x258; ++ fiat_secp384r1_uint1 x259; ++ uint64_t x260; ++ uint64_t x261; ++ uint64_t x262; ++ uint64_t x263; ++ uint64_t x264; ++ uint64_t x265; ++ uint64_t x266; ++ uint64_t x267; ++ uint64_t x268; ++ uint64_t x269; ++ uint64_t x270; ++ uint64_t x271; ++ uint64_t x272; ++ uint64_t x273; ++ uint64_t x274; ++ fiat_secp384r1_uint1 x275; ++ uint64_t x276; ++ fiat_secp384r1_uint1 x277; ++ uint64_t x278; ++ fiat_secp384r1_uint1 x279; ++ uint64_t x280; ++ fiat_secp384r1_uint1 x281; ++ uint64_t x282; ++ fiat_secp384r1_uint1 x283; ++ uint64_t x284; ++ uint64_t x285; ++ fiat_secp384r1_uint1 x286; ++ uint64_t x287; ++ fiat_secp384r1_uint1 x288; ++ uint64_t x289; ++ fiat_secp384r1_uint1 x290; ++ uint64_t x291; ++ fiat_secp384r1_uint1 x292; ++ uint64_t x293; ++ fiat_secp384r1_uint1 x294; ++ uint64_t x295; ++ fiat_secp384r1_uint1 x296; ++ uint64_t x297; ++ fiat_secp384r1_uint1 x298; ++ uint64_t x299; ++ uint64_t x300; ++ uint64_t x301; ++ uint64_t x302; ++ uint64_t x303; ++ uint64_t x304; ++ uint64_t x305; ++ uint64_t x306; ++ uint64_t x307; ++ uint64_t x308; ++ uint64_t x309; ++ uint64_t x310; ++ uint64_t x311; ++ uint64_t x312; ++ fiat_secp384r1_uint1 x313; ++ uint64_t x314; ++ fiat_secp384r1_uint1 x315; ++ uint64_t x316; ++ fiat_secp384r1_uint1 x317; ++ uint64_t x318; ++ fiat_secp384r1_uint1 x319; ++ uint64_t x320; ++ fiat_secp384r1_uint1 x321; ++ uint64_t x322; ++ uint64_t x323; ++ fiat_secp384r1_uint1 x324; ++ uint64_t x325; ++ fiat_secp384r1_uint1 x326; ++ uint64_t x327; ++ fiat_secp384r1_uint1 x328; ++ uint64_t x329; ++ fiat_secp384r1_uint1 x330; ++ uint64_t x331; ++ fiat_secp384r1_uint1 x332; ++ uint64_t x333; ++ fiat_secp384r1_uint1 x334; ++ uint64_t x335; ++ fiat_secp384r1_uint1 x336; ++ uint64_t x337; ++ uint64_t x338; ++ uint64_t x339; ++ uint64_t x340; ++ uint64_t x341; ++ uint64_t x342; ++ uint64_t x343; ++ uint64_t x344; ++ uint64_t x345; ++ uint64_t x346; ++ uint64_t x347; ++ uint64_t x348; ++ uint64_t x349; ++ uint64_t x350; ++ uint64_t x351; ++ fiat_secp384r1_uint1 x352; ++ uint64_t x353; ++ fiat_secp384r1_uint1 x354; ++ uint64_t x355; ++ fiat_secp384r1_uint1 x356; ++ uint64_t x357; ++ fiat_secp384r1_uint1 x358; ++ uint64_t x359; ++ fiat_secp384r1_uint1 x360; ++ uint64_t x361; ++ uint64_t x362; ++ fiat_secp384r1_uint1 x363; ++ uint64_t x364; ++ fiat_secp384r1_uint1 x365; ++ uint64_t x366; ++ fiat_secp384r1_uint1 x367; ++ uint64_t x368; ++ fiat_secp384r1_uint1 x369; ++ uint64_t x370; ++ fiat_secp384r1_uint1 x371; ++ uint64_t x372; ++ fiat_secp384r1_uint1 x373; ++ uint64_t x374; ++ fiat_secp384r1_uint1 x375; ++ uint64_t x376; ++ uint64_t x377; ++ uint64_t x378; ++ uint64_t x379; ++ uint64_t x380; ++ uint64_t x381; ++ uint64_t x382; ++ uint64_t x383; ++ uint64_t x384; ++ uint64_t x385; ++ uint64_t x386; ++ uint64_t x387; ++ uint64_t x388; ++ uint64_t x389; ++ fiat_secp384r1_uint1 x390; ++ uint64_t x391; ++ fiat_secp384r1_uint1 x392; ++ uint64_t x393; ++ fiat_secp384r1_uint1 x394; ++ uint64_t x395; ++ fiat_secp384r1_uint1 x396; ++ uint64_t x397; ++ fiat_secp384r1_uint1 x398; ++ uint64_t x399; ++ uint64_t x400; ++ fiat_secp384r1_uint1 x401; ++ uint64_t x402; ++ fiat_secp384r1_uint1 x403; ++ uint64_t x404; ++ fiat_secp384r1_uint1 x405; ++ uint64_t x406; ++ fiat_secp384r1_uint1 x407; ++ uint64_t x408; ++ fiat_secp384r1_uint1 x409; ++ uint64_t x410; ++ fiat_secp384r1_uint1 x411; ++ uint64_t x412; ++ fiat_secp384r1_uint1 x413; ++ uint64_t x414; ++ uint64_t x415; ++ uint64_t x416; ++ uint64_t x417; ++ uint64_t x418; ++ uint64_t x419; ++ uint64_t x420; ++ uint64_t x421; ++ uint64_t x422; ++ uint64_t x423; ++ uint64_t x424; ++ uint64_t x425; ++ uint64_t x426; ++ uint64_t x427; ++ uint64_t x428; ++ fiat_secp384r1_uint1 x429; ++ uint64_t x430; ++ fiat_secp384r1_uint1 x431; ++ uint64_t x432; ++ fiat_secp384r1_uint1 x433; ++ uint64_t x434; ++ fiat_secp384r1_uint1 x435; ++ uint64_t x436; ++ fiat_secp384r1_uint1 x437; ++ uint64_t x438; ++ uint64_t x439; ++ fiat_secp384r1_uint1 x440; ++ uint64_t x441; ++ fiat_secp384r1_uint1 x442; ++ uint64_t x443; ++ fiat_secp384r1_uint1 x444; ++ uint64_t x445; ++ fiat_secp384r1_uint1 x446; ++ uint64_t x447; ++ fiat_secp384r1_uint1 x448; ++ uint64_t x449; ++ fiat_secp384r1_uint1 x450; ++ uint64_t x451; ++ fiat_secp384r1_uint1 x452; ++ uint64_t x453; ++ uint64_t x454; ++ fiat_secp384r1_uint1 x455; ++ uint64_t x456; ++ fiat_secp384r1_uint1 x457; ++ uint64_t x458; ++ fiat_secp384r1_uint1 x459; ++ uint64_t x460; ++ fiat_secp384r1_uint1 x461; ++ uint64_t x462; ++ fiat_secp384r1_uint1 x463; ++ uint64_t x464; ++ fiat_secp384r1_uint1 x465; ++ uint64_t x466; ++ fiat_secp384r1_uint1 x467; ++ uint64_t x468; ++ uint64_t x469; ++ uint64_t x470; ++ uint64_t x471; ++ uint64_t x472; ++ uint64_t x473; ++ x1 = (arg1[1]); ++ x2 = (arg1[2]); ++ x3 = (arg1[3]); ++ x4 = (arg1[4]); ++ x5 = (arg1[5]); ++ x6 = (arg1[0]); ++ fiat_secp384r1_mulx_u64(&x7, &x8, x6, (arg1[5])); ++ fiat_secp384r1_mulx_u64(&x9, &x10, x6, (arg1[4])); ++ fiat_secp384r1_mulx_u64(&x11, &x12, x6, (arg1[3])); ++ fiat_secp384r1_mulx_u64(&x13, &x14, x6, (arg1[2])); ++ fiat_secp384r1_mulx_u64(&x15, &x16, x6, (arg1[1])); ++ fiat_secp384r1_mulx_u64(&x17, &x18, x6, (arg1[0])); ++ fiat_secp384r1_addcarryx_u64(&x19, &x20, 0x0, x18, x15); ++ fiat_secp384r1_addcarryx_u64(&x21, &x22, x20, x16, x13); ++ fiat_secp384r1_addcarryx_u64(&x23, &x24, x22, x14, x11); ++ fiat_secp384r1_addcarryx_u64(&x25, &x26, x24, x12, x9); ++ fiat_secp384r1_addcarryx_u64(&x27, &x28, x26, x10, x7); ++ x29 = (x28 + x8); ++ fiat_secp384r1_mulx_u64(&x30, &x31, x17, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x32, &x33, x30, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x34, &x35, x30, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x36, &x37, x30, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x38, &x39, x30, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x40, &x41, x30, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x42, &x43, x30, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x44, &x45, 0x0, x43, x40); ++ fiat_secp384r1_addcarryx_u64(&x46, &x47, x45, x41, x38); ++ fiat_secp384r1_addcarryx_u64(&x48, &x49, x47, x39, x36); ++ fiat_secp384r1_addcarryx_u64(&x50, &x51, x49, x37, x34); ++ fiat_secp384r1_addcarryx_u64(&x52, &x53, x51, x35, x32); ++ x54 = (x53 + x33); ++ fiat_secp384r1_addcarryx_u64(&x55, &x56, 0x0, x17, x42); ++ fiat_secp384r1_addcarryx_u64(&x57, &x58, x56, x19, x44); ++ fiat_secp384r1_addcarryx_u64(&x59, &x60, x58, x21, x46); ++ fiat_secp384r1_addcarryx_u64(&x61, &x62, x60, x23, x48); ++ fiat_secp384r1_addcarryx_u64(&x63, &x64, x62, x25, x50); ++ fiat_secp384r1_addcarryx_u64(&x65, &x66, x64, x27, x52); ++ fiat_secp384r1_addcarryx_u64(&x67, &x68, x66, x29, x54); ++ fiat_secp384r1_mulx_u64(&x69, &x70, x1, (arg1[5])); ++ fiat_secp384r1_mulx_u64(&x71, &x72, x1, (arg1[4])); ++ fiat_secp384r1_mulx_u64(&x73, &x74, x1, (arg1[3])); ++ fiat_secp384r1_mulx_u64(&x75, &x76, x1, (arg1[2])); ++ fiat_secp384r1_mulx_u64(&x77, &x78, x1, (arg1[1])); ++ fiat_secp384r1_mulx_u64(&x79, &x80, x1, (arg1[0])); ++ fiat_secp384r1_addcarryx_u64(&x81, &x82, 0x0, x80, x77); ++ fiat_secp384r1_addcarryx_u64(&x83, &x84, x82, x78, x75); ++ fiat_secp384r1_addcarryx_u64(&x85, &x86, x84, x76, x73); ++ fiat_secp384r1_addcarryx_u64(&x87, &x88, x86, x74, x71); ++ fiat_secp384r1_addcarryx_u64(&x89, &x90, x88, x72, x69); ++ x91 = (x90 + x70); ++ fiat_secp384r1_addcarryx_u64(&x92, &x93, 0x0, x57, x79); ++ fiat_secp384r1_addcarryx_u64(&x94, &x95, x93, x59, x81); ++ fiat_secp384r1_addcarryx_u64(&x96, &x97, x95, x61, x83); ++ fiat_secp384r1_addcarryx_u64(&x98, &x99, x97, x63, x85); ++ fiat_secp384r1_addcarryx_u64(&x100, &x101, x99, x65, x87); ++ fiat_secp384r1_addcarryx_u64(&x102, &x103, x101, x67, x89); ++ fiat_secp384r1_addcarryx_u64(&x104, &x105, x103, x68, x91); ++ fiat_secp384r1_mulx_u64(&x106, &x107, x92, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x108, &x109, x106, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x110, &x111, x106, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x112, &x113, x106, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x114, &x115, x106, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x116, &x117, x106, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x118, &x119, x106, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x120, &x121, 0x0, x119, x116); ++ fiat_secp384r1_addcarryx_u64(&x122, &x123, x121, x117, x114); ++ fiat_secp384r1_addcarryx_u64(&x124, &x125, x123, x115, x112); ++ fiat_secp384r1_addcarryx_u64(&x126, &x127, x125, x113, x110); ++ fiat_secp384r1_addcarryx_u64(&x128, &x129, x127, x111, x108); ++ x130 = (x129 + x109); ++ fiat_secp384r1_addcarryx_u64(&x131, &x132, 0x0, x92, x118); ++ fiat_secp384r1_addcarryx_u64(&x133, &x134, x132, x94, x120); ++ fiat_secp384r1_addcarryx_u64(&x135, &x136, x134, x96, x122); ++ fiat_secp384r1_addcarryx_u64(&x137, &x138, x136, x98, x124); ++ fiat_secp384r1_addcarryx_u64(&x139, &x140, x138, x100, x126); ++ fiat_secp384r1_addcarryx_u64(&x141, &x142, x140, x102, x128); ++ fiat_secp384r1_addcarryx_u64(&x143, &x144, x142, x104, x130); ++ x145 = ((uint64_t)x144 + x105); ++ fiat_secp384r1_mulx_u64(&x146, &x147, x2, (arg1[5])); ++ fiat_secp384r1_mulx_u64(&x148, &x149, x2, (arg1[4])); ++ fiat_secp384r1_mulx_u64(&x150, &x151, x2, (arg1[3])); ++ fiat_secp384r1_mulx_u64(&x152, &x153, x2, (arg1[2])); ++ fiat_secp384r1_mulx_u64(&x154, &x155, x2, (arg1[1])); ++ fiat_secp384r1_mulx_u64(&x156, &x157, x2, (arg1[0])); ++ fiat_secp384r1_addcarryx_u64(&x158, &x159, 0x0, x157, x154); ++ fiat_secp384r1_addcarryx_u64(&x160, &x161, x159, x155, x152); ++ fiat_secp384r1_addcarryx_u64(&x162, &x163, x161, x153, x150); ++ fiat_secp384r1_addcarryx_u64(&x164, &x165, x163, x151, x148); ++ fiat_secp384r1_addcarryx_u64(&x166, &x167, x165, x149, x146); ++ x168 = (x167 + x147); ++ fiat_secp384r1_addcarryx_u64(&x169, &x170, 0x0, x133, x156); ++ fiat_secp384r1_addcarryx_u64(&x171, &x172, x170, x135, x158); ++ fiat_secp384r1_addcarryx_u64(&x173, &x174, x172, x137, x160); ++ fiat_secp384r1_addcarryx_u64(&x175, &x176, x174, x139, x162); ++ fiat_secp384r1_addcarryx_u64(&x177, &x178, x176, x141, x164); ++ fiat_secp384r1_addcarryx_u64(&x179, &x180, x178, x143, x166); ++ fiat_secp384r1_addcarryx_u64(&x181, &x182, x180, x145, x168); ++ fiat_secp384r1_mulx_u64(&x183, &x184, x169, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x185, &x186, x183, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x187, &x188, x183, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x189, &x190, x183, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x191, &x192, x183, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x193, &x194, x183, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x195, &x196, x183, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x197, &x198, 0x0, x196, x193); ++ fiat_secp384r1_addcarryx_u64(&x199, &x200, x198, x194, x191); ++ fiat_secp384r1_addcarryx_u64(&x201, &x202, x200, x192, x189); ++ fiat_secp384r1_addcarryx_u64(&x203, &x204, x202, x190, x187); ++ fiat_secp384r1_addcarryx_u64(&x205, &x206, x204, x188, x185); ++ x207 = (x206 + x186); ++ fiat_secp384r1_addcarryx_u64(&x208, &x209, 0x0, x169, x195); ++ fiat_secp384r1_addcarryx_u64(&x210, &x211, x209, x171, x197); ++ fiat_secp384r1_addcarryx_u64(&x212, &x213, x211, x173, x199); ++ fiat_secp384r1_addcarryx_u64(&x214, &x215, x213, x175, x201); ++ fiat_secp384r1_addcarryx_u64(&x216, &x217, x215, x177, x203); ++ fiat_secp384r1_addcarryx_u64(&x218, &x219, x217, x179, x205); ++ fiat_secp384r1_addcarryx_u64(&x220, &x221, x219, x181, x207); ++ x222 = ((uint64_t)x221 + x182); ++ fiat_secp384r1_mulx_u64(&x223, &x224, x3, (arg1[5])); ++ fiat_secp384r1_mulx_u64(&x225, &x226, x3, (arg1[4])); ++ fiat_secp384r1_mulx_u64(&x227, &x228, x3, (arg1[3])); ++ fiat_secp384r1_mulx_u64(&x229, &x230, x3, (arg1[2])); ++ fiat_secp384r1_mulx_u64(&x231, &x232, x3, (arg1[1])); ++ fiat_secp384r1_mulx_u64(&x233, &x234, x3, (arg1[0])); ++ fiat_secp384r1_addcarryx_u64(&x235, &x236, 0x0, x234, x231); ++ fiat_secp384r1_addcarryx_u64(&x237, &x238, x236, x232, x229); ++ fiat_secp384r1_addcarryx_u64(&x239, &x240, x238, x230, x227); ++ fiat_secp384r1_addcarryx_u64(&x241, &x242, x240, x228, x225); ++ fiat_secp384r1_addcarryx_u64(&x243, &x244, x242, x226, x223); ++ x245 = (x244 + x224); ++ fiat_secp384r1_addcarryx_u64(&x246, &x247, 0x0, x210, x233); ++ fiat_secp384r1_addcarryx_u64(&x248, &x249, x247, x212, x235); ++ fiat_secp384r1_addcarryx_u64(&x250, &x251, x249, x214, x237); ++ fiat_secp384r1_addcarryx_u64(&x252, &x253, x251, x216, x239); ++ fiat_secp384r1_addcarryx_u64(&x254, &x255, x253, x218, x241); ++ fiat_secp384r1_addcarryx_u64(&x256, &x257, x255, x220, x243); ++ fiat_secp384r1_addcarryx_u64(&x258, &x259, x257, x222, x245); ++ fiat_secp384r1_mulx_u64(&x260, &x261, x246, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x262, &x263, x260, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x264, &x265, x260, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x266, &x267, x260, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x268, &x269, x260, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x270, &x271, x260, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x272, &x273, x260, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x274, &x275, 0x0, x273, x270); ++ fiat_secp384r1_addcarryx_u64(&x276, &x277, x275, x271, x268); ++ fiat_secp384r1_addcarryx_u64(&x278, &x279, x277, x269, x266); ++ fiat_secp384r1_addcarryx_u64(&x280, &x281, x279, x267, x264); ++ fiat_secp384r1_addcarryx_u64(&x282, &x283, x281, x265, x262); ++ x284 = (x283 + x263); ++ fiat_secp384r1_addcarryx_u64(&x285, &x286, 0x0, x246, x272); ++ fiat_secp384r1_addcarryx_u64(&x287, &x288, x286, x248, x274); ++ fiat_secp384r1_addcarryx_u64(&x289, &x290, x288, x250, x276); ++ fiat_secp384r1_addcarryx_u64(&x291, &x292, x290, x252, x278); ++ fiat_secp384r1_addcarryx_u64(&x293, &x294, x292, x254, x280); ++ fiat_secp384r1_addcarryx_u64(&x295, &x296, x294, x256, x282); ++ fiat_secp384r1_addcarryx_u64(&x297, &x298, x296, x258, x284); ++ x299 = ((uint64_t)x298 + x259); ++ fiat_secp384r1_mulx_u64(&x300, &x301, x4, (arg1[5])); ++ fiat_secp384r1_mulx_u64(&x302, &x303, x4, (arg1[4])); ++ fiat_secp384r1_mulx_u64(&x304, &x305, x4, (arg1[3])); ++ fiat_secp384r1_mulx_u64(&x306, &x307, x4, (arg1[2])); ++ fiat_secp384r1_mulx_u64(&x308, &x309, x4, (arg1[1])); ++ fiat_secp384r1_mulx_u64(&x310, &x311, x4, (arg1[0])); ++ fiat_secp384r1_addcarryx_u64(&x312, &x313, 0x0, x311, x308); ++ fiat_secp384r1_addcarryx_u64(&x314, &x315, x313, x309, x306); ++ fiat_secp384r1_addcarryx_u64(&x316, &x317, x315, x307, x304); ++ fiat_secp384r1_addcarryx_u64(&x318, &x319, x317, x305, x302); ++ fiat_secp384r1_addcarryx_u64(&x320, &x321, x319, x303, x300); ++ x322 = (x321 + x301); ++ fiat_secp384r1_addcarryx_u64(&x323, &x324, 0x0, x287, x310); ++ fiat_secp384r1_addcarryx_u64(&x325, &x326, x324, x289, x312); ++ fiat_secp384r1_addcarryx_u64(&x327, &x328, x326, x291, x314); ++ fiat_secp384r1_addcarryx_u64(&x329, &x330, x328, x293, x316); ++ fiat_secp384r1_addcarryx_u64(&x331, &x332, x330, x295, x318); ++ fiat_secp384r1_addcarryx_u64(&x333, &x334, x332, x297, x320); ++ fiat_secp384r1_addcarryx_u64(&x335, &x336, x334, x299, x322); ++ fiat_secp384r1_mulx_u64(&x337, &x338, x323, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x339, &x340, x337, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x341, &x342, x337, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x343, &x344, x337, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x345, &x346, x337, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x347, &x348, x337, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x349, &x350, x337, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x351, &x352, 0x0, x350, x347); ++ fiat_secp384r1_addcarryx_u64(&x353, &x354, x352, x348, x345); ++ fiat_secp384r1_addcarryx_u64(&x355, &x356, x354, x346, x343); ++ fiat_secp384r1_addcarryx_u64(&x357, &x358, x356, x344, x341); ++ fiat_secp384r1_addcarryx_u64(&x359, &x360, x358, x342, x339); ++ x361 = (x360 + x340); ++ fiat_secp384r1_addcarryx_u64(&x362, &x363, 0x0, x323, x349); ++ fiat_secp384r1_addcarryx_u64(&x364, &x365, x363, x325, x351); ++ fiat_secp384r1_addcarryx_u64(&x366, &x367, x365, x327, x353); ++ fiat_secp384r1_addcarryx_u64(&x368, &x369, x367, x329, x355); ++ fiat_secp384r1_addcarryx_u64(&x370, &x371, x369, x331, x357); ++ fiat_secp384r1_addcarryx_u64(&x372, &x373, x371, x333, x359); ++ fiat_secp384r1_addcarryx_u64(&x374, &x375, x373, x335, x361); ++ x376 = ((uint64_t)x375 + x336); ++ fiat_secp384r1_mulx_u64(&x377, &x378, x5, (arg1[5])); ++ fiat_secp384r1_mulx_u64(&x379, &x380, x5, (arg1[4])); ++ fiat_secp384r1_mulx_u64(&x381, &x382, x5, (arg1[3])); ++ fiat_secp384r1_mulx_u64(&x383, &x384, x5, (arg1[2])); ++ fiat_secp384r1_mulx_u64(&x385, &x386, x5, (arg1[1])); ++ fiat_secp384r1_mulx_u64(&x387, &x388, x5, (arg1[0])); ++ fiat_secp384r1_addcarryx_u64(&x389, &x390, 0x0, x388, x385); ++ fiat_secp384r1_addcarryx_u64(&x391, &x392, x390, x386, x383); ++ fiat_secp384r1_addcarryx_u64(&x393, &x394, x392, x384, x381); ++ fiat_secp384r1_addcarryx_u64(&x395, &x396, x394, x382, x379); ++ fiat_secp384r1_addcarryx_u64(&x397, &x398, x396, x380, x377); ++ x399 = (x398 + x378); ++ fiat_secp384r1_addcarryx_u64(&x400, &x401, 0x0, x364, x387); ++ fiat_secp384r1_addcarryx_u64(&x402, &x403, x401, x366, x389); ++ fiat_secp384r1_addcarryx_u64(&x404, &x405, x403, x368, x391); ++ fiat_secp384r1_addcarryx_u64(&x406, &x407, x405, x370, x393); ++ fiat_secp384r1_addcarryx_u64(&x408, &x409, x407, x372, x395); ++ fiat_secp384r1_addcarryx_u64(&x410, &x411, x409, x374, x397); ++ fiat_secp384r1_addcarryx_u64(&x412, &x413, x411, x376, x399); ++ fiat_secp384r1_mulx_u64(&x414, &x415, x400, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x416, &x417, x414, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x418, &x419, x414, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x420, &x421, x414, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x422, &x423, x414, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x424, &x425, x414, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x426, &x427, x414, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x428, &x429, 0x0, x427, x424); ++ fiat_secp384r1_addcarryx_u64(&x430, &x431, x429, x425, x422); ++ fiat_secp384r1_addcarryx_u64(&x432, &x433, x431, x423, x420); ++ fiat_secp384r1_addcarryx_u64(&x434, &x435, x433, x421, x418); ++ fiat_secp384r1_addcarryx_u64(&x436, &x437, x435, x419, x416); ++ x438 = (x437 + x417); ++ fiat_secp384r1_addcarryx_u64(&x439, &x440, 0x0, x400, x426); ++ fiat_secp384r1_addcarryx_u64(&x441, &x442, x440, x402, x428); ++ fiat_secp384r1_addcarryx_u64(&x443, &x444, x442, x404, x430); ++ fiat_secp384r1_addcarryx_u64(&x445, &x446, x444, x406, x432); ++ fiat_secp384r1_addcarryx_u64(&x447, &x448, x446, x408, x434); ++ fiat_secp384r1_addcarryx_u64(&x449, &x450, x448, x410, x436); ++ fiat_secp384r1_addcarryx_u64(&x451, &x452, x450, x412, x438); ++ x453 = ((uint64_t)x452 + x413); ++ fiat_secp384r1_subborrowx_u64(&x454, &x455, 0x0, x441, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x456, &x457, x455, x443, ++ UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_subborrowx_u64(&x458, &x459, x457, x445, ++ UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_subborrowx_u64(&x460, &x461, x459, x447, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x462, &x463, x461, x449, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x464, &x465, x463, x451, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x466, &x467, x465, x453, 0x0); ++ fiat_secp384r1_cmovznz_u64(&x468, x467, x454, x441); ++ fiat_secp384r1_cmovznz_u64(&x469, x467, x456, x443); ++ fiat_secp384r1_cmovznz_u64(&x470, x467, x458, x445); ++ fiat_secp384r1_cmovznz_u64(&x471, x467, x460, x447); ++ fiat_secp384r1_cmovznz_u64(&x472, x467, x462, x449); ++ fiat_secp384r1_cmovznz_u64(&x473, x467, x464, x451); ++ out1[0] = x468; ++ out1[1] = x469; ++ out1[2] = x470; ++ out1[3] = x471; ++ out1[4] = x472; ++ out1[5] = x473; ++} ++ ++/* ++ * The function fiat_secp384r1_add adds two field elements in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * 0 ≤ eval arg2 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_add(uint64_t out1[6], const uint64_t arg1[6], ++ const uint64_t arg2[6]) ++{ ++ uint64_t x1; ++ fiat_secp384r1_uint1 x2; ++ uint64_t x3; ++ fiat_secp384r1_uint1 x4; ++ uint64_t x5; ++ fiat_secp384r1_uint1 x6; ++ uint64_t x7; ++ fiat_secp384r1_uint1 x8; ++ uint64_t x9; ++ fiat_secp384r1_uint1 x10; ++ uint64_t x11; ++ fiat_secp384r1_uint1 x12; ++ uint64_t x13; ++ fiat_secp384r1_uint1 x14; ++ uint64_t x15; ++ fiat_secp384r1_uint1 x16; ++ uint64_t x17; ++ fiat_secp384r1_uint1 x18; ++ uint64_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint64_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint64_t x23; ++ fiat_secp384r1_uint1 x24; ++ uint64_t x25; ++ fiat_secp384r1_uint1 x26; ++ uint64_t x27; ++ uint64_t x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint64_t x32; ++ fiat_secp384r1_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); ++ fiat_secp384r1_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); ++ fiat_secp384r1_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); ++ fiat_secp384r1_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); ++ fiat_secp384r1_addcarryx_u64(&x9, &x10, x8, (arg1[4]), (arg2[4])); ++ fiat_secp384r1_addcarryx_u64(&x11, &x12, x10, (arg1[5]), (arg2[5])); ++ fiat_secp384r1_subborrowx_u64(&x13, &x14, 0x0, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x15, &x16, x14, x3, ++ UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_subborrowx_u64(&x17, &x18, x16, x5, ++ UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_subborrowx_u64(&x19, &x20, x18, x7, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x21, &x22, x20, x9, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x23, &x24, x22, x11, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x25, &x26, x24, x12, 0x0); ++ fiat_secp384r1_cmovznz_u64(&x27, x26, x13, x1); ++ fiat_secp384r1_cmovznz_u64(&x28, x26, x15, x3); ++ fiat_secp384r1_cmovznz_u64(&x29, x26, x17, x5); ++ fiat_secp384r1_cmovznz_u64(&x30, x26, x19, x7); ++ fiat_secp384r1_cmovznz_u64(&x31, x26, x21, x9); ++ fiat_secp384r1_cmovznz_u64(&x32, x26, x23, x11); ++ out1[0] = x27; ++ out1[1] = x28; ++ out1[2] = x29; ++ out1[3] = x30; ++ out1[4] = x31; ++ out1[5] = x32; ++} ++ ++/* ++ * The function fiat_secp384r1_sub subtracts two field elements in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * 0 ≤ eval arg2 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_sub(uint64_t out1[6], const uint64_t arg1[6], ++ const uint64_t arg2[6]) ++{ ++ uint64_t x1; ++ fiat_secp384r1_uint1 x2; ++ uint64_t x3; ++ fiat_secp384r1_uint1 x4; ++ uint64_t x5; ++ fiat_secp384r1_uint1 x6; ++ uint64_t x7; ++ fiat_secp384r1_uint1 x8; ++ uint64_t x9; ++ fiat_secp384r1_uint1 x10; ++ uint64_t x11; ++ fiat_secp384r1_uint1 x12; ++ uint64_t x13; ++ uint64_t x14; ++ fiat_secp384r1_uint1 x15; ++ uint64_t x16; ++ fiat_secp384r1_uint1 x17; ++ uint64_t x18; ++ fiat_secp384r1_uint1 x19; ++ uint64_t x20; ++ fiat_secp384r1_uint1 x21; ++ uint64_t x22; ++ fiat_secp384r1_uint1 x23; ++ uint64_t x24; ++ fiat_secp384r1_uint1 x25; ++ fiat_secp384r1_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); ++ fiat_secp384r1_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); ++ fiat_secp384r1_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); ++ fiat_secp384r1_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); ++ fiat_secp384r1_subborrowx_u64(&x9, &x10, x8, (arg1[4]), (arg2[4])); ++ fiat_secp384r1_subborrowx_u64(&x11, &x12, x10, (arg1[5]), (arg2[5])); ++ fiat_secp384r1_cmovznz_u64(&x13, x12, 0x0, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x14, &x15, 0x0, x1, ++ (x13 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u64(&x16, &x17, x15, x3, ++ (x13 & UINT64_C(0xffffffff00000000))); ++ fiat_secp384r1_addcarryx_u64(&x18, &x19, x17, x5, ++ (x13 & UINT64_C(0xfffffffffffffffe))); ++ fiat_secp384r1_addcarryx_u64(&x20, &x21, x19, x7, ++ (x13 & UINT64_C(0xffffffffffffffff))); ++ fiat_secp384r1_addcarryx_u64(&x22, &x23, x21, x9, ++ (x13 & UINT64_C(0xffffffffffffffff))); ++ fiat_secp384r1_addcarryx_u64(&x24, &x25, x23, x11, ++ (x13 & UINT64_C(0xffffffffffffffff))); ++ out1[0] = x14; ++ out1[1] = x16; ++ out1[2] = x18; ++ out1[3] = x20; ++ out1[4] = x22; ++ out1[5] = x24; ++} ++ ++/* ++ * The function fiat_secp384r1_opp negates a field element in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_opp(uint64_t out1[6], const uint64_t arg1[6]) ++{ ++ uint64_t x1; ++ fiat_secp384r1_uint1 x2; ++ uint64_t x3; ++ fiat_secp384r1_uint1 x4; ++ uint64_t x5; ++ fiat_secp384r1_uint1 x6; ++ uint64_t x7; ++ fiat_secp384r1_uint1 x8; ++ uint64_t x9; ++ fiat_secp384r1_uint1 x10; ++ uint64_t x11; ++ fiat_secp384r1_uint1 x12; ++ uint64_t x13; ++ uint64_t x14; ++ fiat_secp384r1_uint1 x15; ++ uint64_t x16; ++ fiat_secp384r1_uint1 x17; ++ uint64_t x18; ++ fiat_secp384r1_uint1 x19; ++ uint64_t x20; ++ fiat_secp384r1_uint1 x21; ++ uint64_t x22; ++ fiat_secp384r1_uint1 x23; ++ uint64_t x24; ++ fiat_secp384r1_uint1 x25; ++ fiat_secp384r1_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); ++ fiat_secp384r1_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); ++ fiat_secp384r1_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); ++ fiat_secp384r1_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); ++ fiat_secp384r1_subborrowx_u64(&x9, &x10, x8, 0x0, (arg1[4])); ++ fiat_secp384r1_subborrowx_u64(&x11, &x12, x10, 0x0, (arg1[5])); ++ fiat_secp384r1_cmovznz_u64(&x13, x12, 0x0, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x14, &x15, 0x0, x1, ++ (x13 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u64(&x16, &x17, x15, x3, ++ (x13 & UINT64_C(0xffffffff00000000))); ++ fiat_secp384r1_addcarryx_u64(&x18, &x19, x17, x5, ++ (x13 & UINT64_C(0xfffffffffffffffe))); ++ fiat_secp384r1_addcarryx_u64(&x20, &x21, x19, x7, ++ (x13 & UINT64_C(0xffffffffffffffff))); ++ fiat_secp384r1_addcarryx_u64(&x22, &x23, x21, x9, ++ (x13 & UINT64_C(0xffffffffffffffff))); ++ fiat_secp384r1_addcarryx_u64(&x24, &x25, x23, x11, ++ (x13 & UINT64_C(0xffffffffffffffff))); ++ out1[0] = x14; ++ out1[1] = x16; ++ out1[2] = x18; ++ out1[3] = x20; ++ out1[4] = x22; ++ out1[5] = x24; ++} ++ ++/* ++ * The function fiat_secp384r1_from_montgomery translates a field element out of the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_from_montgomery(uint64_t out1[6], ++ const uint64_t arg1[6]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ fiat_secp384r1_uint1 x17; ++ uint64_t x18; ++ fiat_secp384r1_uint1 x19; ++ uint64_t x20; ++ fiat_secp384r1_uint1 x21; ++ uint64_t x22; ++ fiat_secp384r1_uint1 x23; ++ uint64_t x24; ++ fiat_secp384r1_uint1 x25; ++ uint64_t x26; ++ fiat_secp384r1_uint1 x27; ++ uint64_t x28; ++ fiat_secp384r1_uint1 x29; ++ uint64_t x30; ++ fiat_secp384r1_uint1 x31; ++ uint64_t x32; ++ fiat_secp384r1_uint1 x33; ++ uint64_t x34; ++ fiat_secp384r1_uint1 x35; ++ uint64_t x36; ++ fiat_secp384r1_uint1 x37; ++ uint64_t x38; ++ fiat_secp384r1_uint1 x39; ++ uint64_t x40; ++ fiat_secp384r1_uint1 x41; ++ uint64_t x42; ++ fiat_secp384r1_uint1 x43; ++ uint64_t x44; ++ fiat_secp384r1_uint1 x45; ++ uint64_t x46; ++ fiat_secp384r1_uint1 x47; ++ uint64_t x48; ++ fiat_secp384r1_uint1 x49; ++ uint64_t x50; ++ fiat_secp384r1_uint1 x51; ++ uint64_t x52; ++ uint64_t x53; ++ uint64_t x54; ++ uint64_t x55; ++ uint64_t x56; ++ uint64_t x57; ++ uint64_t x58; ++ uint64_t x59; ++ uint64_t x60; ++ uint64_t x61; ++ uint64_t x62; ++ uint64_t x63; ++ uint64_t x64; ++ uint64_t x65; ++ uint64_t x66; ++ fiat_secp384r1_uint1 x67; ++ uint64_t x68; ++ fiat_secp384r1_uint1 x69; ++ uint64_t x70; ++ fiat_secp384r1_uint1 x71; ++ uint64_t x72; ++ fiat_secp384r1_uint1 x73; ++ uint64_t x74; ++ fiat_secp384r1_uint1 x75; ++ uint64_t x76; ++ fiat_secp384r1_uint1 x77; ++ uint64_t x78; ++ fiat_secp384r1_uint1 x79; ++ uint64_t x80; ++ fiat_secp384r1_uint1 x81; ++ uint64_t x82; ++ fiat_secp384r1_uint1 x83; ++ uint64_t x84; ++ fiat_secp384r1_uint1 x85; ++ uint64_t x86; ++ fiat_secp384r1_uint1 x87; ++ uint64_t x88; ++ fiat_secp384r1_uint1 x89; ++ uint64_t x90; ++ fiat_secp384r1_uint1 x91; ++ uint64_t x92; ++ fiat_secp384r1_uint1 x93; ++ uint64_t x94; ++ fiat_secp384r1_uint1 x95; ++ uint64_t x96; ++ fiat_secp384r1_uint1 x97; ++ uint64_t x98; ++ fiat_secp384r1_uint1 x99; ++ uint64_t x100; ++ fiat_secp384r1_uint1 x101; ++ uint64_t x102; ++ uint64_t x103; ++ uint64_t x104; ++ uint64_t x105; ++ uint64_t x106; ++ uint64_t x107; ++ uint64_t x108; ++ uint64_t x109; ++ uint64_t x110; ++ uint64_t x111; ++ uint64_t x112; ++ uint64_t x113; ++ uint64_t x114; ++ uint64_t x115; ++ uint64_t x116; ++ fiat_secp384r1_uint1 x117; ++ uint64_t x118; ++ fiat_secp384r1_uint1 x119; ++ uint64_t x120; ++ fiat_secp384r1_uint1 x121; ++ uint64_t x122; ++ fiat_secp384r1_uint1 x123; ++ uint64_t x124; ++ fiat_secp384r1_uint1 x125; ++ uint64_t x126; ++ fiat_secp384r1_uint1 x127; ++ uint64_t x128; ++ fiat_secp384r1_uint1 x129; ++ uint64_t x130; ++ fiat_secp384r1_uint1 x131; ++ uint64_t x132; ++ fiat_secp384r1_uint1 x133; ++ uint64_t x134; ++ fiat_secp384r1_uint1 x135; ++ uint64_t x136; ++ fiat_secp384r1_uint1 x137; ++ uint64_t x138; ++ fiat_secp384r1_uint1 x139; ++ uint64_t x140; ++ fiat_secp384r1_uint1 x141; ++ uint64_t x142; ++ fiat_secp384r1_uint1 x143; ++ uint64_t x144; ++ fiat_secp384r1_uint1 x145; ++ uint64_t x146; ++ fiat_secp384r1_uint1 x147; ++ uint64_t x148; ++ fiat_secp384r1_uint1 x149; ++ uint64_t x150; ++ fiat_secp384r1_uint1 x151; ++ uint64_t x152; ++ uint64_t x153; ++ uint64_t x154; ++ uint64_t x155; ++ uint64_t x156; ++ uint64_t x157; ++ uint64_t x158; ++ uint64_t x159; ++ uint64_t x160; ++ uint64_t x161; ++ uint64_t x162; ++ uint64_t x163; ++ uint64_t x164; ++ uint64_t x165; ++ uint64_t x166; ++ fiat_secp384r1_uint1 x167; ++ uint64_t x168; ++ fiat_secp384r1_uint1 x169; ++ uint64_t x170; ++ fiat_secp384r1_uint1 x171; ++ uint64_t x172; ++ fiat_secp384r1_uint1 x173; ++ uint64_t x174; ++ fiat_secp384r1_uint1 x175; ++ uint64_t x176; ++ fiat_secp384r1_uint1 x177; ++ uint64_t x178; ++ fiat_secp384r1_uint1 x179; ++ uint64_t x180; ++ fiat_secp384r1_uint1 x181; ++ uint64_t x182; ++ fiat_secp384r1_uint1 x183; ++ uint64_t x184; ++ fiat_secp384r1_uint1 x185; ++ uint64_t x186; ++ fiat_secp384r1_uint1 x187; ++ uint64_t x188; ++ fiat_secp384r1_uint1 x189; ++ uint64_t x190; ++ fiat_secp384r1_uint1 x191; ++ uint64_t x192; ++ fiat_secp384r1_uint1 x193; ++ uint64_t x194; ++ fiat_secp384r1_uint1 x195; ++ uint64_t x196; ++ fiat_secp384r1_uint1 x197; ++ uint64_t x198; ++ fiat_secp384r1_uint1 x199; ++ uint64_t x200; ++ fiat_secp384r1_uint1 x201; ++ uint64_t x202; ++ uint64_t x203; ++ uint64_t x204; ++ uint64_t x205; ++ uint64_t x206; ++ uint64_t x207; ++ uint64_t x208; ++ uint64_t x209; ++ uint64_t x210; ++ uint64_t x211; ++ uint64_t x212; ++ uint64_t x213; ++ uint64_t x214; ++ uint64_t x215; ++ uint64_t x216; ++ fiat_secp384r1_uint1 x217; ++ uint64_t x218; ++ fiat_secp384r1_uint1 x219; ++ uint64_t x220; ++ fiat_secp384r1_uint1 x221; ++ uint64_t x222; ++ fiat_secp384r1_uint1 x223; ++ uint64_t x224; ++ fiat_secp384r1_uint1 x225; ++ uint64_t x226; ++ fiat_secp384r1_uint1 x227; ++ uint64_t x228; ++ fiat_secp384r1_uint1 x229; ++ uint64_t x230; ++ fiat_secp384r1_uint1 x231; ++ uint64_t x232; ++ fiat_secp384r1_uint1 x233; ++ uint64_t x234; ++ fiat_secp384r1_uint1 x235; ++ uint64_t x236; ++ fiat_secp384r1_uint1 x237; ++ uint64_t x238; ++ fiat_secp384r1_uint1 x239; ++ uint64_t x240; ++ fiat_secp384r1_uint1 x241; ++ uint64_t x242; ++ fiat_secp384r1_uint1 x243; ++ uint64_t x244; ++ fiat_secp384r1_uint1 x245; ++ uint64_t x246; ++ fiat_secp384r1_uint1 x247; ++ uint64_t x248; ++ fiat_secp384r1_uint1 x249; ++ uint64_t x250; ++ fiat_secp384r1_uint1 x251; ++ uint64_t x252; ++ uint64_t x253; ++ uint64_t x254; ++ uint64_t x255; ++ uint64_t x256; ++ uint64_t x257; ++ uint64_t x258; ++ uint64_t x259; ++ uint64_t x260; ++ uint64_t x261; ++ uint64_t x262; ++ uint64_t x263; ++ uint64_t x264; ++ uint64_t x265; ++ uint64_t x266; ++ fiat_secp384r1_uint1 x267; ++ uint64_t x268; ++ fiat_secp384r1_uint1 x269; ++ uint64_t x270; ++ fiat_secp384r1_uint1 x271; ++ uint64_t x272; ++ fiat_secp384r1_uint1 x273; ++ uint64_t x274; ++ fiat_secp384r1_uint1 x275; ++ uint64_t x276; ++ fiat_secp384r1_uint1 x277; ++ uint64_t x278; ++ fiat_secp384r1_uint1 x279; ++ uint64_t x280; ++ fiat_secp384r1_uint1 x281; ++ uint64_t x282; ++ fiat_secp384r1_uint1 x283; ++ uint64_t x284; ++ fiat_secp384r1_uint1 x285; ++ uint64_t x286; ++ fiat_secp384r1_uint1 x287; ++ uint64_t x288; ++ fiat_secp384r1_uint1 x289; ++ uint64_t x290; ++ fiat_secp384r1_uint1 x291; ++ uint64_t x292; ++ fiat_secp384r1_uint1 x293; ++ uint64_t x294; ++ fiat_secp384r1_uint1 x295; ++ uint64_t x296; ++ fiat_secp384r1_uint1 x297; ++ uint64_t x298; ++ fiat_secp384r1_uint1 x299; ++ uint64_t x300; ++ fiat_secp384r1_uint1 x301; ++ uint64_t x302; ++ fiat_secp384r1_uint1 x303; ++ uint64_t x304; ++ uint64_t x305; ++ uint64_t x306; ++ uint64_t x307; ++ uint64_t x308; ++ uint64_t x309; ++ x1 = (arg1[0]); ++ fiat_secp384r1_mulx_u64(&x2, &x3, x1, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x4, &x5, x2, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x6, &x7, x2, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x8, &x9, x2, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x10, &x11, x2, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x12, &x13, x2, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x14, &x15, x2, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x16, &x17, 0x0, x15, x12); ++ fiat_secp384r1_addcarryx_u64(&x18, &x19, x17, x13, x10); ++ fiat_secp384r1_addcarryx_u64(&x20, &x21, x19, x11, x8); ++ fiat_secp384r1_addcarryx_u64(&x22, &x23, x21, x9, x6); ++ fiat_secp384r1_addcarryx_u64(&x24, &x25, x23, x7, x4); ++ fiat_secp384r1_addcarryx_u64(&x26, &x27, 0x0, x1, x14); ++ fiat_secp384r1_addcarryx_u64(&x28, &x29, x27, 0x0, x16); ++ fiat_secp384r1_addcarryx_u64(&x30, &x31, x29, 0x0, x18); ++ fiat_secp384r1_addcarryx_u64(&x32, &x33, x31, 0x0, x20); ++ fiat_secp384r1_addcarryx_u64(&x34, &x35, x33, 0x0, x22); ++ fiat_secp384r1_addcarryx_u64(&x36, &x37, x35, 0x0, x24); ++ fiat_secp384r1_addcarryx_u64(&x38, &x39, x37, 0x0, (x25 + x5)); ++ fiat_secp384r1_addcarryx_u64(&x40, &x41, 0x0, x28, (arg1[1])); ++ fiat_secp384r1_addcarryx_u64(&x42, &x43, x41, x30, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x44, &x45, x43, x32, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x46, &x47, x45, x34, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x48, &x49, x47, x36, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x50, &x51, x49, x38, 0x0); ++ fiat_secp384r1_mulx_u64(&x52, &x53, x40, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x54, &x55, x52, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x56, &x57, x52, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x58, &x59, x52, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x60, &x61, x52, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x62, &x63, x52, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x64, &x65, x52, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x66, &x67, 0x0, x65, x62); ++ fiat_secp384r1_addcarryx_u64(&x68, &x69, x67, x63, x60); ++ fiat_secp384r1_addcarryx_u64(&x70, &x71, x69, x61, x58); ++ fiat_secp384r1_addcarryx_u64(&x72, &x73, x71, x59, x56); ++ fiat_secp384r1_addcarryx_u64(&x74, &x75, x73, x57, x54); ++ fiat_secp384r1_addcarryx_u64(&x76, &x77, 0x0, x40, x64); ++ fiat_secp384r1_addcarryx_u64(&x78, &x79, x77, x42, x66); ++ fiat_secp384r1_addcarryx_u64(&x80, &x81, x79, x44, x68); ++ fiat_secp384r1_addcarryx_u64(&x82, &x83, x81, x46, x70); ++ fiat_secp384r1_addcarryx_u64(&x84, &x85, x83, x48, x72); ++ fiat_secp384r1_addcarryx_u64(&x86, &x87, x85, x50, x74); ++ fiat_secp384r1_addcarryx_u64(&x88, &x89, x87, ((uint64_t)x51 + x39), ++ (x75 + x55)); ++ fiat_secp384r1_addcarryx_u64(&x90, &x91, 0x0, x78, (arg1[2])); ++ fiat_secp384r1_addcarryx_u64(&x92, &x93, x91, x80, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x94, &x95, x93, x82, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x96, &x97, x95, x84, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x98, &x99, x97, x86, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x100, &x101, x99, x88, 0x0); ++ fiat_secp384r1_mulx_u64(&x102, &x103, x90, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x104, &x105, x102, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x106, &x107, x102, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x108, &x109, x102, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x110, &x111, x102, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x112, &x113, x102, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x114, &x115, x102, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x116, &x117, 0x0, x115, x112); ++ fiat_secp384r1_addcarryx_u64(&x118, &x119, x117, x113, x110); ++ fiat_secp384r1_addcarryx_u64(&x120, &x121, x119, x111, x108); ++ fiat_secp384r1_addcarryx_u64(&x122, &x123, x121, x109, x106); ++ fiat_secp384r1_addcarryx_u64(&x124, &x125, x123, x107, x104); ++ fiat_secp384r1_addcarryx_u64(&x126, &x127, 0x0, x90, x114); ++ fiat_secp384r1_addcarryx_u64(&x128, &x129, x127, x92, x116); ++ fiat_secp384r1_addcarryx_u64(&x130, &x131, x129, x94, x118); ++ fiat_secp384r1_addcarryx_u64(&x132, &x133, x131, x96, x120); ++ fiat_secp384r1_addcarryx_u64(&x134, &x135, x133, x98, x122); ++ fiat_secp384r1_addcarryx_u64(&x136, &x137, x135, x100, x124); ++ fiat_secp384r1_addcarryx_u64(&x138, &x139, x137, ((uint64_t)x101 + x89), ++ (x125 + x105)); ++ fiat_secp384r1_addcarryx_u64(&x140, &x141, 0x0, x128, (arg1[3])); ++ fiat_secp384r1_addcarryx_u64(&x142, &x143, x141, x130, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x144, &x145, x143, x132, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x146, &x147, x145, x134, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x148, &x149, x147, x136, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x150, &x151, x149, x138, 0x0); ++ fiat_secp384r1_mulx_u64(&x152, &x153, x140, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x154, &x155, x152, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x156, &x157, x152, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x158, &x159, x152, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x160, &x161, x152, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x162, &x163, x152, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x164, &x165, x152, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x166, &x167, 0x0, x165, x162); ++ fiat_secp384r1_addcarryx_u64(&x168, &x169, x167, x163, x160); ++ fiat_secp384r1_addcarryx_u64(&x170, &x171, x169, x161, x158); ++ fiat_secp384r1_addcarryx_u64(&x172, &x173, x171, x159, x156); ++ fiat_secp384r1_addcarryx_u64(&x174, &x175, x173, x157, x154); ++ fiat_secp384r1_addcarryx_u64(&x176, &x177, 0x0, x140, x164); ++ fiat_secp384r1_addcarryx_u64(&x178, &x179, x177, x142, x166); ++ fiat_secp384r1_addcarryx_u64(&x180, &x181, x179, x144, x168); ++ fiat_secp384r1_addcarryx_u64(&x182, &x183, x181, x146, x170); ++ fiat_secp384r1_addcarryx_u64(&x184, &x185, x183, x148, x172); ++ fiat_secp384r1_addcarryx_u64(&x186, &x187, x185, x150, x174); ++ fiat_secp384r1_addcarryx_u64(&x188, &x189, x187, ((uint64_t)x151 + x139), ++ (x175 + x155)); ++ fiat_secp384r1_addcarryx_u64(&x190, &x191, 0x0, x178, (arg1[4])); ++ fiat_secp384r1_addcarryx_u64(&x192, &x193, x191, x180, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x194, &x195, x193, x182, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x196, &x197, x195, x184, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x198, &x199, x197, x186, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x200, &x201, x199, x188, 0x0); ++ fiat_secp384r1_mulx_u64(&x202, &x203, x190, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x204, &x205, x202, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x206, &x207, x202, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x208, &x209, x202, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x210, &x211, x202, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x212, &x213, x202, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x214, &x215, x202, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x216, &x217, 0x0, x215, x212); ++ fiat_secp384r1_addcarryx_u64(&x218, &x219, x217, x213, x210); ++ fiat_secp384r1_addcarryx_u64(&x220, &x221, x219, x211, x208); ++ fiat_secp384r1_addcarryx_u64(&x222, &x223, x221, x209, x206); ++ fiat_secp384r1_addcarryx_u64(&x224, &x225, x223, x207, x204); ++ fiat_secp384r1_addcarryx_u64(&x226, &x227, 0x0, x190, x214); ++ fiat_secp384r1_addcarryx_u64(&x228, &x229, x227, x192, x216); ++ fiat_secp384r1_addcarryx_u64(&x230, &x231, x229, x194, x218); ++ fiat_secp384r1_addcarryx_u64(&x232, &x233, x231, x196, x220); ++ fiat_secp384r1_addcarryx_u64(&x234, &x235, x233, x198, x222); ++ fiat_secp384r1_addcarryx_u64(&x236, &x237, x235, x200, x224); ++ fiat_secp384r1_addcarryx_u64(&x238, &x239, x237, ((uint64_t)x201 + x189), ++ (x225 + x205)); ++ fiat_secp384r1_addcarryx_u64(&x240, &x241, 0x0, x228, (arg1[5])); ++ fiat_secp384r1_addcarryx_u64(&x242, &x243, x241, x230, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x244, &x245, x243, x232, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x246, &x247, x245, x234, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x248, &x249, x247, x236, 0x0); ++ fiat_secp384r1_addcarryx_u64(&x250, &x251, x249, x238, 0x0); ++ fiat_secp384r1_mulx_u64(&x252, &x253, x240, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x254, &x255, x252, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x256, &x257, x252, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x258, &x259, x252, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x260, &x261, x252, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x262, &x263, x252, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x264, &x265, x252, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x266, &x267, 0x0, x265, x262); ++ fiat_secp384r1_addcarryx_u64(&x268, &x269, x267, x263, x260); ++ fiat_secp384r1_addcarryx_u64(&x270, &x271, x269, x261, x258); ++ fiat_secp384r1_addcarryx_u64(&x272, &x273, x271, x259, x256); ++ fiat_secp384r1_addcarryx_u64(&x274, &x275, x273, x257, x254); ++ fiat_secp384r1_addcarryx_u64(&x276, &x277, 0x0, x240, x264); ++ fiat_secp384r1_addcarryx_u64(&x278, &x279, x277, x242, x266); ++ fiat_secp384r1_addcarryx_u64(&x280, &x281, x279, x244, x268); ++ fiat_secp384r1_addcarryx_u64(&x282, &x283, x281, x246, x270); ++ fiat_secp384r1_addcarryx_u64(&x284, &x285, x283, x248, x272); ++ fiat_secp384r1_addcarryx_u64(&x286, &x287, x285, x250, x274); ++ fiat_secp384r1_addcarryx_u64(&x288, &x289, x287, ((uint64_t)x251 + x239), ++ (x275 + x255)); ++ fiat_secp384r1_subborrowx_u64(&x290, &x291, 0x0, x278, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x292, &x293, x291, x280, ++ UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_subborrowx_u64(&x294, &x295, x293, x282, ++ UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_subborrowx_u64(&x296, &x297, x295, x284, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x298, &x299, x297, x286, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x300, &x301, x299, x288, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x302, &x303, x301, x289, 0x0); ++ fiat_secp384r1_cmovznz_u64(&x304, x303, x290, x278); ++ fiat_secp384r1_cmovznz_u64(&x305, x303, x292, x280); ++ fiat_secp384r1_cmovznz_u64(&x306, x303, x294, x282); ++ fiat_secp384r1_cmovznz_u64(&x307, x303, x296, x284); ++ fiat_secp384r1_cmovznz_u64(&x308, x303, x298, x286); ++ fiat_secp384r1_cmovznz_u64(&x309, x303, x300, x288); ++ out1[0] = x304; ++ out1[1] = x305; ++ out1[2] = x306; ++ out1[3] = x307; ++ out1[4] = x308; ++ out1[5] = x309; ++} ++ ++/* ++ * The function fiat_secp384r1_to_montgomery translates a field element into the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = eval arg1 mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_to_montgomery(uint64_t out1[6], ++ const uint64_t arg1[6]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ fiat_secp384r1_uint1 x16; ++ uint64_t x17; ++ fiat_secp384r1_uint1 x18; ++ uint64_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint64_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint64_t x23; ++ uint64_t x24; ++ uint64_t x25; ++ uint64_t x26; ++ uint64_t x27; ++ uint64_t x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint64_t x32; ++ uint64_t x33; ++ uint64_t x34; ++ uint64_t x35; ++ uint64_t x36; ++ uint64_t x37; ++ fiat_secp384r1_uint1 x38; ++ uint64_t x39; ++ fiat_secp384r1_uint1 x40; ++ uint64_t x41; ++ fiat_secp384r1_uint1 x42; ++ uint64_t x43; ++ fiat_secp384r1_uint1 x44; ++ uint64_t x45; ++ fiat_secp384r1_uint1 x46; ++ uint64_t x47; ++ fiat_secp384r1_uint1 x48; ++ uint64_t x49; ++ fiat_secp384r1_uint1 x50; ++ uint64_t x51; ++ fiat_secp384r1_uint1 x52; ++ uint64_t x53; ++ fiat_secp384r1_uint1 x54; ++ uint64_t x55; ++ fiat_secp384r1_uint1 x56; ++ uint64_t x57; ++ fiat_secp384r1_uint1 x58; ++ uint64_t x59; ++ fiat_secp384r1_uint1 x60; ++ uint64_t x61; ++ uint64_t x62; ++ uint64_t x63; ++ uint64_t x64; ++ uint64_t x65; ++ uint64_t x66; ++ uint64_t x67; ++ uint64_t x68; ++ uint64_t x69; ++ fiat_secp384r1_uint1 x70; ++ uint64_t x71; ++ fiat_secp384r1_uint1 x72; ++ uint64_t x73; ++ fiat_secp384r1_uint1 x74; ++ uint64_t x75; ++ fiat_secp384r1_uint1 x76; ++ uint64_t x77; ++ fiat_secp384r1_uint1 x78; ++ uint64_t x79; ++ fiat_secp384r1_uint1 x80; ++ uint64_t x81; ++ fiat_secp384r1_uint1 x82; ++ uint64_t x83; ++ fiat_secp384r1_uint1 x84; ++ uint64_t x85; ++ fiat_secp384r1_uint1 x86; ++ uint64_t x87; ++ fiat_secp384r1_uint1 x88; ++ uint64_t x89; ++ uint64_t x90; ++ uint64_t x91; ++ uint64_t x92; ++ uint64_t x93; ++ uint64_t x94; ++ uint64_t x95; ++ uint64_t x96; ++ uint64_t x97; ++ uint64_t x98; ++ uint64_t x99; ++ uint64_t x100; ++ uint64_t x101; ++ uint64_t x102; ++ uint64_t x103; ++ fiat_secp384r1_uint1 x104; ++ uint64_t x105; ++ fiat_secp384r1_uint1 x106; ++ uint64_t x107; ++ fiat_secp384r1_uint1 x108; ++ uint64_t x109; ++ fiat_secp384r1_uint1 x110; ++ uint64_t x111; ++ fiat_secp384r1_uint1 x112; ++ uint64_t x113; ++ fiat_secp384r1_uint1 x114; ++ uint64_t x115; ++ fiat_secp384r1_uint1 x116; ++ uint64_t x117; ++ fiat_secp384r1_uint1 x118; ++ uint64_t x119; ++ fiat_secp384r1_uint1 x120; ++ uint64_t x121; ++ fiat_secp384r1_uint1 x122; ++ uint64_t x123; ++ fiat_secp384r1_uint1 x124; ++ uint64_t x125; ++ fiat_secp384r1_uint1 x126; ++ uint64_t x127; ++ uint64_t x128; ++ uint64_t x129; ++ uint64_t x130; ++ uint64_t x131; ++ uint64_t x132; ++ uint64_t x133; ++ uint64_t x134; ++ uint64_t x135; ++ fiat_secp384r1_uint1 x136; ++ uint64_t x137; ++ fiat_secp384r1_uint1 x138; ++ uint64_t x139; ++ fiat_secp384r1_uint1 x140; ++ uint64_t x141; ++ fiat_secp384r1_uint1 x142; ++ uint64_t x143; ++ fiat_secp384r1_uint1 x144; ++ uint64_t x145; ++ fiat_secp384r1_uint1 x146; ++ uint64_t x147; ++ fiat_secp384r1_uint1 x148; ++ uint64_t x149; ++ fiat_secp384r1_uint1 x150; ++ uint64_t x151; ++ fiat_secp384r1_uint1 x152; ++ uint64_t x153; ++ fiat_secp384r1_uint1 x154; ++ uint64_t x155; ++ uint64_t x156; ++ uint64_t x157; ++ uint64_t x158; ++ uint64_t x159; ++ uint64_t x160; ++ uint64_t x161; ++ uint64_t x162; ++ uint64_t x163; ++ uint64_t x164; ++ uint64_t x165; ++ uint64_t x166; ++ uint64_t x167; ++ uint64_t x168; ++ uint64_t x169; ++ fiat_secp384r1_uint1 x170; ++ uint64_t x171; ++ fiat_secp384r1_uint1 x172; ++ uint64_t x173; ++ fiat_secp384r1_uint1 x174; ++ uint64_t x175; ++ fiat_secp384r1_uint1 x176; ++ uint64_t x177; ++ fiat_secp384r1_uint1 x178; ++ uint64_t x179; ++ fiat_secp384r1_uint1 x180; ++ uint64_t x181; ++ fiat_secp384r1_uint1 x182; ++ uint64_t x183; ++ fiat_secp384r1_uint1 x184; ++ uint64_t x185; ++ fiat_secp384r1_uint1 x186; ++ uint64_t x187; ++ fiat_secp384r1_uint1 x188; ++ uint64_t x189; ++ fiat_secp384r1_uint1 x190; ++ uint64_t x191; ++ fiat_secp384r1_uint1 x192; ++ uint64_t x193; ++ uint64_t x194; ++ uint64_t x195; ++ uint64_t x196; ++ uint64_t x197; ++ uint64_t x198; ++ uint64_t x199; ++ uint64_t x200; ++ uint64_t x201; ++ fiat_secp384r1_uint1 x202; ++ uint64_t x203; ++ fiat_secp384r1_uint1 x204; ++ uint64_t x205; ++ fiat_secp384r1_uint1 x206; ++ uint64_t x207; ++ fiat_secp384r1_uint1 x208; ++ uint64_t x209; ++ fiat_secp384r1_uint1 x210; ++ uint64_t x211; ++ fiat_secp384r1_uint1 x212; ++ uint64_t x213; ++ fiat_secp384r1_uint1 x214; ++ uint64_t x215; ++ fiat_secp384r1_uint1 x216; ++ uint64_t x217; ++ fiat_secp384r1_uint1 x218; ++ uint64_t x219; ++ fiat_secp384r1_uint1 x220; ++ uint64_t x221; ++ uint64_t x222; ++ uint64_t x223; ++ uint64_t x224; ++ uint64_t x225; ++ uint64_t x226; ++ uint64_t x227; ++ uint64_t x228; ++ uint64_t x229; ++ uint64_t x230; ++ uint64_t x231; ++ uint64_t x232; ++ uint64_t x233; ++ uint64_t x234; ++ uint64_t x235; ++ fiat_secp384r1_uint1 x236; ++ uint64_t x237; ++ fiat_secp384r1_uint1 x238; ++ uint64_t x239; ++ fiat_secp384r1_uint1 x240; ++ uint64_t x241; ++ fiat_secp384r1_uint1 x242; ++ uint64_t x243; ++ fiat_secp384r1_uint1 x244; ++ uint64_t x245; ++ fiat_secp384r1_uint1 x246; ++ uint64_t x247; ++ fiat_secp384r1_uint1 x248; ++ uint64_t x249; ++ fiat_secp384r1_uint1 x250; ++ uint64_t x251; ++ fiat_secp384r1_uint1 x252; ++ uint64_t x253; ++ fiat_secp384r1_uint1 x254; ++ uint64_t x255; ++ fiat_secp384r1_uint1 x256; ++ uint64_t x257; ++ fiat_secp384r1_uint1 x258; ++ uint64_t x259; ++ uint64_t x260; ++ uint64_t x261; ++ uint64_t x262; ++ uint64_t x263; ++ uint64_t x264; ++ uint64_t x265; ++ uint64_t x266; ++ uint64_t x267; ++ fiat_secp384r1_uint1 x268; ++ uint64_t x269; ++ fiat_secp384r1_uint1 x270; ++ uint64_t x271; ++ fiat_secp384r1_uint1 x272; ++ uint64_t x273; ++ fiat_secp384r1_uint1 x274; ++ uint64_t x275; ++ fiat_secp384r1_uint1 x276; ++ uint64_t x277; ++ fiat_secp384r1_uint1 x278; ++ uint64_t x279; ++ fiat_secp384r1_uint1 x280; ++ uint64_t x281; ++ fiat_secp384r1_uint1 x282; ++ uint64_t x283; ++ fiat_secp384r1_uint1 x284; ++ uint64_t x285; ++ fiat_secp384r1_uint1 x286; ++ uint64_t x287; ++ uint64_t x288; ++ uint64_t x289; ++ uint64_t x290; ++ uint64_t x291; ++ uint64_t x292; ++ uint64_t x293; ++ uint64_t x294; ++ uint64_t x295; ++ uint64_t x296; ++ uint64_t x297; ++ uint64_t x298; ++ uint64_t x299; ++ uint64_t x300; ++ uint64_t x301; ++ fiat_secp384r1_uint1 x302; ++ uint64_t x303; ++ fiat_secp384r1_uint1 x304; ++ uint64_t x305; ++ fiat_secp384r1_uint1 x306; ++ uint64_t x307; ++ fiat_secp384r1_uint1 x308; ++ uint64_t x309; ++ fiat_secp384r1_uint1 x310; ++ uint64_t x311; ++ fiat_secp384r1_uint1 x312; ++ uint64_t x313; ++ fiat_secp384r1_uint1 x314; ++ uint64_t x315; ++ fiat_secp384r1_uint1 x316; ++ uint64_t x317; ++ fiat_secp384r1_uint1 x318; ++ uint64_t x319; ++ fiat_secp384r1_uint1 x320; ++ uint64_t x321; ++ fiat_secp384r1_uint1 x322; ++ uint64_t x323; ++ fiat_secp384r1_uint1 x324; ++ uint64_t x325; ++ uint64_t x326; ++ uint64_t x327; ++ uint64_t x328; ++ uint64_t x329; ++ uint64_t x330; ++ uint64_t x331; ++ uint64_t x332; ++ uint64_t x333; ++ fiat_secp384r1_uint1 x334; ++ uint64_t x335; ++ fiat_secp384r1_uint1 x336; ++ uint64_t x337; ++ fiat_secp384r1_uint1 x338; ++ uint64_t x339; ++ fiat_secp384r1_uint1 x340; ++ uint64_t x341; ++ fiat_secp384r1_uint1 x342; ++ uint64_t x343; ++ fiat_secp384r1_uint1 x344; ++ uint64_t x345; ++ fiat_secp384r1_uint1 x346; ++ uint64_t x347; ++ fiat_secp384r1_uint1 x348; ++ uint64_t x349; ++ fiat_secp384r1_uint1 x350; ++ uint64_t x351; ++ fiat_secp384r1_uint1 x352; ++ uint64_t x353; ++ uint64_t x354; ++ uint64_t x355; ++ uint64_t x356; ++ uint64_t x357; ++ uint64_t x358; ++ uint64_t x359; ++ uint64_t x360; ++ uint64_t x361; ++ uint64_t x362; ++ uint64_t x363; ++ uint64_t x364; ++ uint64_t x365; ++ uint64_t x366; ++ uint64_t x367; ++ fiat_secp384r1_uint1 x368; ++ uint64_t x369; ++ fiat_secp384r1_uint1 x370; ++ uint64_t x371; ++ fiat_secp384r1_uint1 x372; ++ uint64_t x373; ++ fiat_secp384r1_uint1 x374; ++ uint64_t x375; ++ fiat_secp384r1_uint1 x376; ++ uint64_t x377; ++ fiat_secp384r1_uint1 x378; ++ uint64_t x379; ++ fiat_secp384r1_uint1 x380; ++ uint64_t x381; ++ fiat_secp384r1_uint1 x382; ++ uint64_t x383; ++ fiat_secp384r1_uint1 x384; ++ uint64_t x385; ++ fiat_secp384r1_uint1 x386; ++ uint64_t x387; ++ fiat_secp384r1_uint1 x388; ++ uint64_t x389; ++ fiat_secp384r1_uint1 x390; ++ uint64_t x391; ++ fiat_secp384r1_uint1 x392; ++ uint64_t x393; ++ fiat_secp384r1_uint1 x394; ++ uint64_t x395; ++ fiat_secp384r1_uint1 x396; ++ uint64_t x397; ++ fiat_secp384r1_uint1 x398; ++ uint64_t x399; ++ fiat_secp384r1_uint1 x400; ++ uint64_t x401; ++ fiat_secp384r1_uint1 x402; ++ uint64_t x403; ++ fiat_secp384r1_uint1 x404; ++ uint64_t x405; ++ uint64_t x406; ++ uint64_t x407; ++ uint64_t x408; ++ uint64_t x409; ++ uint64_t x410; ++ x1 = (arg1[1]); ++ x2 = (arg1[2]); ++ x3 = (arg1[3]); ++ x4 = (arg1[4]); ++ x5 = (arg1[5]); ++ x6 = (arg1[0]); ++ fiat_secp384r1_mulx_u64(&x7, &x8, x6, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x9, &x10, x6, UINT64_C(0xfffffffe00000000)); ++ fiat_secp384r1_mulx_u64(&x11, &x12, x6, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x13, &x14, x6, UINT64_C(0xfffffffe00000001)); ++ fiat_secp384r1_addcarryx_u64(&x15, &x16, 0x0, x14, x11); ++ fiat_secp384r1_addcarryx_u64(&x17, &x18, x16, x12, x9); ++ fiat_secp384r1_addcarryx_u64(&x19, &x20, x18, x10, x7); ++ fiat_secp384r1_addcarryx_u64(&x21, &x22, x20, x8, x6); ++ fiat_secp384r1_mulx_u64(&x23, &x24, x13, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x25, &x26, x23, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x27, &x28, x23, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x29, &x30, x23, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x31, &x32, x23, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x33, &x34, x23, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x35, &x36, x23, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x37, &x38, 0x0, x36, x33); ++ fiat_secp384r1_addcarryx_u64(&x39, &x40, x38, x34, x31); ++ fiat_secp384r1_addcarryx_u64(&x41, &x42, x40, x32, x29); ++ fiat_secp384r1_addcarryx_u64(&x43, &x44, x42, x30, x27); ++ fiat_secp384r1_addcarryx_u64(&x45, &x46, x44, x28, x25); ++ fiat_secp384r1_addcarryx_u64(&x47, &x48, 0x0, x13, x35); ++ fiat_secp384r1_addcarryx_u64(&x49, &x50, x48, x15, x37); ++ fiat_secp384r1_addcarryx_u64(&x51, &x52, x50, x17, x39); ++ fiat_secp384r1_addcarryx_u64(&x53, &x54, x52, x19, x41); ++ fiat_secp384r1_addcarryx_u64(&x55, &x56, x54, x21, x43); ++ fiat_secp384r1_addcarryx_u64(&x57, &x58, x56, x22, x45); ++ fiat_secp384r1_addcarryx_u64(&x59, &x60, x58, 0x0, (x46 + x26)); ++ fiat_secp384r1_mulx_u64(&x61, &x62, x1, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x63, &x64, x1, UINT64_C(0xfffffffe00000000)); ++ fiat_secp384r1_mulx_u64(&x65, &x66, x1, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x67, &x68, x1, UINT64_C(0xfffffffe00000001)); ++ fiat_secp384r1_addcarryx_u64(&x69, &x70, 0x0, x68, x65); ++ fiat_secp384r1_addcarryx_u64(&x71, &x72, x70, x66, x63); ++ fiat_secp384r1_addcarryx_u64(&x73, &x74, x72, x64, x61); ++ fiat_secp384r1_addcarryx_u64(&x75, &x76, x74, x62, x1); ++ fiat_secp384r1_addcarryx_u64(&x77, &x78, 0x0, x49, x67); ++ fiat_secp384r1_addcarryx_u64(&x79, &x80, x78, x51, x69); ++ fiat_secp384r1_addcarryx_u64(&x81, &x82, x80, x53, x71); ++ fiat_secp384r1_addcarryx_u64(&x83, &x84, x82, x55, x73); ++ fiat_secp384r1_addcarryx_u64(&x85, &x86, x84, x57, x75); ++ fiat_secp384r1_addcarryx_u64(&x87, &x88, x86, x59, x76); ++ fiat_secp384r1_mulx_u64(&x89, &x90, x77, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x91, &x92, x89, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x93, &x94, x89, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x95, &x96, x89, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x97, &x98, x89, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x99, &x100, x89, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x101, &x102, x89, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x103, &x104, 0x0, x102, x99); ++ fiat_secp384r1_addcarryx_u64(&x105, &x106, x104, x100, x97); ++ fiat_secp384r1_addcarryx_u64(&x107, &x108, x106, x98, x95); ++ fiat_secp384r1_addcarryx_u64(&x109, &x110, x108, x96, x93); ++ fiat_secp384r1_addcarryx_u64(&x111, &x112, x110, x94, x91); ++ fiat_secp384r1_addcarryx_u64(&x113, &x114, 0x0, x77, x101); ++ fiat_secp384r1_addcarryx_u64(&x115, &x116, x114, x79, x103); ++ fiat_secp384r1_addcarryx_u64(&x117, &x118, x116, x81, x105); ++ fiat_secp384r1_addcarryx_u64(&x119, &x120, x118, x83, x107); ++ fiat_secp384r1_addcarryx_u64(&x121, &x122, x120, x85, x109); ++ fiat_secp384r1_addcarryx_u64(&x123, &x124, x122, x87, x111); ++ fiat_secp384r1_addcarryx_u64(&x125, &x126, x124, ((uint64_t)x88 + x60), ++ (x112 + x92)); ++ fiat_secp384r1_mulx_u64(&x127, &x128, x2, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x129, &x130, x2, UINT64_C(0xfffffffe00000000)); ++ fiat_secp384r1_mulx_u64(&x131, &x132, x2, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x133, &x134, x2, UINT64_C(0xfffffffe00000001)); ++ fiat_secp384r1_addcarryx_u64(&x135, &x136, 0x0, x134, x131); ++ fiat_secp384r1_addcarryx_u64(&x137, &x138, x136, x132, x129); ++ fiat_secp384r1_addcarryx_u64(&x139, &x140, x138, x130, x127); ++ fiat_secp384r1_addcarryx_u64(&x141, &x142, x140, x128, x2); ++ fiat_secp384r1_addcarryx_u64(&x143, &x144, 0x0, x115, x133); ++ fiat_secp384r1_addcarryx_u64(&x145, &x146, x144, x117, x135); ++ fiat_secp384r1_addcarryx_u64(&x147, &x148, x146, x119, x137); ++ fiat_secp384r1_addcarryx_u64(&x149, &x150, x148, x121, x139); ++ fiat_secp384r1_addcarryx_u64(&x151, &x152, x150, x123, x141); ++ fiat_secp384r1_addcarryx_u64(&x153, &x154, x152, x125, x142); ++ fiat_secp384r1_mulx_u64(&x155, &x156, x143, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x157, &x158, x155, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x159, &x160, x155, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x161, &x162, x155, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x163, &x164, x155, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x169, &x170, 0x0, x168, x165); ++ fiat_secp384r1_addcarryx_u64(&x171, &x172, x170, x166, x163); ++ fiat_secp384r1_addcarryx_u64(&x173, &x174, x172, x164, x161); ++ fiat_secp384r1_addcarryx_u64(&x175, &x176, x174, x162, x159); ++ fiat_secp384r1_addcarryx_u64(&x177, &x178, x176, x160, x157); ++ fiat_secp384r1_addcarryx_u64(&x179, &x180, 0x0, x143, x167); ++ fiat_secp384r1_addcarryx_u64(&x181, &x182, x180, x145, x169); ++ fiat_secp384r1_addcarryx_u64(&x183, &x184, x182, x147, x171); ++ fiat_secp384r1_addcarryx_u64(&x185, &x186, x184, x149, x173); ++ fiat_secp384r1_addcarryx_u64(&x187, &x188, x186, x151, x175); ++ fiat_secp384r1_addcarryx_u64(&x189, &x190, x188, x153, x177); ++ fiat_secp384r1_addcarryx_u64(&x191, &x192, x190, ((uint64_t)x154 + x126), ++ (x178 + x158)); ++ fiat_secp384r1_mulx_u64(&x193, &x194, x3, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x195, &x196, x3, UINT64_C(0xfffffffe00000000)); ++ fiat_secp384r1_mulx_u64(&x197, &x198, x3, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x199, &x200, x3, UINT64_C(0xfffffffe00000001)); ++ fiat_secp384r1_addcarryx_u64(&x201, &x202, 0x0, x200, x197); ++ fiat_secp384r1_addcarryx_u64(&x203, &x204, x202, x198, x195); ++ fiat_secp384r1_addcarryx_u64(&x205, &x206, x204, x196, x193); ++ fiat_secp384r1_addcarryx_u64(&x207, &x208, x206, x194, x3); ++ fiat_secp384r1_addcarryx_u64(&x209, &x210, 0x0, x181, x199); ++ fiat_secp384r1_addcarryx_u64(&x211, &x212, x210, x183, x201); ++ fiat_secp384r1_addcarryx_u64(&x213, &x214, x212, x185, x203); ++ fiat_secp384r1_addcarryx_u64(&x215, &x216, x214, x187, x205); ++ fiat_secp384r1_addcarryx_u64(&x217, &x218, x216, x189, x207); ++ fiat_secp384r1_addcarryx_u64(&x219, &x220, x218, x191, x208); ++ fiat_secp384r1_mulx_u64(&x221, &x222, x209, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x223, &x224, x221, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x225, &x226, x221, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x227, &x228, x221, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x229, &x230, x221, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x231, &x232, x221, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x233, &x234, x221, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x235, &x236, 0x0, x234, x231); ++ fiat_secp384r1_addcarryx_u64(&x237, &x238, x236, x232, x229); ++ fiat_secp384r1_addcarryx_u64(&x239, &x240, x238, x230, x227); ++ fiat_secp384r1_addcarryx_u64(&x241, &x242, x240, x228, x225); ++ fiat_secp384r1_addcarryx_u64(&x243, &x244, x242, x226, x223); ++ fiat_secp384r1_addcarryx_u64(&x245, &x246, 0x0, x209, x233); ++ fiat_secp384r1_addcarryx_u64(&x247, &x248, x246, x211, x235); ++ fiat_secp384r1_addcarryx_u64(&x249, &x250, x248, x213, x237); ++ fiat_secp384r1_addcarryx_u64(&x251, &x252, x250, x215, x239); ++ fiat_secp384r1_addcarryx_u64(&x253, &x254, x252, x217, x241); ++ fiat_secp384r1_addcarryx_u64(&x255, &x256, x254, x219, x243); ++ fiat_secp384r1_addcarryx_u64(&x257, &x258, x256, ((uint64_t)x220 + x192), ++ (x244 + x224)); ++ fiat_secp384r1_mulx_u64(&x259, &x260, x4, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x261, &x262, x4, UINT64_C(0xfffffffe00000000)); ++ fiat_secp384r1_mulx_u64(&x263, &x264, x4, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x265, &x266, x4, UINT64_C(0xfffffffe00000001)); ++ fiat_secp384r1_addcarryx_u64(&x267, &x268, 0x0, x266, x263); ++ fiat_secp384r1_addcarryx_u64(&x269, &x270, x268, x264, x261); ++ fiat_secp384r1_addcarryx_u64(&x271, &x272, x270, x262, x259); ++ fiat_secp384r1_addcarryx_u64(&x273, &x274, x272, x260, x4); ++ fiat_secp384r1_addcarryx_u64(&x275, &x276, 0x0, x247, x265); ++ fiat_secp384r1_addcarryx_u64(&x277, &x278, x276, x249, x267); ++ fiat_secp384r1_addcarryx_u64(&x279, &x280, x278, x251, x269); ++ fiat_secp384r1_addcarryx_u64(&x281, &x282, x280, x253, x271); ++ fiat_secp384r1_addcarryx_u64(&x283, &x284, x282, x255, x273); ++ fiat_secp384r1_addcarryx_u64(&x285, &x286, x284, x257, x274); ++ fiat_secp384r1_mulx_u64(&x287, &x288, x275, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x289, &x290, x287, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x291, &x292, x287, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x293, &x294, x287, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x295, &x296, x287, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x297, &x298, x287, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x299, &x300, x287, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x301, &x302, 0x0, x300, x297); ++ fiat_secp384r1_addcarryx_u64(&x303, &x304, x302, x298, x295); ++ fiat_secp384r1_addcarryx_u64(&x305, &x306, x304, x296, x293); ++ fiat_secp384r1_addcarryx_u64(&x307, &x308, x306, x294, x291); ++ fiat_secp384r1_addcarryx_u64(&x309, &x310, x308, x292, x289); ++ fiat_secp384r1_addcarryx_u64(&x311, &x312, 0x0, x275, x299); ++ fiat_secp384r1_addcarryx_u64(&x313, &x314, x312, x277, x301); ++ fiat_secp384r1_addcarryx_u64(&x315, &x316, x314, x279, x303); ++ fiat_secp384r1_addcarryx_u64(&x317, &x318, x316, x281, x305); ++ fiat_secp384r1_addcarryx_u64(&x319, &x320, x318, x283, x307); ++ fiat_secp384r1_addcarryx_u64(&x321, &x322, x320, x285, x309); ++ fiat_secp384r1_addcarryx_u64(&x323, &x324, x322, ((uint64_t)x286 + x258), ++ (x310 + x290)); ++ fiat_secp384r1_mulx_u64(&x325, &x326, x5, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x327, &x328, x5, UINT64_C(0xfffffffe00000000)); ++ fiat_secp384r1_mulx_u64(&x329, &x330, x5, UINT64_C(0x200000000)); ++ fiat_secp384r1_mulx_u64(&x331, &x332, x5, UINT64_C(0xfffffffe00000001)); ++ fiat_secp384r1_addcarryx_u64(&x333, &x334, 0x0, x332, x329); ++ fiat_secp384r1_addcarryx_u64(&x335, &x336, x334, x330, x327); ++ fiat_secp384r1_addcarryx_u64(&x337, &x338, x336, x328, x325); ++ fiat_secp384r1_addcarryx_u64(&x339, &x340, x338, x326, x5); ++ fiat_secp384r1_addcarryx_u64(&x341, &x342, 0x0, x313, x331); ++ fiat_secp384r1_addcarryx_u64(&x343, &x344, x342, x315, x333); ++ fiat_secp384r1_addcarryx_u64(&x345, &x346, x344, x317, x335); ++ fiat_secp384r1_addcarryx_u64(&x347, &x348, x346, x319, x337); ++ fiat_secp384r1_addcarryx_u64(&x349, &x350, x348, x321, x339); ++ fiat_secp384r1_addcarryx_u64(&x351, &x352, x350, x323, x340); ++ fiat_secp384r1_mulx_u64(&x353, &x354, x341, UINT64_C(0x100000001)); ++ fiat_secp384r1_mulx_u64(&x355, &x356, x353, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x357, &x358, x353, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x359, &x360, x353, UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_mulx_u64(&x361, &x362, x353, UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_mulx_u64(&x363, &x364, x353, UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_mulx_u64(&x365, &x366, x353, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u64(&x367, &x368, 0x0, x366, x363); ++ fiat_secp384r1_addcarryx_u64(&x369, &x370, x368, x364, x361); ++ fiat_secp384r1_addcarryx_u64(&x371, &x372, x370, x362, x359); ++ fiat_secp384r1_addcarryx_u64(&x373, &x374, x372, x360, x357); ++ fiat_secp384r1_addcarryx_u64(&x375, &x376, x374, x358, x355); ++ fiat_secp384r1_addcarryx_u64(&x377, &x378, 0x0, x341, x365); ++ fiat_secp384r1_addcarryx_u64(&x379, &x380, x378, x343, x367); ++ fiat_secp384r1_addcarryx_u64(&x381, &x382, x380, x345, x369); ++ fiat_secp384r1_addcarryx_u64(&x383, &x384, x382, x347, x371); ++ fiat_secp384r1_addcarryx_u64(&x385, &x386, x384, x349, x373); ++ fiat_secp384r1_addcarryx_u64(&x387, &x388, x386, x351, x375); ++ fiat_secp384r1_addcarryx_u64(&x389, &x390, x388, ((uint64_t)x352 + x324), ++ (x376 + x356)); ++ fiat_secp384r1_subborrowx_u64(&x391, &x392, 0x0, x379, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x393, &x394, x392, x381, ++ UINT64_C(0xffffffff00000000)); ++ fiat_secp384r1_subborrowx_u64(&x395, &x396, x394, x383, ++ UINT64_C(0xfffffffffffffffe)); ++ fiat_secp384r1_subborrowx_u64(&x397, &x398, x396, x385, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x399, &x400, x398, x387, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x401, &x402, x400, x389, ++ UINT64_C(0xffffffffffffffff)); ++ fiat_secp384r1_subborrowx_u64(&x403, &x404, x402, x390, 0x0); ++ fiat_secp384r1_cmovznz_u64(&x405, x404, x391, x379); ++ fiat_secp384r1_cmovznz_u64(&x406, x404, x393, x381); ++ fiat_secp384r1_cmovznz_u64(&x407, x404, x395, x383); ++ fiat_secp384r1_cmovznz_u64(&x408, x404, x397, x385); ++ fiat_secp384r1_cmovznz_u64(&x409, x404, x399, x387); ++ fiat_secp384r1_cmovznz_u64(&x410, x404, x401, x389); ++ out1[0] = x405; ++ out1[1] = x406; ++ out1[2] = x407; ++ out1[3] = x408; ++ out1[4] = x409; ++ out1[5] = x410; ++} ++ ++/* ++ * The function fiat_secp384r1_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffffffffffff] ++ */ ++static void ++fiat_secp384r1_nonzero(uint64_t *out1, const uint64_t arg1[6]) ++{ ++ uint64_t x1; ++ x1 = ((arg1[0]) | ++ ((arg1[1]) | ++ ((arg1[2]) | ++ ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (uint64_t)0x0)))))); ++ *out1 = x1; ++} ++ ++/* ++ * The function fiat_secp384r1_selectznz is a multi-limb conditional select. ++ * Postconditions: ++ * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_selectznz(uint64_t out1[6], ++ fiat_secp384r1_uint1 arg1, ++ const uint64_t arg2[6], ++ const uint64_t arg3[6]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ fiat_secp384r1_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); ++ fiat_secp384r1_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); ++ fiat_secp384r1_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); ++ fiat_secp384r1_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); ++ fiat_secp384r1_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); ++ fiat_secp384r1_cmovznz_u64(&x6, arg1, (arg2[5]), (arg3[5])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++} ++ ++/* ++ * The function fiat_secp384r1_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] ++ */ ++static void ++fiat_secp384r1_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint8_t x8; ++ uint64_t x9; ++ uint8_t x10; ++ uint64_t x11; ++ uint8_t x12; ++ uint64_t x13; ++ uint8_t x14; ++ uint64_t x15; ++ uint8_t x16; ++ uint64_t x17; ++ uint8_t x18; ++ uint8_t x19; ++ uint8_t x20; ++ uint8_t x21; ++ uint64_t x22; ++ uint8_t x23; ++ uint64_t x24; ++ uint8_t x25; ++ uint64_t x26; ++ uint8_t x27; ++ uint64_t x28; ++ uint8_t x29; ++ uint64_t x30; ++ uint8_t x31; ++ uint64_t x32; ++ uint8_t x33; ++ uint8_t x34; ++ uint8_t x35; ++ uint8_t x36; ++ uint64_t x37; ++ uint8_t x38; ++ uint64_t x39; ++ uint8_t x40; ++ uint64_t x41; ++ uint8_t x42; ++ uint64_t x43; ++ uint8_t x44; ++ uint64_t x45; ++ uint8_t x46; ++ uint64_t x47; ++ uint8_t x48; ++ uint8_t x49; ++ uint8_t x50; ++ uint8_t x51; ++ uint64_t x52; ++ uint8_t x53; ++ uint64_t x54; ++ uint8_t x55; ++ uint64_t x56; ++ uint8_t x57; ++ uint64_t x58; ++ uint8_t x59; ++ uint64_t x60; ++ uint8_t x61; ++ uint64_t x62; ++ uint8_t x63; ++ uint8_t x64; ++ uint8_t x65; ++ uint8_t x66; ++ uint64_t x67; ++ uint8_t x68; ++ uint64_t x69; ++ uint8_t x70; ++ uint64_t x71; ++ uint8_t x72; ++ uint64_t x73; ++ uint8_t x74; ++ uint64_t x75; ++ uint8_t x76; ++ uint64_t x77; ++ uint8_t x78; ++ uint8_t x79; ++ uint8_t x80; ++ uint8_t x81; ++ uint64_t x82; ++ uint8_t x83; ++ uint64_t x84; ++ uint8_t x85; ++ uint64_t x86; ++ uint8_t x87; ++ uint64_t x88; ++ uint8_t x89; ++ uint64_t x90; ++ uint8_t x91; ++ uint64_t x92; ++ uint8_t x93; ++ uint8_t x94; ++ uint8_t x95; ++ x1 = (arg1[5]); ++ x2 = (arg1[4]); ++ x3 = (arg1[3]); ++ x4 = (arg1[2]); ++ x5 = (arg1[1]); ++ x6 = (arg1[0]); ++ x7 = (x6 >> 8); ++ x8 = (uint8_t)(x6 & UINT8_C(0xff)); ++ x9 = (x7 >> 8); ++ x10 = (uint8_t)(x7 & UINT8_C(0xff)); ++ x11 = (x9 >> 8); ++ x12 = (uint8_t)(x9 & UINT8_C(0xff)); ++ x13 = (x11 >> 8); ++ x14 = (uint8_t)(x11 & UINT8_C(0xff)); ++ x15 = (x13 >> 8); ++ x16 = (uint8_t)(x13 & UINT8_C(0xff)); ++ x17 = (x15 >> 8); ++ x18 = (uint8_t)(x15 & UINT8_C(0xff)); ++ x19 = (uint8_t)(x17 >> 8); ++ x20 = (uint8_t)(x17 & UINT8_C(0xff)); ++ x21 = (uint8_t)(x19 & UINT8_C(0xff)); ++ x22 = (x5 >> 8); ++ x23 = (uint8_t)(x5 & UINT8_C(0xff)); ++ x24 = (x22 >> 8); ++ x25 = (uint8_t)(x22 & UINT8_C(0xff)); ++ x26 = (x24 >> 8); ++ x27 = (uint8_t)(x24 & UINT8_C(0xff)); ++ x28 = (x26 >> 8); ++ x29 = (uint8_t)(x26 & UINT8_C(0xff)); ++ x30 = (x28 >> 8); ++ x31 = (uint8_t)(x28 & UINT8_C(0xff)); ++ x32 = (x30 >> 8); ++ x33 = (uint8_t)(x30 & UINT8_C(0xff)); ++ x34 = (uint8_t)(x32 >> 8); ++ x35 = (uint8_t)(x32 & UINT8_C(0xff)); ++ x36 = (uint8_t)(x34 & UINT8_C(0xff)); ++ x37 = (x4 >> 8); ++ x38 = (uint8_t)(x4 & UINT8_C(0xff)); ++ x39 = (x37 >> 8); ++ x40 = (uint8_t)(x37 & UINT8_C(0xff)); ++ x41 = (x39 >> 8); ++ x42 = (uint8_t)(x39 & UINT8_C(0xff)); ++ x43 = (x41 >> 8); ++ x44 = (uint8_t)(x41 & UINT8_C(0xff)); ++ x45 = (x43 >> 8); ++ x46 = (uint8_t)(x43 & UINT8_C(0xff)); ++ x47 = (x45 >> 8); ++ x48 = (uint8_t)(x45 & UINT8_C(0xff)); ++ x49 = (uint8_t)(x47 >> 8); ++ x50 = (uint8_t)(x47 & UINT8_C(0xff)); ++ x51 = (uint8_t)(x49 & UINT8_C(0xff)); ++ x52 = (x3 >> 8); ++ x53 = (uint8_t)(x3 & UINT8_C(0xff)); ++ x54 = (x52 >> 8); ++ x55 = (uint8_t)(x52 & UINT8_C(0xff)); ++ x56 = (x54 >> 8); ++ x57 = (uint8_t)(x54 & UINT8_C(0xff)); ++ x58 = (x56 >> 8); ++ x59 = (uint8_t)(x56 & UINT8_C(0xff)); ++ x60 = (x58 >> 8); ++ x61 = (uint8_t)(x58 & UINT8_C(0xff)); ++ x62 = (x60 >> 8); ++ x63 = (uint8_t)(x60 & UINT8_C(0xff)); ++ x64 = (uint8_t)(x62 >> 8); ++ x65 = (uint8_t)(x62 & UINT8_C(0xff)); ++ x66 = (uint8_t)(x64 & UINT8_C(0xff)); ++ x67 = (x2 >> 8); ++ x68 = (uint8_t)(x2 & UINT8_C(0xff)); ++ x69 = (x67 >> 8); ++ x70 = (uint8_t)(x67 & UINT8_C(0xff)); ++ x71 = (x69 >> 8); ++ x72 = (uint8_t)(x69 & UINT8_C(0xff)); ++ x73 = (x71 >> 8); ++ x74 = (uint8_t)(x71 & UINT8_C(0xff)); ++ x75 = (x73 >> 8); ++ x76 = (uint8_t)(x73 & UINT8_C(0xff)); ++ x77 = (x75 >> 8); ++ x78 = (uint8_t)(x75 & UINT8_C(0xff)); ++ x79 = (uint8_t)(x77 >> 8); ++ x80 = (uint8_t)(x77 & UINT8_C(0xff)); ++ x81 = (uint8_t)(x79 & UINT8_C(0xff)); ++ x82 = (x1 >> 8); ++ x83 = (uint8_t)(x1 & UINT8_C(0xff)); ++ x84 = (x82 >> 8); ++ x85 = (uint8_t)(x82 & UINT8_C(0xff)); ++ x86 = (x84 >> 8); ++ x87 = (uint8_t)(x84 & UINT8_C(0xff)); ++ x88 = (x86 >> 8); ++ x89 = (uint8_t)(x86 & UINT8_C(0xff)); ++ x90 = (x88 >> 8); ++ x91 = (uint8_t)(x88 & UINT8_C(0xff)); ++ x92 = (x90 >> 8); ++ x93 = (uint8_t)(x90 & UINT8_C(0xff)); ++ x94 = (uint8_t)(x92 >> 8); ++ x95 = (uint8_t)(x92 & UINT8_C(0xff)); ++ out1[0] = x8; ++ out1[1] = x10; ++ out1[2] = x12; ++ out1[3] = x14; ++ out1[4] = x16; ++ out1[5] = x18; ++ out1[6] = x20; ++ out1[7] = x21; ++ out1[8] = x23; ++ out1[9] = x25; ++ out1[10] = x27; ++ out1[11] = x29; ++ out1[12] = x31; ++ out1[13] = x33; ++ out1[14] = x35; ++ out1[15] = x36; ++ out1[16] = x38; ++ out1[17] = x40; ++ out1[18] = x42; ++ out1[19] = x44; ++ out1[20] = x46; ++ out1[21] = x48; ++ out1[22] = x50; ++ out1[23] = x51; ++ out1[24] = x53; ++ out1[25] = x55; ++ out1[26] = x57; ++ out1[27] = x59; ++ out1[28] = x61; ++ out1[29] = x63; ++ out1[30] = x65; ++ out1[31] = x66; ++ out1[32] = x68; ++ out1[33] = x70; ++ out1[34] = x72; ++ out1[35] = x74; ++ out1[36] = x76; ++ out1[37] = x78; ++ out1[38] = x80; ++ out1[39] = x81; ++ out1[40] = x83; ++ out1[41] = x85; ++ out1[42] = x87; ++ out1[43] = x89; ++ out1[44] = x91; ++ out1[45] = x93; ++ out1[46] = x95; ++ out1[47] = x94; ++} ++ ++/* ++ * The function fiat_secp384r1_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order. ++ * Preconditions: ++ * 0 ≤ bytes_eval arg1 < m ++ * Postconditions: ++ * eval out1 mod m = bytes_eval arg1 mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp384r1_from_bytes(uint64_t out1[6], ++ const uint8_t arg1[48]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint8_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint8_t x16; ++ uint64_t x17; ++ uint64_t x18; ++ uint64_t x19; ++ uint64_t x20; ++ uint64_t x21; ++ uint64_t x22; ++ uint64_t x23; ++ uint8_t x24; ++ uint64_t x25; ++ uint64_t x26; ++ uint64_t x27; ++ uint64_t x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint8_t x32; ++ uint64_t x33; ++ uint64_t x34; ++ uint64_t x35; ++ uint64_t x36; ++ uint64_t x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint8_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ uint64_t x45; ++ uint64_t x46; ++ uint64_t x47; ++ uint8_t x48; ++ uint64_t x49; ++ uint64_t x50; ++ uint64_t x51; ++ uint64_t x52; ++ uint64_t x53; ++ uint64_t x54; ++ uint64_t x55; ++ uint64_t x56; ++ uint64_t x57; ++ uint64_t x58; ++ uint64_t x59; ++ x1 = ((uint64_t)(arg1[47]) << 56); ++ x2 = ((uint64_t)(arg1[46]) << 48); ++ x3 = ((uint64_t)(arg1[45]) << 40); ++ x4 = ((uint64_t)(arg1[44]) << 32); ++ x5 = ((uint64_t)(arg1[43]) << 24); ++ x6 = ((uint64_t)(arg1[42]) << 16); ++ x7 = ((uint64_t)(arg1[41]) << 8); ++ x8 = (arg1[40]); ++ x9 = ((uint64_t)(arg1[39]) << 56); ++ x10 = ((uint64_t)(arg1[38]) << 48); ++ x11 = ((uint64_t)(arg1[37]) << 40); ++ x12 = ((uint64_t)(arg1[36]) << 32); ++ x13 = ((uint64_t)(arg1[35]) << 24); ++ x14 = ((uint64_t)(arg1[34]) << 16); ++ x15 = ((uint64_t)(arg1[33]) << 8); ++ x16 = (arg1[32]); ++ x17 = ((uint64_t)(arg1[31]) << 56); ++ x18 = ((uint64_t)(arg1[30]) << 48); ++ x19 = ((uint64_t)(arg1[29]) << 40); ++ x20 = ((uint64_t)(arg1[28]) << 32); ++ x21 = ((uint64_t)(arg1[27]) << 24); ++ x22 = ((uint64_t)(arg1[26]) << 16); ++ x23 = ((uint64_t)(arg1[25]) << 8); ++ x24 = (arg1[24]); ++ x25 = ((uint64_t)(arg1[23]) << 56); ++ x26 = ((uint64_t)(arg1[22]) << 48); ++ x27 = ((uint64_t)(arg1[21]) << 40); ++ x28 = ((uint64_t)(arg1[20]) << 32); ++ x29 = ((uint64_t)(arg1[19]) << 24); ++ x30 = ((uint64_t)(arg1[18]) << 16); ++ x31 = ((uint64_t)(arg1[17]) << 8); ++ x32 = (arg1[16]); ++ x33 = ((uint64_t)(arg1[15]) << 56); ++ x34 = ((uint64_t)(arg1[14]) << 48); ++ x35 = ((uint64_t)(arg1[13]) << 40); ++ x36 = ((uint64_t)(arg1[12]) << 32); ++ x37 = ((uint64_t)(arg1[11]) << 24); ++ x38 = ((uint64_t)(arg1[10]) << 16); ++ x39 = ((uint64_t)(arg1[9]) << 8); ++ x40 = (arg1[8]); ++ x41 = ((uint64_t)(arg1[7]) << 56); ++ x42 = ((uint64_t)(arg1[6]) << 48); ++ x43 = ((uint64_t)(arg1[5]) << 40); ++ x44 = ((uint64_t)(arg1[4]) << 32); ++ x45 = ((uint64_t)(arg1[3]) << 24); ++ x46 = ((uint64_t)(arg1[2]) << 16); ++ x47 = ((uint64_t)(arg1[1]) << 8); ++ x48 = (arg1[0]); ++ x49 = (x48 + (x47 + (x46 + (x45 + (x44 + (x43 + (x42 + x41))))))); ++ x50 = (x49 & UINT64_C(0xffffffffffffffff)); ++ x51 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); ++ x52 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); ++ x53 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); ++ x54 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); ++ x55 = (x40 + (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + x33))))))); ++ x56 = (x55 & UINT64_C(0xffffffffffffffff)); ++ x57 = (x54 & UINT64_C(0xffffffffffffffff)); ++ x58 = (x53 & UINT64_C(0xffffffffffffffff)); ++ x59 = (x52 & UINT64_C(0xffffffffffffffff)); ++ out1[0] = x50; ++ out1[1] = x56; ++ out1[2] = x57; ++ out1[3] = x58; ++ out1[4] = x59; ++ out1[5] = x51; ++} ++ ++/* END verbatim fiat code */ ++ ++/*- ++ * Finite field inversion via FLT. ++ * NB: this is not a real Fiat function, just named that way for consistency. ++ * Autogenerated: ecp/secp384r1/fe_inv.op3 ++ * custom repunit addition chain ++ */ ++static void ++fiat_secp384r1_inv(fe_t output, const fe_t t1) ++{ ++ int i; ++ /* temporary variables */ ++ fe_t acc, t10, t170, t2, t20, t255, t30, t32, t4, t64, t8, t84, t85; ++ ++ fiat_secp384r1_square(acc, t1); ++ fiat_secp384r1_mul(t2, acc, t1); ++ fiat_secp384r1_square(acc, t2); ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t4, acc, t2); ++ fiat_secp384r1_square(acc, t4); ++ for (i = 0; i < 3; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t8, acc, t4); ++ fiat_secp384r1_square(acc, t8); ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t10, acc, t2); ++ fiat_secp384r1_square(acc, t10); ++ for (i = 0; i < 9; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t20, acc, t10); ++ fiat_secp384r1_square(acc, t20); ++ for (i = 0; i < 9; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t30, acc, t10); ++ fiat_secp384r1_square(acc, t30); ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t32, acc, t2); ++ fiat_secp384r1_square(acc, t32); ++ for (i = 0; i < 31; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t64, acc, t32); ++ fiat_secp384r1_square(acc, t64); ++ for (i = 0; i < 19; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t84, acc, t20); ++ fiat_secp384r1_square(acc, t84); ++ fiat_secp384r1_mul(t85, acc, t1); ++ fiat_secp384r1_square(acc, t85); ++ for (i = 0; i < 84; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t170, acc, t85); ++ fiat_secp384r1_square(acc, t170); ++ for (i = 0; i < 84; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t255, acc, t85); ++ fiat_secp384r1_square(acc, t255); ++ for (i = 0; i < 32; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(acc, acc, t32); ++ for (i = 0; i < 94; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(acc, acc, t30); ++ for (i = 0; i < 2; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(output, acc, t1); ++} ++ ++/* curve coefficient constants */ ++ ++static const limb_t const_one[6] = { ++ UINT64_C(0xFFFFFFFF00000001), UINT64_C(0x00000000FFFFFFFF), ++ UINT64_C(0x0000000000000001), UINT64_C(0x0000000000000000), ++ UINT64_C(0x0000000000000000), UINT64_C(0x0000000000000000) ++}; ++ ++static const limb_t const_b[6] = { ++ UINT64_C(0x081188719D412DCC), UINT64_C(0xF729ADD87A4C32EC), ++ UINT64_C(0x77F2209B1920022E), UINT64_C(0xE3374BEE94938AE2), ++ UINT64_C(0xB62B21F41F022094), UINT64_C(0xCD08114B604FBFF9) ++}; ++ ++/* LUT for scalar multiplication by comb interleaving */ ++static const pt_aff_t lut_cmb[21][16] = { ++ { ++ { { UINT64_C(0x3DD0756649C0B528), UINT64_C(0x20E378E2A0D6CE38), ++ UINT64_C(0x879C3AFC541B4D6E), UINT64_C(0x6454868459A30EFF), ++ UINT64_C(0x812FF723614EDE2B), UINT64_C(0x4D3AADC2299E1513) }, ++ { UINT64_C(0x23043DAD4B03A4FE), UINT64_C(0xA1BFA8BF7BB4A9AC), ++ UINT64_C(0x8BADE7562E83B050), UINT64_C(0xC6C3521968F4FFD9), ++ UINT64_C(0xDD8002263969A840), UINT64_C(0x2B78ABC25A15C5E9) } }, ++ { { UINT64_C(0x05E4DBE6C1DC4073), UINT64_C(0xC54EA9FFF04F779C), ++ UINT64_C(0x6B2034E9A170CCF0), UINT64_C(0x3A48D732D51C6C3E), ++ UINT64_C(0xE36F7E2D263AA470), UINT64_C(0xD283FE68E7C1C3AC) }, ++ { UINT64_C(0x7E284821C04EE157), UINT64_C(0x92D789A77AE0E36D), ++ UINT64_C(0x132663C04EF67446), UINT64_C(0x68012D5AD2E1D0B4), ++ UINT64_C(0xF6DB68B15102B339), UINT64_C(0x465465FC983292AF) } }, ++ { { UINT64_C(0xBB595EBA68F1F0DF), UINT64_C(0xC185C0CBCC873466), ++ UINT64_C(0x7F1EB1B5293C703B), UINT64_C(0x60DB2CF5AACC05E6), ++ UINT64_C(0xC676B987E2E8E4C6), UINT64_C(0xE1BB26B11D178FFB) }, ++ { UINT64_C(0x2B694BA07073FA21), UINT64_C(0x22C16E2E72F34566), ++ UINT64_C(0x80B61B3101C35B99), UINT64_C(0x4B237FAF982C0411), ++ UINT64_C(0xE6C5944024DE236D), UINT64_C(0x4DB1C9D6E209E4A3) } }, ++ { { UINT64_C(0xDF13B9D17D69222B), UINT64_C(0x4CE6415F874774B1), ++ UINT64_C(0x731EDCF8211FAA95), UINT64_C(0x5F4215D1659753ED), ++ UINT64_C(0xF893DB589DB2DF55), UINT64_C(0x932C9F811C89025B) }, ++ { UINT64_C(0x0996B2207706A61E), UINT64_C(0x135349D5A8641C79), ++ UINT64_C(0x65AAD76F50130844), UINT64_C(0x0FF37C0401FFF780), ++ UINT64_C(0xF57F238E693B0706), UINT64_C(0xD90A16B6AF6C9B3E) } }, ++ { { UINT64_C(0x2F5D200E2353B92F), UINT64_C(0xE35D87293FD7E4F9), ++ UINT64_C(0x26094833A96D745D), UINT64_C(0xDC351DC13CBFFF3F), ++ UINT64_C(0x26D464C6DAD54D6A), UINT64_C(0x5CAB1D1D53636C6A) }, ++ { UINT64_C(0xF2813072B18EC0B0), UINT64_C(0x3777E270D742AA2F), ++ UINT64_C(0x27F061C7033CA7C2), UINT64_C(0xA6ECACCC68EAD0D8), ++ UINT64_C(0x7D9429F4EE69A754), UINT64_C(0xE770633431E8F5C6) } }, ++ { { UINT64_C(0xC7708B19B68B8C7D), UINT64_C(0x4532077C44377ABA), ++ UINT64_C(0x0DCC67706CDAD64F), UINT64_C(0x01B8BF56147B6602), ++ UINT64_C(0xF8D89885F0561D79), UINT64_C(0x9C19E9FC7BA9C437) }, ++ { UINT64_C(0x764EB146BDC4BA25), UINT64_C(0x604FE46BAC144B83), ++ UINT64_C(0x3CE813298A77E780), UINT64_C(0x2E070F36FE9E682E), ++ UINT64_C(0x41821D0C3A53287A), UINT64_C(0x9AA62F9F3533F918) } }, ++ { { UINT64_C(0x9B7AEB7E75CCBDFB), UINT64_C(0xB25E28C5F6749A95), ++ UINT64_C(0x8A7A8E4633B7D4AE), UINT64_C(0xDB5203A8D9C1BD56), ++ UINT64_C(0xD2657265ED22DF97), UINT64_C(0xB51C56E18CF23C94) }, ++ { UINT64_C(0xF4D394596C3D812D), UINT64_C(0xD8E88F1A87CAE0C2), ++ UINT64_C(0x789A2A48CF4D0FE3), UINT64_C(0xB7FEAC2DFEC38D60), ++ UINT64_C(0x81FDBD1C3B490EC3), UINT64_C(0x4617ADB7CC6979E1) } }, ++ { { UINT64_C(0x446AD8884709F4A9), UINT64_C(0x2B7210E2EC3DABD8), ++ UINT64_C(0x83CCF19550E07B34), UINT64_C(0x59500917789B3075), ++ UINT64_C(0x0FC01FD4EB085993), UINT64_C(0xFB62D26F4903026B) }, ++ { UINT64_C(0x2309CC9D6FE989BB), UINT64_C(0x61609CBD144BD586), ++ UINT64_C(0x4B23D3A0DE06610C), UINT64_C(0xDDDC2866D898F470), ++ UINT64_C(0x8733FC41400C5797), UINT64_C(0x5A68C6FED0BC2716) } }, ++ { { UINT64_C(0x8903E1304B4A3CD0), UINT64_C(0x3EA4EA4C8FF1F43E), ++ UINT64_C(0xE6FC3F2AF655A10D), UINT64_C(0x7BE3737D524FFEFC), ++ UINT64_C(0x9F6928555330455E), UINT64_C(0x524F166EE475CE70) }, ++ { UINT64_C(0x3FCC69CD6C12F055), UINT64_C(0x4E23B6FFD5B9C0DA), ++ UINT64_C(0x49CE6993336BF183), UINT64_C(0xF87D6D854A54504A), ++ UINT64_C(0x25EB5DF1B3C2677A), UINT64_C(0xAC37986F55B164C9) } }, ++ { { UINT64_C(0x82A2ED4ABAA84C08), UINT64_C(0x22C4CC5F41A8C912), ++ UINT64_C(0xCA109C3B154AAD5E), UINT64_C(0x23891298FC38538E), ++ UINT64_C(0xB3B6639C539802AE), UINT64_C(0xFA0F1F450390D706) }, ++ { UINT64_C(0x46B78E5DB0DC21D0), UINT64_C(0xA8C72D3CC3DA2EAC), ++ UINT64_C(0x9170B3786FF2F643), UINT64_C(0x3F5A799BB67F30C3), ++ UINT64_C(0x15D1DC778264B672), UINT64_C(0xA1D47B23E9577764) } }, ++ { { UINT64_C(0x08265E510422CE2F), UINT64_C(0x88E0D496DD2F9E21), ++ UINT64_C(0x30128AA06177F75D), UINT64_C(0x2E59AB62BD9EBE69), ++ UINT64_C(0x1B1A0F6C5DF0E537), UINT64_C(0xAB16C626DAC012B5) }, ++ { UINT64_C(0x8014214B008C5DE7), UINT64_C(0xAA740A9E38F17BEA), ++ UINT64_C(0x262EBB498A149098), UINT64_C(0xB454111E8527CD59), ++ UINT64_C(0x266AD15AACEA5817), UINT64_C(0x21824F411353CCBA) } }, ++ { { UINT64_C(0xD1B4E74D12E3683B), UINT64_C(0x990ED20B569B8EF6), ++ UINT64_C(0xB9D3DD25429C0A18), UINT64_C(0x1C75B8AB2A351783), ++ UINT64_C(0x61E4CA2B905432F0), UINT64_C(0x80826A69EEA8F224) }, ++ { UINT64_C(0x7FC33A6BEC52ABAD), UINT64_C(0x0BCCA3F0A65E4813), ++ UINT64_C(0x7AD8A132A527CEBE), UINT64_C(0xF0138950EAF22C7E), ++ UINT64_C(0x282D2437566718C1), UINT64_C(0x9DFCCB0DE2212559) } }, ++ { { UINT64_C(0x1E93722758CE3B83), UINT64_C(0xBB280DFA3CB3FB36), ++ UINT64_C(0x57D0F3D2E2BE174A), UINT64_C(0x9BD51B99208ABE1E), ++ UINT64_C(0x3809AB50DE248024), UINT64_C(0xC29C6E2CA5BB7331) }, ++ { UINT64_C(0x9944FD2E61124F05), UINT64_C(0x83CCBC4E9009E391), ++ UINT64_C(0x01628F059424A3CC), UINT64_C(0xD6A2F51DEA8E4344), ++ UINT64_C(0xDA3E1A3D4CEBC96E), UINT64_C(0x1FE6FB42E97809DC) } }, ++ { { UINT64_C(0xA04482D2467D66E4), UINT64_C(0xCF1912934D78291D), ++ UINT64_C(0x8E0D4168482396F9), UINT64_C(0x7228E2D5D18F14D0), ++ UINT64_C(0x2F7E8D509C6A58FE), UINT64_C(0xE8CA780E373E5AEC) }, ++ { UINT64_C(0x42AAD1D61B68E9F8), UINT64_C(0x58A6D7F569E2F8F4), ++ UINT64_C(0xD779ADFE31DA1BEA), UINT64_C(0x7D26540638C85A85), ++ UINT64_C(0x67E67195D44D3CDF), UINT64_C(0x17820A0BC5134ED7) } }, ++ { { UINT64_C(0x019D6AC5D3021470), UINT64_C(0x25846B66780443D6), ++ UINT64_C(0xCE3C15ED55C97647), UINT64_C(0x3DC22D490E3FEB0F), ++ UINT64_C(0x2065B7CBA7DF26E4), UINT64_C(0xC8B00AE8187CEA1F) }, ++ { UINT64_C(0x1A5284A0865DDED3), UINT64_C(0x293C164920C83DE2), ++ UINT64_C(0xAB178D26CCE851B3), UINT64_C(0x8E6DB10B404505FB), ++ UINT64_C(0xF6F57E7190C82033), UINT64_C(0x1D2A1C015977F16C) } }, ++ { { UINT64_C(0xA39C89317C8906A4), UINT64_C(0xB6E7ECDD9E821EE6), ++ UINT64_C(0x2ECF8340F0DF4FE6), UINT64_C(0xD42F7DC953C14965), ++ UINT64_C(0x1AFB51A3E3BA8285), UINT64_C(0x6C07C4040A3305D1) }, ++ { UINT64_C(0xDAB83288127FC1DA), UINT64_C(0xBC0A699B374C4B08), ++ UINT64_C(0x402A9BAB42EB20DD), UINT64_C(0xD7DD464F045A7A1C), ++ UINT64_C(0x5B3D0D6D36BEECC4), UINT64_C(0x475A3E756398A19D) } }, ++ }, ++ { ++ { { UINT64_C(0x31BDB48372876AE8), UINT64_C(0xE3325D98961ED1BF), ++ UINT64_C(0x18C042469B6FC64D), UINT64_C(0x0DCC15FA15786B8C), ++ UINT64_C(0x81ACDB068E63DA4A), UINT64_C(0xD3A4B643DADA70FB) }, ++ { UINT64_C(0x46361AFEDEA424EB), UINT64_C(0xDC2D2CAE89B92970), ++ UINT64_C(0xF389B61B615694E6), UINT64_C(0x7036DEF1872951D2), ++ UINT64_C(0x40FD3BDAD93BADC7), UINT64_C(0x45AB6321380A68D3) } }, ++ { { UINT64_C(0x23C1F74481A2703A), UINT64_C(0x1A5D075CB9859136), ++ UINT64_C(0xA4F82C9D5AFD1BFD), UINT64_C(0xA3D1E9A4F89D76FE), ++ UINT64_C(0x964F705075702F80), UINT64_C(0x182BF349F56C089D) }, ++ { UINT64_C(0xE205FA8FBE0DA6E1), UINT64_C(0x32905EB90A40F8F3), ++ UINT64_C(0x331A1004356D4395), UINT64_C(0x58B78901FDBBDFDE), ++ UINT64_C(0xA52A15979BA00E71), UINT64_C(0xE0092E1F55497A30) } }, ++ { { UINT64_C(0x5562A85670EE8F39), UINT64_C(0x86B0C11764E52A9C), ++ UINT64_C(0xC19F317409C75B8C), UINT64_C(0x21C7CC3124923F80), ++ UINT64_C(0xE63FE47F8F5B291E), UINT64_C(0x3D6D3C050DC08B05) }, ++ { UINT64_C(0x58AE455EEE0C39A1), UINT64_C(0x78BEA4310AD97942), ++ UINT64_C(0x42C7C97F3EE3989C), UINT64_C(0xC1B03AF5F38759AE), ++ UINT64_C(0x1A673C75BCF46899), UINT64_C(0x4831B7D38D508C7D) } }, ++ { { UINT64_C(0x76512D1BC552E354), UINT64_C(0x2B7EB6DF273020FD), ++ UINT64_C(0xD1C73AA8025A5F25), UINT64_C(0x2ABA19295CBD2A40), ++ UINT64_C(0xB53CADC3C88D61C6), UINT64_C(0x7E66A95E098290F3) }, ++ { UINT64_C(0x72800ECBAF4C5073), UINT64_C(0x81F2725E9DC63FAF), ++ UINT64_C(0x14BF92A7282BA9D1), UINT64_C(0x90629672BD5F1BB2), ++ UINT64_C(0x362F68EBA97C6C96), UINT64_C(0xB1D3BB8B7EA9D601) } }, ++ { { UINT64_C(0x73878F7FA9C94429), UINT64_C(0xB35C3BC8456CA6D8), ++ UINT64_C(0xD96F0B3CF721923A), UINT64_C(0x28D8F06CE6D44FA1), ++ UINT64_C(0x94EFDCDCD5CD671A), UINT64_C(0x0299AB933F97D481) }, ++ { UINT64_C(0xB7CED6EA2FD1D324), UINT64_C(0xBD6832087E932EC2), ++ UINT64_C(0x24ED31FBCB755A6E), UINT64_C(0xA636098EE48781D2), ++ UINT64_C(0x8687C63CF0A4F297), UINT64_C(0xBB52344007478526) } }, ++ { { UINT64_C(0x2E5F741934124B56), UINT64_C(0x1F223AE14B3F02CA), ++ UINT64_C(0x6345B427E8336C7E), UINT64_C(0x92123E16F5D0E3D0), ++ UINT64_C(0xDAF0D14D45E79F3A), UINT64_C(0x6ACA67656F3BD0C6) }, ++ { UINT64_C(0xF6169FAB403813F4), UINT64_C(0x31DC39C0334A4C59), ++ UINT64_C(0x74C46753D589866D), UINT64_C(0x5741511D984C6A5D), ++ UINT64_C(0xF263128797FED2D3), UINT64_C(0x5687CA1B11614886) } }, ++ { { UINT64_C(0x076D902A33836D4B), UINT64_C(0xEC6C5C4324AFB557), ++ UINT64_C(0xA0FE2D1CA0516A0F), UINT64_C(0x6FB8D73700D22ECC), ++ UINT64_C(0xF1DE9077DAF1D7B3), UINT64_C(0xE4695F77D4C0C1EB) }, ++ { UINT64_C(0x5F0FD8A8B4375573), UINT64_C(0x762383595E50944F), ++ UINT64_C(0x65EA2F28635CD76F), UINT64_C(0x0854776925FDE7B0), ++ UINT64_C(0xB2345A2E51944304), UINT64_C(0x86EFA2F7A16C980D) } }, ++ { { UINT64_C(0x4CCBE2D0BF4D1D63), UINT64_C(0x32E33401397366D5), ++ UINT64_C(0xC83AFDDE71BDA2CE), UINT64_C(0x8DACE2AC478ED9E6), ++ UINT64_C(0x3AC6A559763FDD9E), UINT64_C(0x0FFDB04CB398558F) }, ++ { UINT64_C(0x6C1B99B2AFB9D6B8), UINT64_C(0x572BA39C27F815DD), ++ UINT64_C(0x9DE73EE70DBCF842), UINT64_C(0x2A3ED58929267B88), ++ UINT64_C(0xD46A7FD315EBBBB3), UINT64_C(0xD1D01863E29400C7) } }, ++ { { UINT64_C(0x8FB101D1E1F89EC5), UINT64_C(0xB87A1F53F8508042), ++ UINT64_C(0x28C8DB240ED7BEEF), UINT64_C(0x3940F845ACE8660A), ++ UINT64_C(0x4EACB619C6D453FD), UINT64_C(0x2E044C982BAD6160) }, ++ { UINT64_C(0x8792854880B16C02), UINT64_C(0xF0D4BEB3C0A9EB64), ++ UINT64_C(0xD785B4AFC183C195), UINT64_C(0x23AAB0E65E6C46EA), ++ UINT64_C(0x30F7E104A930FECA), UINT64_C(0x6A1A7B8BD55C10FB) } }, ++ { { UINT64_C(0xDA74EAEBDBFED1AA), UINT64_C(0xC8A59223DF0B025C), ++ UINT64_C(0x7EF7DC85D5B627F7), UINT64_C(0x02A13AE1197D7624), ++ UINT64_C(0x119E9BE12F785A9B), UINT64_C(0xC0B7572F00D6B219) }, ++ { UINT64_C(0x9B1E51266D4CAF30), UINT64_C(0xA16A51170A840BD1), ++ UINT64_C(0x5BE17B910E9CCF43), UINT64_C(0x5BDBEDDD69CF2C9C), ++ UINT64_C(0x9FFBFBCF4CF4F289), UINT64_C(0xE1A621836C355CE9) } }, ++ { { UINT64_C(0x056199D9A7B2FCCF), UINT64_C(0x51F2E7B6CE1D784E), ++ UINT64_C(0xA1D09C47339E2FF0), UINT64_C(0xC8E64890B836D0A9), ++ UINT64_C(0x2F781DCBC0D07EBE), UINT64_C(0x5CF3C2AD3ACF934C) }, ++ { UINT64_C(0xE55DB190A17E26AE), UINT64_C(0xC9C61E1F91245513), ++ UINT64_C(0x83D7E6CF61998C15), UINT64_C(0x4DB33C85E41D38E3), ++ UINT64_C(0x74D5F91DC2FEE43D), UINT64_C(0x7EBBDB4536BBC826) } }, ++ { { UINT64_C(0xE20EC7E9CB655A9D), UINT64_C(0x4977EB925C47D421), ++ UINT64_C(0xA237E12C3B9D72FA), UINT64_C(0xCAAEDBC1CBF7B145), ++ UINT64_C(0x5200F5B23B77AAA3), UINT64_C(0x32EDED55BDBE5380) }, ++ { UINT64_C(0x74E38A40E7C9B80A), UINT64_C(0x3A3F0CF8AB6DE911), ++ UINT64_C(0x56DCDD7AAD16AAF0), UINT64_C(0x3D2924498E861D5E), ++ UINT64_C(0xD6C61878985733E2), UINT64_C(0x2401FE7D6AA6CD5B) } }, ++ { { UINT64_C(0xABB3DC75B42E3686), UINT64_C(0xAE712419B4C57E61), ++ UINT64_C(0x2C565F72B21B009B), UINT64_C(0xA5F1DA2E710C3699), ++ UINT64_C(0x771099A0A5EBA59A), UINT64_C(0x4DA88F4AC10017A0) }, ++ { UINT64_C(0x987FFFD31927B56D), UINT64_C(0xB98CB8ECC4E33478), ++ UINT64_C(0xB224A971C2248166), UINT64_C(0x5470F554DE1DC794), ++ UINT64_C(0xD747CC24E31FF983), UINT64_C(0xB91745E9B5B22DAE) } }, ++ { { UINT64_C(0x6CCBFED072F34420), UINT64_C(0x95045E4DA53039D2), ++ UINT64_C(0x3B6C11545A793944), UINT64_C(0xAA114145DDB6B799), ++ UINT64_C(0xABC15CA4252B7637), UINT64_C(0x5745A35BA5744634) }, ++ { UINT64_C(0x05DC6BDEDA596FC0), UINT64_C(0xCD52C18CA8020881), ++ UINT64_C(0x03FA9F47D296BAD0), UINT64_C(0xD8E2C1297268E139), ++ UINT64_C(0x58C1A98D9EC450B0), UINT64_C(0x909638DADE48B20D) } }, ++ { { UINT64_C(0x7AFC30D49B7F8311), UINT64_C(0x82A0042242368EA3), ++ UINT64_C(0xBFF951986F5F9865), UINT64_C(0x9B24F612FC0A070F), ++ UINT64_C(0x22C06CF2620F489D), UINT64_C(0x3C7ED052780F7DBB) }, ++ { UINT64_C(0xDB87AB1834DAFE9B), UINT64_C(0x20C03B409C4BBCA1), ++ UINT64_C(0x5D718CF059A42341), UINT64_C(0x9863170669E84538), ++ UINT64_C(0x5557192BD27D64E1), UINT64_C(0x08B4EC52DA822766) } }, ++ { { UINT64_C(0xB2D986F6D66C1A59), UINT64_C(0x927DEB1678E0E423), ++ UINT64_C(0x9E673CDE49C3DEDC), UINT64_C(0xFA362D84F7ECB6CF), ++ UINT64_C(0x078E5F401BA17340), UINT64_C(0x934CA5D11F4E489C) }, ++ { UINT64_C(0xC03C073164EEF493), UINT64_C(0x631A353BD7931A7E), ++ UINT64_C(0x8E7CC3BB65DD74F1), UINT64_C(0xD55864C5702676A5), ++ UINT64_C(0x6D306AC4439F04BD), UINT64_C(0x58544F672BAFED57) } }, ++ }, ++ { ++ { { UINT64_C(0xB083BA6AEC074AEA), UINT64_C(0x46FAC5EF7F0B505B), ++ UINT64_C(0x95367A21FC82DC03), UINT64_C(0x227BE26A9D3679D8), ++ UINT64_C(0xC70F6D6C7E9724C0), UINT64_C(0xCD68C757F9EBEC0F) }, ++ { UINT64_C(0x29DDE03E8FF321B2), UINT64_C(0xF84AD7BB031939DC), ++ UINT64_C(0xDAF590C90F602F4B), UINT64_C(0x17C5288849722BC4), ++ UINT64_C(0xA8DF99F0089B22B6), UINT64_C(0xC21BC5D4E59B9B90) } }, ++ { { UINT64_C(0x4936C6A08A31973F), UINT64_C(0x54D442FA83B8C205), ++ UINT64_C(0x03AEE8B45714F2C6), UINT64_C(0x139BD6923F5AC25A), ++ UINT64_C(0x6A2E42BAB5B33794), UINT64_C(0x50FA11643FF7BBA9) }, ++ { UINT64_C(0xB61D8643F7E2C099), UINT64_C(0x2366C993BD5C6637), ++ UINT64_C(0x62110E1472EB77FA), UINT64_C(0x3D5B96F13B99C635), ++ UINT64_C(0x956ECF64F674C9F2), UINT64_C(0xC56F7E51EF2BA250) } }, ++ { { UINT64_C(0x246FFCB6FF602C1B), UINT64_C(0x1E1A1D746E1258E0), ++ UINT64_C(0xB4B43AE2250E6676), UINT64_C(0x95C1B5F0924CE5FA), ++ UINT64_C(0x2555795BEBD8C776), UINT64_C(0x4C1E03DCACD9D9D0) }, ++ { UINT64_C(0xE1D74AA69CE90C61), UINT64_C(0xA88C0769A9C4B9F9), ++ UINT64_C(0xDF74DF2795AF56DE), UINT64_C(0x24B10C5FB331B6F4), ++ UINT64_C(0xB0A6DF9A6559E137), UINT64_C(0x6ACC1B8FC06637F2) } }, ++ { { UINT64_C(0xBD8C086834B4E381), UINT64_C(0x278CACC730DFF271), ++ UINT64_C(0x87ED12DE02459389), UINT64_C(0x3F7D98FFDEF840B6), ++ UINT64_C(0x71EEE0CB5F0B56E1), UINT64_C(0x462B5C9BD8D9BE87) }, ++ { UINT64_C(0xE6B50B5A98094C0F), UINT64_C(0x26F3B274508C67CE), ++ UINT64_C(0x418B1BD17CB1F992), UINT64_C(0x607818ED4FF11827), ++ UINT64_C(0xE630D93A9B042C63), UINT64_C(0x38B9EFF38C779AE3) } }, ++ { { UINT64_C(0xE8767D36729C5431), UINT64_C(0xA8BD07C0BB94642C), ++ UINT64_C(0x0C11FC8E58F2E5B2), UINT64_C(0xD8912D48547533FE), ++ UINT64_C(0xAAE14F5E230D91FB), UINT64_C(0xC122051A676DFBA0) }, ++ { UINT64_C(0x9ED4501F5EA93078), UINT64_C(0x2758515CBD4BEE0A), ++ UINT64_C(0x97733C6C94D21F52), UINT64_C(0x139BCD6D4AD306A2), ++ UINT64_C(0x0AAECBDC298123CC), UINT64_C(0x102B8A311CB7C7C9) } }, ++ { { UINT64_C(0x22A28E59FAF46675), UINT64_C(0x1075730810A31E7D), ++ UINT64_C(0xC7EEAC842B4C2F4F), UINT64_C(0xBA370148B5EF5184), ++ UINT64_C(0x4A5A28668732E055), UINT64_C(0x14B8DCDCB887C36F) }, ++ { UINT64_C(0xDBA8C85C433F093D), UINT64_C(0x73DF549D1C9A201C), ++ UINT64_C(0x69AA0D7B70F927D8), UINT64_C(0xFA3A8685D7D2493A), ++ UINT64_C(0x6F48A2550A7F4013), UINT64_C(0xD20C8BF9DD393067) } }, ++ { { UINT64_C(0x4EC874EA81625E78), UINT64_C(0x8B8D8B5A3FBE9267), ++ UINT64_C(0xA3D9D1649421EC2F), UINT64_C(0x490E92D9880EA295), ++ UINT64_C(0x745D1EDCD8F3B6DA), UINT64_C(0x0116628B8F18BA03) }, ++ { UINT64_C(0x0FF6BCE0834EADCE), UINT64_C(0x464697F2000827F7), ++ UINT64_C(0x08DCCF84498D724E), UINT64_C(0x7896D3651E88304C), ++ UINT64_C(0xE63EBCCE135E3622), UINT64_C(0xFB942E8EDC007521) } }, ++ { { UINT64_C(0xBB155A66A3688621), UINT64_C(0xED2FD7CDF91B52A3), ++ UINT64_C(0x52798F5DEA20CB88), UINT64_C(0x069CE105373F7DD8), ++ UINT64_C(0xF9392EC78CA78F6B), UINT64_C(0xB3013E256B335169) }, ++ { UINT64_C(0x1D92F8006B11715C), UINT64_C(0xADD4050EFF9DC464), ++ UINT64_C(0x2AC226598465B84A), UINT64_C(0x2729D646465B2BD6), ++ UINT64_C(0x6202344AE4EFF9DD), UINT64_C(0x51F3198FCD9B90B9) } }, ++ { { UINT64_C(0x17CE54EFE5F0AE1D), UINT64_C(0x984E8204B09852AF), ++ UINT64_C(0x3365B37AC4B27A71), UINT64_C(0x720E3152A00E0A9C), ++ UINT64_C(0x3692F70D925BD606), UINT64_C(0xBE6E699D7BC7E9AB) }, ++ { UINT64_C(0xD75C041F4C89A3C0), UINT64_C(0x8B9F592D8DC100C0), ++ UINT64_C(0x30750F3AAD228F71), UINT64_C(0x1B9ECF84E8B17A11), ++ UINT64_C(0xDF2025620FBFA8A2), UINT64_C(0x45C811FCAA1B6D67) } }, ++ { { UINT64_C(0xEC5B84B71A5151F8), UINT64_C(0x118E59E8550AB2D2), ++ UINT64_C(0x2CCDEDA4049BD735), UINT64_C(0xC99CBA719CD62F0F), ++ UINT64_C(0x69B8040A62C9E4F8), UINT64_C(0x16F1A31A110B8283) }, ++ { UINT64_C(0x53F6380298E908A3), UINT64_C(0x308CB6EFD862F9DE), ++ UINT64_C(0xE185DAD8A521A95A), UINT64_C(0x4D8FE9A4097F75CA), ++ UINT64_C(0xD1ECCEC71CA07D53), UINT64_C(0x13DFA1DC0DB07E83) } }, ++ { { UINT64_C(0xDDAF9DC60F591A76), UINT64_C(0xE1A6D7CC1685F412), ++ UINT64_C(0x153DE557002B6E8D), UINT64_C(0x730C38BCC6DA37D9), ++ UINT64_C(0xAE1806220914B597), UINT64_C(0x84F98103DD8C3A0A) }, ++ { UINT64_C(0x369C53988DA205B0), UINT64_C(0xA3D95B813888A720), ++ UINT64_C(0x1F3F8BBFE10E2806), UINT64_C(0x48663DF54530D1F3), ++ UINT64_C(0x320523B43E377713), UINT64_C(0xE8B1A575C7894814) } }, ++ { { UINT64_C(0x330668712EE8EA07), UINT64_C(0xC6FB4EC560DA199D), ++ UINT64_C(0x33231860F4370A05), UINT64_C(0x7ABECE72C6DE4E26), ++ UINT64_C(0xDE8D4BD8EBDECE7A), UINT64_C(0xC90EE6571CBE93C7) }, ++ { UINT64_C(0x0246751B85AC2509), UINT64_C(0xD0EF142C30380245), ++ UINT64_C(0x086DF9C47C76E39C), UINT64_C(0x68F1304FB789FB56), ++ UINT64_C(0x23E4CB98A5E4BD56), UINT64_C(0x69A4C63C64663DCA) } }, ++ { { UINT64_C(0x6C72B6AF7CB34E63), UINT64_C(0x073C40CD6DFC23FE), ++ UINT64_C(0xBDEEE7A1C936693A), UINT64_C(0xBC858E806EFAD378), ++ UINT64_C(0xEAD719FFF5BE55D4), UINT64_C(0xC8C3238F04552F5F) }, ++ { UINT64_C(0x0952C068928D5784), UINT64_C(0x89DFDF2294C58F2B), ++ UINT64_C(0x332DEDF367502C50), UINT64_C(0x3ED2FA3AAC0BE258), ++ UINT64_C(0xAEDC9B8A7C5C8244), UINT64_C(0x43A761B9DC0EA34F) } }, ++ { { UINT64_C(0x8FD683A2CC5E21A5), UINT64_C(0x5F444C6EFBA2BB68), ++ UINT64_C(0x709ACD0EAF05586D), UINT64_C(0x8EFA54D2DE8FB348), ++ UINT64_C(0x35276B7134CFE29E), UINT64_C(0x77A06FCD941EAC8C) }, ++ { UINT64_C(0x5815792D928322DD), UINT64_C(0x82FF356B67F7CB59), ++ UINT64_C(0x71E40A78304980F4), UINT64_C(0xC8645C273667D021), ++ UINT64_C(0xE785741CAEBAE28F), UINT64_C(0xB2C1BC7553ECAC37) } }, ++ { { UINT64_C(0x633EB24F1D0A74DB), UINT64_C(0xF1F55E56FA752512), ++ UINT64_C(0x75FECA688EFE11DE), UINT64_C(0xC80FD91CE6BF19EC), ++ UINT64_C(0xAD0BAFEC2A14C908), UINT64_C(0x4E1C4ACAADE4031F) }, ++ { UINT64_C(0x463A815B1EB1549A), UINT64_C(0x5AD4253C668F1298), ++ UINT64_C(0x5CB3866238A37151), UINT64_C(0x34BB1CCFAFF16B96), ++ UINT64_C(0xDCA93B13EE731AB0), UINT64_C(0x9F3CE5CC9BE01A0B) } }, ++ { { UINT64_C(0x75DB5723A110D331), UINT64_C(0x67C66F6A7123D89F), ++ UINT64_C(0x27ABBD4B4009D570), UINT64_C(0xACDA6F84C73451BC), ++ UINT64_C(0xE4B9A23905575ACF), UINT64_C(0x3C2DB7EFAB2D3D6C) }, ++ { UINT64_C(0x01CCDD0829115145), UINT64_C(0x9E0602FE57B5814A), ++ UINT64_C(0x679B35C287862838), UINT64_C(0x0277DC4C38AD598D), ++ UINT64_C(0xEF80A2136D896DD4), UINT64_C(0xC8812213E7B9047B) } }, ++ }, ++ { ++ { { UINT64_C(0xAC6DBDF6EDC9CE62), UINT64_C(0xA58F5B440F9C006E), ++ UINT64_C(0x16694DE3DC28E1B0), UINT64_C(0x2D039CF2A6647711), ++ UINT64_C(0xA13BBE6FC5B08B4B), UINT64_C(0xE44DA93010EBD8CE) }, ++ { UINT64_C(0xCD47208719649A16), UINT64_C(0xE18F4E44683E5DF1), ++ UINT64_C(0xB3F66303929BFA28), UINT64_C(0x7C378E43818249BF), ++ UINT64_C(0x76068C80847F7CD9), UINT64_C(0xEE3DB6D1987EBA16) } }, ++ { { UINT64_C(0xCBBD8576C42A2F52), UINT64_C(0x9ACC6F709D2B06BB), ++ UINT64_C(0xE5CB56202E6B72A4), UINT64_C(0x5738EA0E7C024443), ++ UINT64_C(0x8ED06170B55368F3), UINT64_C(0xE54C99BB1AEED44F) }, ++ { UINT64_C(0x3D90A6B2E2E0D8B2), UINT64_C(0x21718977CF7B2856), ++ UINT64_C(0x089093DCC5612AEC), UINT64_C(0xC272EF6F99C1BACC), ++ UINT64_C(0x47DB3B43DC43EAAD), UINT64_C(0x730F30E40832D891) } }, ++ { { UINT64_C(0x9FFE55630C7FECDB), UINT64_C(0x55CC67B6F88101E5), ++ UINT64_C(0x3039F981CBEFA3C7), UINT64_C(0x2AB06883667BFD64), ++ UINT64_C(0x9007A2574340E3DF), UINT64_C(0x1AC3F3FA5A3A49CA) }, ++ { UINT64_C(0x9C7BE629C97E20FD), UINT64_C(0xF61823D3A3DAE003), ++ UINT64_C(0xFFE7FF39E7380DBA), UINT64_C(0x620BB9B59FACC3B8), ++ UINT64_C(0x2DDCB8CD31AE422C), UINT64_C(0x1DE3BCFAD12C3C43) } }, ++ { { UINT64_C(0x8C074946D6E0F9A9), UINT64_C(0x662FA99551C3B05B), ++ UINT64_C(0x6CDAE96904BB2048), UINT64_C(0x6DEC9594D6DC8B60), ++ UINT64_C(0x8D26586954438BBC), UINT64_C(0x88E983E31B0E95A5) }, ++ { UINT64_C(0x8189F11460CBF838), UINT64_C(0x77190697771DC46B), ++ UINT64_C(0x775775A227F8EC1A), UINT64_C(0x7A125240607E3739), ++ UINT64_C(0xAFAE84E74F793E4E), UINT64_C(0x44FA17F35BF5BAF4) } }, ++ { { UINT64_C(0xA21E69A5D03AC439), UINT64_C(0x2069C5FC88AA8094), ++ UINT64_C(0xB041EEA78C08F206), UINT64_C(0x55B9D4613D65B8ED), ++ UINT64_C(0x951EA25CD392C7C4), UINT64_C(0x4B9A1CEC9D166232) }, ++ { UINT64_C(0xC184FCD8FCF931A4), UINT64_C(0xBA59AD44063AD374), ++ UINT64_C(0x1868AD2A1AA9796F), UINT64_C(0x38A34018DFF29832), ++ UINT64_C(0x01FC880103DF8070), UINT64_C(0x1282CCE048DD334A) } }, ++ { { UINT64_C(0x76AA955726D8503C), UINT64_C(0xBE962B636BC3E3D0), ++ UINT64_C(0xF5CA93E597DE8841), UINT64_C(0x1561B05EAF3F2C16), ++ UINT64_C(0x34BE00AAD34BFF98), UINT64_C(0xEA21E6E9D23D2925) }, ++ { UINT64_C(0x55713230394C3AFB), UINT64_C(0xEAF0529BD6C8BECA), ++ UINT64_C(0xFF38A743202B9A11), UINT64_C(0xA13E39FC6D3A398B), ++ UINT64_C(0x8CBD644B86E2615A), UINT64_C(0x92063988191057EC) } }, ++ { { UINT64_C(0x787835CE13F89146), UINT64_C(0x7FCD42CC69446C3F), ++ UINT64_C(0x0DA2AA98840E679D), UINT64_C(0x44F2052318779A1B), ++ UINT64_C(0xE3A3B34FEFBF5935), UINT64_C(0xA5D2CFD0B9947B70) }, ++ { UINT64_C(0xAE2AF4EF27F4E16F), UINT64_C(0xA7FA70D2B9D21322), ++ UINT64_C(0x68084919B3FD566B), UINT64_C(0xF04D71C8D7AAD6AB), ++ UINT64_C(0xDBEA21E410BC4260), UINT64_C(0xAA7DC6658D949B42) } }, ++ { { UINT64_C(0xD8E958A06CCB8213), UINT64_C(0x118D9DB991900B54), ++ UINT64_C(0x09BB9D4985E8CED6), UINT64_C(0x410E9FB524019281), ++ UINT64_C(0x3B31B4E16D74C86E), UINT64_C(0x52BC0252020BB77D) }, ++ { UINT64_C(0x5616A26F27092CE4), UINT64_C(0x67774DBCA08F65CD), ++ UINT64_C(0x560AD494C08BD569), UINT64_C(0xBE26DA36AD498783), ++ UINT64_C(0x0276C8AB7F019C91), UINT64_C(0x09843ADA5248266E) } }, ++ { { UINT64_C(0xA0AE88A77D963CF2), UINT64_C(0x91EF8986D0E84920), ++ UINT64_C(0xC7EFE344F8C58104), UINT64_C(0x0A25D9FDECA20773), ++ UINT64_C(0x9D989FAA00D8F1D5), UINT64_C(0x4204C8CEC8B06264) }, ++ { UINT64_C(0x717C12E0BE1A2796), UINT64_C(0x1FA4BA8CC190C728), ++ UINT64_C(0xA245CA8D8C8A59BA), UINT64_C(0xE3C374757672B935), ++ UINT64_C(0x083D5E402E4D6375), UINT64_C(0x0B8D5AB35455E16E) } }, ++ { { UINT64_C(0x1DB17DBFEED765D4), UINT64_C(0xBBC9B1BEA5DDB965), ++ UINT64_C(0x1948F76DDFC12ABC), UINT64_C(0x2C2714E5134EF489), ++ UINT64_C(0x60CE2EE8741C600F), UINT64_C(0x32396F22F80E6E63) }, ++ { UINT64_C(0x421DAC7522537F59), UINT64_C(0x58FB73C649475DF5), ++ UINT64_C(0x0ABF28856F18F1C7), UINT64_C(0x364744689A398D16), ++ UINT64_C(0x87A661A7BF673B87), UINT64_C(0x3E80698F73819E17) } }, ++ { { UINT64_C(0xDFE4979353784CC4), UINT64_C(0x4280EAB0486D508F), ++ UINT64_C(0x119593FFE534F5A4), UINT64_C(0x98AEFADD9F63242F), ++ UINT64_C(0x9AE6A24AC4829CAE), UINT64_C(0xF2373CA558E8BA80) }, ++ { UINT64_C(0x4017AF7E51765FB3), UINT64_C(0xD1E40F7CAF4AEC4B), ++ UINT64_C(0x87372C7A0898E3BC), UINT64_C(0x688982B285452CA9), ++ UINT64_C(0x71E0B4BFB1E50BCA), UINT64_C(0x21FD2DBFF70E714A) } }, ++ { { UINT64_C(0xEE6E8820FB78DDAC), UINT64_C(0x0BAED29C063892CD), ++ UINT64_C(0x5F33049C28C0588D), UINT64_C(0x90C2515E18DBC432), ++ UINT64_C(0xB8A1B1433B4CB0BD), UINT64_C(0x0AB5C0C968103043) }, ++ { UINT64_C(0xF3788FA04005EC40), UINT64_C(0x82571C99039EE115), ++ UINT64_C(0xEE8FCED593260BED), UINT64_C(0x5A9BAF7910836D18), ++ UINT64_C(0x7C258B09C46AA4F6), UINT64_C(0x46ECC5E837F53D31) } }, ++ { { UINT64_C(0xFA32C0DCBFE0DD98), UINT64_C(0x66EFAFC4962B1066), ++ UINT64_C(0xBA81D33E64BDF5EB), UINT64_C(0x36C28536FC7FC512), ++ UINT64_C(0x0C95176BE0B4FA97), UINT64_C(0x47DDE29B3B9BC64A) }, ++ { UINT64_C(0x08D986FD5C173B36), UINT64_C(0x46D84B526CF3F28C), ++ UINT64_C(0x6F6ED6C3F026BDB9), UINT64_C(0xAC90668B68206DC5), ++ UINT64_C(0xE8ED5D98ECBE4E70), UINT64_C(0xCFFF61DDDC1A6974) } }, ++ { { UINT64_C(0xFF5C3A2977B1A5C1), UINT64_C(0x10C27E4A0DDF995D), ++ UINT64_C(0xCB745F77E23363E3), UINT64_C(0xD765DF6F32F399A3), ++ UINT64_C(0xF0CA0C2F8A99E109), UINT64_C(0xC3A6BFB71E025CA0) }, ++ { UINT64_C(0x830B2C0A4F9D9FA5), UINT64_C(0xAE914CACBD1A84E5), ++ UINT64_C(0x30B35ED8A4FEBCC1), UINT64_C(0xCB902B4684CFBF2E), ++ UINT64_C(0x0BD4762825FC6375), UINT64_C(0xA858A53C85509D04) } }, ++ { { UINT64_C(0x8B995D0C552E0A3F), UINT64_C(0xEDBD4E9417BE9FF7), ++ UINT64_C(0x3432E83995085178), UINT64_C(0x0FE5C18180C256F5), ++ UINT64_C(0x05A64EA8EBF9597C), UINT64_C(0x6ED44BB13F80371F) }, ++ { UINT64_C(0x6A29A05EFE4C12EE), UINT64_C(0x3E436A43E0BB83B3), ++ UINT64_C(0x38365D9A74D72921), UINT64_C(0x3F5EE823C38E1ED7), ++ UINT64_C(0x09A53213E8FA063F), UINT64_C(0x1E7FE47AB435E713) } }, ++ { { UINT64_C(0xE4D9BC94FDDD17F3), UINT64_C(0xC74B8FEDC1016C20), ++ UINT64_C(0x095DE39BB49C060E), UINT64_C(0xDBCC67958AC0DF00), ++ UINT64_C(0x4CF6BAEB1C34F4DF), UINT64_C(0x72C55C21E8390170) }, ++ { UINT64_C(0x4F17BFD2F6C48E79), UINT64_C(0x18BF4DA0017A80BA), ++ UINT64_C(0xCF51D829BCF4B138), UINT64_C(0x598AEE5FF48F8B0D), ++ UINT64_C(0x83FAEE5620F10809), UINT64_C(0x4615D4DC779F0850) } }, ++ }, ++ { ++ { { UINT64_C(0x22313DEE5852B59B), UINT64_C(0x6F56C8E8B6A0B37F), ++ UINT64_C(0x43D6EEAEA76EC380), UINT64_C(0xA16551360275AD36), ++ UINT64_C(0xE5C1B65ADF095BDA), UINT64_C(0xBD1FFA8D367C44B0) }, ++ { UINT64_C(0xE2B419C26B48AF2B), UINT64_C(0x57BBBD973DA194C8), ++ UINT64_C(0xB5FBE51FA2BAFF05), UINT64_C(0xA0594D706269B5D0), ++ UINT64_C(0x0B07B70523E8D667), UINT64_C(0xAE1976B563E016E7) } }, ++ { { UINT64_C(0x2FDE4893FBECAAAE), UINT64_C(0x444346DE30332229), ++ UINT64_C(0x157B8A5B09456ED5), UINT64_C(0x73606A7925797C6C), ++ UINT64_C(0xA9D0F47C33C14C06), UINT64_C(0x7BC8962CFAF971CA) }, ++ { UINT64_C(0x6E763C5165909DFD), UINT64_C(0x1BBBE41B14A9BF42), ++ UINT64_C(0xD95B7ECBC49E9EFC), UINT64_C(0x0C317927B38F2B59), ++ UINT64_C(0x97912B53B3C397DB), UINT64_C(0xCB3879AA45C7ABC7) } }, ++ { { UINT64_C(0xCD81BDCF24359B81), UINT64_C(0x6FD326E2DB4C321C), ++ UINT64_C(0x4CB0228BF8EBE39C), UINT64_C(0x496A9DCEB2CDD852), ++ UINT64_C(0x0F115A1AD0E9B3AF), UINT64_C(0xAA08BF36D8EEEF8A) }, ++ { UINT64_C(0x5232A51506E5E739), UINT64_C(0x21FAE9D58407A551), ++ UINT64_C(0x289D18B08994B4E8), UINT64_C(0xB4E346A809097A52), ++ UINT64_C(0xC641510F324621D0), UINT64_C(0xC567FD4A95A41AB8) } }, ++ { { UINT64_C(0x261578C7D57C8DE9), UINT64_C(0xB9BC491F3836C5C8), ++ UINT64_C(0x993266B414C8038F), UINT64_C(0xBACAD755FAA7CC39), ++ UINT64_C(0x418C4DEFD69B7E27), UINT64_C(0x53FDC5CDAE751533) }, ++ { UINT64_C(0x6F3BD329C3EEA63A), UINT64_C(0xA7A22091E53DD29E), ++ UINT64_C(0xB7164F73DC4C54EC), UINT64_C(0xCA66290D44D3D74E), ++ UINT64_C(0xF77C62424C9EA511), UINT64_C(0x34337F551F714C49) } }, ++ { { UINT64_C(0x5ED2B216A64B6C4B), UINT64_C(0x1C38794F3AAE640D), ++ UINT64_C(0x30BBAEE08905794F), UINT64_C(0x0D9EE41EC8699CFB), ++ UINT64_C(0xAF38DAF2CF7B7C29), UINT64_C(0x0D6A05CA43E53513) }, ++ { UINT64_C(0xBE96C6442606AB56), UINT64_C(0x13E7A072E9EB9734), ++ UINT64_C(0xF96694455FF50CD7), UINT64_C(0x68EF26B547DA6F1D), ++ UINT64_C(0xF002873823687CB7), UINT64_C(0x5ED9C8766217C1CE) } }, ++ { { UINT64_C(0x423BA5130A3A9691), UINT64_C(0xF421B1E7B3179296), ++ UINT64_C(0x6B51BCDB1A871E1B), UINT64_C(0x6E3BB5B5464E4300), ++ UINT64_C(0x24171E2EFC6C54CC), UINT64_C(0xA9DFA947D3E58DC2) }, ++ { UINT64_C(0x175B33099DE9CFA7), UINT64_C(0x707B25292D1015DA), ++ UINT64_C(0xCBB95F17993EA65A), UINT64_C(0x935150630447450D), ++ UINT64_C(0x0F47B2051B2753C9), UINT64_C(0x4A0BAB14E7D427CF) } }, ++ { { UINT64_C(0xA39DEF39B5AA7CA1), UINT64_C(0x591CB173C47C33DF), ++ UINT64_C(0xA09DAC796BBAB872), UINT64_C(0x3EF9D7CF7208BA2F), ++ UINT64_C(0x3CC189317A0A34FC), UINT64_C(0xAE31C62BBCC3380F) }, ++ { UINT64_C(0xD72A67940287C0B4), UINT64_C(0x3373382C68E334F1), ++ UINT64_C(0xD0310CA8BD20C6A6), UINT64_C(0xA2734B8742C033FD), ++ UINT64_C(0xA5D390F18DCE4509), UINT64_C(0xFC84E74B3E1AFCB5) } }, ++ { { UINT64_C(0xB028334DF2CD8A9C), UINT64_C(0xB8719291570F76F6), ++ UINT64_C(0x662A386E01065A2D), UINT64_C(0xDF1634CB53D940AE), ++ UINT64_C(0x625A7B838F5B41F9), UINT64_C(0xA033E4FEEE6AA1B4) }, ++ { UINT64_C(0x51E9D4631E42BABB), UINT64_C(0x660BC2E40D388468), ++ UINT64_C(0x3F702189FCBB114A), UINT64_C(0x6B46FE35B414CA78), ++ UINT64_C(0x328F6CF24A57316B), UINT64_C(0x917423B5381AD156) } }, ++ { { UINT64_C(0xAC19306E5373A607), UINT64_C(0x471DF8E3191D0969), ++ UINT64_C(0x380ADE35B9720D83), UINT64_C(0x7423FDF548F1FD5C), ++ UINT64_C(0x8B090C9F49CABC95), UINT64_C(0xB768E8CDC9842F2F) }, ++ { UINT64_C(0x399F456DE56162D6), UINT64_C(0xBB6BA2404F326791), ++ UINT64_C(0x8F4FBA3B342590BE), UINT64_C(0x053986B93DFB6B3E), ++ UINT64_C(0xBB6739F1190C7425), UINT64_C(0x32D4A55332F7E95F) } }, ++ { { UINT64_C(0x0205A0EC0DDBFB21), UINT64_C(0x3010327D33AC3407), ++ UINT64_C(0xCF2F4DB33348999B), UINT64_C(0x660DB9F41551604A), ++ UINT64_C(0xC346C69A5D38D335), UINT64_C(0x64AAB3D338882479) }, ++ { UINT64_C(0xA096B5E76AE44403), UINT64_C(0x6B4C9571645F76CD), ++ UINT64_C(0x72E1CD5F4711120F), UINT64_C(0x93EC42ACF27CC3E1), ++ UINT64_C(0x2D18D004A72ABB12), UINT64_C(0x232E9568C9841A04) } }, ++ { { UINT64_C(0xFF01DB223CC7F908), UINT64_C(0x9F214F8FD13CDD3B), ++ UINT64_C(0x38DADBB7E0B014B5), UINT64_C(0x2C548CCC94245C95), ++ UINT64_C(0x714BE331809AFCE3), UINT64_C(0xBCC644109BFE957E) }, ++ { UINT64_C(0xC21C2D215B957F80), UINT64_C(0xBA2D4FDCBB8A4C42), ++ UINT64_C(0xFA6CD4AF74817CEC), UINT64_C(0x9E7FB523C528EAD6), ++ UINT64_C(0xAED781FF7714B10E), UINT64_C(0xB52BB59294F04455) } }, ++ { { UINT64_C(0xA578BD69868CC68B), UINT64_C(0xA40FDC8D603F2C08), ++ UINT64_C(0x53D79BD12D81B042), UINT64_C(0x1B136AF3A7587EAB), ++ UINT64_C(0x1ED4F939868A16DB), UINT64_C(0x775A61FBD0B98273) }, ++ { UINT64_C(0xBA5C12A6E56BEF8C), UINT64_C(0xF926CE52DDDC8595), ++ UINT64_C(0xA13F5C8F586FE1F8), UINT64_C(0xEAC9F7F2060DBB54), ++ UINT64_C(0x70C0AC3A51AF4342), UINT64_C(0xC16E303C79CDA450) } }, ++ { { UINT64_C(0xD0DADD6C8113F4EA), UINT64_C(0xF14E392207BDF09F), ++ UINT64_C(0x3FE5E9C2AA7D877C), UINT64_C(0x9EA95C1948779264), ++ UINT64_C(0xE93F65A74FCB8344), UINT64_C(0x9F40837E76D925A4) }, ++ { UINT64_C(0x0EA6DA3F8271FFC7), UINT64_C(0x557FA529CC8F9B19), ++ UINT64_C(0x2613DBF178E6DDFD), UINT64_C(0x7A7523B836B1E954), ++ UINT64_C(0x20EB3168406A87FB), UINT64_C(0x64C21C1403ABA56A) } }, ++ { { UINT64_C(0xE86C9C2DC032DD5F), UINT64_C(0x158CEB8E86F16A21), ++ UINT64_C(0x0279FF5368326AF1), UINT64_C(0x1FFE2E2B59F12BA5), ++ UINT64_C(0xD75A46DB86826D45), UINT64_C(0xE19B48411E33E6AC) }, ++ { UINT64_C(0x5F0CC5240E52991C), UINT64_C(0x645871F98B116286), ++ UINT64_C(0xAB3B4B1EFCAEC5D3), UINT64_C(0x994C8DF051D0F698), ++ UINT64_C(0x06F890AFE5D13040), UINT64_C(0x72D9DC235F96C7C2) } }, ++ { { UINT64_C(0x7C018DEEE7886A80), UINT64_C(0xFA2093308786E4A3), ++ UINT64_C(0xCEC8E2A3A4415CA1), UINT64_C(0x5C736FC1CC83CC60), ++ UINT64_C(0xFEF9788CF00C259F), UINT64_C(0xED5C01CBDD29A6AD) }, ++ { UINT64_C(0x87834A033E20825B), UINT64_C(0x13B1239D123F9358), ++ UINT64_C(0x7E8869D0FBC286C1), UINT64_C(0xC4AB5AA324CE8609), ++ UINT64_C(0x38716BEEB6349208), UINT64_C(0x0BDF4F99B322AE21) } }, ++ { { UINT64_C(0x6B97A2BF53E3494B), UINT64_C(0xA8AA05C570F7A13E), ++ UINT64_C(0x209709C2F1305B51), UINT64_C(0x57B31888DAB76F2C), ++ UINT64_C(0x75B2ECD7AA2A406A), UINT64_C(0x88801A00A35374A4) }, ++ { UINT64_C(0xE1458D1C45C0471B), UINT64_C(0x5760E306322C1AB0), ++ UINT64_C(0x789A0AF1AD6AB0A6), UINT64_C(0x74398DE1F458B9CE), ++ UINT64_C(0x1652FF9F32E0C65F), UINT64_C(0xFAF1F9D5FFFB3A52) } }, ++ }, ++ { ++ { { UINT64_C(0xA05C751CD1D1B007), UINT64_C(0x016C213B0213E478), ++ UINT64_C(0x9C56E26CF4C98FEE), UINT64_C(0x6084F8B9E7B3A7C7), ++ UINT64_C(0xA0B042F6DECC1646), UINT64_C(0x4A6F3C1AFBF3A0BC) }, ++ { UINT64_C(0x94524C2C51C9F909), UINT64_C(0xF3B3AD403A6D3748), ++ UINT64_C(0x18792D6E7CE1F9F5), UINT64_C(0x8EBC2FD7FC0C34FA), ++ UINT64_C(0x032A9F41780A1693), UINT64_C(0x34F9801E56A60019) } }, ++ { { UINT64_C(0xB398290CF0DB3751), UINT64_C(0x01170580BA42C976), ++ UINT64_C(0x3E71AA2956560B89), UINT64_C(0x80817AAC50E6647B), ++ UINT64_C(0x35C833ADA0BE42DA), UINT64_C(0xFA3C6148F1BABA4E) }, ++ { UINT64_C(0xC57BE645CD8F6253), UINT64_C(0x77CEE46BC657AD0D), ++ UINT64_C(0x830077310DEFD908), UINT64_C(0x92FE9BCE899CBA56), ++ UINT64_C(0x48450EC4BCEFFB5A), UINT64_C(0xE615148DF2F5F4BF) } }, ++ { { UINT64_C(0xF55EDABB90B86166), UINT64_C(0x27F7D784075430A2), ++ UINT64_C(0xF53E822B9BF17161), UINT64_C(0x4A5B3B93AFE808DC), ++ UINT64_C(0x590BBBDED7272F55), UINT64_C(0x233D63FAEAEA79A1) }, ++ { UINT64_C(0xD7042BEAFE1EBA07), UINT64_C(0xD2B9AEA010750D7E), ++ UINT64_C(0xD8D1E69031078AA5), UINT64_C(0x9E837F187E37BC8B), ++ UINT64_C(0x9558FF4F85008975), UINT64_C(0x93EDB837421FE867) } }, ++ { { UINT64_C(0xAA6489DF83D55B5A), UINT64_C(0xEA092E4986BF27F7), ++ UINT64_C(0x4D8943A95FA2EFEC), UINT64_C(0xC9BAAE53720E1A8C), ++ UINT64_C(0xC055444B95A4F8A3), UINT64_C(0x93BD01E8A7C1206B) }, ++ { UINT64_C(0xD97765B6714A27DF), UINT64_C(0xD622D954193F1B16), ++ UINT64_C(0x115CC35AF1503B15), UINT64_C(0x1DD5359FA9FA21F8), ++ UINT64_C(0x197C32996DFED1F1), UINT64_C(0xDEE8B7C9F77F2679) } }, ++ { { UINT64_C(0x5405179F394FD855), UINT64_C(0xC9D6E24449FDFB33), ++ UINT64_C(0x70EBCAB4BD903393), UINT64_C(0x0D3A3899A2C56780), ++ UINT64_C(0x012C7256683D1A0A), UINT64_C(0xC688FC8880A48F3B) }, ++ { UINT64_C(0x180957546F7DF527), UINT64_C(0x9E339B4B71315D16), ++ UINT64_C(0x90560C28A956BB12), UINT64_C(0x2BECEA60D42EEE8D), ++ UINT64_C(0x82AEB9A750632653), UINT64_C(0xED34353EDFA5CD6A) } }, ++ { { UINT64_C(0x82154D2C91AECCE4), UINT64_C(0x312C60705041887F), ++ UINT64_C(0xECF589F3FB9FBD71), UINT64_C(0x67660A7DB524BDE4), ++ UINT64_C(0xE99B029D724ACF23), UINT64_C(0xDF06E4AF6D1CD891) }, ++ { UINT64_C(0x07806CB580EE304D), UINT64_C(0x0C70BB9F7443A8F8), ++ UINT64_C(0x01EC341408B0830A), UINT64_C(0xFD7B63C35A81510B), ++ UINT64_C(0xE90A0A39453B5F93), UINT64_C(0xAB700F8F9BC71725) } }, ++ { { UINT64_C(0x9401AEC2B9F00793), UINT64_C(0x064EC4F4B997F0BF), ++ UINT64_C(0xDC0CC1FD849240C8), UINT64_C(0x39A75F37B6E92D72), ++ UINT64_C(0xAA43CA5D0224A4AB), UINT64_C(0x9C4D632554614C47) }, ++ { UINT64_C(0x1767366FC6709DA3), UINT64_C(0xA6B482D123479232), ++ UINT64_C(0x54DC6DDC84D63E85), UINT64_C(0x0ACCB5ADC99D3B9E), ++ UINT64_C(0x211716BBE8AA3ABF), UINT64_C(0xD0FE25AD69EC6406) } }, ++ { { UINT64_C(0x0D5C1769DF85C705), UINT64_C(0x7086C93DA409DCD1), ++ UINT64_C(0x9710839D0E8D75D8), UINT64_C(0x17B7DB75EBDD4177), ++ UINT64_C(0xAF69EB58F649A809), UINT64_C(0x6EF19EA28A84E220) }, ++ { UINT64_C(0x36EB5C6665C278B2), UINT64_C(0xD2A1512881EA9D65), ++ UINT64_C(0x4FCBA840769300AD), UINT64_C(0xC2052CCDC8E536E5), ++ UINT64_C(0x9CAEE014AC263B8F), UINT64_C(0x56F7ED7AF9239663) } }, ++ { { UINT64_C(0xF6FA251FAC9E09E1), UINT64_C(0xA3775605955A2853), ++ UINT64_C(0x977B8D21F2A4BD78), UINT64_C(0xF68AA7FF3E096410), ++ UINT64_C(0x01AB055265F88419), UINT64_C(0xC4C8D77EBB93F64E) }, ++ { UINT64_C(0x718251113451FE64), UINT64_C(0xFA0F905B46F9BAF0), ++ UINT64_C(0x79BE3BF3CA49EF1A), UINT64_C(0x831109B26CB02071), ++ UINT64_C(0x765F935FC4DDBFE5), UINT64_C(0x6F99CD1480E5A3BA) } }, ++ { { UINT64_C(0xD2E8DA04234F91FF), UINT64_C(0x4DED4D6D813867AA), ++ UINT64_C(0x3B50175DE0A0D945), UINT64_C(0x55AC74064EB78137), ++ UINT64_C(0xE9FA7F6EE1D47730), UINT64_C(0x2C1715315CBF2176) }, ++ { UINT64_C(0xA521788F2BE7A47D), UINT64_C(0x95B15A273FCF1AB3), ++ UINT64_C(0xAADA6401F28A946A), UINT64_C(0x628B2EF48B4E898B), ++ UINT64_C(0x0E6F46296D6592CC), UINT64_C(0x997C7094A723CADD) } }, ++ { { UINT64_C(0x878BCE116AFE80C6), UINT64_C(0xA89ABC9D007BBA38), ++ UINT64_C(0xB0C1F87BA7CC267F), UINT64_C(0x86D33B9D5104FF04), ++ UINT64_C(0xB0504B1B2EF1BA42), UINT64_C(0x21693048B2827E88) }, ++ { UINT64_C(0x11F1CCD579CFCD14), UINT64_C(0x59C09FFA94AD227E), ++ UINT64_C(0x95A4ADCB3EA91ACF), UINT64_C(0x1346238BB4370BAA), ++ UINT64_C(0xB099D2023E1367B0), UINT64_C(0xCF5BBDE690F23CEA) } }, ++ { { UINT64_C(0x453299BBBCB3BE5E), UINT64_C(0x123C588E38E9FF97), ++ UINT64_C(0x8C115DD9F6A2E521), UINT64_C(0x6E333C11FF7D4B98), ++ UINT64_C(0x9DD061E5DA73E736), UINT64_C(0xC6AB7B3A5CA53056) }, ++ { UINT64_C(0xF1EF3EE35B30A76B), UINT64_C(0xADD6B44A961BA11F), ++ UINT64_C(0x7BB00B752CA6E030), UINT64_C(0x270272E82FE270AD), ++ UINT64_C(0x23BC6F4F241A9239), UINT64_C(0x88581E130BB94A94) } }, ++ { { UINT64_C(0xBD225A6924EEF67F), UINT64_C(0x7CFD96140412CEB7), ++ UINT64_C(0xF6DE167999AC298E), UINT64_C(0xB20FD895ED6C3571), ++ UINT64_C(0x03C73B7861836C56), UINT64_C(0xEE3C3A16ABA6CB34) }, ++ { UINT64_C(0x9E8C56674138408A), UINT64_C(0xEC25FCB12DD6EBDF), ++ UINT64_C(0xC54C33FDDBBDF6E3), UINT64_C(0x93E0913B4A3C9DD4), ++ UINT64_C(0x66D7D13535EDEED4), UINT64_C(0xD29A36C4453FB66E) } }, ++ { { UINT64_C(0x7F192F039F1943AF), UINT64_C(0x6488163F4E0B5FB0), ++ UINT64_C(0x66A45C6953599226), UINT64_C(0x924E2E439AD15A73), ++ UINT64_C(0x8B553DB742A99D76), UINT64_C(0x4BC6B53B0451F521) }, ++ { UINT64_C(0xC029B5EF101F8AD6), UINT64_C(0x6A4DA71CC507EED9), ++ UINT64_C(0x3ADFAEC030BB22F3), UINT64_C(0x81BCAF7AB514F85B), ++ UINT64_C(0x2E1E6EFF5A7E60D3), UINT64_C(0x5270ABC0AE39D42F) } }, ++ { { UINT64_C(0x86D56DEB3901F0F8), UINT64_C(0x1D0BC792EED5F650), ++ UINT64_C(0x1A2DDFD8CA1114A3), UINT64_C(0x94ABF4B1F1DD316D), ++ UINT64_C(0xF72179E43D9F18EF), UINT64_C(0x52A0921E9AA2CABF) }, ++ { UINT64_C(0xECDA9E27A7452883), UINT64_C(0x7E90850AAFD771B4), ++ UINT64_C(0xD40F87EA9CC0465C), UINT64_C(0x8CFCB60A865CDA36), ++ UINT64_C(0x3DBEC2CC7C650942), UINT64_C(0x071A4EE7E718CA9D) } }, ++ { { UINT64_C(0x73C0E4FF276AC5F3), UINT64_C(0xE7BA5A6ABDB97EA1), ++ UINT64_C(0x638CA54EC5808398), UINT64_C(0x8258DC82413855E5), ++ UINT64_C(0x35DDD2E957F07614), UINT64_C(0xF98DD6921DC13BF9) }, ++ { UINT64_C(0x3A4C0088F16DCD84), UINT64_C(0xF192EADD833D83F9), ++ UINT64_C(0x3C26C931A6D61D29), UINT64_C(0x589FDD52DE0AD7A1), ++ UINT64_C(0x7CD83DD20442D37F), UINT64_C(0x1E47E777403ECBFC) } }, ++ }, ++ { ++ { { UINT64_C(0x2AF8ED8170D4D7BC), UINT64_C(0xABC3E15FB632435C), ++ UINT64_C(0x4C0E726F78219356), UINT64_C(0x8C1962A1B87254C4), ++ UINT64_C(0x30796A71C9E7691A), UINT64_C(0xD453EF19A75A12EE) }, ++ { UINT64_C(0x535F42C213AE4964), UINT64_C(0x86831C3C0DA9586A), ++ UINT64_C(0xB7F1EF35E39A7A58), UINT64_C(0xA2789AE2D459B91A), ++ UINT64_C(0xEADBCA7F02FD429D), UINT64_C(0x94F215D465290F57) } }, ++ { { UINT64_C(0x37ED2BE51CFB79AC), UINT64_C(0x801946F3E7AF84C3), ++ UINT64_C(0xB061AD8AE77C2F00), UINT64_C(0xE87E1A9A44DE16A8), ++ UINT64_C(0xDF4F57C87EE490FF), UINT64_C(0x4E793B49005993ED) }, ++ { UINT64_C(0xE1036387BCCB593F), UINT64_C(0xF174941195E09B80), ++ UINT64_C(0x59CB20D15AB42F91), UINT64_C(0xA738A18DAC0FF033), ++ UINT64_C(0xDA501A2E2AC1E7F4), UINT64_C(0x1B67EDA084D8A6E0) } }, ++ { { UINT64_C(0x1D27EFCE1080E90B), UINT64_C(0xA28152463FD01DC6), ++ UINT64_C(0x99A3FB83CAA26D18), UINT64_C(0xD27E6133B82BABBE), ++ UINT64_C(0x61030DFDD783DD60), UINT64_C(0x295A291373C78CB8) }, ++ { UINT64_C(0x8707A2CF68BE6A92), UINT64_C(0xC9C2FB98EEB3474A), ++ UINT64_C(0x7C3FD412A2B176B8), UINT64_C(0xD5B52E2FC7202101), ++ UINT64_C(0x24A63030F0A6D536), UINT64_C(0x05842DE304648EC0) } }, ++ { { UINT64_C(0x67477CDC30577AC9), UINT64_C(0x51DD9775244F92A8), ++ UINT64_C(0x31FD60B9917EEC66), UINT64_C(0xACD95BD4D66C5C1D), ++ UINT64_C(0x2E0551F3BF9508BA), UINT64_C(0x121168E1688CB243) }, ++ { UINT64_C(0x8C0397404540D230), UINT64_C(0xC4ED3CF6009ECDF9), ++ UINT64_C(0x191825E144DB62AF), UINT64_C(0x3EE8ACABC4A030DA), ++ UINT64_C(0x8AB154A894081504), UINT64_C(0x1FE09E4B486C9CD0) } }, ++ { { UINT64_C(0x512F82F9D113450B), UINT64_C(0x5878C9012DBC9197), ++ UINT64_C(0xDB87412BE13F355B), UINT64_C(0x0A0A4A9B935B8A5E), ++ UINT64_C(0x818587BDF25A5351), UINT64_C(0xE807931031E3D9C7) }, ++ { UINT64_C(0x8B1D47C7611BC1B1), UINT64_C(0x51722B5872A823F2), ++ UINT64_C(0x6F97EE8A53B36B3E), UINT64_C(0x6E085AAC946DD453), ++ UINT64_C(0x2EC5057DE65E6533), UINT64_C(0xF82D9D714BB18801) } }, ++ { { UINT64_C(0xAD81FA938BA5AA8E), UINT64_C(0x723E628E8F7AA69E), ++ UINT64_C(0x0BA7C2DEEF35937C), UINT64_C(0x83A43EC56DECFB40), ++ UINT64_C(0xF520F849E60C4F2D), UINT64_C(0x8260E8AE457E3B5E) }, ++ { UINT64_C(0x7CE874F0BF1D9ED7), UINT64_C(0x5FDE35537F1A5466), ++ UINT64_C(0x5A63777C0C162DBB), UINT64_C(0x0FD04F8CDAD87289), ++ UINT64_C(0xCA2D9E0E640761D5), UINT64_C(0x4615CFF838501ADB) } }, ++ { { UINT64_C(0x9422789B110B4A25), UINT64_C(0x5C26779F70AD8CC1), ++ UINT64_C(0x4EE6A748EC4F1E14), UINT64_C(0xFB584A0D5C7AB5E0), ++ UINT64_C(0xED1DCB0BFB21EE66), UINT64_C(0xDBED1F0011C6863C) }, ++ { UINT64_C(0xD2969269B1B1D187), UINT64_C(0xF7D0C3F2AFE964E6), ++ UINT64_C(0xE05EE93F12BB865E), UINT64_C(0x1AFB7BEEED79118E), ++ UINT64_C(0x220AF1380F0FE453), UINT64_C(0x1463AA1A52782AB9) } }, ++ { { UINT64_C(0x7C139D56D7DBE5F9), UINT64_C(0xFC16E6110B83685B), ++ UINT64_C(0xFA723C029018463C), UINT64_C(0xC472458C840BF5D7), ++ UINT64_C(0x4D8093590AF07591), UINT64_C(0x418D88303308DFD9) }, ++ { UINT64_C(0x9B381E040C365AE3), UINT64_C(0x3780BF33F8190FD1), ++ UINT64_C(0x45397418DD03E854), UINT64_C(0xA95D030F4E51E491), ++ UINT64_C(0x87C8C686E3286CEA), UINT64_C(0x01C773BF900B5F83) } }, ++ { { UINT64_C(0xDABE347578673B02), UINT64_C(0x4F0F25CEF6E7395E), ++ UINT64_C(0x3117ABB9D181AD45), UINT64_C(0x4B559F88AA13DE0B), ++ UINT64_C(0xFD8EFE78EA7C9745), UINT64_C(0x080600475DD21682) }, ++ { UINT64_C(0xC0F5DE4BD4C86FFC), UINT64_C(0x4BB14B1EF21AB6A2), ++ UINT64_C(0xACB53A6CF50C1D12), UINT64_C(0x46AAC4505CC9162E), ++ UINT64_C(0x049C51E02DE240B6), UINT64_C(0xBB2DC016E383C3B0) } }, ++ { { UINT64_C(0xA3C56AD28E438C92), UINT64_C(0x7C43F98FB2CEAF1A), ++ UINT64_C(0x397C44F7E2150778), UINT64_C(0x48D17AB771A24131), ++ UINT64_C(0xCC5138631E2ACDA9), UINT64_C(0x2C76A55EF0C9BAC9) }, ++ { UINT64_C(0x4D74CDCE7EA4BB7B), UINT64_C(0x834BD5BFB1B3C2BA), ++ UINT64_C(0x46E2911ECCC310A4), UINT64_C(0xD3DE84AA0FC1BF13), ++ UINT64_C(0x27F2892F80A03AD3), UINT64_C(0x85B476203BD2F08B) } }, ++ { { UINT64_C(0xAB1CB818567AF533), UINT64_C(0x273B4537BAC2705A), ++ UINT64_C(0x133066C422C84AB6), UINT64_C(0xC3590DE64830BFC1), ++ UINT64_C(0xEA2978695E4742D0), UINT64_C(0xF6D8C6944F3164C0) }, ++ { UINT64_C(0x09E85F3DC1249588), UINT64_C(0x6C2BB05D4EC64DF7), ++ UINT64_C(0xD267115E8B78000F), UINT64_C(0x07C5D7AEC7E4A316), ++ UINT64_C(0xCB1187BA4619E5BD), UINT64_C(0x57B1D4EFA43F7EEE) } }, ++ { { UINT64_C(0x3618891FC8176A96), UINT64_C(0x62C4B084E5808B97), ++ UINT64_C(0xDE5585464DD95D6E), UINT64_C(0x27A8133E730B2EA4), ++ UINT64_C(0xE07CEEC36AF318A0), UINT64_C(0x0ACC1286CE24FD2C) }, ++ { UINT64_C(0x8A48FE4ADD4D307C), UINT64_C(0x71A9BA9C18CDE0DA), ++ UINT64_C(0x655E2B66D5D79747), UINT64_C(0x409FE856A79AEDC7), ++ UINT64_C(0xC5A9F244D287E5CF), UINT64_C(0xCCE103844E82EC39) } }, ++ { { UINT64_C(0x00675BA7F25D364C), UINT64_C(0x7A7F162968D36BDF), ++ UINT64_C(0x35EC468AA9E23F29), UINT64_C(0xF797AC502D926E6C), ++ UINT64_C(0x639BA4534B4F4376), UINT64_C(0xD71B430F51FF9519) }, ++ { UINT64_C(0xB8C439EC2CF5635C), UINT64_C(0x0CE4C8D181980393), ++ UINT64_C(0x4C5362A964123B15), UINT64_C(0x6E0421E0FFDCF096), ++ UINT64_C(0x624A855F10D1F914), UINT64_C(0x7D8F3AB7614DCD29) } }, ++ { { UINT64_C(0xD9219ADAB3493CE0), UINT64_C(0x971B243A52F09AE5), ++ UINT64_C(0xC16C9BF8E24E3674), UINT64_C(0x026D408DCE68C7CD), ++ UINT64_C(0xF9B33DD9358209E3), UINT64_C(0x02D0595DF3B2A206) }, ++ { UINT64_C(0xBF99427160D15640), UINT64_C(0x6DA7A04E15B5466A), ++ UINT64_C(0x03AA4ED81CADB50D), UINT64_C(0x1548F029129A4253), ++ UINT64_C(0x41741F7EB842865A), UINT64_C(0x859FE0A4A3F88C98) } }, ++ { { UINT64_C(0x80DE085A05FD7553), UINT64_C(0x4A4AB91EB897566B), ++ UINT64_C(0x33BCD4752F1C173F), UINT64_C(0x4E238896C100C013), ++ UINT64_C(0x1C88500DD614B34B), UINT64_C(0x0401C5F6C3BA9E23) }, ++ { UINT64_C(0x8E8003C4D0AF0DE5), UINT64_C(0x19B1DFB59D0DCBB9), ++ UINT64_C(0x4A3640A9EBEF7AB6), UINT64_C(0xEDAFD65B959B15F6), ++ UINT64_C(0x8092EF7F7FB95821), UINT64_C(0xAB8DD52ECE2E45D1) } }, ++ { { UINT64_C(0xD1F2D6B8B9CFE6BF), UINT64_C(0x6358810B00073F6F), ++ UINT64_C(0x5FCE5993D712106E), UINT64_C(0x5EE6B2711C024C91), ++ UINT64_C(0xD0248FF5453DB663), UINT64_C(0xD6D81CB2ADB835E8) }, ++ { UINT64_C(0x8696CFECFDFCB4C7), UINT64_C(0x696B7FCB53BC9045), ++ UINT64_C(0xAB4D3807DDA56981), UINT64_C(0x2F9980521E4B943B), ++ UINT64_C(0x8AA76ADB166B7F18), UINT64_C(0x6393430152A2D7ED) } }, ++ }, ++ { ++ { { UINT64_C(0xBBCCCE39A368EFF6), UINT64_C(0xD8CAABDF8CEB5C43), ++ UINT64_C(0x9EAE35A5D2252FDA), UINT64_C(0xA8F4F20954E7DD49), ++ UINT64_C(0xA56D72A6295100FD), UINT64_C(0x20FC1FE856767727) }, ++ { UINT64_C(0xBF60B2480BBAA5AB), UINT64_C(0xA4F3CE5A313911F2), ++ UINT64_C(0xC2A67AD4B93DAB9C), UINT64_C(0x18CD0ED022D71F39), ++ UINT64_C(0x04380C425F304DB2), UINT64_C(0x26420CBB6729C821) } }, ++ { { UINT64_C(0x26BD07D6BDFBCAE8), UINT64_C(0x10B5173FDF01A80A), ++ UINT64_C(0xD831C5466798B96C), UINT64_C(0x1D6B41081D3F3859), ++ UINT64_C(0x501D38EC991B9EC7), UINT64_C(0x26319283D78431A9) }, ++ { UINT64_C(0x8B85BAF7118B343C), UINT64_C(0x4696CDDD58DEF7D0), ++ UINT64_C(0xEFC7C1107ACDCF58), UINT64_C(0xD9AF415C848D5842), ++ UINT64_C(0x6B5A06BC0AC7FDAC), UINT64_C(0x7D623E0DA344319B) } }, ++ { { UINT64_C(0x4C0D78060C9D3547), UINT64_C(0x993F048DCF2AED47), ++ UINT64_C(0x5217C453E4B57E22), UINT64_C(0xB4669E35F4172B28), ++ UINT64_C(0x509A3CD049F999F8), UINT64_C(0xD19F863287C69D41) }, ++ { UINT64_C(0xE14D01E84C8FDED0), UINT64_C(0x342880FDEAFD9E1C), ++ UINT64_C(0x0E17BFF270DC2BF0), UINT64_C(0x46560B7BC0186400), ++ UINT64_C(0xE28C7B9C49A4DD34), UINT64_C(0x182119160F325D06) } }, ++ { { UINT64_C(0x46D70888D7E02E18), UINT64_C(0x7C806954D9F11FD9), ++ UINT64_C(0xE4948FCA4FBEA271), UINT64_C(0x7D6C7765BD80A9DF), ++ UINT64_C(0x1B470EA6F3871C71), UINT64_C(0xD62DE2448330A570) }, ++ { UINT64_C(0xDAECDDC1C659C3A7), UINT64_C(0x8621E513077F7AFC), ++ UINT64_C(0x56C7CD84CAEEEF13), UINT64_C(0xC60C910FC685A356), ++ UINT64_C(0xE68BC5C59DD93DDC), UINT64_C(0xD904E89FFEB64895) } }, ++ { { UINT64_C(0x75D874FB8BA7917A), UINT64_C(0x18FA7F53FD043BD4), ++ UINT64_C(0x212A0AD71FC3979E), UINT64_C(0x5703A7D95D6EAC0E), ++ UINT64_C(0x222F7188017DEAD5), UINT64_C(0x1EC687B70F6C1817) }, ++ { UINT64_C(0x23412FC3238BACB6), UINT64_C(0xB85D70E954CED154), ++ UINT64_C(0xD4E06722BDA674D0), UINT64_C(0x3EA5F17836F5A0C2), ++ UINT64_C(0x7E7D79CFF5C6D2CA), UINT64_C(0x1FFF94643DBB3C73) } }, ++ { { UINT64_C(0x916E19D0F163E4A8), UINT64_C(0x1E6740E71489DF17), ++ UINT64_C(0x1EAF9723339F3A47), UINT64_C(0x22F0ED1A124B8DAD), ++ UINT64_C(0x39C9166C49C3DD04), UINT64_C(0x628E7FD4CE1E9ACC) }, ++ { UINT64_C(0x124DDF2740031676), UINT64_C(0x002569391EDDB9BE), ++ UINT64_C(0xD39E25E7D360B0DA), UINT64_C(0x6E3015A84AA6C4C9), ++ UINT64_C(0xC6A2F643623EDA09), UINT64_C(0xBEFF2D1250AA99FB) } }, ++ { { UINT64_C(0x1FEEF7CE93EE8089), UINT64_C(0xC6B180BC252DD7BD), ++ UINT64_C(0xA16FB20B1788F051), UINT64_C(0xD86FD392E046ED39), ++ UINT64_C(0xDA0A36119378CE1D), UINT64_C(0x121EF3E7A5F7A61D) }, ++ { UINT64_C(0x94D2206192D13CAE), UINT64_C(0x5076046A77C72E08), ++ UINT64_C(0xF18BC2337D2308B9), UINT64_C(0x004DB3C517F977B1), ++ UINT64_C(0xD05AE3990471C11D), UINT64_C(0x86A2A55785CD1726) } }, ++ { { UINT64_C(0xB8D9B28672107804), UINT64_C(0xB5A7C4133303B79B), ++ UINT64_C(0x927EEF785FA37DED), UINT64_C(0xA1C5CF1EAD67DABA), ++ UINT64_C(0xAA5E3FB27360E7C7), UINT64_C(0x8354E61A0A0C0993) }, ++ { UINT64_C(0x2EC73AF97F5458CC), UINT64_C(0xDE4CB48848474325), ++ UINT64_C(0x2DD134C77209BC69), UINT64_C(0xB70C5567451A2ABE), ++ UINT64_C(0x2CD1B2008E293018), UINT64_C(0x15F8DA7AD33C0D72) } }, ++ { { UINT64_C(0x5DC386D0A8790657), UINT64_C(0xA4FDF676BC4D88BB), ++ UINT64_C(0x1B21F38F48BC6C49), UINT64_C(0xCDCC7FAA543A7003), ++ UINT64_C(0xEA97E7AA8C9CF72C), UINT64_C(0xA6B883F450D938A8) }, ++ { UINT64_C(0x51936F3AA3A10F27), UINT64_C(0x0170785FDECC76BF), ++ UINT64_C(0x7539ECE1908C578A), UINT64_C(0x5D9C8A8E0F3E8C25), ++ UINT64_C(0x8681B43B9E4717A7), UINT64_C(0x94F42507A9D83E39) } }, ++ { { UINT64_C(0xBBE11CA8A55ADDE7), UINT64_C(0x39E6F5CF3BC0896B), ++ UINT64_C(0x1447314E1D2D8D94), UINT64_C(0x45B481255B012F8A), ++ UINT64_C(0x41AD23FA08AD5283), UINT64_C(0x837243E241D13774) }, ++ { UINT64_C(0x1FC0BD9DBADCAA46), UINT64_C(0x8DF164ED26E84CAE), ++ UINT64_C(0x8FF70EC041017176), UINT64_C(0x23AD4BCE5C848BA7), ++ UINT64_C(0x89246FDE97A19CBB), UINT64_C(0xA5EF987B78397991) } }, ++ { { UINT64_C(0x111AF1B74757964D), UINT64_C(0x1D25D351DDBBF258), ++ UINT64_C(0x4161E7767D2B06D6), UINT64_C(0x6EFD26911CAC0C5B), ++ UINT64_C(0x633B95DB211BFAEB), UINT64_C(0x9BEDFA5AE2BDF701) }, ++ { UINT64_C(0xADAC2B0B73E099C8), UINT64_C(0x436F0023BFB16BFF), ++ UINT64_C(0xB91B100230F55854), UINT64_C(0xAF6A2097F4C6C8B7), ++ UINT64_C(0x3FF65CED3AD7B3D9), UINT64_C(0x6FA2626F330E56DF) } }, ++ { { UINT64_C(0x3D28BF2DFFCCFD07), UINT64_C(0x0514F6FFD989603B), ++ UINT64_C(0xB95196295514787A), UINT64_C(0xA1848121C3DB4E9C), ++ UINT64_C(0x47FE2E392A3D4595), UINT64_C(0x506F5D8211B73ED4) }, ++ { UINT64_C(0xA2257AE7A600D8BB), UINT64_C(0xD659DBD10F9F122C), ++ UINT64_C(0xDB0FDC6764DF160F), UINT64_C(0xFF3793397CB19690), ++ UINT64_C(0xDF4366B898E72EC1), UINT64_C(0x97E72BECDF437EB8) } }, ++ { { UINT64_C(0x81DCEA271C81E5D9), UINT64_C(0x7E1B6CDA6717FC49), ++ UINT64_C(0xAA36B3B511EAE80D), UINT64_C(0x1306687C3CD7CBB3), ++ UINT64_C(0xED670235C4E89064), UINT64_C(0x9D3B000958A94760) }, ++ { UINT64_C(0x5A64E158E6A6333C), UINT64_C(0x1A8B4A3649453203), ++ UINT64_C(0xF1CAD7241F77CC21), UINT64_C(0x693EBB4B70518EF7), ++ UINT64_C(0xFB47BD810F39C91A), UINT64_C(0xCFE63DA2FA4BC64B) } }, ++ { { UINT64_C(0x82C1C684EAA66108), UINT64_C(0xE32262184CFE79FC), ++ UINT64_C(0x3F28B72B849C720E), UINT64_C(0x137FB3558FEE1CA8), ++ UINT64_C(0x4D18A9CDE4F90C4E), UINT64_C(0xC0344227CC3E46FA) }, ++ { UINT64_C(0x4FD5C08E79CDA392), UINT64_C(0x65DB20DB8ADC87B5), ++ UINT64_C(0x86F95D5B916C1B84), UINT64_C(0x7EDA387117BB2B7C), ++ UINT64_C(0x18CCF7E7669A533B), UINT64_C(0x5E92421CECAD0E06) } }, ++ { { UINT64_C(0x26063E124174B08B), UINT64_C(0xE621D9BE70DE8E4D), ++ UINT64_C(0xAEA0FD0F5ECDF350), UINT64_C(0x0D9F69E49C20E5C9), ++ UINT64_C(0xD3DADEB90BBE2918), UINT64_C(0xD7B9B5DB58AA2F71) }, ++ { UINT64_C(0x7A971DD73364CAF8), UINT64_C(0x702616A3C25D4BE4), ++ UINT64_C(0xA30F0FA1A9E30071), UINT64_C(0x98AB24385573BC69), ++ UINT64_C(0xCBC63CDF6FEC2E22), UINT64_C(0x965F90EDCC901B9B) } }, ++ { { UINT64_C(0xD53B592D71E15BB3), UINT64_C(0x1F03C0E98820E0D0), ++ UINT64_C(0xCE93947D3CCCB726), UINT64_C(0x2790FEE01D547590), ++ UINT64_C(0x4401D847C59CDD7A), UINT64_C(0x72D69120A926DD9D) }, ++ { UINT64_C(0x38B8F21D4229F289), UINT64_C(0x9F412E407FE978AF), ++ UINT64_C(0xAE07901BCDB59AF1), UINT64_C(0x1E6BE5EBD1D4715E), ++ UINT64_C(0x3715BD8B18C96BEF), UINT64_C(0x4B71F6E6E11B3798) } }, ++ }, ++ { ++ { { UINT64_C(0x11A8FDE5F0CE2DF4), UINT64_C(0xBC70CA3EFA8D26DF), ++ UINT64_C(0x6818C275C74DFE82), UINT64_C(0x2B0294AC38373A50), ++ UINT64_C(0x584C4061E8E5F88F), UINT64_C(0x1C05C1CA7342383A) }, ++ { UINT64_C(0x263895B3911430EC), UINT64_C(0xEF9B0032A5171453), ++ UINT64_C(0x144359DA84DA7F0C), UINT64_C(0x76E3095A924A09F2), ++ UINT64_C(0x612986E3D69AD835), UINT64_C(0x70E03ADA392122AF) } }, ++ { { UINT64_C(0xFEB707EE67AAD17B), UINT64_C(0xBB21B28783042995), ++ UINT64_C(0x26DE16459A0D32BA), UINT64_C(0x9A2FF38A1FFB9266), ++ UINT64_C(0x4E5AD96D8F578B4A), UINT64_C(0x26CC0655883E7443) }, ++ { UINT64_C(0x1D8EECAB2EE9367A), UINT64_C(0x42B84337881DE2F8), ++ UINT64_C(0xE49B2FAED758AE41), UINT64_C(0x6A9A22904A85D867), ++ UINT64_C(0x2FB89DCEE68CBA86), UINT64_C(0xBC2526357F09A982) } }, ++ { { UINT64_C(0xADC794368C61AAAC), UINT64_C(0x24C7FD135E926563), ++ UINT64_C(0xEF9FAAA40406C129), UINT64_C(0xF4E6388C8B658D3C), ++ UINT64_C(0x7262BEB41E435BAF), UINT64_C(0x3BF622CCFDAEAC99) }, ++ { UINT64_C(0xD359F7D84E1AEDDC), UINT64_C(0x05DC4F8CD78C17B7), ++ UINT64_C(0xB18CF03229498BA5), UINT64_C(0xC67388CA85BF35AD), ++ UINT64_C(0x8A7A6AA262AA4BC8), UINT64_C(0x0B8F458E72F4627A) } }, ++ { { UINT64_C(0x3FB812EEC68E4488), UINT64_C(0x53C5EAA460EF7281), ++ UINT64_C(0xE57241838FBEFBE4), UINT64_C(0x2B7D49F4A4B24A05), ++ UINT64_C(0x23B138D0710C0A43), UINT64_C(0x16A5B4C1A85EC1DB) }, ++ { UINT64_C(0x7CC1F3D7305FEB02), UINT64_C(0x52F7947D5B6C1B54), ++ UINT64_C(0x1BDA23128F56981C), UINT64_C(0x68663EAEB4080A01), ++ UINT64_C(0x8DD7BA7E9F999B7F), UINT64_C(0xD8768D19B686580C) } }, ++ { { UINT64_C(0xBCD0E0AD7AFDDA94), UINT64_C(0x95A0DBBE34A30687), ++ UINT64_C(0xBBE3C3DF8C5E2665), UINT64_C(0x742BECD8EBF2BC16), ++ UINT64_C(0x300CEB483FA163A6), UINT64_C(0x0C5D02EE4663354B) }, ++ { UINT64_C(0xE4FB9AD6B5E606A4), UINT64_C(0x93F507B8CF49FF95), ++ UINT64_C(0x9406A90C585C193B), UINT64_C(0xAD1440C14ECF9517), ++ UINT64_C(0x184CB4759CEA53F1), UINT64_C(0x6855C4748EF11302) } }, ++ { { UINT64_C(0x00ECB523EDCAFA52), UINT64_C(0x0DA0AE0E086F69D3), ++ UINT64_C(0xC384DE15C242F347), UINT64_C(0xFB050E6E848C12B7), ++ UINT64_C(0x22F6765464E015CE), UINT64_C(0xCBDC2A487CA122F2) }, ++ { UINT64_C(0xA940D973445FB02C), UINT64_C(0x00F31E783767D89D), ++ UINT64_C(0x2B65A237613DABDD), UINT64_C(0x2BE0AB05C875AE09), ++ UINT64_C(0xB22E54FDBA204F8E), UINT64_C(0x65E2029D0F7687B9) } }, ++ { { UINT64_C(0xFFD825381855A71C), UINT64_C(0x26A330B3438BD8D8), ++ UINT64_C(0x89628311F9D8C5F9), UINT64_C(0x8D5FB9CF953738A0), ++ UINT64_C(0xCB7159C9EDFCD4E5), UINT64_C(0xD64E52302064C7C2) }, ++ { UINT64_C(0xF858ED80689F3CFE), UINT64_C(0x4830E30956128B67), ++ UINT64_C(0x2E1692DAE0E90688), UINT64_C(0xAB818913CA9CC232), ++ UINT64_C(0xE2E30C23A5D229A6), UINT64_C(0xA544E8B10E740E23) } }, ++ { { UINT64_C(0x1C15E569DC61E6CC), UINT64_C(0x8FD7296758FC7800), ++ UINT64_C(0xE61E7DB737A9DFC5), UINT64_C(0x3F34A9C65AFD7822), ++ UINT64_C(0x0A11274219E80773), UINT64_C(0xA353460C4760FC58) }, ++ { UINT64_C(0x2FB7DEEBB3124C71), UINT64_C(0x484636272D4009CC), ++ UINT64_C(0x399D1933C3A10370), UINT64_C(0x7EB1945054388DBD), ++ UINT64_C(0x8ECCE6397C2A006A), UINT64_C(0x3D565DAF55C932A0) } }, ++ { { UINT64_C(0xCEF57A9FD9ADAE53), UINT64_C(0xE2EB27D7F83FD8CD), ++ UINT64_C(0x4AC8F7199BBD2DDE), UINT64_C(0x604283AAE91ABFB7), ++ UINT64_C(0xB6A4E11534799F87), UINT64_C(0x2B253224E4C2A8F3) }, ++ { UINT64_C(0xC34F8B92C8782294), UINT64_C(0xC74D697DFCC2CB6B), ++ UINT64_C(0xD990411BC2C84C46), UINT64_C(0x2807B5C631EA4955), ++ UINT64_C(0x14AE2B93B9EB27F5), UINT64_C(0xF0AE96A76163EDFA) } }, ++ { { UINT64_C(0xA7BDCBB442DB7180), UINT64_C(0xC9FAA41FEDCA752F), ++ UINT64_C(0x147F91B4E820F401), UINT64_C(0x1E6CEF86F5F2645F), ++ UINT64_C(0xB4AB4D7F31FE711D), UINT64_C(0xCE68FB3C743EF882) }, ++ { UINT64_C(0xB9D7D6823EF2FCFF), UINT64_C(0xF6893811020DCAFD), ++ UINT64_C(0x30D9A50CBF81E760), UINT64_C(0x7F247D06B9B87228), ++ UINT64_C(0x143D4FEC5F40CFC0), UINT64_C(0x21D78D73329B2A88) } }, ++ { { UINT64_C(0x06B3FF8AED3F2055), UINT64_C(0x50482C77522BE214), ++ UINT64_C(0x8DF69CD8DDF54620), UINT64_C(0x6D1DB204F78A1165), ++ UINT64_C(0x459AE4A29AFE6BF2), UINT64_C(0xC23A9FFD24AC871E) }, ++ { UINT64_C(0xB7FD22E389E85D81), UINT64_C(0x297F1F6B122E9978), ++ UINT64_C(0xAB283D66144BE1CE), UINT64_C(0xC1F90AC2C00C614E), ++ UINT64_C(0x5465576E3224CD09), UINT64_C(0x8E8D910D441B6059) } }, ++ { { UINT64_C(0xF73A060AAAA228BC), UINT64_C(0xCF1B078356EFF87D), ++ UINT64_C(0x11EF17C0A54C9133), UINT64_C(0x9E476B1576A4DAA5), ++ UINT64_C(0x5624FEAC8018FB92), UINT64_C(0x9826A0FCCFEEC1B9) }, ++ { UINT64_C(0xB732F7FE2DFE2046), UINT64_C(0x9260BD9F3B40DA6A), ++ UINT64_C(0xCC9F908F4F231773), UINT64_C(0x4827FEB9DAFC0D55), ++ UINT64_C(0x07D32E85538ACE95), UINT64_C(0xAD9F897CB8EDAF37) } }, ++ { { UINT64_C(0x2F75B82FE3415498), UINT64_C(0xF99CAC5FF1015F30), ++ UINT64_C(0x766408247D7F25DE), UINT64_C(0x714BC9CDEE74C047), ++ UINT64_C(0x70F847BF07448879), UINT64_C(0xA14481DE072165C0) }, ++ { UINT64_C(0x9BFA59E3DB1140A8), UINT64_C(0x7B9C7FF0FCD13502), ++ UINT64_C(0xF4D7538E68459ABF), UINT64_C(0xED93A791C8FC6AD2), ++ UINT64_C(0xA8BBE2A8B51BD9B2), UINT64_C(0x084B5A279FB34008) } }, ++ { { UINT64_C(0xB3BB9545EB138C84), UINT64_C(0x59C3489C3FC88BFD), ++ UINT64_C(0x3A97FF6385F53EC7), UINT64_C(0x40FDF5A60AA69C3D), ++ UINT64_C(0x0E8CCEC753D19668), UINT64_C(0x0AA72EF933FAA661) }, ++ { UINT64_C(0xF5C5A6CF9B1E684B), UINT64_C(0x630F937131A22EA1), ++ UINT64_C(0x06B2AAC2AC60F7EA), UINT64_C(0xB181CAE25BC37D80), ++ UINT64_C(0x4601A929247B13EA), UINT64_C(0x8A71C3865F739797) } }, ++ { { UINT64_C(0x545387B3AB134786), UINT64_C(0x3179BB061599B64A), ++ UINT64_C(0xB0A6198607593574), UINT64_C(0xC7E39B2163FA7C3B), ++ UINT64_C(0xA1173F8691585D13), UINT64_C(0x09D5CC8ECB9525CD) }, ++ { UINT64_C(0xAAD44FFD8F3A3451), UINT64_C(0x702B04F225820CC5), ++ UINT64_C(0xE90CAC491CB66C17), UINT64_C(0x40F6B547EE161DC4), ++ UINT64_C(0xC08BB8B41BA4AC4E), UINT64_C(0x7DC064FBAE5A6BC1) } }, ++ { { UINT64_C(0x90A5E8719D76DDC7), UINT64_C(0x39DC8FAEEDFC8E2E), ++ UINT64_C(0x98467A235B079C62), UINT64_C(0xE25E378505450C98), ++ UINT64_C(0x2FE23A4D96140083), UINT64_C(0x65CE3B9AE9900312) }, ++ { UINT64_C(0x1D87D0886B72B5D9), UINT64_C(0x72F53220FD9AFC82), ++ UINT64_C(0xC63C7C159E1F71FA), UINT64_C(0x90DF26EA8D449637), ++ UINT64_C(0x97089F40C1C2B215), UINT64_C(0x83AF266442317FAA) } }, ++ }, ++ { ++ { { UINT64_C(0xFA2DB51A8D688E31), UINT64_C(0x225B696CA09C88D4), ++ UINT64_C(0x9F88AF1D6059171F), UINT64_C(0x1C5FEA5E782A0993), ++ UINT64_C(0xE0FB15884EC710D3), UINT64_C(0xFAF372E5D32CE365) }, ++ { UINT64_C(0xD9F896AB26506F45), UINT64_C(0x8D3503388373C724), ++ UINT64_C(0x1B76992DCA6E7342), UINT64_C(0x76338FCA6FD0C08B), ++ UINT64_C(0xC3EA4C65A00F5C23), UINT64_C(0xDFAB29B3B316B35B) } }, ++ { { UINT64_C(0x84E5541F483AEBF9), UINT64_C(0x8ADFF7DC49165772), ++ UINT64_C(0xE0A43AD69BEAAD3C), UINT64_C(0x97DD1820F51C2714), ++ UINT64_C(0xAC2B4CB457EA5B0C), UINT64_C(0x87DBD011D11767CA) }, ++ { UINT64_C(0x18CCF36CBFC7957A), UINT64_C(0xD4A088411BC79227), ++ UINT64_C(0x9811CE43D8D292A8), UINT64_C(0x72C5FC68D58C4EE7), ++ UINT64_C(0x5BC0F0BED35C65A7), UINT64_C(0x0B446DBCCBBF9669) } }, ++ { { UINT64_C(0x7EBA3DA69CEE9BCE), UINT64_C(0x3E2C1248D5377750), ++ UINT64_C(0x8C917D982B93D8B2), UINT64_C(0xCA8FC6AC7CAD1F75), ++ UINT64_C(0x5F581F19A0FF150A), UINT64_C(0x872CC14AE08327FA) }, ++ { UINT64_C(0xC774F187E9333188), UINT64_C(0x528ED4AC497AF7E8), ++ UINT64_C(0xCE036E9B8AD72B10), UINT64_C(0x463F9EBB917986CF), ++ UINT64_C(0xBE5163281325CF9B), UINT64_C(0xD28D5C50DD7E5FEA) } }, ++ { { UINT64_C(0x714C1D1BDD58BBE3), UINT64_C(0x85BA01AE039AFD0F), ++ UINT64_C(0x7F23EA3A6951AC80), UINT64_C(0x5C599290AC00C837), ++ UINT64_C(0xF6EFA2B3BF24CC1B), UINT64_C(0x393D8E421E84462B) }, ++ { UINT64_C(0x9BDA627DF8B89453), UINT64_C(0xE66FFF2EB23E0D1B), ++ UINT64_C(0xD1EE7089C3B94EC2), UINT64_C(0xF75DBA6E3031699A), ++ UINT64_C(0x8FF75F79242B2453), UINT64_C(0xE721EDEB289BFED4) } }, ++ { { UINT64_C(0x083215A1C1390FA8), UINT64_C(0x901D686A6DCE8CE0), ++ UINT64_C(0x4AB1BA62837073FF), UINT64_C(0x10C287AA34BEABA5), ++ UINT64_C(0xB4931AF446985239), UINT64_C(0x07639899B053C4DC) }, ++ { UINT64_C(0x29E7F44DE721EECD), UINT64_C(0x6581718257B3FF48), ++ UINT64_C(0x198542E25054E2E0), UINT64_C(0x923C9E1584616DE8), ++ UINT64_C(0x2A9C15E1AD465BB9), UINT64_C(0xD8D4EFC716319245) } }, ++ { { UINT64_C(0x72DC79439961A674), UINT64_C(0x839A0A52A0E13668), ++ UINT64_C(0xD7A53FA9334945EA), UINT64_C(0xDB21DB77E7AA25DB), ++ UINT64_C(0xB6675A7D66E96DA3), UINT64_C(0x2C31C406E66F33C0) }, ++ { UINT64_C(0x45020B626EC7B9CB), UINT64_C(0xFF46E9CD0391F267), ++ UINT64_C(0x7DABD7440FA2F221), UINT64_C(0x9A32364B9D4A2A3E), ++ UINT64_C(0xF0F84AE852D2E47A), UINT64_C(0xD0B872BB888F488A) } }, ++ { { UINT64_C(0x531E4CEFC9790EEF), UINT64_C(0xF7B5735E2B8D1A58), ++ UINT64_C(0xB8882F1EEF568511), UINT64_C(0xAFB08D1C86A86DB3), ++ UINT64_C(0x88CB9DF2F54DE8C7), UINT64_C(0xA44234F19A683282) }, ++ { UINT64_C(0xBC1B3D3AA6E9AB2E), UINT64_C(0xEFA071FB87FC99EE), ++ UINT64_C(0xFA3C737DA102DC0F), UINT64_C(0xDF3248A6D6A0CBD2), ++ UINT64_C(0x6E62A4FF1ECC1BF4), UINT64_C(0xF718F940C8F1BC17) } }, ++ { { UINT64_C(0x2C8B0AAD4F63F026), UINT64_C(0x2AFF623850B253CC), ++ UINT64_C(0xCAB3E94210C4D122), UINT64_C(0x52B59F0407CD2816), ++ UINT64_C(0x22322803982C41FC), UINT64_C(0x38844E668CF50B19) }, ++ { UINT64_C(0x42A959F7BE3264CD), UINT64_C(0xBDDC24BD6C983524), ++ UINT64_C(0xA489EB0C462B8640), UINT64_C(0xB7C0509298029BE7), ++ UINT64_C(0xD5546B5FA1ADDC64), UINT64_C(0xE7CAC1FCA0C655AF) } }, ++ { { UINT64_C(0x1454719847636F97), UINT64_C(0x6FA67481EBCDCCFF), ++ UINT64_C(0xC164872F395D3258), UINT64_C(0xB8CECAFEEE6ACDBC), ++ UINT64_C(0x3FBFE5F3A933F180), UINT64_C(0xEC20CAC2898C3B1E) }, ++ { UINT64_C(0x6A031BEE87DA73F9), UINT64_C(0xD1E667D15C5AF46E), ++ UINT64_C(0xCB3DC1681DC6EEF9), UINT64_C(0x2DD1BD9433D310C0), ++ UINT64_C(0x0F78D4939207E438), UINT64_C(0xC233D544A99C0E75) } }, ++ { { UINT64_C(0x228F19F19E2A0113), UINT64_C(0x58495BE50E1A5D37), ++ UINT64_C(0x97E08F6938D7F364), UINT64_C(0x1EC3BA3E510759B0), ++ UINT64_C(0x3682F19AE03CD40D), UINT64_C(0xC87745D8F9E16D68) }, ++ { UINT64_C(0xFD527AB509A642EA), UINT64_C(0x6308EEBDF9C81F27), ++ UINT64_C(0xFA9F666C550C5D68), UINT64_C(0xDEBA436F584AB153), ++ UINT64_C(0x1D4861D35B63E939), UINT64_C(0x073BED9BC9850221) } }, ++ { { UINT64_C(0x802BCCF08B171246), UINT64_C(0xFFF7D15A733B072F), ++ UINT64_C(0xEA3862664CBFA4EF), UINT64_C(0x9E5B5073D635946B), ++ UINT64_C(0x16E9A979FA81BE95), UINT64_C(0x41E8716EB14F701F) }, ++ { UINT64_C(0x25782E0F101A6719), UINT64_C(0x442C4875C9D66959), ++ UINT64_C(0x52D845D92B85D153), UINT64_C(0xFF9251382E831117), ++ UINT64_C(0x01B700CC8E02434B), UINT64_C(0xD2DB7F8EEC0BAE3E) } }, ++ { { UINT64_C(0x1B225300966A4872), UINT64_C(0x40C149BE566F537B), ++ UINT64_C(0x3335F4D2CB680021), UINT64_C(0x773D0263778E5F5F), ++ UINT64_C(0x1D9B7602666FA9ED), UINT64_C(0x52490A102E6200CF) }, ++ { UINT64_C(0x8434C7DD961F290B), UINT64_C(0x773AC15664456446), ++ UINT64_C(0x5E2BB78947B712BB), UINT64_C(0xFD3BCBFDBE0974AD), ++ UINT64_C(0x71AE9351791AD5D8), UINT64_C(0x1EE738BA6F4E1400) } }, ++ { { UINT64_C(0x2FA428AB0BE8E26E), UINT64_C(0xFEFF0600BB4CF9FC), ++ UINT64_C(0x76F25CA9B2EA5FB0), UINT64_C(0xAB7FECF06835C5F4), ++ UINT64_C(0x649D077219D5F328), UINT64_C(0xABE7B895ACBCB12E) }, ++ { UINT64_C(0xF2D1031AD69B1EA8), UINT64_C(0x46065D5DC60B0BBB), ++ UINT64_C(0xB0908DC185D798FF), UINT64_C(0x4E2420F0D2C9B18A), ++ UINT64_C(0x6B3A9BDDD30432A2), UINT64_C(0x501C3383C9B134AD) } }, ++ { { UINT64_C(0x608F096798A21284), UINT64_C(0x5361BE86059CCEDE), ++ UINT64_C(0x3A40655CAFD87EF7), UINT64_C(0x03CF311759083AA2), ++ UINT64_C(0x57DB5F61B6C366D9), UINT64_C(0x29DC275B6DD0D232) }, ++ { UINT64_C(0xBDAB24DD8FA67501), UINT64_C(0x5928F77565D08C37), ++ UINT64_C(0x9448A856645D466A), UINT64_C(0x6E6B5E2EC0E927A5), ++ UINT64_C(0xE884D546E80C6871), UINT64_C(0x10C881C953A9A851) } }, ++ { { UINT64_C(0x355053749B627AA5), UINT64_C(0xE7CA1B577976677B), ++ UINT64_C(0x812397124976CE17), UINT64_C(0x96E9080B96DA31B9), ++ UINT64_C(0x458254ABCC64AA1F), UINT64_C(0xFEFF682148E674C9) }, ++ { UINT64_C(0x8772F37A021F1488), UINT64_C(0x2E274E18AB56345C), ++ UINT64_C(0x7C7BE61C29823B76), UINT64_C(0x275DB7B29EEFB39E), ++ UINT64_C(0x83B10ED4BF5CBCEF), UINT64_C(0x40D7F5B4518E5183) } }, ++ { { UINT64_C(0x315CCC01F960B41B), UINT64_C(0x90B417C91D99E722), ++ UINT64_C(0x84AFAA0D013463E0), UINT64_C(0xF133C5D813E6D9E1), ++ UINT64_C(0xD95C6ADC525B7430), UINT64_C(0x082C61AD7A25106A) }, ++ { UINT64_C(0xABC1966DBA1CE179), UINT64_C(0xE0578B77A5DB529A), ++ UINT64_C(0x10988C05EC84107D), UINT64_C(0xFCADE5D71B207F83), ++ UINT64_C(0x0BEB6FDBC5BA83DB), UINT64_C(0x1C39B86D57537E34) } }, ++ }, ++ { ++ { { UINT64_C(0x5B0B5D692A7AECED), UINT64_C(0x4C03450C01DC545F), ++ UINT64_C(0x72AD0A4A404A3458), UINT64_C(0x1DE8E2559F467B60), ++ UINT64_C(0xA4B3570590634809), UINT64_C(0x76F30205706F0178) }, ++ { UINT64_C(0x588D21AB4454F0E5), UINT64_C(0xD22DF54964134928), ++ UINT64_C(0xF4E7E73D241BCD90), UINT64_C(0xB8D8A1D22FACC7CC), ++ UINT64_C(0x483C35A71D25D2A0), UINT64_C(0x7F8D25451EF9F608) } }, ++ { { UINT64_C(0xCB51F03954EBC926), UINT64_C(0xE235D356B8D4A7BB), ++ UINT64_C(0x93C8FAFAB41FE1A6), UINT64_C(0x6297701DA719F254), ++ UINT64_C(0x6E9165BC644F5CDE), UINT64_C(0x6506329D0C11C542) }, ++ { UINT64_C(0xA2564809A92B4250), UINT64_C(0x0E9AC173889C2E3E), ++ UINT64_C(0x286A592622B1D1BE), UINT64_C(0x86A3D7526ECDD041), ++ UINT64_C(0x4B867E0A649F9524), UINT64_C(0x1FE7D95A0629CB0F) } }, ++ { { UINT64_C(0xF4F66843CA5BAF54), UINT64_C(0x298DB357EFE7DB78), ++ UINT64_C(0xF607E86E7365712F), UINT64_C(0xD58822988A822BC0), ++ UINT64_C(0x2CFBD63AC61299B3), UINT64_C(0x6F713D9B67167B1A) }, ++ { UINT64_C(0x750F673FDE0B077A), UINT64_C(0x07482708EE2178DA), ++ UINT64_C(0x5E6D5BD169123C75), UINT64_C(0x6A93D1B6EAB99B37), ++ UINT64_C(0x6EF4F7E68CAEC6A3), UINT64_C(0x7BE411D6CF3ED818) } }, ++ { { UINT64_C(0xF92B307363A0A7D2), UINT64_C(0x32DA431C881DC8CF), ++ UINT64_C(0xE51BD5EDC578E3A3), UINT64_C(0xEFDA70D29587FA22), ++ UINT64_C(0xCFEC17089B2EBA85), UINT64_C(0x6AB51A4BAF7BA530) }, ++ { UINT64_C(0x5AC155AE98174812), UINT64_C(0xCAF07A71CCB076E3), ++ UINT64_C(0x280E86C2C38718A7), UINT64_C(0x9D12DE73D63745B7), ++ UINT64_C(0x0E8EA855BF8A79AA), UINT64_C(0x5EB2BED8BD705BF7) } }, ++ { { UINT64_C(0x33FE9578AE16DE53), UINT64_C(0x3AE85EB510BEC902), ++ UINT64_C(0xC4F4965844AF850E), UINT64_C(0x6EA222B3087DD658), ++ UINT64_C(0xB255E6FDA51F1447), UINT64_C(0xB35E4997117E3F48) }, ++ { UINT64_C(0x562E813B05616CA1), UINT64_C(0xDF5925D68A61E156), ++ UINT64_C(0xB2FA8125571C728B), UINT64_C(0x00864805A2F2D1CF), ++ UINT64_C(0x2DC26F411BCCB6FF), UINT64_C(0xEBD5E09363AE37DD) } }, ++ { { UINT64_C(0xD2D68BB30A285611), UINT64_C(0x3EAE7596DC8378F2), ++ UINT64_C(0x2DC6CCC66CC688A3), UINT64_C(0xC45E5713011F5DFB), ++ UINT64_C(0x6B9C4F6C62D34487), UINT64_C(0xFAD6F0771FC65551) }, ++ { UINT64_C(0x5E3266E062B23B52), UINT64_C(0xF1DAF319E98F4715), ++ UINT64_C(0x064D12EA3ED0AE83), UINT64_C(0x5CCF9326564125CB), ++ UINT64_C(0x09057022C63C1E9F), UINT64_C(0x7171972CDC9B5D2E) } }, ++ { { UINT64_C(0x2364FD9AEABD21B2), UINT64_C(0x3CE5F4BB9174AD6D), ++ UINT64_C(0xA4D6D5D0B38688C0), UINT64_C(0x2292A2D26D87FD7D), ++ UINT64_C(0x2A7D1B534CA02E54), UINT64_C(0x7BEE6E7EB4185715) }, ++ { UINT64_C(0x73E546098FC63ACD), UINT64_C(0xF4D93A124064E09D), ++ UINT64_C(0xD20E157A2B92DAA5), UINT64_C(0x90D125DBC4B81A00), ++ UINT64_C(0xCB951C9E7682DE13), UINT64_C(0x1ABE58F427987545) } }, ++ { { UINT64_C(0x6D35164030C70C8D), UINT64_C(0x8047D811CE2361B8), ++ UINT64_C(0x3F8B3D4FDF8E2C81), UINT64_C(0x5D59547733FA1F6C), ++ UINT64_C(0xF769FE5AE29B8A91), UINT64_C(0x26F0E606D737B2A2) }, ++ { UINT64_C(0x70CBFA5DB8B31C6A), UINT64_C(0x0F883B4A863D3AEA), ++ UINT64_C(0x156A4479E386AE2F), UINT64_C(0xA17A2FCDADE8A684), ++ UINT64_C(0x78BDF958E2A7E335), UINT64_C(0xD1B4E6733B9E3041) } }, ++ { { UINT64_C(0x1EAF48EC449A6D11), UINT64_C(0x6B94B8E46D2FA7B9), ++ UINT64_C(0x1D75D269728E4C1B), UINT64_C(0x91123819DD304E2C), ++ UINT64_C(0x0B34CAE388804F4B), UINT64_C(0x2BA192FBC5495E9A) }, ++ { UINT64_C(0xC93FF6EFFF4D24BF), UINT64_C(0xF8C2C0B00342BA78), ++ UINT64_C(0x8041F769831EB94C), UINT64_C(0x353100747782985E), ++ UINT64_C(0xC755320B3AF84E83), UINT64_C(0x384B6D266F497E7F) } }, ++ { { UINT64_C(0xEF92CD5917E6BD17), UINT64_C(0xA087305BA426965C), ++ UINT64_C(0x13895CE7AC47F773), UINT64_C(0xB85F2A9FE0BB2867), ++ UINT64_C(0x2926E6AA7CD7C58E), UINT64_C(0xE544EDA6450459C5) }, ++ { UINT64_C(0x73DBC351B90A9849), UINT64_C(0x961183F6848EBE86), ++ UINT64_C(0xC45BB21080534712), UINT64_C(0x379D08D7A654D9A3), ++ UINT64_C(0x5B97CEF2BD3FFA9C), UINT64_C(0x0F469F34DDC2FCE5) } }, ++ { { UINT64_C(0x6D1461080642F38D), UINT64_C(0x055171A0D21EB887), ++ UINT64_C(0x28DFFAB4D0DCEB28), UINT64_C(0x0D0E631298DE9CCD), ++ UINT64_C(0x750A9156118C3C3F), UINT64_C(0x8C1F1390B049D799) }, ++ { UINT64_C(0xE4823858439607C5), UINT64_C(0x947E9BA05C111EAB), ++ UINT64_C(0x39C95616A355DF2E), UINT64_C(0xF5F6B98E10E54BDA), ++ UINT64_C(0xB0E0B33D142B876A), UINT64_C(0x71197D73EA18C90C) } }, ++ { { UINT64_C(0x36A5139DF52BE819), UINT64_C(0xF60DDF3429A45D2B), ++ UINT64_C(0x0727EFECE9220E34), UINT64_C(0x431D33864EF7F446), ++ UINT64_C(0xC3165A64FCC4962C), UINT64_C(0xB7D926E1D64362BB) }, ++ { UINT64_C(0x216BC61FD45F9350), UINT64_C(0xA974CB2FBBAED815), ++ UINT64_C(0x31DF342D86FB2F76), UINT64_C(0x3AB67E0501D78314), ++ UINT64_C(0x7AA951E0DEE33ED2), UINT64_C(0x318FBBBDCEC78D94) } }, ++ { { UINT64_C(0xAD7EFB65B8FE0204), UINT64_C(0x0432E1C5230AB7F7), ++ UINT64_C(0x7563A62D9C967400), UINT64_C(0xD88B9C743524D4FF), ++ UINT64_C(0x16A1991CF1A823E3), UINT64_C(0xCF2F9BFEFA6F0FFB) }, ++ { UINT64_C(0x55AAA946A50CA61F), UINT64_C(0x8CBBD3C8FED4CAB3), ++ UINT64_C(0x03A0FAB87651365A), UINT64_C(0x46B5234B62DC3913), ++ UINT64_C(0xFD875B28B558CBBD), UINT64_C(0xA48EC3AE11CEB361) } }, ++ { { UINT64_C(0x5DD131A1B3ADBD8B), UINT64_C(0xF9FBCA3A29B45EF8), ++ UINT64_C(0x022048669341EE18), UINT64_C(0x8D13B89583BF9618), ++ UINT64_C(0x0E395BAEE807459C), UINT64_C(0xB9C110CCB190E7DB) }, ++ { UINT64_C(0xA0DC345225D25063), UINT64_C(0x2FB78EC802371462), ++ UINT64_C(0xC3A9E7BB8975C2D5), UINT64_C(0x9466687285A78264), ++ UINT64_C(0x480D2CC28029AA92), UINT64_C(0x237086C75655726D) } }, ++ { { UINT64_C(0x197F14BB65EB9EEE), UINT64_C(0xFC93125C9F12E5FD), ++ UINT64_C(0x9C20BC538BFBAE5E), UINT64_C(0xB35E21544BC053BA), ++ UINT64_C(0xE5FA9CC721C3898E), UINT64_C(0x502D72FFD42F950F) }, ++ { UINT64_C(0x6812D38AD1EB8C31), UINT64_C(0x1F77F3F1080D30BB), ++ UINT64_C(0x18D128335A8B1E98), UINT64_C(0x7FD39FA9299196CE), ++ UINT64_C(0xFB8C9F11CF4ED6D6), UINT64_C(0x4C00F604D6363194) } }, ++ { { UINT64_C(0x5C8AFCF9FA2A21C2), UINT64_C(0x71CBF2821928D133), ++ UINT64_C(0x56BEF28E42B29506), UINT64_C(0xAFBA250C70323DE2), ++ UINT64_C(0x3FE208D17DED2C30), UINT64_C(0xBD2CD213CE9AA598) }, ++ { UINT64_C(0x52C5EC52CFEED070), UINT64_C(0x0A7223E7D3DA336B), ++ UINT64_C(0x7156A4EDCE156B46), UINT64_C(0x9AF6C499ED7E6159), ++ UINT64_C(0x9D7A679713C029AD), UINT64_C(0xE5B5C9249018DC77) } }, ++ }, ++ { ++ { { UINT64_C(0x3F2EFF53DE1E4E55), UINT64_C(0x6B749943E4D3ECC4), ++ UINT64_C(0xAF10B18A0DDE190D), UINT64_C(0xF491B98DA26B0409), ++ UINT64_C(0x66080782A2B1D944), UINT64_C(0x59277DC697E8C541) }, ++ { UINT64_C(0xFDBFC5F6006F18AA), UINT64_C(0x435D165BFADD8BE1), ++ UINT64_C(0x8E5D263857645EF4), UINT64_C(0x31BCFDA6A0258363), ++ UINT64_C(0xF5330AB8D35D2503), UINT64_C(0xB71369F0C7CAB285) } }, ++ { { UINT64_C(0xE6A19DCC40ACC5A8), UINT64_C(0x1C3A1FF1DBC6DBF8), ++ UINT64_C(0xB4D89B9FC6455613), UINT64_C(0x6CB0FE44A7390D0E), ++ UINT64_C(0xADE197A459EA135A), UINT64_C(0xDA6AA86520680982) }, ++ { UINT64_C(0x03DB9BE95A442C1B), UINT64_C(0x221A2D732BFB93F2), ++ UINT64_C(0x44DEE8D4753C196C), UINT64_C(0x59ADCC700B7C6FF5), ++ UINT64_C(0xC6260EC24CA1B142), UINT64_C(0x4C3CB5C646CBD4F2) } }, ++ { { UINT64_C(0x8A15D6FEA417111F), UINT64_C(0xFE4A16BD71D93FCC), ++ UINT64_C(0x7A7EE38C55BBE732), UINT64_C(0xEFF146A51FF94A9D), ++ UINT64_C(0xE572D13EDD585AB5), UINT64_C(0xD879790E06491A5D) }, ++ { UINT64_C(0x9C84E1C52A58CB2E), UINT64_C(0xD79D13746C938630), ++ UINT64_C(0xDB12CD9B385F06C7), UINT64_C(0x0C93EB977A7759C3), ++ UINT64_C(0xF1F5B0FE683BD706), UINT64_C(0x541E4F7285EC3D50) } }, ++ { { UINT64_C(0x9A0E153581833608), UINT64_C(0x5CCE871E6E2833AC), ++ UINT64_C(0xC17059EAFB29777C), UINT64_C(0x7E40E5FAE354CAFD), ++ UINT64_C(0x9CF594054D07C371), UINT64_C(0x64CE36B2A71C3945) }, ++ { UINT64_C(0x69309E9656CAF487), UINT64_C(0x3D719E9F1AE3454B), ++ UINT64_C(0xF2164070E25823B6), UINT64_C(0xEAD851BD0BC27359), ++ UINT64_C(0x3D21BFE8B0925094), UINT64_C(0xA783B1E934A97F4E) } }, ++ { { UINT64_C(0x406B0C269546491A), UINT64_C(0x9E5E15E2F293C4E5), ++ UINT64_C(0xC60D641315B164DB), UINT64_C(0x0DA46F530C75A78E), ++ UINT64_C(0x7C599BB7EA0C656B), UINT64_C(0x0F07A5121B1A8122) }, ++ { UINT64_C(0x14C7204A15172686), UINT64_C(0x8FAEDFF85165625D), ++ UINT64_C(0x20F260CE37AEDE40), UINT64_C(0xC81F771E8F357FFE), ++ UINT64_C(0x25499197B0912557), UINT64_C(0x736197DC4C739C74) } }, ++ { { UINT64_C(0x6151BAB1381B3462), UINT64_C(0x27E5A07843DBD344), ++ UINT64_C(0x2CB05BD6A1C3E9FB), UINT64_C(0x2A75976027CF2A11), ++ UINT64_C(0x0ADCF9DBFF43E702), UINT64_C(0x4BBF03E21F484146) }, ++ { UINT64_C(0x0E74997F55B6521A), UINT64_C(0x15629231ADE17086), ++ UINT64_C(0x7F143E867493FC58), UINT64_C(0x60869095AF8B9670), ++ UINT64_C(0x482CFCD77E524869), UINT64_C(0x9E8060C31D454756) } }, ++ { { UINT64_C(0xE495747AC88B4D3B), UINT64_C(0xB7559835AE8A948F), ++ UINT64_C(0x67EEF3A9DEB56853), UINT64_C(0x0E20E2699DEE5ADF), ++ UINT64_C(0x9031AF6761F0A1AA), UINT64_C(0x76669D32683402BC) }, ++ { UINT64_C(0x90BD231306718B16), UINT64_C(0xE1B22A21864EFDAC), ++ UINT64_C(0xE4FFE9096620089F), UINT64_C(0xB84C842E3428E2D9), ++ UINT64_C(0x0E28C880FE3871FC), UINT64_C(0x8932F6983F21C200) } }, ++ { { UINT64_C(0x603F00CE6C90EA5D), UINT64_C(0x6473930740A2F693), ++ UINT64_C(0xAF65148B2174E517), UINT64_C(0x162FC2CAF784AE74), ++ UINT64_C(0x0D9A88254D5F6458), UINT64_C(0x0C2D586143AACE93) }, ++ { UINT64_C(0xBF1EADDE9F73CBFC), UINT64_C(0xDE9C34C09C68BBCA), ++ UINT64_C(0x6D95602D67EF8A1A), UINT64_C(0x0AF2581BA791B241), ++ UINT64_C(0x14F7736112CAD604), UINT64_C(0x19F2354DE2ACD1AD) } }, ++ { { UINT64_C(0x272F78F60D60F263), UINT64_C(0xE7A8F4AF208FD785), ++ UINT64_C(0x10E191C636554F2C), UINT64_C(0x06D88551FD5CD0B3), ++ UINT64_C(0x29BF856857069C27), UINT64_C(0x3CE7ECD828AA6FAD) }, ++ { UINT64_C(0x7D8A92D0E9F1A1D8), UINT64_C(0xD40C7FF8D30B5725), ++ UINT64_C(0x16BE6CB2F54CAEB8), UINT64_C(0x14CA471A14CB0A91), ++ UINT64_C(0xD5FF15B802733CAE), UINT64_C(0xCAF88D87DAA76580) } }, ++ { { UINT64_C(0x39430E222C046592), UINT64_C(0x6CDAE81F1AD26706), ++ UINT64_C(0x8C102159A25D9106), UINT64_C(0x9A44057227CA9F30), ++ UINT64_C(0x8D34C43070287FBC), UINT64_C(0x9003A45529DB8AFA) }, ++ { UINT64_C(0x91364CC37FD971AD), UINT64_C(0x7B3AA0489C60EDB7), ++ UINT64_C(0x58B0E008526F4DD8), UINT64_C(0xB7674454D86D98AE), ++ UINT64_C(0xC25F4051B2B45747), UINT64_C(0x8243BF9CCC043E8F) } }, ++ { { UINT64_C(0xA89641C643A0C387), UINT64_C(0x6D92205C87B9AB17), ++ UINT64_C(0x37D691F4DAA0E102), UINT64_C(0xEB3E52D7CDE5312E), ++ UINT64_C(0x60D3C09916F518A2), UINT64_C(0x7854C0518A378EEB) }, ++ { UINT64_C(0x7359DB514BBCAAC5), UINT64_C(0xF5B1B68C1713F102), ++ UINT64_C(0xDAEAE645E4398DE5), UINT64_C(0x8C8ACB6CD1ABFB82), ++ UINT64_C(0x2E8B76C3136423E2), UINT64_C(0x509DCB2DA8BA015E) } }, ++ { { UINT64_C(0x2FF368159AD9C59C), UINT64_C(0xB189A4E8658E65B9), ++ UINT64_C(0x7D33DDBBEA786AD2), UINT64_C(0x96D0D648C0D2DC05), ++ UINT64_C(0x05E49256BFA03BE9), UINT64_C(0x0EA4E7A68BAF5A1C) }, ++ { UINT64_C(0x3DDCE0B09F9AD5A8), UINT64_C(0xF78091959E49C2CB), ++ UINT64_C(0xBFCEF29D21782C2F), UINT64_C(0xE57AD39FC41BFD97), ++ UINT64_C(0xC04B93E81355AD19), UINT64_C(0xAABC9E6E59440F9F) } }, ++ { { UINT64_C(0x7AA481035B6459DA), UINT64_C(0x83EF74770166E880), ++ UINT64_C(0x536182B1511CCE80), UINT64_C(0xAFDD2EEE73CA55AA), ++ UINT64_C(0xAB910D0DA8716143), UINT64_C(0x8BEAA42B83707250) }, ++ { UINT64_C(0x4BCCFD898DA2AB3D), UINT64_C(0x1DBF68A9EC6AA105), ++ UINT64_C(0x32CE610868EB42DA), UINT64_C(0x5C2C2C858EA62E37), ++ UINT64_C(0x1ED2791FCD3088A7), UINT64_C(0x496B4FEBFF05070C) } }, ++ { { UINT64_C(0x9FA9121A0AA629C5), UINT64_C(0xE286CFF157558BEC), ++ UINT64_C(0x4D9D657E59813A4D), UINT64_C(0xC4676A1626103519), ++ UINT64_C(0x616160B32BD4DF80), UINT64_C(0x26FB78CC30FBAE87) }, ++ { UINT64_C(0x096070138F0F66BD), UINT64_C(0xDD4E2D0C03D9B90D), ++ UINT64_C(0x5D3A8912600D1B12), UINT64_C(0xF76DD52F4308E126), ++ UINT64_C(0x97CC04099E4FCCA6), UINT64_C(0x0CFBE31104C4DF7B) } }, ++ { { UINT64_C(0x6CA62C1228437A23), UINT64_C(0x0DAF335340E7A003), ++ UINT64_C(0x1FD07DF0D20F8079), UINT64_C(0xEAE7969C3BBC9749), ++ UINT64_C(0x55861AFA9ECAD022), UINT64_C(0xEC41DAD91FBC3D4C) }, ++ { UINT64_C(0x1FE4CB40DA8B261B), UINT64_C(0xC2671AB6427C5C9D), ++ UINT64_C(0xDFCDA7B8261D4939), UINT64_C(0x9E7B802B2072C0B9), ++ UINT64_C(0x3AFEE900C7828CC2), UINT64_C(0x3488BF28F6DE987F) } }, ++ { { UINT64_C(0x33B9F2DE7BE1F89E), UINT64_C(0xD4E80821299B15C9), ++ UINT64_C(0x87A3067A0E13F37F), UINT64_C(0x6D4C09ED55FD239F), ++ UINT64_C(0x48B1042D92EF014F), UINT64_C(0xA382B2E0B385A759) }, ++ { UINT64_C(0xBF571BB07F6F84F8), UINT64_C(0x25AFFA370CE87F50), ++ UINT64_C(0x826906D3FE54F1BC), UINT64_C(0x6B0421F4C53AE76A), ++ UINT64_C(0x44F85A3A4855EB3C), UINT64_C(0xF49E21518D1F2B27) } }, ++ }, ++ { ++ { { UINT64_C(0xC0426B775E3C647B), UINT64_C(0xBFCBD9398CF05348), ++ UINT64_C(0x31D312E3172C0D3D), UINT64_C(0x5F49FDE6EE754737), ++ UINT64_C(0x895530F06DA7EE61), UINT64_C(0xCF281B0AE8B3A5FB) }, ++ { UINT64_C(0xFD14973541B8A543), UINT64_C(0x41A625A73080DD30), ++ UINT64_C(0xE2BAAE07653908CF), UINT64_C(0xC3D01436BA02A278), ++ UINT64_C(0xA0D0222E7B21B8F8), UINT64_C(0xFDC270E9D7EC1297) } }, ++ { { UINT64_C(0x06A67BD29F101E64), UINT64_C(0xCB6E0AC7E1733A4A), ++ UINT64_C(0xEE0B5D5197BC62D2), UINT64_C(0x52B1703924C51874), ++ UINT64_C(0xFED1F42382A1A0D5), UINT64_C(0x55D90569DB6270AC) }, ++ { UINT64_C(0x36BE4A9C5D73D533), UINT64_C(0xBE9266D6976ED4D5), ++ UINT64_C(0xC17436D3B8F8074B), UINT64_C(0x3BB4D399718545C6), ++ UINT64_C(0x8E1EA3555C757D21), UINT64_C(0xF7EDBC978C474366) } }, ++ { { UINT64_C(0xEC72C6506EA83242), UINT64_C(0xF7DE7BE51B2D237F), ++ UINT64_C(0x3C5E22001819EFB0), UINT64_C(0xDF5AB6D68CDDE870), ++ UINT64_C(0x75A44E9D92A87AEE), UINT64_C(0xBDDC46F4BCF77F19) }, ++ { UINT64_C(0x8191EFBD669B674D), UINT64_C(0x52884DF9ED71768F), ++ UINT64_C(0xE62BE58265CF242C), UINT64_C(0xAE99A3B180B1D17B), ++ UINT64_C(0x48CBB44692DE59A9), UINT64_C(0xD3C226CF2DCB3CE2) } }, ++ { { UINT64_C(0x9580CDFB9FD94EC4), UINT64_C(0xED273A6C28631AD9), ++ UINT64_C(0x5D3D5F77C327F3E7), UINT64_C(0x05D5339C35353C5F), ++ UINT64_C(0xC56FB5FE5C258EB1), UINT64_C(0xEFF8425EEDCE1F79) }, ++ { UINT64_C(0xAB7AA141CF83CF9C), UINT64_C(0xBD2A690A207D6D4F), ++ UINT64_C(0xE1241491458D9E52), UINT64_C(0xDD2448CCAA7F0F31), ++ UINT64_C(0xEC58D3C7F0FDA7AB), UINT64_C(0x7B6E122DC91BBA4D) } }, ++ { { UINT64_C(0x2A2DEDAFB1B48156), UINT64_C(0xA0A2C63ABB93DB87), ++ UINT64_C(0xC655907808ACD99E), UINT64_C(0x03EA42AFFE4AC331), ++ UINT64_C(0x43D2C14AEB180ED6), UINT64_C(0xC2F293DDB1156A1A) }, ++ { UINT64_C(0x1FAFABF5A9D81249), UINT64_C(0x39ADDEAD9A8EEE87), ++ UINT64_C(0x21E206F2119E2E92), UINT64_C(0xBC5DCC2ED74DCEB6), ++ UINT64_C(0x86647FA30A73A358), UINT64_C(0xEAD8BEA42F53F642) } }, ++ { { UINT64_C(0x636225F591C09091), UINT64_C(0xCCF5070A71BDCFDF), ++ UINT64_C(0x0EF8D625B9668EE2), UINT64_C(0x57BDF6CDB5E04E4F), ++ UINT64_C(0xFC6AB0A67C75EA43), UINT64_C(0xEB6B8AFBF7FD6EF3) }, ++ { UINT64_C(0x5B2AEEF02A3DF404), UINT64_C(0x31FD3B48B9823197), ++ UINT64_C(0x56226DB683A7EB23), UINT64_C(0x3772C21E5BB1ED2F), ++ UINT64_C(0x3E833624CD1ABA6A), UINT64_C(0xBAE58FFAAC672DAD) } }, ++ { { UINT64_C(0xCE92224D31BA1705), UINT64_C(0x022C6ED2F0197F63), ++ UINT64_C(0x21F18D99A4DC1113), UINT64_C(0x5CD04DE803616BF1), ++ UINT64_C(0x6F9006799FF12E08), UINT64_C(0xF59A331548E61DDF) }, ++ { UINT64_C(0x9474D42CB51BD024), UINT64_C(0x11A0A4139051E49D), ++ UINT64_C(0x79C92705DCE70EDB), UINT64_C(0x113CE27834198426), ++ UINT64_C(0x8978396FEA8616D2), UINT64_C(0x9A2A14D0EA894C36) } }, ++ { { UINT64_C(0x4F1E1254604F6E4A), UINT64_C(0x4513B0880187D585), ++ UINT64_C(0x9022F25719E0F482), UINT64_C(0x51FB2A80E2239DBF), ++ UINT64_C(0x49940D9E998ED9D5), UINT64_C(0x0583D2416C932C5D) }, ++ { UINT64_C(0x1188CEC8F25B73F7), UINT64_C(0xA28788CB3B3D06CD), ++ UINT64_C(0xDEA194ECA083DB5A), UINT64_C(0xD93A4F7E22DF4272), ++ UINT64_C(0x8D84E4BF6A009C49), UINT64_C(0x893D8DD93E3E4A9E) } }, ++ { { UINT64_C(0x35E909EA33D31160), UINT64_C(0x5020316857172F1E), ++ UINT64_C(0x2707FC4451F3D866), UINT64_C(0xEB9D2018D2442A5D), ++ UINT64_C(0x904D72095DBFE378), UINT64_C(0x6DB132A35F13CF77) }, ++ { UINT64_C(0x9D842BA67A3AF54B), UINT64_C(0x4E16EA195AA5B4F9), ++ UINT64_C(0x2BBA457CAF24228E), UINT64_C(0xCC04B3BB16F3C5FE), ++ UINT64_C(0xBAFAC51677E64944), UINT64_C(0x31580A34F08BCEE0) } }, ++ { { UINT64_C(0xC6808DEE20C30ACA), UINT64_C(0xDADD216FA3EA2056), ++ UINT64_C(0xD331394E7A4A9F9D), UINT64_C(0x9E0441AD424C4026), ++ UINT64_C(0xAEED102F0AEB5350), UINT64_C(0xC6697FBBD45B09DA) }, ++ { UINT64_C(0x52A2590EDEAC1496), UINT64_C(0x7142B831250B87AF), ++ UINT64_C(0xBEF2E68B6D0784A8), UINT64_C(0x5F62593AA5F71CEF), ++ UINT64_C(0x3B8F7616B5DA51A3), UINT64_C(0xC7A6FA0DB680F5FE) } }, ++ { { UINT64_C(0x36C21DE699C8227C), UINT64_C(0xBEE3E867C26813B1), ++ UINT64_C(0x9B05F2E6BDD91549), UINT64_C(0x34FF2B1FA7D1110F), ++ UINT64_C(0x8E6953B937F67FD0), UINT64_C(0x56C7F18BC3183E20) }, ++ { UINT64_C(0x48AF46DE9E2019ED), UINT64_C(0xDEAF972EF551BBBF), ++ UINT64_C(0x88EE38F8CC5E3EEF), UINT64_C(0xFB8D7A44392D6BAF), ++ UINT64_C(0x32293BFC0127187D), UINT64_C(0x7689E767E58647CC) } }, ++ { { UINT64_C(0x00CE901B52168013), UINT64_C(0xC6BF8E38837AAE71), ++ UINT64_C(0xD6F11EFA167677D8), UINT64_C(0xE53BB48586C8E5CF), ++ UINT64_C(0x671167CEC48E74AB), UINT64_C(0x8A40218C8AD720A7) }, ++ { UINT64_C(0x81E827A6E7C1191A), UINT64_C(0x54058F8DADDB153D), ++ UINT64_C(0x0BAF29250D950FA2), UINT64_C(0xC244674D576DDA13), ++ UINT64_C(0x8C4630AE41BCD13B), UINT64_C(0x6C2127BF5A077419) } }, ++ { { UINT64_C(0xCF977FD5A83C501F), UINT64_C(0xD7C6DF36B6AB176F), ++ UINT64_C(0x117F6331397BC6B5), UINT64_C(0x72A6078BF7A2D491), ++ UINT64_C(0xE5A2AAED5242FE2E), UINT64_C(0x88ECFFDCFEBDC212) }, ++ { UINT64_C(0xF2DBBF50CE33BA21), UINT64_C(0xE1343B76CEB19F07), ++ UINT64_C(0x1F32D4C9D2C28F71), UINT64_C(0x93FC64B418587685), ++ UINT64_C(0x39CEEF9BBA1F8BD1), UINT64_C(0x99C36A788D6D6BB0) } }, ++ { { UINT64_C(0x0D0638173E9561CF), UINT64_C(0x1D8646AA3D33704D), ++ UINT64_C(0x8C4513847A08BA33), UINT64_C(0x96446BD3E02D6624), ++ UINT64_C(0x749849F02D6F4166), UINT64_C(0xE364DA0114268BF0) }, ++ { UINT64_C(0x7CE4587E9AEBFCFD), UINT64_C(0xD468606456234393), ++ UINT64_C(0x00231D5116DF73B2), UINT64_C(0xF6A969B77279C78C), ++ UINT64_C(0x1FF1F6B66CB4117C), UINT64_C(0x30AEBC39D3EAB680) } }, ++ { { UINT64_C(0x5CC97E6493EF00B9), UINT64_C(0xDAE13841972345AE), ++ UINT64_C(0x858391844788F43C), UINT64_C(0xD0FF521EE2E6CF3E), ++ UINT64_C(0xAED14A5B4B707C86), UINT64_C(0x7EAAE4A6D2523CF7) }, ++ { UINT64_C(0x266472C5024C8AC6), UINT64_C(0xE47E1522C0170051), ++ UINT64_C(0x7B83DA6173826BAE), UINT64_C(0xE97E19F5CF543F0D), ++ UINT64_C(0x5D5248FA20BF38E2), UINT64_C(0x8A7C2F7DDF56A037) } }, ++ { { UINT64_C(0xB04659DD87B0526C), UINT64_C(0x593C604A2307565E), ++ UINT64_C(0x49E522257C630AB8), UINT64_C(0x24C1D0C6DCE9CD23), ++ UINT64_C(0x6FDB241C85177079), UINT64_C(0x5F521D19F250C351) }, ++ { UINT64_C(0xFB56134BA6FB61DF), UINT64_C(0xA4E70D69D75C07ED), ++ UINT64_C(0xB7A824487D8825A8), UINT64_C(0xA3AEA7D4DD64BBCC), ++ UINT64_C(0xD53E6E6C8692F539), UINT64_C(0x8DDDA83BF7AA4BC0) } }, ++ }, ++ { ++ { { UINT64_C(0x140A0F9FDD93D50A), UINT64_C(0x4799FFDE83B7ABAC), ++ UINT64_C(0x78FF7C2304A1F742), UINT64_C(0xC0568F51195BA34E), ++ UINT64_C(0xE97183603B7F78B4), UINT64_C(0x9CFD1FF1F9EFAA53) }, ++ { UINT64_C(0xE924D2C5BB06022E), UINT64_C(0x9987FA86FAA2AF6D), ++ UINT64_C(0x4B12E73F6EE37E0F), UINT64_C(0x1836FDFA5E5A1DDE), ++ UINT64_C(0x7F1B92259DCD6416), UINT64_C(0xCB2C1B4D677544D8) } }, ++ { { UINT64_C(0x0254486D9C213D95), UINT64_C(0x68A9DB56CB2F6E94), ++ UINT64_C(0xFB5858BA000F5491), UINT64_C(0x1315BDD934009FB6), ++ UINT64_C(0xB18A8E0AC42BDE30), UINT64_C(0xFDCF93D1F1070358) }, ++ { UINT64_C(0xBEB1DB753022937E), UINT64_C(0x9B9ECA7ACAC20DB4), ++ UINT64_C(0x152214D4E4122B20), UINT64_C(0xD3E673F2AABCCC7B), ++ UINT64_C(0x94C50F64AED07571), UINT64_C(0xD767059AE66B4F17) } }, ++ { { UINT64_C(0x40336B12DCD6D14B), UINT64_C(0xF6BCFF5DE3B4919C), ++ UINT64_C(0xC337048D9C841F0C), UINT64_C(0x4CE6D0251D617F50), ++ UINT64_C(0x00FEF2198117D379), UINT64_C(0x18B7C4E9F95BE243) }, ++ { UINT64_C(0x98DE119E38DF08FF), UINT64_C(0xDFD803BD8D772D20), ++ UINT64_C(0x94125B720F9678BD), UINT64_C(0xFC5B57CD334ACE30), ++ UINT64_C(0x09486527B7E86E04), UINT64_C(0xFE9F8BCC6E552039) } }, ++ { { UINT64_C(0x3B75C45BD6F5A10E), UINT64_C(0xFD4680F4C1C35F38), ++ UINT64_C(0x5450227DF8E0A113), UINT64_C(0x5E69F1AE73DDBA24), ++ UINT64_C(0x2007B80E57F24645), UINT64_C(0xC63695DC3D159741) }, ++ { UINT64_C(0xCBE54D294530F623), UINT64_C(0x986AD5732869586B), ++ UINT64_C(0xE19F70594CC39F73), UINT64_C(0x80F00AB32B1B8DA9), ++ UINT64_C(0xB765AAF973F68D26), UINT64_C(0xBC79A394E993F829) } }, ++ { { UINT64_C(0x9C441043F310D2A0), UINT64_C(0x2865EE58DC5EB106), ++ UINT64_C(0x71A959229CB8065C), UINT64_C(0x8EB3A733A052AF0F), ++ UINT64_C(0x56009F42B09D716E), UINT64_C(0xA7F923C5ABCBE6AD) }, ++ { UINT64_C(0x263B7669FA375C01), UINT64_C(0x641C47E521EF27A2), ++ UINT64_C(0xA89B474EB08FFD25), UINT64_C(0x5BE8EC3FF0A239F3), ++ UINT64_C(0x0E79957A242A6C5A), UINT64_C(0x1DFB26D00C6C75F5) } }, ++ { { UINT64_C(0x2FD97B9B9DFBF22A), UINT64_C(0xDEC16CC85643532D), ++ UINT64_C(0xDF0E6E3960FEE7C3), UINT64_C(0xD09AD7B6545860C8), ++ UINT64_C(0xCC16E98473FC3B7C), UINT64_C(0x6CE734C10D4E1555) }, ++ { UINT64_C(0xC6EFE68B4B5F6032), UINT64_C(0x3A64F34C14F54073), ++ UINT64_C(0x25DA689CAC44DC95), UINT64_C(0x990C477E5358AD8A), ++ UINT64_C(0x00E958A5F36DA7DE), UINT64_C(0x902B7360C9B6F161) } }, ++ { { UINT64_C(0x454AB42C9347B90A), UINT64_C(0xCAEBE64AA698B02B), ++ UINT64_C(0x119CDC69FB86FA40), UINT64_C(0x2E5CB7ADC3109281), ++ UINT64_C(0x67BB1EC5CD0C3D00), UINT64_C(0x5D430BC783F25BBF) }, ++ { UINT64_C(0x69FD84A85CDE0ABB), UINT64_C(0x69DA263E9816B688), ++ UINT64_C(0xE52D93DF0E53CBB8), UINT64_C(0x42CF6F25ADD2D5A7), ++ UINT64_C(0x227BA59DC87CA88F), UINT64_C(0x7A1CA876DA738554) } }, ++ { { UINT64_C(0x3FA5C1051CAC82C4), UINT64_C(0x23C760878A78C9BE), ++ UINT64_C(0xE98CDAD61C5CFA42), UINT64_C(0x09C302520A6C0421), ++ UINT64_C(0x149BAC7C42FC61B9), UINT64_C(0x3A1C22AC3004A3E2) }, ++ { UINT64_C(0xDE6B0D6E202C7FED), UINT64_C(0xB2457377E7E63052), ++ UINT64_C(0x31725FD43706B3EF), UINT64_C(0xE16A347D2B1AFDBF), ++ UINT64_C(0xBE4850C48C29CF66), UINT64_C(0x8F51CC4D2939F23C) } }, ++ { { UINT64_C(0x169E025B219AE6C1), UINT64_C(0x55FF526F116E1CA1), ++ UINT64_C(0x01B810A3B191F55D), UINT64_C(0x2D98127229588A69), ++ UINT64_C(0x53C9377048B92199), UINT64_C(0x8C7DD84E8A85236F) }, ++ { UINT64_C(0x293D48B6CAACF958), UINT64_C(0x1F084ACB43572B30), ++ UINT64_C(0x628BFA2DFAD91F28), UINT64_C(0x8D627B11829386AF), ++ UINT64_C(0x3EC1DD00D44A77BE), UINT64_C(0x8D3B0D08649AC7F0) } }, ++ { { UINT64_C(0x00A93DAA177513BF), UINT64_C(0x2EF0B96F42AD79E1), ++ UINT64_C(0x81F5AAF1A07129D9), UINT64_C(0xFC04B7EF923F2449), ++ UINT64_C(0x855DA79560CDB1B7), UINT64_C(0xB1EB5DABAD5D61D4) }, ++ { UINT64_C(0xD2CEF1AE353FD028), UINT64_C(0xC21D54399EE94847), ++ UINT64_C(0x9ED552BB0380C1A8), UINT64_C(0xB156FE7A2BAC328F), ++ UINT64_C(0xBB7E01967213C6A4), UINT64_C(0x36002A331701ED5B) } }, ++ { { UINT64_C(0x20B1632ADDC9EF4D), UINT64_C(0x2A35FF4C272D082B), ++ UINT64_C(0x30D39923F6CC9BD3), UINT64_C(0x6D879BC2E65C9D08), ++ UINT64_C(0xCE8274E16FA9983C), UINT64_C(0x652371E80EB7424F) }, ++ { UINT64_C(0x32B77503C5C35282), UINT64_C(0xD7306333C885A931), ++ UINT64_C(0x8A16D71972955AA8), UINT64_C(0x5548F1637D51F882), ++ UINT64_C(0xB311DC66BABA59EF), UINT64_C(0x773D54480DB8F627) } }, ++ { { UINT64_C(0x59B1B1347A62EB3B), UINT64_C(0x0F8CE157CCEEFB34), ++ UINT64_C(0x3FE842A8A798CB2B), UINT64_C(0xD01BC6260BF4161D), ++ UINT64_C(0x55EF6E554D016FDB), UINT64_C(0xCB561503B242B201) }, ++ { UINT64_C(0x076EBC73AF4199C1), UINT64_C(0x39DEDCBB697244F7), ++ UINT64_C(0x9D184733040162BC), UINT64_C(0x902992C17F6B5FA6), ++ UINT64_C(0xAD1DE754BB4952B5), UINT64_C(0x7ACF1B93A121F6C8) } }, ++ { { UINT64_C(0x7A56867C325C9B9A), UINT64_C(0x1A143999F3DC3D6A), ++ UINT64_C(0xCE10959003F5BCB8), UINT64_C(0x034E9035D6EEE5B7), ++ UINT64_C(0x2AFA81C8495DF1BC), UINT64_C(0x5EAB52DC08924D02) }, ++ { UINT64_C(0xEE6AA014AA181904), UINT64_C(0xE62DEF09310AD621), ++ UINT64_C(0x6C9792FCC7538A03), UINT64_C(0xA89D3E883E41D789), ++ UINT64_C(0xD60FA11C9F94AE83), UINT64_C(0x5E16A8C2E0D6234A) } }, ++ { { UINT64_C(0x87EC053DA9242F3B), UINT64_C(0x99544637F0E03545), ++ UINT64_C(0xEA0633FF6B7019E9), UINT64_C(0x8CB8AE0768DDDB5B), ++ UINT64_C(0x892E7C841A811AC7), UINT64_C(0xC7EF19EB73664249) }, ++ { UINT64_C(0xD1B5819ACD1489E3), UINT64_C(0xF9C80FB0DE45D24A), ++ UINT64_C(0x045C21A683BB7491), UINT64_C(0xA65325BE73F7A47D), ++ UINT64_C(0x08D09F0E9C394F0C), UINT64_C(0xE7FB21C6268D4F08) } }, ++ { { UINT64_C(0xC4CCAB956CA95C18), UINT64_C(0x563FFD56BC42E040), ++ UINT64_C(0xFA3C64D8E701C604), UINT64_C(0xC88D4426B0ABAFEE), ++ UINT64_C(0x1A353E5E8542E4C3), UINT64_C(0x9A2D8B7CED726186) }, ++ { UINT64_C(0xD61CE19042D097FA), UINT64_C(0x6A63E280799A748B), ++ UINT64_C(0x0F48D0633225486B), UINT64_C(0x848F8FE142A3C443), ++ UINT64_C(0x2CCDE2508493CEF4), UINT64_C(0x5450A50845E77E7C) } }, ++ { { UINT64_C(0xD0F4E24803112816), UINT64_C(0xFCAD9DDBCCBE9E16), ++ UINT64_C(0x177999BF5AE01EA0), UINT64_C(0xD20C78B9CE832DCE), ++ UINT64_C(0x3CC694FB50C8C646), UINT64_C(0x24D75968C93D4887) }, ++ { UINT64_C(0x9F06366A87BC08AF), UINT64_C(0x59FAB50E7FD0DF2A), ++ UINT64_C(0x5FFCC7F76C4CC234), UINT64_C(0x87198DD765F52D86), ++ UINT64_C(0x5B9C94B0A855DF04), UINT64_C(0xD8BA6C738A067AD7) } }, ++ }, ++ { ++ { { UINT64_C(0x9E9AF3151C4C9D90), UINT64_C(0x8665C5A9D12E0A89), ++ UINT64_C(0x204ABD9258286493), UINT64_C(0x79959889B2E09205), ++ UINT64_C(0x0C727A3DFE56B101), UINT64_C(0xF366244C8B657F26) }, ++ { UINT64_C(0xDE35D954CCA65BE2), UINT64_C(0x52EE1230B0FD41CE), ++ UINT64_C(0xFA03261F36019FEE), UINT64_C(0xAFDA42D966511D8F), ++ UINT64_C(0xF63211DD821148B9), UINT64_C(0x7B56AF7E6F13A3E1) } }, ++ { { UINT64_C(0x47FE47995913E184), UINT64_C(0x5BBE584C82145900), ++ UINT64_C(0xB76CFA8B9A867173), UINT64_C(0x9BC87BF0514BF471), ++ UINT64_C(0x37392DCE71DCF1FC), UINT64_C(0xEC3EFAE03AD1EFA8) }, ++ { UINT64_C(0xBBEA5A3414876451), UINT64_C(0x96E5F5436217090F), ++ UINT64_C(0x5B3D4ECD9B1665A9), UINT64_C(0xE7B0DF26E329DF22), ++ UINT64_C(0x18FB438E0BAA808D), UINT64_C(0x90757EBFDD516FAF) } }, ++ { { UINT64_C(0x1E6F9A95D5A98D68), UINT64_C(0x759EA7DF849DA828), ++ UINT64_C(0x365D56256E8B4198), UINT64_C(0xE1B9C53B7A4A53F9), ++ UINT64_C(0x55DC1D50E32B9B16), UINT64_C(0xA4657EBBBB6D5701) }, ++ { UINT64_C(0x4C270249EACC76E2), UINT64_C(0xBE49EC75162B1CC7), ++ UINT64_C(0x19A95B610689902B), UINT64_C(0xDD5706BFA4CFC5A8), ++ UINT64_C(0xD33BDB7314E5B424), UINT64_C(0x21311BD1E69EBA87) } }, ++ { { UINT64_C(0x75BA2F9B72A21ACC), UINT64_C(0x356688D4A28EDB4C), ++ UINT64_C(0x3C339E0B610D080F), UINT64_C(0x614AC29333A99C2F), ++ UINT64_C(0xA5E23AF2AA580AFF), UINT64_C(0xA6BCB860E1FDBA3A) }, ++ { UINT64_C(0xAA603365B43F9425), UINT64_C(0xAE8D7126F7EE4635), ++ UINT64_C(0xA2B2524456330A32), UINT64_C(0xC396B5BB9E025AA3), ++ UINT64_C(0xABBF77FAF8A0D5CF), UINT64_C(0xB322EE30EA31C83B) } }, ++ { { UINT64_C(0x048813847890E234), UINT64_C(0x387F1159672E70C6), ++ UINT64_C(0x1468A6147B307F75), UINT64_C(0x56335B52ED85EC96), ++ UINT64_C(0xDA1BB60FD45BCAE9), UINT64_C(0x4D94F3F0F9FAEADD) }, ++ { UINT64_C(0x6C6A7183FC78D86B), UINT64_C(0xA425B5C73018DEC6), ++ UINT64_C(0xB1549C332D877399), UINT64_C(0x6C41C50C92B2BC37), ++ UINT64_C(0x3A9F380C83EE0DDB), UINT64_C(0xDED5FEB6C4599E73) } }, ++ { { UINT64_C(0x14D34C210B7F8354), UINT64_C(0x1475A1CD9177CE45), ++ UINT64_C(0x9F5F764A9B926E4B), UINT64_C(0x77260D1E05DD21FE), ++ UINT64_C(0x3C882480C4B937F7), UINT64_C(0xC92DCD39722372F2) }, ++ { UINT64_C(0xF636A1BEEC6F657E), UINT64_C(0xB0E6C3121D30DD35), ++ UINT64_C(0xFE4B0528E4654EFE), UINT64_C(0x1C4A682021D230D2), ++ UINT64_C(0x615D2E4898FA45AB), UINT64_C(0x1F35D6D801FDBABF) } }, ++ { { UINT64_C(0xA636EEB83A7B10D1), UINT64_C(0x4E1AE352F4A29E73), ++ UINT64_C(0x01704F5FE6BB1EC7), UINT64_C(0x75C04F720EF020AE), ++ UINT64_C(0x448D8CEE5A31E6A6), UINT64_C(0xE40A9C29208F994B) }, ++ { UINT64_C(0x69E09A30FD8F9D5D), UINT64_C(0xE6A5F7EB449BAB7E), ++ UINT64_C(0xF25BC18A2AA1768B), UINT64_C(0x9449E4043C841234), ++ UINT64_C(0x7A3BF43E016A7BEF), UINT64_C(0xF25803E82A150B60) } }, ++ { { UINT64_C(0xE44A2A57B215F9E0), UINT64_C(0x38B34DCE19066F0A), ++ UINT64_C(0x8BB91DAD40BB1BFB), UINT64_C(0x64C9F775E67735FC), ++ UINT64_C(0xDE14241788D613CD), UINT64_C(0xC5014FF51901D88D) }, ++ { UINT64_C(0xA250341DF38116B0), UINT64_C(0xF96B9DD49D6CBCB2), ++ UINT64_C(0x15EC6C7276B3FAC2), UINT64_C(0x88F1952F8124C1E9), ++ UINT64_C(0x6B72F8EA975BE4F5), UINT64_C(0x23D288FF061F7530) } }, ++ { { UINT64_C(0xEBFE3E5FAFB96CE3), UINT64_C(0x2275EDFBB1979537), ++ UINT64_C(0xC37AB9E8C97BA741), UINT64_C(0x446E4B1063D7C626), ++ UINT64_C(0xB73E2DCED025EB02), UINT64_C(0x1F952B517669EEA7) }, ++ { UINT64_C(0xABDD00F66069A424), UINT64_C(0x1C0F9D9BDC298BFB), ++ UINT64_C(0x831B1FD3EB757B33), UINT64_C(0xD7DBE18359D60B32), ++ UINT64_C(0x663D1F369EF094B3), UINT64_C(0x1BD5732E67F7F11A) } }, ++ { { UINT64_C(0x3C7FB3F5C75D8892), UINT64_C(0x2CFF9A0CBA68DA69), ++ UINT64_C(0x76455E8B60EC740B), UINT64_C(0x4B8D67FF167B88F0), ++ UINT64_C(0xEDEC0C025A4186B1), UINT64_C(0x127C462DBEBF35AB) }, ++ { UINT64_C(0x9159C67E049430FC), UINT64_C(0x86B21DD2E7747320), ++ UINT64_C(0x0E0E01520CF27B89), UINT64_C(0x705F28F5CD1316B6), ++ UINT64_C(0x76751691BEAEA8A8), UINT64_C(0x4C73E282360C5B69) } }, ++ { { UINT64_C(0x46BCC0D5FD7B3D74), UINT64_C(0x6F13C20E0DC4F410), ++ UINT64_C(0x98A1AF7D72F11CDF), UINT64_C(0x6099FD837928881C), ++ UINT64_C(0x66976356371BB94B), UINT64_C(0x673FBA7219B945AB) }, ++ { UINT64_C(0xE4D8FA6EAED00700), UINT64_C(0xEA2313EC5C71A9F7), ++ UINT64_C(0xF9ED8268F99D4AEA), UINT64_C(0xADD8916442AB59C7), ++ UINT64_C(0xB37EB26F3F3A2D45), UINT64_C(0x0B39BD7AA924841E) } }, ++ { { UINT64_C(0xD811EB32E03CDBBB), UINT64_C(0x12055F1D7CC3610E), ++ UINT64_C(0x6B23A1A0A9046E3F), UINT64_C(0x4D7121229DD4A749), ++ UINT64_C(0xB0C2ACA1B1BF0AC3), UINT64_C(0x71EFF575C1B0432F) }, ++ { UINT64_C(0x6CD814922B44E285), UINT64_C(0x3088BD9CD87E8D20), ++ UINT64_C(0xACE218E5F567E8FA), UINT64_C(0xB3FA0424CF90CBBB), ++ UINT64_C(0xADBDA751770734D3), UINT64_C(0xBCD78BAD5AD6569A) } }, ++ { { UINT64_C(0xCADB31FA7F39641F), UINT64_C(0x3EF3E295825E5562), ++ UINT64_C(0x4893C633F4094C64), UINT64_C(0x52F685F18ADDF432), ++ UINT64_C(0x9FD887AB7FDC9373), UINT64_C(0x47A9ADA0E8680E8B) }, ++ { UINT64_C(0x579313B7F0CD44F6), UINT64_C(0xAC4B8668E188AE2E), ++ UINT64_C(0x648F43698FB145BD), UINT64_C(0xE0460AB374629E31), ++ UINT64_C(0xC25F28758FF2B05F), UINT64_C(0x4720C2B62D31EAEA) } }, ++ { { UINT64_C(0x4603CDF413D48F80), UINT64_C(0x9ADB50E2A49725DA), ++ UINT64_C(0x8CD3305065DF63F0), UINT64_C(0x58D8B3BBCD643003), ++ UINT64_C(0x170A4F4AB739826B), UINT64_C(0x857772B51EAD0E17) }, ++ { UINT64_C(0x01B78152E65320F1), UINT64_C(0xA6B4D845B7503FC0), ++ UINT64_C(0x0F5089B93DD50798), UINT64_C(0x488F200F5690B6BE), ++ UINT64_C(0x220B4ADF9E096F36), UINT64_C(0x474D7C9F8CE5BC7C) } }, ++ { { UINT64_C(0xFED8C058C745F8C9), UINT64_C(0xB683179E291262D1), ++ UINT64_C(0x26ABD367D15EE88C), UINT64_C(0x29E8EED3F60A6249), ++ UINT64_C(0xED6008BB1E02D6E1), UINT64_C(0xD82ECF4CA6B12B8D) }, ++ { UINT64_C(0x9929D021AAE4FA22), UINT64_C(0xBE4DEF14336A1AB3), ++ UINT64_C(0x529B7E098C80A312), UINT64_C(0xB059188DEE0EB0CE), ++ UINT64_C(0x1E42979A16DEAB7F), UINT64_C(0x2411034984EE9477) } }, ++ { { UINT64_C(0xD65246852BE579CC), UINT64_C(0x849316F1C456FDED), ++ UINT64_C(0xC51B7DA42D1B67DA), UINT64_C(0xC25B539E41BC6D6A), ++ UINT64_C(0xE3B7CCA3A9BF8BED), UINT64_C(0x813EF18C045C15E4) }, ++ { UINT64_C(0x5F3789A1697982C4), UINT64_C(0x4C1253698C435566), ++ UINT64_C(0x00A7AE6EDC0A92C6), UINT64_C(0x1ABC929B2F64A053), ++ UINT64_C(0xF4925C4C38666B44), UINT64_C(0xA81044B00F3DE7F6) } }, ++ }, ++ { ++ { { UINT64_C(0xBCC88422C2EC3731), UINT64_C(0x78A3E4D410DC4EC2), ++ UINT64_C(0x745DA1EF2571D6B1), UINT64_C(0xF01C2921739A956E), ++ UINT64_C(0xEFFD8065E4BFFC16), UINT64_C(0x6EFE62A1F36FE72C) }, ++ { UINT64_C(0xF49E90D20F4629A4), UINT64_C(0xADD1DCC78CE646F4), ++ UINT64_C(0xCB78B583B7240D91), UINT64_C(0x2E1A7C3C03F8387F), ++ UINT64_C(0x16566C223200F2D9), UINT64_C(0x2361B14BAAF80A84) } }, ++ { { UINT64_C(0xDB1CFFD2B5733309), UINT64_C(0x24BC250B0F9DD939), ++ UINT64_C(0xA4181E5AA3C1DB85), UINT64_C(0xE5183E51AC55D391), ++ UINT64_C(0x2793D5EFEFD270D0), UINT64_C(0x7D56F63DC0631546) }, ++ { UINT64_C(0xECB40A590C1EE59D), UINT64_C(0xE613A9E4BB5BFA2C), ++ UINT64_C(0xA89B14AB6C5830F9), UINT64_C(0x4DC477DCA03F201E), ++ UINT64_C(0x5604F5DAC88C54F6), UINT64_C(0xD49264DC2ACFC66E) } }, ++ { { UINT64_C(0x283DD7F01C4DFA95), UINT64_C(0xB898CC2C62C0B160), ++ UINT64_C(0xBA08C095870282AA), UINT64_C(0xB02B00D8F4E36324), ++ UINT64_C(0x53AADDC0604CECF2), UINT64_C(0xF1F927D384DDD24E) }, ++ { UINT64_C(0x34BC00A0E2ABC9E1), UINT64_C(0x2DA1227D60289F88), ++ UINT64_C(0x5228EAAACEF68F74), UINT64_C(0x40A790D23C029351), ++ UINT64_C(0xE0E9AF5C8442E3B7), UINT64_C(0xA3214142A9F141E0) } }, ++ { { UINT64_C(0x72F4949EF9A58E3D), UINT64_C(0x738C700BA48660A6), ++ UINT64_C(0x71B04726092A5805), UINT64_C(0xAD5C3C110F5CDB72), ++ UINT64_C(0xD4951F9E554BFC49), UINT64_C(0xEE594EE56131EBE7) }, ++ { UINT64_C(0x37DA59F33C1AF0A9), UINT64_C(0xD7AFC73BCB040A63), ++ UINT64_C(0xD020962A4D89FA65), UINT64_C(0x2610C61E71D824F5), ++ UINT64_C(0x9C917DA73C050E31), UINT64_C(0x3840F92FE6E7EBFB) } }, ++ { { UINT64_C(0x50FBD7FE8D8B8CED), UINT64_C(0xC7282F7547D240AE), ++ UINT64_C(0x79646A471930FF73), UINT64_C(0x2E0BAC4E2F7F5A77), ++ UINT64_C(0x0EE44FA526127E0B), UINT64_C(0x678881B782BC2AA7) }, ++ { UINT64_C(0xB9E5D38467F5F497), UINT64_C(0x8F94A7D4A9B7106B), ++ UINT64_C(0xBF7E0B079D329F68), UINT64_C(0x169B93EA45D192FB), ++ UINT64_C(0xCCAA946720DBE8C0), UINT64_C(0xD4513A50938F9574) } }, ++ { { UINT64_C(0x841C96B4054CB874), UINT64_C(0xD75B1AF1A3C26834), ++ UINT64_C(0x7237169DEE6575F0), UINT64_C(0xD71FC7E50322AADC), ++ UINT64_C(0xD7A23F1E949E3A8E), UINT64_C(0x77E2D102DD31D8C7) }, ++ { UINT64_C(0x5AD69D09D10F5A1F), UINT64_C(0x526C9CB4B99D9A0B), ++ UINT64_C(0x521BB10B972B237D), UINT64_C(0x1E4CD42FA326F342), ++ UINT64_C(0x5BB6DB27F0F126CA), UINT64_C(0x587AF22CA4A515AD) } }, ++ { { UINT64_C(0x1123A531B12E542F), UINT64_C(0x1D01A64DB9EB2811), ++ UINT64_C(0xA4A3515BF2D70F87), UINT64_C(0xFA205234B4BD0270), ++ UINT64_C(0x74B818305EDA26B9), UINT64_C(0x9305D6E656578E75) }, ++ { UINT64_C(0xF38E69DE9F11BE19), UINT64_C(0x1E2A5C2344DBE89F), ++ UINT64_C(0x1077E7BCFD286654), UINT64_C(0xD36698940FCA4741), ++ UINT64_C(0x893BF904278F8497), UINT64_C(0xD6AC5F83EB3E14F4) } }, ++ { { UINT64_C(0x327B9DAB488F5F74), UINT64_C(0x2B44F4B8CAB7364F), ++ UINT64_C(0xB4A6D22D19B6C6BD), UINT64_C(0xA087E613FC77CD3E), ++ UINT64_C(0x4558E327B0B49BC7), UINT64_C(0x188805BECD835D35) }, ++ { UINT64_C(0x592F293CC1DC1007), UINT64_C(0xFAEE660F6AF02B44), ++ UINT64_C(0x5BFBB3BF904035F2), UINT64_C(0xD7C9AE6079C07E70), ++ UINT64_C(0xC5287DD4234896C2), UINT64_C(0xC4CE4523CB0E4121) } }, ++ { { UINT64_C(0x3626B40658344831), UINT64_C(0xABCCE3568E55C984), ++ UINT64_C(0x495CC81C77241602), UINT64_C(0x4FB796766D70DF8F), ++ UINT64_C(0x6354B37C5B071DCA), UINT64_C(0x2CAD80A48C0FC0AD) }, ++ { UINT64_C(0x18AADD51F68739B4), UINT64_C(0x1BFBB17747F09C6C), ++ UINT64_C(0x9355EA19A8FD51C4), UINT64_C(0x3D512A84EE58DB7B), ++ UINT64_C(0x70842AFDE9237640), UINT64_C(0x36F515CAACAF858D) } }, ++ { { UINT64_C(0x3DDEC7C47E768B23), UINT64_C(0x97E13C53036D43ED), ++ UINT64_C(0x871E59253A39AB5F), UINT64_C(0x9AF292DE07E68E2B), ++ UINT64_C(0x411583494A40112E), UINT64_C(0xCDBB46AF3D4D97E6) }, ++ { UINT64_C(0x2F8912933C0EBE40), UINT64_C(0x696C7EEE3EBAD1E5), ++ UINT64_C(0x8A5F3B6933B50D99), UINT64_C(0xB7BC48407ED47DDE), ++ UINT64_C(0x3A6F8E6C1E6706D8), UINT64_C(0x6A1479433D84BB8F) } }, ++ { { UINT64_C(0xEC3A9C78603AE8D1), UINT64_C(0xBFE07E37228C29E5), ++ UINT64_C(0xB0385C5B396DBC2B), UINT64_C(0x7C14FE83DF85F41F), ++ UINT64_C(0xE2E64676ADFD463E), UINT64_C(0x5BEF10AA8BF9F23D) }, ++ { UINT64_C(0xFA83EA0DF6BAB6DA), UINT64_C(0xCD0C8BA5966BF7E3), ++ UINT64_C(0xD62216B498501C2E), UINT64_C(0xB7F298A4C3E69F2D), ++ UINT64_C(0x42CEF13B9C8740F4), UINT64_C(0xBB317E520DD64307) } }, ++ { { UINT64_C(0x22B6245C3FFEE775), UINT64_C(0x5C3F60BEB37CE7AA), ++ UINT64_C(0xDE195D40E1FEC0DF), UINT64_C(0x3BFAFBC5A0A82074), ++ UINT64_C(0xC36EC86AC72CA86A), UINT64_C(0x5606285113FD43EA) }, ++ { UINT64_C(0x8686BE808E0B03A4), UINT64_C(0xC3BD1F93D540D440), ++ UINT64_C(0x13E4EBC0BF96CEC5), UINT64_C(0xE8E239849190C844), ++ UINT64_C(0x183593A600844802), UINT64_C(0x467168794D206878) } }, ++ { { UINT64_C(0x358F394DB6F63D19), UINT64_C(0xA75D48496B052194), ++ UINT64_C(0x584035905C8D7975), UINT64_C(0x86DC9B6B6CBFBD77), ++ UINT64_C(0x2DB04D77647A51E5), UINT64_C(0x5E9A5B02F8950D88) }, ++ { UINT64_C(0xCE69A7E5017168B0), UINT64_C(0x94630FACC4843AD3), ++ UINT64_C(0xB3B9D7361EFC44FF), UINT64_C(0xE729E9B6B14D7F93), ++ UINT64_C(0xA071FC60E0ED0ABC), UINT64_C(0xFC1A99718C8D9B83) } }, ++ { { UINT64_C(0x49686031D138E975), UINT64_C(0x648640385A8EF0D1), ++ UINT64_C(0x32679713E7F7DE49), UINT64_C(0x5913234929D1CD1D), ++ UINT64_C(0x849AA23A20BE9ED2), UINT64_C(0x15D303E1284B3F33) }, ++ { UINT64_C(0x37309475B63F9FE9), UINT64_C(0x327BAC8B45B7256A), ++ UINT64_C(0x291CD227D17FC5D3), UINT64_C(0x8291D8CDA973EDF1), ++ UINT64_C(0xF3843562437ABA09), UINT64_C(0x33FFB704271D0785) } }, ++ { { UINT64_C(0x5248D6E447E11E5E), UINT64_C(0x0F66FC3C269C7ED3), ++ UINT64_C(0x18C0D2B9903E346E), UINT64_C(0xD81D9D974BEAE1B8), ++ UINT64_C(0x610326B0FC30FDF3), UINT64_C(0x2B13687019A7DFCD) }, ++ { UINT64_C(0xEC75F70AB9527676), UINT64_C(0x90829F5129A3D897), ++ UINT64_C(0x92FE180997980302), UINT64_C(0xA3F2498E68474991), ++ UINT64_C(0x6A66307B0F22BBAD), UINT64_C(0x32014B9120378557) } }, ++ { { UINT64_C(0x72CD7D553CD98610), UINT64_C(0xC3D560B074504ADF), ++ UINT64_C(0x23F0A982CEBB5D5D), UINT64_C(0x1431C15BB839DDB8), ++ UINT64_C(0x7E207CD8CEB72207), UINT64_C(0x28E0A848E7EFB28D) }, ++ { UINT64_C(0xD22561FE1BD96F6E), UINT64_C(0x04812C1862A8236B), ++ UINT64_C(0xA0BF2334975491FA), UINT64_C(0x294F42A6435DF87F), ++ UINT64_C(0x2772B783A5D6F4F6), UINT64_C(0x348F92ED2724F853) } }, ++ }, ++ { ++ { { UINT64_C(0xC20FB9111A42E5E7), UINT64_C(0x075A678B81D12863), ++ UINT64_C(0x12BCBC6A5CC0AA89), UINT64_C(0x5279C6AB4FB9F01E), ++ UINT64_C(0xBC8E178911AE1B89), UINT64_C(0xAE74A706C290003C) }, ++ { UINT64_C(0x9949D6EC79DF3F45), UINT64_C(0xBA18E26296C8D37F), ++ UINT64_C(0x68DE6EE2DD2275BF), UINT64_C(0xA9E4FFF8C419F1D5), ++ UINT64_C(0xBC759CA4A52B5A40), UINT64_C(0xFF18CBD863B0996D) } }, ++ { { UINT64_C(0x73C57FDED7DD47E5), UINT64_C(0xB0FE5479D49A7F5D), ++ UINT64_C(0xD25C71F1CFB9821E), UINT64_C(0x9427E209CF6A1D68), ++ UINT64_C(0xBF3C3916ACD24E64), UINT64_C(0x7E9F5583BDA7B8B5) }, ++ { UINT64_C(0xE7C5F7C8CF971E11), UINT64_C(0xEC16D5D73C7F035E), ++ UINT64_C(0x818DC472E66B277C), UINT64_C(0x4413FD47B2816F1E), ++ UINT64_C(0x40F262AF48383C6D), UINT64_C(0xFB0575844F190537) } }, ++ { { UINT64_C(0x487EDC0708962F6B), UINT64_C(0x6002F1E7190A7E55), ++ UINT64_C(0x7FC62BEA10FDBA0C), UINT64_C(0xC836BBC52C3DBF33), ++ UINT64_C(0x4FDFB5C34F7D2A46), UINT64_C(0x824654DEDCA0DF71) }, ++ { UINT64_C(0x30A076760C23902B), UINT64_C(0x7F1EBB9377FBBF37), ++ UINT64_C(0xD307D49DFACC13DB), UINT64_C(0x148D673AAE1A261A), ++ UINT64_C(0xE008F95B52D98650), UINT64_C(0xC76144409F558FDE) } }, ++ { { UINT64_C(0x17CD6AF69CB16650), UINT64_C(0x86CC27C169F4EEBE), ++ UINT64_C(0x7E495B1D78822432), UINT64_C(0xFED338E31B974525), ++ UINT64_C(0x527743D386F3CE21), UINT64_C(0x87948AD3B515C896) }, ++ { UINT64_C(0x9FDE7039B17F2FB8), UINT64_C(0xA2FA9A5FD9B89D96), ++ UINT64_C(0x5D46600B36FF74DC), UINT64_C(0x8EA74B048302C3C9), ++ UINT64_C(0xD560F570F744B5EB), UINT64_C(0xC921023BFE762402) } }, ++ { { UINT64_C(0xA35AB657FFF4C8ED), UINT64_C(0x017C61248A5FABD7), ++ UINT64_C(0x5646302509ACDA28), UINT64_C(0x6038D36114CF238A), ++ UINT64_C(0x1428B1B6AF1B9F07), UINT64_C(0x5827FF447482E95C) }, ++ { UINT64_C(0xCB997E18780FF362), UINT64_C(0x2B89D702E0BCAC1E), ++ UINT64_C(0xC632A0B5A837DDC8), UINT64_C(0xF3EFCF1F59762647), ++ UINT64_C(0xE9BA309A38B0D60A), UINT64_C(0x05DEABDD20B5FB37) } }, ++ { { UINT64_C(0xD44E5DBACB8AF047), UINT64_C(0x15400CB4943CFE82), ++ UINT64_C(0xDBD695759DF88B67), UINT64_C(0x8299DB2BB2405A7D), ++ UINT64_C(0x46E3BF770B1D80CD), UINT64_C(0xC50CF66CE82BA3D9) }, ++ { UINT64_C(0xB2910A07F2F747A9), UINT64_C(0xF6B669DB5ADC89C1), ++ UINT64_C(0x3B5EF1A09052B081), UINT64_C(0x0F5D5ED3B594ACE2), ++ UINT64_C(0xDA30B8D5D5F01320), UINT64_C(0x0D688C5EAAFCD58F) } }, ++ { { UINT64_C(0x5EEE3A312A161074), UINT64_C(0x6BAAAE56EFE2BE37), ++ UINT64_C(0xF9787F61E3D78698), UINT64_C(0xC6836B2650630A30), ++ UINT64_C(0x7445B85D1445DEF1), UINT64_C(0xD72016A2D568A6A5) }, ++ { UINT64_C(0x9DD6F533E355614F), UINT64_C(0x637E7E5F91E04588), ++ UINT64_C(0x42E142F3B9FB1391), UINT64_C(0x0D07C05C41AFE5DA), ++ UINT64_C(0xD7CD25C81394EDF1), UINT64_C(0xEBE6A0FCB99288EE) } }, ++ { { UINT64_C(0xB8E63B7BBABBAD86), UINT64_C(0x63226A9F90D66766), ++ UINT64_C(0x263818365CF26666), UINT64_C(0xCCBD142D4CADD0BF), ++ UINT64_C(0xA070965E9AC29470), UINT64_C(0x6BDCA26025FF23ED) }, ++ { UINT64_C(0xD4E00FD487DCA7B3), UINT64_C(0xA50978339E0E8734), ++ UINT64_C(0xF73F162E048173A4), UINT64_C(0xD23F91969C3C2FA2), ++ UINT64_C(0x9AB98B45E4AC397A), UINT64_C(0x2BAA0300543F2D4B) } }, ++ { { UINT64_C(0xBBBE15E7C658C445), UINT64_C(0xB8CBCB20C28941D1), ++ UINT64_C(0x65549BE2027D6540), UINT64_C(0xEBBCA8021E8EF4F4), ++ UINT64_C(0x18214B4BD2ACA397), UINT64_C(0xCBEC7DE2E31784A3) }, ++ { UINT64_C(0x96F0533F0116FDF3), UINT64_C(0x68911C905C8F5EE1), ++ UINT64_C(0x7DE9A3AED568603A), UINT64_C(0x3F56C52C6A3AD7B7), ++ UINT64_C(0x5BE9AFCA670B4D0E), UINT64_C(0x628BFEEE375DFE2F) } }, ++ { { UINT64_C(0x97DAE81BDD4ADDB3), UINT64_C(0x12D2CF4E8704761B), ++ UINT64_C(0x5E820B403247788D), UINT64_C(0x82234B620051CA80), ++ UINT64_C(0x0C62704D6CB5EA74), UINT64_C(0xDE56042023941593) }, ++ { UINT64_C(0xB3912A3CF1B04145), UINT64_C(0xE3967CD7AF93688D), ++ UINT64_C(0x2E2DCD2F58DABB4B), UINT64_C(0x6564836F0E303911), ++ UINT64_C(0x1F10F19BECE07C5C), UINT64_C(0xB47F07EED8919126) } }, ++ { { UINT64_C(0xE3545085E9A2EEC9), UINT64_C(0x81866A972C8E51FE), ++ UINT64_C(0xD2BA7DB550027243), UINT64_C(0x29DAEAB54AE87DE4), ++ UINT64_C(0x5EF3D4B8684F9497), UINT64_C(0xE2DACE3B9D5D6873) }, ++ { UINT64_C(0xF012C951FFD29C9C), UINT64_C(0x48289445ADBADA14), ++ UINT64_C(0x8751F50D89558C49), UINT64_C(0x75511A4F99E35BEE), ++ UINT64_C(0xEF802D6E7D59AA5F), UINT64_C(0x14FCAD65A2A795E2) } }, ++ { { UINT64_C(0xC8EB00E808CB8F2C), UINT64_C(0x686075322B45BD86), ++ UINT64_C(0x7A29B45959969713), UINT64_C(0x5FA15B9BD684201B), ++ UINT64_C(0x1A853190B9E538EE), UINT64_C(0x4150605CD573D043) }, ++ { UINT64_C(0xEF011D3BEB9FBB68), UINT64_C(0x6727998266AE32B6), ++ UINT64_C(0x861B86EA445DE5EC), UINT64_C(0x62837D18A34A50E1), ++ UINT64_C(0x228C006ABF5F0663), UINT64_C(0xE007FDE7396DB36A) } }, ++ { { UINT64_C(0xDEE4F8815A916A55), UINT64_C(0x20DC0370F39C82CB), ++ UINT64_C(0xD9A7161540F09821), UINT64_C(0xD50AD8BFF7273492), ++ UINT64_C(0xA06F7D1232E7C4BF), UINT64_C(0xFA0F61544C5CEA36) }, ++ { UINT64_C(0xF4FD9BED5FC49CFE), UINT64_C(0xD8CB45D1C9291678), ++ UINT64_C(0x94DB86CC7B92C9F2), UINT64_C(0x09CA5F3873C81169), ++ UINT64_C(0x109F40B0AEED06F0), UINT64_C(0x9F0360B214DCAA0A) } }, ++ { { UINT64_C(0x4189B70DE12AD3E7), UINT64_C(0x5208ADB210B06607), ++ UINT64_C(0xEBD8E2A2EE8497FA), UINT64_C(0x61B1BD67E04F2ECB), ++ UINT64_C(0x0E2DDA724F3F5F99), UINT64_C(0xD5D96740F747B16D) }, ++ { UINT64_C(0x308A48F6A6BF397F), UINT64_C(0x7021C3E523A93595), ++ UINT64_C(0xF10B022936470AA0), UINT64_C(0x7761E8EC4E03295B), ++ UINT64_C(0x16EFEF5807339770), UINT64_C(0x0D55D2DD5DA5DAA2) } }, ++ { { UINT64_C(0x915EA6A38A22F87A), UINT64_C(0x191151C12E5A088E), ++ UINT64_C(0x190252F17F1D5CBE), UINT64_C(0xE43F59C33B0EC99B), ++ UINT64_C(0xBE8588D4FF2A6135), UINT64_C(0x103877CC2ECB4B9F) }, ++ { UINT64_C(0x8F4147E5023CF92B), UINT64_C(0xC24384CC0CC2085B), ++ UINT64_C(0x6A2DB4A2D082D311), UINT64_C(0x06283811ED7BA9AE), ++ UINT64_C(0xE9A3F5322A8E1592), UINT64_C(0xAC20F0F45A59E894) } }, ++ { { UINT64_C(0x788CAA5274AAB4B1), UINT64_C(0xEB84ABA12FEAFC7E), ++ UINT64_C(0x31DA71DAAC04FF77), UINT64_C(0x39D12EB924E4D0BF), ++ UINT64_C(0x4F2F292F87A34EF8), UINT64_C(0x9B324372A237A8ED) }, ++ { UINT64_C(0xBB2D04B12EE3A82D), UINT64_C(0xED4FF367D18D36B2), ++ UINT64_C(0x99D231EEA6EA0138), UINT64_C(0x7C2D4F064F92E04A), ++ UINT64_C(0x78A82AB2CA272FD0), UINT64_C(0x7EC41340AB8CDC32) } }, ++ }, ++ { ++ { { UINT64_C(0xD23658C8D2E15A8C), UINT64_C(0x23F93DF716BA28CA), ++ UINT64_C(0x6DAB10EC082210F1), UINT64_C(0xFB1ADD91BFC36490), ++ UINT64_C(0xEDA8B02F9A4F2D14), UINT64_C(0x9060318C56560443) }, ++ { UINT64_C(0x6C01479E64711AB2), UINT64_C(0x41446FC7E337EB85), ++ UINT64_C(0x4DCF3C1D71888397), UINT64_C(0x87A9C04E13C34FD2), ++ UINT64_C(0xFE0E08EC510C15AC), UINT64_C(0xFC0D0413C0F495D2) } }, ++ { { UINT64_C(0xEB05C516156636C2), UINT64_C(0x2F613ABA090E93FC), ++ UINT64_C(0xCFD573CD489576F5), UINT64_C(0xE6535380535A8D57), ++ UINT64_C(0x13947314671436C4), UINT64_C(0x1172FB0C5F0A122D) }, ++ { UINT64_C(0xAECC7EC1C12F58F6), UINT64_C(0xFE42F9578E41AFD2), ++ UINT64_C(0xDF96F6523D4221AA), UINT64_C(0xFEF5649F2851996B), ++ UINT64_C(0x46FB9F26D5CFB67E), UINT64_C(0xB047BFC7EF5C4052) } }, ++ { { UINT64_C(0x5CBDC442F4484374), UINT64_C(0x6B156957F92452EF), ++ UINT64_C(0x58A26886C118D02A), UINT64_C(0x87FF74E675AAF276), ++ UINT64_C(0xB133BE95F65F6EC1), UINT64_C(0xA89B62844B1B8D32) }, ++ { UINT64_C(0xDD8A8EF309C81004), UINT64_C(0x7F8225DB0CF21991), ++ UINT64_C(0xD525A6DB26623FAF), UINT64_C(0xF2368D40BAE15453), ++ UINT64_C(0x55D6A84D84F89FC9), UINT64_C(0xAF38358A86021A3E) } }, ++ { { UINT64_C(0xBD048BDCFF52E280), UINT64_C(0x8A51D0B2526A1795), ++ UINT64_C(0x40AAA758A985AC0F), UINT64_C(0x6039BCDCF2C7ACE9), ++ UINT64_C(0x712092CC6AEC347D), UINT64_C(0x7976D0906B5ACAB7) }, ++ { UINT64_C(0x1EBCF80D6EED9617), UINT64_C(0xB3A63149B0F404A4), ++ UINT64_C(0x3FDD3D1AD0B610EF), UINT64_C(0xDD3F6F9498C28AC7), ++ UINT64_C(0x650B77943A59750F), UINT64_C(0xEC59BAB12D3991AC) } }, ++ { { UINT64_C(0x01F40E882E552766), UINT64_C(0x1FE3D50966F5354F), ++ UINT64_C(0x0E46D006B3A8EA7F), UINT64_C(0xF75AB629F831CD6A), ++ UINT64_C(0xDAD808D791465119), UINT64_C(0x442405AF17EF9B10) }, ++ { UINT64_C(0xD5FE0A96672BDFCB), UINT64_C(0xA9DFA422355DBDEC), ++ UINT64_C(0xFDB79AA179B25636), UINT64_C(0xE7F26FFDEECE8AEC), ++ UINT64_C(0xB59255507EDD5AA2), UINT64_C(0x2C8F6FF08EB3A6C2) } }, ++ { { UINT64_C(0x88887756757D6136), UINT64_C(0xAD9AC18388B92E72), ++ UINT64_C(0x92CB2FC48785D3EB), UINT64_C(0xD1A542FE9319764B), ++ UINT64_C(0xAF4CC78F626A62F8), UINT64_C(0x7F3F5FC926BFFAAE) }, ++ { UINT64_C(0x0A203D4340AE2231), UINT64_C(0xA8BFD9E0387898E8), ++ UINT64_C(0x1A0C379C474B7DDD), UINT64_C(0x03855E0A34FD49EA), ++ UINT64_C(0x02B26223B3EF4AE1), UINT64_C(0x804BD8CFE399E0A3) } }, ++ { { UINT64_C(0x11A9F3D0DE865713), UINT64_C(0x81E36B6BBDE98821), ++ UINT64_C(0x324996C86AA891D0), UINT64_C(0x7B95BDC1395682B5), ++ UINT64_C(0x47BF2219C1600563), UINT64_C(0x7A473F50643E38B4) }, ++ { UINT64_C(0x0911F50AF5738288), UINT64_C(0xDF947A706F9C415B), ++ UINT64_C(0xBDB994F267A067F6), UINT64_C(0x3F4BEC1B88BE96CD), ++ UINT64_C(0x9820E931E56DD6D9), UINT64_C(0xB138F14F0A80F419) } }, ++ { { UINT64_C(0xA11A1A8F0429077A), UINT64_C(0x2BB1E33D10351C68), ++ UINT64_C(0x3C25ABFE89459A27), UINT64_C(0x2D0091B86B8AC774), ++ UINT64_C(0xDAFC78533B2415D9), UINT64_C(0xDE713CF19201680D) }, ++ { UINT64_C(0x8E5F445D68889D57), UINT64_C(0x608B209C60EABF5B), ++ UINT64_C(0x10EC0ACCF9CFA408), UINT64_C(0xD5256B9D4D1EE754), ++ UINT64_C(0xFF866BAB0AA6C18D), UINT64_C(0x9D196DB8ACB90A45) } }, ++ { { UINT64_C(0xA46D76A9B9B081B2), UINT64_C(0xFC743A1062163C25), ++ UINT64_C(0xCD2A5C8D7761C392), UINT64_C(0x39BDDE0BBE808583), ++ UINT64_C(0x7C416021B98E4DFE), UINT64_C(0xF930E56365913A44) }, ++ { UINT64_C(0xC3555F7E7585CF3C), UINT64_C(0xC737E3833D6333D5), ++ UINT64_C(0x5B60DBA4B430B03D), UINT64_C(0x42B715EBE7555404), ++ UINT64_C(0x571BDF5B7C7796E3), UINT64_C(0x33DC62C66DB6331F) } }, ++ { { UINT64_C(0x3FB9CCB0E61DEE59), UINT64_C(0xC5185F2318B14DB9), ++ UINT64_C(0x1B2ADC4F845EF36C), UINT64_C(0x195D5B505C1A33AB), ++ UINT64_C(0x8CEA528E421F59D2), UINT64_C(0x7DFCCECFD2931CEA) }, ++ { UINT64_C(0x51FFA1D58CF7E3F7), UINT64_C(0xF01B7886BDC9FB43), ++ UINT64_C(0xD65AB610261A0D35), UINT64_C(0x84BCBAFD7574A554), ++ UINT64_C(0x4B119956FAD70208), UINT64_C(0xDDC329C24FAB5243) } }, ++ { { UINT64_C(0x1A08AA579CE92177), UINT64_C(0x3395E557DC2B5C36), ++ UINT64_C(0xFDFE7041394ED04E), UINT64_C(0xB797EB24C6DFCDDE), ++ UINT64_C(0x284A6B2ACB9DE5D6), UINT64_C(0xE0BD95C807222765) }, ++ { UINT64_C(0x114A951B9FE678A7), UINT64_C(0xE7ECD0BD9E4954EC), ++ UINT64_C(0x7D4096FE79F0B8A9), UINT64_C(0xBDB26E9A09724FE2), ++ UINT64_C(0x08741AD8F787AF95), UINT64_C(0x2BF9727224045AD8) } }, ++ { { UINT64_C(0xAB1FEDD9A9451D57), UINT64_C(0xDF4D91DF483E38C9), ++ UINT64_C(0x2D54D31124E9CF8E), UINT64_C(0x9C2A5AF87A22EEB6), ++ UINT64_C(0xBD9861EF0A43F123), UINT64_C(0x581EA6A238A18B7B) }, ++ { UINT64_C(0xAF339C85296470A3), UINT64_C(0xF9603FCDAFD8203E), ++ UINT64_C(0x95D0535096763C28), UINT64_C(0x15445C16860EC831), ++ UINT64_C(0x2AFB87286867A323), UINT64_C(0x4B152D6D0C4838BF) } }, ++ { { UINT64_C(0x45BA0E4F837CACBA), UINT64_C(0x7ADB38AEC0725275), ++ UINT64_C(0x19C82831942D3C28), UINT64_C(0x94F4731D6D0FE7DD), ++ UINT64_C(0xC3C07E134898F1E6), UINT64_C(0x76350EACED410B51) }, ++ { UINT64_C(0x0FA8BECAF99AACFC), UINT64_C(0x2834D86F65FAF9CF), ++ UINT64_C(0x8E62846A6F3866AF), UINT64_C(0xDAA9BD4F3DFD6A2B), ++ UINT64_C(0xC27115BBA6132655), UINT64_C(0x83972DF7BD5A32C2) } }, ++ { { UINT64_C(0xA330CB5BD513B825), UINT64_C(0xAE18B2D3EE37BEC3), ++ UINT64_C(0xFC3AB80AF780A902), UINT64_C(0xD7835BE2D607DDF1), ++ UINT64_C(0x8120F7675B6E4C2B), UINT64_C(0xAA8C385967E78CCB) }, ++ { UINT64_C(0xA8DA8CE2AA0ED321), UINT64_C(0xCB8846FDD766341A), ++ UINT64_C(0xF2A342EE33DC9D9A), UINT64_C(0xA519E0BED0A18A80), ++ UINT64_C(0x9CDAA39CAF48DF4C), UINT64_C(0xA4B500CA7E0C19EE) } }, ++ { { UINT64_C(0x83A7FD2F8217001B), UINT64_C(0x4F6FCF064296A8BA), ++ UINT64_C(0x7D74864391619927), UINT64_C(0x174C1075941E4D41), ++ UINT64_C(0x037EDEBDA64F5A6C), UINT64_C(0xCF64DB3A6E29DC56) }, ++ { UINT64_C(0x150B3ACE37C0B9F4), UINT64_C(0x1323234A7168178B), ++ UINT64_C(0x1CE47014EF4D1879), UINT64_C(0xA22E374217FB4D5C), ++ UINT64_C(0x69B81822D985F794), UINT64_C(0x199C21C4081D7214) } }, ++ { { UINT64_C(0x160BC7A18F04B4D2), UINT64_C(0x79CA81DDB10DE174), ++ UINT64_C(0xE2A280B02DA1E9C7), UINT64_C(0xB4F6BD991D6A0A29), ++ UINT64_C(0x57CF3EDD1C5B8F27), UINT64_C(0x7E34FC57158C2FD4) }, ++ { UINT64_C(0x828CFD89CAC93459), UINT64_C(0x9E631B6FB7AF499F), ++ UINT64_C(0xF4DC8BC0DA26C135), UINT64_C(0x6128ED3937186735), ++ UINT64_C(0xBB45538B67BF0BA5), UINT64_C(0x1ADDD4C10064A3AB) } }, ++ }, ++ { ++ { { UINT64_C(0xC32730E8DD14D47E), UINT64_C(0xCDC1FD42C0F01E0F), ++ UINT64_C(0x2BACFDBF3F5CD846), UINT64_C(0x45F364167272D4DD), ++ UINT64_C(0xDD813A795EB75776), UINT64_C(0xB57885E450997BE2) }, ++ { UINT64_C(0xDA054E2BDB8C9829), UINT64_C(0x4161D820AAB5A594), ++ UINT64_C(0x4C428F31026116A3), UINT64_C(0x372AF9A0DCD85E91), ++ UINT64_C(0xFDA6E903673ADC2D), UINT64_C(0x4526B8ACA8DB59E6) } }, ++ { { UINT64_C(0x68FE359DE23A8472), UINT64_C(0x43EB12BD4CE3C101), ++ UINT64_C(0x0EC652C3FC704935), UINT64_C(0x1EEFF1F952E4E22D), ++ UINT64_C(0xBA6777CB083E3ADA), UINT64_C(0xAB52D7DC8BEFC871) }, ++ { UINT64_C(0x4EDE689F497CBD59), UINT64_C(0xC8AE42B927577DD9), ++ UINT64_C(0xE0F080517AB83C27), UINT64_C(0x1F3D5F252C8C1F48), ++ UINT64_C(0x57991607AF241AAC), UINT64_C(0xC4458B0AB8A337E0) } }, ++ { { UINT64_C(0x3DBB3FA651DD1BA9), UINT64_C(0xE53C1C4D545E960B), ++ UINT64_C(0x35AC6574793CE803), UINT64_C(0xB2697DC783DBCE4F), ++ UINT64_C(0xE35C5BF2E13CF6B0), UINT64_C(0x35034280B0C4A164) }, ++ { UINT64_C(0xAA490908D9C0D3C1), UINT64_C(0x2CCE614DCB4D2E90), ++ UINT64_C(0xF646E96C54D504E4), UINT64_C(0xD74E7541B73310A3), ++ UINT64_C(0xEAD7159618BDE5DA), UINT64_C(0x96E7F4A8AA09AEF7) } }, ++ { { UINT64_C(0xA8393A245D6E5F48), UINT64_C(0x2C8D7EA2F9175CE8), ++ UINT64_C(0xD8824E0255A20268), UINT64_C(0x9DD9A272A446BCC6), ++ UINT64_C(0xC929CDED5351499B), UINT64_C(0xEA5AD9ECCFE76535) }, ++ { UINT64_C(0x26F3D7D9DC32D001), UINT64_C(0x51C3BE8343EB9689), ++ UINT64_C(0x91FDCC06759E6DDB), UINT64_C(0xAC2E1904E302B891), ++ UINT64_C(0xAD25C645C207E1F7), UINT64_C(0x28A70F0DAB3DEB4A) } }, ++ { { UINT64_C(0x922D7F9703BEA8F1), UINT64_C(0x3AD820D4584570BE), ++ UINT64_C(0x0CE0A8503CD46B43), UINT64_C(0x4C07911FAE66743D), ++ UINT64_C(0x66519EB9FDA60023), UINT64_C(0x7F83004BEC2ACD9C) }, ++ { UINT64_C(0x001E0B80C3117EAD), UINT64_C(0xBB72D5410722BA25), ++ UINT64_C(0x3AF7DB966E9A5078), UINT64_C(0x86C5774E701B6B4C), ++ UINT64_C(0xBD2C0E8E37824DB5), UINT64_C(0x3AE3028CBFAC286D) } }, ++ { { UINT64_C(0x83D4D4A8A33E071B), UINT64_C(0x881C0A9261444BB5), ++ UINT64_C(0xEEA1E292520E3BC3), UINT64_C(0x5A5F4C3C2AAAB729), ++ UINT64_C(0x0B766C5EE63C7C94), UINT64_C(0x62BB8A9FBB2CC79C) }, ++ { UINT64_C(0x97ADC7D2AA5DC49D), UINT64_C(0x30CC26B331718681), ++ UINT64_C(0xAC86E6FF56E86EDE), UINT64_C(0x37BCA7A2CD52F7F2), ++ UINT64_C(0x734D2C949CE6D87F), UINT64_C(0x06A71D71C2F7E0CA) } }, ++ { { UINT64_C(0x559DCF75C6357D33), UINT64_C(0x4616D940652517DE), ++ UINT64_C(0x3D576B981CCF207B), UINT64_C(0x51E2D1EF1979F631), ++ UINT64_C(0x57517DDD06AE8296), UINT64_C(0x309A3D7FD6E7151F) }, ++ { UINT64_C(0xBA2A23E60E3A6FE5), UINT64_C(0x76CF674AD28B22C3), ++ UINT64_C(0xD235AD07F8B808C3), UINT64_C(0x7BBF4C586B71213A), ++ UINT64_C(0x0676792E93271EBB), UINT64_C(0x2CFD2C7605B1FC31) } }, ++ { { UINT64_C(0x4258E5C037A450F5), UINT64_C(0xC3245F1B52D2B118), ++ UINT64_C(0x6DF7B48482BC5963), UINT64_C(0xE520DA4D9C273D1E), ++ UINT64_C(0xED78E0122C3010E5), UINT64_C(0x112229483C1D4C05) }, ++ { UINT64_C(0xE3DAE5AFC692B490), UINT64_C(0x3272BD10C197F793), ++ UINT64_C(0xF7EAE411E709ACAA), UINT64_C(0x00B0C95F778270A6), ++ UINT64_C(0x4DA76EE1220D4350), UINT64_C(0x521E1461AB71E308) } }, ++ { { UINT64_C(0x7B654323343196A3), UINT64_C(0x35D442ADB0C95250), ++ UINT64_C(0x38AF50E6E264FF17), UINT64_C(0x28397A412030D2EA), ++ UINT64_C(0x8F1D84E9F74EEDA1), UINT64_C(0xD521F92DE6FB3C52) }, ++ { UINT64_C(0xAF358D7795733811), UINT64_C(0xEBFDDD0193ABFE94), ++ UINT64_C(0x05D8A028D18D99DE), UINT64_C(0x5A664019B5D5BDD9), ++ UINT64_C(0x3DF172822AA12FE8), UINT64_C(0xB42E006FB889A28E) } }, ++ { { UINT64_C(0xCF10E97DBC35CB1A), UINT64_C(0xC70A7BBD994DEDC5), ++ UINT64_C(0x76A5327C37D04FB9), UINT64_C(0x87539F76A76E0CDA), ++ UINT64_C(0xE9FE493FCD60A6B1), UINT64_C(0xA4574796132F01C0) }, ++ { UINT64_C(0xC43B85EBDB70B167), UINT64_C(0x81D5039A98551DFA), ++ UINT64_C(0x6B56FBE91D979FA4), UINT64_C(0x49714FD78615098F), ++ UINT64_C(0xB10E1CEA94DECAB5), UINT64_C(0x8342EBA3480EF6E3) } }, ++ { { UINT64_C(0xE1E030B0B3677288), UINT64_C(0x2978174C8D5CE3AF), ++ UINT64_C(0xAFC0271CF7B2DE98), UINT64_C(0x745BC6F3B99C20B5), ++ UINT64_C(0x9F6EDCED1E3BB4E5), UINT64_C(0x58D3EE4E73C8C1FC) }, ++ { UINT64_C(0x1F3535F47FD30124), UINT64_C(0xF366AC705FA62502), ++ UINT64_C(0x4C4C1FDD965363FE), UINT64_C(0x8B2C77771DE2CA2B), ++ UINT64_C(0x0CB54743882F1173), UINT64_C(0x94B6B8C071343331) } }, ++ { { UINT64_C(0x75AF014165B8B35B), UINT64_C(0x6D7B84854670A1F5), ++ UINT64_C(0x6EAA3A47A3B6D376), UINT64_C(0xD7E673D2CB3E5B66), ++ UINT64_C(0xC0338E6C9589AB38), UINT64_C(0x4BE26CB309440FAA) }, ++ { UINT64_C(0x82CB05E7394F9AA3), UINT64_C(0xC45C8A8A7F7792EA), ++ UINT64_C(0x37E5E33BB687DC70), UINT64_C(0x63853219DFE48E49), ++ UINT64_C(0x087951C16D0E5C8C), UINT64_C(0x7696A8C72BC27310) } }, ++ { { UINT64_C(0xA05736D5B67E834A), UINT64_C(0xDD2AA0F29098D42A), ++ UINT64_C(0x09F0C1D849C69DDC), UINT64_C(0x81F8BC1C8FF0F0F3), ++ UINT64_C(0x36FD3A4F03037775), UINT64_C(0x8286717D4B06DF5C) }, ++ { UINT64_C(0xB878F496A9079EA2), UINT64_C(0xA5642426D7DC796D), ++ UINT64_C(0x29B9351A67FDAC2B), UINT64_C(0x93774C0E1D543CDE), ++ UINT64_C(0x4F8793BA1A8E31C4), UINT64_C(0x7C9F3F3A6C94798A) } }, ++ { { UINT64_C(0x23C5AD11CB8ECDB8), UINT64_C(0x1E88D25E485A6A02), ++ UINT64_C(0xB27CBE84F1E268AE), UINT64_C(0xDDA80238F4CD0475), ++ UINT64_C(0x4F88857B49F8EB1B), UINT64_C(0x91B1221F52FB07F9) }, ++ { UINT64_C(0x7CE974608637FA67), UINT64_C(0x528B3CF4632198D8), ++ UINT64_C(0x33365AB3F6623769), UINT64_C(0x6FEBCFFF3A83A30F), ++ UINT64_C(0x398F4C999BD341EB), UINT64_C(0x180712BBB33A333C) } }, ++ { { UINT64_C(0x2B8655A2D93429E7), UINT64_C(0x99D600BB75C8B9EE), ++ UINT64_C(0x9FC1AF8B88FCA6CD), UINT64_C(0x2FB533867C311F80), ++ UINT64_C(0x20743ECBE8A71EEE), UINT64_C(0xEC3713C4E848B49E) }, ++ { UINT64_C(0x5B2037B5BB886817), UINT64_C(0x40EF5AC2307DBAF4), ++ UINT64_C(0xC2888AF21B3F643D), UINT64_C(0x0D8252E19D5A4190), ++ UINT64_C(0x06CC0BEC2DB52A8A), UINT64_C(0xB84B98EAAB94E969) } }, ++ { { UINT64_C(0x2E7AC078A0321E0E), UINT64_C(0x5C5A1168EF3DAAB6), ++ UINT64_C(0xD2D573CBADDD454A), UINT64_C(0x27E149E236259CC7), ++ UINT64_C(0x1EDFD469A63F47F1), UINT64_C(0x039AD674F1BD2CFD) }, ++ { UINT64_C(0xBFA633FC3077D3CC), UINT64_C(0x14A7C82F2FD64E9F), ++ UINT64_C(0xAAA650149D824999), UINT64_C(0x41AB113B21760F2E), ++ UINT64_C(0x23E646C51CAE260A), UINT64_C(0x08062C8F68DC5159) } }, ++ }, ++ { ++ { { UINT64_C(0x2E7D0A16204BE028), UINT64_C(0x4F1D082ED0E41851), ++ UINT64_C(0x15F1DDC63EB317F9), UINT64_C(0xF02750715ADF71D7), ++ UINT64_C(0x2CE33C2EEE858BC3), UINT64_C(0xA24C76D1DA73B71A) }, ++ { UINT64_C(0x9EF6A70A6C70C483), UINT64_C(0xEFCF170505CF9612), ++ UINT64_C(0x9F5BF5A67502DE64), UINT64_C(0xD11122A1A4701973), ++ UINT64_C(0x82CFAAC2A2EA7B24), UINT64_C(0x6CAD67CC0A4582E1) } }, ++ { { UINT64_C(0x597A26FFB4DC8600), UINT64_C(0x264A09F3F9288555), ++ UINT64_C(0x0B06AFF65C27F5F6), UINT64_C(0xCE5AB665D8D544E6), ++ UINT64_C(0x92F031BE99275C32), UINT64_C(0xAF51C5BBF42E0E7C) }, ++ { UINT64_C(0x5BB28B061E37B36D), UINT64_C(0x583FBA6A8473543A), ++ UINT64_C(0xE73FD299F93FB7DC), UINT64_C(0xFCD999A86E2CCAD9), ++ UINT64_C(0xB8C8A6DF334D4F57), UINT64_C(0x5ADB28DD9A2ACC9B) } }, ++ { { UINT64_C(0x5ADF3D9A111792B9), UINT64_C(0x1C77A3054F1E0D09), ++ UINT64_C(0xF9FBCE33A82D3736), UINT64_C(0xF307823E718C8AA3), ++ UINT64_C(0x860578CF416CCF69), UINT64_C(0xB942ADD81EF8465B) }, ++ { UINT64_C(0x9EE0CF97CD9472E1), UINT64_C(0xE6792EEFB01528A8), ++ UINT64_C(0xF99B9A8DC09DA90B), UINT64_C(0x1F521C2DCBF3CCB8), ++ UINT64_C(0x6BF6694891A62632), UINT64_C(0xCC7A9CEB854FE9DA) } }, ++ { { UINT64_C(0x46303171491CCB92), UINT64_C(0xA80A8C0D2771235B), ++ UINT64_C(0xD8E497FFF172C7CF), UINT64_C(0x7F7009D735B193CF), ++ UINT64_C(0x6B9FD3F7F19DF4BC), UINT64_C(0xADA548C3B46F1E37) }, ++ { UINT64_C(0x87C6EAA9C7A20270), UINT64_C(0xEF2245D6AE78EF99), ++ UINT64_C(0x2A121042539EAB95), UINT64_C(0x29A6D5D779B8F5CC), ++ UINT64_C(0x33803A10B77840DC), UINT64_C(0xFEDD3A7011A6A30F) } }, ++ { { UINT64_C(0xFA070E22142403D1), UINT64_C(0x68FF316015C6F7F5), ++ UINT64_C(0xE09F04E6223A0CE8), UINT64_C(0x22BBD01853E14183), ++ UINT64_C(0x35D9FAFCCF45B75B), UINT64_C(0x3A34819D7ECEEC88) }, ++ { UINT64_C(0xD9CF7568D33262D2), UINT64_C(0x431036D5841D1505), ++ UINT64_C(0x0C8005659EB2A79A), UINT64_C(0x8E77D9F05F7EDC6A), ++ UINT64_C(0x19E12D0565E800AA), UINT64_C(0x335C8D36B7784E7C) } }, ++ { { UINT64_C(0x8B2FC4E96484FD40), UINT64_C(0xEE702764A35D24EA), ++ UINT64_C(0x15B28AC7B871C3F3), UINT64_C(0x805B4048E097047F), ++ UINT64_C(0xD6F1B8DF647CAD2F), UINT64_C(0xF1D5B458DC7DD67F) }, ++ { UINT64_C(0x324C529C25148803), UINT64_C(0xF6185EBE21274FAF), ++ UINT64_C(0xAF14751E95148B55), UINT64_C(0x283ED89D28F284F4), ++ UINT64_C(0x93AD20E74CBEBF1A), UINT64_C(0x5F6EC65D882935E1) } }, ++ { { UINT64_C(0xE222EBA4A4DCEFE9), UINT64_C(0x63AD235FEC1CEB74), ++ UINT64_C(0x2E0BF749E05B18E7), UINT64_C(0x547BD050B48BDD87), ++ UINT64_C(0x0490C970F5AA2FC4), UINT64_C(0xCED5E4CF2B431390) }, ++ { UINT64_C(0x07D8270451D2898E), UINT64_C(0x44B72442083B57D4), ++ UINT64_C(0xA4ADA2305037FCE8), UINT64_C(0x55F7905E50510DA6), ++ UINT64_C(0xD8EE724F8D890A98), UINT64_C(0x925A8E7C11B85640) } }, ++ { { UINT64_C(0x5BFA10CD1CA459ED), UINT64_C(0x593F085A6DCF56BF), ++ UINT64_C(0xE6F0AD9BC0579C3E), UINT64_C(0xC11C95A22527C1AD), ++ UINT64_C(0x7CFA71E1CF1CB8B3), UINT64_C(0xEDCFF8331D6DC79D) }, ++ { UINT64_C(0x581C4BBE432521C9), UINT64_C(0xBF620096144E11A0), ++ UINT64_C(0x54C38B71BE3A107B), UINT64_C(0xED555E37E2606EC0), ++ UINT64_C(0x3FB148B8D721D034), UINT64_C(0x79D53DAD0091BC90) } }, ++ { { UINT64_C(0xE32068C5B7082C80), UINT64_C(0x4140FFD27A144E22), ++ UINT64_C(0x5811D2F09EDD9E86), UINT64_C(0xCDD79B5FC572C465), ++ UINT64_C(0x3563FED1C97BF450), UINT64_C(0x985C1444F2CE5C9C) }, ++ { UINT64_C(0x260AE79799950F1C), UINT64_C(0x659F4F40765E9DED), ++ UINT64_C(0x2A412D662E3BC286), UINT64_C(0xE865E62CF87E0C82), ++ UINT64_C(0xD63D3A9A6C05E7D7), UINT64_C(0x96725D678686F89A) } }, ++ { { UINT64_C(0xC99A5E4CAB7EA0F5), UINT64_C(0xC9860A1AC5393FA9), ++ UINT64_C(0x9ED83CEE8FDEEFC0), UINT64_C(0xE3EA8B4C5ED6869A), ++ UINT64_C(0x89A85463D2EED3A9), UINT64_C(0x2CD91B6DE421A622) }, ++ { UINT64_C(0x6FEC1EF32C91C41D), UINT64_C(0xB1540D1F8171037D), ++ UINT64_C(0x4FE4991A1C010E5B), UINT64_C(0x28A3469FFC1C7368), ++ UINT64_C(0xE1EEECD1AF118781), UINT64_C(0x1BCCB97799EF3531) } }, ++ { { UINT64_C(0x63D3B638C4DAB7B8), UINT64_C(0xD92133B63F7F5BAB), ++ UINT64_C(0x2573EE2009FB6069), UINT64_C(0x771FABDF890A1686), ++ UINT64_C(0x1D0BA21FA77AFFF5), UINT64_C(0x83145FCCBA3DD2C0) }, ++ { UINT64_C(0xFA073A812D115C20), UINT64_C(0x6AB7A9D319176F27), ++ UINT64_C(0xAF62CF939AC639EE), UINT64_C(0xF73848B92CCD1319), ++ UINT64_C(0x3B6132343C71659D), UINT64_C(0xF8E0011C10AB3826) } }, ++ { { UINT64_C(0x0501F0360282FFA5), UINT64_C(0xC39A5CF4D9E0F15A), ++ UINT64_C(0x48D8C7299A3D1F3C), UINT64_C(0xB5FC136B64E18EDA), ++ UINT64_C(0xE81B53D97E58FEF0), UINT64_C(0x0D534055F7B0F28D) }, ++ { UINT64_C(0x47B8DE127A80619B), UINT64_C(0x60E2A2B381F9E55D), ++ UINT64_C(0x6E9624D7CF564CC5), UINT64_C(0xFDF18A216BDEDFFF), ++ UINT64_C(0x3787DE38C0D5FC82), UINT64_C(0xCBCAA347497A6B11) } }, ++ { { UINT64_C(0x6E7EF35EB226465A), UINT64_C(0x4B4699195F8A2BAF), ++ UINT64_C(0x44B3A3CF1120D93F), UINT64_C(0xB052C8B668F34AD1), ++ UINT64_C(0x27EC574BEF7632DD), UINT64_C(0xAEBEA108685DE26F) }, ++ { UINT64_C(0xDA33236BE39424B6), UINT64_C(0xB1BD94A9EBCC22AD), ++ UINT64_C(0x6DDEE6CC2CDFB5D5), UINT64_C(0xBDAED9276F14069A), ++ UINT64_C(0x2ADE427C2A247CB7), UINT64_C(0xCE96B436ED156A40) } }, ++ { { UINT64_C(0xDDDCA36081F3F819), UINT64_C(0x4AF4A49FD419B96A), ++ UINT64_C(0x746C65257CB966B9), UINT64_C(0x01E390886F610023), ++ UINT64_C(0x05ECB38D98DD33FC), UINT64_C(0x962B971B8F84EDF4) }, ++ { UINT64_C(0xEB32C0A56A6F2602), UINT64_C(0xF026AF71562D60F2), ++ UINT64_C(0xA9E246BF84615FAB), UINT64_C(0xAD96709275DBAE01), ++ UINT64_C(0xBF97C79B3ECE5D07), UINT64_C(0xE06266C774EAA3D3) } }, ++ { { UINT64_C(0x161A01572E6DBB6E), UINT64_C(0xB8AF490460FA8F47), ++ UINT64_C(0xE4336C4400197F22), UINT64_C(0xF811AFFA9CEDCE0E), ++ UINT64_C(0xB1DD7685F94C2EF1), UINT64_C(0xEEDC0F4BCA957BB0) }, ++ { UINT64_C(0xD319FD574AA76BB1), UINT64_C(0xB3525D7C16CD7CCB), ++ UINT64_C(0x7B22DA9CA97DD072), UINT64_C(0x99DB84BD38A83E71), ++ UINT64_C(0x4939BC8DC0EDD8BE), UINT64_C(0x06D524EA903A932C) } }, ++ { { UINT64_C(0x4BC950EC0E31F639), UINT64_C(0xB7ABD3DC6016BE30), ++ UINT64_C(0x3B0F44736703DAD0), UINT64_C(0xCC405F8B0AC1C4EA), ++ UINT64_C(0x9BED5E57176C3FEE), UINT64_C(0xF452481036AE36C2) }, ++ { UINT64_C(0xC1EDBB8315D7B503), UINT64_C(0x943B1156E30F3657), ++ UINT64_C(0x984E9EEF98377805), UINT64_C(0x291AE7AC36CF1DEB), ++ UINT64_C(0xFED8748CA9F66DF3), UINT64_C(0xECA758BBFEA8FA5D) } }, ++ }, ++ { ++ { { UINT64_C(0xACC787EF2DD1B249), UINT64_C(0x736E1030D82976F1), ++ UINT64_C(0x0A6940FAA01B3649), UINT64_C(0xE00B926BC42341E7), ++ UINT64_C(0x911508D0DE8FFD6C), UINT64_C(0x4DCF8D465276B0CB) }, ++ { UINT64_C(0x23AD0A90CC3CAD8D), UINT64_C(0x2A92E54CADED962A), ++ UINT64_C(0x93FBEC4DF231BFAF), UINT64_C(0x9544BC774798987A), ++ UINT64_C(0x48084E2508E29F60), UINT64_C(0x0C0D2F4332DE5869) } }, ++ { { UINT64_C(0x6778F9703A9ABC13), UINT64_C(0xFD014FAC3D2B166B), ++ UINT64_C(0x1FE4FC783C6FED60), UINT64_C(0x04295FA8AA7C69C5), ++ UINT64_C(0xA01DE56D7C123175), UINT64_C(0x0FA0D3A83D9A713A) }, ++ { UINT64_C(0xA7A6E5E3E3E08ADD), UINT64_C(0xBD77E94B1AC58F85), ++ UINT64_C(0x078F6FD2B7321A9C), UINT64_C(0x9564601E911EF6D9), ++ UINT64_C(0x31C5C1B2415C6BEF), UINT64_C(0xE6C0C91ED3212C62) } }, ++ { { UINT64_C(0xBA7BD23C0D16022F), UINT64_C(0xE9CF4750198BE288), ++ UINT64_C(0x304E316947DEEC65), UINT64_C(0xCF65B41F96EEB288), ++ UINT64_C(0x17E99C17927E9E3B), UINT64_C(0x82225546F6630A80) }, ++ { UINT64_C(0x15122B8ACA067BD9), UINT64_C(0xE2673205B77B4E98), ++ UINT64_C(0x130375659407CA63), UINT64_C(0x53624F548B621602), ++ UINT64_C(0x96AF2CB1EAE4BD06), UINT64_C(0x576ECD1C8FA20829) } }, ++ { { UINT64_C(0xA551CE107E02D2D0), UINT64_C(0x1584ED249D13DBC7), ++ UINT64_C(0x082017AD4DA7B6D8), UINT64_C(0x81918A8FE054BC48), ++ UINT64_C(0x677DB48E572DC384), UINT64_C(0x2EF822966155484C) }, ++ { UINT64_C(0xC3DB14C641B9C231), UINT64_C(0x910A87D14A766192), ++ UINT64_C(0x93D5CC8610AB8E0F), UINT64_C(0x4194D548AE57CA1B), ++ UINT64_C(0xFAF3A1D6267FC37A), UINT64_C(0x70EC236413B87C97) } }, ++ { { UINT64_C(0x064B565B5E12756A), UINT64_C(0x953B7BD1AE49C98E), ++ UINT64_C(0xE0CE8284F7001D91), UINT64_C(0x1546060BF31108D0), ++ UINT64_C(0xDBC2C3F46779B6E2), UINT64_C(0x157AA47DE0DD07CF) }, ++ { UINT64_C(0xBF4A1C6FF23B261E), UINT64_C(0x5B8EED30654F4BE5), ++ UINT64_C(0xDF5896D36B20CCD8), UINT64_C(0x56920E2C559ED23D), ++ UINT64_C(0x901F342EFA6E3E27), UINT64_C(0x745C747C896CA082) } }, ++ { { UINT64_C(0xDBCCD5752944EC84), UINT64_C(0x54A2A935A5FF65FE), ++ UINT64_C(0x88C92A5E1A1319B6), UINT64_C(0x9537C28F82DA96C1), ++ UINT64_C(0xB683647435F93C46), UINT64_C(0xEC526A1D65B0846C) }, ++ { UINT64_C(0x6F12AFBDF382C412), UINT64_C(0x5EBC81D89E99FA06), ++ UINT64_C(0x97B5D672869B93BD), UINT64_C(0x2983C310377E12AA), ++ UINT64_C(0x4875968124D681EA), UINT64_C(0x1E0BD106287FD767) } }, ++ { { UINT64_C(0x0AC75A3E7231247F), UINT64_C(0x65C20DE6EF27AD3A), ++ UINT64_C(0x87EB6CF1BD02EEE5), UINT64_C(0x264ACA7A00147E03), ++ UINT64_C(0xEBC78581AE2A9437), UINT64_C(0x9929964E6316BFA5) }, ++ { UINT64_C(0xDC09E0409AF207EF), UINT64_C(0x3ECFFE2D0C9D8658), ++ UINT64_C(0x547EA735DFB43D38), UINT64_C(0x5485247BD04B1B20), ++ UINT64_C(0xB18D3F02BFD8B609), UINT64_C(0xEEB3E805CCE73705) } }, ++ { { UINT64_C(0xDAB1A525DB93850F), UINT64_C(0x18ADAA238365B7D5), ++ UINT64_C(0x58485C90113FC8C7), UINT64_C(0x80C3DBB9348AD323), ++ UINT64_C(0xAF892FB5E16ADCA1), UINT64_C(0x2183C879979F005A) }, ++ { UINT64_C(0x20FA1A940643A99E), UINT64_C(0x2741221C1A1609CB), ++ UINT64_C(0x1C1687E53C2FBDDC), UINT64_C(0xDCCF329ED420D6CF), ++ UINT64_C(0x75D5577D2B7197D1), UINT64_C(0x4C3C3875C8729D9C) } }, ++ { { UINT64_C(0x5E79F995E5CBDCB9), UINT64_C(0x03139824A742FCC7), ++ UINT64_C(0x6D0C214A239EF4A1), UINT64_C(0x53A27952401A2944), ++ UINT64_C(0xF42A1B34C10BCDF0), UINT64_C(0x426BAA437CF38061) }, ++ { UINT64_C(0x16A53139A96AD0C8), UINT64_C(0x627F1D316BAD5301), ++ UINT64_C(0x5AF748774ACCD627), UINT64_C(0x3C58A1C5B55B0FB8), ++ UINT64_C(0xFAA57B91F4399A6A), UINT64_C(0xBAD283FBC28094B8) } }, ++ { { UINT64_C(0xBA32AC6183E10A93), UINT64_C(0x1C91F6B4EC06BDB0), ++ UINT64_C(0x42E6CFBC65F60C93), UINT64_C(0xEFE33BC82C0CDCBE), ++ UINT64_C(0xE0FE1D094D6414F2), UINT64_C(0x4C11231676FA5C5B) }, ++ { UINT64_C(0x812C1DC62E26200A), UINT64_C(0xD6C413C5EE879D25), ++ UINT64_C(0xBEADE255BCA8BAFE), UINT64_C(0x0EAF4AE2CE2BA0E7), ++ UINT64_C(0x66E9FFB0C4F4408A), UINT64_C(0xB36A86D79782C7AD) } }, ++ { { UINT64_C(0x10FCD1F4BAD8D1C7), UINT64_C(0xC903816A4502F645), ++ UINT64_C(0x7FAC1CC1A503B895), UINT64_C(0x8BCD60410778900C), ++ UINT64_C(0x5A5F22025BCF2784), UINT64_C(0x9B157E8710EDB896) }, ++ { UINT64_C(0x4C58DA69F602A8B1), UINT64_C(0xD55132F859EC9D7E), ++ UINT64_C(0x155B719AA26D4870), UINT64_C(0x25AAFCA336441746), ++ UINT64_C(0x01F83338DD3B6B30), UINT64_C(0xD52BB5C1551917CC) } }, ++ { { UINT64_C(0xA0B6207B6135066A), UINT64_C(0xB3409F842AEC8CBD), ++ UINT64_C(0x5EBFD43619D87DF0), UINT64_C(0xCB4C209BE8526DE2), ++ UINT64_C(0xD764085B21E1A230), UINT64_C(0x96F915540899964A) }, ++ { UINT64_C(0xB0BEC8EFA57D122A), UINT64_C(0xC572EC565D9D0B33), ++ UINT64_C(0xEBE2A780CFA7C72C), UINT64_C(0x52D40CDB9EF3295C), ++ UINT64_C(0x640045840DE74DFE), UINT64_C(0xA6846432C0809716) } }, ++ { { UINT64_C(0x0D09E8CD02C979BC), UINT64_C(0xEC4B21F6409F4F2A), ++ UINT64_C(0x68125C7013FB07CA), UINT64_C(0x1C4CFC176FDFA72A), ++ UINT64_C(0xC9E71B9E04539FCD), UINT64_C(0x94B7103D8BA70797) }, ++ { UINT64_C(0x6B81E82FB33FDE83), UINT64_C(0x7CA9A8CAEABAFD4B), ++ UINT64_C(0xADD85A67EAB819CE), UINT64_C(0xAEC2548398E99FFC), ++ UINT64_C(0x938D6440274A07B6), UINT64_C(0x0A5C7097564A6AA0) } }, ++ { { UINT64_C(0x7284FF502F4FCEB6), UINT64_C(0x0A28715A78D0D5CB), ++ UINT64_C(0xE70B7014BFCE187C), UINT64_C(0xA6B538F57A17148D), ++ UINT64_C(0x1DAB07C9DD427166), UINT64_C(0x5C5578B0149D23CA) }, ++ { UINT64_C(0x875E2056875B5EDE), UINT64_C(0xCBF44B6D02C893B9), ++ UINT64_C(0x5715A77E5C2993FB), UINT64_C(0xAF3281463410597E), ++ UINT64_C(0x65DF418F42DC49DF), UINT64_C(0x7AC9C720A9EE52F6) } }, ++ { { UINT64_C(0xB1C9AA0762955486), UINT64_C(0xCBF35BE3245061D7), ++ UINT64_C(0x811E1BD38CF4DDC0), UINT64_C(0xD9D4589C948F7C84), ++ UINT64_C(0x30D09A0FCB0F996D), UINT64_C(0x1A1B3B7A590E7704) }, ++ { UINT64_C(0xA848E3492082768D), UINT64_C(0x9FEBD4929A249DF4), ++ UINT64_C(0x503420AF5F20439A), UINT64_C(0x0CBE52B68E2BFCD4), ++ UINT64_C(0xB1D5E261118C91B2), UINT64_C(0x93CFF6DA71D8F2BC) } }, ++ { { UINT64_C(0x5F5BC06B8AB58944), UINT64_C(0xE4BED5384979882D), ++ UINT64_C(0x57C30362D79B0EB1), UINT64_C(0x391AE2C1EF7C56D8), ++ UINT64_C(0x28BC2E97ADD98625), UINT64_C(0xFA8E86B81B257107) }, ++ { UINT64_C(0x5E4859F86118C715), UINT64_C(0x91C83324524C71DD), ++ UINT64_C(0xFB2092436D2F5E6D), UINT64_C(0x6B4FE21F2A900A43), ++ UINT64_C(0x241F75D632A73C1F), UINT64_C(0xF5BC46295AE89613) } }, ++ } ++}; ++ ++/*- ++ * Q := 2P, both projective, Q and P same pointers OK ++ * Autogenerated: op3/dbl_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 6 ++ * ASSERT: a = -3 ++ */ ++static void ++point_double(pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X = P->X; ++ const limb_t *Y = P->Y; ++ const limb_t *Z = P->Z; ++ limb_t *X3 = Q->X; ++ limb_t *Y3 = Q->Y; ++ limb_t *Z3 = Q->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp384r1_square(t0, X); ++ fiat_secp384r1_square(t1, Y); ++ fiat_secp384r1_square(t2, Z); ++ fiat_secp384r1_mul(t3, X, Y); ++ fiat_secp384r1_add(t3, t3, t3); ++ fiat_secp384r1_mul(t4, Y, Z); ++ fiat_secp384r1_mul(Z3, X, Z); ++ fiat_secp384r1_add(Z3, Z3, Z3); ++ fiat_secp384r1_mul(Y3, b, t2); ++ fiat_secp384r1_sub(Y3, Y3, Z3); ++ fiat_secp384r1_add(X3, Y3, Y3); ++ fiat_secp384r1_add(Y3, X3, Y3); ++ fiat_secp384r1_sub(X3, t1, Y3); ++ fiat_secp384r1_add(Y3, t1, Y3); ++ fiat_secp384r1_mul(Y3, X3, Y3); ++ fiat_secp384r1_mul(X3, X3, t3); ++ fiat_secp384r1_add(t3, t2, t2); ++ fiat_secp384r1_add(t2, t2, t3); ++ fiat_secp384r1_mul(Z3, b, Z3); ++ fiat_secp384r1_sub(Z3, Z3, t2); ++ fiat_secp384r1_sub(Z3, Z3, t0); ++ fiat_secp384r1_add(t3, Z3, Z3); ++ fiat_secp384r1_add(Z3, Z3, t3); ++ fiat_secp384r1_add(t3, t0, t0); ++ fiat_secp384r1_add(t0, t3, t0); ++ fiat_secp384r1_sub(t0, t0, t2); ++ fiat_secp384r1_mul(t0, t0, Z3); ++ fiat_secp384r1_add(Y3, Y3, t0); ++ fiat_secp384r1_add(t0, t4, t4); ++ fiat_secp384r1_mul(Z3, t0, Z3); ++ fiat_secp384r1_sub(X3, X3, Z3); ++ fiat_secp384r1_mul(Z3, t0, t1); ++ fiat_secp384r1_add(Z3, Z3, Z3); ++ fiat_secp384r1_add(Z3, Z3, Z3); ++} ++ ++/*- ++ * R := Q + P where R and Q are projective, P affine. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_mixed.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 5 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_mixed(pt_prj_t *R, const pt_prj_t *Q, const pt_aff_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ fe_t X3; ++ fe_t Y3; ++ fe_t Z3; ++ limb_t nz; ++ ++ /* check P for affine inf */ ++ fiat_secp384r1_nonzero(&nz, P->Y); ++ ++ /* the curve arith formula */ ++ fiat_secp384r1_mul(t0, X1, X2); ++ fiat_secp384r1_mul(t1, Y1, Y2); ++ fiat_secp384r1_add(t3, X2, Y2); ++ fiat_secp384r1_add(t4, X1, Y1); ++ fiat_secp384r1_mul(t3, t3, t4); ++ fiat_secp384r1_add(t4, t0, t1); ++ fiat_secp384r1_sub(t3, t3, t4); ++ fiat_secp384r1_mul(t4, Y2, Z1); ++ fiat_secp384r1_add(t4, t4, Y1); ++ fiat_secp384r1_mul(Y3, X2, Z1); ++ fiat_secp384r1_add(Y3, Y3, X1); ++ fiat_secp384r1_mul(Z3, b, Z1); ++ fiat_secp384r1_sub(X3, Y3, Z3); ++ fiat_secp384r1_add(Z3, X3, X3); ++ fiat_secp384r1_add(X3, X3, Z3); ++ fiat_secp384r1_sub(Z3, t1, X3); ++ fiat_secp384r1_add(X3, t1, X3); ++ fiat_secp384r1_mul(Y3, b, Y3); ++ fiat_secp384r1_add(t1, Z1, Z1); ++ fiat_secp384r1_add(t2, t1, Z1); ++ fiat_secp384r1_sub(Y3, Y3, t2); ++ fiat_secp384r1_sub(Y3, Y3, t0); ++ fiat_secp384r1_add(t1, Y3, Y3); ++ fiat_secp384r1_add(Y3, t1, Y3); ++ fiat_secp384r1_add(t1, t0, t0); ++ fiat_secp384r1_add(t0, t1, t0); ++ fiat_secp384r1_sub(t0, t0, t2); ++ fiat_secp384r1_mul(t1, t4, Y3); ++ fiat_secp384r1_mul(t2, t0, Y3); ++ fiat_secp384r1_mul(Y3, X3, Z3); ++ fiat_secp384r1_add(Y3, Y3, t2); ++ fiat_secp384r1_mul(X3, t3, X3); ++ fiat_secp384r1_sub(X3, X3, t1); ++ fiat_secp384r1_mul(Z3, t4, Z3); ++ fiat_secp384r1_mul(t1, t3, t0); ++ fiat_secp384r1_add(Z3, Z3, t1); ++ ++ /* if P is inf, throw all that away and take Q */ ++ fiat_secp384r1_selectznz(R->X, nz, Q->X, X3); ++ fiat_secp384r1_selectznz(R->Y, nz, Q->Y, Y3); ++ fiat_secp384r1_selectznz(R->Z, nz, Q->Z, Z3); ++} ++ ++/*- ++ * R := Q + P all projective. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 4 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_proj(pt_prj_t *R, const pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4, t5; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ const limb_t *Z2 = P->Z; ++ limb_t *X3 = R->X; ++ limb_t *Y3 = R->Y; ++ limb_t *Z3 = R->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp384r1_mul(t0, X1, X2); ++ fiat_secp384r1_mul(t1, Y1, Y2); ++ fiat_secp384r1_mul(t2, Z1, Z2); ++ fiat_secp384r1_add(t3, X1, Y1); ++ fiat_secp384r1_add(t4, X2, Y2); ++ fiat_secp384r1_mul(t3, t3, t4); ++ fiat_secp384r1_add(t4, t0, t1); ++ fiat_secp384r1_sub(t3, t3, t4); ++ fiat_secp384r1_add(t4, Y1, Z1); ++ fiat_secp384r1_add(t5, Y2, Z2); ++ fiat_secp384r1_mul(t4, t4, t5); ++ fiat_secp384r1_add(t5, t1, t2); ++ fiat_secp384r1_sub(t4, t4, t5); ++ fiat_secp384r1_add(X3, X1, Z1); ++ fiat_secp384r1_add(Y3, X2, Z2); ++ fiat_secp384r1_mul(X3, X3, Y3); ++ fiat_secp384r1_add(Y3, t0, t2); ++ fiat_secp384r1_sub(Y3, X3, Y3); ++ fiat_secp384r1_mul(Z3, b, t2); ++ fiat_secp384r1_sub(X3, Y3, Z3); ++ fiat_secp384r1_add(Z3, X3, X3); ++ fiat_secp384r1_add(X3, X3, Z3); ++ fiat_secp384r1_sub(Z3, t1, X3); ++ fiat_secp384r1_add(X3, t1, X3); ++ fiat_secp384r1_mul(Y3, b, Y3); ++ fiat_secp384r1_add(t1, t2, t2); ++ fiat_secp384r1_add(t2, t1, t2); ++ fiat_secp384r1_sub(Y3, Y3, t2); ++ fiat_secp384r1_sub(Y3, Y3, t0); ++ fiat_secp384r1_add(t1, Y3, Y3); ++ fiat_secp384r1_add(Y3, t1, Y3); ++ fiat_secp384r1_add(t1, t0, t0); ++ fiat_secp384r1_add(t0, t1, t0); ++ fiat_secp384r1_sub(t0, t0, t2); ++ fiat_secp384r1_mul(t1, t4, Y3); ++ fiat_secp384r1_mul(t2, t0, Y3); ++ fiat_secp384r1_mul(Y3, X3, Z3); ++ fiat_secp384r1_add(Y3, Y3, t2); ++ fiat_secp384r1_mul(X3, t3, X3); ++ fiat_secp384r1_sub(X3, X3, t1); ++ fiat_secp384r1_mul(Z3, t4, Z3); ++ fiat_secp384r1_mul(t1, t3, t0); ++ fiat_secp384r1_add(Z3, Z3, t1); ++} ++ ++/* constants */ ++#define RADIX 5 ++#define DRADIX (1 << RADIX) ++#define DRADIX_WNAF ((DRADIX) << 1) ++ ++/*- ++ * precomp for wnaf scalar multiplication: ++ * precomp[0] = 1P ++ * precomp[1] = 3P ++ * precomp[2] = 5P ++ * precomp[3] = 7P ++ * precomp[4] = 9P ++ * ... ++ */ ++static void ++precomp_wnaf(pt_prj_t precomp[DRADIX / 2], const pt_aff_t *P) ++{ ++ int i; ++ ++ fe_copy(precomp[0].X, P->X); ++ fe_copy(precomp[0].Y, P->Y); ++ fe_copy(precomp[0].Z, const_one); ++ point_double(&precomp[DRADIX / 2 - 1], &precomp[0]); ++ ++ for (i = 1; i < DRADIX / 2; i++) ++ point_add_proj(&precomp[i], &precomp[DRADIX / 2 - 1], &precomp[i - 1]); ++} ++ ++/* fetch a scalar bit */ ++static int ++scalar_get_bit(const unsigned char in[48], int idx) ++{ ++ int widx, rshift; ++ ++ widx = idx >> 3; ++ rshift = idx & 0x7; ++ ++ if (idx < 0 || widx >= 48) ++ return 0; ++ ++ return (in[widx] >> rshift) & 0x1; ++} ++ ++/*- ++ * Compute "regular" wnaf representation of a scalar. ++ * See "Exponent Recoding and Regular Exponentiation Algorithms", ++ * Tunstall et al., AfricaCrypt 2009, Alg 6. ++ * It forces an odd scalar and outputs digits in ++ * {\pm 1, \pm 3, \pm 5, \pm 7, \pm 9, ...} ++ * i.e. signed odd digits with _no zeroes_ -- that makes it "regular". ++ */ ++static void ++scalar_rwnaf(int8_t out[77], const unsigned char in[48]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = (in[0] & (DRADIX_WNAF - 1)) | 1; ++ for (i = 0; i < 76; i++) { ++ d = (window & (DRADIX_WNAF - 1)) - DRADIX; ++ out[i] = d; ++ window = (window - d) >> RADIX; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 1) << 1; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 2) << 2; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 3) << 3; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 4) << 4; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 5) << 5; ++ } ++ out[i] = window; ++} ++ ++/*- ++ * Compute "textbook" wnaf representation of a scalar. ++ * NB: not constant time ++ */ ++static void ++scalar_wnaf(int8_t out[385], const unsigned char in[48]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = in[0] & (DRADIX_WNAF - 1); ++ for (i = 0; i < 385; i++) { ++ d = 0; ++ if ((window & 1) && ((d = window & (DRADIX_WNAF - 1)) & DRADIX)) ++ d -= DRADIX_WNAF; ++ out[i] = d; ++ window = (window - d) >> 1; ++ window += scalar_get_bit(in, i + 1 + RADIX) << RADIX; ++ } ++} ++ ++/*- ++ * Simulateous scalar multiplication: interleaved "textbook" wnaf. ++ * NB: not constant time ++ */ ++static void ++var_smul_wnaf_two(pt_aff_t *out, const unsigned char a[48], ++ const unsigned char b[48], const pt_aff_t *P) ++{ ++ int i, d, is_neg, is_inf = 1, flipped = 0; ++ int8_t anaf[385] = { 0 }; ++ int8_t bnaf[385] = { 0 }; ++ pt_prj_t Q; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_wnaf(anaf, a); ++ scalar_wnaf(bnaf, b); ++ ++ for (i = 384; i >= 0; i--) { ++ if (!is_inf) ++ point_double(&Q, &Q); ++ if ((d = bnaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp384r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &precomp[d].X); ++ fe_copy(Q.Y, &precomp[d].Y); ++ fe_copy(Q.Z, &precomp[d].Z); ++ is_inf = 0; ++ } else ++ point_add_proj(&Q, &Q, &precomp[d]); ++ } ++ if ((d = anaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp384r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &lut_cmb[0][d].X); ++ fe_copy(Q.Y, &lut_cmb[0][d].Y); ++ fe_copy(Q.Z, const_one); ++ is_inf = 0; ++ } else ++ point_add_mixed(&Q, &Q, &lut_cmb[0][d]); ++ } ++ } ++ ++ if (is_inf) { ++ /* initialize accumulator to inf: all-zero scalars */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ } ++ ++ if (flipped) { ++ /* correct sign */ ++ fiat_secp384r1_opp(Q.Y, Q.Y); ++ } ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp384r1_inv(Q.Z, Q.Z); ++ fiat_secp384r1_mul(out->X, Q.X, Q.Z); ++ fiat_secp384r1_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Variable point scalar multiplication with "regular" wnaf. ++ */ ++static void ++var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[48], ++ const pt_aff_t *P) ++{ ++ int i, j, d, diff, is_neg; ++ int8_t rnaf[77] = { 0 }; ++ pt_prj_t Q, lut; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_rwnaf(rnaf, scalar); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ /* initialize accumulator to high digit */ ++ d = (rnaf[76] - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp384r1_selectznz(Q.X, diff, Q.X, precomp[j].X); ++ fiat_secp384r1_selectznz(Q.Y, diff, Q.Y, precomp[j].Y); ++ fiat_secp384r1_selectznz(Q.Z, diff, Q.Z, precomp[j].Z); ++ } ++ ++ for (i = 75; i >= 0; i--) { ++ for (j = 0; j < RADIX; j++) ++ point_double(&Q, &Q); ++ d = rnaf[i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp384r1_selectznz(lut.X, diff, lut.X, precomp[j].X); ++ fiat_secp384r1_selectznz(lut.Y, diff, lut.Y, precomp[j].Y); ++ fiat_secp384r1_selectznz(lut.Z, diff, lut.Z, precomp[j].Z); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp384r1_opp(out->Y, lut.Y); ++ fiat_secp384r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_proj(&Q, &Q, &lut); ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, precomp[0].X); ++ fiat_secp384r1_opp(lut.Y, precomp[0].Y); ++ fe_copy(lut.Z, precomp[0].Z); ++ point_add_proj(&lut, &lut, &Q); ++ fiat_secp384r1_selectznz(Q.X, scalar[0] & 1, lut.X, Q.X); ++ fiat_secp384r1_selectznz(Q.Y, scalar[0] & 1, lut.Y, Q.Y); ++ fiat_secp384r1_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp384r1_inv(Q.Z, Q.Z); ++ fiat_secp384r1_mul(out->X, Q.X, Q.Z); ++ fiat_secp384r1_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Fixed scalar multiplication: comb with interleaving. ++ */ ++static void ++fixed_smul_cmb(pt_aff_t *out, const unsigned char scalar[48]) ++{ ++ int i, j, k, d, diff, is_neg = 0; ++ int8_t rnaf[77] = { 0 }; ++ pt_prj_t Q, R; ++ pt_aff_t lut; ++ ++ scalar_rwnaf(rnaf, scalar); ++ ++ /* initalize accumulator to inf */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ for (i = 3; i >= 0; i--) { ++ for (j = 0; i != 3 && j < RADIX; j++) ++ point_double(&Q, &Q); ++ for (j = 0; j < 21; j++) { ++ if (j * 4 + i > 76) ++ continue; ++ d = rnaf[j * 4 + i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (k = 0; k < DRADIX / 2; k++) { ++ diff = (1 - (-(d ^ k) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp384r1_selectznz(lut.X, diff, lut.X, lut_cmb[j][k].X); ++ fiat_secp384r1_selectznz(lut.Y, diff, lut.Y, lut_cmb[j][k].Y); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp384r1_opp(out->Y, lut.Y); ++ fiat_secp384r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_mixed(&Q, &Q, &lut); ++ } ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, lut_cmb[0][0].X); ++ fiat_secp384r1_opp(lut.Y, lut_cmb[0][0].Y); ++ point_add_mixed(&R, &Q, &lut); ++ fiat_secp384r1_selectznz(Q.X, scalar[0] & 1, R.X, Q.X); ++ fiat_secp384r1_selectznz(Q.Y, scalar[0] & 1, R.Y, Q.Y); ++ fiat_secp384r1_selectznz(Q.Z, scalar[0] & 1, R.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp384r1_inv(Q.Z, Q.Z); ++ fiat_secp384r1_mul(out->X, Q.X, Q.Z); ++ fiat_secp384r1_mul(out->Y, Q.Y, Q.Z); ++} ++ ++static void ++point_mul_two(unsigned char outx[48], unsigned char outy[48], ++ const unsigned char a[48], const unsigned char b[48], ++ const unsigned char inx[48], ++ const unsigned char iny[48]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp384r1_from_bytes(P.X, inx); ++ fiat_secp384r1_from_bytes(P.Y, iny); ++ fiat_secp384r1_to_montgomery(P.X, P.X); ++ fiat_secp384r1_to_montgomery(P.Y, P.Y); ++ /* simultaneous scalar multiplication */ ++ var_smul_wnaf_two(&P, a, b, &P); ++ ++ fiat_secp384r1_from_montgomery(P.X, P.X); ++ fiat_secp384r1_from_montgomery(P.Y, P.Y); ++ fiat_secp384r1_to_bytes(outx, P.X); ++ fiat_secp384r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul_g(unsigned char outx[48], unsigned char outy[48], ++ const unsigned char scalar[48]) ++{ ++ pt_aff_t P; ++ ++ /* fixed scmul function */ ++ fixed_smul_cmb(&P, scalar); ++ fiat_secp384r1_from_montgomery(P.X, P.X); ++ fiat_secp384r1_from_montgomery(P.Y, P.Y); ++ fiat_secp384r1_to_bytes(outx, P.X); ++ fiat_secp384r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul(unsigned char outx[48], unsigned char outy[48], ++ const unsigned char scalar[48], ++ const unsigned char inx[48], ++ const unsigned char iny[48]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp384r1_from_bytes(P.X, inx); ++ fiat_secp384r1_from_bytes(P.Y, iny); ++ fiat_secp384r1_to_montgomery(P.X, P.X); ++ fiat_secp384r1_to_montgomery(P.Y, P.Y); ++ /* var scmul function */ ++ var_smul_rwnaf(&P, scalar, &P); ++ fiat_secp384r1_from_montgomery(P.X, P.X); ++ fiat_secp384r1_from_montgomery(P.Y, P.Y); ++ fiat_secp384r1_to_bytes(outx, P.X); ++ fiat_secp384r1_to_bytes(outy, P.Y); ++} ++ ++#undef RADIX ++#include "ecp.h" ++#include "mplogic.h" ++ ++/*- ++ * reverse bytes -- total hack ++ */ ++#define MP_BE2LE(a) \ ++ do { \ ++ unsigned char z_bswap; \ ++ z_bswap = a[0]; \ ++ a[0] = a[47]; \ ++ a[47] = z_bswap; \ ++ z_bswap = a[1]; \ ++ a[1] = a[46]; \ ++ a[46] = z_bswap; \ ++ z_bswap = a[2]; \ ++ a[2] = a[45]; \ ++ a[45] = z_bswap; \ ++ z_bswap = a[3]; \ ++ a[3] = a[44]; \ ++ a[44] = z_bswap; \ ++ z_bswap = a[4]; \ ++ a[4] = a[43]; \ ++ a[43] = z_bswap; \ ++ z_bswap = a[5]; \ ++ a[5] = a[42]; \ ++ a[42] = z_bswap; \ ++ z_bswap = a[6]; \ ++ a[6] = a[41]; \ ++ a[41] = z_bswap; \ ++ z_bswap = a[7]; \ ++ a[7] = a[40]; \ ++ a[40] = z_bswap; \ ++ z_bswap = a[8]; \ ++ a[8] = a[39]; \ ++ a[39] = z_bswap; \ ++ z_bswap = a[9]; \ ++ a[9] = a[38]; \ ++ a[38] = z_bswap; \ ++ z_bswap = a[10]; \ ++ a[10] = a[37]; \ ++ a[37] = z_bswap; \ ++ z_bswap = a[11]; \ ++ a[11] = a[36]; \ ++ a[36] = z_bswap; \ ++ z_bswap = a[12]; \ ++ a[12] = a[35]; \ ++ a[35] = z_bswap; \ ++ z_bswap = a[13]; \ ++ a[13] = a[34]; \ ++ a[34] = z_bswap; \ ++ z_bswap = a[14]; \ ++ a[14] = a[33]; \ ++ a[33] = z_bswap; \ ++ z_bswap = a[15]; \ ++ a[15] = a[32]; \ ++ a[32] = z_bswap; \ ++ z_bswap = a[16]; \ ++ a[16] = a[31]; \ ++ a[31] = z_bswap; \ ++ z_bswap = a[17]; \ ++ a[17] = a[30]; \ ++ a[30] = z_bswap; \ ++ z_bswap = a[18]; \ ++ a[18] = a[29]; \ ++ a[29] = z_bswap; \ ++ z_bswap = a[19]; \ ++ a[19] = a[28]; \ ++ a[28] = z_bswap; \ ++ z_bswap = a[20]; \ ++ a[20] = a[27]; \ ++ a[27] = z_bswap; \ ++ z_bswap = a[21]; \ ++ a[21] = a[26]; \ ++ a[26] = z_bswap; \ ++ z_bswap = a[22]; \ ++ a[22] = a[25]; \ ++ a[25] = z_bswap; \ ++ z_bswap = a[23]; \ ++ a[23] = a[24]; \ ++ a[24] = z_bswap; \ ++ } while (0) ++ ++static mp_err ++point_mul_g_secp384r1(const mp_int *n, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[48]; ++ unsigned char b_y[48]; ++ unsigned char b_n[48]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && out_x != NULL && out_y != NULL, MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 384 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 48)); ++ MP_BE2LE(b_n); ++ point_mul_g(b_x, b_y, b_n); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 48)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 48)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_secp384r1(const mp_int *n, const mp_int *in_x, ++ const mp_int *in_y, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[48]; ++ unsigned char b_y[48]; ++ unsigned char b_n[48]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && in_x != NULL && in_y != NULL && out_x != NULL && ++ out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 384 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 48)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n); ++ point_mul(b_x, b_y, b_n, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 48)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 48)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_two_secp384r1(const mp_int *n1, const mp_int *n2, ++ const mp_int *in_x, const mp_int *in_y, ++ mp_int *out_x, mp_int *out_y, ++ const ECGroup *group) ++{ ++ unsigned char b_x[48]; ++ unsigned char b_y[48]; ++ unsigned char b_n1[48]; ++ unsigned char b_n2[48]; ++ mp_err res; ++ ++ /* If n2 == NULL, this is just a base-point multiplication. */ ++ if (n2 == NULL) ++ return point_mul_g_secp384r1(n1, out_x, out_y, group); ++ ++ /* If n1 == NULL, this is just an arbitary-point multiplication. */ ++ if (n1 == NULL) ++ return point_mul_secp384r1(n2, in_x, in_y, out_x, out_y, group); ++ ++ ARGCHK(in_x != NULL && in_y != NULL && out_x != NULL && out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n1) > 384 || mp_cmp_z(n1) != 1 || ++ mpl_significant_bits(n2) > 384 || mp_cmp_z(n2) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n1, b_n1, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(n2, b_n2, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 48)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n1); ++ MP_BE2LE(b_n2); ++ point_mul_two(b_x, b_y, b_n1, b_n2, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 48)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 48)); ++ ++CLEANUP: ++ return res; ++} ++ ++mp_err ++ec_group_set_secp384r1(ECGroup *group, ECCurveName name) ++{ ++ if (name == ECCurve_NIST_P384) { ++ group->base_point_mul = &point_mul_g_secp384r1; ++ group->point_mul = &point_mul_secp384r1; ++ group->points_mul = &point_mul_two_secp384r1; ++ } ++ return MP_OKAY; ++} ++ ++#else /* __SIZEOF_INT128__ */ ++ ++#include ++#include ++#define LIMB_BITS 32 ++#define LIMB_CNT 12 ++/* Field elements */ ++typedef uint32_t fe_t[LIMB_CNT]; ++typedef uint32_t limb_t; ++ ++#define fe_copy(d, s) memcpy(d, s, sizeof(fe_t)) ++#define fe_set_zero(d) memset(d, 0, sizeof(fe_t)) ++ ++/* Projective points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++ fe_t Z; ++} pt_prj_t; ++ ++/* Affine points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++} pt_aff_t; ++ ++/* BEGIN verbatim fiat code https://github.com/mit-plv/fiat-crypto */ ++/*- ++ * MIT License ++ * ++ * Copyright (c) 2020 the fiat-crypto authors (see the AUTHORS file) ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++ ++/* Autogenerated: word_by_word_montgomery --static secp384r1 32 '2^384 - 2^128 - 2^96 + 2^32 - 1' */ ++/* curve description: secp384r1 */ ++/* machine_wordsize = 32 (from "32") */ ++/* requested operations: (all) */ ++/* m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1") */ ++/* */ ++/* NOTE: In addition to the bounds specified above each function, all */ ++/* functions synthesized for this Montgomery arithmetic require the */ ++/* input to be strictly less than the prime modulus (m), and also */ ++/* require the input to be in the unique saturated representation. */ ++/* All functions also ensure that these two properties are true of */ ++/* return values. */ ++/* */ ++/* Computed values: */ ++/* eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) + (z[8] << 256) + (z[9] << 0x120) + (z[10] << 0x140) + (z[11] << 0x160) */ ++/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) */ ++ ++#include ++typedef unsigned char fiat_secp384r1_uint1; ++typedef signed char fiat_secp384r1_int1; ++ ++#if (-1 & 3) != 3 ++#error "This code only works on a two's complement system" ++#endif ++ ++/* ++ * The function fiat_secp384r1_addcarryx_u32 is an addition with carry. ++ * Postconditions: ++ * out1 = (arg1 + arg2 + arg3) mod 2^32 ++ * out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffff] ++ * arg3: [0x0 ~> 0xffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp384r1_addcarryx_u32(uint32_t *out1, ++ fiat_secp384r1_uint1 *out2, ++ fiat_secp384r1_uint1 arg1, ++ uint32_t arg2, uint32_t arg3) ++{ ++ uint64_t x1; ++ uint32_t x2; ++ fiat_secp384r1_uint1 x3; ++ x1 = ((arg1 + (uint64_t)arg2) + arg3); ++ x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); ++ x3 = (fiat_secp384r1_uint1)(x1 >> 32); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp384r1_subborrowx_u32 is a subtraction with borrow. ++ * Postconditions: ++ * out1 = (-arg1 + arg2 + -arg3) mod 2^32 ++ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffff] ++ * arg3: [0x0 ~> 0xffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp384r1_subborrowx_u32(uint32_t *out1, ++ fiat_secp384r1_uint1 *out2, ++ fiat_secp384r1_uint1 arg1, ++ uint32_t arg2, uint32_t arg3) ++{ ++ int64_t x1; ++ fiat_secp384r1_int1 x2; ++ uint32_t x3; ++ x1 = ((arg2 - (int64_t)arg1) - arg3); ++ x2 = (fiat_secp384r1_int1)(x1 >> 32); ++ x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); ++ *out1 = x3; ++ *out2 = (fiat_secp384r1_uint1)(0x0 - x2); ++} ++ ++/* ++ * The function fiat_secp384r1_mulx_u32 is a multiplication, returning the full double-width result. ++ * Postconditions: ++ * out1 = (arg1 * arg2) mod 2^32 ++ * out2 = ⌊arg1 * arg2 / 2^32⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0xffffffff] ++ * arg2: [0x0 ~> 0xffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffff] ++ * out2: [0x0 ~> 0xffffffff] ++ */ ++static void ++fiat_secp384r1_mulx_u32(uint32_t *out1, uint32_t *out2, ++ uint32_t arg1, uint32_t arg2) ++{ ++ uint64_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ x1 = ((uint64_t)arg1 * arg2); ++ x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); ++ x3 = (uint32_t)(x1 >> 32); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp384r1_cmovznz_u32 is a single-word conditional move. ++ * Postconditions: ++ * out1 = (if arg1 = 0 then arg2 else arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffff] ++ * arg3: [0x0 ~> 0xffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffff] ++ */ ++static void ++fiat_secp384r1_cmovznz_u32(uint32_t *out1, ++ fiat_secp384r1_uint1 arg1, uint32_t arg2, ++ uint32_t arg3) ++{ ++ fiat_secp384r1_uint1 x1; ++ uint32_t x2; ++ uint32_t x3; ++ x1 = (!(!arg1)); ++ x2 = ((fiat_secp384r1_int1)(0x0 - x1) & UINT32_C(0xffffffff)); ++ x3 = ((x2 & arg3) | ((~x2) & arg2)); ++ *out1 = x3; ++} ++ ++/* ++ * The function fiat_secp384r1_mul multiplies two field elements in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * 0 ≤ eval arg2 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_mul(uint32_t out1[12], const uint32_t arg1[12], ++ const uint32_t arg2[12]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ uint32_t x23; ++ uint32_t x24; ++ uint32_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint32_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint32_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint32_t x36; ++ uint32_t x37; ++ fiat_secp384r1_uint1 x38; ++ uint32_t x39; ++ fiat_secp384r1_uint1 x40; ++ uint32_t x41; ++ fiat_secp384r1_uint1 x42; ++ uint32_t x43; ++ fiat_secp384r1_uint1 x44; ++ uint32_t x45; ++ fiat_secp384r1_uint1 x46; ++ uint32_t x47; ++ fiat_secp384r1_uint1 x48; ++ uint32_t x49; ++ fiat_secp384r1_uint1 x50; ++ uint32_t x51; ++ fiat_secp384r1_uint1 x52; ++ uint32_t x53; ++ fiat_secp384r1_uint1 x54; ++ uint32_t x55; ++ fiat_secp384r1_uint1 x56; ++ uint32_t x57; ++ fiat_secp384r1_uint1 x58; ++ uint32_t x59; ++ uint32_t x60; ++ uint32_t x61; ++ uint32_t x62; ++ uint32_t x63; ++ uint32_t x64; ++ uint32_t x65; ++ uint32_t x66; ++ uint32_t x67; ++ uint32_t x68; ++ uint32_t x69; ++ uint32_t x70; ++ uint32_t x71; ++ uint32_t x72; ++ uint32_t x73; ++ uint32_t x74; ++ uint32_t x75; ++ uint32_t x76; ++ uint32_t x77; ++ uint32_t x78; ++ uint32_t x79; ++ uint32_t x80; ++ fiat_secp384r1_uint1 x81; ++ uint32_t x82; ++ fiat_secp384r1_uint1 x83; ++ uint32_t x84; ++ fiat_secp384r1_uint1 x85; ++ uint32_t x86; ++ fiat_secp384r1_uint1 x87; ++ uint32_t x88; ++ fiat_secp384r1_uint1 x89; ++ uint32_t x90; ++ fiat_secp384r1_uint1 x91; ++ uint32_t x92; ++ fiat_secp384r1_uint1 x93; ++ uint32_t x94; ++ fiat_secp384r1_uint1 x95; ++ uint32_t x96; ++ uint32_t x97; ++ fiat_secp384r1_uint1 x98; ++ uint32_t x99; ++ fiat_secp384r1_uint1 x100; ++ uint32_t x101; ++ fiat_secp384r1_uint1 x102; ++ uint32_t x103; ++ fiat_secp384r1_uint1 x104; ++ uint32_t x105; ++ fiat_secp384r1_uint1 x106; ++ uint32_t x107; ++ fiat_secp384r1_uint1 x108; ++ uint32_t x109; ++ fiat_secp384r1_uint1 x110; ++ uint32_t x111; ++ fiat_secp384r1_uint1 x112; ++ uint32_t x113; ++ fiat_secp384r1_uint1 x114; ++ uint32_t x115; ++ fiat_secp384r1_uint1 x116; ++ uint32_t x117; ++ fiat_secp384r1_uint1 x118; ++ uint32_t x119; ++ fiat_secp384r1_uint1 x120; ++ uint32_t x121; ++ fiat_secp384r1_uint1 x122; ++ uint32_t x123; ++ uint32_t x124; ++ uint32_t x125; ++ uint32_t x126; ++ uint32_t x127; ++ uint32_t x128; ++ uint32_t x129; ++ uint32_t x130; ++ uint32_t x131; ++ uint32_t x132; ++ uint32_t x133; ++ uint32_t x134; ++ uint32_t x135; ++ uint32_t x136; ++ uint32_t x137; ++ uint32_t x138; ++ uint32_t x139; ++ uint32_t x140; ++ uint32_t x141; ++ uint32_t x142; ++ uint32_t x143; ++ uint32_t x144; ++ uint32_t x145; ++ uint32_t x146; ++ uint32_t x147; ++ fiat_secp384r1_uint1 x148; ++ uint32_t x149; ++ fiat_secp384r1_uint1 x150; ++ uint32_t x151; ++ fiat_secp384r1_uint1 x152; ++ uint32_t x153; ++ fiat_secp384r1_uint1 x154; ++ uint32_t x155; ++ fiat_secp384r1_uint1 x156; ++ uint32_t x157; ++ fiat_secp384r1_uint1 x158; ++ uint32_t x159; ++ fiat_secp384r1_uint1 x160; ++ uint32_t x161; ++ fiat_secp384r1_uint1 x162; ++ uint32_t x163; ++ fiat_secp384r1_uint1 x164; ++ uint32_t x165; ++ fiat_secp384r1_uint1 x166; ++ uint32_t x167; ++ fiat_secp384r1_uint1 x168; ++ uint32_t x169; ++ uint32_t x170; ++ fiat_secp384r1_uint1 x171; ++ uint32_t x172; ++ fiat_secp384r1_uint1 x173; ++ uint32_t x174; ++ fiat_secp384r1_uint1 x175; ++ uint32_t x176; ++ fiat_secp384r1_uint1 x177; ++ uint32_t x178; ++ fiat_secp384r1_uint1 x179; ++ uint32_t x180; ++ fiat_secp384r1_uint1 x181; ++ uint32_t x182; ++ fiat_secp384r1_uint1 x183; ++ uint32_t x184; ++ fiat_secp384r1_uint1 x185; ++ uint32_t x186; ++ fiat_secp384r1_uint1 x187; ++ uint32_t x188; ++ fiat_secp384r1_uint1 x189; ++ uint32_t x190; ++ fiat_secp384r1_uint1 x191; ++ uint32_t x192; ++ fiat_secp384r1_uint1 x193; ++ uint32_t x194; ++ fiat_secp384r1_uint1 x195; ++ uint32_t x196; ++ uint32_t x197; ++ uint32_t x198; ++ uint32_t x199; ++ uint32_t x200; ++ uint32_t x201; ++ uint32_t x202; ++ uint32_t x203; ++ uint32_t x204; ++ uint32_t x205; ++ uint32_t x206; ++ uint32_t x207; ++ uint32_t x208; ++ uint32_t x209; ++ uint32_t x210; ++ uint32_t x211; ++ uint32_t x212; ++ uint32_t x213; ++ uint32_t x214; ++ uint32_t x215; ++ uint32_t x216; ++ fiat_secp384r1_uint1 x217; ++ uint32_t x218; ++ fiat_secp384r1_uint1 x219; ++ uint32_t x220; ++ fiat_secp384r1_uint1 x221; ++ uint32_t x222; ++ fiat_secp384r1_uint1 x223; ++ uint32_t x224; ++ fiat_secp384r1_uint1 x225; ++ uint32_t x226; ++ fiat_secp384r1_uint1 x227; ++ uint32_t x228; ++ fiat_secp384r1_uint1 x229; ++ uint32_t x230; ++ fiat_secp384r1_uint1 x231; ++ uint32_t x232; ++ uint32_t x233; ++ fiat_secp384r1_uint1 x234; ++ uint32_t x235; ++ fiat_secp384r1_uint1 x236; ++ uint32_t x237; ++ fiat_secp384r1_uint1 x238; ++ uint32_t x239; ++ fiat_secp384r1_uint1 x240; ++ uint32_t x241; ++ fiat_secp384r1_uint1 x242; ++ uint32_t x243; ++ fiat_secp384r1_uint1 x244; ++ uint32_t x245; ++ fiat_secp384r1_uint1 x246; ++ uint32_t x247; ++ fiat_secp384r1_uint1 x248; ++ uint32_t x249; ++ fiat_secp384r1_uint1 x250; ++ uint32_t x251; ++ fiat_secp384r1_uint1 x252; ++ uint32_t x253; ++ fiat_secp384r1_uint1 x254; ++ uint32_t x255; ++ fiat_secp384r1_uint1 x256; ++ uint32_t x257; ++ fiat_secp384r1_uint1 x258; ++ uint32_t x259; ++ uint32_t x260; ++ uint32_t x261; ++ uint32_t x262; ++ uint32_t x263; ++ uint32_t x264; ++ uint32_t x265; ++ uint32_t x266; ++ uint32_t x267; ++ uint32_t x268; ++ uint32_t x269; ++ uint32_t x270; ++ uint32_t x271; ++ uint32_t x272; ++ uint32_t x273; ++ uint32_t x274; ++ uint32_t x275; ++ uint32_t x276; ++ uint32_t x277; ++ uint32_t x278; ++ uint32_t x279; ++ uint32_t x280; ++ uint32_t x281; ++ uint32_t x282; ++ uint32_t x283; ++ uint32_t x284; ++ fiat_secp384r1_uint1 x285; ++ uint32_t x286; ++ fiat_secp384r1_uint1 x287; ++ uint32_t x288; ++ fiat_secp384r1_uint1 x289; ++ uint32_t x290; ++ fiat_secp384r1_uint1 x291; ++ uint32_t x292; ++ fiat_secp384r1_uint1 x293; ++ uint32_t x294; ++ fiat_secp384r1_uint1 x295; ++ uint32_t x296; ++ fiat_secp384r1_uint1 x297; ++ uint32_t x298; ++ fiat_secp384r1_uint1 x299; ++ uint32_t x300; ++ fiat_secp384r1_uint1 x301; ++ uint32_t x302; ++ fiat_secp384r1_uint1 x303; ++ uint32_t x304; ++ fiat_secp384r1_uint1 x305; ++ uint32_t x306; ++ uint32_t x307; ++ fiat_secp384r1_uint1 x308; ++ uint32_t x309; ++ fiat_secp384r1_uint1 x310; ++ uint32_t x311; ++ fiat_secp384r1_uint1 x312; ++ uint32_t x313; ++ fiat_secp384r1_uint1 x314; ++ uint32_t x315; ++ fiat_secp384r1_uint1 x316; ++ uint32_t x317; ++ fiat_secp384r1_uint1 x318; ++ uint32_t x319; ++ fiat_secp384r1_uint1 x320; ++ uint32_t x321; ++ fiat_secp384r1_uint1 x322; ++ uint32_t x323; ++ fiat_secp384r1_uint1 x324; ++ uint32_t x325; ++ fiat_secp384r1_uint1 x326; ++ uint32_t x327; ++ fiat_secp384r1_uint1 x328; ++ uint32_t x329; ++ fiat_secp384r1_uint1 x330; ++ uint32_t x331; ++ fiat_secp384r1_uint1 x332; ++ uint32_t x333; ++ uint32_t x334; ++ uint32_t x335; ++ uint32_t x336; ++ uint32_t x337; ++ uint32_t x338; ++ uint32_t x339; ++ uint32_t x340; ++ uint32_t x341; ++ uint32_t x342; ++ uint32_t x343; ++ uint32_t x344; ++ uint32_t x345; ++ uint32_t x346; ++ uint32_t x347; ++ uint32_t x348; ++ uint32_t x349; ++ uint32_t x350; ++ uint32_t x351; ++ uint32_t x352; ++ uint32_t x353; ++ fiat_secp384r1_uint1 x354; ++ uint32_t x355; ++ fiat_secp384r1_uint1 x356; ++ uint32_t x357; ++ fiat_secp384r1_uint1 x358; ++ uint32_t x359; ++ fiat_secp384r1_uint1 x360; ++ uint32_t x361; ++ fiat_secp384r1_uint1 x362; ++ uint32_t x363; ++ fiat_secp384r1_uint1 x364; ++ uint32_t x365; ++ fiat_secp384r1_uint1 x366; ++ uint32_t x367; ++ fiat_secp384r1_uint1 x368; ++ uint32_t x369; ++ uint32_t x370; ++ fiat_secp384r1_uint1 x371; ++ uint32_t x372; ++ fiat_secp384r1_uint1 x373; ++ uint32_t x374; ++ fiat_secp384r1_uint1 x375; ++ uint32_t x376; ++ fiat_secp384r1_uint1 x377; ++ uint32_t x378; ++ fiat_secp384r1_uint1 x379; ++ uint32_t x380; ++ fiat_secp384r1_uint1 x381; ++ uint32_t x382; ++ fiat_secp384r1_uint1 x383; ++ uint32_t x384; ++ fiat_secp384r1_uint1 x385; ++ uint32_t x386; ++ fiat_secp384r1_uint1 x387; ++ uint32_t x388; ++ fiat_secp384r1_uint1 x389; ++ uint32_t x390; ++ fiat_secp384r1_uint1 x391; ++ uint32_t x392; ++ fiat_secp384r1_uint1 x393; ++ uint32_t x394; ++ fiat_secp384r1_uint1 x395; ++ uint32_t x396; ++ uint32_t x397; ++ uint32_t x398; ++ uint32_t x399; ++ uint32_t x400; ++ uint32_t x401; ++ uint32_t x402; ++ uint32_t x403; ++ uint32_t x404; ++ uint32_t x405; ++ uint32_t x406; ++ uint32_t x407; ++ uint32_t x408; ++ uint32_t x409; ++ uint32_t x410; ++ uint32_t x411; ++ uint32_t x412; ++ uint32_t x413; ++ uint32_t x414; ++ uint32_t x415; ++ uint32_t x416; ++ uint32_t x417; ++ uint32_t x418; ++ uint32_t x419; ++ uint32_t x420; ++ uint32_t x421; ++ fiat_secp384r1_uint1 x422; ++ uint32_t x423; ++ fiat_secp384r1_uint1 x424; ++ uint32_t x425; ++ fiat_secp384r1_uint1 x426; ++ uint32_t x427; ++ fiat_secp384r1_uint1 x428; ++ uint32_t x429; ++ fiat_secp384r1_uint1 x430; ++ uint32_t x431; ++ fiat_secp384r1_uint1 x432; ++ uint32_t x433; ++ fiat_secp384r1_uint1 x434; ++ uint32_t x435; ++ fiat_secp384r1_uint1 x436; ++ uint32_t x437; ++ fiat_secp384r1_uint1 x438; ++ uint32_t x439; ++ fiat_secp384r1_uint1 x440; ++ uint32_t x441; ++ fiat_secp384r1_uint1 x442; ++ uint32_t x443; ++ uint32_t x444; ++ fiat_secp384r1_uint1 x445; ++ uint32_t x446; ++ fiat_secp384r1_uint1 x447; ++ uint32_t x448; ++ fiat_secp384r1_uint1 x449; ++ uint32_t x450; ++ fiat_secp384r1_uint1 x451; ++ uint32_t x452; ++ fiat_secp384r1_uint1 x453; ++ uint32_t x454; ++ fiat_secp384r1_uint1 x455; ++ uint32_t x456; ++ fiat_secp384r1_uint1 x457; ++ uint32_t x458; ++ fiat_secp384r1_uint1 x459; ++ uint32_t x460; ++ fiat_secp384r1_uint1 x461; ++ uint32_t x462; ++ fiat_secp384r1_uint1 x463; ++ uint32_t x464; ++ fiat_secp384r1_uint1 x465; ++ uint32_t x466; ++ fiat_secp384r1_uint1 x467; ++ uint32_t x468; ++ fiat_secp384r1_uint1 x469; ++ uint32_t x470; ++ uint32_t x471; ++ uint32_t x472; ++ uint32_t x473; ++ uint32_t x474; ++ uint32_t x475; ++ uint32_t x476; ++ uint32_t x477; ++ uint32_t x478; ++ uint32_t x479; ++ uint32_t x480; ++ uint32_t x481; ++ uint32_t x482; ++ uint32_t x483; ++ uint32_t x484; ++ uint32_t x485; ++ uint32_t x486; ++ uint32_t x487; ++ uint32_t x488; ++ uint32_t x489; ++ uint32_t x490; ++ fiat_secp384r1_uint1 x491; ++ uint32_t x492; ++ fiat_secp384r1_uint1 x493; ++ uint32_t x494; ++ fiat_secp384r1_uint1 x495; ++ uint32_t x496; ++ fiat_secp384r1_uint1 x497; ++ uint32_t x498; ++ fiat_secp384r1_uint1 x499; ++ uint32_t x500; ++ fiat_secp384r1_uint1 x501; ++ uint32_t x502; ++ fiat_secp384r1_uint1 x503; ++ uint32_t x504; ++ fiat_secp384r1_uint1 x505; ++ uint32_t x506; ++ uint32_t x507; ++ fiat_secp384r1_uint1 x508; ++ uint32_t x509; ++ fiat_secp384r1_uint1 x510; ++ uint32_t x511; ++ fiat_secp384r1_uint1 x512; ++ uint32_t x513; ++ fiat_secp384r1_uint1 x514; ++ uint32_t x515; ++ fiat_secp384r1_uint1 x516; ++ uint32_t x517; ++ fiat_secp384r1_uint1 x518; ++ uint32_t x519; ++ fiat_secp384r1_uint1 x520; ++ uint32_t x521; ++ fiat_secp384r1_uint1 x522; ++ uint32_t x523; ++ fiat_secp384r1_uint1 x524; ++ uint32_t x525; ++ fiat_secp384r1_uint1 x526; ++ uint32_t x527; ++ fiat_secp384r1_uint1 x528; ++ uint32_t x529; ++ fiat_secp384r1_uint1 x530; ++ uint32_t x531; ++ fiat_secp384r1_uint1 x532; ++ uint32_t x533; ++ uint32_t x534; ++ uint32_t x535; ++ uint32_t x536; ++ uint32_t x537; ++ uint32_t x538; ++ uint32_t x539; ++ uint32_t x540; ++ uint32_t x541; ++ uint32_t x542; ++ uint32_t x543; ++ uint32_t x544; ++ uint32_t x545; ++ uint32_t x546; ++ uint32_t x547; ++ uint32_t x548; ++ uint32_t x549; ++ uint32_t x550; ++ uint32_t x551; ++ uint32_t x552; ++ uint32_t x553; ++ uint32_t x554; ++ uint32_t x555; ++ uint32_t x556; ++ uint32_t x557; ++ uint32_t x558; ++ fiat_secp384r1_uint1 x559; ++ uint32_t x560; ++ fiat_secp384r1_uint1 x561; ++ uint32_t x562; ++ fiat_secp384r1_uint1 x563; ++ uint32_t x564; ++ fiat_secp384r1_uint1 x565; ++ uint32_t x566; ++ fiat_secp384r1_uint1 x567; ++ uint32_t x568; ++ fiat_secp384r1_uint1 x569; ++ uint32_t x570; ++ fiat_secp384r1_uint1 x571; ++ uint32_t x572; ++ fiat_secp384r1_uint1 x573; ++ uint32_t x574; ++ fiat_secp384r1_uint1 x575; ++ uint32_t x576; ++ fiat_secp384r1_uint1 x577; ++ uint32_t x578; ++ fiat_secp384r1_uint1 x579; ++ uint32_t x580; ++ uint32_t x581; ++ fiat_secp384r1_uint1 x582; ++ uint32_t x583; ++ fiat_secp384r1_uint1 x584; ++ uint32_t x585; ++ fiat_secp384r1_uint1 x586; ++ uint32_t x587; ++ fiat_secp384r1_uint1 x588; ++ uint32_t x589; ++ fiat_secp384r1_uint1 x590; ++ uint32_t x591; ++ fiat_secp384r1_uint1 x592; ++ uint32_t x593; ++ fiat_secp384r1_uint1 x594; ++ uint32_t x595; ++ fiat_secp384r1_uint1 x596; ++ uint32_t x597; ++ fiat_secp384r1_uint1 x598; ++ uint32_t x599; ++ fiat_secp384r1_uint1 x600; ++ uint32_t x601; ++ fiat_secp384r1_uint1 x602; ++ uint32_t x603; ++ fiat_secp384r1_uint1 x604; ++ uint32_t x605; ++ fiat_secp384r1_uint1 x606; ++ uint32_t x607; ++ uint32_t x608; ++ uint32_t x609; ++ uint32_t x610; ++ uint32_t x611; ++ uint32_t x612; ++ uint32_t x613; ++ uint32_t x614; ++ uint32_t x615; ++ uint32_t x616; ++ uint32_t x617; ++ uint32_t x618; ++ uint32_t x619; ++ uint32_t x620; ++ uint32_t x621; ++ uint32_t x622; ++ uint32_t x623; ++ uint32_t x624; ++ uint32_t x625; ++ uint32_t x626; ++ uint32_t x627; ++ fiat_secp384r1_uint1 x628; ++ uint32_t x629; ++ fiat_secp384r1_uint1 x630; ++ uint32_t x631; ++ fiat_secp384r1_uint1 x632; ++ uint32_t x633; ++ fiat_secp384r1_uint1 x634; ++ uint32_t x635; ++ fiat_secp384r1_uint1 x636; ++ uint32_t x637; ++ fiat_secp384r1_uint1 x638; ++ uint32_t x639; ++ fiat_secp384r1_uint1 x640; ++ uint32_t x641; ++ fiat_secp384r1_uint1 x642; ++ uint32_t x643; ++ uint32_t x644; ++ fiat_secp384r1_uint1 x645; ++ uint32_t x646; ++ fiat_secp384r1_uint1 x647; ++ uint32_t x648; ++ fiat_secp384r1_uint1 x649; ++ uint32_t x650; ++ fiat_secp384r1_uint1 x651; ++ uint32_t x652; ++ fiat_secp384r1_uint1 x653; ++ uint32_t x654; ++ fiat_secp384r1_uint1 x655; ++ uint32_t x656; ++ fiat_secp384r1_uint1 x657; ++ uint32_t x658; ++ fiat_secp384r1_uint1 x659; ++ uint32_t x660; ++ fiat_secp384r1_uint1 x661; ++ uint32_t x662; ++ fiat_secp384r1_uint1 x663; ++ uint32_t x664; ++ fiat_secp384r1_uint1 x665; ++ uint32_t x666; ++ fiat_secp384r1_uint1 x667; ++ uint32_t x668; ++ fiat_secp384r1_uint1 x669; ++ uint32_t x670; ++ uint32_t x671; ++ uint32_t x672; ++ uint32_t x673; ++ uint32_t x674; ++ uint32_t x675; ++ uint32_t x676; ++ uint32_t x677; ++ uint32_t x678; ++ uint32_t x679; ++ uint32_t x680; ++ uint32_t x681; ++ uint32_t x682; ++ uint32_t x683; ++ uint32_t x684; ++ uint32_t x685; ++ uint32_t x686; ++ uint32_t x687; ++ uint32_t x688; ++ uint32_t x689; ++ uint32_t x690; ++ uint32_t x691; ++ uint32_t x692; ++ uint32_t x693; ++ uint32_t x694; ++ uint32_t x695; ++ fiat_secp384r1_uint1 x696; ++ uint32_t x697; ++ fiat_secp384r1_uint1 x698; ++ uint32_t x699; ++ fiat_secp384r1_uint1 x700; ++ uint32_t x701; ++ fiat_secp384r1_uint1 x702; ++ uint32_t x703; ++ fiat_secp384r1_uint1 x704; ++ uint32_t x705; ++ fiat_secp384r1_uint1 x706; ++ uint32_t x707; ++ fiat_secp384r1_uint1 x708; ++ uint32_t x709; ++ fiat_secp384r1_uint1 x710; ++ uint32_t x711; ++ fiat_secp384r1_uint1 x712; ++ uint32_t x713; ++ fiat_secp384r1_uint1 x714; ++ uint32_t x715; ++ fiat_secp384r1_uint1 x716; ++ uint32_t x717; ++ uint32_t x718; ++ fiat_secp384r1_uint1 x719; ++ uint32_t x720; ++ fiat_secp384r1_uint1 x721; ++ uint32_t x722; ++ fiat_secp384r1_uint1 x723; ++ uint32_t x724; ++ fiat_secp384r1_uint1 x725; ++ uint32_t x726; ++ fiat_secp384r1_uint1 x727; ++ uint32_t x728; ++ fiat_secp384r1_uint1 x729; ++ uint32_t x730; ++ fiat_secp384r1_uint1 x731; ++ uint32_t x732; ++ fiat_secp384r1_uint1 x733; ++ uint32_t x734; ++ fiat_secp384r1_uint1 x735; ++ uint32_t x736; ++ fiat_secp384r1_uint1 x737; ++ uint32_t x738; ++ fiat_secp384r1_uint1 x739; ++ uint32_t x740; ++ fiat_secp384r1_uint1 x741; ++ uint32_t x742; ++ fiat_secp384r1_uint1 x743; ++ uint32_t x744; ++ uint32_t x745; ++ uint32_t x746; ++ uint32_t x747; ++ uint32_t x748; ++ uint32_t x749; ++ uint32_t x750; ++ uint32_t x751; ++ uint32_t x752; ++ uint32_t x753; ++ uint32_t x754; ++ uint32_t x755; ++ uint32_t x756; ++ uint32_t x757; ++ uint32_t x758; ++ uint32_t x759; ++ uint32_t x760; ++ uint32_t x761; ++ uint32_t x762; ++ uint32_t x763; ++ uint32_t x764; ++ fiat_secp384r1_uint1 x765; ++ uint32_t x766; ++ fiat_secp384r1_uint1 x767; ++ uint32_t x768; ++ fiat_secp384r1_uint1 x769; ++ uint32_t x770; ++ fiat_secp384r1_uint1 x771; ++ uint32_t x772; ++ fiat_secp384r1_uint1 x773; ++ uint32_t x774; ++ fiat_secp384r1_uint1 x775; ++ uint32_t x776; ++ fiat_secp384r1_uint1 x777; ++ uint32_t x778; ++ fiat_secp384r1_uint1 x779; ++ uint32_t x780; ++ uint32_t x781; ++ fiat_secp384r1_uint1 x782; ++ uint32_t x783; ++ fiat_secp384r1_uint1 x784; ++ uint32_t x785; ++ fiat_secp384r1_uint1 x786; ++ uint32_t x787; ++ fiat_secp384r1_uint1 x788; ++ uint32_t x789; ++ fiat_secp384r1_uint1 x790; ++ uint32_t x791; ++ fiat_secp384r1_uint1 x792; ++ uint32_t x793; ++ fiat_secp384r1_uint1 x794; ++ uint32_t x795; ++ fiat_secp384r1_uint1 x796; ++ uint32_t x797; ++ fiat_secp384r1_uint1 x798; ++ uint32_t x799; ++ fiat_secp384r1_uint1 x800; ++ uint32_t x801; ++ fiat_secp384r1_uint1 x802; ++ uint32_t x803; ++ fiat_secp384r1_uint1 x804; ++ uint32_t x805; ++ fiat_secp384r1_uint1 x806; ++ uint32_t x807; ++ uint32_t x808; ++ uint32_t x809; ++ uint32_t x810; ++ uint32_t x811; ++ uint32_t x812; ++ uint32_t x813; ++ uint32_t x814; ++ uint32_t x815; ++ uint32_t x816; ++ uint32_t x817; ++ uint32_t x818; ++ uint32_t x819; ++ uint32_t x820; ++ uint32_t x821; ++ uint32_t x822; ++ uint32_t x823; ++ uint32_t x824; ++ uint32_t x825; ++ uint32_t x826; ++ uint32_t x827; ++ uint32_t x828; ++ uint32_t x829; ++ uint32_t x830; ++ uint32_t x831; ++ uint32_t x832; ++ fiat_secp384r1_uint1 x833; ++ uint32_t x834; ++ fiat_secp384r1_uint1 x835; ++ uint32_t x836; ++ fiat_secp384r1_uint1 x837; ++ uint32_t x838; ++ fiat_secp384r1_uint1 x839; ++ uint32_t x840; ++ fiat_secp384r1_uint1 x841; ++ uint32_t x842; ++ fiat_secp384r1_uint1 x843; ++ uint32_t x844; ++ fiat_secp384r1_uint1 x845; ++ uint32_t x846; ++ fiat_secp384r1_uint1 x847; ++ uint32_t x848; ++ fiat_secp384r1_uint1 x849; ++ uint32_t x850; ++ fiat_secp384r1_uint1 x851; ++ uint32_t x852; ++ fiat_secp384r1_uint1 x853; ++ uint32_t x854; ++ uint32_t x855; ++ fiat_secp384r1_uint1 x856; ++ uint32_t x857; ++ fiat_secp384r1_uint1 x858; ++ uint32_t x859; ++ fiat_secp384r1_uint1 x860; ++ uint32_t x861; ++ fiat_secp384r1_uint1 x862; ++ uint32_t x863; ++ fiat_secp384r1_uint1 x864; ++ uint32_t x865; ++ fiat_secp384r1_uint1 x866; ++ uint32_t x867; ++ fiat_secp384r1_uint1 x868; ++ uint32_t x869; ++ fiat_secp384r1_uint1 x870; ++ uint32_t x871; ++ fiat_secp384r1_uint1 x872; ++ uint32_t x873; ++ fiat_secp384r1_uint1 x874; ++ uint32_t x875; ++ fiat_secp384r1_uint1 x876; ++ uint32_t x877; ++ fiat_secp384r1_uint1 x878; ++ uint32_t x879; ++ fiat_secp384r1_uint1 x880; ++ uint32_t x881; ++ uint32_t x882; ++ uint32_t x883; ++ uint32_t x884; ++ uint32_t x885; ++ uint32_t x886; ++ uint32_t x887; ++ uint32_t x888; ++ uint32_t x889; ++ uint32_t x890; ++ uint32_t x891; ++ uint32_t x892; ++ uint32_t x893; ++ uint32_t x894; ++ uint32_t x895; ++ uint32_t x896; ++ uint32_t x897; ++ uint32_t x898; ++ uint32_t x899; ++ uint32_t x900; ++ uint32_t x901; ++ fiat_secp384r1_uint1 x902; ++ uint32_t x903; ++ fiat_secp384r1_uint1 x904; ++ uint32_t x905; ++ fiat_secp384r1_uint1 x906; ++ uint32_t x907; ++ fiat_secp384r1_uint1 x908; ++ uint32_t x909; ++ fiat_secp384r1_uint1 x910; ++ uint32_t x911; ++ fiat_secp384r1_uint1 x912; ++ uint32_t x913; ++ fiat_secp384r1_uint1 x914; ++ uint32_t x915; ++ fiat_secp384r1_uint1 x916; ++ uint32_t x917; ++ uint32_t x918; ++ fiat_secp384r1_uint1 x919; ++ uint32_t x920; ++ fiat_secp384r1_uint1 x921; ++ uint32_t x922; ++ fiat_secp384r1_uint1 x923; ++ uint32_t x924; ++ fiat_secp384r1_uint1 x925; ++ uint32_t x926; ++ fiat_secp384r1_uint1 x927; ++ uint32_t x928; ++ fiat_secp384r1_uint1 x929; ++ uint32_t x930; ++ fiat_secp384r1_uint1 x931; ++ uint32_t x932; ++ fiat_secp384r1_uint1 x933; ++ uint32_t x934; ++ fiat_secp384r1_uint1 x935; ++ uint32_t x936; ++ fiat_secp384r1_uint1 x937; ++ uint32_t x938; ++ fiat_secp384r1_uint1 x939; ++ uint32_t x940; ++ fiat_secp384r1_uint1 x941; ++ uint32_t x942; ++ fiat_secp384r1_uint1 x943; ++ uint32_t x944; ++ uint32_t x945; ++ uint32_t x946; ++ uint32_t x947; ++ uint32_t x948; ++ uint32_t x949; ++ uint32_t x950; ++ uint32_t x951; ++ uint32_t x952; ++ uint32_t x953; ++ uint32_t x954; ++ uint32_t x955; ++ uint32_t x956; ++ uint32_t x957; ++ uint32_t x958; ++ uint32_t x959; ++ uint32_t x960; ++ uint32_t x961; ++ uint32_t x962; ++ uint32_t x963; ++ uint32_t x964; ++ uint32_t x965; ++ uint32_t x966; ++ uint32_t x967; ++ uint32_t x968; ++ uint32_t x969; ++ fiat_secp384r1_uint1 x970; ++ uint32_t x971; ++ fiat_secp384r1_uint1 x972; ++ uint32_t x973; ++ fiat_secp384r1_uint1 x974; ++ uint32_t x975; ++ fiat_secp384r1_uint1 x976; ++ uint32_t x977; ++ fiat_secp384r1_uint1 x978; ++ uint32_t x979; ++ fiat_secp384r1_uint1 x980; ++ uint32_t x981; ++ fiat_secp384r1_uint1 x982; ++ uint32_t x983; ++ fiat_secp384r1_uint1 x984; ++ uint32_t x985; ++ fiat_secp384r1_uint1 x986; ++ uint32_t x987; ++ fiat_secp384r1_uint1 x988; ++ uint32_t x989; ++ fiat_secp384r1_uint1 x990; ++ uint32_t x991; ++ uint32_t x992; ++ fiat_secp384r1_uint1 x993; ++ uint32_t x994; ++ fiat_secp384r1_uint1 x995; ++ uint32_t x996; ++ fiat_secp384r1_uint1 x997; ++ uint32_t x998; ++ fiat_secp384r1_uint1 x999; ++ uint32_t x1000; ++ fiat_secp384r1_uint1 x1001; ++ uint32_t x1002; ++ fiat_secp384r1_uint1 x1003; ++ uint32_t x1004; ++ fiat_secp384r1_uint1 x1005; ++ uint32_t x1006; ++ fiat_secp384r1_uint1 x1007; ++ uint32_t x1008; ++ fiat_secp384r1_uint1 x1009; ++ uint32_t x1010; ++ fiat_secp384r1_uint1 x1011; ++ uint32_t x1012; ++ fiat_secp384r1_uint1 x1013; ++ uint32_t x1014; ++ fiat_secp384r1_uint1 x1015; ++ uint32_t x1016; ++ fiat_secp384r1_uint1 x1017; ++ uint32_t x1018; ++ uint32_t x1019; ++ uint32_t x1020; ++ uint32_t x1021; ++ uint32_t x1022; ++ uint32_t x1023; ++ uint32_t x1024; ++ uint32_t x1025; ++ uint32_t x1026; ++ uint32_t x1027; ++ uint32_t x1028; ++ uint32_t x1029; ++ uint32_t x1030; ++ uint32_t x1031; ++ uint32_t x1032; ++ uint32_t x1033; ++ uint32_t x1034; ++ uint32_t x1035; ++ uint32_t x1036; ++ uint32_t x1037; ++ uint32_t x1038; ++ fiat_secp384r1_uint1 x1039; ++ uint32_t x1040; ++ fiat_secp384r1_uint1 x1041; ++ uint32_t x1042; ++ fiat_secp384r1_uint1 x1043; ++ uint32_t x1044; ++ fiat_secp384r1_uint1 x1045; ++ uint32_t x1046; ++ fiat_secp384r1_uint1 x1047; ++ uint32_t x1048; ++ fiat_secp384r1_uint1 x1049; ++ uint32_t x1050; ++ fiat_secp384r1_uint1 x1051; ++ uint32_t x1052; ++ fiat_secp384r1_uint1 x1053; ++ uint32_t x1054; ++ uint32_t x1055; ++ fiat_secp384r1_uint1 x1056; ++ uint32_t x1057; ++ fiat_secp384r1_uint1 x1058; ++ uint32_t x1059; ++ fiat_secp384r1_uint1 x1060; ++ uint32_t x1061; ++ fiat_secp384r1_uint1 x1062; ++ uint32_t x1063; ++ fiat_secp384r1_uint1 x1064; ++ uint32_t x1065; ++ fiat_secp384r1_uint1 x1066; ++ uint32_t x1067; ++ fiat_secp384r1_uint1 x1068; ++ uint32_t x1069; ++ fiat_secp384r1_uint1 x1070; ++ uint32_t x1071; ++ fiat_secp384r1_uint1 x1072; ++ uint32_t x1073; ++ fiat_secp384r1_uint1 x1074; ++ uint32_t x1075; ++ fiat_secp384r1_uint1 x1076; ++ uint32_t x1077; ++ fiat_secp384r1_uint1 x1078; ++ uint32_t x1079; ++ fiat_secp384r1_uint1 x1080; ++ uint32_t x1081; ++ uint32_t x1082; ++ uint32_t x1083; ++ uint32_t x1084; ++ uint32_t x1085; ++ uint32_t x1086; ++ uint32_t x1087; ++ uint32_t x1088; ++ uint32_t x1089; ++ uint32_t x1090; ++ uint32_t x1091; ++ uint32_t x1092; ++ uint32_t x1093; ++ uint32_t x1094; ++ uint32_t x1095; ++ uint32_t x1096; ++ uint32_t x1097; ++ uint32_t x1098; ++ uint32_t x1099; ++ uint32_t x1100; ++ uint32_t x1101; ++ uint32_t x1102; ++ uint32_t x1103; ++ uint32_t x1104; ++ uint32_t x1105; ++ uint32_t x1106; ++ fiat_secp384r1_uint1 x1107; ++ uint32_t x1108; ++ fiat_secp384r1_uint1 x1109; ++ uint32_t x1110; ++ fiat_secp384r1_uint1 x1111; ++ uint32_t x1112; ++ fiat_secp384r1_uint1 x1113; ++ uint32_t x1114; ++ fiat_secp384r1_uint1 x1115; ++ uint32_t x1116; ++ fiat_secp384r1_uint1 x1117; ++ uint32_t x1118; ++ fiat_secp384r1_uint1 x1119; ++ uint32_t x1120; ++ fiat_secp384r1_uint1 x1121; ++ uint32_t x1122; ++ fiat_secp384r1_uint1 x1123; ++ uint32_t x1124; ++ fiat_secp384r1_uint1 x1125; ++ uint32_t x1126; ++ fiat_secp384r1_uint1 x1127; ++ uint32_t x1128; ++ uint32_t x1129; ++ fiat_secp384r1_uint1 x1130; ++ uint32_t x1131; ++ fiat_secp384r1_uint1 x1132; ++ uint32_t x1133; ++ fiat_secp384r1_uint1 x1134; ++ uint32_t x1135; ++ fiat_secp384r1_uint1 x1136; ++ uint32_t x1137; ++ fiat_secp384r1_uint1 x1138; ++ uint32_t x1139; ++ fiat_secp384r1_uint1 x1140; ++ uint32_t x1141; ++ fiat_secp384r1_uint1 x1142; ++ uint32_t x1143; ++ fiat_secp384r1_uint1 x1144; ++ uint32_t x1145; ++ fiat_secp384r1_uint1 x1146; ++ uint32_t x1147; ++ fiat_secp384r1_uint1 x1148; ++ uint32_t x1149; ++ fiat_secp384r1_uint1 x1150; ++ uint32_t x1151; ++ fiat_secp384r1_uint1 x1152; ++ uint32_t x1153; ++ fiat_secp384r1_uint1 x1154; ++ uint32_t x1155; ++ uint32_t x1156; ++ uint32_t x1157; ++ uint32_t x1158; ++ uint32_t x1159; ++ uint32_t x1160; ++ uint32_t x1161; ++ uint32_t x1162; ++ uint32_t x1163; ++ uint32_t x1164; ++ uint32_t x1165; ++ uint32_t x1166; ++ uint32_t x1167; ++ uint32_t x1168; ++ uint32_t x1169; ++ uint32_t x1170; ++ uint32_t x1171; ++ uint32_t x1172; ++ uint32_t x1173; ++ uint32_t x1174; ++ uint32_t x1175; ++ fiat_secp384r1_uint1 x1176; ++ uint32_t x1177; ++ fiat_secp384r1_uint1 x1178; ++ uint32_t x1179; ++ fiat_secp384r1_uint1 x1180; ++ uint32_t x1181; ++ fiat_secp384r1_uint1 x1182; ++ uint32_t x1183; ++ fiat_secp384r1_uint1 x1184; ++ uint32_t x1185; ++ fiat_secp384r1_uint1 x1186; ++ uint32_t x1187; ++ fiat_secp384r1_uint1 x1188; ++ uint32_t x1189; ++ fiat_secp384r1_uint1 x1190; ++ uint32_t x1191; ++ uint32_t x1192; ++ fiat_secp384r1_uint1 x1193; ++ uint32_t x1194; ++ fiat_secp384r1_uint1 x1195; ++ uint32_t x1196; ++ fiat_secp384r1_uint1 x1197; ++ uint32_t x1198; ++ fiat_secp384r1_uint1 x1199; ++ uint32_t x1200; ++ fiat_secp384r1_uint1 x1201; ++ uint32_t x1202; ++ fiat_secp384r1_uint1 x1203; ++ uint32_t x1204; ++ fiat_secp384r1_uint1 x1205; ++ uint32_t x1206; ++ fiat_secp384r1_uint1 x1207; ++ uint32_t x1208; ++ fiat_secp384r1_uint1 x1209; ++ uint32_t x1210; ++ fiat_secp384r1_uint1 x1211; ++ uint32_t x1212; ++ fiat_secp384r1_uint1 x1213; ++ uint32_t x1214; ++ fiat_secp384r1_uint1 x1215; ++ uint32_t x1216; ++ fiat_secp384r1_uint1 x1217; ++ uint32_t x1218; ++ uint32_t x1219; ++ uint32_t x1220; ++ uint32_t x1221; ++ uint32_t x1222; ++ uint32_t x1223; ++ uint32_t x1224; ++ uint32_t x1225; ++ uint32_t x1226; ++ uint32_t x1227; ++ uint32_t x1228; ++ uint32_t x1229; ++ uint32_t x1230; ++ uint32_t x1231; ++ uint32_t x1232; ++ uint32_t x1233; ++ uint32_t x1234; ++ uint32_t x1235; ++ uint32_t x1236; ++ uint32_t x1237; ++ uint32_t x1238; ++ uint32_t x1239; ++ uint32_t x1240; ++ uint32_t x1241; ++ uint32_t x1242; ++ uint32_t x1243; ++ fiat_secp384r1_uint1 x1244; ++ uint32_t x1245; ++ fiat_secp384r1_uint1 x1246; ++ uint32_t x1247; ++ fiat_secp384r1_uint1 x1248; ++ uint32_t x1249; ++ fiat_secp384r1_uint1 x1250; ++ uint32_t x1251; ++ fiat_secp384r1_uint1 x1252; ++ uint32_t x1253; ++ fiat_secp384r1_uint1 x1254; ++ uint32_t x1255; ++ fiat_secp384r1_uint1 x1256; ++ uint32_t x1257; ++ fiat_secp384r1_uint1 x1258; ++ uint32_t x1259; ++ fiat_secp384r1_uint1 x1260; ++ uint32_t x1261; ++ fiat_secp384r1_uint1 x1262; ++ uint32_t x1263; ++ fiat_secp384r1_uint1 x1264; ++ uint32_t x1265; ++ uint32_t x1266; ++ fiat_secp384r1_uint1 x1267; ++ uint32_t x1268; ++ fiat_secp384r1_uint1 x1269; ++ uint32_t x1270; ++ fiat_secp384r1_uint1 x1271; ++ uint32_t x1272; ++ fiat_secp384r1_uint1 x1273; ++ uint32_t x1274; ++ fiat_secp384r1_uint1 x1275; ++ uint32_t x1276; ++ fiat_secp384r1_uint1 x1277; ++ uint32_t x1278; ++ fiat_secp384r1_uint1 x1279; ++ uint32_t x1280; ++ fiat_secp384r1_uint1 x1281; ++ uint32_t x1282; ++ fiat_secp384r1_uint1 x1283; ++ uint32_t x1284; ++ fiat_secp384r1_uint1 x1285; ++ uint32_t x1286; ++ fiat_secp384r1_uint1 x1287; ++ uint32_t x1288; ++ fiat_secp384r1_uint1 x1289; ++ uint32_t x1290; ++ fiat_secp384r1_uint1 x1291; ++ uint32_t x1292; ++ uint32_t x1293; ++ uint32_t x1294; ++ uint32_t x1295; ++ uint32_t x1296; ++ uint32_t x1297; ++ uint32_t x1298; ++ uint32_t x1299; ++ uint32_t x1300; ++ uint32_t x1301; ++ uint32_t x1302; ++ uint32_t x1303; ++ uint32_t x1304; ++ uint32_t x1305; ++ uint32_t x1306; ++ uint32_t x1307; ++ uint32_t x1308; ++ uint32_t x1309; ++ uint32_t x1310; ++ uint32_t x1311; ++ uint32_t x1312; ++ fiat_secp384r1_uint1 x1313; ++ uint32_t x1314; ++ fiat_secp384r1_uint1 x1315; ++ uint32_t x1316; ++ fiat_secp384r1_uint1 x1317; ++ uint32_t x1318; ++ fiat_secp384r1_uint1 x1319; ++ uint32_t x1320; ++ fiat_secp384r1_uint1 x1321; ++ uint32_t x1322; ++ fiat_secp384r1_uint1 x1323; ++ uint32_t x1324; ++ fiat_secp384r1_uint1 x1325; ++ uint32_t x1326; ++ fiat_secp384r1_uint1 x1327; ++ uint32_t x1328; ++ uint32_t x1329; ++ fiat_secp384r1_uint1 x1330; ++ uint32_t x1331; ++ fiat_secp384r1_uint1 x1332; ++ uint32_t x1333; ++ fiat_secp384r1_uint1 x1334; ++ uint32_t x1335; ++ fiat_secp384r1_uint1 x1336; ++ uint32_t x1337; ++ fiat_secp384r1_uint1 x1338; ++ uint32_t x1339; ++ fiat_secp384r1_uint1 x1340; ++ uint32_t x1341; ++ fiat_secp384r1_uint1 x1342; ++ uint32_t x1343; ++ fiat_secp384r1_uint1 x1344; ++ uint32_t x1345; ++ fiat_secp384r1_uint1 x1346; ++ uint32_t x1347; ++ fiat_secp384r1_uint1 x1348; ++ uint32_t x1349; ++ fiat_secp384r1_uint1 x1350; ++ uint32_t x1351; ++ fiat_secp384r1_uint1 x1352; ++ uint32_t x1353; ++ fiat_secp384r1_uint1 x1354; ++ uint32_t x1355; ++ uint32_t x1356; ++ uint32_t x1357; ++ uint32_t x1358; ++ uint32_t x1359; ++ uint32_t x1360; ++ uint32_t x1361; ++ uint32_t x1362; ++ uint32_t x1363; ++ uint32_t x1364; ++ uint32_t x1365; ++ uint32_t x1366; ++ uint32_t x1367; ++ uint32_t x1368; ++ uint32_t x1369; ++ uint32_t x1370; ++ uint32_t x1371; ++ uint32_t x1372; ++ uint32_t x1373; ++ uint32_t x1374; ++ uint32_t x1375; ++ uint32_t x1376; ++ uint32_t x1377; ++ uint32_t x1378; ++ uint32_t x1379; ++ uint32_t x1380; ++ fiat_secp384r1_uint1 x1381; ++ uint32_t x1382; ++ fiat_secp384r1_uint1 x1383; ++ uint32_t x1384; ++ fiat_secp384r1_uint1 x1385; ++ uint32_t x1386; ++ fiat_secp384r1_uint1 x1387; ++ uint32_t x1388; ++ fiat_secp384r1_uint1 x1389; ++ uint32_t x1390; ++ fiat_secp384r1_uint1 x1391; ++ uint32_t x1392; ++ fiat_secp384r1_uint1 x1393; ++ uint32_t x1394; ++ fiat_secp384r1_uint1 x1395; ++ uint32_t x1396; ++ fiat_secp384r1_uint1 x1397; ++ uint32_t x1398; ++ fiat_secp384r1_uint1 x1399; ++ uint32_t x1400; ++ fiat_secp384r1_uint1 x1401; ++ uint32_t x1402; ++ uint32_t x1403; ++ fiat_secp384r1_uint1 x1404; ++ uint32_t x1405; ++ fiat_secp384r1_uint1 x1406; ++ uint32_t x1407; ++ fiat_secp384r1_uint1 x1408; ++ uint32_t x1409; ++ fiat_secp384r1_uint1 x1410; ++ uint32_t x1411; ++ fiat_secp384r1_uint1 x1412; ++ uint32_t x1413; ++ fiat_secp384r1_uint1 x1414; ++ uint32_t x1415; ++ fiat_secp384r1_uint1 x1416; ++ uint32_t x1417; ++ fiat_secp384r1_uint1 x1418; ++ uint32_t x1419; ++ fiat_secp384r1_uint1 x1420; ++ uint32_t x1421; ++ fiat_secp384r1_uint1 x1422; ++ uint32_t x1423; ++ fiat_secp384r1_uint1 x1424; ++ uint32_t x1425; ++ fiat_secp384r1_uint1 x1426; ++ uint32_t x1427; ++ fiat_secp384r1_uint1 x1428; ++ uint32_t x1429; ++ uint32_t x1430; ++ uint32_t x1431; ++ uint32_t x1432; ++ uint32_t x1433; ++ uint32_t x1434; ++ uint32_t x1435; ++ uint32_t x1436; ++ uint32_t x1437; ++ uint32_t x1438; ++ uint32_t x1439; ++ uint32_t x1440; ++ uint32_t x1441; ++ uint32_t x1442; ++ uint32_t x1443; ++ uint32_t x1444; ++ uint32_t x1445; ++ uint32_t x1446; ++ uint32_t x1447; ++ uint32_t x1448; ++ uint32_t x1449; ++ fiat_secp384r1_uint1 x1450; ++ uint32_t x1451; ++ fiat_secp384r1_uint1 x1452; ++ uint32_t x1453; ++ fiat_secp384r1_uint1 x1454; ++ uint32_t x1455; ++ fiat_secp384r1_uint1 x1456; ++ uint32_t x1457; ++ fiat_secp384r1_uint1 x1458; ++ uint32_t x1459; ++ fiat_secp384r1_uint1 x1460; ++ uint32_t x1461; ++ fiat_secp384r1_uint1 x1462; ++ uint32_t x1463; ++ fiat_secp384r1_uint1 x1464; ++ uint32_t x1465; ++ uint32_t x1466; ++ fiat_secp384r1_uint1 x1467; ++ uint32_t x1468; ++ fiat_secp384r1_uint1 x1469; ++ uint32_t x1470; ++ fiat_secp384r1_uint1 x1471; ++ uint32_t x1472; ++ fiat_secp384r1_uint1 x1473; ++ uint32_t x1474; ++ fiat_secp384r1_uint1 x1475; ++ uint32_t x1476; ++ fiat_secp384r1_uint1 x1477; ++ uint32_t x1478; ++ fiat_secp384r1_uint1 x1479; ++ uint32_t x1480; ++ fiat_secp384r1_uint1 x1481; ++ uint32_t x1482; ++ fiat_secp384r1_uint1 x1483; ++ uint32_t x1484; ++ fiat_secp384r1_uint1 x1485; ++ uint32_t x1486; ++ fiat_secp384r1_uint1 x1487; ++ uint32_t x1488; ++ fiat_secp384r1_uint1 x1489; ++ uint32_t x1490; ++ fiat_secp384r1_uint1 x1491; ++ uint32_t x1492; ++ uint32_t x1493; ++ uint32_t x1494; ++ uint32_t x1495; ++ uint32_t x1496; ++ uint32_t x1497; ++ uint32_t x1498; ++ uint32_t x1499; ++ uint32_t x1500; ++ uint32_t x1501; ++ uint32_t x1502; ++ uint32_t x1503; ++ uint32_t x1504; ++ uint32_t x1505; ++ uint32_t x1506; ++ uint32_t x1507; ++ uint32_t x1508; ++ uint32_t x1509; ++ uint32_t x1510; ++ uint32_t x1511; ++ uint32_t x1512; ++ uint32_t x1513; ++ uint32_t x1514; ++ uint32_t x1515; ++ uint32_t x1516; ++ uint32_t x1517; ++ fiat_secp384r1_uint1 x1518; ++ uint32_t x1519; ++ fiat_secp384r1_uint1 x1520; ++ uint32_t x1521; ++ fiat_secp384r1_uint1 x1522; ++ uint32_t x1523; ++ fiat_secp384r1_uint1 x1524; ++ uint32_t x1525; ++ fiat_secp384r1_uint1 x1526; ++ uint32_t x1527; ++ fiat_secp384r1_uint1 x1528; ++ uint32_t x1529; ++ fiat_secp384r1_uint1 x1530; ++ uint32_t x1531; ++ fiat_secp384r1_uint1 x1532; ++ uint32_t x1533; ++ fiat_secp384r1_uint1 x1534; ++ uint32_t x1535; ++ fiat_secp384r1_uint1 x1536; ++ uint32_t x1537; ++ fiat_secp384r1_uint1 x1538; ++ uint32_t x1539; ++ uint32_t x1540; ++ fiat_secp384r1_uint1 x1541; ++ uint32_t x1542; ++ fiat_secp384r1_uint1 x1543; ++ uint32_t x1544; ++ fiat_secp384r1_uint1 x1545; ++ uint32_t x1546; ++ fiat_secp384r1_uint1 x1547; ++ uint32_t x1548; ++ fiat_secp384r1_uint1 x1549; ++ uint32_t x1550; ++ fiat_secp384r1_uint1 x1551; ++ uint32_t x1552; ++ fiat_secp384r1_uint1 x1553; ++ uint32_t x1554; ++ fiat_secp384r1_uint1 x1555; ++ uint32_t x1556; ++ fiat_secp384r1_uint1 x1557; ++ uint32_t x1558; ++ fiat_secp384r1_uint1 x1559; ++ uint32_t x1560; ++ fiat_secp384r1_uint1 x1561; ++ uint32_t x1562; ++ fiat_secp384r1_uint1 x1563; ++ uint32_t x1564; ++ fiat_secp384r1_uint1 x1565; ++ uint32_t x1566; ++ uint32_t x1567; ++ uint32_t x1568; ++ uint32_t x1569; ++ uint32_t x1570; ++ uint32_t x1571; ++ uint32_t x1572; ++ uint32_t x1573; ++ uint32_t x1574; ++ uint32_t x1575; ++ uint32_t x1576; ++ uint32_t x1577; ++ uint32_t x1578; ++ uint32_t x1579; ++ uint32_t x1580; ++ uint32_t x1581; ++ uint32_t x1582; ++ uint32_t x1583; ++ uint32_t x1584; ++ uint32_t x1585; ++ uint32_t x1586; ++ fiat_secp384r1_uint1 x1587; ++ uint32_t x1588; ++ fiat_secp384r1_uint1 x1589; ++ uint32_t x1590; ++ fiat_secp384r1_uint1 x1591; ++ uint32_t x1592; ++ fiat_secp384r1_uint1 x1593; ++ uint32_t x1594; ++ fiat_secp384r1_uint1 x1595; ++ uint32_t x1596; ++ fiat_secp384r1_uint1 x1597; ++ uint32_t x1598; ++ fiat_secp384r1_uint1 x1599; ++ uint32_t x1600; ++ fiat_secp384r1_uint1 x1601; ++ uint32_t x1602; ++ uint32_t x1603; ++ fiat_secp384r1_uint1 x1604; ++ uint32_t x1605; ++ fiat_secp384r1_uint1 x1606; ++ uint32_t x1607; ++ fiat_secp384r1_uint1 x1608; ++ uint32_t x1609; ++ fiat_secp384r1_uint1 x1610; ++ uint32_t x1611; ++ fiat_secp384r1_uint1 x1612; ++ uint32_t x1613; ++ fiat_secp384r1_uint1 x1614; ++ uint32_t x1615; ++ fiat_secp384r1_uint1 x1616; ++ uint32_t x1617; ++ fiat_secp384r1_uint1 x1618; ++ uint32_t x1619; ++ fiat_secp384r1_uint1 x1620; ++ uint32_t x1621; ++ fiat_secp384r1_uint1 x1622; ++ uint32_t x1623; ++ fiat_secp384r1_uint1 x1624; ++ uint32_t x1625; ++ fiat_secp384r1_uint1 x1626; ++ uint32_t x1627; ++ fiat_secp384r1_uint1 x1628; ++ uint32_t x1629; ++ uint32_t x1630; ++ fiat_secp384r1_uint1 x1631; ++ uint32_t x1632; ++ fiat_secp384r1_uint1 x1633; ++ uint32_t x1634; ++ fiat_secp384r1_uint1 x1635; ++ uint32_t x1636; ++ fiat_secp384r1_uint1 x1637; ++ uint32_t x1638; ++ fiat_secp384r1_uint1 x1639; ++ uint32_t x1640; ++ fiat_secp384r1_uint1 x1641; ++ uint32_t x1642; ++ fiat_secp384r1_uint1 x1643; ++ uint32_t x1644; ++ fiat_secp384r1_uint1 x1645; ++ uint32_t x1646; ++ fiat_secp384r1_uint1 x1647; ++ uint32_t x1648; ++ fiat_secp384r1_uint1 x1649; ++ uint32_t x1650; ++ fiat_secp384r1_uint1 x1651; ++ uint32_t x1652; ++ fiat_secp384r1_uint1 x1653; ++ uint32_t x1654; ++ fiat_secp384r1_uint1 x1655; ++ uint32_t x1656; ++ uint32_t x1657; ++ uint32_t x1658; ++ uint32_t x1659; ++ uint32_t x1660; ++ uint32_t x1661; ++ uint32_t x1662; ++ uint32_t x1663; ++ uint32_t x1664; ++ uint32_t x1665; ++ uint32_t x1666; ++ uint32_t x1667; ++ x1 = (arg1[1]); ++ x2 = (arg1[2]); ++ x3 = (arg1[3]); ++ x4 = (arg1[4]); ++ x5 = (arg1[5]); ++ x6 = (arg1[6]); ++ x7 = (arg1[7]); ++ x8 = (arg1[8]); ++ x9 = (arg1[9]); ++ x10 = (arg1[10]); ++ x11 = (arg1[11]); ++ x12 = (arg1[0]); ++ fiat_secp384r1_mulx_u32(&x13, &x14, x12, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x15, &x16, x12, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x17, &x18, x12, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x19, &x20, x12, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x21, &x22, x12, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x23, &x24, x12, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x25, &x26, x12, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x27, &x28, x12, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x29, &x30, x12, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x31, &x32, x12, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x33, &x34, x12, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x35, &x36, x12, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x37, &x38, 0x0, x36, x33); ++ fiat_secp384r1_addcarryx_u32(&x39, &x40, x38, x34, x31); ++ fiat_secp384r1_addcarryx_u32(&x41, &x42, x40, x32, x29); ++ fiat_secp384r1_addcarryx_u32(&x43, &x44, x42, x30, x27); ++ fiat_secp384r1_addcarryx_u32(&x45, &x46, x44, x28, x25); ++ fiat_secp384r1_addcarryx_u32(&x47, &x48, x46, x26, x23); ++ fiat_secp384r1_addcarryx_u32(&x49, &x50, x48, x24, x21); ++ fiat_secp384r1_addcarryx_u32(&x51, &x52, x50, x22, x19); ++ fiat_secp384r1_addcarryx_u32(&x53, &x54, x52, x20, x17); ++ fiat_secp384r1_addcarryx_u32(&x55, &x56, x54, x18, x15); ++ fiat_secp384r1_addcarryx_u32(&x57, &x58, x56, x16, x13); ++ x59 = (x58 + x14); ++ fiat_secp384r1_mulx_u32(&x60, &x61, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x62, &x63, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x64, &x65, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x66, &x67, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x68, &x69, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x70, &x71, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x72, &x73, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x74, &x75, x35, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x76, &x77, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x78, &x79, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x80, &x81, 0x0, x77, x74); ++ fiat_secp384r1_addcarryx_u32(&x82, &x83, x81, x75, x72); ++ fiat_secp384r1_addcarryx_u32(&x84, &x85, x83, x73, x70); ++ fiat_secp384r1_addcarryx_u32(&x86, &x87, x85, x71, x68); ++ fiat_secp384r1_addcarryx_u32(&x88, &x89, x87, x69, x66); ++ fiat_secp384r1_addcarryx_u32(&x90, &x91, x89, x67, x64); ++ fiat_secp384r1_addcarryx_u32(&x92, &x93, x91, x65, x62); ++ fiat_secp384r1_addcarryx_u32(&x94, &x95, x93, x63, x60); ++ x96 = (x95 + x61); ++ fiat_secp384r1_addcarryx_u32(&x97, &x98, 0x0, x35, x78); ++ fiat_secp384r1_addcarryx_u32(&x99, &x100, x98, x37, x79); ++ fiat_secp384r1_addcarryx_u32(&x101, &x102, x100, x39, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x103, &x104, x102, x41, x76); ++ fiat_secp384r1_addcarryx_u32(&x105, &x106, x104, x43, x80); ++ fiat_secp384r1_addcarryx_u32(&x107, &x108, x106, x45, x82); ++ fiat_secp384r1_addcarryx_u32(&x109, &x110, x108, x47, x84); ++ fiat_secp384r1_addcarryx_u32(&x111, &x112, x110, x49, x86); ++ fiat_secp384r1_addcarryx_u32(&x113, &x114, x112, x51, x88); ++ fiat_secp384r1_addcarryx_u32(&x115, &x116, x114, x53, x90); ++ fiat_secp384r1_addcarryx_u32(&x117, &x118, x116, x55, x92); ++ fiat_secp384r1_addcarryx_u32(&x119, &x120, x118, x57, x94); ++ fiat_secp384r1_addcarryx_u32(&x121, &x122, x120, x59, x96); ++ fiat_secp384r1_mulx_u32(&x123, &x124, x1, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x125, &x126, x1, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x127, &x128, x1, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x129, &x130, x1, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x131, &x132, x1, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x133, &x134, x1, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x135, &x136, x1, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x137, &x138, x1, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x139, &x140, x1, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x141, &x142, x1, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x143, &x144, x1, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x145, &x146, x1, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x147, &x148, 0x0, x146, x143); ++ fiat_secp384r1_addcarryx_u32(&x149, &x150, x148, x144, x141); ++ fiat_secp384r1_addcarryx_u32(&x151, &x152, x150, x142, x139); ++ fiat_secp384r1_addcarryx_u32(&x153, &x154, x152, x140, x137); ++ fiat_secp384r1_addcarryx_u32(&x155, &x156, x154, x138, x135); ++ fiat_secp384r1_addcarryx_u32(&x157, &x158, x156, x136, x133); ++ fiat_secp384r1_addcarryx_u32(&x159, &x160, x158, x134, x131); ++ fiat_secp384r1_addcarryx_u32(&x161, &x162, x160, x132, x129); ++ fiat_secp384r1_addcarryx_u32(&x163, &x164, x162, x130, x127); ++ fiat_secp384r1_addcarryx_u32(&x165, &x166, x164, x128, x125); ++ fiat_secp384r1_addcarryx_u32(&x167, &x168, x166, x126, x123); ++ x169 = (x168 + x124); ++ fiat_secp384r1_addcarryx_u32(&x170, &x171, 0x0, x99, x145); ++ fiat_secp384r1_addcarryx_u32(&x172, &x173, x171, x101, x147); ++ fiat_secp384r1_addcarryx_u32(&x174, &x175, x173, x103, x149); ++ fiat_secp384r1_addcarryx_u32(&x176, &x177, x175, x105, x151); ++ fiat_secp384r1_addcarryx_u32(&x178, &x179, x177, x107, x153); ++ fiat_secp384r1_addcarryx_u32(&x180, &x181, x179, x109, x155); ++ fiat_secp384r1_addcarryx_u32(&x182, &x183, x181, x111, x157); ++ fiat_secp384r1_addcarryx_u32(&x184, &x185, x183, x113, x159); ++ fiat_secp384r1_addcarryx_u32(&x186, &x187, x185, x115, x161); ++ fiat_secp384r1_addcarryx_u32(&x188, &x189, x187, x117, x163); ++ fiat_secp384r1_addcarryx_u32(&x190, &x191, x189, x119, x165); ++ fiat_secp384r1_addcarryx_u32(&x192, &x193, x191, x121, x167); ++ fiat_secp384r1_addcarryx_u32(&x194, &x195, x193, x122, x169); ++ fiat_secp384r1_mulx_u32(&x196, &x197, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x198, &x199, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x200, &x201, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x202, &x203, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x204, &x205, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x206, &x207, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x208, &x209, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x210, &x211, x170, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x212, &x213, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x214, &x215, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x216, &x217, 0x0, x213, x210); ++ fiat_secp384r1_addcarryx_u32(&x218, &x219, x217, x211, x208); ++ fiat_secp384r1_addcarryx_u32(&x220, &x221, x219, x209, x206); ++ fiat_secp384r1_addcarryx_u32(&x222, &x223, x221, x207, x204); ++ fiat_secp384r1_addcarryx_u32(&x224, &x225, x223, x205, x202); ++ fiat_secp384r1_addcarryx_u32(&x226, &x227, x225, x203, x200); ++ fiat_secp384r1_addcarryx_u32(&x228, &x229, x227, x201, x198); ++ fiat_secp384r1_addcarryx_u32(&x230, &x231, x229, x199, x196); ++ x232 = (x231 + x197); ++ fiat_secp384r1_addcarryx_u32(&x233, &x234, 0x0, x170, x214); ++ fiat_secp384r1_addcarryx_u32(&x235, &x236, x234, x172, x215); ++ fiat_secp384r1_addcarryx_u32(&x237, &x238, x236, x174, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x239, &x240, x238, x176, x212); ++ fiat_secp384r1_addcarryx_u32(&x241, &x242, x240, x178, x216); ++ fiat_secp384r1_addcarryx_u32(&x243, &x244, x242, x180, x218); ++ fiat_secp384r1_addcarryx_u32(&x245, &x246, x244, x182, x220); ++ fiat_secp384r1_addcarryx_u32(&x247, &x248, x246, x184, x222); ++ fiat_secp384r1_addcarryx_u32(&x249, &x250, x248, x186, x224); ++ fiat_secp384r1_addcarryx_u32(&x251, &x252, x250, x188, x226); ++ fiat_secp384r1_addcarryx_u32(&x253, &x254, x252, x190, x228); ++ fiat_secp384r1_addcarryx_u32(&x255, &x256, x254, x192, x230); ++ fiat_secp384r1_addcarryx_u32(&x257, &x258, x256, x194, x232); ++ x259 = ((uint32_t)x258 + x195); ++ fiat_secp384r1_mulx_u32(&x260, &x261, x2, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x262, &x263, x2, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x264, &x265, x2, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x266, &x267, x2, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x268, &x269, x2, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x270, &x271, x2, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x272, &x273, x2, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x274, &x275, x2, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x276, &x277, x2, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x278, &x279, x2, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x280, &x281, x2, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x282, &x283, x2, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x284, &x285, 0x0, x283, x280); ++ fiat_secp384r1_addcarryx_u32(&x286, &x287, x285, x281, x278); ++ fiat_secp384r1_addcarryx_u32(&x288, &x289, x287, x279, x276); ++ fiat_secp384r1_addcarryx_u32(&x290, &x291, x289, x277, x274); ++ fiat_secp384r1_addcarryx_u32(&x292, &x293, x291, x275, x272); ++ fiat_secp384r1_addcarryx_u32(&x294, &x295, x293, x273, x270); ++ fiat_secp384r1_addcarryx_u32(&x296, &x297, x295, x271, x268); ++ fiat_secp384r1_addcarryx_u32(&x298, &x299, x297, x269, x266); ++ fiat_secp384r1_addcarryx_u32(&x300, &x301, x299, x267, x264); ++ fiat_secp384r1_addcarryx_u32(&x302, &x303, x301, x265, x262); ++ fiat_secp384r1_addcarryx_u32(&x304, &x305, x303, x263, x260); ++ x306 = (x305 + x261); ++ fiat_secp384r1_addcarryx_u32(&x307, &x308, 0x0, x235, x282); ++ fiat_secp384r1_addcarryx_u32(&x309, &x310, x308, x237, x284); ++ fiat_secp384r1_addcarryx_u32(&x311, &x312, x310, x239, x286); ++ fiat_secp384r1_addcarryx_u32(&x313, &x314, x312, x241, x288); ++ fiat_secp384r1_addcarryx_u32(&x315, &x316, x314, x243, x290); ++ fiat_secp384r1_addcarryx_u32(&x317, &x318, x316, x245, x292); ++ fiat_secp384r1_addcarryx_u32(&x319, &x320, x318, x247, x294); ++ fiat_secp384r1_addcarryx_u32(&x321, &x322, x320, x249, x296); ++ fiat_secp384r1_addcarryx_u32(&x323, &x324, x322, x251, x298); ++ fiat_secp384r1_addcarryx_u32(&x325, &x326, x324, x253, x300); ++ fiat_secp384r1_addcarryx_u32(&x327, &x328, x326, x255, x302); ++ fiat_secp384r1_addcarryx_u32(&x329, &x330, x328, x257, x304); ++ fiat_secp384r1_addcarryx_u32(&x331, &x332, x330, x259, x306); ++ fiat_secp384r1_mulx_u32(&x333, &x334, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x335, &x336, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x337, &x338, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x339, &x340, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x341, &x342, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x343, &x344, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x345, &x346, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x347, &x348, x307, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x349, &x350, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x351, &x352, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x353, &x354, 0x0, x350, x347); ++ fiat_secp384r1_addcarryx_u32(&x355, &x356, x354, x348, x345); ++ fiat_secp384r1_addcarryx_u32(&x357, &x358, x356, x346, x343); ++ fiat_secp384r1_addcarryx_u32(&x359, &x360, x358, x344, x341); ++ fiat_secp384r1_addcarryx_u32(&x361, &x362, x360, x342, x339); ++ fiat_secp384r1_addcarryx_u32(&x363, &x364, x362, x340, x337); ++ fiat_secp384r1_addcarryx_u32(&x365, &x366, x364, x338, x335); ++ fiat_secp384r1_addcarryx_u32(&x367, &x368, x366, x336, x333); ++ x369 = (x368 + x334); ++ fiat_secp384r1_addcarryx_u32(&x370, &x371, 0x0, x307, x351); ++ fiat_secp384r1_addcarryx_u32(&x372, &x373, x371, x309, x352); ++ fiat_secp384r1_addcarryx_u32(&x374, &x375, x373, x311, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x376, &x377, x375, x313, x349); ++ fiat_secp384r1_addcarryx_u32(&x378, &x379, x377, x315, x353); ++ fiat_secp384r1_addcarryx_u32(&x380, &x381, x379, x317, x355); ++ fiat_secp384r1_addcarryx_u32(&x382, &x383, x381, x319, x357); ++ fiat_secp384r1_addcarryx_u32(&x384, &x385, x383, x321, x359); ++ fiat_secp384r1_addcarryx_u32(&x386, &x387, x385, x323, x361); ++ fiat_secp384r1_addcarryx_u32(&x388, &x389, x387, x325, x363); ++ fiat_secp384r1_addcarryx_u32(&x390, &x391, x389, x327, x365); ++ fiat_secp384r1_addcarryx_u32(&x392, &x393, x391, x329, x367); ++ fiat_secp384r1_addcarryx_u32(&x394, &x395, x393, x331, x369); ++ x396 = ((uint32_t)x395 + x332); ++ fiat_secp384r1_mulx_u32(&x397, &x398, x3, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x399, &x400, x3, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x401, &x402, x3, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x403, &x404, x3, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x405, &x406, x3, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x407, &x408, x3, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x409, &x410, x3, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x411, &x412, x3, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x413, &x414, x3, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x415, &x416, x3, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x417, &x418, x3, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x419, &x420, x3, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x421, &x422, 0x0, x420, x417); ++ fiat_secp384r1_addcarryx_u32(&x423, &x424, x422, x418, x415); ++ fiat_secp384r1_addcarryx_u32(&x425, &x426, x424, x416, x413); ++ fiat_secp384r1_addcarryx_u32(&x427, &x428, x426, x414, x411); ++ fiat_secp384r1_addcarryx_u32(&x429, &x430, x428, x412, x409); ++ fiat_secp384r1_addcarryx_u32(&x431, &x432, x430, x410, x407); ++ fiat_secp384r1_addcarryx_u32(&x433, &x434, x432, x408, x405); ++ fiat_secp384r1_addcarryx_u32(&x435, &x436, x434, x406, x403); ++ fiat_secp384r1_addcarryx_u32(&x437, &x438, x436, x404, x401); ++ fiat_secp384r1_addcarryx_u32(&x439, &x440, x438, x402, x399); ++ fiat_secp384r1_addcarryx_u32(&x441, &x442, x440, x400, x397); ++ x443 = (x442 + x398); ++ fiat_secp384r1_addcarryx_u32(&x444, &x445, 0x0, x372, x419); ++ fiat_secp384r1_addcarryx_u32(&x446, &x447, x445, x374, x421); ++ fiat_secp384r1_addcarryx_u32(&x448, &x449, x447, x376, x423); ++ fiat_secp384r1_addcarryx_u32(&x450, &x451, x449, x378, x425); ++ fiat_secp384r1_addcarryx_u32(&x452, &x453, x451, x380, x427); ++ fiat_secp384r1_addcarryx_u32(&x454, &x455, x453, x382, x429); ++ fiat_secp384r1_addcarryx_u32(&x456, &x457, x455, x384, x431); ++ fiat_secp384r1_addcarryx_u32(&x458, &x459, x457, x386, x433); ++ fiat_secp384r1_addcarryx_u32(&x460, &x461, x459, x388, x435); ++ fiat_secp384r1_addcarryx_u32(&x462, &x463, x461, x390, x437); ++ fiat_secp384r1_addcarryx_u32(&x464, &x465, x463, x392, x439); ++ fiat_secp384r1_addcarryx_u32(&x466, &x467, x465, x394, x441); ++ fiat_secp384r1_addcarryx_u32(&x468, &x469, x467, x396, x443); ++ fiat_secp384r1_mulx_u32(&x470, &x471, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x472, &x473, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x474, &x475, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x476, &x477, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x478, &x479, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x480, &x481, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x482, &x483, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x484, &x485, x444, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x486, &x487, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x488, &x489, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x490, &x491, 0x0, x487, x484); ++ fiat_secp384r1_addcarryx_u32(&x492, &x493, x491, x485, x482); ++ fiat_secp384r1_addcarryx_u32(&x494, &x495, x493, x483, x480); ++ fiat_secp384r1_addcarryx_u32(&x496, &x497, x495, x481, x478); ++ fiat_secp384r1_addcarryx_u32(&x498, &x499, x497, x479, x476); ++ fiat_secp384r1_addcarryx_u32(&x500, &x501, x499, x477, x474); ++ fiat_secp384r1_addcarryx_u32(&x502, &x503, x501, x475, x472); ++ fiat_secp384r1_addcarryx_u32(&x504, &x505, x503, x473, x470); ++ x506 = (x505 + x471); ++ fiat_secp384r1_addcarryx_u32(&x507, &x508, 0x0, x444, x488); ++ fiat_secp384r1_addcarryx_u32(&x509, &x510, x508, x446, x489); ++ fiat_secp384r1_addcarryx_u32(&x511, &x512, x510, x448, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x513, &x514, x512, x450, x486); ++ fiat_secp384r1_addcarryx_u32(&x515, &x516, x514, x452, x490); ++ fiat_secp384r1_addcarryx_u32(&x517, &x518, x516, x454, x492); ++ fiat_secp384r1_addcarryx_u32(&x519, &x520, x518, x456, x494); ++ fiat_secp384r1_addcarryx_u32(&x521, &x522, x520, x458, x496); ++ fiat_secp384r1_addcarryx_u32(&x523, &x524, x522, x460, x498); ++ fiat_secp384r1_addcarryx_u32(&x525, &x526, x524, x462, x500); ++ fiat_secp384r1_addcarryx_u32(&x527, &x528, x526, x464, x502); ++ fiat_secp384r1_addcarryx_u32(&x529, &x530, x528, x466, x504); ++ fiat_secp384r1_addcarryx_u32(&x531, &x532, x530, x468, x506); ++ x533 = ((uint32_t)x532 + x469); ++ fiat_secp384r1_mulx_u32(&x534, &x535, x4, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x536, &x537, x4, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x538, &x539, x4, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x540, &x541, x4, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x542, &x543, x4, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x544, &x545, x4, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x546, &x547, x4, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x548, &x549, x4, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x550, &x551, x4, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x552, &x553, x4, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x554, &x555, x4, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x556, &x557, x4, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x558, &x559, 0x0, x557, x554); ++ fiat_secp384r1_addcarryx_u32(&x560, &x561, x559, x555, x552); ++ fiat_secp384r1_addcarryx_u32(&x562, &x563, x561, x553, x550); ++ fiat_secp384r1_addcarryx_u32(&x564, &x565, x563, x551, x548); ++ fiat_secp384r1_addcarryx_u32(&x566, &x567, x565, x549, x546); ++ fiat_secp384r1_addcarryx_u32(&x568, &x569, x567, x547, x544); ++ fiat_secp384r1_addcarryx_u32(&x570, &x571, x569, x545, x542); ++ fiat_secp384r1_addcarryx_u32(&x572, &x573, x571, x543, x540); ++ fiat_secp384r1_addcarryx_u32(&x574, &x575, x573, x541, x538); ++ fiat_secp384r1_addcarryx_u32(&x576, &x577, x575, x539, x536); ++ fiat_secp384r1_addcarryx_u32(&x578, &x579, x577, x537, x534); ++ x580 = (x579 + x535); ++ fiat_secp384r1_addcarryx_u32(&x581, &x582, 0x0, x509, x556); ++ fiat_secp384r1_addcarryx_u32(&x583, &x584, x582, x511, x558); ++ fiat_secp384r1_addcarryx_u32(&x585, &x586, x584, x513, x560); ++ fiat_secp384r1_addcarryx_u32(&x587, &x588, x586, x515, x562); ++ fiat_secp384r1_addcarryx_u32(&x589, &x590, x588, x517, x564); ++ fiat_secp384r1_addcarryx_u32(&x591, &x592, x590, x519, x566); ++ fiat_secp384r1_addcarryx_u32(&x593, &x594, x592, x521, x568); ++ fiat_secp384r1_addcarryx_u32(&x595, &x596, x594, x523, x570); ++ fiat_secp384r1_addcarryx_u32(&x597, &x598, x596, x525, x572); ++ fiat_secp384r1_addcarryx_u32(&x599, &x600, x598, x527, x574); ++ fiat_secp384r1_addcarryx_u32(&x601, &x602, x600, x529, x576); ++ fiat_secp384r1_addcarryx_u32(&x603, &x604, x602, x531, x578); ++ fiat_secp384r1_addcarryx_u32(&x605, &x606, x604, x533, x580); ++ fiat_secp384r1_mulx_u32(&x607, &x608, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x609, &x610, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x611, &x612, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x613, &x614, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x615, &x616, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x617, &x618, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x619, &x620, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x621, &x622, x581, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x623, &x624, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x625, &x626, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x627, &x628, 0x0, x624, x621); ++ fiat_secp384r1_addcarryx_u32(&x629, &x630, x628, x622, x619); ++ fiat_secp384r1_addcarryx_u32(&x631, &x632, x630, x620, x617); ++ fiat_secp384r1_addcarryx_u32(&x633, &x634, x632, x618, x615); ++ fiat_secp384r1_addcarryx_u32(&x635, &x636, x634, x616, x613); ++ fiat_secp384r1_addcarryx_u32(&x637, &x638, x636, x614, x611); ++ fiat_secp384r1_addcarryx_u32(&x639, &x640, x638, x612, x609); ++ fiat_secp384r1_addcarryx_u32(&x641, &x642, x640, x610, x607); ++ x643 = (x642 + x608); ++ fiat_secp384r1_addcarryx_u32(&x644, &x645, 0x0, x581, x625); ++ fiat_secp384r1_addcarryx_u32(&x646, &x647, x645, x583, x626); ++ fiat_secp384r1_addcarryx_u32(&x648, &x649, x647, x585, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x650, &x651, x649, x587, x623); ++ fiat_secp384r1_addcarryx_u32(&x652, &x653, x651, x589, x627); ++ fiat_secp384r1_addcarryx_u32(&x654, &x655, x653, x591, x629); ++ fiat_secp384r1_addcarryx_u32(&x656, &x657, x655, x593, x631); ++ fiat_secp384r1_addcarryx_u32(&x658, &x659, x657, x595, x633); ++ fiat_secp384r1_addcarryx_u32(&x660, &x661, x659, x597, x635); ++ fiat_secp384r1_addcarryx_u32(&x662, &x663, x661, x599, x637); ++ fiat_secp384r1_addcarryx_u32(&x664, &x665, x663, x601, x639); ++ fiat_secp384r1_addcarryx_u32(&x666, &x667, x665, x603, x641); ++ fiat_secp384r1_addcarryx_u32(&x668, &x669, x667, x605, x643); ++ x670 = ((uint32_t)x669 + x606); ++ fiat_secp384r1_mulx_u32(&x671, &x672, x5, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x673, &x674, x5, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x675, &x676, x5, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x677, &x678, x5, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x679, &x680, x5, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x681, &x682, x5, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x683, &x684, x5, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x685, &x686, x5, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x687, &x688, x5, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x689, &x690, x5, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x691, &x692, x5, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x693, &x694, x5, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x695, &x696, 0x0, x694, x691); ++ fiat_secp384r1_addcarryx_u32(&x697, &x698, x696, x692, x689); ++ fiat_secp384r1_addcarryx_u32(&x699, &x700, x698, x690, x687); ++ fiat_secp384r1_addcarryx_u32(&x701, &x702, x700, x688, x685); ++ fiat_secp384r1_addcarryx_u32(&x703, &x704, x702, x686, x683); ++ fiat_secp384r1_addcarryx_u32(&x705, &x706, x704, x684, x681); ++ fiat_secp384r1_addcarryx_u32(&x707, &x708, x706, x682, x679); ++ fiat_secp384r1_addcarryx_u32(&x709, &x710, x708, x680, x677); ++ fiat_secp384r1_addcarryx_u32(&x711, &x712, x710, x678, x675); ++ fiat_secp384r1_addcarryx_u32(&x713, &x714, x712, x676, x673); ++ fiat_secp384r1_addcarryx_u32(&x715, &x716, x714, x674, x671); ++ x717 = (x716 + x672); ++ fiat_secp384r1_addcarryx_u32(&x718, &x719, 0x0, x646, x693); ++ fiat_secp384r1_addcarryx_u32(&x720, &x721, x719, x648, x695); ++ fiat_secp384r1_addcarryx_u32(&x722, &x723, x721, x650, x697); ++ fiat_secp384r1_addcarryx_u32(&x724, &x725, x723, x652, x699); ++ fiat_secp384r1_addcarryx_u32(&x726, &x727, x725, x654, x701); ++ fiat_secp384r1_addcarryx_u32(&x728, &x729, x727, x656, x703); ++ fiat_secp384r1_addcarryx_u32(&x730, &x731, x729, x658, x705); ++ fiat_secp384r1_addcarryx_u32(&x732, &x733, x731, x660, x707); ++ fiat_secp384r1_addcarryx_u32(&x734, &x735, x733, x662, x709); ++ fiat_secp384r1_addcarryx_u32(&x736, &x737, x735, x664, x711); ++ fiat_secp384r1_addcarryx_u32(&x738, &x739, x737, x666, x713); ++ fiat_secp384r1_addcarryx_u32(&x740, &x741, x739, x668, x715); ++ fiat_secp384r1_addcarryx_u32(&x742, &x743, x741, x670, x717); ++ fiat_secp384r1_mulx_u32(&x744, &x745, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x746, &x747, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x748, &x749, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x750, &x751, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x752, &x753, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x754, &x755, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x756, &x757, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x758, &x759, x718, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x760, &x761, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x762, &x763, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x764, &x765, 0x0, x761, x758); ++ fiat_secp384r1_addcarryx_u32(&x766, &x767, x765, x759, x756); ++ fiat_secp384r1_addcarryx_u32(&x768, &x769, x767, x757, x754); ++ fiat_secp384r1_addcarryx_u32(&x770, &x771, x769, x755, x752); ++ fiat_secp384r1_addcarryx_u32(&x772, &x773, x771, x753, x750); ++ fiat_secp384r1_addcarryx_u32(&x774, &x775, x773, x751, x748); ++ fiat_secp384r1_addcarryx_u32(&x776, &x777, x775, x749, x746); ++ fiat_secp384r1_addcarryx_u32(&x778, &x779, x777, x747, x744); ++ x780 = (x779 + x745); ++ fiat_secp384r1_addcarryx_u32(&x781, &x782, 0x0, x718, x762); ++ fiat_secp384r1_addcarryx_u32(&x783, &x784, x782, x720, x763); ++ fiat_secp384r1_addcarryx_u32(&x785, &x786, x784, x722, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x787, &x788, x786, x724, x760); ++ fiat_secp384r1_addcarryx_u32(&x789, &x790, x788, x726, x764); ++ fiat_secp384r1_addcarryx_u32(&x791, &x792, x790, x728, x766); ++ fiat_secp384r1_addcarryx_u32(&x793, &x794, x792, x730, x768); ++ fiat_secp384r1_addcarryx_u32(&x795, &x796, x794, x732, x770); ++ fiat_secp384r1_addcarryx_u32(&x797, &x798, x796, x734, x772); ++ fiat_secp384r1_addcarryx_u32(&x799, &x800, x798, x736, x774); ++ fiat_secp384r1_addcarryx_u32(&x801, &x802, x800, x738, x776); ++ fiat_secp384r1_addcarryx_u32(&x803, &x804, x802, x740, x778); ++ fiat_secp384r1_addcarryx_u32(&x805, &x806, x804, x742, x780); ++ x807 = ((uint32_t)x806 + x743); ++ fiat_secp384r1_mulx_u32(&x808, &x809, x6, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x810, &x811, x6, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x812, &x813, x6, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x814, &x815, x6, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x816, &x817, x6, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x818, &x819, x6, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x820, &x821, x6, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x822, &x823, x6, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x824, &x825, x6, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x826, &x827, x6, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x828, &x829, x6, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x830, &x831, x6, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x832, &x833, 0x0, x831, x828); ++ fiat_secp384r1_addcarryx_u32(&x834, &x835, x833, x829, x826); ++ fiat_secp384r1_addcarryx_u32(&x836, &x837, x835, x827, x824); ++ fiat_secp384r1_addcarryx_u32(&x838, &x839, x837, x825, x822); ++ fiat_secp384r1_addcarryx_u32(&x840, &x841, x839, x823, x820); ++ fiat_secp384r1_addcarryx_u32(&x842, &x843, x841, x821, x818); ++ fiat_secp384r1_addcarryx_u32(&x844, &x845, x843, x819, x816); ++ fiat_secp384r1_addcarryx_u32(&x846, &x847, x845, x817, x814); ++ fiat_secp384r1_addcarryx_u32(&x848, &x849, x847, x815, x812); ++ fiat_secp384r1_addcarryx_u32(&x850, &x851, x849, x813, x810); ++ fiat_secp384r1_addcarryx_u32(&x852, &x853, x851, x811, x808); ++ x854 = (x853 + x809); ++ fiat_secp384r1_addcarryx_u32(&x855, &x856, 0x0, x783, x830); ++ fiat_secp384r1_addcarryx_u32(&x857, &x858, x856, x785, x832); ++ fiat_secp384r1_addcarryx_u32(&x859, &x860, x858, x787, x834); ++ fiat_secp384r1_addcarryx_u32(&x861, &x862, x860, x789, x836); ++ fiat_secp384r1_addcarryx_u32(&x863, &x864, x862, x791, x838); ++ fiat_secp384r1_addcarryx_u32(&x865, &x866, x864, x793, x840); ++ fiat_secp384r1_addcarryx_u32(&x867, &x868, x866, x795, x842); ++ fiat_secp384r1_addcarryx_u32(&x869, &x870, x868, x797, x844); ++ fiat_secp384r1_addcarryx_u32(&x871, &x872, x870, x799, x846); ++ fiat_secp384r1_addcarryx_u32(&x873, &x874, x872, x801, x848); ++ fiat_secp384r1_addcarryx_u32(&x875, &x876, x874, x803, x850); ++ fiat_secp384r1_addcarryx_u32(&x877, &x878, x876, x805, x852); ++ fiat_secp384r1_addcarryx_u32(&x879, &x880, x878, x807, x854); ++ fiat_secp384r1_mulx_u32(&x881, &x882, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x883, &x884, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x885, &x886, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x887, &x888, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x889, &x890, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x891, &x892, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x893, &x894, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x895, &x896, x855, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x897, &x898, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x899, &x900, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x901, &x902, 0x0, x898, x895); ++ fiat_secp384r1_addcarryx_u32(&x903, &x904, x902, x896, x893); ++ fiat_secp384r1_addcarryx_u32(&x905, &x906, x904, x894, x891); ++ fiat_secp384r1_addcarryx_u32(&x907, &x908, x906, x892, x889); ++ fiat_secp384r1_addcarryx_u32(&x909, &x910, x908, x890, x887); ++ fiat_secp384r1_addcarryx_u32(&x911, &x912, x910, x888, x885); ++ fiat_secp384r1_addcarryx_u32(&x913, &x914, x912, x886, x883); ++ fiat_secp384r1_addcarryx_u32(&x915, &x916, x914, x884, x881); ++ x917 = (x916 + x882); ++ fiat_secp384r1_addcarryx_u32(&x918, &x919, 0x0, x855, x899); ++ fiat_secp384r1_addcarryx_u32(&x920, &x921, x919, x857, x900); ++ fiat_secp384r1_addcarryx_u32(&x922, &x923, x921, x859, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x924, &x925, x923, x861, x897); ++ fiat_secp384r1_addcarryx_u32(&x926, &x927, x925, x863, x901); ++ fiat_secp384r1_addcarryx_u32(&x928, &x929, x927, x865, x903); ++ fiat_secp384r1_addcarryx_u32(&x930, &x931, x929, x867, x905); ++ fiat_secp384r1_addcarryx_u32(&x932, &x933, x931, x869, x907); ++ fiat_secp384r1_addcarryx_u32(&x934, &x935, x933, x871, x909); ++ fiat_secp384r1_addcarryx_u32(&x936, &x937, x935, x873, x911); ++ fiat_secp384r1_addcarryx_u32(&x938, &x939, x937, x875, x913); ++ fiat_secp384r1_addcarryx_u32(&x940, &x941, x939, x877, x915); ++ fiat_secp384r1_addcarryx_u32(&x942, &x943, x941, x879, x917); ++ x944 = ((uint32_t)x943 + x880); ++ fiat_secp384r1_mulx_u32(&x945, &x946, x7, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x947, &x948, x7, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x949, &x950, x7, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x951, &x952, x7, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x953, &x954, x7, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x955, &x956, x7, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x957, &x958, x7, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x959, &x960, x7, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x961, &x962, x7, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x963, &x964, x7, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x965, &x966, x7, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x967, &x968, x7, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x969, &x970, 0x0, x968, x965); ++ fiat_secp384r1_addcarryx_u32(&x971, &x972, x970, x966, x963); ++ fiat_secp384r1_addcarryx_u32(&x973, &x974, x972, x964, x961); ++ fiat_secp384r1_addcarryx_u32(&x975, &x976, x974, x962, x959); ++ fiat_secp384r1_addcarryx_u32(&x977, &x978, x976, x960, x957); ++ fiat_secp384r1_addcarryx_u32(&x979, &x980, x978, x958, x955); ++ fiat_secp384r1_addcarryx_u32(&x981, &x982, x980, x956, x953); ++ fiat_secp384r1_addcarryx_u32(&x983, &x984, x982, x954, x951); ++ fiat_secp384r1_addcarryx_u32(&x985, &x986, x984, x952, x949); ++ fiat_secp384r1_addcarryx_u32(&x987, &x988, x986, x950, x947); ++ fiat_secp384r1_addcarryx_u32(&x989, &x990, x988, x948, x945); ++ x991 = (x990 + x946); ++ fiat_secp384r1_addcarryx_u32(&x992, &x993, 0x0, x920, x967); ++ fiat_secp384r1_addcarryx_u32(&x994, &x995, x993, x922, x969); ++ fiat_secp384r1_addcarryx_u32(&x996, &x997, x995, x924, x971); ++ fiat_secp384r1_addcarryx_u32(&x998, &x999, x997, x926, x973); ++ fiat_secp384r1_addcarryx_u32(&x1000, &x1001, x999, x928, x975); ++ fiat_secp384r1_addcarryx_u32(&x1002, &x1003, x1001, x930, x977); ++ fiat_secp384r1_addcarryx_u32(&x1004, &x1005, x1003, x932, x979); ++ fiat_secp384r1_addcarryx_u32(&x1006, &x1007, x1005, x934, x981); ++ fiat_secp384r1_addcarryx_u32(&x1008, &x1009, x1007, x936, x983); ++ fiat_secp384r1_addcarryx_u32(&x1010, &x1011, x1009, x938, x985); ++ fiat_secp384r1_addcarryx_u32(&x1012, &x1013, x1011, x940, x987); ++ fiat_secp384r1_addcarryx_u32(&x1014, &x1015, x1013, x942, x989); ++ fiat_secp384r1_addcarryx_u32(&x1016, &x1017, x1015, x944, x991); ++ fiat_secp384r1_mulx_u32(&x1018, &x1019, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1020, &x1021, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1022, &x1023, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1024, &x1025, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1026, &x1027, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1028, &x1029, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1030, &x1031, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1032, &x1033, x992, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1034, &x1035, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1036, &x1037, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1038, &x1039, 0x0, x1035, x1032); ++ fiat_secp384r1_addcarryx_u32(&x1040, &x1041, x1039, x1033, x1030); ++ fiat_secp384r1_addcarryx_u32(&x1042, &x1043, x1041, x1031, x1028); ++ fiat_secp384r1_addcarryx_u32(&x1044, &x1045, x1043, x1029, x1026); ++ fiat_secp384r1_addcarryx_u32(&x1046, &x1047, x1045, x1027, x1024); ++ fiat_secp384r1_addcarryx_u32(&x1048, &x1049, x1047, x1025, x1022); ++ fiat_secp384r1_addcarryx_u32(&x1050, &x1051, x1049, x1023, x1020); ++ fiat_secp384r1_addcarryx_u32(&x1052, &x1053, x1051, x1021, x1018); ++ x1054 = (x1053 + x1019); ++ fiat_secp384r1_addcarryx_u32(&x1055, &x1056, 0x0, x992, x1036); ++ fiat_secp384r1_addcarryx_u32(&x1057, &x1058, x1056, x994, x1037); ++ fiat_secp384r1_addcarryx_u32(&x1059, &x1060, x1058, x996, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1061, &x1062, x1060, x998, x1034); ++ fiat_secp384r1_addcarryx_u32(&x1063, &x1064, x1062, x1000, x1038); ++ fiat_secp384r1_addcarryx_u32(&x1065, &x1066, x1064, x1002, x1040); ++ fiat_secp384r1_addcarryx_u32(&x1067, &x1068, x1066, x1004, x1042); ++ fiat_secp384r1_addcarryx_u32(&x1069, &x1070, x1068, x1006, x1044); ++ fiat_secp384r1_addcarryx_u32(&x1071, &x1072, x1070, x1008, x1046); ++ fiat_secp384r1_addcarryx_u32(&x1073, &x1074, x1072, x1010, x1048); ++ fiat_secp384r1_addcarryx_u32(&x1075, &x1076, x1074, x1012, x1050); ++ fiat_secp384r1_addcarryx_u32(&x1077, &x1078, x1076, x1014, x1052); ++ fiat_secp384r1_addcarryx_u32(&x1079, &x1080, x1078, x1016, x1054); ++ x1081 = ((uint32_t)x1080 + x1017); ++ fiat_secp384r1_mulx_u32(&x1082, &x1083, x8, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x1084, &x1085, x8, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x1086, &x1087, x8, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x1088, &x1089, x8, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x1090, &x1091, x8, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x1092, &x1093, x8, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x1094, &x1095, x8, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x1096, &x1097, x8, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x1098, &x1099, x8, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x1100, &x1101, x8, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x1102, &x1103, x8, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x1104, &x1105, x8, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x1106, &x1107, 0x0, x1105, x1102); ++ fiat_secp384r1_addcarryx_u32(&x1108, &x1109, x1107, x1103, x1100); ++ fiat_secp384r1_addcarryx_u32(&x1110, &x1111, x1109, x1101, x1098); ++ fiat_secp384r1_addcarryx_u32(&x1112, &x1113, x1111, x1099, x1096); ++ fiat_secp384r1_addcarryx_u32(&x1114, &x1115, x1113, x1097, x1094); ++ fiat_secp384r1_addcarryx_u32(&x1116, &x1117, x1115, x1095, x1092); ++ fiat_secp384r1_addcarryx_u32(&x1118, &x1119, x1117, x1093, x1090); ++ fiat_secp384r1_addcarryx_u32(&x1120, &x1121, x1119, x1091, x1088); ++ fiat_secp384r1_addcarryx_u32(&x1122, &x1123, x1121, x1089, x1086); ++ fiat_secp384r1_addcarryx_u32(&x1124, &x1125, x1123, x1087, x1084); ++ fiat_secp384r1_addcarryx_u32(&x1126, &x1127, x1125, x1085, x1082); ++ x1128 = (x1127 + x1083); ++ fiat_secp384r1_addcarryx_u32(&x1129, &x1130, 0x0, x1057, x1104); ++ fiat_secp384r1_addcarryx_u32(&x1131, &x1132, x1130, x1059, x1106); ++ fiat_secp384r1_addcarryx_u32(&x1133, &x1134, x1132, x1061, x1108); ++ fiat_secp384r1_addcarryx_u32(&x1135, &x1136, x1134, x1063, x1110); ++ fiat_secp384r1_addcarryx_u32(&x1137, &x1138, x1136, x1065, x1112); ++ fiat_secp384r1_addcarryx_u32(&x1139, &x1140, x1138, x1067, x1114); ++ fiat_secp384r1_addcarryx_u32(&x1141, &x1142, x1140, x1069, x1116); ++ fiat_secp384r1_addcarryx_u32(&x1143, &x1144, x1142, x1071, x1118); ++ fiat_secp384r1_addcarryx_u32(&x1145, &x1146, x1144, x1073, x1120); ++ fiat_secp384r1_addcarryx_u32(&x1147, &x1148, x1146, x1075, x1122); ++ fiat_secp384r1_addcarryx_u32(&x1149, &x1150, x1148, x1077, x1124); ++ fiat_secp384r1_addcarryx_u32(&x1151, &x1152, x1150, x1079, x1126); ++ fiat_secp384r1_addcarryx_u32(&x1153, &x1154, x1152, x1081, x1128); ++ fiat_secp384r1_mulx_u32(&x1155, &x1156, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1157, &x1158, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1159, &x1160, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1161, &x1162, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1163, &x1164, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1165, &x1166, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1167, &x1168, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1169, &x1170, x1129, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1171, &x1172, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1173, &x1174, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1175, &x1176, 0x0, x1172, x1169); ++ fiat_secp384r1_addcarryx_u32(&x1177, &x1178, x1176, x1170, x1167); ++ fiat_secp384r1_addcarryx_u32(&x1179, &x1180, x1178, x1168, x1165); ++ fiat_secp384r1_addcarryx_u32(&x1181, &x1182, x1180, x1166, x1163); ++ fiat_secp384r1_addcarryx_u32(&x1183, &x1184, x1182, x1164, x1161); ++ fiat_secp384r1_addcarryx_u32(&x1185, &x1186, x1184, x1162, x1159); ++ fiat_secp384r1_addcarryx_u32(&x1187, &x1188, x1186, x1160, x1157); ++ fiat_secp384r1_addcarryx_u32(&x1189, &x1190, x1188, x1158, x1155); ++ x1191 = (x1190 + x1156); ++ fiat_secp384r1_addcarryx_u32(&x1192, &x1193, 0x0, x1129, x1173); ++ fiat_secp384r1_addcarryx_u32(&x1194, &x1195, x1193, x1131, x1174); ++ fiat_secp384r1_addcarryx_u32(&x1196, &x1197, x1195, x1133, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1198, &x1199, x1197, x1135, x1171); ++ fiat_secp384r1_addcarryx_u32(&x1200, &x1201, x1199, x1137, x1175); ++ fiat_secp384r1_addcarryx_u32(&x1202, &x1203, x1201, x1139, x1177); ++ fiat_secp384r1_addcarryx_u32(&x1204, &x1205, x1203, x1141, x1179); ++ fiat_secp384r1_addcarryx_u32(&x1206, &x1207, x1205, x1143, x1181); ++ fiat_secp384r1_addcarryx_u32(&x1208, &x1209, x1207, x1145, x1183); ++ fiat_secp384r1_addcarryx_u32(&x1210, &x1211, x1209, x1147, x1185); ++ fiat_secp384r1_addcarryx_u32(&x1212, &x1213, x1211, x1149, x1187); ++ fiat_secp384r1_addcarryx_u32(&x1214, &x1215, x1213, x1151, x1189); ++ fiat_secp384r1_addcarryx_u32(&x1216, &x1217, x1215, x1153, x1191); ++ x1218 = ((uint32_t)x1217 + x1154); ++ fiat_secp384r1_mulx_u32(&x1219, &x1220, x9, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x1221, &x1222, x9, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x1223, &x1224, x9, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x1225, &x1226, x9, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x1227, &x1228, x9, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x1229, &x1230, x9, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x1231, &x1232, x9, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x1233, &x1234, x9, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x1235, &x1236, x9, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x1237, &x1238, x9, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x1239, &x1240, x9, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x1241, &x1242, x9, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x1243, &x1244, 0x0, x1242, x1239); ++ fiat_secp384r1_addcarryx_u32(&x1245, &x1246, x1244, x1240, x1237); ++ fiat_secp384r1_addcarryx_u32(&x1247, &x1248, x1246, x1238, x1235); ++ fiat_secp384r1_addcarryx_u32(&x1249, &x1250, x1248, x1236, x1233); ++ fiat_secp384r1_addcarryx_u32(&x1251, &x1252, x1250, x1234, x1231); ++ fiat_secp384r1_addcarryx_u32(&x1253, &x1254, x1252, x1232, x1229); ++ fiat_secp384r1_addcarryx_u32(&x1255, &x1256, x1254, x1230, x1227); ++ fiat_secp384r1_addcarryx_u32(&x1257, &x1258, x1256, x1228, x1225); ++ fiat_secp384r1_addcarryx_u32(&x1259, &x1260, x1258, x1226, x1223); ++ fiat_secp384r1_addcarryx_u32(&x1261, &x1262, x1260, x1224, x1221); ++ fiat_secp384r1_addcarryx_u32(&x1263, &x1264, x1262, x1222, x1219); ++ x1265 = (x1264 + x1220); ++ fiat_secp384r1_addcarryx_u32(&x1266, &x1267, 0x0, x1194, x1241); ++ fiat_secp384r1_addcarryx_u32(&x1268, &x1269, x1267, x1196, x1243); ++ fiat_secp384r1_addcarryx_u32(&x1270, &x1271, x1269, x1198, x1245); ++ fiat_secp384r1_addcarryx_u32(&x1272, &x1273, x1271, x1200, x1247); ++ fiat_secp384r1_addcarryx_u32(&x1274, &x1275, x1273, x1202, x1249); ++ fiat_secp384r1_addcarryx_u32(&x1276, &x1277, x1275, x1204, x1251); ++ fiat_secp384r1_addcarryx_u32(&x1278, &x1279, x1277, x1206, x1253); ++ fiat_secp384r1_addcarryx_u32(&x1280, &x1281, x1279, x1208, x1255); ++ fiat_secp384r1_addcarryx_u32(&x1282, &x1283, x1281, x1210, x1257); ++ fiat_secp384r1_addcarryx_u32(&x1284, &x1285, x1283, x1212, x1259); ++ fiat_secp384r1_addcarryx_u32(&x1286, &x1287, x1285, x1214, x1261); ++ fiat_secp384r1_addcarryx_u32(&x1288, &x1289, x1287, x1216, x1263); ++ fiat_secp384r1_addcarryx_u32(&x1290, &x1291, x1289, x1218, x1265); ++ fiat_secp384r1_mulx_u32(&x1292, &x1293, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1294, &x1295, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1296, &x1297, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1298, &x1299, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1300, &x1301, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1302, &x1303, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1304, &x1305, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1306, &x1307, x1266, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1308, &x1309, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1310, &x1311, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1312, &x1313, 0x0, x1309, x1306); ++ fiat_secp384r1_addcarryx_u32(&x1314, &x1315, x1313, x1307, x1304); ++ fiat_secp384r1_addcarryx_u32(&x1316, &x1317, x1315, x1305, x1302); ++ fiat_secp384r1_addcarryx_u32(&x1318, &x1319, x1317, x1303, x1300); ++ fiat_secp384r1_addcarryx_u32(&x1320, &x1321, x1319, x1301, x1298); ++ fiat_secp384r1_addcarryx_u32(&x1322, &x1323, x1321, x1299, x1296); ++ fiat_secp384r1_addcarryx_u32(&x1324, &x1325, x1323, x1297, x1294); ++ fiat_secp384r1_addcarryx_u32(&x1326, &x1327, x1325, x1295, x1292); ++ x1328 = (x1327 + x1293); ++ fiat_secp384r1_addcarryx_u32(&x1329, &x1330, 0x0, x1266, x1310); ++ fiat_secp384r1_addcarryx_u32(&x1331, &x1332, x1330, x1268, x1311); ++ fiat_secp384r1_addcarryx_u32(&x1333, &x1334, x1332, x1270, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1335, &x1336, x1334, x1272, x1308); ++ fiat_secp384r1_addcarryx_u32(&x1337, &x1338, x1336, x1274, x1312); ++ fiat_secp384r1_addcarryx_u32(&x1339, &x1340, x1338, x1276, x1314); ++ fiat_secp384r1_addcarryx_u32(&x1341, &x1342, x1340, x1278, x1316); ++ fiat_secp384r1_addcarryx_u32(&x1343, &x1344, x1342, x1280, x1318); ++ fiat_secp384r1_addcarryx_u32(&x1345, &x1346, x1344, x1282, x1320); ++ fiat_secp384r1_addcarryx_u32(&x1347, &x1348, x1346, x1284, x1322); ++ fiat_secp384r1_addcarryx_u32(&x1349, &x1350, x1348, x1286, x1324); ++ fiat_secp384r1_addcarryx_u32(&x1351, &x1352, x1350, x1288, x1326); ++ fiat_secp384r1_addcarryx_u32(&x1353, &x1354, x1352, x1290, x1328); ++ x1355 = ((uint32_t)x1354 + x1291); ++ fiat_secp384r1_mulx_u32(&x1356, &x1357, x10, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x1358, &x1359, x10, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x1360, &x1361, x10, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x1362, &x1363, x10, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x1364, &x1365, x10, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x1366, &x1367, x10, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x1368, &x1369, x10, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x1370, &x1371, x10, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x1372, &x1373, x10, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x1374, &x1375, x10, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x1376, &x1377, x10, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x1378, &x1379, x10, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x1380, &x1381, 0x0, x1379, x1376); ++ fiat_secp384r1_addcarryx_u32(&x1382, &x1383, x1381, x1377, x1374); ++ fiat_secp384r1_addcarryx_u32(&x1384, &x1385, x1383, x1375, x1372); ++ fiat_secp384r1_addcarryx_u32(&x1386, &x1387, x1385, x1373, x1370); ++ fiat_secp384r1_addcarryx_u32(&x1388, &x1389, x1387, x1371, x1368); ++ fiat_secp384r1_addcarryx_u32(&x1390, &x1391, x1389, x1369, x1366); ++ fiat_secp384r1_addcarryx_u32(&x1392, &x1393, x1391, x1367, x1364); ++ fiat_secp384r1_addcarryx_u32(&x1394, &x1395, x1393, x1365, x1362); ++ fiat_secp384r1_addcarryx_u32(&x1396, &x1397, x1395, x1363, x1360); ++ fiat_secp384r1_addcarryx_u32(&x1398, &x1399, x1397, x1361, x1358); ++ fiat_secp384r1_addcarryx_u32(&x1400, &x1401, x1399, x1359, x1356); ++ x1402 = (x1401 + x1357); ++ fiat_secp384r1_addcarryx_u32(&x1403, &x1404, 0x0, x1331, x1378); ++ fiat_secp384r1_addcarryx_u32(&x1405, &x1406, x1404, x1333, x1380); ++ fiat_secp384r1_addcarryx_u32(&x1407, &x1408, x1406, x1335, x1382); ++ fiat_secp384r1_addcarryx_u32(&x1409, &x1410, x1408, x1337, x1384); ++ fiat_secp384r1_addcarryx_u32(&x1411, &x1412, x1410, x1339, x1386); ++ fiat_secp384r1_addcarryx_u32(&x1413, &x1414, x1412, x1341, x1388); ++ fiat_secp384r1_addcarryx_u32(&x1415, &x1416, x1414, x1343, x1390); ++ fiat_secp384r1_addcarryx_u32(&x1417, &x1418, x1416, x1345, x1392); ++ fiat_secp384r1_addcarryx_u32(&x1419, &x1420, x1418, x1347, x1394); ++ fiat_secp384r1_addcarryx_u32(&x1421, &x1422, x1420, x1349, x1396); ++ fiat_secp384r1_addcarryx_u32(&x1423, &x1424, x1422, x1351, x1398); ++ fiat_secp384r1_addcarryx_u32(&x1425, &x1426, x1424, x1353, x1400); ++ fiat_secp384r1_addcarryx_u32(&x1427, &x1428, x1426, x1355, x1402); ++ fiat_secp384r1_mulx_u32(&x1429, &x1430, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1431, &x1432, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1433, &x1434, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1435, &x1436, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1437, &x1438, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1439, &x1440, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1441, &x1442, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1443, &x1444, x1403, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1445, &x1446, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1447, &x1448, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1449, &x1450, 0x0, x1446, x1443); ++ fiat_secp384r1_addcarryx_u32(&x1451, &x1452, x1450, x1444, x1441); ++ fiat_secp384r1_addcarryx_u32(&x1453, &x1454, x1452, x1442, x1439); ++ fiat_secp384r1_addcarryx_u32(&x1455, &x1456, x1454, x1440, x1437); ++ fiat_secp384r1_addcarryx_u32(&x1457, &x1458, x1456, x1438, x1435); ++ fiat_secp384r1_addcarryx_u32(&x1459, &x1460, x1458, x1436, x1433); ++ fiat_secp384r1_addcarryx_u32(&x1461, &x1462, x1460, x1434, x1431); ++ fiat_secp384r1_addcarryx_u32(&x1463, &x1464, x1462, x1432, x1429); ++ x1465 = (x1464 + x1430); ++ fiat_secp384r1_addcarryx_u32(&x1466, &x1467, 0x0, x1403, x1447); ++ fiat_secp384r1_addcarryx_u32(&x1468, &x1469, x1467, x1405, x1448); ++ fiat_secp384r1_addcarryx_u32(&x1470, &x1471, x1469, x1407, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1472, &x1473, x1471, x1409, x1445); ++ fiat_secp384r1_addcarryx_u32(&x1474, &x1475, x1473, x1411, x1449); ++ fiat_secp384r1_addcarryx_u32(&x1476, &x1477, x1475, x1413, x1451); ++ fiat_secp384r1_addcarryx_u32(&x1478, &x1479, x1477, x1415, x1453); ++ fiat_secp384r1_addcarryx_u32(&x1480, &x1481, x1479, x1417, x1455); ++ fiat_secp384r1_addcarryx_u32(&x1482, &x1483, x1481, x1419, x1457); ++ fiat_secp384r1_addcarryx_u32(&x1484, &x1485, x1483, x1421, x1459); ++ fiat_secp384r1_addcarryx_u32(&x1486, &x1487, x1485, x1423, x1461); ++ fiat_secp384r1_addcarryx_u32(&x1488, &x1489, x1487, x1425, x1463); ++ fiat_secp384r1_addcarryx_u32(&x1490, &x1491, x1489, x1427, x1465); ++ x1492 = ((uint32_t)x1491 + x1428); ++ fiat_secp384r1_mulx_u32(&x1493, &x1494, x11, (arg2[11])); ++ fiat_secp384r1_mulx_u32(&x1495, &x1496, x11, (arg2[10])); ++ fiat_secp384r1_mulx_u32(&x1497, &x1498, x11, (arg2[9])); ++ fiat_secp384r1_mulx_u32(&x1499, &x1500, x11, (arg2[8])); ++ fiat_secp384r1_mulx_u32(&x1501, &x1502, x11, (arg2[7])); ++ fiat_secp384r1_mulx_u32(&x1503, &x1504, x11, (arg2[6])); ++ fiat_secp384r1_mulx_u32(&x1505, &x1506, x11, (arg2[5])); ++ fiat_secp384r1_mulx_u32(&x1507, &x1508, x11, (arg2[4])); ++ fiat_secp384r1_mulx_u32(&x1509, &x1510, x11, (arg2[3])); ++ fiat_secp384r1_mulx_u32(&x1511, &x1512, x11, (arg2[2])); ++ fiat_secp384r1_mulx_u32(&x1513, &x1514, x11, (arg2[1])); ++ fiat_secp384r1_mulx_u32(&x1515, &x1516, x11, (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x1517, &x1518, 0x0, x1516, x1513); ++ fiat_secp384r1_addcarryx_u32(&x1519, &x1520, x1518, x1514, x1511); ++ fiat_secp384r1_addcarryx_u32(&x1521, &x1522, x1520, x1512, x1509); ++ fiat_secp384r1_addcarryx_u32(&x1523, &x1524, x1522, x1510, x1507); ++ fiat_secp384r1_addcarryx_u32(&x1525, &x1526, x1524, x1508, x1505); ++ fiat_secp384r1_addcarryx_u32(&x1527, &x1528, x1526, x1506, x1503); ++ fiat_secp384r1_addcarryx_u32(&x1529, &x1530, x1528, x1504, x1501); ++ fiat_secp384r1_addcarryx_u32(&x1531, &x1532, x1530, x1502, x1499); ++ fiat_secp384r1_addcarryx_u32(&x1533, &x1534, x1532, x1500, x1497); ++ fiat_secp384r1_addcarryx_u32(&x1535, &x1536, x1534, x1498, x1495); ++ fiat_secp384r1_addcarryx_u32(&x1537, &x1538, x1536, x1496, x1493); ++ x1539 = (x1538 + x1494); ++ fiat_secp384r1_addcarryx_u32(&x1540, &x1541, 0x0, x1468, x1515); ++ fiat_secp384r1_addcarryx_u32(&x1542, &x1543, x1541, x1470, x1517); ++ fiat_secp384r1_addcarryx_u32(&x1544, &x1545, x1543, x1472, x1519); ++ fiat_secp384r1_addcarryx_u32(&x1546, &x1547, x1545, x1474, x1521); ++ fiat_secp384r1_addcarryx_u32(&x1548, &x1549, x1547, x1476, x1523); ++ fiat_secp384r1_addcarryx_u32(&x1550, &x1551, x1549, x1478, x1525); ++ fiat_secp384r1_addcarryx_u32(&x1552, &x1553, x1551, x1480, x1527); ++ fiat_secp384r1_addcarryx_u32(&x1554, &x1555, x1553, x1482, x1529); ++ fiat_secp384r1_addcarryx_u32(&x1556, &x1557, x1555, x1484, x1531); ++ fiat_secp384r1_addcarryx_u32(&x1558, &x1559, x1557, x1486, x1533); ++ fiat_secp384r1_addcarryx_u32(&x1560, &x1561, x1559, x1488, x1535); ++ fiat_secp384r1_addcarryx_u32(&x1562, &x1563, x1561, x1490, x1537); ++ fiat_secp384r1_addcarryx_u32(&x1564, &x1565, x1563, x1492, x1539); ++ fiat_secp384r1_mulx_u32(&x1566, &x1567, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1568, &x1569, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1570, &x1571, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1572, &x1573, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1574, &x1575, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1576, &x1577, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1578, &x1579, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1580, &x1581, x1540, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1582, &x1583, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1584, &x1585, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1586, &x1587, 0x0, x1583, x1580); ++ fiat_secp384r1_addcarryx_u32(&x1588, &x1589, x1587, x1581, x1578); ++ fiat_secp384r1_addcarryx_u32(&x1590, &x1591, x1589, x1579, x1576); ++ fiat_secp384r1_addcarryx_u32(&x1592, &x1593, x1591, x1577, x1574); ++ fiat_secp384r1_addcarryx_u32(&x1594, &x1595, x1593, x1575, x1572); ++ fiat_secp384r1_addcarryx_u32(&x1596, &x1597, x1595, x1573, x1570); ++ fiat_secp384r1_addcarryx_u32(&x1598, &x1599, x1597, x1571, x1568); ++ fiat_secp384r1_addcarryx_u32(&x1600, &x1601, x1599, x1569, x1566); ++ x1602 = (x1601 + x1567); ++ fiat_secp384r1_addcarryx_u32(&x1603, &x1604, 0x0, x1540, x1584); ++ fiat_secp384r1_addcarryx_u32(&x1605, &x1606, x1604, x1542, x1585); ++ fiat_secp384r1_addcarryx_u32(&x1607, &x1608, x1606, x1544, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1609, &x1610, x1608, x1546, x1582); ++ fiat_secp384r1_addcarryx_u32(&x1611, &x1612, x1610, x1548, x1586); ++ fiat_secp384r1_addcarryx_u32(&x1613, &x1614, x1612, x1550, x1588); ++ fiat_secp384r1_addcarryx_u32(&x1615, &x1616, x1614, x1552, x1590); ++ fiat_secp384r1_addcarryx_u32(&x1617, &x1618, x1616, x1554, x1592); ++ fiat_secp384r1_addcarryx_u32(&x1619, &x1620, x1618, x1556, x1594); ++ fiat_secp384r1_addcarryx_u32(&x1621, &x1622, x1620, x1558, x1596); ++ fiat_secp384r1_addcarryx_u32(&x1623, &x1624, x1622, x1560, x1598); ++ fiat_secp384r1_addcarryx_u32(&x1625, &x1626, x1624, x1562, x1600); ++ fiat_secp384r1_addcarryx_u32(&x1627, &x1628, x1626, x1564, x1602); ++ x1629 = ((uint32_t)x1628 + x1565); ++ fiat_secp384r1_subborrowx_u32(&x1630, &x1631, 0x0, x1605, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1632, &x1633, x1631, x1607, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x1634, &x1635, x1633, x1609, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x1636, &x1637, x1635, x1611, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1638, &x1639, x1637, x1613, ++ UINT32_C(0xfffffffe)); ++ fiat_secp384r1_subborrowx_u32(&x1640, &x1641, x1639, x1615, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1642, &x1643, x1641, x1617, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1644, &x1645, x1643, x1619, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1646, &x1647, x1645, x1621, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1648, &x1649, x1647, x1623, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1650, &x1651, x1649, x1625, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1652, &x1653, x1651, x1627, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1654, &x1655, x1653, x1629, 0x0); ++ fiat_secp384r1_cmovznz_u32(&x1656, x1655, x1630, x1605); ++ fiat_secp384r1_cmovznz_u32(&x1657, x1655, x1632, x1607); ++ fiat_secp384r1_cmovznz_u32(&x1658, x1655, x1634, x1609); ++ fiat_secp384r1_cmovznz_u32(&x1659, x1655, x1636, x1611); ++ fiat_secp384r1_cmovznz_u32(&x1660, x1655, x1638, x1613); ++ fiat_secp384r1_cmovznz_u32(&x1661, x1655, x1640, x1615); ++ fiat_secp384r1_cmovznz_u32(&x1662, x1655, x1642, x1617); ++ fiat_secp384r1_cmovznz_u32(&x1663, x1655, x1644, x1619); ++ fiat_secp384r1_cmovznz_u32(&x1664, x1655, x1646, x1621); ++ fiat_secp384r1_cmovznz_u32(&x1665, x1655, x1648, x1623); ++ fiat_secp384r1_cmovznz_u32(&x1666, x1655, x1650, x1625); ++ fiat_secp384r1_cmovznz_u32(&x1667, x1655, x1652, x1627); ++ out1[0] = x1656; ++ out1[1] = x1657; ++ out1[2] = x1658; ++ out1[3] = x1659; ++ out1[4] = x1660; ++ out1[5] = x1661; ++ out1[6] = x1662; ++ out1[7] = x1663; ++ out1[8] = x1664; ++ out1[9] = x1665; ++ out1[10] = x1666; ++ out1[11] = x1667; ++} ++ ++/* ++ * The function fiat_secp384r1_square squares a field element in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_square(uint32_t out1[12], const uint32_t arg1[12]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ uint32_t x23; ++ uint32_t x24; ++ uint32_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint32_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint32_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint32_t x36; ++ uint32_t x37; ++ fiat_secp384r1_uint1 x38; ++ uint32_t x39; ++ fiat_secp384r1_uint1 x40; ++ uint32_t x41; ++ fiat_secp384r1_uint1 x42; ++ uint32_t x43; ++ fiat_secp384r1_uint1 x44; ++ uint32_t x45; ++ fiat_secp384r1_uint1 x46; ++ uint32_t x47; ++ fiat_secp384r1_uint1 x48; ++ uint32_t x49; ++ fiat_secp384r1_uint1 x50; ++ uint32_t x51; ++ fiat_secp384r1_uint1 x52; ++ uint32_t x53; ++ fiat_secp384r1_uint1 x54; ++ uint32_t x55; ++ fiat_secp384r1_uint1 x56; ++ uint32_t x57; ++ fiat_secp384r1_uint1 x58; ++ uint32_t x59; ++ uint32_t x60; ++ uint32_t x61; ++ uint32_t x62; ++ uint32_t x63; ++ uint32_t x64; ++ uint32_t x65; ++ uint32_t x66; ++ uint32_t x67; ++ uint32_t x68; ++ uint32_t x69; ++ uint32_t x70; ++ uint32_t x71; ++ uint32_t x72; ++ uint32_t x73; ++ uint32_t x74; ++ uint32_t x75; ++ uint32_t x76; ++ uint32_t x77; ++ uint32_t x78; ++ uint32_t x79; ++ uint32_t x80; ++ fiat_secp384r1_uint1 x81; ++ uint32_t x82; ++ fiat_secp384r1_uint1 x83; ++ uint32_t x84; ++ fiat_secp384r1_uint1 x85; ++ uint32_t x86; ++ fiat_secp384r1_uint1 x87; ++ uint32_t x88; ++ fiat_secp384r1_uint1 x89; ++ uint32_t x90; ++ fiat_secp384r1_uint1 x91; ++ uint32_t x92; ++ fiat_secp384r1_uint1 x93; ++ uint32_t x94; ++ fiat_secp384r1_uint1 x95; ++ uint32_t x96; ++ uint32_t x97; ++ fiat_secp384r1_uint1 x98; ++ uint32_t x99; ++ fiat_secp384r1_uint1 x100; ++ uint32_t x101; ++ fiat_secp384r1_uint1 x102; ++ uint32_t x103; ++ fiat_secp384r1_uint1 x104; ++ uint32_t x105; ++ fiat_secp384r1_uint1 x106; ++ uint32_t x107; ++ fiat_secp384r1_uint1 x108; ++ uint32_t x109; ++ fiat_secp384r1_uint1 x110; ++ uint32_t x111; ++ fiat_secp384r1_uint1 x112; ++ uint32_t x113; ++ fiat_secp384r1_uint1 x114; ++ uint32_t x115; ++ fiat_secp384r1_uint1 x116; ++ uint32_t x117; ++ fiat_secp384r1_uint1 x118; ++ uint32_t x119; ++ fiat_secp384r1_uint1 x120; ++ uint32_t x121; ++ fiat_secp384r1_uint1 x122; ++ uint32_t x123; ++ uint32_t x124; ++ uint32_t x125; ++ uint32_t x126; ++ uint32_t x127; ++ uint32_t x128; ++ uint32_t x129; ++ uint32_t x130; ++ uint32_t x131; ++ uint32_t x132; ++ uint32_t x133; ++ uint32_t x134; ++ uint32_t x135; ++ uint32_t x136; ++ uint32_t x137; ++ uint32_t x138; ++ uint32_t x139; ++ uint32_t x140; ++ uint32_t x141; ++ uint32_t x142; ++ uint32_t x143; ++ uint32_t x144; ++ uint32_t x145; ++ uint32_t x146; ++ uint32_t x147; ++ fiat_secp384r1_uint1 x148; ++ uint32_t x149; ++ fiat_secp384r1_uint1 x150; ++ uint32_t x151; ++ fiat_secp384r1_uint1 x152; ++ uint32_t x153; ++ fiat_secp384r1_uint1 x154; ++ uint32_t x155; ++ fiat_secp384r1_uint1 x156; ++ uint32_t x157; ++ fiat_secp384r1_uint1 x158; ++ uint32_t x159; ++ fiat_secp384r1_uint1 x160; ++ uint32_t x161; ++ fiat_secp384r1_uint1 x162; ++ uint32_t x163; ++ fiat_secp384r1_uint1 x164; ++ uint32_t x165; ++ fiat_secp384r1_uint1 x166; ++ uint32_t x167; ++ fiat_secp384r1_uint1 x168; ++ uint32_t x169; ++ uint32_t x170; ++ fiat_secp384r1_uint1 x171; ++ uint32_t x172; ++ fiat_secp384r1_uint1 x173; ++ uint32_t x174; ++ fiat_secp384r1_uint1 x175; ++ uint32_t x176; ++ fiat_secp384r1_uint1 x177; ++ uint32_t x178; ++ fiat_secp384r1_uint1 x179; ++ uint32_t x180; ++ fiat_secp384r1_uint1 x181; ++ uint32_t x182; ++ fiat_secp384r1_uint1 x183; ++ uint32_t x184; ++ fiat_secp384r1_uint1 x185; ++ uint32_t x186; ++ fiat_secp384r1_uint1 x187; ++ uint32_t x188; ++ fiat_secp384r1_uint1 x189; ++ uint32_t x190; ++ fiat_secp384r1_uint1 x191; ++ uint32_t x192; ++ fiat_secp384r1_uint1 x193; ++ uint32_t x194; ++ fiat_secp384r1_uint1 x195; ++ uint32_t x196; ++ uint32_t x197; ++ uint32_t x198; ++ uint32_t x199; ++ uint32_t x200; ++ uint32_t x201; ++ uint32_t x202; ++ uint32_t x203; ++ uint32_t x204; ++ uint32_t x205; ++ uint32_t x206; ++ uint32_t x207; ++ uint32_t x208; ++ uint32_t x209; ++ uint32_t x210; ++ uint32_t x211; ++ uint32_t x212; ++ uint32_t x213; ++ uint32_t x214; ++ uint32_t x215; ++ uint32_t x216; ++ fiat_secp384r1_uint1 x217; ++ uint32_t x218; ++ fiat_secp384r1_uint1 x219; ++ uint32_t x220; ++ fiat_secp384r1_uint1 x221; ++ uint32_t x222; ++ fiat_secp384r1_uint1 x223; ++ uint32_t x224; ++ fiat_secp384r1_uint1 x225; ++ uint32_t x226; ++ fiat_secp384r1_uint1 x227; ++ uint32_t x228; ++ fiat_secp384r1_uint1 x229; ++ uint32_t x230; ++ fiat_secp384r1_uint1 x231; ++ uint32_t x232; ++ uint32_t x233; ++ fiat_secp384r1_uint1 x234; ++ uint32_t x235; ++ fiat_secp384r1_uint1 x236; ++ uint32_t x237; ++ fiat_secp384r1_uint1 x238; ++ uint32_t x239; ++ fiat_secp384r1_uint1 x240; ++ uint32_t x241; ++ fiat_secp384r1_uint1 x242; ++ uint32_t x243; ++ fiat_secp384r1_uint1 x244; ++ uint32_t x245; ++ fiat_secp384r1_uint1 x246; ++ uint32_t x247; ++ fiat_secp384r1_uint1 x248; ++ uint32_t x249; ++ fiat_secp384r1_uint1 x250; ++ uint32_t x251; ++ fiat_secp384r1_uint1 x252; ++ uint32_t x253; ++ fiat_secp384r1_uint1 x254; ++ uint32_t x255; ++ fiat_secp384r1_uint1 x256; ++ uint32_t x257; ++ fiat_secp384r1_uint1 x258; ++ uint32_t x259; ++ uint32_t x260; ++ uint32_t x261; ++ uint32_t x262; ++ uint32_t x263; ++ uint32_t x264; ++ uint32_t x265; ++ uint32_t x266; ++ uint32_t x267; ++ uint32_t x268; ++ uint32_t x269; ++ uint32_t x270; ++ uint32_t x271; ++ uint32_t x272; ++ uint32_t x273; ++ uint32_t x274; ++ uint32_t x275; ++ uint32_t x276; ++ uint32_t x277; ++ uint32_t x278; ++ uint32_t x279; ++ uint32_t x280; ++ uint32_t x281; ++ uint32_t x282; ++ uint32_t x283; ++ uint32_t x284; ++ fiat_secp384r1_uint1 x285; ++ uint32_t x286; ++ fiat_secp384r1_uint1 x287; ++ uint32_t x288; ++ fiat_secp384r1_uint1 x289; ++ uint32_t x290; ++ fiat_secp384r1_uint1 x291; ++ uint32_t x292; ++ fiat_secp384r1_uint1 x293; ++ uint32_t x294; ++ fiat_secp384r1_uint1 x295; ++ uint32_t x296; ++ fiat_secp384r1_uint1 x297; ++ uint32_t x298; ++ fiat_secp384r1_uint1 x299; ++ uint32_t x300; ++ fiat_secp384r1_uint1 x301; ++ uint32_t x302; ++ fiat_secp384r1_uint1 x303; ++ uint32_t x304; ++ fiat_secp384r1_uint1 x305; ++ uint32_t x306; ++ uint32_t x307; ++ fiat_secp384r1_uint1 x308; ++ uint32_t x309; ++ fiat_secp384r1_uint1 x310; ++ uint32_t x311; ++ fiat_secp384r1_uint1 x312; ++ uint32_t x313; ++ fiat_secp384r1_uint1 x314; ++ uint32_t x315; ++ fiat_secp384r1_uint1 x316; ++ uint32_t x317; ++ fiat_secp384r1_uint1 x318; ++ uint32_t x319; ++ fiat_secp384r1_uint1 x320; ++ uint32_t x321; ++ fiat_secp384r1_uint1 x322; ++ uint32_t x323; ++ fiat_secp384r1_uint1 x324; ++ uint32_t x325; ++ fiat_secp384r1_uint1 x326; ++ uint32_t x327; ++ fiat_secp384r1_uint1 x328; ++ uint32_t x329; ++ fiat_secp384r1_uint1 x330; ++ uint32_t x331; ++ fiat_secp384r1_uint1 x332; ++ uint32_t x333; ++ uint32_t x334; ++ uint32_t x335; ++ uint32_t x336; ++ uint32_t x337; ++ uint32_t x338; ++ uint32_t x339; ++ uint32_t x340; ++ uint32_t x341; ++ uint32_t x342; ++ uint32_t x343; ++ uint32_t x344; ++ uint32_t x345; ++ uint32_t x346; ++ uint32_t x347; ++ uint32_t x348; ++ uint32_t x349; ++ uint32_t x350; ++ uint32_t x351; ++ uint32_t x352; ++ uint32_t x353; ++ fiat_secp384r1_uint1 x354; ++ uint32_t x355; ++ fiat_secp384r1_uint1 x356; ++ uint32_t x357; ++ fiat_secp384r1_uint1 x358; ++ uint32_t x359; ++ fiat_secp384r1_uint1 x360; ++ uint32_t x361; ++ fiat_secp384r1_uint1 x362; ++ uint32_t x363; ++ fiat_secp384r1_uint1 x364; ++ uint32_t x365; ++ fiat_secp384r1_uint1 x366; ++ uint32_t x367; ++ fiat_secp384r1_uint1 x368; ++ uint32_t x369; ++ uint32_t x370; ++ fiat_secp384r1_uint1 x371; ++ uint32_t x372; ++ fiat_secp384r1_uint1 x373; ++ uint32_t x374; ++ fiat_secp384r1_uint1 x375; ++ uint32_t x376; ++ fiat_secp384r1_uint1 x377; ++ uint32_t x378; ++ fiat_secp384r1_uint1 x379; ++ uint32_t x380; ++ fiat_secp384r1_uint1 x381; ++ uint32_t x382; ++ fiat_secp384r1_uint1 x383; ++ uint32_t x384; ++ fiat_secp384r1_uint1 x385; ++ uint32_t x386; ++ fiat_secp384r1_uint1 x387; ++ uint32_t x388; ++ fiat_secp384r1_uint1 x389; ++ uint32_t x390; ++ fiat_secp384r1_uint1 x391; ++ uint32_t x392; ++ fiat_secp384r1_uint1 x393; ++ uint32_t x394; ++ fiat_secp384r1_uint1 x395; ++ uint32_t x396; ++ uint32_t x397; ++ uint32_t x398; ++ uint32_t x399; ++ uint32_t x400; ++ uint32_t x401; ++ uint32_t x402; ++ uint32_t x403; ++ uint32_t x404; ++ uint32_t x405; ++ uint32_t x406; ++ uint32_t x407; ++ uint32_t x408; ++ uint32_t x409; ++ uint32_t x410; ++ uint32_t x411; ++ uint32_t x412; ++ uint32_t x413; ++ uint32_t x414; ++ uint32_t x415; ++ uint32_t x416; ++ uint32_t x417; ++ uint32_t x418; ++ uint32_t x419; ++ uint32_t x420; ++ uint32_t x421; ++ fiat_secp384r1_uint1 x422; ++ uint32_t x423; ++ fiat_secp384r1_uint1 x424; ++ uint32_t x425; ++ fiat_secp384r1_uint1 x426; ++ uint32_t x427; ++ fiat_secp384r1_uint1 x428; ++ uint32_t x429; ++ fiat_secp384r1_uint1 x430; ++ uint32_t x431; ++ fiat_secp384r1_uint1 x432; ++ uint32_t x433; ++ fiat_secp384r1_uint1 x434; ++ uint32_t x435; ++ fiat_secp384r1_uint1 x436; ++ uint32_t x437; ++ fiat_secp384r1_uint1 x438; ++ uint32_t x439; ++ fiat_secp384r1_uint1 x440; ++ uint32_t x441; ++ fiat_secp384r1_uint1 x442; ++ uint32_t x443; ++ uint32_t x444; ++ fiat_secp384r1_uint1 x445; ++ uint32_t x446; ++ fiat_secp384r1_uint1 x447; ++ uint32_t x448; ++ fiat_secp384r1_uint1 x449; ++ uint32_t x450; ++ fiat_secp384r1_uint1 x451; ++ uint32_t x452; ++ fiat_secp384r1_uint1 x453; ++ uint32_t x454; ++ fiat_secp384r1_uint1 x455; ++ uint32_t x456; ++ fiat_secp384r1_uint1 x457; ++ uint32_t x458; ++ fiat_secp384r1_uint1 x459; ++ uint32_t x460; ++ fiat_secp384r1_uint1 x461; ++ uint32_t x462; ++ fiat_secp384r1_uint1 x463; ++ uint32_t x464; ++ fiat_secp384r1_uint1 x465; ++ uint32_t x466; ++ fiat_secp384r1_uint1 x467; ++ uint32_t x468; ++ fiat_secp384r1_uint1 x469; ++ uint32_t x470; ++ uint32_t x471; ++ uint32_t x472; ++ uint32_t x473; ++ uint32_t x474; ++ uint32_t x475; ++ uint32_t x476; ++ uint32_t x477; ++ uint32_t x478; ++ uint32_t x479; ++ uint32_t x480; ++ uint32_t x481; ++ uint32_t x482; ++ uint32_t x483; ++ uint32_t x484; ++ uint32_t x485; ++ uint32_t x486; ++ uint32_t x487; ++ uint32_t x488; ++ uint32_t x489; ++ uint32_t x490; ++ fiat_secp384r1_uint1 x491; ++ uint32_t x492; ++ fiat_secp384r1_uint1 x493; ++ uint32_t x494; ++ fiat_secp384r1_uint1 x495; ++ uint32_t x496; ++ fiat_secp384r1_uint1 x497; ++ uint32_t x498; ++ fiat_secp384r1_uint1 x499; ++ uint32_t x500; ++ fiat_secp384r1_uint1 x501; ++ uint32_t x502; ++ fiat_secp384r1_uint1 x503; ++ uint32_t x504; ++ fiat_secp384r1_uint1 x505; ++ uint32_t x506; ++ uint32_t x507; ++ fiat_secp384r1_uint1 x508; ++ uint32_t x509; ++ fiat_secp384r1_uint1 x510; ++ uint32_t x511; ++ fiat_secp384r1_uint1 x512; ++ uint32_t x513; ++ fiat_secp384r1_uint1 x514; ++ uint32_t x515; ++ fiat_secp384r1_uint1 x516; ++ uint32_t x517; ++ fiat_secp384r1_uint1 x518; ++ uint32_t x519; ++ fiat_secp384r1_uint1 x520; ++ uint32_t x521; ++ fiat_secp384r1_uint1 x522; ++ uint32_t x523; ++ fiat_secp384r1_uint1 x524; ++ uint32_t x525; ++ fiat_secp384r1_uint1 x526; ++ uint32_t x527; ++ fiat_secp384r1_uint1 x528; ++ uint32_t x529; ++ fiat_secp384r1_uint1 x530; ++ uint32_t x531; ++ fiat_secp384r1_uint1 x532; ++ uint32_t x533; ++ uint32_t x534; ++ uint32_t x535; ++ uint32_t x536; ++ uint32_t x537; ++ uint32_t x538; ++ uint32_t x539; ++ uint32_t x540; ++ uint32_t x541; ++ uint32_t x542; ++ uint32_t x543; ++ uint32_t x544; ++ uint32_t x545; ++ uint32_t x546; ++ uint32_t x547; ++ uint32_t x548; ++ uint32_t x549; ++ uint32_t x550; ++ uint32_t x551; ++ uint32_t x552; ++ uint32_t x553; ++ uint32_t x554; ++ uint32_t x555; ++ uint32_t x556; ++ uint32_t x557; ++ uint32_t x558; ++ fiat_secp384r1_uint1 x559; ++ uint32_t x560; ++ fiat_secp384r1_uint1 x561; ++ uint32_t x562; ++ fiat_secp384r1_uint1 x563; ++ uint32_t x564; ++ fiat_secp384r1_uint1 x565; ++ uint32_t x566; ++ fiat_secp384r1_uint1 x567; ++ uint32_t x568; ++ fiat_secp384r1_uint1 x569; ++ uint32_t x570; ++ fiat_secp384r1_uint1 x571; ++ uint32_t x572; ++ fiat_secp384r1_uint1 x573; ++ uint32_t x574; ++ fiat_secp384r1_uint1 x575; ++ uint32_t x576; ++ fiat_secp384r1_uint1 x577; ++ uint32_t x578; ++ fiat_secp384r1_uint1 x579; ++ uint32_t x580; ++ uint32_t x581; ++ fiat_secp384r1_uint1 x582; ++ uint32_t x583; ++ fiat_secp384r1_uint1 x584; ++ uint32_t x585; ++ fiat_secp384r1_uint1 x586; ++ uint32_t x587; ++ fiat_secp384r1_uint1 x588; ++ uint32_t x589; ++ fiat_secp384r1_uint1 x590; ++ uint32_t x591; ++ fiat_secp384r1_uint1 x592; ++ uint32_t x593; ++ fiat_secp384r1_uint1 x594; ++ uint32_t x595; ++ fiat_secp384r1_uint1 x596; ++ uint32_t x597; ++ fiat_secp384r1_uint1 x598; ++ uint32_t x599; ++ fiat_secp384r1_uint1 x600; ++ uint32_t x601; ++ fiat_secp384r1_uint1 x602; ++ uint32_t x603; ++ fiat_secp384r1_uint1 x604; ++ uint32_t x605; ++ fiat_secp384r1_uint1 x606; ++ uint32_t x607; ++ uint32_t x608; ++ uint32_t x609; ++ uint32_t x610; ++ uint32_t x611; ++ uint32_t x612; ++ uint32_t x613; ++ uint32_t x614; ++ uint32_t x615; ++ uint32_t x616; ++ uint32_t x617; ++ uint32_t x618; ++ uint32_t x619; ++ uint32_t x620; ++ uint32_t x621; ++ uint32_t x622; ++ uint32_t x623; ++ uint32_t x624; ++ uint32_t x625; ++ uint32_t x626; ++ uint32_t x627; ++ fiat_secp384r1_uint1 x628; ++ uint32_t x629; ++ fiat_secp384r1_uint1 x630; ++ uint32_t x631; ++ fiat_secp384r1_uint1 x632; ++ uint32_t x633; ++ fiat_secp384r1_uint1 x634; ++ uint32_t x635; ++ fiat_secp384r1_uint1 x636; ++ uint32_t x637; ++ fiat_secp384r1_uint1 x638; ++ uint32_t x639; ++ fiat_secp384r1_uint1 x640; ++ uint32_t x641; ++ fiat_secp384r1_uint1 x642; ++ uint32_t x643; ++ uint32_t x644; ++ fiat_secp384r1_uint1 x645; ++ uint32_t x646; ++ fiat_secp384r1_uint1 x647; ++ uint32_t x648; ++ fiat_secp384r1_uint1 x649; ++ uint32_t x650; ++ fiat_secp384r1_uint1 x651; ++ uint32_t x652; ++ fiat_secp384r1_uint1 x653; ++ uint32_t x654; ++ fiat_secp384r1_uint1 x655; ++ uint32_t x656; ++ fiat_secp384r1_uint1 x657; ++ uint32_t x658; ++ fiat_secp384r1_uint1 x659; ++ uint32_t x660; ++ fiat_secp384r1_uint1 x661; ++ uint32_t x662; ++ fiat_secp384r1_uint1 x663; ++ uint32_t x664; ++ fiat_secp384r1_uint1 x665; ++ uint32_t x666; ++ fiat_secp384r1_uint1 x667; ++ uint32_t x668; ++ fiat_secp384r1_uint1 x669; ++ uint32_t x670; ++ uint32_t x671; ++ uint32_t x672; ++ uint32_t x673; ++ uint32_t x674; ++ uint32_t x675; ++ uint32_t x676; ++ uint32_t x677; ++ uint32_t x678; ++ uint32_t x679; ++ uint32_t x680; ++ uint32_t x681; ++ uint32_t x682; ++ uint32_t x683; ++ uint32_t x684; ++ uint32_t x685; ++ uint32_t x686; ++ uint32_t x687; ++ uint32_t x688; ++ uint32_t x689; ++ uint32_t x690; ++ uint32_t x691; ++ uint32_t x692; ++ uint32_t x693; ++ uint32_t x694; ++ uint32_t x695; ++ fiat_secp384r1_uint1 x696; ++ uint32_t x697; ++ fiat_secp384r1_uint1 x698; ++ uint32_t x699; ++ fiat_secp384r1_uint1 x700; ++ uint32_t x701; ++ fiat_secp384r1_uint1 x702; ++ uint32_t x703; ++ fiat_secp384r1_uint1 x704; ++ uint32_t x705; ++ fiat_secp384r1_uint1 x706; ++ uint32_t x707; ++ fiat_secp384r1_uint1 x708; ++ uint32_t x709; ++ fiat_secp384r1_uint1 x710; ++ uint32_t x711; ++ fiat_secp384r1_uint1 x712; ++ uint32_t x713; ++ fiat_secp384r1_uint1 x714; ++ uint32_t x715; ++ fiat_secp384r1_uint1 x716; ++ uint32_t x717; ++ uint32_t x718; ++ fiat_secp384r1_uint1 x719; ++ uint32_t x720; ++ fiat_secp384r1_uint1 x721; ++ uint32_t x722; ++ fiat_secp384r1_uint1 x723; ++ uint32_t x724; ++ fiat_secp384r1_uint1 x725; ++ uint32_t x726; ++ fiat_secp384r1_uint1 x727; ++ uint32_t x728; ++ fiat_secp384r1_uint1 x729; ++ uint32_t x730; ++ fiat_secp384r1_uint1 x731; ++ uint32_t x732; ++ fiat_secp384r1_uint1 x733; ++ uint32_t x734; ++ fiat_secp384r1_uint1 x735; ++ uint32_t x736; ++ fiat_secp384r1_uint1 x737; ++ uint32_t x738; ++ fiat_secp384r1_uint1 x739; ++ uint32_t x740; ++ fiat_secp384r1_uint1 x741; ++ uint32_t x742; ++ fiat_secp384r1_uint1 x743; ++ uint32_t x744; ++ uint32_t x745; ++ uint32_t x746; ++ uint32_t x747; ++ uint32_t x748; ++ uint32_t x749; ++ uint32_t x750; ++ uint32_t x751; ++ uint32_t x752; ++ uint32_t x753; ++ uint32_t x754; ++ uint32_t x755; ++ uint32_t x756; ++ uint32_t x757; ++ uint32_t x758; ++ uint32_t x759; ++ uint32_t x760; ++ uint32_t x761; ++ uint32_t x762; ++ uint32_t x763; ++ uint32_t x764; ++ fiat_secp384r1_uint1 x765; ++ uint32_t x766; ++ fiat_secp384r1_uint1 x767; ++ uint32_t x768; ++ fiat_secp384r1_uint1 x769; ++ uint32_t x770; ++ fiat_secp384r1_uint1 x771; ++ uint32_t x772; ++ fiat_secp384r1_uint1 x773; ++ uint32_t x774; ++ fiat_secp384r1_uint1 x775; ++ uint32_t x776; ++ fiat_secp384r1_uint1 x777; ++ uint32_t x778; ++ fiat_secp384r1_uint1 x779; ++ uint32_t x780; ++ uint32_t x781; ++ fiat_secp384r1_uint1 x782; ++ uint32_t x783; ++ fiat_secp384r1_uint1 x784; ++ uint32_t x785; ++ fiat_secp384r1_uint1 x786; ++ uint32_t x787; ++ fiat_secp384r1_uint1 x788; ++ uint32_t x789; ++ fiat_secp384r1_uint1 x790; ++ uint32_t x791; ++ fiat_secp384r1_uint1 x792; ++ uint32_t x793; ++ fiat_secp384r1_uint1 x794; ++ uint32_t x795; ++ fiat_secp384r1_uint1 x796; ++ uint32_t x797; ++ fiat_secp384r1_uint1 x798; ++ uint32_t x799; ++ fiat_secp384r1_uint1 x800; ++ uint32_t x801; ++ fiat_secp384r1_uint1 x802; ++ uint32_t x803; ++ fiat_secp384r1_uint1 x804; ++ uint32_t x805; ++ fiat_secp384r1_uint1 x806; ++ uint32_t x807; ++ uint32_t x808; ++ uint32_t x809; ++ uint32_t x810; ++ uint32_t x811; ++ uint32_t x812; ++ uint32_t x813; ++ uint32_t x814; ++ uint32_t x815; ++ uint32_t x816; ++ uint32_t x817; ++ uint32_t x818; ++ uint32_t x819; ++ uint32_t x820; ++ uint32_t x821; ++ uint32_t x822; ++ uint32_t x823; ++ uint32_t x824; ++ uint32_t x825; ++ uint32_t x826; ++ uint32_t x827; ++ uint32_t x828; ++ uint32_t x829; ++ uint32_t x830; ++ uint32_t x831; ++ uint32_t x832; ++ fiat_secp384r1_uint1 x833; ++ uint32_t x834; ++ fiat_secp384r1_uint1 x835; ++ uint32_t x836; ++ fiat_secp384r1_uint1 x837; ++ uint32_t x838; ++ fiat_secp384r1_uint1 x839; ++ uint32_t x840; ++ fiat_secp384r1_uint1 x841; ++ uint32_t x842; ++ fiat_secp384r1_uint1 x843; ++ uint32_t x844; ++ fiat_secp384r1_uint1 x845; ++ uint32_t x846; ++ fiat_secp384r1_uint1 x847; ++ uint32_t x848; ++ fiat_secp384r1_uint1 x849; ++ uint32_t x850; ++ fiat_secp384r1_uint1 x851; ++ uint32_t x852; ++ fiat_secp384r1_uint1 x853; ++ uint32_t x854; ++ uint32_t x855; ++ fiat_secp384r1_uint1 x856; ++ uint32_t x857; ++ fiat_secp384r1_uint1 x858; ++ uint32_t x859; ++ fiat_secp384r1_uint1 x860; ++ uint32_t x861; ++ fiat_secp384r1_uint1 x862; ++ uint32_t x863; ++ fiat_secp384r1_uint1 x864; ++ uint32_t x865; ++ fiat_secp384r1_uint1 x866; ++ uint32_t x867; ++ fiat_secp384r1_uint1 x868; ++ uint32_t x869; ++ fiat_secp384r1_uint1 x870; ++ uint32_t x871; ++ fiat_secp384r1_uint1 x872; ++ uint32_t x873; ++ fiat_secp384r1_uint1 x874; ++ uint32_t x875; ++ fiat_secp384r1_uint1 x876; ++ uint32_t x877; ++ fiat_secp384r1_uint1 x878; ++ uint32_t x879; ++ fiat_secp384r1_uint1 x880; ++ uint32_t x881; ++ uint32_t x882; ++ uint32_t x883; ++ uint32_t x884; ++ uint32_t x885; ++ uint32_t x886; ++ uint32_t x887; ++ uint32_t x888; ++ uint32_t x889; ++ uint32_t x890; ++ uint32_t x891; ++ uint32_t x892; ++ uint32_t x893; ++ uint32_t x894; ++ uint32_t x895; ++ uint32_t x896; ++ uint32_t x897; ++ uint32_t x898; ++ uint32_t x899; ++ uint32_t x900; ++ uint32_t x901; ++ fiat_secp384r1_uint1 x902; ++ uint32_t x903; ++ fiat_secp384r1_uint1 x904; ++ uint32_t x905; ++ fiat_secp384r1_uint1 x906; ++ uint32_t x907; ++ fiat_secp384r1_uint1 x908; ++ uint32_t x909; ++ fiat_secp384r1_uint1 x910; ++ uint32_t x911; ++ fiat_secp384r1_uint1 x912; ++ uint32_t x913; ++ fiat_secp384r1_uint1 x914; ++ uint32_t x915; ++ fiat_secp384r1_uint1 x916; ++ uint32_t x917; ++ uint32_t x918; ++ fiat_secp384r1_uint1 x919; ++ uint32_t x920; ++ fiat_secp384r1_uint1 x921; ++ uint32_t x922; ++ fiat_secp384r1_uint1 x923; ++ uint32_t x924; ++ fiat_secp384r1_uint1 x925; ++ uint32_t x926; ++ fiat_secp384r1_uint1 x927; ++ uint32_t x928; ++ fiat_secp384r1_uint1 x929; ++ uint32_t x930; ++ fiat_secp384r1_uint1 x931; ++ uint32_t x932; ++ fiat_secp384r1_uint1 x933; ++ uint32_t x934; ++ fiat_secp384r1_uint1 x935; ++ uint32_t x936; ++ fiat_secp384r1_uint1 x937; ++ uint32_t x938; ++ fiat_secp384r1_uint1 x939; ++ uint32_t x940; ++ fiat_secp384r1_uint1 x941; ++ uint32_t x942; ++ fiat_secp384r1_uint1 x943; ++ uint32_t x944; ++ uint32_t x945; ++ uint32_t x946; ++ uint32_t x947; ++ uint32_t x948; ++ uint32_t x949; ++ uint32_t x950; ++ uint32_t x951; ++ uint32_t x952; ++ uint32_t x953; ++ uint32_t x954; ++ uint32_t x955; ++ uint32_t x956; ++ uint32_t x957; ++ uint32_t x958; ++ uint32_t x959; ++ uint32_t x960; ++ uint32_t x961; ++ uint32_t x962; ++ uint32_t x963; ++ uint32_t x964; ++ uint32_t x965; ++ uint32_t x966; ++ uint32_t x967; ++ uint32_t x968; ++ uint32_t x969; ++ fiat_secp384r1_uint1 x970; ++ uint32_t x971; ++ fiat_secp384r1_uint1 x972; ++ uint32_t x973; ++ fiat_secp384r1_uint1 x974; ++ uint32_t x975; ++ fiat_secp384r1_uint1 x976; ++ uint32_t x977; ++ fiat_secp384r1_uint1 x978; ++ uint32_t x979; ++ fiat_secp384r1_uint1 x980; ++ uint32_t x981; ++ fiat_secp384r1_uint1 x982; ++ uint32_t x983; ++ fiat_secp384r1_uint1 x984; ++ uint32_t x985; ++ fiat_secp384r1_uint1 x986; ++ uint32_t x987; ++ fiat_secp384r1_uint1 x988; ++ uint32_t x989; ++ fiat_secp384r1_uint1 x990; ++ uint32_t x991; ++ uint32_t x992; ++ fiat_secp384r1_uint1 x993; ++ uint32_t x994; ++ fiat_secp384r1_uint1 x995; ++ uint32_t x996; ++ fiat_secp384r1_uint1 x997; ++ uint32_t x998; ++ fiat_secp384r1_uint1 x999; ++ uint32_t x1000; ++ fiat_secp384r1_uint1 x1001; ++ uint32_t x1002; ++ fiat_secp384r1_uint1 x1003; ++ uint32_t x1004; ++ fiat_secp384r1_uint1 x1005; ++ uint32_t x1006; ++ fiat_secp384r1_uint1 x1007; ++ uint32_t x1008; ++ fiat_secp384r1_uint1 x1009; ++ uint32_t x1010; ++ fiat_secp384r1_uint1 x1011; ++ uint32_t x1012; ++ fiat_secp384r1_uint1 x1013; ++ uint32_t x1014; ++ fiat_secp384r1_uint1 x1015; ++ uint32_t x1016; ++ fiat_secp384r1_uint1 x1017; ++ uint32_t x1018; ++ uint32_t x1019; ++ uint32_t x1020; ++ uint32_t x1021; ++ uint32_t x1022; ++ uint32_t x1023; ++ uint32_t x1024; ++ uint32_t x1025; ++ uint32_t x1026; ++ uint32_t x1027; ++ uint32_t x1028; ++ uint32_t x1029; ++ uint32_t x1030; ++ uint32_t x1031; ++ uint32_t x1032; ++ uint32_t x1033; ++ uint32_t x1034; ++ uint32_t x1035; ++ uint32_t x1036; ++ uint32_t x1037; ++ uint32_t x1038; ++ fiat_secp384r1_uint1 x1039; ++ uint32_t x1040; ++ fiat_secp384r1_uint1 x1041; ++ uint32_t x1042; ++ fiat_secp384r1_uint1 x1043; ++ uint32_t x1044; ++ fiat_secp384r1_uint1 x1045; ++ uint32_t x1046; ++ fiat_secp384r1_uint1 x1047; ++ uint32_t x1048; ++ fiat_secp384r1_uint1 x1049; ++ uint32_t x1050; ++ fiat_secp384r1_uint1 x1051; ++ uint32_t x1052; ++ fiat_secp384r1_uint1 x1053; ++ uint32_t x1054; ++ uint32_t x1055; ++ fiat_secp384r1_uint1 x1056; ++ uint32_t x1057; ++ fiat_secp384r1_uint1 x1058; ++ uint32_t x1059; ++ fiat_secp384r1_uint1 x1060; ++ uint32_t x1061; ++ fiat_secp384r1_uint1 x1062; ++ uint32_t x1063; ++ fiat_secp384r1_uint1 x1064; ++ uint32_t x1065; ++ fiat_secp384r1_uint1 x1066; ++ uint32_t x1067; ++ fiat_secp384r1_uint1 x1068; ++ uint32_t x1069; ++ fiat_secp384r1_uint1 x1070; ++ uint32_t x1071; ++ fiat_secp384r1_uint1 x1072; ++ uint32_t x1073; ++ fiat_secp384r1_uint1 x1074; ++ uint32_t x1075; ++ fiat_secp384r1_uint1 x1076; ++ uint32_t x1077; ++ fiat_secp384r1_uint1 x1078; ++ uint32_t x1079; ++ fiat_secp384r1_uint1 x1080; ++ uint32_t x1081; ++ uint32_t x1082; ++ uint32_t x1083; ++ uint32_t x1084; ++ uint32_t x1085; ++ uint32_t x1086; ++ uint32_t x1087; ++ uint32_t x1088; ++ uint32_t x1089; ++ uint32_t x1090; ++ uint32_t x1091; ++ uint32_t x1092; ++ uint32_t x1093; ++ uint32_t x1094; ++ uint32_t x1095; ++ uint32_t x1096; ++ uint32_t x1097; ++ uint32_t x1098; ++ uint32_t x1099; ++ uint32_t x1100; ++ uint32_t x1101; ++ uint32_t x1102; ++ uint32_t x1103; ++ uint32_t x1104; ++ uint32_t x1105; ++ uint32_t x1106; ++ fiat_secp384r1_uint1 x1107; ++ uint32_t x1108; ++ fiat_secp384r1_uint1 x1109; ++ uint32_t x1110; ++ fiat_secp384r1_uint1 x1111; ++ uint32_t x1112; ++ fiat_secp384r1_uint1 x1113; ++ uint32_t x1114; ++ fiat_secp384r1_uint1 x1115; ++ uint32_t x1116; ++ fiat_secp384r1_uint1 x1117; ++ uint32_t x1118; ++ fiat_secp384r1_uint1 x1119; ++ uint32_t x1120; ++ fiat_secp384r1_uint1 x1121; ++ uint32_t x1122; ++ fiat_secp384r1_uint1 x1123; ++ uint32_t x1124; ++ fiat_secp384r1_uint1 x1125; ++ uint32_t x1126; ++ fiat_secp384r1_uint1 x1127; ++ uint32_t x1128; ++ uint32_t x1129; ++ fiat_secp384r1_uint1 x1130; ++ uint32_t x1131; ++ fiat_secp384r1_uint1 x1132; ++ uint32_t x1133; ++ fiat_secp384r1_uint1 x1134; ++ uint32_t x1135; ++ fiat_secp384r1_uint1 x1136; ++ uint32_t x1137; ++ fiat_secp384r1_uint1 x1138; ++ uint32_t x1139; ++ fiat_secp384r1_uint1 x1140; ++ uint32_t x1141; ++ fiat_secp384r1_uint1 x1142; ++ uint32_t x1143; ++ fiat_secp384r1_uint1 x1144; ++ uint32_t x1145; ++ fiat_secp384r1_uint1 x1146; ++ uint32_t x1147; ++ fiat_secp384r1_uint1 x1148; ++ uint32_t x1149; ++ fiat_secp384r1_uint1 x1150; ++ uint32_t x1151; ++ fiat_secp384r1_uint1 x1152; ++ uint32_t x1153; ++ fiat_secp384r1_uint1 x1154; ++ uint32_t x1155; ++ uint32_t x1156; ++ uint32_t x1157; ++ uint32_t x1158; ++ uint32_t x1159; ++ uint32_t x1160; ++ uint32_t x1161; ++ uint32_t x1162; ++ uint32_t x1163; ++ uint32_t x1164; ++ uint32_t x1165; ++ uint32_t x1166; ++ uint32_t x1167; ++ uint32_t x1168; ++ uint32_t x1169; ++ uint32_t x1170; ++ uint32_t x1171; ++ uint32_t x1172; ++ uint32_t x1173; ++ uint32_t x1174; ++ uint32_t x1175; ++ fiat_secp384r1_uint1 x1176; ++ uint32_t x1177; ++ fiat_secp384r1_uint1 x1178; ++ uint32_t x1179; ++ fiat_secp384r1_uint1 x1180; ++ uint32_t x1181; ++ fiat_secp384r1_uint1 x1182; ++ uint32_t x1183; ++ fiat_secp384r1_uint1 x1184; ++ uint32_t x1185; ++ fiat_secp384r1_uint1 x1186; ++ uint32_t x1187; ++ fiat_secp384r1_uint1 x1188; ++ uint32_t x1189; ++ fiat_secp384r1_uint1 x1190; ++ uint32_t x1191; ++ uint32_t x1192; ++ fiat_secp384r1_uint1 x1193; ++ uint32_t x1194; ++ fiat_secp384r1_uint1 x1195; ++ uint32_t x1196; ++ fiat_secp384r1_uint1 x1197; ++ uint32_t x1198; ++ fiat_secp384r1_uint1 x1199; ++ uint32_t x1200; ++ fiat_secp384r1_uint1 x1201; ++ uint32_t x1202; ++ fiat_secp384r1_uint1 x1203; ++ uint32_t x1204; ++ fiat_secp384r1_uint1 x1205; ++ uint32_t x1206; ++ fiat_secp384r1_uint1 x1207; ++ uint32_t x1208; ++ fiat_secp384r1_uint1 x1209; ++ uint32_t x1210; ++ fiat_secp384r1_uint1 x1211; ++ uint32_t x1212; ++ fiat_secp384r1_uint1 x1213; ++ uint32_t x1214; ++ fiat_secp384r1_uint1 x1215; ++ uint32_t x1216; ++ fiat_secp384r1_uint1 x1217; ++ uint32_t x1218; ++ uint32_t x1219; ++ uint32_t x1220; ++ uint32_t x1221; ++ uint32_t x1222; ++ uint32_t x1223; ++ uint32_t x1224; ++ uint32_t x1225; ++ uint32_t x1226; ++ uint32_t x1227; ++ uint32_t x1228; ++ uint32_t x1229; ++ uint32_t x1230; ++ uint32_t x1231; ++ uint32_t x1232; ++ uint32_t x1233; ++ uint32_t x1234; ++ uint32_t x1235; ++ uint32_t x1236; ++ uint32_t x1237; ++ uint32_t x1238; ++ uint32_t x1239; ++ uint32_t x1240; ++ uint32_t x1241; ++ uint32_t x1242; ++ uint32_t x1243; ++ fiat_secp384r1_uint1 x1244; ++ uint32_t x1245; ++ fiat_secp384r1_uint1 x1246; ++ uint32_t x1247; ++ fiat_secp384r1_uint1 x1248; ++ uint32_t x1249; ++ fiat_secp384r1_uint1 x1250; ++ uint32_t x1251; ++ fiat_secp384r1_uint1 x1252; ++ uint32_t x1253; ++ fiat_secp384r1_uint1 x1254; ++ uint32_t x1255; ++ fiat_secp384r1_uint1 x1256; ++ uint32_t x1257; ++ fiat_secp384r1_uint1 x1258; ++ uint32_t x1259; ++ fiat_secp384r1_uint1 x1260; ++ uint32_t x1261; ++ fiat_secp384r1_uint1 x1262; ++ uint32_t x1263; ++ fiat_secp384r1_uint1 x1264; ++ uint32_t x1265; ++ uint32_t x1266; ++ fiat_secp384r1_uint1 x1267; ++ uint32_t x1268; ++ fiat_secp384r1_uint1 x1269; ++ uint32_t x1270; ++ fiat_secp384r1_uint1 x1271; ++ uint32_t x1272; ++ fiat_secp384r1_uint1 x1273; ++ uint32_t x1274; ++ fiat_secp384r1_uint1 x1275; ++ uint32_t x1276; ++ fiat_secp384r1_uint1 x1277; ++ uint32_t x1278; ++ fiat_secp384r1_uint1 x1279; ++ uint32_t x1280; ++ fiat_secp384r1_uint1 x1281; ++ uint32_t x1282; ++ fiat_secp384r1_uint1 x1283; ++ uint32_t x1284; ++ fiat_secp384r1_uint1 x1285; ++ uint32_t x1286; ++ fiat_secp384r1_uint1 x1287; ++ uint32_t x1288; ++ fiat_secp384r1_uint1 x1289; ++ uint32_t x1290; ++ fiat_secp384r1_uint1 x1291; ++ uint32_t x1292; ++ uint32_t x1293; ++ uint32_t x1294; ++ uint32_t x1295; ++ uint32_t x1296; ++ uint32_t x1297; ++ uint32_t x1298; ++ uint32_t x1299; ++ uint32_t x1300; ++ uint32_t x1301; ++ uint32_t x1302; ++ uint32_t x1303; ++ uint32_t x1304; ++ uint32_t x1305; ++ uint32_t x1306; ++ uint32_t x1307; ++ uint32_t x1308; ++ uint32_t x1309; ++ uint32_t x1310; ++ uint32_t x1311; ++ uint32_t x1312; ++ fiat_secp384r1_uint1 x1313; ++ uint32_t x1314; ++ fiat_secp384r1_uint1 x1315; ++ uint32_t x1316; ++ fiat_secp384r1_uint1 x1317; ++ uint32_t x1318; ++ fiat_secp384r1_uint1 x1319; ++ uint32_t x1320; ++ fiat_secp384r1_uint1 x1321; ++ uint32_t x1322; ++ fiat_secp384r1_uint1 x1323; ++ uint32_t x1324; ++ fiat_secp384r1_uint1 x1325; ++ uint32_t x1326; ++ fiat_secp384r1_uint1 x1327; ++ uint32_t x1328; ++ uint32_t x1329; ++ fiat_secp384r1_uint1 x1330; ++ uint32_t x1331; ++ fiat_secp384r1_uint1 x1332; ++ uint32_t x1333; ++ fiat_secp384r1_uint1 x1334; ++ uint32_t x1335; ++ fiat_secp384r1_uint1 x1336; ++ uint32_t x1337; ++ fiat_secp384r1_uint1 x1338; ++ uint32_t x1339; ++ fiat_secp384r1_uint1 x1340; ++ uint32_t x1341; ++ fiat_secp384r1_uint1 x1342; ++ uint32_t x1343; ++ fiat_secp384r1_uint1 x1344; ++ uint32_t x1345; ++ fiat_secp384r1_uint1 x1346; ++ uint32_t x1347; ++ fiat_secp384r1_uint1 x1348; ++ uint32_t x1349; ++ fiat_secp384r1_uint1 x1350; ++ uint32_t x1351; ++ fiat_secp384r1_uint1 x1352; ++ uint32_t x1353; ++ fiat_secp384r1_uint1 x1354; ++ uint32_t x1355; ++ uint32_t x1356; ++ uint32_t x1357; ++ uint32_t x1358; ++ uint32_t x1359; ++ uint32_t x1360; ++ uint32_t x1361; ++ uint32_t x1362; ++ uint32_t x1363; ++ uint32_t x1364; ++ uint32_t x1365; ++ uint32_t x1366; ++ uint32_t x1367; ++ uint32_t x1368; ++ uint32_t x1369; ++ uint32_t x1370; ++ uint32_t x1371; ++ uint32_t x1372; ++ uint32_t x1373; ++ uint32_t x1374; ++ uint32_t x1375; ++ uint32_t x1376; ++ uint32_t x1377; ++ uint32_t x1378; ++ uint32_t x1379; ++ uint32_t x1380; ++ fiat_secp384r1_uint1 x1381; ++ uint32_t x1382; ++ fiat_secp384r1_uint1 x1383; ++ uint32_t x1384; ++ fiat_secp384r1_uint1 x1385; ++ uint32_t x1386; ++ fiat_secp384r1_uint1 x1387; ++ uint32_t x1388; ++ fiat_secp384r1_uint1 x1389; ++ uint32_t x1390; ++ fiat_secp384r1_uint1 x1391; ++ uint32_t x1392; ++ fiat_secp384r1_uint1 x1393; ++ uint32_t x1394; ++ fiat_secp384r1_uint1 x1395; ++ uint32_t x1396; ++ fiat_secp384r1_uint1 x1397; ++ uint32_t x1398; ++ fiat_secp384r1_uint1 x1399; ++ uint32_t x1400; ++ fiat_secp384r1_uint1 x1401; ++ uint32_t x1402; ++ uint32_t x1403; ++ fiat_secp384r1_uint1 x1404; ++ uint32_t x1405; ++ fiat_secp384r1_uint1 x1406; ++ uint32_t x1407; ++ fiat_secp384r1_uint1 x1408; ++ uint32_t x1409; ++ fiat_secp384r1_uint1 x1410; ++ uint32_t x1411; ++ fiat_secp384r1_uint1 x1412; ++ uint32_t x1413; ++ fiat_secp384r1_uint1 x1414; ++ uint32_t x1415; ++ fiat_secp384r1_uint1 x1416; ++ uint32_t x1417; ++ fiat_secp384r1_uint1 x1418; ++ uint32_t x1419; ++ fiat_secp384r1_uint1 x1420; ++ uint32_t x1421; ++ fiat_secp384r1_uint1 x1422; ++ uint32_t x1423; ++ fiat_secp384r1_uint1 x1424; ++ uint32_t x1425; ++ fiat_secp384r1_uint1 x1426; ++ uint32_t x1427; ++ fiat_secp384r1_uint1 x1428; ++ uint32_t x1429; ++ uint32_t x1430; ++ uint32_t x1431; ++ uint32_t x1432; ++ uint32_t x1433; ++ uint32_t x1434; ++ uint32_t x1435; ++ uint32_t x1436; ++ uint32_t x1437; ++ uint32_t x1438; ++ uint32_t x1439; ++ uint32_t x1440; ++ uint32_t x1441; ++ uint32_t x1442; ++ uint32_t x1443; ++ uint32_t x1444; ++ uint32_t x1445; ++ uint32_t x1446; ++ uint32_t x1447; ++ uint32_t x1448; ++ uint32_t x1449; ++ fiat_secp384r1_uint1 x1450; ++ uint32_t x1451; ++ fiat_secp384r1_uint1 x1452; ++ uint32_t x1453; ++ fiat_secp384r1_uint1 x1454; ++ uint32_t x1455; ++ fiat_secp384r1_uint1 x1456; ++ uint32_t x1457; ++ fiat_secp384r1_uint1 x1458; ++ uint32_t x1459; ++ fiat_secp384r1_uint1 x1460; ++ uint32_t x1461; ++ fiat_secp384r1_uint1 x1462; ++ uint32_t x1463; ++ fiat_secp384r1_uint1 x1464; ++ uint32_t x1465; ++ uint32_t x1466; ++ fiat_secp384r1_uint1 x1467; ++ uint32_t x1468; ++ fiat_secp384r1_uint1 x1469; ++ uint32_t x1470; ++ fiat_secp384r1_uint1 x1471; ++ uint32_t x1472; ++ fiat_secp384r1_uint1 x1473; ++ uint32_t x1474; ++ fiat_secp384r1_uint1 x1475; ++ uint32_t x1476; ++ fiat_secp384r1_uint1 x1477; ++ uint32_t x1478; ++ fiat_secp384r1_uint1 x1479; ++ uint32_t x1480; ++ fiat_secp384r1_uint1 x1481; ++ uint32_t x1482; ++ fiat_secp384r1_uint1 x1483; ++ uint32_t x1484; ++ fiat_secp384r1_uint1 x1485; ++ uint32_t x1486; ++ fiat_secp384r1_uint1 x1487; ++ uint32_t x1488; ++ fiat_secp384r1_uint1 x1489; ++ uint32_t x1490; ++ fiat_secp384r1_uint1 x1491; ++ uint32_t x1492; ++ uint32_t x1493; ++ uint32_t x1494; ++ uint32_t x1495; ++ uint32_t x1496; ++ uint32_t x1497; ++ uint32_t x1498; ++ uint32_t x1499; ++ uint32_t x1500; ++ uint32_t x1501; ++ uint32_t x1502; ++ uint32_t x1503; ++ uint32_t x1504; ++ uint32_t x1505; ++ uint32_t x1506; ++ uint32_t x1507; ++ uint32_t x1508; ++ uint32_t x1509; ++ uint32_t x1510; ++ uint32_t x1511; ++ uint32_t x1512; ++ uint32_t x1513; ++ uint32_t x1514; ++ uint32_t x1515; ++ uint32_t x1516; ++ uint32_t x1517; ++ fiat_secp384r1_uint1 x1518; ++ uint32_t x1519; ++ fiat_secp384r1_uint1 x1520; ++ uint32_t x1521; ++ fiat_secp384r1_uint1 x1522; ++ uint32_t x1523; ++ fiat_secp384r1_uint1 x1524; ++ uint32_t x1525; ++ fiat_secp384r1_uint1 x1526; ++ uint32_t x1527; ++ fiat_secp384r1_uint1 x1528; ++ uint32_t x1529; ++ fiat_secp384r1_uint1 x1530; ++ uint32_t x1531; ++ fiat_secp384r1_uint1 x1532; ++ uint32_t x1533; ++ fiat_secp384r1_uint1 x1534; ++ uint32_t x1535; ++ fiat_secp384r1_uint1 x1536; ++ uint32_t x1537; ++ fiat_secp384r1_uint1 x1538; ++ uint32_t x1539; ++ uint32_t x1540; ++ fiat_secp384r1_uint1 x1541; ++ uint32_t x1542; ++ fiat_secp384r1_uint1 x1543; ++ uint32_t x1544; ++ fiat_secp384r1_uint1 x1545; ++ uint32_t x1546; ++ fiat_secp384r1_uint1 x1547; ++ uint32_t x1548; ++ fiat_secp384r1_uint1 x1549; ++ uint32_t x1550; ++ fiat_secp384r1_uint1 x1551; ++ uint32_t x1552; ++ fiat_secp384r1_uint1 x1553; ++ uint32_t x1554; ++ fiat_secp384r1_uint1 x1555; ++ uint32_t x1556; ++ fiat_secp384r1_uint1 x1557; ++ uint32_t x1558; ++ fiat_secp384r1_uint1 x1559; ++ uint32_t x1560; ++ fiat_secp384r1_uint1 x1561; ++ uint32_t x1562; ++ fiat_secp384r1_uint1 x1563; ++ uint32_t x1564; ++ fiat_secp384r1_uint1 x1565; ++ uint32_t x1566; ++ uint32_t x1567; ++ uint32_t x1568; ++ uint32_t x1569; ++ uint32_t x1570; ++ uint32_t x1571; ++ uint32_t x1572; ++ uint32_t x1573; ++ uint32_t x1574; ++ uint32_t x1575; ++ uint32_t x1576; ++ uint32_t x1577; ++ uint32_t x1578; ++ uint32_t x1579; ++ uint32_t x1580; ++ uint32_t x1581; ++ uint32_t x1582; ++ uint32_t x1583; ++ uint32_t x1584; ++ uint32_t x1585; ++ uint32_t x1586; ++ fiat_secp384r1_uint1 x1587; ++ uint32_t x1588; ++ fiat_secp384r1_uint1 x1589; ++ uint32_t x1590; ++ fiat_secp384r1_uint1 x1591; ++ uint32_t x1592; ++ fiat_secp384r1_uint1 x1593; ++ uint32_t x1594; ++ fiat_secp384r1_uint1 x1595; ++ uint32_t x1596; ++ fiat_secp384r1_uint1 x1597; ++ uint32_t x1598; ++ fiat_secp384r1_uint1 x1599; ++ uint32_t x1600; ++ fiat_secp384r1_uint1 x1601; ++ uint32_t x1602; ++ uint32_t x1603; ++ fiat_secp384r1_uint1 x1604; ++ uint32_t x1605; ++ fiat_secp384r1_uint1 x1606; ++ uint32_t x1607; ++ fiat_secp384r1_uint1 x1608; ++ uint32_t x1609; ++ fiat_secp384r1_uint1 x1610; ++ uint32_t x1611; ++ fiat_secp384r1_uint1 x1612; ++ uint32_t x1613; ++ fiat_secp384r1_uint1 x1614; ++ uint32_t x1615; ++ fiat_secp384r1_uint1 x1616; ++ uint32_t x1617; ++ fiat_secp384r1_uint1 x1618; ++ uint32_t x1619; ++ fiat_secp384r1_uint1 x1620; ++ uint32_t x1621; ++ fiat_secp384r1_uint1 x1622; ++ uint32_t x1623; ++ fiat_secp384r1_uint1 x1624; ++ uint32_t x1625; ++ fiat_secp384r1_uint1 x1626; ++ uint32_t x1627; ++ fiat_secp384r1_uint1 x1628; ++ uint32_t x1629; ++ uint32_t x1630; ++ fiat_secp384r1_uint1 x1631; ++ uint32_t x1632; ++ fiat_secp384r1_uint1 x1633; ++ uint32_t x1634; ++ fiat_secp384r1_uint1 x1635; ++ uint32_t x1636; ++ fiat_secp384r1_uint1 x1637; ++ uint32_t x1638; ++ fiat_secp384r1_uint1 x1639; ++ uint32_t x1640; ++ fiat_secp384r1_uint1 x1641; ++ uint32_t x1642; ++ fiat_secp384r1_uint1 x1643; ++ uint32_t x1644; ++ fiat_secp384r1_uint1 x1645; ++ uint32_t x1646; ++ fiat_secp384r1_uint1 x1647; ++ uint32_t x1648; ++ fiat_secp384r1_uint1 x1649; ++ uint32_t x1650; ++ fiat_secp384r1_uint1 x1651; ++ uint32_t x1652; ++ fiat_secp384r1_uint1 x1653; ++ uint32_t x1654; ++ fiat_secp384r1_uint1 x1655; ++ uint32_t x1656; ++ uint32_t x1657; ++ uint32_t x1658; ++ uint32_t x1659; ++ uint32_t x1660; ++ uint32_t x1661; ++ uint32_t x1662; ++ uint32_t x1663; ++ uint32_t x1664; ++ uint32_t x1665; ++ uint32_t x1666; ++ uint32_t x1667; ++ x1 = (arg1[1]); ++ x2 = (arg1[2]); ++ x3 = (arg1[3]); ++ x4 = (arg1[4]); ++ x5 = (arg1[5]); ++ x6 = (arg1[6]); ++ x7 = (arg1[7]); ++ x8 = (arg1[8]); ++ x9 = (arg1[9]); ++ x10 = (arg1[10]); ++ x11 = (arg1[11]); ++ x12 = (arg1[0]); ++ fiat_secp384r1_mulx_u32(&x13, &x14, x12, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x15, &x16, x12, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x17, &x18, x12, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x19, &x20, x12, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x21, &x22, x12, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x23, &x24, x12, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x25, &x26, x12, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x27, &x28, x12, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x29, &x30, x12, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x31, &x32, x12, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x33, &x34, x12, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x35, &x36, x12, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x37, &x38, 0x0, x36, x33); ++ fiat_secp384r1_addcarryx_u32(&x39, &x40, x38, x34, x31); ++ fiat_secp384r1_addcarryx_u32(&x41, &x42, x40, x32, x29); ++ fiat_secp384r1_addcarryx_u32(&x43, &x44, x42, x30, x27); ++ fiat_secp384r1_addcarryx_u32(&x45, &x46, x44, x28, x25); ++ fiat_secp384r1_addcarryx_u32(&x47, &x48, x46, x26, x23); ++ fiat_secp384r1_addcarryx_u32(&x49, &x50, x48, x24, x21); ++ fiat_secp384r1_addcarryx_u32(&x51, &x52, x50, x22, x19); ++ fiat_secp384r1_addcarryx_u32(&x53, &x54, x52, x20, x17); ++ fiat_secp384r1_addcarryx_u32(&x55, &x56, x54, x18, x15); ++ fiat_secp384r1_addcarryx_u32(&x57, &x58, x56, x16, x13); ++ x59 = (x58 + x14); ++ fiat_secp384r1_mulx_u32(&x60, &x61, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x62, &x63, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x64, &x65, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x66, &x67, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x68, &x69, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x70, &x71, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x72, &x73, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x74, &x75, x35, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x76, &x77, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x78, &x79, x35, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x80, &x81, 0x0, x77, x74); ++ fiat_secp384r1_addcarryx_u32(&x82, &x83, x81, x75, x72); ++ fiat_secp384r1_addcarryx_u32(&x84, &x85, x83, x73, x70); ++ fiat_secp384r1_addcarryx_u32(&x86, &x87, x85, x71, x68); ++ fiat_secp384r1_addcarryx_u32(&x88, &x89, x87, x69, x66); ++ fiat_secp384r1_addcarryx_u32(&x90, &x91, x89, x67, x64); ++ fiat_secp384r1_addcarryx_u32(&x92, &x93, x91, x65, x62); ++ fiat_secp384r1_addcarryx_u32(&x94, &x95, x93, x63, x60); ++ x96 = (x95 + x61); ++ fiat_secp384r1_addcarryx_u32(&x97, &x98, 0x0, x35, x78); ++ fiat_secp384r1_addcarryx_u32(&x99, &x100, x98, x37, x79); ++ fiat_secp384r1_addcarryx_u32(&x101, &x102, x100, x39, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x103, &x104, x102, x41, x76); ++ fiat_secp384r1_addcarryx_u32(&x105, &x106, x104, x43, x80); ++ fiat_secp384r1_addcarryx_u32(&x107, &x108, x106, x45, x82); ++ fiat_secp384r1_addcarryx_u32(&x109, &x110, x108, x47, x84); ++ fiat_secp384r1_addcarryx_u32(&x111, &x112, x110, x49, x86); ++ fiat_secp384r1_addcarryx_u32(&x113, &x114, x112, x51, x88); ++ fiat_secp384r1_addcarryx_u32(&x115, &x116, x114, x53, x90); ++ fiat_secp384r1_addcarryx_u32(&x117, &x118, x116, x55, x92); ++ fiat_secp384r1_addcarryx_u32(&x119, &x120, x118, x57, x94); ++ fiat_secp384r1_addcarryx_u32(&x121, &x122, x120, x59, x96); ++ fiat_secp384r1_mulx_u32(&x123, &x124, x1, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x125, &x126, x1, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x127, &x128, x1, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x129, &x130, x1, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x131, &x132, x1, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x133, &x134, x1, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x135, &x136, x1, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x137, &x138, x1, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x139, &x140, x1, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x141, &x142, x1, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x143, &x144, x1, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x145, &x146, x1, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x147, &x148, 0x0, x146, x143); ++ fiat_secp384r1_addcarryx_u32(&x149, &x150, x148, x144, x141); ++ fiat_secp384r1_addcarryx_u32(&x151, &x152, x150, x142, x139); ++ fiat_secp384r1_addcarryx_u32(&x153, &x154, x152, x140, x137); ++ fiat_secp384r1_addcarryx_u32(&x155, &x156, x154, x138, x135); ++ fiat_secp384r1_addcarryx_u32(&x157, &x158, x156, x136, x133); ++ fiat_secp384r1_addcarryx_u32(&x159, &x160, x158, x134, x131); ++ fiat_secp384r1_addcarryx_u32(&x161, &x162, x160, x132, x129); ++ fiat_secp384r1_addcarryx_u32(&x163, &x164, x162, x130, x127); ++ fiat_secp384r1_addcarryx_u32(&x165, &x166, x164, x128, x125); ++ fiat_secp384r1_addcarryx_u32(&x167, &x168, x166, x126, x123); ++ x169 = (x168 + x124); ++ fiat_secp384r1_addcarryx_u32(&x170, &x171, 0x0, x99, x145); ++ fiat_secp384r1_addcarryx_u32(&x172, &x173, x171, x101, x147); ++ fiat_secp384r1_addcarryx_u32(&x174, &x175, x173, x103, x149); ++ fiat_secp384r1_addcarryx_u32(&x176, &x177, x175, x105, x151); ++ fiat_secp384r1_addcarryx_u32(&x178, &x179, x177, x107, x153); ++ fiat_secp384r1_addcarryx_u32(&x180, &x181, x179, x109, x155); ++ fiat_secp384r1_addcarryx_u32(&x182, &x183, x181, x111, x157); ++ fiat_secp384r1_addcarryx_u32(&x184, &x185, x183, x113, x159); ++ fiat_secp384r1_addcarryx_u32(&x186, &x187, x185, x115, x161); ++ fiat_secp384r1_addcarryx_u32(&x188, &x189, x187, x117, x163); ++ fiat_secp384r1_addcarryx_u32(&x190, &x191, x189, x119, x165); ++ fiat_secp384r1_addcarryx_u32(&x192, &x193, x191, x121, x167); ++ fiat_secp384r1_addcarryx_u32(&x194, &x195, x193, x122, x169); ++ fiat_secp384r1_mulx_u32(&x196, &x197, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x198, &x199, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x200, &x201, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x202, &x203, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x204, &x205, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x206, &x207, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x208, &x209, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x210, &x211, x170, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x212, &x213, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x214, &x215, x170, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x216, &x217, 0x0, x213, x210); ++ fiat_secp384r1_addcarryx_u32(&x218, &x219, x217, x211, x208); ++ fiat_secp384r1_addcarryx_u32(&x220, &x221, x219, x209, x206); ++ fiat_secp384r1_addcarryx_u32(&x222, &x223, x221, x207, x204); ++ fiat_secp384r1_addcarryx_u32(&x224, &x225, x223, x205, x202); ++ fiat_secp384r1_addcarryx_u32(&x226, &x227, x225, x203, x200); ++ fiat_secp384r1_addcarryx_u32(&x228, &x229, x227, x201, x198); ++ fiat_secp384r1_addcarryx_u32(&x230, &x231, x229, x199, x196); ++ x232 = (x231 + x197); ++ fiat_secp384r1_addcarryx_u32(&x233, &x234, 0x0, x170, x214); ++ fiat_secp384r1_addcarryx_u32(&x235, &x236, x234, x172, x215); ++ fiat_secp384r1_addcarryx_u32(&x237, &x238, x236, x174, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x239, &x240, x238, x176, x212); ++ fiat_secp384r1_addcarryx_u32(&x241, &x242, x240, x178, x216); ++ fiat_secp384r1_addcarryx_u32(&x243, &x244, x242, x180, x218); ++ fiat_secp384r1_addcarryx_u32(&x245, &x246, x244, x182, x220); ++ fiat_secp384r1_addcarryx_u32(&x247, &x248, x246, x184, x222); ++ fiat_secp384r1_addcarryx_u32(&x249, &x250, x248, x186, x224); ++ fiat_secp384r1_addcarryx_u32(&x251, &x252, x250, x188, x226); ++ fiat_secp384r1_addcarryx_u32(&x253, &x254, x252, x190, x228); ++ fiat_secp384r1_addcarryx_u32(&x255, &x256, x254, x192, x230); ++ fiat_secp384r1_addcarryx_u32(&x257, &x258, x256, x194, x232); ++ x259 = ((uint32_t)x258 + x195); ++ fiat_secp384r1_mulx_u32(&x260, &x261, x2, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x262, &x263, x2, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x264, &x265, x2, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x266, &x267, x2, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x268, &x269, x2, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x270, &x271, x2, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x272, &x273, x2, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x274, &x275, x2, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x276, &x277, x2, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x278, &x279, x2, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x280, &x281, x2, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x282, &x283, x2, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x284, &x285, 0x0, x283, x280); ++ fiat_secp384r1_addcarryx_u32(&x286, &x287, x285, x281, x278); ++ fiat_secp384r1_addcarryx_u32(&x288, &x289, x287, x279, x276); ++ fiat_secp384r1_addcarryx_u32(&x290, &x291, x289, x277, x274); ++ fiat_secp384r1_addcarryx_u32(&x292, &x293, x291, x275, x272); ++ fiat_secp384r1_addcarryx_u32(&x294, &x295, x293, x273, x270); ++ fiat_secp384r1_addcarryx_u32(&x296, &x297, x295, x271, x268); ++ fiat_secp384r1_addcarryx_u32(&x298, &x299, x297, x269, x266); ++ fiat_secp384r1_addcarryx_u32(&x300, &x301, x299, x267, x264); ++ fiat_secp384r1_addcarryx_u32(&x302, &x303, x301, x265, x262); ++ fiat_secp384r1_addcarryx_u32(&x304, &x305, x303, x263, x260); ++ x306 = (x305 + x261); ++ fiat_secp384r1_addcarryx_u32(&x307, &x308, 0x0, x235, x282); ++ fiat_secp384r1_addcarryx_u32(&x309, &x310, x308, x237, x284); ++ fiat_secp384r1_addcarryx_u32(&x311, &x312, x310, x239, x286); ++ fiat_secp384r1_addcarryx_u32(&x313, &x314, x312, x241, x288); ++ fiat_secp384r1_addcarryx_u32(&x315, &x316, x314, x243, x290); ++ fiat_secp384r1_addcarryx_u32(&x317, &x318, x316, x245, x292); ++ fiat_secp384r1_addcarryx_u32(&x319, &x320, x318, x247, x294); ++ fiat_secp384r1_addcarryx_u32(&x321, &x322, x320, x249, x296); ++ fiat_secp384r1_addcarryx_u32(&x323, &x324, x322, x251, x298); ++ fiat_secp384r1_addcarryx_u32(&x325, &x326, x324, x253, x300); ++ fiat_secp384r1_addcarryx_u32(&x327, &x328, x326, x255, x302); ++ fiat_secp384r1_addcarryx_u32(&x329, &x330, x328, x257, x304); ++ fiat_secp384r1_addcarryx_u32(&x331, &x332, x330, x259, x306); ++ fiat_secp384r1_mulx_u32(&x333, &x334, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x335, &x336, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x337, &x338, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x339, &x340, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x341, &x342, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x343, &x344, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x345, &x346, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x347, &x348, x307, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x349, &x350, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x351, &x352, x307, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x353, &x354, 0x0, x350, x347); ++ fiat_secp384r1_addcarryx_u32(&x355, &x356, x354, x348, x345); ++ fiat_secp384r1_addcarryx_u32(&x357, &x358, x356, x346, x343); ++ fiat_secp384r1_addcarryx_u32(&x359, &x360, x358, x344, x341); ++ fiat_secp384r1_addcarryx_u32(&x361, &x362, x360, x342, x339); ++ fiat_secp384r1_addcarryx_u32(&x363, &x364, x362, x340, x337); ++ fiat_secp384r1_addcarryx_u32(&x365, &x366, x364, x338, x335); ++ fiat_secp384r1_addcarryx_u32(&x367, &x368, x366, x336, x333); ++ x369 = (x368 + x334); ++ fiat_secp384r1_addcarryx_u32(&x370, &x371, 0x0, x307, x351); ++ fiat_secp384r1_addcarryx_u32(&x372, &x373, x371, x309, x352); ++ fiat_secp384r1_addcarryx_u32(&x374, &x375, x373, x311, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x376, &x377, x375, x313, x349); ++ fiat_secp384r1_addcarryx_u32(&x378, &x379, x377, x315, x353); ++ fiat_secp384r1_addcarryx_u32(&x380, &x381, x379, x317, x355); ++ fiat_secp384r1_addcarryx_u32(&x382, &x383, x381, x319, x357); ++ fiat_secp384r1_addcarryx_u32(&x384, &x385, x383, x321, x359); ++ fiat_secp384r1_addcarryx_u32(&x386, &x387, x385, x323, x361); ++ fiat_secp384r1_addcarryx_u32(&x388, &x389, x387, x325, x363); ++ fiat_secp384r1_addcarryx_u32(&x390, &x391, x389, x327, x365); ++ fiat_secp384r1_addcarryx_u32(&x392, &x393, x391, x329, x367); ++ fiat_secp384r1_addcarryx_u32(&x394, &x395, x393, x331, x369); ++ x396 = ((uint32_t)x395 + x332); ++ fiat_secp384r1_mulx_u32(&x397, &x398, x3, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x399, &x400, x3, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x401, &x402, x3, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x403, &x404, x3, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x405, &x406, x3, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x407, &x408, x3, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x409, &x410, x3, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x411, &x412, x3, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x413, &x414, x3, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x415, &x416, x3, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x417, &x418, x3, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x419, &x420, x3, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x421, &x422, 0x0, x420, x417); ++ fiat_secp384r1_addcarryx_u32(&x423, &x424, x422, x418, x415); ++ fiat_secp384r1_addcarryx_u32(&x425, &x426, x424, x416, x413); ++ fiat_secp384r1_addcarryx_u32(&x427, &x428, x426, x414, x411); ++ fiat_secp384r1_addcarryx_u32(&x429, &x430, x428, x412, x409); ++ fiat_secp384r1_addcarryx_u32(&x431, &x432, x430, x410, x407); ++ fiat_secp384r1_addcarryx_u32(&x433, &x434, x432, x408, x405); ++ fiat_secp384r1_addcarryx_u32(&x435, &x436, x434, x406, x403); ++ fiat_secp384r1_addcarryx_u32(&x437, &x438, x436, x404, x401); ++ fiat_secp384r1_addcarryx_u32(&x439, &x440, x438, x402, x399); ++ fiat_secp384r1_addcarryx_u32(&x441, &x442, x440, x400, x397); ++ x443 = (x442 + x398); ++ fiat_secp384r1_addcarryx_u32(&x444, &x445, 0x0, x372, x419); ++ fiat_secp384r1_addcarryx_u32(&x446, &x447, x445, x374, x421); ++ fiat_secp384r1_addcarryx_u32(&x448, &x449, x447, x376, x423); ++ fiat_secp384r1_addcarryx_u32(&x450, &x451, x449, x378, x425); ++ fiat_secp384r1_addcarryx_u32(&x452, &x453, x451, x380, x427); ++ fiat_secp384r1_addcarryx_u32(&x454, &x455, x453, x382, x429); ++ fiat_secp384r1_addcarryx_u32(&x456, &x457, x455, x384, x431); ++ fiat_secp384r1_addcarryx_u32(&x458, &x459, x457, x386, x433); ++ fiat_secp384r1_addcarryx_u32(&x460, &x461, x459, x388, x435); ++ fiat_secp384r1_addcarryx_u32(&x462, &x463, x461, x390, x437); ++ fiat_secp384r1_addcarryx_u32(&x464, &x465, x463, x392, x439); ++ fiat_secp384r1_addcarryx_u32(&x466, &x467, x465, x394, x441); ++ fiat_secp384r1_addcarryx_u32(&x468, &x469, x467, x396, x443); ++ fiat_secp384r1_mulx_u32(&x470, &x471, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x472, &x473, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x474, &x475, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x476, &x477, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x478, &x479, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x480, &x481, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x482, &x483, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x484, &x485, x444, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x486, &x487, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x488, &x489, x444, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x490, &x491, 0x0, x487, x484); ++ fiat_secp384r1_addcarryx_u32(&x492, &x493, x491, x485, x482); ++ fiat_secp384r1_addcarryx_u32(&x494, &x495, x493, x483, x480); ++ fiat_secp384r1_addcarryx_u32(&x496, &x497, x495, x481, x478); ++ fiat_secp384r1_addcarryx_u32(&x498, &x499, x497, x479, x476); ++ fiat_secp384r1_addcarryx_u32(&x500, &x501, x499, x477, x474); ++ fiat_secp384r1_addcarryx_u32(&x502, &x503, x501, x475, x472); ++ fiat_secp384r1_addcarryx_u32(&x504, &x505, x503, x473, x470); ++ x506 = (x505 + x471); ++ fiat_secp384r1_addcarryx_u32(&x507, &x508, 0x0, x444, x488); ++ fiat_secp384r1_addcarryx_u32(&x509, &x510, x508, x446, x489); ++ fiat_secp384r1_addcarryx_u32(&x511, &x512, x510, x448, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x513, &x514, x512, x450, x486); ++ fiat_secp384r1_addcarryx_u32(&x515, &x516, x514, x452, x490); ++ fiat_secp384r1_addcarryx_u32(&x517, &x518, x516, x454, x492); ++ fiat_secp384r1_addcarryx_u32(&x519, &x520, x518, x456, x494); ++ fiat_secp384r1_addcarryx_u32(&x521, &x522, x520, x458, x496); ++ fiat_secp384r1_addcarryx_u32(&x523, &x524, x522, x460, x498); ++ fiat_secp384r1_addcarryx_u32(&x525, &x526, x524, x462, x500); ++ fiat_secp384r1_addcarryx_u32(&x527, &x528, x526, x464, x502); ++ fiat_secp384r1_addcarryx_u32(&x529, &x530, x528, x466, x504); ++ fiat_secp384r1_addcarryx_u32(&x531, &x532, x530, x468, x506); ++ x533 = ((uint32_t)x532 + x469); ++ fiat_secp384r1_mulx_u32(&x534, &x535, x4, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x536, &x537, x4, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x538, &x539, x4, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x540, &x541, x4, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x542, &x543, x4, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x544, &x545, x4, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x546, &x547, x4, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x548, &x549, x4, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x550, &x551, x4, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x552, &x553, x4, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x554, &x555, x4, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x556, &x557, x4, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x558, &x559, 0x0, x557, x554); ++ fiat_secp384r1_addcarryx_u32(&x560, &x561, x559, x555, x552); ++ fiat_secp384r1_addcarryx_u32(&x562, &x563, x561, x553, x550); ++ fiat_secp384r1_addcarryx_u32(&x564, &x565, x563, x551, x548); ++ fiat_secp384r1_addcarryx_u32(&x566, &x567, x565, x549, x546); ++ fiat_secp384r1_addcarryx_u32(&x568, &x569, x567, x547, x544); ++ fiat_secp384r1_addcarryx_u32(&x570, &x571, x569, x545, x542); ++ fiat_secp384r1_addcarryx_u32(&x572, &x573, x571, x543, x540); ++ fiat_secp384r1_addcarryx_u32(&x574, &x575, x573, x541, x538); ++ fiat_secp384r1_addcarryx_u32(&x576, &x577, x575, x539, x536); ++ fiat_secp384r1_addcarryx_u32(&x578, &x579, x577, x537, x534); ++ x580 = (x579 + x535); ++ fiat_secp384r1_addcarryx_u32(&x581, &x582, 0x0, x509, x556); ++ fiat_secp384r1_addcarryx_u32(&x583, &x584, x582, x511, x558); ++ fiat_secp384r1_addcarryx_u32(&x585, &x586, x584, x513, x560); ++ fiat_secp384r1_addcarryx_u32(&x587, &x588, x586, x515, x562); ++ fiat_secp384r1_addcarryx_u32(&x589, &x590, x588, x517, x564); ++ fiat_secp384r1_addcarryx_u32(&x591, &x592, x590, x519, x566); ++ fiat_secp384r1_addcarryx_u32(&x593, &x594, x592, x521, x568); ++ fiat_secp384r1_addcarryx_u32(&x595, &x596, x594, x523, x570); ++ fiat_secp384r1_addcarryx_u32(&x597, &x598, x596, x525, x572); ++ fiat_secp384r1_addcarryx_u32(&x599, &x600, x598, x527, x574); ++ fiat_secp384r1_addcarryx_u32(&x601, &x602, x600, x529, x576); ++ fiat_secp384r1_addcarryx_u32(&x603, &x604, x602, x531, x578); ++ fiat_secp384r1_addcarryx_u32(&x605, &x606, x604, x533, x580); ++ fiat_secp384r1_mulx_u32(&x607, &x608, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x609, &x610, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x611, &x612, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x613, &x614, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x615, &x616, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x617, &x618, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x619, &x620, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x621, &x622, x581, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x623, &x624, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x625, &x626, x581, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x627, &x628, 0x0, x624, x621); ++ fiat_secp384r1_addcarryx_u32(&x629, &x630, x628, x622, x619); ++ fiat_secp384r1_addcarryx_u32(&x631, &x632, x630, x620, x617); ++ fiat_secp384r1_addcarryx_u32(&x633, &x634, x632, x618, x615); ++ fiat_secp384r1_addcarryx_u32(&x635, &x636, x634, x616, x613); ++ fiat_secp384r1_addcarryx_u32(&x637, &x638, x636, x614, x611); ++ fiat_secp384r1_addcarryx_u32(&x639, &x640, x638, x612, x609); ++ fiat_secp384r1_addcarryx_u32(&x641, &x642, x640, x610, x607); ++ x643 = (x642 + x608); ++ fiat_secp384r1_addcarryx_u32(&x644, &x645, 0x0, x581, x625); ++ fiat_secp384r1_addcarryx_u32(&x646, &x647, x645, x583, x626); ++ fiat_secp384r1_addcarryx_u32(&x648, &x649, x647, x585, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x650, &x651, x649, x587, x623); ++ fiat_secp384r1_addcarryx_u32(&x652, &x653, x651, x589, x627); ++ fiat_secp384r1_addcarryx_u32(&x654, &x655, x653, x591, x629); ++ fiat_secp384r1_addcarryx_u32(&x656, &x657, x655, x593, x631); ++ fiat_secp384r1_addcarryx_u32(&x658, &x659, x657, x595, x633); ++ fiat_secp384r1_addcarryx_u32(&x660, &x661, x659, x597, x635); ++ fiat_secp384r1_addcarryx_u32(&x662, &x663, x661, x599, x637); ++ fiat_secp384r1_addcarryx_u32(&x664, &x665, x663, x601, x639); ++ fiat_secp384r1_addcarryx_u32(&x666, &x667, x665, x603, x641); ++ fiat_secp384r1_addcarryx_u32(&x668, &x669, x667, x605, x643); ++ x670 = ((uint32_t)x669 + x606); ++ fiat_secp384r1_mulx_u32(&x671, &x672, x5, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x673, &x674, x5, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x675, &x676, x5, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x677, &x678, x5, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x679, &x680, x5, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x681, &x682, x5, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x683, &x684, x5, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x685, &x686, x5, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x687, &x688, x5, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x689, &x690, x5, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x691, &x692, x5, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x693, &x694, x5, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x695, &x696, 0x0, x694, x691); ++ fiat_secp384r1_addcarryx_u32(&x697, &x698, x696, x692, x689); ++ fiat_secp384r1_addcarryx_u32(&x699, &x700, x698, x690, x687); ++ fiat_secp384r1_addcarryx_u32(&x701, &x702, x700, x688, x685); ++ fiat_secp384r1_addcarryx_u32(&x703, &x704, x702, x686, x683); ++ fiat_secp384r1_addcarryx_u32(&x705, &x706, x704, x684, x681); ++ fiat_secp384r1_addcarryx_u32(&x707, &x708, x706, x682, x679); ++ fiat_secp384r1_addcarryx_u32(&x709, &x710, x708, x680, x677); ++ fiat_secp384r1_addcarryx_u32(&x711, &x712, x710, x678, x675); ++ fiat_secp384r1_addcarryx_u32(&x713, &x714, x712, x676, x673); ++ fiat_secp384r1_addcarryx_u32(&x715, &x716, x714, x674, x671); ++ x717 = (x716 + x672); ++ fiat_secp384r1_addcarryx_u32(&x718, &x719, 0x0, x646, x693); ++ fiat_secp384r1_addcarryx_u32(&x720, &x721, x719, x648, x695); ++ fiat_secp384r1_addcarryx_u32(&x722, &x723, x721, x650, x697); ++ fiat_secp384r1_addcarryx_u32(&x724, &x725, x723, x652, x699); ++ fiat_secp384r1_addcarryx_u32(&x726, &x727, x725, x654, x701); ++ fiat_secp384r1_addcarryx_u32(&x728, &x729, x727, x656, x703); ++ fiat_secp384r1_addcarryx_u32(&x730, &x731, x729, x658, x705); ++ fiat_secp384r1_addcarryx_u32(&x732, &x733, x731, x660, x707); ++ fiat_secp384r1_addcarryx_u32(&x734, &x735, x733, x662, x709); ++ fiat_secp384r1_addcarryx_u32(&x736, &x737, x735, x664, x711); ++ fiat_secp384r1_addcarryx_u32(&x738, &x739, x737, x666, x713); ++ fiat_secp384r1_addcarryx_u32(&x740, &x741, x739, x668, x715); ++ fiat_secp384r1_addcarryx_u32(&x742, &x743, x741, x670, x717); ++ fiat_secp384r1_mulx_u32(&x744, &x745, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x746, &x747, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x748, &x749, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x750, &x751, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x752, &x753, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x754, &x755, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x756, &x757, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x758, &x759, x718, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x760, &x761, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x762, &x763, x718, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x764, &x765, 0x0, x761, x758); ++ fiat_secp384r1_addcarryx_u32(&x766, &x767, x765, x759, x756); ++ fiat_secp384r1_addcarryx_u32(&x768, &x769, x767, x757, x754); ++ fiat_secp384r1_addcarryx_u32(&x770, &x771, x769, x755, x752); ++ fiat_secp384r1_addcarryx_u32(&x772, &x773, x771, x753, x750); ++ fiat_secp384r1_addcarryx_u32(&x774, &x775, x773, x751, x748); ++ fiat_secp384r1_addcarryx_u32(&x776, &x777, x775, x749, x746); ++ fiat_secp384r1_addcarryx_u32(&x778, &x779, x777, x747, x744); ++ x780 = (x779 + x745); ++ fiat_secp384r1_addcarryx_u32(&x781, &x782, 0x0, x718, x762); ++ fiat_secp384r1_addcarryx_u32(&x783, &x784, x782, x720, x763); ++ fiat_secp384r1_addcarryx_u32(&x785, &x786, x784, x722, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x787, &x788, x786, x724, x760); ++ fiat_secp384r1_addcarryx_u32(&x789, &x790, x788, x726, x764); ++ fiat_secp384r1_addcarryx_u32(&x791, &x792, x790, x728, x766); ++ fiat_secp384r1_addcarryx_u32(&x793, &x794, x792, x730, x768); ++ fiat_secp384r1_addcarryx_u32(&x795, &x796, x794, x732, x770); ++ fiat_secp384r1_addcarryx_u32(&x797, &x798, x796, x734, x772); ++ fiat_secp384r1_addcarryx_u32(&x799, &x800, x798, x736, x774); ++ fiat_secp384r1_addcarryx_u32(&x801, &x802, x800, x738, x776); ++ fiat_secp384r1_addcarryx_u32(&x803, &x804, x802, x740, x778); ++ fiat_secp384r1_addcarryx_u32(&x805, &x806, x804, x742, x780); ++ x807 = ((uint32_t)x806 + x743); ++ fiat_secp384r1_mulx_u32(&x808, &x809, x6, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x810, &x811, x6, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x812, &x813, x6, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x814, &x815, x6, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x816, &x817, x6, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x818, &x819, x6, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x820, &x821, x6, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x822, &x823, x6, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x824, &x825, x6, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x826, &x827, x6, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x828, &x829, x6, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x830, &x831, x6, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x832, &x833, 0x0, x831, x828); ++ fiat_secp384r1_addcarryx_u32(&x834, &x835, x833, x829, x826); ++ fiat_secp384r1_addcarryx_u32(&x836, &x837, x835, x827, x824); ++ fiat_secp384r1_addcarryx_u32(&x838, &x839, x837, x825, x822); ++ fiat_secp384r1_addcarryx_u32(&x840, &x841, x839, x823, x820); ++ fiat_secp384r1_addcarryx_u32(&x842, &x843, x841, x821, x818); ++ fiat_secp384r1_addcarryx_u32(&x844, &x845, x843, x819, x816); ++ fiat_secp384r1_addcarryx_u32(&x846, &x847, x845, x817, x814); ++ fiat_secp384r1_addcarryx_u32(&x848, &x849, x847, x815, x812); ++ fiat_secp384r1_addcarryx_u32(&x850, &x851, x849, x813, x810); ++ fiat_secp384r1_addcarryx_u32(&x852, &x853, x851, x811, x808); ++ x854 = (x853 + x809); ++ fiat_secp384r1_addcarryx_u32(&x855, &x856, 0x0, x783, x830); ++ fiat_secp384r1_addcarryx_u32(&x857, &x858, x856, x785, x832); ++ fiat_secp384r1_addcarryx_u32(&x859, &x860, x858, x787, x834); ++ fiat_secp384r1_addcarryx_u32(&x861, &x862, x860, x789, x836); ++ fiat_secp384r1_addcarryx_u32(&x863, &x864, x862, x791, x838); ++ fiat_secp384r1_addcarryx_u32(&x865, &x866, x864, x793, x840); ++ fiat_secp384r1_addcarryx_u32(&x867, &x868, x866, x795, x842); ++ fiat_secp384r1_addcarryx_u32(&x869, &x870, x868, x797, x844); ++ fiat_secp384r1_addcarryx_u32(&x871, &x872, x870, x799, x846); ++ fiat_secp384r1_addcarryx_u32(&x873, &x874, x872, x801, x848); ++ fiat_secp384r1_addcarryx_u32(&x875, &x876, x874, x803, x850); ++ fiat_secp384r1_addcarryx_u32(&x877, &x878, x876, x805, x852); ++ fiat_secp384r1_addcarryx_u32(&x879, &x880, x878, x807, x854); ++ fiat_secp384r1_mulx_u32(&x881, &x882, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x883, &x884, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x885, &x886, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x887, &x888, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x889, &x890, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x891, &x892, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x893, &x894, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x895, &x896, x855, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x897, &x898, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x899, &x900, x855, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x901, &x902, 0x0, x898, x895); ++ fiat_secp384r1_addcarryx_u32(&x903, &x904, x902, x896, x893); ++ fiat_secp384r1_addcarryx_u32(&x905, &x906, x904, x894, x891); ++ fiat_secp384r1_addcarryx_u32(&x907, &x908, x906, x892, x889); ++ fiat_secp384r1_addcarryx_u32(&x909, &x910, x908, x890, x887); ++ fiat_secp384r1_addcarryx_u32(&x911, &x912, x910, x888, x885); ++ fiat_secp384r1_addcarryx_u32(&x913, &x914, x912, x886, x883); ++ fiat_secp384r1_addcarryx_u32(&x915, &x916, x914, x884, x881); ++ x917 = (x916 + x882); ++ fiat_secp384r1_addcarryx_u32(&x918, &x919, 0x0, x855, x899); ++ fiat_secp384r1_addcarryx_u32(&x920, &x921, x919, x857, x900); ++ fiat_secp384r1_addcarryx_u32(&x922, &x923, x921, x859, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x924, &x925, x923, x861, x897); ++ fiat_secp384r1_addcarryx_u32(&x926, &x927, x925, x863, x901); ++ fiat_secp384r1_addcarryx_u32(&x928, &x929, x927, x865, x903); ++ fiat_secp384r1_addcarryx_u32(&x930, &x931, x929, x867, x905); ++ fiat_secp384r1_addcarryx_u32(&x932, &x933, x931, x869, x907); ++ fiat_secp384r1_addcarryx_u32(&x934, &x935, x933, x871, x909); ++ fiat_secp384r1_addcarryx_u32(&x936, &x937, x935, x873, x911); ++ fiat_secp384r1_addcarryx_u32(&x938, &x939, x937, x875, x913); ++ fiat_secp384r1_addcarryx_u32(&x940, &x941, x939, x877, x915); ++ fiat_secp384r1_addcarryx_u32(&x942, &x943, x941, x879, x917); ++ x944 = ((uint32_t)x943 + x880); ++ fiat_secp384r1_mulx_u32(&x945, &x946, x7, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x947, &x948, x7, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x949, &x950, x7, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x951, &x952, x7, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x953, &x954, x7, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x955, &x956, x7, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x957, &x958, x7, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x959, &x960, x7, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x961, &x962, x7, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x963, &x964, x7, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x965, &x966, x7, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x967, &x968, x7, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x969, &x970, 0x0, x968, x965); ++ fiat_secp384r1_addcarryx_u32(&x971, &x972, x970, x966, x963); ++ fiat_secp384r1_addcarryx_u32(&x973, &x974, x972, x964, x961); ++ fiat_secp384r1_addcarryx_u32(&x975, &x976, x974, x962, x959); ++ fiat_secp384r1_addcarryx_u32(&x977, &x978, x976, x960, x957); ++ fiat_secp384r1_addcarryx_u32(&x979, &x980, x978, x958, x955); ++ fiat_secp384r1_addcarryx_u32(&x981, &x982, x980, x956, x953); ++ fiat_secp384r1_addcarryx_u32(&x983, &x984, x982, x954, x951); ++ fiat_secp384r1_addcarryx_u32(&x985, &x986, x984, x952, x949); ++ fiat_secp384r1_addcarryx_u32(&x987, &x988, x986, x950, x947); ++ fiat_secp384r1_addcarryx_u32(&x989, &x990, x988, x948, x945); ++ x991 = (x990 + x946); ++ fiat_secp384r1_addcarryx_u32(&x992, &x993, 0x0, x920, x967); ++ fiat_secp384r1_addcarryx_u32(&x994, &x995, x993, x922, x969); ++ fiat_secp384r1_addcarryx_u32(&x996, &x997, x995, x924, x971); ++ fiat_secp384r1_addcarryx_u32(&x998, &x999, x997, x926, x973); ++ fiat_secp384r1_addcarryx_u32(&x1000, &x1001, x999, x928, x975); ++ fiat_secp384r1_addcarryx_u32(&x1002, &x1003, x1001, x930, x977); ++ fiat_secp384r1_addcarryx_u32(&x1004, &x1005, x1003, x932, x979); ++ fiat_secp384r1_addcarryx_u32(&x1006, &x1007, x1005, x934, x981); ++ fiat_secp384r1_addcarryx_u32(&x1008, &x1009, x1007, x936, x983); ++ fiat_secp384r1_addcarryx_u32(&x1010, &x1011, x1009, x938, x985); ++ fiat_secp384r1_addcarryx_u32(&x1012, &x1013, x1011, x940, x987); ++ fiat_secp384r1_addcarryx_u32(&x1014, &x1015, x1013, x942, x989); ++ fiat_secp384r1_addcarryx_u32(&x1016, &x1017, x1015, x944, x991); ++ fiat_secp384r1_mulx_u32(&x1018, &x1019, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1020, &x1021, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1022, &x1023, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1024, &x1025, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1026, &x1027, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1028, &x1029, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1030, &x1031, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1032, &x1033, x992, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1034, &x1035, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1036, &x1037, x992, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1038, &x1039, 0x0, x1035, x1032); ++ fiat_secp384r1_addcarryx_u32(&x1040, &x1041, x1039, x1033, x1030); ++ fiat_secp384r1_addcarryx_u32(&x1042, &x1043, x1041, x1031, x1028); ++ fiat_secp384r1_addcarryx_u32(&x1044, &x1045, x1043, x1029, x1026); ++ fiat_secp384r1_addcarryx_u32(&x1046, &x1047, x1045, x1027, x1024); ++ fiat_secp384r1_addcarryx_u32(&x1048, &x1049, x1047, x1025, x1022); ++ fiat_secp384r1_addcarryx_u32(&x1050, &x1051, x1049, x1023, x1020); ++ fiat_secp384r1_addcarryx_u32(&x1052, &x1053, x1051, x1021, x1018); ++ x1054 = (x1053 + x1019); ++ fiat_secp384r1_addcarryx_u32(&x1055, &x1056, 0x0, x992, x1036); ++ fiat_secp384r1_addcarryx_u32(&x1057, &x1058, x1056, x994, x1037); ++ fiat_secp384r1_addcarryx_u32(&x1059, &x1060, x1058, x996, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1061, &x1062, x1060, x998, x1034); ++ fiat_secp384r1_addcarryx_u32(&x1063, &x1064, x1062, x1000, x1038); ++ fiat_secp384r1_addcarryx_u32(&x1065, &x1066, x1064, x1002, x1040); ++ fiat_secp384r1_addcarryx_u32(&x1067, &x1068, x1066, x1004, x1042); ++ fiat_secp384r1_addcarryx_u32(&x1069, &x1070, x1068, x1006, x1044); ++ fiat_secp384r1_addcarryx_u32(&x1071, &x1072, x1070, x1008, x1046); ++ fiat_secp384r1_addcarryx_u32(&x1073, &x1074, x1072, x1010, x1048); ++ fiat_secp384r1_addcarryx_u32(&x1075, &x1076, x1074, x1012, x1050); ++ fiat_secp384r1_addcarryx_u32(&x1077, &x1078, x1076, x1014, x1052); ++ fiat_secp384r1_addcarryx_u32(&x1079, &x1080, x1078, x1016, x1054); ++ x1081 = ((uint32_t)x1080 + x1017); ++ fiat_secp384r1_mulx_u32(&x1082, &x1083, x8, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x1084, &x1085, x8, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x1086, &x1087, x8, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x1088, &x1089, x8, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x1090, &x1091, x8, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x1092, &x1093, x8, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x1094, &x1095, x8, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x1096, &x1097, x8, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x1098, &x1099, x8, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x1100, &x1101, x8, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x1102, &x1103, x8, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x1104, &x1105, x8, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x1106, &x1107, 0x0, x1105, x1102); ++ fiat_secp384r1_addcarryx_u32(&x1108, &x1109, x1107, x1103, x1100); ++ fiat_secp384r1_addcarryx_u32(&x1110, &x1111, x1109, x1101, x1098); ++ fiat_secp384r1_addcarryx_u32(&x1112, &x1113, x1111, x1099, x1096); ++ fiat_secp384r1_addcarryx_u32(&x1114, &x1115, x1113, x1097, x1094); ++ fiat_secp384r1_addcarryx_u32(&x1116, &x1117, x1115, x1095, x1092); ++ fiat_secp384r1_addcarryx_u32(&x1118, &x1119, x1117, x1093, x1090); ++ fiat_secp384r1_addcarryx_u32(&x1120, &x1121, x1119, x1091, x1088); ++ fiat_secp384r1_addcarryx_u32(&x1122, &x1123, x1121, x1089, x1086); ++ fiat_secp384r1_addcarryx_u32(&x1124, &x1125, x1123, x1087, x1084); ++ fiat_secp384r1_addcarryx_u32(&x1126, &x1127, x1125, x1085, x1082); ++ x1128 = (x1127 + x1083); ++ fiat_secp384r1_addcarryx_u32(&x1129, &x1130, 0x0, x1057, x1104); ++ fiat_secp384r1_addcarryx_u32(&x1131, &x1132, x1130, x1059, x1106); ++ fiat_secp384r1_addcarryx_u32(&x1133, &x1134, x1132, x1061, x1108); ++ fiat_secp384r1_addcarryx_u32(&x1135, &x1136, x1134, x1063, x1110); ++ fiat_secp384r1_addcarryx_u32(&x1137, &x1138, x1136, x1065, x1112); ++ fiat_secp384r1_addcarryx_u32(&x1139, &x1140, x1138, x1067, x1114); ++ fiat_secp384r1_addcarryx_u32(&x1141, &x1142, x1140, x1069, x1116); ++ fiat_secp384r1_addcarryx_u32(&x1143, &x1144, x1142, x1071, x1118); ++ fiat_secp384r1_addcarryx_u32(&x1145, &x1146, x1144, x1073, x1120); ++ fiat_secp384r1_addcarryx_u32(&x1147, &x1148, x1146, x1075, x1122); ++ fiat_secp384r1_addcarryx_u32(&x1149, &x1150, x1148, x1077, x1124); ++ fiat_secp384r1_addcarryx_u32(&x1151, &x1152, x1150, x1079, x1126); ++ fiat_secp384r1_addcarryx_u32(&x1153, &x1154, x1152, x1081, x1128); ++ fiat_secp384r1_mulx_u32(&x1155, &x1156, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1157, &x1158, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1159, &x1160, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1161, &x1162, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1163, &x1164, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1165, &x1166, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1167, &x1168, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1169, &x1170, x1129, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1171, &x1172, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1173, &x1174, x1129, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1175, &x1176, 0x0, x1172, x1169); ++ fiat_secp384r1_addcarryx_u32(&x1177, &x1178, x1176, x1170, x1167); ++ fiat_secp384r1_addcarryx_u32(&x1179, &x1180, x1178, x1168, x1165); ++ fiat_secp384r1_addcarryx_u32(&x1181, &x1182, x1180, x1166, x1163); ++ fiat_secp384r1_addcarryx_u32(&x1183, &x1184, x1182, x1164, x1161); ++ fiat_secp384r1_addcarryx_u32(&x1185, &x1186, x1184, x1162, x1159); ++ fiat_secp384r1_addcarryx_u32(&x1187, &x1188, x1186, x1160, x1157); ++ fiat_secp384r1_addcarryx_u32(&x1189, &x1190, x1188, x1158, x1155); ++ x1191 = (x1190 + x1156); ++ fiat_secp384r1_addcarryx_u32(&x1192, &x1193, 0x0, x1129, x1173); ++ fiat_secp384r1_addcarryx_u32(&x1194, &x1195, x1193, x1131, x1174); ++ fiat_secp384r1_addcarryx_u32(&x1196, &x1197, x1195, x1133, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1198, &x1199, x1197, x1135, x1171); ++ fiat_secp384r1_addcarryx_u32(&x1200, &x1201, x1199, x1137, x1175); ++ fiat_secp384r1_addcarryx_u32(&x1202, &x1203, x1201, x1139, x1177); ++ fiat_secp384r1_addcarryx_u32(&x1204, &x1205, x1203, x1141, x1179); ++ fiat_secp384r1_addcarryx_u32(&x1206, &x1207, x1205, x1143, x1181); ++ fiat_secp384r1_addcarryx_u32(&x1208, &x1209, x1207, x1145, x1183); ++ fiat_secp384r1_addcarryx_u32(&x1210, &x1211, x1209, x1147, x1185); ++ fiat_secp384r1_addcarryx_u32(&x1212, &x1213, x1211, x1149, x1187); ++ fiat_secp384r1_addcarryx_u32(&x1214, &x1215, x1213, x1151, x1189); ++ fiat_secp384r1_addcarryx_u32(&x1216, &x1217, x1215, x1153, x1191); ++ x1218 = ((uint32_t)x1217 + x1154); ++ fiat_secp384r1_mulx_u32(&x1219, &x1220, x9, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x1221, &x1222, x9, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x1223, &x1224, x9, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x1225, &x1226, x9, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x1227, &x1228, x9, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x1229, &x1230, x9, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x1231, &x1232, x9, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x1233, &x1234, x9, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x1235, &x1236, x9, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x1237, &x1238, x9, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x1239, &x1240, x9, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x1241, &x1242, x9, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x1243, &x1244, 0x0, x1242, x1239); ++ fiat_secp384r1_addcarryx_u32(&x1245, &x1246, x1244, x1240, x1237); ++ fiat_secp384r1_addcarryx_u32(&x1247, &x1248, x1246, x1238, x1235); ++ fiat_secp384r1_addcarryx_u32(&x1249, &x1250, x1248, x1236, x1233); ++ fiat_secp384r1_addcarryx_u32(&x1251, &x1252, x1250, x1234, x1231); ++ fiat_secp384r1_addcarryx_u32(&x1253, &x1254, x1252, x1232, x1229); ++ fiat_secp384r1_addcarryx_u32(&x1255, &x1256, x1254, x1230, x1227); ++ fiat_secp384r1_addcarryx_u32(&x1257, &x1258, x1256, x1228, x1225); ++ fiat_secp384r1_addcarryx_u32(&x1259, &x1260, x1258, x1226, x1223); ++ fiat_secp384r1_addcarryx_u32(&x1261, &x1262, x1260, x1224, x1221); ++ fiat_secp384r1_addcarryx_u32(&x1263, &x1264, x1262, x1222, x1219); ++ x1265 = (x1264 + x1220); ++ fiat_secp384r1_addcarryx_u32(&x1266, &x1267, 0x0, x1194, x1241); ++ fiat_secp384r1_addcarryx_u32(&x1268, &x1269, x1267, x1196, x1243); ++ fiat_secp384r1_addcarryx_u32(&x1270, &x1271, x1269, x1198, x1245); ++ fiat_secp384r1_addcarryx_u32(&x1272, &x1273, x1271, x1200, x1247); ++ fiat_secp384r1_addcarryx_u32(&x1274, &x1275, x1273, x1202, x1249); ++ fiat_secp384r1_addcarryx_u32(&x1276, &x1277, x1275, x1204, x1251); ++ fiat_secp384r1_addcarryx_u32(&x1278, &x1279, x1277, x1206, x1253); ++ fiat_secp384r1_addcarryx_u32(&x1280, &x1281, x1279, x1208, x1255); ++ fiat_secp384r1_addcarryx_u32(&x1282, &x1283, x1281, x1210, x1257); ++ fiat_secp384r1_addcarryx_u32(&x1284, &x1285, x1283, x1212, x1259); ++ fiat_secp384r1_addcarryx_u32(&x1286, &x1287, x1285, x1214, x1261); ++ fiat_secp384r1_addcarryx_u32(&x1288, &x1289, x1287, x1216, x1263); ++ fiat_secp384r1_addcarryx_u32(&x1290, &x1291, x1289, x1218, x1265); ++ fiat_secp384r1_mulx_u32(&x1292, &x1293, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1294, &x1295, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1296, &x1297, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1298, &x1299, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1300, &x1301, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1302, &x1303, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1304, &x1305, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1306, &x1307, x1266, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1308, &x1309, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1310, &x1311, x1266, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1312, &x1313, 0x0, x1309, x1306); ++ fiat_secp384r1_addcarryx_u32(&x1314, &x1315, x1313, x1307, x1304); ++ fiat_secp384r1_addcarryx_u32(&x1316, &x1317, x1315, x1305, x1302); ++ fiat_secp384r1_addcarryx_u32(&x1318, &x1319, x1317, x1303, x1300); ++ fiat_secp384r1_addcarryx_u32(&x1320, &x1321, x1319, x1301, x1298); ++ fiat_secp384r1_addcarryx_u32(&x1322, &x1323, x1321, x1299, x1296); ++ fiat_secp384r1_addcarryx_u32(&x1324, &x1325, x1323, x1297, x1294); ++ fiat_secp384r1_addcarryx_u32(&x1326, &x1327, x1325, x1295, x1292); ++ x1328 = (x1327 + x1293); ++ fiat_secp384r1_addcarryx_u32(&x1329, &x1330, 0x0, x1266, x1310); ++ fiat_secp384r1_addcarryx_u32(&x1331, &x1332, x1330, x1268, x1311); ++ fiat_secp384r1_addcarryx_u32(&x1333, &x1334, x1332, x1270, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1335, &x1336, x1334, x1272, x1308); ++ fiat_secp384r1_addcarryx_u32(&x1337, &x1338, x1336, x1274, x1312); ++ fiat_secp384r1_addcarryx_u32(&x1339, &x1340, x1338, x1276, x1314); ++ fiat_secp384r1_addcarryx_u32(&x1341, &x1342, x1340, x1278, x1316); ++ fiat_secp384r1_addcarryx_u32(&x1343, &x1344, x1342, x1280, x1318); ++ fiat_secp384r1_addcarryx_u32(&x1345, &x1346, x1344, x1282, x1320); ++ fiat_secp384r1_addcarryx_u32(&x1347, &x1348, x1346, x1284, x1322); ++ fiat_secp384r1_addcarryx_u32(&x1349, &x1350, x1348, x1286, x1324); ++ fiat_secp384r1_addcarryx_u32(&x1351, &x1352, x1350, x1288, x1326); ++ fiat_secp384r1_addcarryx_u32(&x1353, &x1354, x1352, x1290, x1328); ++ x1355 = ((uint32_t)x1354 + x1291); ++ fiat_secp384r1_mulx_u32(&x1356, &x1357, x10, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x1358, &x1359, x10, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x1360, &x1361, x10, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x1362, &x1363, x10, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x1364, &x1365, x10, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x1366, &x1367, x10, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x1368, &x1369, x10, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x1370, &x1371, x10, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x1372, &x1373, x10, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x1374, &x1375, x10, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x1376, &x1377, x10, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x1378, &x1379, x10, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x1380, &x1381, 0x0, x1379, x1376); ++ fiat_secp384r1_addcarryx_u32(&x1382, &x1383, x1381, x1377, x1374); ++ fiat_secp384r1_addcarryx_u32(&x1384, &x1385, x1383, x1375, x1372); ++ fiat_secp384r1_addcarryx_u32(&x1386, &x1387, x1385, x1373, x1370); ++ fiat_secp384r1_addcarryx_u32(&x1388, &x1389, x1387, x1371, x1368); ++ fiat_secp384r1_addcarryx_u32(&x1390, &x1391, x1389, x1369, x1366); ++ fiat_secp384r1_addcarryx_u32(&x1392, &x1393, x1391, x1367, x1364); ++ fiat_secp384r1_addcarryx_u32(&x1394, &x1395, x1393, x1365, x1362); ++ fiat_secp384r1_addcarryx_u32(&x1396, &x1397, x1395, x1363, x1360); ++ fiat_secp384r1_addcarryx_u32(&x1398, &x1399, x1397, x1361, x1358); ++ fiat_secp384r1_addcarryx_u32(&x1400, &x1401, x1399, x1359, x1356); ++ x1402 = (x1401 + x1357); ++ fiat_secp384r1_addcarryx_u32(&x1403, &x1404, 0x0, x1331, x1378); ++ fiat_secp384r1_addcarryx_u32(&x1405, &x1406, x1404, x1333, x1380); ++ fiat_secp384r1_addcarryx_u32(&x1407, &x1408, x1406, x1335, x1382); ++ fiat_secp384r1_addcarryx_u32(&x1409, &x1410, x1408, x1337, x1384); ++ fiat_secp384r1_addcarryx_u32(&x1411, &x1412, x1410, x1339, x1386); ++ fiat_secp384r1_addcarryx_u32(&x1413, &x1414, x1412, x1341, x1388); ++ fiat_secp384r1_addcarryx_u32(&x1415, &x1416, x1414, x1343, x1390); ++ fiat_secp384r1_addcarryx_u32(&x1417, &x1418, x1416, x1345, x1392); ++ fiat_secp384r1_addcarryx_u32(&x1419, &x1420, x1418, x1347, x1394); ++ fiat_secp384r1_addcarryx_u32(&x1421, &x1422, x1420, x1349, x1396); ++ fiat_secp384r1_addcarryx_u32(&x1423, &x1424, x1422, x1351, x1398); ++ fiat_secp384r1_addcarryx_u32(&x1425, &x1426, x1424, x1353, x1400); ++ fiat_secp384r1_addcarryx_u32(&x1427, &x1428, x1426, x1355, x1402); ++ fiat_secp384r1_mulx_u32(&x1429, &x1430, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1431, &x1432, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1433, &x1434, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1435, &x1436, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1437, &x1438, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1439, &x1440, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1441, &x1442, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1443, &x1444, x1403, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1445, &x1446, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1447, &x1448, x1403, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1449, &x1450, 0x0, x1446, x1443); ++ fiat_secp384r1_addcarryx_u32(&x1451, &x1452, x1450, x1444, x1441); ++ fiat_secp384r1_addcarryx_u32(&x1453, &x1454, x1452, x1442, x1439); ++ fiat_secp384r1_addcarryx_u32(&x1455, &x1456, x1454, x1440, x1437); ++ fiat_secp384r1_addcarryx_u32(&x1457, &x1458, x1456, x1438, x1435); ++ fiat_secp384r1_addcarryx_u32(&x1459, &x1460, x1458, x1436, x1433); ++ fiat_secp384r1_addcarryx_u32(&x1461, &x1462, x1460, x1434, x1431); ++ fiat_secp384r1_addcarryx_u32(&x1463, &x1464, x1462, x1432, x1429); ++ x1465 = (x1464 + x1430); ++ fiat_secp384r1_addcarryx_u32(&x1466, &x1467, 0x0, x1403, x1447); ++ fiat_secp384r1_addcarryx_u32(&x1468, &x1469, x1467, x1405, x1448); ++ fiat_secp384r1_addcarryx_u32(&x1470, &x1471, x1469, x1407, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1472, &x1473, x1471, x1409, x1445); ++ fiat_secp384r1_addcarryx_u32(&x1474, &x1475, x1473, x1411, x1449); ++ fiat_secp384r1_addcarryx_u32(&x1476, &x1477, x1475, x1413, x1451); ++ fiat_secp384r1_addcarryx_u32(&x1478, &x1479, x1477, x1415, x1453); ++ fiat_secp384r1_addcarryx_u32(&x1480, &x1481, x1479, x1417, x1455); ++ fiat_secp384r1_addcarryx_u32(&x1482, &x1483, x1481, x1419, x1457); ++ fiat_secp384r1_addcarryx_u32(&x1484, &x1485, x1483, x1421, x1459); ++ fiat_secp384r1_addcarryx_u32(&x1486, &x1487, x1485, x1423, x1461); ++ fiat_secp384r1_addcarryx_u32(&x1488, &x1489, x1487, x1425, x1463); ++ fiat_secp384r1_addcarryx_u32(&x1490, &x1491, x1489, x1427, x1465); ++ x1492 = ((uint32_t)x1491 + x1428); ++ fiat_secp384r1_mulx_u32(&x1493, &x1494, x11, (arg1[11])); ++ fiat_secp384r1_mulx_u32(&x1495, &x1496, x11, (arg1[10])); ++ fiat_secp384r1_mulx_u32(&x1497, &x1498, x11, (arg1[9])); ++ fiat_secp384r1_mulx_u32(&x1499, &x1500, x11, (arg1[8])); ++ fiat_secp384r1_mulx_u32(&x1501, &x1502, x11, (arg1[7])); ++ fiat_secp384r1_mulx_u32(&x1503, &x1504, x11, (arg1[6])); ++ fiat_secp384r1_mulx_u32(&x1505, &x1506, x11, (arg1[5])); ++ fiat_secp384r1_mulx_u32(&x1507, &x1508, x11, (arg1[4])); ++ fiat_secp384r1_mulx_u32(&x1509, &x1510, x11, (arg1[3])); ++ fiat_secp384r1_mulx_u32(&x1511, &x1512, x11, (arg1[2])); ++ fiat_secp384r1_mulx_u32(&x1513, &x1514, x11, (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x1515, &x1516, x11, (arg1[0])); ++ fiat_secp384r1_addcarryx_u32(&x1517, &x1518, 0x0, x1516, x1513); ++ fiat_secp384r1_addcarryx_u32(&x1519, &x1520, x1518, x1514, x1511); ++ fiat_secp384r1_addcarryx_u32(&x1521, &x1522, x1520, x1512, x1509); ++ fiat_secp384r1_addcarryx_u32(&x1523, &x1524, x1522, x1510, x1507); ++ fiat_secp384r1_addcarryx_u32(&x1525, &x1526, x1524, x1508, x1505); ++ fiat_secp384r1_addcarryx_u32(&x1527, &x1528, x1526, x1506, x1503); ++ fiat_secp384r1_addcarryx_u32(&x1529, &x1530, x1528, x1504, x1501); ++ fiat_secp384r1_addcarryx_u32(&x1531, &x1532, x1530, x1502, x1499); ++ fiat_secp384r1_addcarryx_u32(&x1533, &x1534, x1532, x1500, x1497); ++ fiat_secp384r1_addcarryx_u32(&x1535, &x1536, x1534, x1498, x1495); ++ fiat_secp384r1_addcarryx_u32(&x1537, &x1538, x1536, x1496, x1493); ++ x1539 = (x1538 + x1494); ++ fiat_secp384r1_addcarryx_u32(&x1540, &x1541, 0x0, x1468, x1515); ++ fiat_secp384r1_addcarryx_u32(&x1542, &x1543, x1541, x1470, x1517); ++ fiat_secp384r1_addcarryx_u32(&x1544, &x1545, x1543, x1472, x1519); ++ fiat_secp384r1_addcarryx_u32(&x1546, &x1547, x1545, x1474, x1521); ++ fiat_secp384r1_addcarryx_u32(&x1548, &x1549, x1547, x1476, x1523); ++ fiat_secp384r1_addcarryx_u32(&x1550, &x1551, x1549, x1478, x1525); ++ fiat_secp384r1_addcarryx_u32(&x1552, &x1553, x1551, x1480, x1527); ++ fiat_secp384r1_addcarryx_u32(&x1554, &x1555, x1553, x1482, x1529); ++ fiat_secp384r1_addcarryx_u32(&x1556, &x1557, x1555, x1484, x1531); ++ fiat_secp384r1_addcarryx_u32(&x1558, &x1559, x1557, x1486, x1533); ++ fiat_secp384r1_addcarryx_u32(&x1560, &x1561, x1559, x1488, x1535); ++ fiat_secp384r1_addcarryx_u32(&x1562, &x1563, x1561, x1490, x1537); ++ fiat_secp384r1_addcarryx_u32(&x1564, &x1565, x1563, x1492, x1539); ++ fiat_secp384r1_mulx_u32(&x1566, &x1567, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1568, &x1569, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1570, &x1571, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1572, &x1573, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1574, &x1575, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1576, &x1577, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1578, &x1579, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1580, &x1581, x1540, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1582, &x1583, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1584, &x1585, x1540, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1586, &x1587, 0x0, x1583, x1580); ++ fiat_secp384r1_addcarryx_u32(&x1588, &x1589, x1587, x1581, x1578); ++ fiat_secp384r1_addcarryx_u32(&x1590, &x1591, x1589, x1579, x1576); ++ fiat_secp384r1_addcarryx_u32(&x1592, &x1593, x1591, x1577, x1574); ++ fiat_secp384r1_addcarryx_u32(&x1594, &x1595, x1593, x1575, x1572); ++ fiat_secp384r1_addcarryx_u32(&x1596, &x1597, x1595, x1573, x1570); ++ fiat_secp384r1_addcarryx_u32(&x1598, &x1599, x1597, x1571, x1568); ++ fiat_secp384r1_addcarryx_u32(&x1600, &x1601, x1599, x1569, x1566); ++ x1602 = (x1601 + x1567); ++ fiat_secp384r1_addcarryx_u32(&x1603, &x1604, 0x0, x1540, x1584); ++ fiat_secp384r1_addcarryx_u32(&x1605, &x1606, x1604, x1542, x1585); ++ fiat_secp384r1_addcarryx_u32(&x1607, &x1608, x1606, x1544, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1609, &x1610, x1608, x1546, x1582); ++ fiat_secp384r1_addcarryx_u32(&x1611, &x1612, x1610, x1548, x1586); ++ fiat_secp384r1_addcarryx_u32(&x1613, &x1614, x1612, x1550, x1588); ++ fiat_secp384r1_addcarryx_u32(&x1615, &x1616, x1614, x1552, x1590); ++ fiat_secp384r1_addcarryx_u32(&x1617, &x1618, x1616, x1554, x1592); ++ fiat_secp384r1_addcarryx_u32(&x1619, &x1620, x1618, x1556, x1594); ++ fiat_secp384r1_addcarryx_u32(&x1621, &x1622, x1620, x1558, x1596); ++ fiat_secp384r1_addcarryx_u32(&x1623, &x1624, x1622, x1560, x1598); ++ fiat_secp384r1_addcarryx_u32(&x1625, &x1626, x1624, x1562, x1600); ++ fiat_secp384r1_addcarryx_u32(&x1627, &x1628, x1626, x1564, x1602); ++ x1629 = ((uint32_t)x1628 + x1565); ++ fiat_secp384r1_subborrowx_u32(&x1630, &x1631, 0x0, x1605, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1632, &x1633, x1631, x1607, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x1634, &x1635, x1633, x1609, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x1636, &x1637, x1635, x1611, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1638, &x1639, x1637, x1613, ++ UINT32_C(0xfffffffe)); ++ fiat_secp384r1_subborrowx_u32(&x1640, &x1641, x1639, x1615, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1642, &x1643, x1641, x1617, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1644, &x1645, x1643, x1619, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1646, &x1647, x1645, x1621, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1648, &x1649, x1647, x1623, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1650, &x1651, x1649, x1625, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1652, &x1653, x1651, x1627, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1654, &x1655, x1653, x1629, 0x0); ++ fiat_secp384r1_cmovznz_u32(&x1656, x1655, x1630, x1605); ++ fiat_secp384r1_cmovznz_u32(&x1657, x1655, x1632, x1607); ++ fiat_secp384r1_cmovznz_u32(&x1658, x1655, x1634, x1609); ++ fiat_secp384r1_cmovznz_u32(&x1659, x1655, x1636, x1611); ++ fiat_secp384r1_cmovznz_u32(&x1660, x1655, x1638, x1613); ++ fiat_secp384r1_cmovznz_u32(&x1661, x1655, x1640, x1615); ++ fiat_secp384r1_cmovznz_u32(&x1662, x1655, x1642, x1617); ++ fiat_secp384r1_cmovznz_u32(&x1663, x1655, x1644, x1619); ++ fiat_secp384r1_cmovznz_u32(&x1664, x1655, x1646, x1621); ++ fiat_secp384r1_cmovznz_u32(&x1665, x1655, x1648, x1623); ++ fiat_secp384r1_cmovznz_u32(&x1666, x1655, x1650, x1625); ++ fiat_secp384r1_cmovznz_u32(&x1667, x1655, x1652, x1627); ++ out1[0] = x1656; ++ out1[1] = x1657; ++ out1[2] = x1658; ++ out1[3] = x1659; ++ out1[4] = x1660; ++ out1[5] = x1661; ++ out1[6] = x1662; ++ out1[7] = x1663; ++ out1[8] = x1664; ++ out1[9] = x1665; ++ out1[10] = x1666; ++ out1[11] = x1667; ++} ++ ++/* ++ * The function fiat_secp384r1_add adds two field elements in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * 0 ≤ eval arg2 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_add(uint32_t out1[12], const uint32_t arg1[12], ++ const uint32_t arg2[12]) ++{ ++ uint32_t x1; ++ fiat_secp384r1_uint1 x2; ++ uint32_t x3; ++ fiat_secp384r1_uint1 x4; ++ uint32_t x5; ++ fiat_secp384r1_uint1 x6; ++ uint32_t x7; ++ fiat_secp384r1_uint1 x8; ++ uint32_t x9; ++ fiat_secp384r1_uint1 x10; ++ uint32_t x11; ++ fiat_secp384r1_uint1 x12; ++ uint32_t x13; ++ fiat_secp384r1_uint1 x14; ++ uint32_t x15; ++ fiat_secp384r1_uint1 x16; ++ uint32_t x17; ++ fiat_secp384r1_uint1 x18; ++ uint32_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint32_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint32_t x23; ++ fiat_secp384r1_uint1 x24; ++ uint32_t x25; ++ fiat_secp384r1_uint1 x26; ++ uint32_t x27; ++ fiat_secp384r1_uint1 x28; ++ uint32_t x29; ++ fiat_secp384r1_uint1 x30; ++ uint32_t x31; ++ fiat_secp384r1_uint1 x32; ++ uint32_t x33; ++ fiat_secp384r1_uint1 x34; ++ uint32_t x35; ++ fiat_secp384r1_uint1 x36; ++ uint32_t x37; ++ fiat_secp384r1_uint1 x38; ++ uint32_t x39; ++ fiat_secp384r1_uint1 x40; ++ uint32_t x41; ++ fiat_secp384r1_uint1 x42; ++ uint32_t x43; ++ fiat_secp384r1_uint1 x44; ++ uint32_t x45; ++ fiat_secp384r1_uint1 x46; ++ uint32_t x47; ++ fiat_secp384r1_uint1 x48; ++ uint32_t x49; ++ fiat_secp384r1_uint1 x50; ++ uint32_t x51; ++ uint32_t x52; ++ uint32_t x53; ++ uint32_t x54; ++ uint32_t x55; ++ uint32_t x56; ++ uint32_t x57; ++ uint32_t x58; ++ uint32_t x59; ++ uint32_t x60; ++ uint32_t x61; ++ uint32_t x62; ++ fiat_secp384r1_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); ++ fiat_secp384r1_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); ++ fiat_secp384r1_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); ++ fiat_secp384r1_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); ++ fiat_secp384r1_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); ++ fiat_secp384r1_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); ++ fiat_secp384r1_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); ++ fiat_secp384r1_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); ++ fiat_secp384r1_addcarryx_u32(&x17, &x18, x16, (arg1[8]), (arg2[8])); ++ fiat_secp384r1_addcarryx_u32(&x19, &x20, x18, (arg1[9]), (arg2[9])); ++ fiat_secp384r1_addcarryx_u32(&x21, &x22, x20, (arg1[10]), (arg2[10])); ++ fiat_secp384r1_addcarryx_u32(&x23, &x24, x22, (arg1[11]), (arg2[11])); ++ fiat_secp384r1_subborrowx_u32(&x25, &x26, 0x0, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x27, &x28, x26, x3, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x29, &x30, x28, x5, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x31, &x32, x30, x7, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x33, &x34, x32, x9, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_subborrowx_u32(&x35, &x36, x34, x11, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x37, &x38, x36, x13, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x39, &x40, x38, x15, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x41, &x42, x40, x17, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x43, &x44, x42, x19, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x45, &x46, x44, x21, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x47, &x48, x46, x23, UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x49, &x50, x48, x24, 0x0); ++ fiat_secp384r1_cmovznz_u32(&x51, x50, x25, x1); ++ fiat_secp384r1_cmovznz_u32(&x52, x50, x27, x3); ++ fiat_secp384r1_cmovznz_u32(&x53, x50, x29, x5); ++ fiat_secp384r1_cmovznz_u32(&x54, x50, x31, x7); ++ fiat_secp384r1_cmovznz_u32(&x55, x50, x33, x9); ++ fiat_secp384r1_cmovznz_u32(&x56, x50, x35, x11); ++ fiat_secp384r1_cmovznz_u32(&x57, x50, x37, x13); ++ fiat_secp384r1_cmovznz_u32(&x58, x50, x39, x15); ++ fiat_secp384r1_cmovznz_u32(&x59, x50, x41, x17); ++ fiat_secp384r1_cmovznz_u32(&x60, x50, x43, x19); ++ fiat_secp384r1_cmovznz_u32(&x61, x50, x45, x21); ++ fiat_secp384r1_cmovznz_u32(&x62, x50, x47, x23); ++ out1[0] = x51; ++ out1[1] = x52; ++ out1[2] = x53; ++ out1[3] = x54; ++ out1[4] = x55; ++ out1[5] = x56; ++ out1[6] = x57; ++ out1[7] = x58; ++ out1[8] = x59; ++ out1[9] = x60; ++ out1[10] = x61; ++ out1[11] = x62; ++} ++ ++/* ++ * The function fiat_secp384r1_sub subtracts two field elements in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * 0 ≤ eval arg2 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_sub(uint32_t out1[12], const uint32_t arg1[12], ++ const uint32_t arg2[12]) ++{ ++ uint32_t x1; ++ fiat_secp384r1_uint1 x2; ++ uint32_t x3; ++ fiat_secp384r1_uint1 x4; ++ uint32_t x5; ++ fiat_secp384r1_uint1 x6; ++ uint32_t x7; ++ fiat_secp384r1_uint1 x8; ++ uint32_t x9; ++ fiat_secp384r1_uint1 x10; ++ uint32_t x11; ++ fiat_secp384r1_uint1 x12; ++ uint32_t x13; ++ fiat_secp384r1_uint1 x14; ++ uint32_t x15; ++ fiat_secp384r1_uint1 x16; ++ uint32_t x17; ++ fiat_secp384r1_uint1 x18; ++ uint32_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint32_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint32_t x23; ++ fiat_secp384r1_uint1 x24; ++ uint32_t x25; ++ uint32_t x26; ++ fiat_secp384r1_uint1 x27; ++ uint32_t x28; ++ fiat_secp384r1_uint1 x29; ++ uint32_t x30; ++ fiat_secp384r1_uint1 x31; ++ uint32_t x32; ++ fiat_secp384r1_uint1 x33; ++ uint32_t x34; ++ fiat_secp384r1_uint1 x35; ++ uint32_t x36; ++ fiat_secp384r1_uint1 x37; ++ uint32_t x38; ++ fiat_secp384r1_uint1 x39; ++ uint32_t x40; ++ fiat_secp384r1_uint1 x41; ++ uint32_t x42; ++ fiat_secp384r1_uint1 x43; ++ uint32_t x44; ++ fiat_secp384r1_uint1 x45; ++ uint32_t x46; ++ fiat_secp384r1_uint1 x47; ++ uint32_t x48; ++ fiat_secp384r1_uint1 x49; ++ fiat_secp384r1_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); ++ fiat_secp384r1_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); ++ fiat_secp384r1_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); ++ fiat_secp384r1_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); ++ fiat_secp384r1_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); ++ fiat_secp384r1_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); ++ fiat_secp384r1_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); ++ fiat_secp384r1_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); ++ fiat_secp384r1_subborrowx_u32(&x17, &x18, x16, (arg1[8]), (arg2[8])); ++ fiat_secp384r1_subborrowx_u32(&x19, &x20, x18, (arg1[9]), (arg2[9])); ++ fiat_secp384r1_subborrowx_u32(&x21, &x22, x20, (arg1[10]), (arg2[10])); ++ fiat_secp384r1_subborrowx_u32(&x23, &x24, x22, (arg1[11]), (arg2[11])); ++ fiat_secp384r1_cmovznz_u32(&x25, x24, 0x0, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x26, &x27, 0x0, x1, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x28, &x29, x27, x3, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x30, &x31, x29, x5, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x32, &x33, x31, x7, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x34, &x35, x33, x9, ++ (x25 & UINT32_C(0xfffffffe))); ++ fiat_secp384r1_addcarryx_u32(&x36, &x37, x35, x11, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x38, &x39, x37, x13, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x40, &x41, x39, x15, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x42, &x43, x41, x17, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x44, &x45, x43, x19, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x46, &x47, x45, x21, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x48, &x49, x47, x23, ++ (x25 & UINT32_C(0xffffffff))); ++ out1[0] = x26; ++ out1[1] = x28; ++ out1[2] = x30; ++ out1[3] = x32; ++ out1[4] = x34; ++ out1[5] = x36; ++ out1[6] = x38; ++ out1[7] = x40; ++ out1[8] = x42; ++ out1[9] = x44; ++ out1[10] = x46; ++ out1[11] = x48; ++} ++ ++/* ++ * The function fiat_secp384r1_opp negates a field element in the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_opp(uint32_t out1[12], const uint32_t arg1[12]) ++{ ++ uint32_t x1; ++ fiat_secp384r1_uint1 x2; ++ uint32_t x3; ++ fiat_secp384r1_uint1 x4; ++ uint32_t x5; ++ fiat_secp384r1_uint1 x6; ++ uint32_t x7; ++ fiat_secp384r1_uint1 x8; ++ uint32_t x9; ++ fiat_secp384r1_uint1 x10; ++ uint32_t x11; ++ fiat_secp384r1_uint1 x12; ++ uint32_t x13; ++ fiat_secp384r1_uint1 x14; ++ uint32_t x15; ++ fiat_secp384r1_uint1 x16; ++ uint32_t x17; ++ fiat_secp384r1_uint1 x18; ++ uint32_t x19; ++ fiat_secp384r1_uint1 x20; ++ uint32_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint32_t x23; ++ fiat_secp384r1_uint1 x24; ++ uint32_t x25; ++ uint32_t x26; ++ fiat_secp384r1_uint1 x27; ++ uint32_t x28; ++ fiat_secp384r1_uint1 x29; ++ uint32_t x30; ++ fiat_secp384r1_uint1 x31; ++ uint32_t x32; ++ fiat_secp384r1_uint1 x33; ++ uint32_t x34; ++ fiat_secp384r1_uint1 x35; ++ uint32_t x36; ++ fiat_secp384r1_uint1 x37; ++ uint32_t x38; ++ fiat_secp384r1_uint1 x39; ++ uint32_t x40; ++ fiat_secp384r1_uint1 x41; ++ uint32_t x42; ++ fiat_secp384r1_uint1 x43; ++ uint32_t x44; ++ fiat_secp384r1_uint1 x45; ++ uint32_t x46; ++ fiat_secp384r1_uint1 x47; ++ uint32_t x48; ++ fiat_secp384r1_uint1 x49; ++ fiat_secp384r1_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); ++ fiat_secp384r1_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); ++ fiat_secp384r1_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); ++ fiat_secp384r1_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); ++ fiat_secp384r1_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); ++ fiat_secp384r1_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); ++ fiat_secp384r1_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); ++ fiat_secp384r1_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); ++ fiat_secp384r1_subborrowx_u32(&x17, &x18, x16, 0x0, (arg1[8])); ++ fiat_secp384r1_subborrowx_u32(&x19, &x20, x18, 0x0, (arg1[9])); ++ fiat_secp384r1_subborrowx_u32(&x21, &x22, x20, 0x0, (arg1[10])); ++ fiat_secp384r1_subborrowx_u32(&x23, &x24, x22, 0x0, (arg1[11])); ++ fiat_secp384r1_cmovznz_u32(&x25, x24, 0x0, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x26, &x27, 0x0, x1, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x28, &x29, x27, x3, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x30, &x31, x29, x5, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x32, &x33, x31, x7, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x34, &x35, x33, x9, ++ (x25 & UINT32_C(0xfffffffe))); ++ fiat_secp384r1_addcarryx_u32(&x36, &x37, x35, x11, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x38, &x39, x37, x13, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x40, &x41, x39, x15, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x42, &x43, x41, x17, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x44, &x45, x43, x19, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x46, &x47, x45, x21, ++ (x25 & UINT32_C(0xffffffff))); ++ fiat_secp384r1_addcarryx_u32(&x48, &x49, x47, x23, ++ (x25 & UINT32_C(0xffffffff))); ++ out1[0] = x26; ++ out1[1] = x28; ++ out1[2] = x30; ++ out1[3] = x32; ++ out1[4] = x34; ++ out1[5] = x36; ++ out1[6] = x38; ++ out1[7] = x40; ++ out1[8] = x42; ++ out1[9] = x44; ++ out1[10] = x46; ++ out1[11] = x48; ++} ++ ++/* ++ * The function fiat_secp384r1_from_montgomery translates a field element out of the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^12) mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_from_montgomery(uint32_t out1[12], ++ const uint32_t arg1[12]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ fiat_secp384r1_uint1 x23; ++ uint32_t x24; ++ fiat_secp384r1_uint1 x25; ++ uint32_t x26; ++ fiat_secp384r1_uint1 x27; ++ uint32_t x28; ++ fiat_secp384r1_uint1 x29; ++ uint32_t x30; ++ fiat_secp384r1_uint1 x31; ++ uint32_t x32; ++ fiat_secp384r1_uint1 x33; ++ uint32_t x34; ++ fiat_secp384r1_uint1 x35; ++ uint32_t x36; ++ fiat_secp384r1_uint1 x37; ++ uint32_t x38; ++ fiat_secp384r1_uint1 x39; ++ uint32_t x40; ++ fiat_secp384r1_uint1 x41; ++ uint32_t x42; ++ uint32_t x43; ++ uint32_t x44; ++ uint32_t x45; ++ uint32_t x46; ++ uint32_t x47; ++ uint32_t x48; ++ uint32_t x49; ++ uint32_t x50; ++ uint32_t x51; ++ uint32_t x52; ++ uint32_t x53; ++ uint32_t x54; ++ uint32_t x55; ++ uint32_t x56; ++ uint32_t x57; ++ uint32_t x58; ++ uint32_t x59; ++ uint32_t x60; ++ uint32_t x61; ++ uint32_t x62; ++ fiat_secp384r1_uint1 x63; ++ uint32_t x64; ++ fiat_secp384r1_uint1 x65; ++ uint32_t x66; ++ fiat_secp384r1_uint1 x67; ++ uint32_t x68; ++ fiat_secp384r1_uint1 x69; ++ uint32_t x70; ++ fiat_secp384r1_uint1 x71; ++ uint32_t x72; ++ fiat_secp384r1_uint1 x73; ++ uint32_t x74; ++ fiat_secp384r1_uint1 x75; ++ uint32_t x76; ++ fiat_secp384r1_uint1 x77; ++ uint32_t x78; ++ fiat_secp384r1_uint1 x79; ++ uint32_t x80; ++ fiat_secp384r1_uint1 x81; ++ uint32_t x82; ++ fiat_secp384r1_uint1 x83; ++ uint32_t x84; ++ fiat_secp384r1_uint1 x85; ++ uint32_t x86; ++ fiat_secp384r1_uint1 x87; ++ uint32_t x88; ++ fiat_secp384r1_uint1 x89; ++ uint32_t x90; ++ fiat_secp384r1_uint1 x91; ++ uint32_t x92; ++ fiat_secp384r1_uint1 x93; ++ uint32_t x94; ++ fiat_secp384r1_uint1 x95; ++ uint32_t x96; ++ fiat_secp384r1_uint1 x97; ++ uint32_t x98; ++ fiat_secp384r1_uint1 x99; ++ uint32_t x100; ++ fiat_secp384r1_uint1 x101; ++ uint32_t x102; ++ fiat_secp384r1_uint1 x103; ++ uint32_t x104; ++ fiat_secp384r1_uint1 x105; ++ uint32_t x106; ++ fiat_secp384r1_uint1 x107; ++ uint32_t x108; ++ fiat_secp384r1_uint1 x109; ++ uint32_t x110; ++ fiat_secp384r1_uint1 x111; ++ uint32_t x112; ++ fiat_secp384r1_uint1 x113; ++ uint32_t x114; ++ fiat_secp384r1_uint1 x115; ++ uint32_t x116; ++ fiat_secp384r1_uint1 x117; ++ uint32_t x118; ++ fiat_secp384r1_uint1 x119; ++ uint32_t x120; ++ fiat_secp384r1_uint1 x121; ++ uint32_t x122; ++ fiat_secp384r1_uint1 x123; ++ uint32_t x124; ++ fiat_secp384r1_uint1 x125; ++ uint32_t x126; ++ fiat_secp384r1_uint1 x127; ++ uint32_t x128; ++ uint32_t x129; ++ uint32_t x130; ++ uint32_t x131; ++ uint32_t x132; ++ uint32_t x133; ++ uint32_t x134; ++ uint32_t x135; ++ uint32_t x136; ++ uint32_t x137; ++ uint32_t x138; ++ uint32_t x139; ++ uint32_t x140; ++ uint32_t x141; ++ uint32_t x142; ++ uint32_t x143; ++ uint32_t x144; ++ uint32_t x145; ++ uint32_t x146; ++ uint32_t x147; ++ uint32_t x148; ++ fiat_secp384r1_uint1 x149; ++ uint32_t x150; ++ fiat_secp384r1_uint1 x151; ++ uint32_t x152; ++ fiat_secp384r1_uint1 x153; ++ uint32_t x154; ++ fiat_secp384r1_uint1 x155; ++ uint32_t x156; ++ fiat_secp384r1_uint1 x157; ++ uint32_t x158; ++ fiat_secp384r1_uint1 x159; ++ uint32_t x160; ++ fiat_secp384r1_uint1 x161; ++ uint32_t x162; ++ fiat_secp384r1_uint1 x163; ++ uint32_t x164; ++ fiat_secp384r1_uint1 x165; ++ uint32_t x166; ++ fiat_secp384r1_uint1 x167; ++ uint32_t x168; ++ fiat_secp384r1_uint1 x169; ++ uint32_t x170; ++ fiat_secp384r1_uint1 x171; ++ uint32_t x172; ++ fiat_secp384r1_uint1 x173; ++ uint32_t x174; ++ fiat_secp384r1_uint1 x175; ++ uint32_t x176; ++ fiat_secp384r1_uint1 x177; ++ uint32_t x178; ++ fiat_secp384r1_uint1 x179; ++ uint32_t x180; ++ fiat_secp384r1_uint1 x181; ++ uint32_t x182; ++ fiat_secp384r1_uint1 x183; ++ uint32_t x184; ++ fiat_secp384r1_uint1 x185; ++ uint32_t x186; ++ fiat_secp384r1_uint1 x187; ++ uint32_t x188; ++ fiat_secp384r1_uint1 x189; ++ uint32_t x190; ++ fiat_secp384r1_uint1 x191; ++ uint32_t x192; ++ fiat_secp384r1_uint1 x193; ++ uint32_t x194; ++ fiat_secp384r1_uint1 x195; ++ uint32_t x196; ++ fiat_secp384r1_uint1 x197; ++ uint32_t x198; ++ fiat_secp384r1_uint1 x199; ++ uint32_t x200; ++ fiat_secp384r1_uint1 x201; ++ uint32_t x202; ++ fiat_secp384r1_uint1 x203; ++ uint32_t x204; ++ fiat_secp384r1_uint1 x205; ++ uint32_t x206; ++ fiat_secp384r1_uint1 x207; ++ uint32_t x208; ++ fiat_secp384r1_uint1 x209; ++ uint32_t x210; ++ fiat_secp384r1_uint1 x211; ++ uint32_t x212; ++ fiat_secp384r1_uint1 x213; ++ uint32_t x214; ++ uint32_t x215; ++ uint32_t x216; ++ uint32_t x217; ++ uint32_t x218; ++ uint32_t x219; ++ uint32_t x220; ++ uint32_t x221; ++ uint32_t x222; ++ uint32_t x223; ++ uint32_t x224; ++ uint32_t x225; ++ uint32_t x226; ++ uint32_t x227; ++ uint32_t x228; ++ uint32_t x229; ++ uint32_t x230; ++ uint32_t x231; ++ uint32_t x232; ++ uint32_t x233; ++ uint32_t x234; ++ fiat_secp384r1_uint1 x235; ++ uint32_t x236; ++ fiat_secp384r1_uint1 x237; ++ uint32_t x238; ++ fiat_secp384r1_uint1 x239; ++ uint32_t x240; ++ fiat_secp384r1_uint1 x241; ++ uint32_t x242; ++ fiat_secp384r1_uint1 x243; ++ uint32_t x244; ++ fiat_secp384r1_uint1 x245; ++ uint32_t x246; ++ fiat_secp384r1_uint1 x247; ++ uint32_t x248; ++ fiat_secp384r1_uint1 x249; ++ uint32_t x250; ++ fiat_secp384r1_uint1 x251; ++ uint32_t x252; ++ fiat_secp384r1_uint1 x253; ++ uint32_t x254; ++ fiat_secp384r1_uint1 x255; ++ uint32_t x256; ++ fiat_secp384r1_uint1 x257; ++ uint32_t x258; ++ fiat_secp384r1_uint1 x259; ++ uint32_t x260; ++ fiat_secp384r1_uint1 x261; ++ uint32_t x262; ++ fiat_secp384r1_uint1 x263; ++ uint32_t x264; ++ fiat_secp384r1_uint1 x265; ++ uint32_t x266; ++ fiat_secp384r1_uint1 x267; ++ uint32_t x268; ++ fiat_secp384r1_uint1 x269; ++ uint32_t x270; ++ fiat_secp384r1_uint1 x271; ++ uint32_t x272; ++ fiat_secp384r1_uint1 x273; ++ uint32_t x274; ++ fiat_secp384r1_uint1 x275; ++ uint32_t x276; ++ fiat_secp384r1_uint1 x277; ++ uint32_t x278; ++ fiat_secp384r1_uint1 x279; ++ uint32_t x280; ++ fiat_secp384r1_uint1 x281; ++ uint32_t x282; ++ fiat_secp384r1_uint1 x283; ++ uint32_t x284; ++ fiat_secp384r1_uint1 x285; ++ uint32_t x286; ++ fiat_secp384r1_uint1 x287; ++ uint32_t x288; ++ fiat_secp384r1_uint1 x289; ++ uint32_t x290; ++ fiat_secp384r1_uint1 x291; ++ uint32_t x292; ++ fiat_secp384r1_uint1 x293; ++ uint32_t x294; ++ fiat_secp384r1_uint1 x295; ++ uint32_t x296; ++ fiat_secp384r1_uint1 x297; ++ uint32_t x298; ++ fiat_secp384r1_uint1 x299; ++ uint32_t x300; ++ uint32_t x301; ++ uint32_t x302; ++ uint32_t x303; ++ uint32_t x304; ++ uint32_t x305; ++ uint32_t x306; ++ uint32_t x307; ++ uint32_t x308; ++ uint32_t x309; ++ uint32_t x310; ++ uint32_t x311; ++ uint32_t x312; ++ uint32_t x313; ++ uint32_t x314; ++ uint32_t x315; ++ uint32_t x316; ++ uint32_t x317; ++ uint32_t x318; ++ uint32_t x319; ++ uint32_t x320; ++ fiat_secp384r1_uint1 x321; ++ uint32_t x322; ++ fiat_secp384r1_uint1 x323; ++ uint32_t x324; ++ fiat_secp384r1_uint1 x325; ++ uint32_t x326; ++ fiat_secp384r1_uint1 x327; ++ uint32_t x328; ++ fiat_secp384r1_uint1 x329; ++ uint32_t x330; ++ fiat_secp384r1_uint1 x331; ++ uint32_t x332; ++ fiat_secp384r1_uint1 x333; ++ uint32_t x334; ++ fiat_secp384r1_uint1 x335; ++ uint32_t x336; ++ fiat_secp384r1_uint1 x337; ++ uint32_t x338; ++ fiat_secp384r1_uint1 x339; ++ uint32_t x340; ++ fiat_secp384r1_uint1 x341; ++ uint32_t x342; ++ fiat_secp384r1_uint1 x343; ++ uint32_t x344; ++ fiat_secp384r1_uint1 x345; ++ uint32_t x346; ++ fiat_secp384r1_uint1 x347; ++ uint32_t x348; ++ fiat_secp384r1_uint1 x349; ++ uint32_t x350; ++ fiat_secp384r1_uint1 x351; ++ uint32_t x352; ++ fiat_secp384r1_uint1 x353; ++ uint32_t x354; ++ fiat_secp384r1_uint1 x355; ++ uint32_t x356; ++ fiat_secp384r1_uint1 x357; ++ uint32_t x358; ++ fiat_secp384r1_uint1 x359; ++ uint32_t x360; ++ fiat_secp384r1_uint1 x361; ++ uint32_t x362; ++ fiat_secp384r1_uint1 x363; ++ uint32_t x364; ++ fiat_secp384r1_uint1 x365; ++ uint32_t x366; ++ fiat_secp384r1_uint1 x367; ++ uint32_t x368; ++ fiat_secp384r1_uint1 x369; ++ uint32_t x370; ++ fiat_secp384r1_uint1 x371; ++ uint32_t x372; ++ fiat_secp384r1_uint1 x373; ++ uint32_t x374; ++ fiat_secp384r1_uint1 x375; ++ uint32_t x376; ++ fiat_secp384r1_uint1 x377; ++ uint32_t x378; ++ fiat_secp384r1_uint1 x379; ++ uint32_t x380; ++ fiat_secp384r1_uint1 x381; ++ uint32_t x382; ++ fiat_secp384r1_uint1 x383; ++ uint32_t x384; ++ fiat_secp384r1_uint1 x385; ++ uint32_t x386; ++ uint32_t x387; ++ uint32_t x388; ++ uint32_t x389; ++ uint32_t x390; ++ uint32_t x391; ++ uint32_t x392; ++ uint32_t x393; ++ uint32_t x394; ++ uint32_t x395; ++ uint32_t x396; ++ uint32_t x397; ++ uint32_t x398; ++ uint32_t x399; ++ uint32_t x400; ++ uint32_t x401; ++ uint32_t x402; ++ uint32_t x403; ++ uint32_t x404; ++ uint32_t x405; ++ uint32_t x406; ++ fiat_secp384r1_uint1 x407; ++ uint32_t x408; ++ fiat_secp384r1_uint1 x409; ++ uint32_t x410; ++ fiat_secp384r1_uint1 x411; ++ uint32_t x412; ++ fiat_secp384r1_uint1 x413; ++ uint32_t x414; ++ fiat_secp384r1_uint1 x415; ++ uint32_t x416; ++ fiat_secp384r1_uint1 x417; ++ uint32_t x418; ++ fiat_secp384r1_uint1 x419; ++ uint32_t x420; ++ fiat_secp384r1_uint1 x421; ++ uint32_t x422; ++ fiat_secp384r1_uint1 x423; ++ uint32_t x424; ++ fiat_secp384r1_uint1 x425; ++ uint32_t x426; ++ fiat_secp384r1_uint1 x427; ++ uint32_t x428; ++ fiat_secp384r1_uint1 x429; ++ uint32_t x430; ++ fiat_secp384r1_uint1 x431; ++ uint32_t x432; ++ fiat_secp384r1_uint1 x433; ++ uint32_t x434; ++ fiat_secp384r1_uint1 x435; ++ uint32_t x436; ++ fiat_secp384r1_uint1 x437; ++ uint32_t x438; ++ fiat_secp384r1_uint1 x439; ++ uint32_t x440; ++ fiat_secp384r1_uint1 x441; ++ uint32_t x442; ++ fiat_secp384r1_uint1 x443; ++ uint32_t x444; ++ fiat_secp384r1_uint1 x445; ++ uint32_t x446; ++ fiat_secp384r1_uint1 x447; ++ uint32_t x448; ++ fiat_secp384r1_uint1 x449; ++ uint32_t x450; ++ fiat_secp384r1_uint1 x451; ++ uint32_t x452; ++ fiat_secp384r1_uint1 x453; ++ uint32_t x454; ++ fiat_secp384r1_uint1 x455; ++ uint32_t x456; ++ fiat_secp384r1_uint1 x457; ++ uint32_t x458; ++ fiat_secp384r1_uint1 x459; ++ uint32_t x460; ++ fiat_secp384r1_uint1 x461; ++ uint32_t x462; ++ fiat_secp384r1_uint1 x463; ++ uint32_t x464; ++ fiat_secp384r1_uint1 x465; ++ uint32_t x466; ++ fiat_secp384r1_uint1 x467; ++ uint32_t x468; ++ fiat_secp384r1_uint1 x469; ++ uint32_t x470; ++ fiat_secp384r1_uint1 x471; ++ uint32_t x472; ++ uint32_t x473; ++ uint32_t x474; ++ uint32_t x475; ++ uint32_t x476; ++ uint32_t x477; ++ uint32_t x478; ++ uint32_t x479; ++ uint32_t x480; ++ uint32_t x481; ++ uint32_t x482; ++ uint32_t x483; ++ uint32_t x484; ++ uint32_t x485; ++ uint32_t x486; ++ uint32_t x487; ++ uint32_t x488; ++ uint32_t x489; ++ uint32_t x490; ++ uint32_t x491; ++ uint32_t x492; ++ fiat_secp384r1_uint1 x493; ++ uint32_t x494; ++ fiat_secp384r1_uint1 x495; ++ uint32_t x496; ++ fiat_secp384r1_uint1 x497; ++ uint32_t x498; ++ fiat_secp384r1_uint1 x499; ++ uint32_t x500; ++ fiat_secp384r1_uint1 x501; ++ uint32_t x502; ++ fiat_secp384r1_uint1 x503; ++ uint32_t x504; ++ fiat_secp384r1_uint1 x505; ++ uint32_t x506; ++ fiat_secp384r1_uint1 x507; ++ uint32_t x508; ++ fiat_secp384r1_uint1 x509; ++ uint32_t x510; ++ fiat_secp384r1_uint1 x511; ++ uint32_t x512; ++ fiat_secp384r1_uint1 x513; ++ uint32_t x514; ++ fiat_secp384r1_uint1 x515; ++ uint32_t x516; ++ fiat_secp384r1_uint1 x517; ++ uint32_t x518; ++ fiat_secp384r1_uint1 x519; ++ uint32_t x520; ++ fiat_secp384r1_uint1 x521; ++ uint32_t x522; ++ fiat_secp384r1_uint1 x523; ++ uint32_t x524; ++ fiat_secp384r1_uint1 x525; ++ uint32_t x526; ++ fiat_secp384r1_uint1 x527; ++ uint32_t x528; ++ fiat_secp384r1_uint1 x529; ++ uint32_t x530; ++ fiat_secp384r1_uint1 x531; ++ uint32_t x532; ++ fiat_secp384r1_uint1 x533; ++ uint32_t x534; ++ fiat_secp384r1_uint1 x535; ++ uint32_t x536; ++ fiat_secp384r1_uint1 x537; ++ uint32_t x538; ++ fiat_secp384r1_uint1 x539; ++ uint32_t x540; ++ fiat_secp384r1_uint1 x541; ++ uint32_t x542; ++ fiat_secp384r1_uint1 x543; ++ uint32_t x544; ++ fiat_secp384r1_uint1 x545; ++ uint32_t x546; ++ fiat_secp384r1_uint1 x547; ++ uint32_t x548; ++ fiat_secp384r1_uint1 x549; ++ uint32_t x550; ++ fiat_secp384r1_uint1 x551; ++ uint32_t x552; ++ fiat_secp384r1_uint1 x553; ++ uint32_t x554; ++ fiat_secp384r1_uint1 x555; ++ uint32_t x556; ++ fiat_secp384r1_uint1 x557; ++ uint32_t x558; ++ uint32_t x559; ++ uint32_t x560; ++ uint32_t x561; ++ uint32_t x562; ++ uint32_t x563; ++ uint32_t x564; ++ uint32_t x565; ++ uint32_t x566; ++ uint32_t x567; ++ uint32_t x568; ++ uint32_t x569; ++ uint32_t x570; ++ uint32_t x571; ++ uint32_t x572; ++ uint32_t x573; ++ uint32_t x574; ++ uint32_t x575; ++ uint32_t x576; ++ uint32_t x577; ++ uint32_t x578; ++ fiat_secp384r1_uint1 x579; ++ uint32_t x580; ++ fiat_secp384r1_uint1 x581; ++ uint32_t x582; ++ fiat_secp384r1_uint1 x583; ++ uint32_t x584; ++ fiat_secp384r1_uint1 x585; ++ uint32_t x586; ++ fiat_secp384r1_uint1 x587; ++ uint32_t x588; ++ fiat_secp384r1_uint1 x589; ++ uint32_t x590; ++ fiat_secp384r1_uint1 x591; ++ uint32_t x592; ++ fiat_secp384r1_uint1 x593; ++ uint32_t x594; ++ fiat_secp384r1_uint1 x595; ++ uint32_t x596; ++ fiat_secp384r1_uint1 x597; ++ uint32_t x598; ++ fiat_secp384r1_uint1 x599; ++ uint32_t x600; ++ fiat_secp384r1_uint1 x601; ++ uint32_t x602; ++ fiat_secp384r1_uint1 x603; ++ uint32_t x604; ++ fiat_secp384r1_uint1 x605; ++ uint32_t x606; ++ fiat_secp384r1_uint1 x607; ++ uint32_t x608; ++ fiat_secp384r1_uint1 x609; ++ uint32_t x610; ++ fiat_secp384r1_uint1 x611; ++ uint32_t x612; ++ fiat_secp384r1_uint1 x613; ++ uint32_t x614; ++ fiat_secp384r1_uint1 x615; ++ uint32_t x616; ++ fiat_secp384r1_uint1 x617; ++ uint32_t x618; ++ fiat_secp384r1_uint1 x619; ++ uint32_t x620; ++ fiat_secp384r1_uint1 x621; ++ uint32_t x622; ++ fiat_secp384r1_uint1 x623; ++ uint32_t x624; ++ fiat_secp384r1_uint1 x625; ++ uint32_t x626; ++ fiat_secp384r1_uint1 x627; ++ uint32_t x628; ++ fiat_secp384r1_uint1 x629; ++ uint32_t x630; ++ fiat_secp384r1_uint1 x631; ++ uint32_t x632; ++ fiat_secp384r1_uint1 x633; ++ uint32_t x634; ++ fiat_secp384r1_uint1 x635; ++ uint32_t x636; ++ fiat_secp384r1_uint1 x637; ++ uint32_t x638; ++ fiat_secp384r1_uint1 x639; ++ uint32_t x640; ++ fiat_secp384r1_uint1 x641; ++ uint32_t x642; ++ fiat_secp384r1_uint1 x643; ++ uint32_t x644; ++ uint32_t x645; ++ uint32_t x646; ++ uint32_t x647; ++ uint32_t x648; ++ uint32_t x649; ++ uint32_t x650; ++ uint32_t x651; ++ uint32_t x652; ++ uint32_t x653; ++ uint32_t x654; ++ uint32_t x655; ++ uint32_t x656; ++ uint32_t x657; ++ uint32_t x658; ++ uint32_t x659; ++ uint32_t x660; ++ uint32_t x661; ++ uint32_t x662; ++ uint32_t x663; ++ uint32_t x664; ++ fiat_secp384r1_uint1 x665; ++ uint32_t x666; ++ fiat_secp384r1_uint1 x667; ++ uint32_t x668; ++ fiat_secp384r1_uint1 x669; ++ uint32_t x670; ++ fiat_secp384r1_uint1 x671; ++ uint32_t x672; ++ fiat_secp384r1_uint1 x673; ++ uint32_t x674; ++ fiat_secp384r1_uint1 x675; ++ uint32_t x676; ++ fiat_secp384r1_uint1 x677; ++ uint32_t x678; ++ fiat_secp384r1_uint1 x679; ++ uint32_t x680; ++ fiat_secp384r1_uint1 x681; ++ uint32_t x682; ++ fiat_secp384r1_uint1 x683; ++ uint32_t x684; ++ fiat_secp384r1_uint1 x685; ++ uint32_t x686; ++ fiat_secp384r1_uint1 x687; ++ uint32_t x688; ++ fiat_secp384r1_uint1 x689; ++ uint32_t x690; ++ fiat_secp384r1_uint1 x691; ++ uint32_t x692; ++ fiat_secp384r1_uint1 x693; ++ uint32_t x694; ++ fiat_secp384r1_uint1 x695; ++ uint32_t x696; ++ fiat_secp384r1_uint1 x697; ++ uint32_t x698; ++ fiat_secp384r1_uint1 x699; ++ uint32_t x700; ++ fiat_secp384r1_uint1 x701; ++ uint32_t x702; ++ fiat_secp384r1_uint1 x703; ++ uint32_t x704; ++ fiat_secp384r1_uint1 x705; ++ uint32_t x706; ++ fiat_secp384r1_uint1 x707; ++ uint32_t x708; ++ fiat_secp384r1_uint1 x709; ++ uint32_t x710; ++ fiat_secp384r1_uint1 x711; ++ uint32_t x712; ++ fiat_secp384r1_uint1 x713; ++ uint32_t x714; ++ fiat_secp384r1_uint1 x715; ++ uint32_t x716; ++ fiat_secp384r1_uint1 x717; ++ uint32_t x718; ++ fiat_secp384r1_uint1 x719; ++ uint32_t x720; ++ fiat_secp384r1_uint1 x721; ++ uint32_t x722; ++ fiat_secp384r1_uint1 x723; ++ uint32_t x724; ++ fiat_secp384r1_uint1 x725; ++ uint32_t x726; ++ fiat_secp384r1_uint1 x727; ++ uint32_t x728; ++ fiat_secp384r1_uint1 x729; ++ uint32_t x730; ++ uint32_t x731; ++ uint32_t x732; ++ uint32_t x733; ++ uint32_t x734; ++ uint32_t x735; ++ uint32_t x736; ++ uint32_t x737; ++ uint32_t x738; ++ uint32_t x739; ++ uint32_t x740; ++ uint32_t x741; ++ uint32_t x742; ++ uint32_t x743; ++ uint32_t x744; ++ uint32_t x745; ++ uint32_t x746; ++ uint32_t x747; ++ uint32_t x748; ++ uint32_t x749; ++ uint32_t x750; ++ fiat_secp384r1_uint1 x751; ++ uint32_t x752; ++ fiat_secp384r1_uint1 x753; ++ uint32_t x754; ++ fiat_secp384r1_uint1 x755; ++ uint32_t x756; ++ fiat_secp384r1_uint1 x757; ++ uint32_t x758; ++ fiat_secp384r1_uint1 x759; ++ uint32_t x760; ++ fiat_secp384r1_uint1 x761; ++ uint32_t x762; ++ fiat_secp384r1_uint1 x763; ++ uint32_t x764; ++ fiat_secp384r1_uint1 x765; ++ uint32_t x766; ++ fiat_secp384r1_uint1 x767; ++ uint32_t x768; ++ fiat_secp384r1_uint1 x769; ++ uint32_t x770; ++ fiat_secp384r1_uint1 x771; ++ uint32_t x772; ++ fiat_secp384r1_uint1 x773; ++ uint32_t x774; ++ fiat_secp384r1_uint1 x775; ++ uint32_t x776; ++ fiat_secp384r1_uint1 x777; ++ uint32_t x778; ++ fiat_secp384r1_uint1 x779; ++ uint32_t x780; ++ fiat_secp384r1_uint1 x781; ++ uint32_t x782; ++ fiat_secp384r1_uint1 x783; ++ uint32_t x784; ++ fiat_secp384r1_uint1 x785; ++ uint32_t x786; ++ fiat_secp384r1_uint1 x787; ++ uint32_t x788; ++ fiat_secp384r1_uint1 x789; ++ uint32_t x790; ++ fiat_secp384r1_uint1 x791; ++ uint32_t x792; ++ fiat_secp384r1_uint1 x793; ++ uint32_t x794; ++ fiat_secp384r1_uint1 x795; ++ uint32_t x796; ++ fiat_secp384r1_uint1 x797; ++ uint32_t x798; ++ fiat_secp384r1_uint1 x799; ++ uint32_t x800; ++ fiat_secp384r1_uint1 x801; ++ uint32_t x802; ++ fiat_secp384r1_uint1 x803; ++ uint32_t x804; ++ fiat_secp384r1_uint1 x805; ++ uint32_t x806; ++ fiat_secp384r1_uint1 x807; ++ uint32_t x808; ++ fiat_secp384r1_uint1 x809; ++ uint32_t x810; ++ fiat_secp384r1_uint1 x811; ++ uint32_t x812; ++ fiat_secp384r1_uint1 x813; ++ uint32_t x814; ++ fiat_secp384r1_uint1 x815; ++ uint32_t x816; ++ uint32_t x817; ++ uint32_t x818; ++ uint32_t x819; ++ uint32_t x820; ++ uint32_t x821; ++ uint32_t x822; ++ uint32_t x823; ++ uint32_t x824; ++ uint32_t x825; ++ uint32_t x826; ++ uint32_t x827; ++ uint32_t x828; ++ uint32_t x829; ++ uint32_t x830; ++ uint32_t x831; ++ uint32_t x832; ++ uint32_t x833; ++ uint32_t x834; ++ uint32_t x835; ++ uint32_t x836; ++ fiat_secp384r1_uint1 x837; ++ uint32_t x838; ++ fiat_secp384r1_uint1 x839; ++ uint32_t x840; ++ fiat_secp384r1_uint1 x841; ++ uint32_t x842; ++ fiat_secp384r1_uint1 x843; ++ uint32_t x844; ++ fiat_secp384r1_uint1 x845; ++ uint32_t x846; ++ fiat_secp384r1_uint1 x847; ++ uint32_t x848; ++ fiat_secp384r1_uint1 x849; ++ uint32_t x850; ++ fiat_secp384r1_uint1 x851; ++ uint32_t x852; ++ fiat_secp384r1_uint1 x853; ++ uint32_t x854; ++ fiat_secp384r1_uint1 x855; ++ uint32_t x856; ++ fiat_secp384r1_uint1 x857; ++ uint32_t x858; ++ fiat_secp384r1_uint1 x859; ++ uint32_t x860; ++ fiat_secp384r1_uint1 x861; ++ uint32_t x862; ++ fiat_secp384r1_uint1 x863; ++ uint32_t x864; ++ fiat_secp384r1_uint1 x865; ++ uint32_t x866; ++ fiat_secp384r1_uint1 x867; ++ uint32_t x868; ++ fiat_secp384r1_uint1 x869; ++ uint32_t x870; ++ fiat_secp384r1_uint1 x871; ++ uint32_t x872; ++ fiat_secp384r1_uint1 x873; ++ uint32_t x874; ++ fiat_secp384r1_uint1 x875; ++ uint32_t x876; ++ fiat_secp384r1_uint1 x877; ++ uint32_t x878; ++ fiat_secp384r1_uint1 x879; ++ uint32_t x880; ++ fiat_secp384r1_uint1 x881; ++ uint32_t x882; ++ fiat_secp384r1_uint1 x883; ++ uint32_t x884; ++ fiat_secp384r1_uint1 x885; ++ uint32_t x886; ++ fiat_secp384r1_uint1 x887; ++ uint32_t x888; ++ fiat_secp384r1_uint1 x889; ++ uint32_t x890; ++ fiat_secp384r1_uint1 x891; ++ uint32_t x892; ++ fiat_secp384r1_uint1 x893; ++ uint32_t x894; ++ fiat_secp384r1_uint1 x895; ++ uint32_t x896; ++ fiat_secp384r1_uint1 x897; ++ uint32_t x898; ++ fiat_secp384r1_uint1 x899; ++ uint32_t x900; ++ fiat_secp384r1_uint1 x901; ++ uint32_t x902; ++ uint32_t x903; ++ uint32_t x904; ++ uint32_t x905; ++ uint32_t x906; ++ uint32_t x907; ++ uint32_t x908; ++ uint32_t x909; ++ uint32_t x910; ++ uint32_t x911; ++ uint32_t x912; ++ uint32_t x913; ++ uint32_t x914; ++ uint32_t x915; ++ uint32_t x916; ++ uint32_t x917; ++ uint32_t x918; ++ uint32_t x919; ++ uint32_t x920; ++ uint32_t x921; ++ uint32_t x922; ++ fiat_secp384r1_uint1 x923; ++ uint32_t x924; ++ fiat_secp384r1_uint1 x925; ++ uint32_t x926; ++ fiat_secp384r1_uint1 x927; ++ uint32_t x928; ++ fiat_secp384r1_uint1 x929; ++ uint32_t x930; ++ fiat_secp384r1_uint1 x931; ++ uint32_t x932; ++ fiat_secp384r1_uint1 x933; ++ uint32_t x934; ++ fiat_secp384r1_uint1 x935; ++ uint32_t x936; ++ fiat_secp384r1_uint1 x937; ++ uint32_t x938; ++ fiat_secp384r1_uint1 x939; ++ uint32_t x940; ++ fiat_secp384r1_uint1 x941; ++ uint32_t x942; ++ fiat_secp384r1_uint1 x943; ++ uint32_t x944; ++ fiat_secp384r1_uint1 x945; ++ uint32_t x946; ++ fiat_secp384r1_uint1 x947; ++ uint32_t x948; ++ fiat_secp384r1_uint1 x949; ++ uint32_t x950; ++ fiat_secp384r1_uint1 x951; ++ uint32_t x952; ++ fiat_secp384r1_uint1 x953; ++ uint32_t x954; ++ fiat_secp384r1_uint1 x955; ++ uint32_t x956; ++ fiat_secp384r1_uint1 x957; ++ uint32_t x958; ++ fiat_secp384r1_uint1 x959; ++ uint32_t x960; ++ fiat_secp384r1_uint1 x961; ++ uint32_t x962; ++ fiat_secp384r1_uint1 x963; ++ uint32_t x964; ++ fiat_secp384r1_uint1 x965; ++ uint32_t x966; ++ fiat_secp384r1_uint1 x967; ++ uint32_t x968; ++ fiat_secp384r1_uint1 x969; ++ uint32_t x970; ++ fiat_secp384r1_uint1 x971; ++ uint32_t x972; ++ fiat_secp384r1_uint1 x973; ++ uint32_t x974; ++ fiat_secp384r1_uint1 x975; ++ uint32_t x976; ++ fiat_secp384r1_uint1 x977; ++ uint32_t x978; ++ fiat_secp384r1_uint1 x979; ++ uint32_t x980; ++ fiat_secp384r1_uint1 x981; ++ uint32_t x982; ++ fiat_secp384r1_uint1 x983; ++ uint32_t x984; ++ fiat_secp384r1_uint1 x985; ++ uint32_t x986; ++ fiat_secp384r1_uint1 x987; ++ uint32_t x988; ++ fiat_secp384r1_uint1 x989; ++ uint32_t x990; ++ uint32_t x991; ++ uint32_t x992; ++ uint32_t x993; ++ uint32_t x994; ++ uint32_t x995; ++ uint32_t x996; ++ uint32_t x997; ++ uint32_t x998; ++ uint32_t x999; ++ uint32_t x1000; ++ uint32_t x1001; ++ x1 = (arg1[0]); ++ fiat_secp384r1_mulx_u32(&x2, &x3, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x4, &x5, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x6, &x7, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x8, &x9, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x10, &x11, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x12, &x13, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x14, &x15, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x16, &x17, x1, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x18, &x19, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x20, &x21, x1, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x22, &x23, 0x0, x19, x16); ++ fiat_secp384r1_addcarryx_u32(&x24, &x25, x23, x17, x14); ++ fiat_secp384r1_addcarryx_u32(&x26, &x27, x25, x15, x12); ++ fiat_secp384r1_addcarryx_u32(&x28, &x29, x27, x13, x10); ++ fiat_secp384r1_addcarryx_u32(&x30, &x31, x29, x11, x8); ++ fiat_secp384r1_addcarryx_u32(&x32, &x33, x31, x9, x6); ++ fiat_secp384r1_addcarryx_u32(&x34, &x35, x33, x7, x4); ++ fiat_secp384r1_addcarryx_u32(&x36, &x37, x35, x5, x2); ++ fiat_secp384r1_addcarryx_u32(&x38, &x39, 0x0, x1, x20); ++ fiat_secp384r1_addcarryx_u32(&x40, &x41, 0x0, (x39 + x21), (arg1[1])); ++ fiat_secp384r1_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x46, &x47, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x48, &x49, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x50, &x51, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x52, &x53, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x54, &x55, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x56, &x57, x40, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x58, &x59, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x60, &x61, x40, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x62, &x63, 0x0, x59, x56); ++ fiat_secp384r1_addcarryx_u32(&x64, &x65, x63, x57, x54); ++ fiat_secp384r1_addcarryx_u32(&x66, &x67, x65, x55, x52); ++ fiat_secp384r1_addcarryx_u32(&x68, &x69, x67, x53, x50); ++ fiat_secp384r1_addcarryx_u32(&x70, &x71, x69, x51, x48); ++ fiat_secp384r1_addcarryx_u32(&x72, &x73, x71, x49, x46); ++ fiat_secp384r1_addcarryx_u32(&x74, &x75, x73, x47, x44); ++ fiat_secp384r1_addcarryx_u32(&x76, &x77, x75, x45, x42); ++ fiat_secp384r1_addcarryx_u32(&x78, &x79, 0x0, x40, x60); ++ fiat_secp384r1_addcarryx_u32(&x80, &x81, x79, x41, x61); ++ fiat_secp384r1_addcarryx_u32(&x82, &x83, x81, x18, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x84, &x85, x83, x22, x58); ++ fiat_secp384r1_addcarryx_u32(&x86, &x87, x85, x24, x62); ++ fiat_secp384r1_addcarryx_u32(&x88, &x89, x87, x26, x64); ++ fiat_secp384r1_addcarryx_u32(&x90, &x91, x89, x28, x66); ++ fiat_secp384r1_addcarryx_u32(&x92, &x93, x91, x30, x68); ++ fiat_secp384r1_addcarryx_u32(&x94, &x95, x93, x32, x70); ++ fiat_secp384r1_addcarryx_u32(&x96, &x97, x95, x34, x72); ++ fiat_secp384r1_addcarryx_u32(&x98, &x99, x97, x36, x74); ++ fiat_secp384r1_addcarryx_u32(&x100, &x101, x99, (x37 + x3), x76); ++ fiat_secp384r1_addcarryx_u32(&x102, &x103, x101, 0x0, (x77 + x43)); ++ fiat_secp384r1_addcarryx_u32(&x104, &x105, 0x0, x80, (arg1[2])); ++ fiat_secp384r1_addcarryx_u32(&x106, &x107, x105, x82, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x108, &x109, x107, x84, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x110, &x111, x109, x86, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x112, &x113, x111, x88, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x114, &x115, x113, x90, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x116, &x117, x115, x92, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x118, &x119, x117, x94, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x120, &x121, x119, x96, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x122, &x123, x121, x98, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x124, &x125, x123, x100, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x126, &x127, x125, x102, 0x0); ++ fiat_secp384r1_mulx_u32(&x128, &x129, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x130, &x131, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x132, &x133, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x134, &x135, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x136, &x137, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x138, &x139, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x140, &x141, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x142, &x143, x104, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x144, &x145, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x146, &x147, x104, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x148, &x149, 0x0, x145, x142); ++ fiat_secp384r1_addcarryx_u32(&x150, &x151, x149, x143, x140); ++ fiat_secp384r1_addcarryx_u32(&x152, &x153, x151, x141, x138); ++ fiat_secp384r1_addcarryx_u32(&x154, &x155, x153, x139, x136); ++ fiat_secp384r1_addcarryx_u32(&x156, &x157, x155, x137, x134); ++ fiat_secp384r1_addcarryx_u32(&x158, &x159, x157, x135, x132); ++ fiat_secp384r1_addcarryx_u32(&x160, &x161, x159, x133, x130); ++ fiat_secp384r1_addcarryx_u32(&x162, &x163, x161, x131, x128); ++ fiat_secp384r1_addcarryx_u32(&x164, &x165, 0x0, x104, x146); ++ fiat_secp384r1_addcarryx_u32(&x166, &x167, x165, x106, x147); ++ fiat_secp384r1_addcarryx_u32(&x168, &x169, x167, x108, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x170, &x171, x169, x110, x144); ++ fiat_secp384r1_addcarryx_u32(&x172, &x173, x171, x112, x148); ++ fiat_secp384r1_addcarryx_u32(&x174, &x175, x173, x114, x150); ++ fiat_secp384r1_addcarryx_u32(&x176, &x177, x175, x116, x152); ++ fiat_secp384r1_addcarryx_u32(&x178, &x179, x177, x118, x154); ++ fiat_secp384r1_addcarryx_u32(&x180, &x181, x179, x120, x156); ++ fiat_secp384r1_addcarryx_u32(&x182, &x183, x181, x122, x158); ++ fiat_secp384r1_addcarryx_u32(&x184, &x185, x183, x124, x160); ++ fiat_secp384r1_addcarryx_u32(&x186, &x187, x185, x126, x162); ++ fiat_secp384r1_addcarryx_u32(&x188, &x189, x187, ((uint32_t)x127 + x103), ++ (x163 + x129)); ++ fiat_secp384r1_addcarryx_u32(&x190, &x191, 0x0, x166, (arg1[3])); ++ fiat_secp384r1_addcarryx_u32(&x192, &x193, x191, x168, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x194, &x195, x193, x170, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x196, &x197, x195, x172, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x198, &x199, x197, x174, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x200, &x201, x199, x176, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x202, &x203, x201, x178, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x204, &x205, x203, x180, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x206, &x207, x205, x182, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x208, &x209, x207, x184, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x210, &x211, x209, x186, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x212, &x213, x211, x188, 0x0); ++ fiat_secp384r1_mulx_u32(&x214, &x215, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x216, &x217, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x218, &x219, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x220, &x221, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x222, &x223, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x224, &x225, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x226, &x227, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x228, &x229, x190, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x230, &x231, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x232, &x233, x190, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x234, &x235, 0x0, x231, x228); ++ fiat_secp384r1_addcarryx_u32(&x236, &x237, x235, x229, x226); ++ fiat_secp384r1_addcarryx_u32(&x238, &x239, x237, x227, x224); ++ fiat_secp384r1_addcarryx_u32(&x240, &x241, x239, x225, x222); ++ fiat_secp384r1_addcarryx_u32(&x242, &x243, x241, x223, x220); ++ fiat_secp384r1_addcarryx_u32(&x244, &x245, x243, x221, x218); ++ fiat_secp384r1_addcarryx_u32(&x246, &x247, x245, x219, x216); ++ fiat_secp384r1_addcarryx_u32(&x248, &x249, x247, x217, x214); ++ fiat_secp384r1_addcarryx_u32(&x250, &x251, 0x0, x190, x232); ++ fiat_secp384r1_addcarryx_u32(&x252, &x253, x251, x192, x233); ++ fiat_secp384r1_addcarryx_u32(&x254, &x255, x253, x194, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x256, &x257, x255, x196, x230); ++ fiat_secp384r1_addcarryx_u32(&x258, &x259, x257, x198, x234); ++ fiat_secp384r1_addcarryx_u32(&x260, &x261, x259, x200, x236); ++ fiat_secp384r1_addcarryx_u32(&x262, &x263, x261, x202, x238); ++ fiat_secp384r1_addcarryx_u32(&x264, &x265, x263, x204, x240); ++ fiat_secp384r1_addcarryx_u32(&x266, &x267, x265, x206, x242); ++ fiat_secp384r1_addcarryx_u32(&x268, &x269, x267, x208, x244); ++ fiat_secp384r1_addcarryx_u32(&x270, &x271, x269, x210, x246); ++ fiat_secp384r1_addcarryx_u32(&x272, &x273, x271, x212, x248); ++ fiat_secp384r1_addcarryx_u32(&x274, &x275, x273, ((uint32_t)x213 + x189), ++ (x249 + x215)); ++ fiat_secp384r1_addcarryx_u32(&x276, &x277, 0x0, x252, (arg1[4])); ++ fiat_secp384r1_addcarryx_u32(&x278, &x279, x277, x254, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x280, &x281, x279, x256, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x282, &x283, x281, x258, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x284, &x285, x283, x260, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x286, &x287, x285, x262, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x288, &x289, x287, x264, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x290, &x291, x289, x266, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x292, &x293, x291, x268, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x294, &x295, x293, x270, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x296, &x297, x295, x272, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x298, &x299, x297, x274, 0x0); ++ fiat_secp384r1_mulx_u32(&x300, &x301, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x302, &x303, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x304, &x305, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x306, &x307, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x308, &x309, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x310, &x311, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x312, &x313, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x314, &x315, x276, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x316, &x317, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x318, &x319, x276, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x320, &x321, 0x0, x317, x314); ++ fiat_secp384r1_addcarryx_u32(&x322, &x323, x321, x315, x312); ++ fiat_secp384r1_addcarryx_u32(&x324, &x325, x323, x313, x310); ++ fiat_secp384r1_addcarryx_u32(&x326, &x327, x325, x311, x308); ++ fiat_secp384r1_addcarryx_u32(&x328, &x329, x327, x309, x306); ++ fiat_secp384r1_addcarryx_u32(&x330, &x331, x329, x307, x304); ++ fiat_secp384r1_addcarryx_u32(&x332, &x333, x331, x305, x302); ++ fiat_secp384r1_addcarryx_u32(&x334, &x335, x333, x303, x300); ++ fiat_secp384r1_addcarryx_u32(&x336, &x337, 0x0, x276, x318); ++ fiat_secp384r1_addcarryx_u32(&x338, &x339, x337, x278, x319); ++ fiat_secp384r1_addcarryx_u32(&x340, &x341, x339, x280, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x342, &x343, x341, x282, x316); ++ fiat_secp384r1_addcarryx_u32(&x344, &x345, x343, x284, x320); ++ fiat_secp384r1_addcarryx_u32(&x346, &x347, x345, x286, x322); ++ fiat_secp384r1_addcarryx_u32(&x348, &x349, x347, x288, x324); ++ fiat_secp384r1_addcarryx_u32(&x350, &x351, x349, x290, x326); ++ fiat_secp384r1_addcarryx_u32(&x352, &x353, x351, x292, x328); ++ fiat_secp384r1_addcarryx_u32(&x354, &x355, x353, x294, x330); ++ fiat_secp384r1_addcarryx_u32(&x356, &x357, x355, x296, x332); ++ fiat_secp384r1_addcarryx_u32(&x358, &x359, x357, x298, x334); ++ fiat_secp384r1_addcarryx_u32(&x360, &x361, x359, ((uint32_t)x299 + x275), ++ (x335 + x301)); ++ fiat_secp384r1_addcarryx_u32(&x362, &x363, 0x0, x338, (arg1[5])); ++ fiat_secp384r1_addcarryx_u32(&x364, &x365, x363, x340, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x366, &x367, x365, x342, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x368, &x369, x367, x344, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x370, &x371, x369, x346, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x372, &x373, x371, x348, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x374, &x375, x373, x350, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x376, &x377, x375, x352, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x378, &x379, x377, x354, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x380, &x381, x379, x356, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x382, &x383, x381, x358, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x384, &x385, x383, x360, 0x0); ++ fiat_secp384r1_mulx_u32(&x386, &x387, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x388, &x389, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x390, &x391, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x392, &x393, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x394, &x395, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x396, &x397, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x398, &x399, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x400, &x401, x362, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x402, &x403, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x404, &x405, x362, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x406, &x407, 0x0, x403, x400); ++ fiat_secp384r1_addcarryx_u32(&x408, &x409, x407, x401, x398); ++ fiat_secp384r1_addcarryx_u32(&x410, &x411, x409, x399, x396); ++ fiat_secp384r1_addcarryx_u32(&x412, &x413, x411, x397, x394); ++ fiat_secp384r1_addcarryx_u32(&x414, &x415, x413, x395, x392); ++ fiat_secp384r1_addcarryx_u32(&x416, &x417, x415, x393, x390); ++ fiat_secp384r1_addcarryx_u32(&x418, &x419, x417, x391, x388); ++ fiat_secp384r1_addcarryx_u32(&x420, &x421, x419, x389, x386); ++ fiat_secp384r1_addcarryx_u32(&x422, &x423, 0x0, x362, x404); ++ fiat_secp384r1_addcarryx_u32(&x424, &x425, x423, x364, x405); ++ fiat_secp384r1_addcarryx_u32(&x426, &x427, x425, x366, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x428, &x429, x427, x368, x402); ++ fiat_secp384r1_addcarryx_u32(&x430, &x431, x429, x370, x406); ++ fiat_secp384r1_addcarryx_u32(&x432, &x433, x431, x372, x408); ++ fiat_secp384r1_addcarryx_u32(&x434, &x435, x433, x374, x410); ++ fiat_secp384r1_addcarryx_u32(&x436, &x437, x435, x376, x412); ++ fiat_secp384r1_addcarryx_u32(&x438, &x439, x437, x378, x414); ++ fiat_secp384r1_addcarryx_u32(&x440, &x441, x439, x380, x416); ++ fiat_secp384r1_addcarryx_u32(&x442, &x443, x441, x382, x418); ++ fiat_secp384r1_addcarryx_u32(&x444, &x445, x443, x384, x420); ++ fiat_secp384r1_addcarryx_u32(&x446, &x447, x445, ((uint32_t)x385 + x361), ++ (x421 + x387)); ++ fiat_secp384r1_addcarryx_u32(&x448, &x449, 0x0, x424, (arg1[6])); ++ fiat_secp384r1_addcarryx_u32(&x450, &x451, x449, x426, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x452, &x453, x451, x428, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x454, &x455, x453, x430, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x456, &x457, x455, x432, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x458, &x459, x457, x434, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x460, &x461, x459, x436, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x462, &x463, x461, x438, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x464, &x465, x463, x440, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x466, &x467, x465, x442, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x468, &x469, x467, x444, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x470, &x471, x469, x446, 0x0); ++ fiat_secp384r1_mulx_u32(&x472, &x473, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x474, &x475, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x476, &x477, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x478, &x479, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x480, &x481, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x482, &x483, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x484, &x485, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x486, &x487, x448, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x488, &x489, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x490, &x491, x448, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x492, &x493, 0x0, x489, x486); ++ fiat_secp384r1_addcarryx_u32(&x494, &x495, x493, x487, x484); ++ fiat_secp384r1_addcarryx_u32(&x496, &x497, x495, x485, x482); ++ fiat_secp384r1_addcarryx_u32(&x498, &x499, x497, x483, x480); ++ fiat_secp384r1_addcarryx_u32(&x500, &x501, x499, x481, x478); ++ fiat_secp384r1_addcarryx_u32(&x502, &x503, x501, x479, x476); ++ fiat_secp384r1_addcarryx_u32(&x504, &x505, x503, x477, x474); ++ fiat_secp384r1_addcarryx_u32(&x506, &x507, x505, x475, x472); ++ fiat_secp384r1_addcarryx_u32(&x508, &x509, 0x0, x448, x490); ++ fiat_secp384r1_addcarryx_u32(&x510, &x511, x509, x450, x491); ++ fiat_secp384r1_addcarryx_u32(&x512, &x513, x511, x452, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x514, &x515, x513, x454, x488); ++ fiat_secp384r1_addcarryx_u32(&x516, &x517, x515, x456, x492); ++ fiat_secp384r1_addcarryx_u32(&x518, &x519, x517, x458, x494); ++ fiat_secp384r1_addcarryx_u32(&x520, &x521, x519, x460, x496); ++ fiat_secp384r1_addcarryx_u32(&x522, &x523, x521, x462, x498); ++ fiat_secp384r1_addcarryx_u32(&x524, &x525, x523, x464, x500); ++ fiat_secp384r1_addcarryx_u32(&x526, &x527, x525, x466, x502); ++ fiat_secp384r1_addcarryx_u32(&x528, &x529, x527, x468, x504); ++ fiat_secp384r1_addcarryx_u32(&x530, &x531, x529, x470, x506); ++ fiat_secp384r1_addcarryx_u32(&x532, &x533, x531, ((uint32_t)x471 + x447), ++ (x507 + x473)); ++ fiat_secp384r1_addcarryx_u32(&x534, &x535, 0x0, x510, (arg1[7])); ++ fiat_secp384r1_addcarryx_u32(&x536, &x537, x535, x512, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x538, &x539, x537, x514, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x540, &x541, x539, x516, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x542, &x543, x541, x518, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x544, &x545, x543, x520, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x546, &x547, x545, x522, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x548, &x549, x547, x524, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x550, &x551, x549, x526, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x552, &x553, x551, x528, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x554, &x555, x553, x530, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x556, &x557, x555, x532, 0x0); ++ fiat_secp384r1_mulx_u32(&x558, &x559, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x560, &x561, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x562, &x563, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x564, &x565, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x566, &x567, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x568, &x569, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x570, &x571, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x572, &x573, x534, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x574, &x575, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x576, &x577, x534, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x578, &x579, 0x0, x575, x572); ++ fiat_secp384r1_addcarryx_u32(&x580, &x581, x579, x573, x570); ++ fiat_secp384r1_addcarryx_u32(&x582, &x583, x581, x571, x568); ++ fiat_secp384r1_addcarryx_u32(&x584, &x585, x583, x569, x566); ++ fiat_secp384r1_addcarryx_u32(&x586, &x587, x585, x567, x564); ++ fiat_secp384r1_addcarryx_u32(&x588, &x589, x587, x565, x562); ++ fiat_secp384r1_addcarryx_u32(&x590, &x591, x589, x563, x560); ++ fiat_secp384r1_addcarryx_u32(&x592, &x593, x591, x561, x558); ++ fiat_secp384r1_addcarryx_u32(&x594, &x595, 0x0, x534, x576); ++ fiat_secp384r1_addcarryx_u32(&x596, &x597, x595, x536, x577); ++ fiat_secp384r1_addcarryx_u32(&x598, &x599, x597, x538, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x600, &x601, x599, x540, x574); ++ fiat_secp384r1_addcarryx_u32(&x602, &x603, x601, x542, x578); ++ fiat_secp384r1_addcarryx_u32(&x604, &x605, x603, x544, x580); ++ fiat_secp384r1_addcarryx_u32(&x606, &x607, x605, x546, x582); ++ fiat_secp384r1_addcarryx_u32(&x608, &x609, x607, x548, x584); ++ fiat_secp384r1_addcarryx_u32(&x610, &x611, x609, x550, x586); ++ fiat_secp384r1_addcarryx_u32(&x612, &x613, x611, x552, x588); ++ fiat_secp384r1_addcarryx_u32(&x614, &x615, x613, x554, x590); ++ fiat_secp384r1_addcarryx_u32(&x616, &x617, x615, x556, x592); ++ fiat_secp384r1_addcarryx_u32(&x618, &x619, x617, ((uint32_t)x557 + x533), ++ (x593 + x559)); ++ fiat_secp384r1_addcarryx_u32(&x620, &x621, 0x0, x596, (arg1[8])); ++ fiat_secp384r1_addcarryx_u32(&x622, &x623, x621, x598, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x624, &x625, x623, x600, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x626, &x627, x625, x602, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x628, &x629, x627, x604, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x630, &x631, x629, x606, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x632, &x633, x631, x608, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x634, &x635, x633, x610, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x636, &x637, x635, x612, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x638, &x639, x637, x614, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x640, &x641, x639, x616, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x642, &x643, x641, x618, 0x0); ++ fiat_secp384r1_mulx_u32(&x644, &x645, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x646, &x647, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x648, &x649, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x650, &x651, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x652, &x653, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x654, &x655, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x656, &x657, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x658, &x659, x620, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x660, &x661, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x662, &x663, x620, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x664, &x665, 0x0, x661, x658); ++ fiat_secp384r1_addcarryx_u32(&x666, &x667, x665, x659, x656); ++ fiat_secp384r1_addcarryx_u32(&x668, &x669, x667, x657, x654); ++ fiat_secp384r1_addcarryx_u32(&x670, &x671, x669, x655, x652); ++ fiat_secp384r1_addcarryx_u32(&x672, &x673, x671, x653, x650); ++ fiat_secp384r1_addcarryx_u32(&x674, &x675, x673, x651, x648); ++ fiat_secp384r1_addcarryx_u32(&x676, &x677, x675, x649, x646); ++ fiat_secp384r1_addcarryx_u32(&x678, &x679, x677, x647, x644); ++ fiat_secp384r1_addcarryx_u32(&x680, &x681, 0x0, x620, x662); ++ fiat_secp384r1_addcarryx_u32(&x682, &x683, x681, x622, x663); ++ fiat_secp384r1_addcarryx_u32(&x684, &x685, x683, x624, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x686, &x687, x685, x626, x660); ++ fiat_secp384r1_addcarryx_u32(&x688, &x689, x687, x628, x664); ++ fiat_secp384r1_addcarryx_u32(&x690, &x691, x689, x630, x666); ++ fiat_secp384r1_addcarryx_u32(&x692, &x693, x691, x632, x668); ++ fiat_secp384r1_addcarryx_u32(&x694, &x695, x693, x634, x670); ++ fiat_secp384r1_addcarryx_u32(&x696, &x697, x695, x636, x672); ++ fiat_secp384r1_addcarryx_u32(&x698, &x699, x697, x638, x674); ++ fiat_secp384r1_addcarryx_u32(&x700, &x701, x699, x640, x676); ++ fiat_secp384r1_addcarryx_u32(&x702, &x703, x701, x642, x678); ++ fiat_secp384r1_addcarryx_u32(&x704, &x705, x703, ((uint32_t)x643 + x619), ++ (x679 + x645)); ++ fiat_secp384r1_addcarryx_u32(&x706, &x707, 0x0, x682, (arg1[9])); ++ fiat_secp384r1_addcarryx_u32(&x708, &x709, x707, x684, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x710, &x711, x709, x686, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x712, &x713, x711, x688, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x714, &x715, x713, x690, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x716, &x717, x715, x692, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x718, &x719, x717, x694, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x720, &x721, x719, x696, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x722, &x723, x721, x698, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x724, &x725, x723, x700, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x726, &x727, x725, x702, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x728, &x729, x727, x704, 0x0); ++ fiat_secp384r1_mulx_u32(&x730, &x731, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x732, &x733, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x734, &x735, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x736, &x737, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x738, &x739, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x740, &x741, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x742, &x743, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x744, &x745, x706, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x746, &x747, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x748, &x749, x706, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x750, &x751, 0x0, x747, x744); ++ fiat_secp384r1_addcarryx_u32(&x752, &x753, x751, x745, x742); ++ fiat_secp384r1_addcarryx_u32(&x754, &x755, x753, x743, x740); ++ fiat_secp384r1_addcarryx_u32(&x756, &x757, x755, x741, x738); ++ fiat_secp384r1_addcarryx_u32(&x758, &x759, x757, x739, x736); ++ fiat_secp384r1_addcarryx_u32(&x760, &x761, x759, x737, x734); ++ fiat_secp384r1_addcarryx_u32(&x762, &x763, x761, x735, x732); ++ fiat_secp384r1_addcarryx_u32(&x764, &x765, x763, x733, x730); ++ fiat_secp384r1_addcarryx_u32(&x766, &x767, 0x0, x706, x748); ++ fiat_secp384r1_addcarryx_u32(&x768, &x769, x767, x708, x749); ++ fiat_secp384r1_addcarryx_u32(&x770, &x771, x769, x710, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x772, &x773, x771, x712, x746); ++ fiat_secp384r1_addcarryx_u32(&x774, &x775, x773, x714, x750); ++ fiat_secp384r1_addcarryx_u32(&x776, &x777, x775, x716, x752); ++ fiat_secp384r1_addcarryx_u32(&x778, &x779, x777, x718, x754); ++ fiat_secp384r1_addcarryx_u32(&x780, &x781, x779, x720, x756); ++ fiat_secp384r1_addcarryx_u32(&x782, &x783, x781, x722, x758); ++ fiat_secp384r1_addcarryx_u32(&x784, &x785, x783, x724, x760); ++ fiat_secp384r1_addcarryx_u32(&x786, &x787, x785, x726, x762); ++ fiat_secp384r1_addcarryx_u32(&x788, &x789, x787, x728, x764); ++ fiat_secp384r1_addcarryx_u32(&x790, &x791, x789, ((uint32_t)x729 + x705), ++ (x765 + x731)); ++ fiat_secp384r1_addcarryx_u32(&x792, &x793, 0x0, x768, (arg1[10])); ++ fiat_secp384r1_addcarryx_u32(&x794, &x795, x793, x770, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x796, &x797, x795, x772, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x798, &x799, x797, x774, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x800, &x801, x799, x776, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x802, &x803, x801, x778, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x804, &x805, x803, x780, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x806, &x807, x805, x782, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x808, &x809, x807, x784, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x810, &x811, x809, x786, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x812, &x813, x811, x788, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x814, &x815, x813, x790, 0x0); ++ fiat_secp384r1_mulx_u32(&x816, &x817, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x818, &x819, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x820, &x821, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x822, &x823, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x824, &x825, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x826, &x827, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x828, &x829, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x830, &x831, x792, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x832, &x833, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x834, &x835, x792, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x836, &x837, 0x0, x833, x830); ++ fiat_secp384r1_addcarryx_u32(&x838, &x839, x837, x831, x828); ++ fiat_secp384r1_addcarryx_u32(&x840, &x841, x839, x829, x826); ++ fiat_secp384r1_addcarryx_u32(&x842, &x843, x841, x827, x824); ++ fiat_secp384r1_addcarryx_u32(&x844, &x845, x843, x825, x822); ++ fiat_secp384r1_addcarryx_u32(&x846, &x847, x845, x823, x820); ++ fiat_secp384r1_addcarryx_u32(&x848, &x849, x847, x821, x818); ++ fiat_secp384r1_addcarryx_u32(&x850, &x851, x849, x819, x816); ++ fiat_secp384r1_addcarryx_u32(&x852, &x853, 0x0, x792, x834); ++ fiat_secp384r1_addcarryx_u32(&x854, &x855, x853, x794, x835); ++ fiat_secp384r1_addcarryx_u32(&x856, &x857, x855, x796, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x858, &x859, x857, x798, x832); ++ fiat_secp384r1_addcarryx_u32(&x860, &x861, x859, x800, x836); ++ fiat_secp384r1_addcarryx_u32(&x862, &x863, x861, x802, x838); ++ fiat_secp384r1_addcarryx_u32(&x864, &x865, x863, x804, x840); ++ fiat_secp384r1_addcarryx_u32(&x866, &x867, x865, x806, x842); ++ fiat_secp384r1_addcarryx_u32(&x868, &x869, x867, x808, x844); ++ fiat_secp384r1_addcarryx_u32(&x870, &x871, x869, x810, x846); ++ fiat_secp384r1_addcarryx_u32(&x872, &x873, x871, x812, x848); ++ fiat_secp384r1_addcarryx_u32(&x874, &x875, x873, x814, x850); ++ fiat_secp384r1_addcarryx_u32(&x876, &x877, x875, ((uint32_t)x815 + x791), ++ (x851 + x817)); ++ fiat_secp384r1_addcarryx_u32(&x878, &x879, 0x0, x854, (arg1[11])); ++ fiat_secp384r1_addcarryx_u32(&x880, &x881, x879, x856, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x882, &x883, x881, x858, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x884, &x885, x883, x860, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x886, &x887, x885, x862, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x888, &x889, x887, x864, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x890, &x891, x889, x866, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x892, &x893, x891, x868, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x894, &x895, x893, x870, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x896, &x897, x895, x872, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x898, &x899, x897, x874, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x900, &x901, x899, x876, 0x0); ++ fiat_secp384r1_mulx_u32(&x902, &x903, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x904, &x905, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x906, &x907, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x908, &x909, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x910, &x911, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x912, &x913, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x914, &x915, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x916, &x917, x878, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x918, &x919, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x920, &x921, x878, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x922, &x923, 0x0, x919, x916); ++ fiat_secp384r1_addcarryx_u32(&x924, &x925, x923, x917, x914); ++ fiat_secp384r1_addcarryx_u32(&x926, &x927, x925, x915, x912); ++ fiat_secp384r1_addcarryx_u32(&x928, &x929, x927, x913, x910); ++ fiat_secp384r1_addcarryx_u32(&x930, &x931, x929, x911, x908); ++ fiat_secp384r1_addcarryx_u32(&x932, &x933, x931, x909, x906); ++ fiat_secp384r1_addcarryx_u32(&x934, &x935, x933, x907, x904); ++ fiat_secp384r1_addcarryx_u32(&x936, &x937, x935, x905, x902); ++ fiat_secp384r1_addcarryx_u32(&x938, &x939, 0x0, x878, x920); ++ fiat_secp384r1_addcarryx_u32(&x940, &x941, x939, x880, x921); ++ fiat_secp384r1_addcarryx_u32(&x942, &x943, x941, x882, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x944, &x945, x943, x884, x918); ++ fiat_secp384r1_addcarryx_u32(&x946, &x947, x945, x886, x922); ++ fiat_secp384r1_addcarryx_u32(&x948, &x949, x947, x888, x924); ++ fiat_secp384r1_addcarryx_u32(&x950, &x951, x949, x890, x926); ++ fiat_secp384r1_addcarryx_u32(&x952, &x953, x951, x892, x928); ++ fiat_secp384r1_addcarryx_u32(&x954, &x955, x953, x894, x930); ++ fiat_secp384r1_addcarryx_u32(&x956, &x957, x955, x896, x932); ++ fiat_secp384r1_addcarryx_u32(&x958, &x959, x957, x898, x934); ++ fiat_secp384r1_addcarryx_u32(&x960, &x961, x959, x900, x936); ++ fiat_secp384r1_addcarryx_u32(&x962, &x963, x961, ((uint32_t)x901 + x877), ++ (x937 + x903)); ++ fiat_secp384r1_subborrowx_u32(&x964, &x965, 0x0, x940, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x966, &x967, x965, x942, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x968, &x969, x967, x944, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x970, &x971, x969, x946, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x972, &x973, x971, x948, ++ UINT32_C(0xfffffffe)); ++ fiat_secp384r1_subborrowx_u32(&x974, &x975, x973, x950, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x976, &x977, x975, x952, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x978, &x979, x977, x954, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x980, &x981, x979, x956, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x982, &x983, x981, x958, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x984, &x985, x983, x960, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x986, &x987, x985, x962, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x988, &x989, x987, x963, 0x0); ++ fiat_secp384r1_cmovznz_u32(&x990, x989, x964, x940); ++ fiat_secp384r1_cmovznz_u32(&x991, x989, x966, x942); ++ fiat_secp384r1_cmovznz_u32(&x992, x989, x968, x944); ++ fiat_secp384r1_cmovznz_u32(&x993, x989, x970, x946); ++ fiat_secp384r1_cmovznz_u32(&x994, x989, x972, x948); ++ fiat_secp384r1_cmovznz_u32(&x995, x989, x974, x950); ++ fiat_secp384r1_cmovznz_u32(&x996, x989, x976, x952); ++ fiat_secp384r1_cmovznz_u32(&x997, x989, x978, x954); ++ fiat_secp384r1_cmovznz_u32(&x998, x989, x980, x956); ++ fiat_secp384r1_cmovznz_u32(&x999, x989, x982, x958); ++ fiat_secp384r1_cmovznz_u32(&x1000, x989, x984, x960); ++ fiat_secp384r1_cmovznz_u32(&x1001, x989, x986, x962); ++ out1[0] = x990; ++ out1[1] = x991; ++ out1[2] = x992; ++ out1[3] = x993; ++ out1[4] = x994; ++ out1[5] = x995; ++ out1[6] = x996; ++ out1[7] = x997; ++ out1[8] = x998; ++ out1[9] = x999; ++ out1[10] = x1000; ++ out1[11] = x1001; ++} ++ ++/* ++ * The function fiat_secp384r1_to_montgomery translates a field element into the Montgomery domain. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * eval (from_montgomery out1) mod m = eval arg1 mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_to_montgomery(uint32_t out1[12], ++ const uint32_t arg1[12]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ fiat_secp384r1_uint1 x22; ++ uint32_t x23; ++ uint32_t x24; ++ uint32_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint32_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint32_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint32_t x36; ++ uint32_t x37; ++ uint32_t x38; ++ uint32_t x39; ++ uint32_t x40; ++ uint32_t x41; ++ uint32_t x42; ++ uint32_t x43; ++ fiat_secp384r1_uint1 x44; ++ uint32_t x45; ++ fiat_secp384r1_uint1 x46; ++ uint32_t x47; ++ fiat_secp384r1_uint1 x48; ++ uint32_t x49; ++ fiat_secp384r1_uint1 x50; ++ uint32_t x51; ++ fiat_secp384r1_uint1 x52; ++ uint32_t x53; ++ fiat_secp384r1_uint1 x54; ++ uint32_t x55; ++ fiat_secp384r1_uint1 x56; ++ uint32_t x57; ++ fiat_secp384r1_uint1 x58; ++ uint32_t x59; ++ fiat_secp384r1_uint1 x60; ++ uint32_t x61; ++ fiat_secp384r1_uint1 x62; ++ uint32_t x63; ++ fiat_secp384r1_uint1 x64; ++ uint32_t x65; ++ fiat_secp384r1_uint1 x66; ++ uint32_t x67; ++ fiat_secp384r1_uint1 x68; ++ uint32_t x69; ++ fiat_secp384r1_uint1 x70; ++ uint32_t x71; ++ fiat_secp384r1_uint1 x72; ++ uint32_t x73; ++ fiat_secp384r1_uint1 x74; ++ uint32_t x75; ++ fiat_secp384r1_uint1 x76; ++ uint32_t x77; ++ fiat_secp384r1_uint1 x78; ++ uint32_t x79; ++ fiat_secp384r1_uint1 x80; ++ uint32_t x81; ++ fiat_secp384r1_uint1 x82; ++ uint32_t x83; ++ uint32_t x84; ++ uint32_t x85; ++ uint32_t x86; ++ uint32_t x87; ++ uint32_t x88; ++ uint32_t x89; ++ uint32_t x90; ++ uint32_t x91; ++ fiat_secp384r1_uint1 x92; ++ uint32_t x93; ++ fiat_secp384r1_uint1 x94; ++ uint32_t x95; ++ fiat_secp384r1_uint1 x96; ++ uint32_t x97; ++ fiat_secp384r1_uint1 x98; ++ uint32_t x99; ++ fiat_secp384r1_uint1 x100; ++ uint32_t x101; ++ fiat_secp384r1_uint1 x102; ++ uint32_t x103; ++ fiat_secp384r1_uint1 x104; ++ uint32_t x105; ++ fiat_secp384r1_uint1 x106; ++ uint32_t x107; ++ fiat_secp384r1_uint1 x108; ++ uint32_t x109; ++ fiat_secp384r1_uint1 x110; ++ uint32_t x111; ++ fiat_secp384r1_uint1 x112; ++ uint32_t x113; ++ fiat_secp384r1_uint1 x114; ++ uint32_t x115; ++ fiat_secp384r1_uint1 x116; ++ uint32_t x117; ++ uint32_t x118; ++ uint32_t x119; ++ uint32_t x120; ++ uint32_t x121; ++ uint32_t x122; ++ uint32_t x123; ++ uint32_t x124; ++ uint32_t x125; ++ uint32_t x126; ++ uint32_t x127; ++ uint32_t x128; ++ uint32_t x129; ++ uint32_t x130; ++ uint32_t x131; ++ uint32_t x132; ++ uint32_t x133; ++ uint32_t x134; ++ uint32_t x135; ++ uint32_t x136; ++ uint32_t x137; ++ fiat_secp384r1_uint1 x138; ++ uint32_t x139; ++ fiat_secp384r1_uint1 x140; ++ uint32_t x141; ++ fiat_secp384r1_uint1 x142; ++ uint32_t x143; ++ fiat_secp384r1_uint1 x144; ++ uint32_t x145; ++ fiat_secp384r1_uint1 x146; ++ uint32_t x147; ++ fiat_secp384r1_uint1 x148; ++ uint32_t x149; ++ fiat_secp384r1_uint1 x150; ++ uint32_t x151; ++ fiat_secp384r1_uint1 x152; ++ uint32_t x153; ++ fiat_secp384r1_uint1 x154; ++ uint32_t x155; ++ fiat_secp384r1_uint1 x156; ++ uint32_t x157; ++ fiat_secp384r1_uint1 x158; ++ uint32_t x159; ++ fiat_secp384r1_uint1 x160; ++ uint32_t x161; ++ fiat_secp384r1_uint1 x162; ++ uint32_t x163; ++ fiat_secp384r1_uint1 x164; ++ uint32_t x165; ++ fiat_secp384r1_uint1 x166; ++ uint32_t x167; ++ fiat_secp384r1_uint1 x168; ++ uint32_t x169; ++ fiat_secp384r1_uint1 x170; ++ uint32_t x171; ++ fiat_secp384r1_uint1 x172; ++ uint32_t x173; ++ fiat_secp384r1_uint1 x174; ++ uint32_t x175; ++ fiat_secp384r1_uint1 x176; ++ uint32_t x177; ++ fiat_secp384r1_uint1 x178; ++ uint32_t x179; ++ uint32_t x180; ++ uint32_t x181; ++ uint32_t x182; ++ uint32_t x183; ++ uint32_t x184; ++ uint32_t x185; ++ uint32_t x186; ++ uint32_t x187; ++ fiat_secp384r1_uint1 x188; ++ uint32_t x189; ++ fiat_secp384r1_uint1 x190; ++ uint32_t x191; ++ fiat_secp384r1_uint1 x192; ++ uint32_t x193; ++ fiat_secp384r1_uint1 x194; ++ uint32_t x195; ++ fiat_secp384r1_uint1 x196; ++ uint32_t x197; ++ fiat_secp384r1_uint1 x198; ++ uint32_t x199; ++ fiat_secp384r1_uint1 x200; ++ uint32_t x201; ++ fiat_secp384r1_uint1 x202; ++ uint32_t x203; ++ fiat_secp384r1_uint1 x204; ++ uint32_t x205; ++ fiat_secp384r1_uint1 x206; ++ uint32_t x207; ++ fiat_secp384r1_uint1 x208; ++ uint32_t x209; ++ fiat_secp384r1_uint1 x210; ++ uint32_t x211; ++ fiat_secp384r1_uint1 x212; ++ uint32_t x213; ++ uint32_t x214; ++ uint32_t x215; ++ uint32_t x216; ++ uint32_t x217; ++ uint32_t x218; ++ uint32_t x219; ++ uint32_t x220; ++ uint32_t x221; ++ uint32_t x222; ++ uint32_t x223; ++ uint32_t x224; ++ uint32_t x225; ++ uint32_t x226; ++ uint32_t x227; ++ uint32_t x228; ++ uint32_t x229; ++ uint32_t x230; ++ uint32_t x231; ++ uint32_t x232; ++ uint32_t x233; ++ fiat_secp384r1_uint1 x234; ++ uint32_t x235; ++ fiat_secp384r1_uint1 x236; ++ uint32_t x237; ++ fiat_secp384r1_uint1 x238; ++ uint32_t x239; ++ fiat_secp384r1_uint1 x240; ++ uint32_t x241; ++ fiat_secp384r1_uint1 x242; ++ uint32_t x243; ++ fiat_secp384r1_uint1 x244; ++ uint32_t x245; ++ fiat_secp384r1_uint1 x246; ++ uint32_t x247; ++ fiat_secp384r1_uint1 x248; ++ uint32_t x249; ++ fiat_secp384r1_uint1 x250; ++ uint32_t x251; ++ fiat_secp384r1_uint1 x252; ++ uint32_t x253; ++ fiat_secp384r1_uint1 x254; ++ uint32_t x255; ++ fiat_secp384r1_uint1 x256; ++ uint32_t x257; ++ fiat_secp384r1_uint1 x258; ++ uint32_t x259; ++ fiat_secp384r1_uint1 x260; ++ uint32_t x261; ++ fiat_secp384r1_uint1 x262; ++ uint32_t x263; ++ fiat_secp384r1_uint1 x264; ++ uint32_t x265; ++ fiat_secp384r1_uint1 x266; ++ uint32_t x267; ++ fiat_secp384r1_uint1 x268; ++ uint32_t x269; ++ fiat_secp384r1_uint1 x270; ++ uint32_t x271; ++ fiat_secp384r1_uint1 x272; ++ uint32_t x273; ++ fiat_secp384r1_uint1 x274; ++ uint32_t x275; ++ uint32_t x276; ++ uint32_t x277; ++ uint32_t x278; ++ uint32_t x279; ++ uint32_t x280; ++ uint32_t x281; ++ uint32_t x282; ++ uint32_t x283; ++ fiat_secp384r1_uint1 x284; ++ uint32_t x285; ++ fiat_secp384r1_uint1 x286; ++ uint32_t x287; ++ fiat_secp384r1_uint1 x288; ++ uint32_t x289; ++ fiat_secp384r1_uint1 x290; ++ uint32_t x291; ++ fiat_secp384r1_uint1 x292; ++ uint32_t x293; ++ fiat_secp384r1_uint1 x294; ++ uint32_t x295; ++ fiat_secp384r1_uint1 x296; ++ uint32_t x297; ++ fiat_secp384r1_uint1 x298; ++ uint32_t x299; ++ fiat_secp384r1_uint1 x300; ++ uint32_t x301; ++ fiat_secp384r1_uint1 x302; ++ uint32_t x303; ++ fiat_secp384r1_uint1 x304; ++ uint32_t x305; ++ fiat_secp384r1_uint1 x306; ++ uint32_t x307; ++ fiat_secp384r1_uint1 x308; ++ uint32_t x309; ++ uint32_t x310; ++ uint32_t x311; ++ uint32_t x312; ++ uint32_t x313; ++ uint32_t x314; ++ uint32_t x315; ++ uint32_t x316; ++ uint32_t x317; ++ uint32_t x318; ++ uint32_t x319; ++ uint32_t x320; ++ uint32_t x321; ++ uint32_t x322; ++ uint32_t x323; ++ uint32_t x324; ++ uint32_t x325; ++ uint32_t x326; ++ uint32_t x327; ++ uint32_t x328; ++ uint32_t x329; ++ fiat_secp384r1_uint1 x330; ++ uint32_t x331; ++ fiat_secp384r1_uint1 x332; ++ uint32_t x333; ++ fiat_secp384r1_uint1 x334; ++ uint32_t x335; ++ fiat_secp384r1_uint1 x336; ++ uint32_t x337; ++ fiat_secp384r1_uint1 x338; ++ uint32_t x339; ++ fiat_secp384r1_uint1 x340; ++ uint32_t x341; ++ fiat_secp384r1_uint1 x342; ++ uint32_t x343; ++ fiat_secp384r1_uint1 x344; ++ uint32_t x345; ++ fiat_secp384r1_uint1 x346; ++ uint32_t x347; ++ fiat_secp384r1_uint1 x348; ++ uint32_t x349; ++ fiat_secp384r1_uint1 x350; ++ uint32_t x351; ++ fiat_secp384r1_uint1 x352; ++ uint32_t x353; ++ fiat_secp384r1_uint1 x354; ++ uint32_t x355; ++ fiat_secp384r1_uint1 x356; ++ uint32_t x357; ++ fiat_secp384r1_uint1 x358; ++ uint32_t x359; ++ fiat_secp384r1_uint1 x360; ++ uint32_t x361; ++ fiat_secp384r1_uint1 x362; ++ uint32_t x363; ++ fiat_secp384r1_uint1 x364; ++ uint32_t x365; ++ fiat_secp384r1_uint1 x366; ++ uint32_t x367; ++ fiat_secp384r1_uint1 x368; ++ uint32_t x369; ++ fiat_secp384r1_uint1 x370; ++ uint32_t x371; ++ uint32_t x372; ++ uint32_t x373; ++ uint32_t x374; ++ uint32_t x375; ++ uint32_t x376; ++ uint32_t x377; ++ uint32_t x378; ++ uint32_t x379; ++ fiat_secp384r1_uint1 x380; ++ uint32_t x381; ++ fiat_secp384r1_uint1 x382; ++ uint32_t x383; ++ fiat_secp384r1_uint1 x384; ++ uint32_t x385; ++ fiat_secp384r1_uint1 x386; ++ uint32_t x387; ++ fiat_secp384r1_uint1 x388; ++ uint32_t x389; ++ fiat_secp384r1_uint1 x390; ++ uint32_t x391; ++ fiat_secp384r1_uint1 x392; ++ uint32_t x393; ++ fiat_secp384r1_uint1 x394; ++ uint32_t x395; ++ fiat_secp384r1_uint1 x396; ++ uint32_t x397; ++ fiat_secp384r1_uint1 x398; ++ uint32_t x399; ++ fiat_secp384r1_uint1 x400; ++ uint32_t x401; ++ fiat_secp384r1_uint1 x402; ++ uint32_t x403; ++ fiat_secp384r1_uint1 x404; ++ uint32_t x405; ++ uint32_t x406; ++ uint32_t x407; ++ uint32_t x408; ++ uint32_t x409; ++ uint32_t x410; ++ uint32_t x411; ++ uint32_t x412; ++ uint32_t x413; ++ uint32_t x414; ++ uint32_t x415; ++ uint32_t x416; ++ uint32_t x417; ++ uint32_t x418; ++ uint32_t x419; ++ uint32_t x420; ++ uint32_t x421; ++ uint32_t x422; ++ uint32_t x423; ++ uint32_t x424; ++ uint32_t x425; ++ fiat_secp384r1_uint1 x426; ++ uint32_t x427; ++ fiat_secp384r1_uint1 x428; ++ uint32_t x429; ++ fiat_secp384r1_uint1 x430; ++ uint32_t x431; ++ fiat_secp384r1_uint1 x432; ++ uint32_t x433; ++ fiat_secp384r1_uint1 x434; ++ uint32_t x435; ++ fiat_secp384r1_uint1 x436; ++ uint32_t x437; ++ fiat_secp384r1_uint1 x438; ++ uint32_t x439; ++ fiat_secp384r1_uint1 x440; ++ uint32_t x441; ++ fiat_secp384r1_uint1 x442; ++ uint32_t x443; ++ fiat_secp384r1_uint1 x444; ++ uint32_t x445; ++ fiat_secp384r1_uint1 x446; ++ uint32_t x447; ++ fiat_secp384r1_uint1 x448; ++ uint32_t x449; ++ fiat_secp384r1_uint1 x450; ++ uint32_t x451; ++ fiat_secp384r1_uint1 x452; ++ uint32_t x453; ++ fiat_secp384r1_uint1 x454; ++ uint32_t x455; ++ fiat_secp384r1_uint1 x456; ++ uint32_t x457; ++ fiat_secp384r1_uint1 x458; ++ uint32_t x459; ++ fiat_secp384r1_uint1 x460; ++ uint32_t x461; ++ fiat_secp384r1_uint1 x462; ++ uint32_t x463; ++ fiat_secp384r1_uint1 x464; ++ uint32_t x465; ++ fiat_secp384r1_uint1 x466; ++ uint32_t x467; ++ uint32_t x468; ++ uint32_t x469; ++ uint32_t x470; ++ uint32_t x471; ++ uint32_t x472; ++ uint32_t x473; ++ uint32_t x474; ++ uint32_t x475; ++ fiat_secp384r1_uint1 x476; ++ uint32_t x477; ++ fiat_secp384r1_uint1 x478; ++ uint32_t x479; ++ fiat_secp384r1_uint1 x480; ++ uint32_t x481; ++ fiat_secp384r1_uint1 x482; ++ uint32_t x483; ++ fiat_secp384r1_uint1 x484; ++ uint32_t x485; ++ fiat_secp384r1_uint1 x486; ++ uint32_t x487; ++ fiat_secp384r1_uint1 x488; ++ uint32_t x489; ++ fiat_secp384r1_uint1 x490; ++ uint32_t x491; ++ fiat_secp384r1_uint1 x492; ++ uint32_t x493; ++ fiat_secp384r1_uint1 x494; ++ uint32_t x495; ++ fiat_secp384r1_uint1 x496; ++ uint32_t x497; ++ fiat_secp384r1_uint1 x498; ++ uint32_t x499; ++ fiat_secp384r1_uint1 x500; ++ uint32_t x501; ++ uint32_t x502; ++ uint32_t x503; ++ uint32_t x504; ++ uint32_t x505; ++ uint32_t x506; ++ uint32_t x507; ++ uint32_t x508; ++ uint32_t x509; ++ uint32_t x510; ++ uint32_t x511; ++ uint32_t x512; ++ uint32_t x513; ++ uint32_t x514; ++ uint32_t x515; ++ uint32_t x516; ++ uint32_t x517; ++ uint32_t x518; ++ uint32_t x519; ++ uint32_t x520; ++ uint32_t x521; ++ fiat_secp384r1_uint1 x522; ++ uint32_t x523; ++ fiat_secp384r1_uint1 x524; ++ uint32_t x525; ++ fiat_secp384r1_uint1 x526; ++ uint32_t x527; ++ fiat_secp384r1_uint1 x528; ++ uint32_t x529; ++ fiat_secp384r1_uint1 x530; ++ uint32_t x531; ++ fiat_secp384r1_uint1 x532; ++ uint32_t x533; ++ fiat_secp384r1_uint1 x534; ++ uint32_t x535; ++ fiat_secp384r1_uint1 x536; ++ uint32_t x537; ++ fiat_secp384r1_uint1 x538; ++ uint32_t x539; ++ fiat_secp384r1_uint1 x540; ++ uint32_t x541; ++ fiat_secp384r1_uint1 x542; ++ uint32_t x543; ++ fiat_secp384r1_uint1 x544; ++ uint32_t x545; ++ fiat_secp384r1_uint1 x546; ++ uint32_t x547; ++ fiat_secp384r1_uint1 x548; ++ uint32_t x549; ++ fiat_secp384r1_uint1 x550; ++ uint32_t x551; ++ fiat_secp384r1_uint1 x552; ++ uint32_t x553; ++ fiat_secp384r1_uint1 x554; ++ uint32_t x555; ++ fiat_secp384r1_uint1 x556; ++ uint32_t x557; ++ fiat_secp384r1_uint1 x558; ++ uint32_t x559; ++ fiat_secp384r1_uint1 x560; ++ uint32_t x561; ++ fiat_secp384r1_uint1 x562; ++ uint32_t x563; ++ uint32_t x564; ++ uint32_t x565; ++ uint32_t x566; ++ uint32_t x567; ++ uint32_t x568; ++ uint32_t x569; ++ uint32_t x570; ++ uint32_t x571; ++ fiat_secp384r1_uint1 x572; ++ uint32_t x573; ++ fiat_secp384r1_uint1 x574; ++ uint32_t x575; ++ fiat_secp384r1_uint1 x576; ++ uint32_t x577; ++ fiat_secp384r1_uint1 x578; ++ uint32_t x579; ++ fiat_secp384r1_uint1 x580; ++ uint32_t x581; ++ fiat_secp384r1_uint1 x582; ++ uint32_t x583; ++ fiat_secp384r1_uint1 x584; ++ uint32_t x585; ++ fiat_secp384r1_uint1 x586; ++ uint32_t x587; ++ fiat_secp384r1_uint1 x588; ++ uint32_t x589; ++ fiat_secp384r1_uint1 x590; ++ uint32_t x591; ++ fiat_secp384r1_uint1 x592; ++ uint32_t x593; ++ fiat_secp384r1_uint1 x594; ++ uint32_t x595; ++ fiat_secp384r1_uint1 x596; ++ uint32_t x597; ++ uint32_t x598; ++ uint32_t x599; ++ uint32_t x600; ++ uint32_t x601; ++ uint32_t x602; ++ uint32_t x603; ++ uint32_t x604; ++ uint32_t x605; ++ uint32_t x606; ++ uint32_t x607; ++ uint32_t x608; ++ uint32_t x609; ++ uint32_t x610; ++ uint32_t x611; ++ uint32_t x612; ++ uint32_t x613; ++ uint32_t x614; ++ uint32_t x615; ++ uint32_t x616; ++ uint32_t x617; ++ fiat_secp384r1_uint1 x618; ++ uint32_t x619; ++ fiat_secp384r1_uint1 x620; ++ uint32_t x621; ++ fiat_secp384r1_uint1 x622; ++ uint32_t x623; ++ fiat_secp384r1_uint1 x624; ++ uint32_t x625; ++ fiat_secp384r1_uint1 x626; ++ uint32_t x627; ++ fiat_secp384r1_uint1 x628; ++ uint32_t x629; ++ fiat_secp384r1_uint1 x630; ++ uint32_t x631; ++ fiat_secp384r1_uint1 x632; ++ uint32_t x633; ++ fiat_secp384r1_uint1 x634; ++ uint32_t x635; ++ fiat_secp384r1_uint1 x636; ++ uint32_t x637; ++ fiat_secp384r1_uint1 x638; ++ uint32_t x639; ++ fiat_secp384r1_uint1 x640; ++ uint32_t x641; ++ fiat_secp384r1_uint1 x642; ++ uint32_t x643; ++ fiat_secp384r1_uint1 x644; ++ uint32_t x645; ++ fiat_secp384r1_uint1 x646; ++ uint32_t x647; ++ fiat_secp384r1_uint1 x648; ++ uint32_t x649; ++ fiat_secp384r1_uint1 x650; ++ uint32_t x651; ++ fiat_secp384r1_uint1 x652; ++ uint32_t x653; ++ fiat_secp384r1_uint1 x654; ++ uint32_t x655; ++ fiat_secp384r1_uint1 x656; ++ uint32_t x657; ++ fiat_secp384r1_uint1 x658; ++ uint32_t x659; ++ uint32_t x660; ++ uint32_t x661; ++ uint32_t x662; ++ uint32_t x663; ++ uint32_t x664; ++ uint32_t x665; ++ uint32_t x666; ++ uint32_t x667; ++ fiat_secp384r1_uint1 x668; ++ uint32_t x669; ++ fiat_secp384r1_uint1 x670; ++ uint32_t x671; ++ fiat_secp384r1_uint1 x672; ++ uint32_t x673; ++ fiat_secp384r1_uint1 x674; ++ uint32_t x675; ++ fiat_secp384r1_uint1 x676; ++ uint32_t x677; ++ fiat_secp384r1_uint1 x678; ++ uint32_t x679; ++ fiat_secp384r1_uint1 x680; ++ uint32_t x681; ++ fiat_secp384r1_uint1 x682; ++ uint32_t x683; ++ fiat_secp384r1_uint1 x684; ++ uint32_t x685; ++ fiat_secp384r1_uint1 x686; ++ uint32_t x687; ++ fiat_secp384r1_uint1 x688; ++ uint32_t x689; ++ fiat_secp384r1_uint1 x690; ++ uint32_t x691; ++ fiat_secp384r1_uint1 x692; ++ uint32_t x693; ++ uint32_t x694; ++ uint32_t x695; ++ uint32_t x696; ++ uint32_t x697; ++ uint32_t x698; ++ uint32_t x699; ++ uint32_t x700; ++ uint32_t x701; ++ uint32_t x702; ++ uint32_t x703; ++ uint32_t x704; ++ uint32_t x705; ++ uint32_t x706; ++ uint32_t x707; ++ uint32_t x708; ++ uint32_t x709; ++ uint32_t x710; ++ uint32_t x711; ++ uint32_t x712; ++ uint32_t x713; ++ fiat_secp384r1_uint1 x714; ++ uint32_t x715; ++ fiat_secp384r1_uint1 x716; ++ uint32_t x717; ++ fiat_secp384r1_uint1 x718; ++ uint32_t x719; ++ fiat_secp384r1_uint1 x720; ++ uint32_t x721; ++ fiat_secp384r1_uint1 x722; ++ uint32_t x723; ++ fiat_secp384r1_uint1 x724; ++ uint32_t x725; ++ fiat_secp384r1_uint1 x726; ++ uint32_t x727; ++ fiat_secp384r1_uint1 x728; ++ uint32_t x729; ++ fiat_secp384r1_uint1 x730; ++ uint32_t x731; ++ fiat_secp384r1_uint1 x732; ++ uint32_t x733; ++ fiat_secp384r1_uint1 x734; ++ uint32_t x735; ++ fiat_secp384r1_uint1 x736; ++ uint32_t x737; ++ fiat_secp384r1_uint1 x738; ++ uint32_t x739; ++ fiat_secp384r1_uint1 x740; ++ uint32_t x741; ++ fiat_secp384r1_uint1 x742; ++ uint32_t x743; ++ fiat_secp384r1_uint1 x744; ++ uint32_t x745; ++ fiat_secp384r1_uint1 x746; ++ uint32_t x747; ++ fiat_secp384r1_uint1 x748; ++ uint32_t x749; ++ fiat_secp384r1_uint1 x750; ++ uint32_t x751; ++ fiat_secp384r1_uint1 x752; ++ uint32_t x753; ++ fiat_secp384r1_uint1 x754; ++ uint32_t x755; ++ uint32_t x756; ++ uint32_t x757; ++ uint32_t x758; ++ uint32_t x759; ++ uint32_t x760; ++ uint32_t x761; ++ uint32_t x762; ++ uint32_t x763; ++ fiat_secp384r1_uint1 x764; ++ uint32_t x765; ++ fiat_secp384r1_uint1 x766; ++ uint32_t x767; ++ fiat_secp384r1_uint1 x768; ++ uint32_t x769; ++ fiat_secp384r1_uint1 x770; ++ uint32_t x771; ++ fiat_secp384r1_uint1 x772; ++ uint32_t x773; ++ fiat_secp384r1_uint1 x774; ++ uint32_t x775; ++ fiat_secp384r1_uint1 x776; ++ uint32_t x777; ++ fiat_secp384r1_uint1 x778; ++ uint32_t x779; ++ fiat_secp384r1_uint1 x780; ++ uint32_t x781; ++ fiat_secp384r1_uint1 x782; ++ uint32_t x783; ++ fiat_secp384r1_uint1 x784; ++ uint32_t x785; ++ fiat_secp384r1_uint1 x786; ++ uint32_t x787; ++ fiat_secp384r1_uint1 x788; ++ uint32_t x789; ++ uint32_t x790; ++ uint32_t x791; ++ uint32_t x792; ++ uint32_t x793; ++ uint32_t x794; ++ uint32_t x795; ++ uint32_t x796; ++ uint32_t x797; ++ uint32_t x798; ++ uint32_t x799; ++ uint32_t x800; ++ uint32_t x801; ++ uint32_t x802; ++ uint32_t x803; ++ uint32_t x804; ++ uint32_t x805; ++ uint32_t x806; ++ uint32_t x807; ++ uint32_t x808; ++ uint32_t x809; ++ fiat_secp384r1_uint1 x810; ++ uint32_t x811; ++ fiat_secp384r1_uint1 x812; ++ uint32_t x813; ++ fiat_secp384r1_uint1 x814; ++ uint32_t x815; ++ fiat_secp384r1_uint1 x816; ++ uint32_t x817; ++ fiat_secp384r1_uint1 x818; ++ uint32_t x819; ++ fiat_secp384r1_uint1 x820; ++ uint32_t x821; ++ fiat_secp384r1_uint1 x822; ++ uint32_t x823; ++ fiat_secp384r1_uint1 x824; ++ uint32_t x825; ++ fiat_secp384r1_uint1 x826; ++ uint32_t x827; ++ fiat_secp384r1_uint1 x828; ++ uint32_t x829; ++ fiat_secp384r1_uint1 x830; ++ uint32_t x831; ++ fiat_secp384r1_uint1 x832; ++ uint32_t x833; ++ fiat_secp384r1_uint1 x834; ++ uint32_t x835; ++ fiat_secp384r1_uint1 x836; ++ uint32_t x837; ++ fiat_secp384r1_uint1 x838; ++ uint32_t x839; ++ fiat_secp384r1_uint1 x840; ++ uint32_t x841; ++ fiat_secp384r1_uint1 x842; ++ uint32_t x843; ++ fiat_secp384r1_uint1 x844; ++ uint32_t x845; ++ fiat_secp384r1_uint1 x846; ++ uint32_t x847; ++ fiat_secp384r1_uint1 x848; ++ uint32_t x849; ++ fiat_secp384r1_uint1 x850; ++ uint32_t x851; ++ uint32_t x852; ++ uint32_t x853; ++ uint32_t x854; ++ uint32_t x855; ++ uint32_t x856; ++ uint32_t x857; ++ uint32_t x858; ++ uint32_t x859; ++ fiat_secp384r1_uint1 x860; ++ uint32_t x861; ++ fiat_secp384r1_uint1 x862; ++ uint32_t x863; ++ fiat_secp384r1_uint1 x864; ++ uint32_t x865; ++ fiat_secp384r1_uint1 x866; ++ uint32_t x867; ++ fiat_secp384r1_uint1 x868; ++ uint32_t x869; ++ fiat_secp384r1_uint1 x870; ++ uint32_t x871; ++ fiat_secp384r1_uint1 x872; ++ uint32_t x873; ++ fiat_secp384r1_uint1 x874; ++ uint32_t x875; ++ fiat_secp384r1_uint1 x876; ++ uint32_t x877; ++ fiat_secp384r1_uint1 x878; ++ uint32_t x879; ++ fiat_secp384r1_uint1 x880; ++ uint32_t x881; ++ fiat_secp384r1_uint1 x882; ++ uint32_t x883; ++ fiat_secp384r1_uint1 x884; ++ uint32_t x885; ++ uint32_t x886; ++ uint32_t x887; ++ uint32_t x888; ++ uint32_t x889; ++ uint32_t x890; ++ uint32_t x891; ++ uint32_t x892; ++ uint32_t x893; ++ uint32_t x894; ++ uint32_t x895; ++ uint32_t x896; ++ uint32_t x897; ++ uint32_t x898; ++ uint32_t x899; ++ uint32_t x900; ++ uint32_t x901; ++ uint32_t x902; ++ uint32_t x903; ++ uint32_t x904; ++ uint32_t x905; ++ fiat_secp384r1_uint1 x906; ++ uint32_t x907; ++ fiat_secp384r1_uint1 x908; ++ uint32_t x909; ++ fiat_secp384r1_uint1 x910; ++ uint32_t x911; ++ fiat_secp384r1_uint1 x912; ++ uint32_t x913; ++ fiat_secp384r1_uint1 x914; ++ uint32_t x915; ++ fiat_secp384r1_uint1 x916; ++ uint32_t x917; ++ fiat_secp384r1_uint1 x918; ++ uint32_t x919; ++ fiat_secp384r1_uint1 x920; ++ uint32_t x921; ++ fiat_secp384r1_uint1 x922; ++ uint32_t x923; ++ fiat_secp384r1_uint1 x924; ++ uint32_t x925; ++ fiat_secp384r1_uint1 x926; ++ uint32_t x927; ++ fiat_secp384r1_uint1 x928; ++ uint32_t x929; ++ fiat_secp384r1_uint1 x930; ++ uint32_t x931; ++ fiat_secp384r1_uint1 x932; ++ uint32_t x933; ++ fiat_secp384r1_uint1 x934; ++ uint32_t x935; ++ fiat_secp384r1_uint1 x936; ++ uint32_t x937; ++ fiat_secp384r1_uint1 x938; ++ uint32_t x939; ++ fiat_secp384r1_uint1 x940; ++ uint32_t x941; ++ fiat_secp384r1_uint1 x942; ++ uint32_t x943; ++ fiat_secp384r1_uint1 x944; ++ uint32_t x945; ++ fiat_secp384r1_uint1 x946; ++ uint32_t x947; ++ uint32_t x948; ++ uint32_t x949; ++ uint32_t x950; ++ uint32_t x951; ++ uint32_t x952; ++ uint32_t x953; ++ uint32_t x954; ++ uint32_t x955; ++ fiat_secp384r1_uint1 x956; ++ uint32_t x957; ++ fiat_secp384r1_uint1 x958; ++ uint32_t x959; ++ fiat_secp384r1_uint1 x960; ++ uint32_t x961; ++ fiat_secp384r1_uint1 x962; ++ uint32_t x963; ++ fiat_secp384r1_uint1 x964; ++ uint32_t x965; ++ fiat_secp384r1_uint1 x966; ++ uint32_t x967; ++ fiat_secp384r1_uint1 x968; ++ uint32_t x969; ++ fiat_secp384r1_uint1 x970; ++ uint32_t x971; ++ fiat_secp384r1_uint1 x972; ++ uint32_t x973; ++ fiat_secp384r1_uint1 x974; ++ uint32_t x975; ++ fiat_secp384r1_uint1 x976; ++ uint32_t x977; ++ fiat_secp384r1_uint1 x978; ++ uint32_t x979; ++ fiat_secp384r1_uint1 x980; ++ uint32_t x981; ++ uint32_t x982; ++ uint32_t x983; ++ uint32_t x984; ++ uint32_t x985; ++ uint32_t x986; ++ uint32_t x987; ++ uint32_t x988; ++ uint32_t x989; ++ uint32_t x990; ++ uint32_t x991; ++ uint32_t x992; ++ uint32_t x993; ++ uint32_t x994; ++ uint32_t x995; ++ uint32_t x996; ++ uint32_t x997; ++ uint32_t x998; ++ uint32_t x999; ++ uint32_t x1000; ++ uint32_t x1001; ++ fiat_secp384r1_uint1 x1002; ++ uint32_t x1003; ++ fiat_secp384r1_uint1 x1004; ++ uint32_t x1005; ++ fiat_secp384r1_uint1 x1006; ++ uint32_t x1007; ++ fiat_secp384r1_uint1 x1008; ++ uint32_t x1009; ++ fiat_secp384r1_uint1 x1010; ++ uint32_t x1011; ++ fiat_secp384r1_uint1 x1012; ++ uint32_t x1013; ++ fiat_secp384r1_uint1 x1014; ++ uint32_t x1015; ++ fiat_secp384r1_uint1 x1016; ++ uint32_t x1017; ++ fiat_secp384r1_uint1 x1018; ++ uint32_t x1019; ++ fiat_secp384r1_uint1 x1020; ++ uint32_t x1021; ++ fiat_secp384r1_uint1 x1022; ++ uint32_t x1023; ++ fiat_secp384r1_uint1 x1024; ++ uint32_t x1025; ++ fiat_secp384r1_uint1 x1026; ++ uint32_t x1027; ++ fiat_secp384r1_uint1 x1028; ++ uint32_t x1029; ++ fiat_secp384r1_uint1 x1030; ++ uint32_t x1031; ++ fiat_secp384r1_uint1 x1032; ++ uint32_t x1033; ++ fiat_secp384r1_uint1 x1034; ++ uint32_t x1035; ++ fiat_secp384r1_uint1 x1036; ++ uint32_t x1037; ++ fiat_secp384r1_uint1 x1038; ++ uint32_t x1039; ++ fiat_secp384r1_uint1 x1040; ++ uint32_t x1041; ++ fiat_secp384r1_uint1 x1042; ++ uint32_t x1043; ++ uint32_t x1044; ++ uint32_t x1045; ++ uint32_t x1046; ++ uint32_t x1047; ++ uint32_t x1048; ++ uint32_t x1049; ++ uint32_t x1050; ++ uint32_t x1051; ++ fiat_secp384r1_uint1 x1052; ++ uint32_t x1053; ++ fiat_secp384r1_uint1 x1054; ++ uint32_t x1055; ++ fiat_secp384r1_uint1 x1056; ++ uint32_t x1057; ++ fiat_secp384r1_uint1 x1058; ++ uint32_t x1059; ++ fiat_secp384r1_uint1 x1060; ++ uint32_t x1061; ++ fiat_secp384r1_uint1 x1062; ++ uint32_t x1063; ++ fiat_secp384r1_uint1 x1064; ++ uint32_t x1065; ++ fiat_secp384r1_uint1 x1066; ++ uint32_t x1067; ++ fiat_secp384r1_uint1 x1068; ++ uint32_t x1069; ++ fiat_secp384r1_uint1 x1070; ++ uint32_t x1071; ++ fiat_secp384r1_uint1 x1072; ++ uint32_t x1073; ++ fiat_secp384r1_uint1 x1074; ++ uint32_t x1075; ++ fiat_secp384r1_uint1 x1076; ++ uint32_t x1077; ++ uint32_t x1078; ++ uint32_t x1079; ++ uint32_t x1080; ++ uint32_t x1081; ++ uint32_t x1082; ++ uint32_t x1083; ++ uint32_t x1084; ++ uint32_t x1085; ++ uint32_t x1086; ++ uint32_t x1087; ++ uint32_t x1088; ++ uint32_t x1089; ++ uint32_t x1090; ++ uint32_t x1091; ++ uint32_t x1092; ++ uint32_t x1093; ++ uint32_t x1094; ++ uint32_t x1095; ++ uint32_t x1096; ++ uint32_t x1097; ++ fiat_secp384r1_uint1 x1098; ++ uint32_t x1099; ++ fiat_secp384r1_uint1 x1100; ++ uint32_t x1101; ++ fiat_secp384r1_uint1 x1102; ++ uint32_t x1103; ++ fiat_secp384r1_uint1 x1104; ++ uint32_t x1105; ++ fiat_secp384r1_uint1 x1106; ++ uint32_t x1107; ++ fiat_secp384r1_uint1 x1108; ++ uint32_t x1109; ++ fiat_secp384r1_uint1 x1110; ++ uint32_t x1111; ++ fiat_secp384r1_uint1 x1112; ++ uint32_t x1113; ++ fiat_secp384r1_uint1 x1114; ++ uint32_t x1115; ++ fiat_secp384r1_uint1 x1116; ++ uint32_t x1117; ++ fiat_secp384r1_uint1 x1118; ++ uint32_t x1119; ++ fiat_secp384r1_uint1 x1120; ++ uint32_t x1121; ++ fiat_secp384r1_uint1 x1122; ++ uint32_t x1123; ++ fiat_secp384r1_uint1 x1124; ++ uint32_t x1125; ++ fiat_secp384r1_uint1 x1126; ++ uint32_t x1127; ++ fiat_secp384r1_uint1 x1128; ++ uint32_t x1129; ++ fiat_secp384r1_uint1 x1130; ++ uint32_t x1131; ++ fiat_secp384r1_uint1 x1132; ++ uint32_t x1133; ++ fiat_secp384r1_uint1 x1134; ++ uint32_t x1135; ++ fiat_secp384r1_uint1 x1136; ++ uint32_t x1137; ++ fiat_secp384r1_uint1 x1138; ++ uint32_t x1139; ++ fiat_secp384r1_uint1 x1140; ++ uint32_t x1141; ++ fiat_secp384r1_uint1 x1142; ++ uint32_t x1143; ++ fiat_secp384r1_uint1 x1144; ++ uint32_t x1145; ++ fiat_secp384r1_uint1 x1146; ++ uint32_t x1147; ++ fiat_secp384r1_uint1 x1148; ++ uint32_t x1149; ++ fiat_secp384r1_uint1 x1150; ++ uint32_t x1151; ++ fiat_secp384r1_uint1 x1152; ++ uint32_t x1153; ++ fiat_secp384r1_uint1 x1154; ++ uint32_t x1155; ++ fiat_secp384r1_uint1 x1156; ++ uint32_t x1157; ++ fiat_secp384r1_uint1 x1158; ++ uint32_t x1159; ++ fiat_secp384r1_uint1 x1160; ++ uint32_t x1161; ++ fiat_secp384r1_uint1 x1162; ++ uint32_t x1163; ++ fiat_secp384r1_uint1 x1164; ++ uint32_t x1165; ++ uint32_t x1166; ++ uint32_t x1167; ++ uint32_t x1168; ++ uint32_t x1169; ++ uint32_t x1170; ++ uint32_t x1171; ++ uint32_t x1172; ++ uint32_t x1173; ++ uint32_t x1174; ++ uint32_t x1175; ++ uint32_t x1176; ++ x1 = (arg1[1]); ++ x2 = (arg1[2]); ++ x3 = (arg1[3]); ++ x4 = (arg1[4]); ++ x5 = (arg1[5]); ++ x6 = (arg1[6]); ++ x7 = (arg1[7]); ++ x8 = (arg1[8]); ++ x9 = (arg1[9]); ++ x10 = (arg1[10]); ++ x11 = (arg1[11]); ++ x12 = (arg1[0]); ++ fiat_secp384r1_mulx_u32(&x13, &x14, x12, 0x2); ++ fiat_secp384r1_mulx_u32(&x15, &x16, x12, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x17, &x18, x12, 0x2); ++ fiat_secp384r1_mulx_u32(&x19, &x20, x12, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x21, &x22, 0x0, (fiat_secp384r1_uint1)x14, ++ x12); ++ fiat_secp384r1_mulx_u32(&x23, &x24, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x25, &x26, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x27, &x28, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x29, &x30, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x31, &x32, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x33, &x34, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x35, &x36, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x37, &x38, x12, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x39, &x40, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x41, &x42, x12, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x43, &x44, 0x0, x40, x37); ++ fiat_secp384r1_addcarryx_u32(&x45, &x46, x44, x38, x35); ++ fiat_secp384r1_addcarryx_u32(&x47, &x48, x46, x36, x33); ++ fiat_secp384r1_addcarryx_u32(&x49, &x50, x48, x34, x31); ++ fiat_secp384r1_addcarryx_u32(&x51, &x52, x50, x32, x29); ++ fiat_secp384r1_addcarryx_u32(&x53, &x54, x52, x30, x27); ++ fiat_secp384r1_addcarryx_u32(&x55, &x56, x54, x28, x25); ++ fiat_secp384r1_addcarryx_u32(&x57, &x58, x56, x26, x23); ++ fiat_secp384r1_addcarryx_u32(&x59, &x60, 0x0, x12, x41); ++ fiat_secp384r1_addcarryx_u32(&x61, &x62, x60, x19, x42); ++ fiat_secp384r1_addcarryx_u32(&x63, &x64, 0x0, x17, x39); ++ fiat_secp384r1_addcarryx_u32(&x65, &x66, x64, (fiat_secp384r1_uint1)x18, ++ x43); ++ fiat_secp384r1_addcarryx_u32(&x67, &x68, x66, x15, x45); ++ fiat_secp384r1_addcarryx_u32(&x69, &x70, x68, x16, x47); ++ fiat_secp384r1_addcarryx_u32(&x71, &x72, x70, x13, x49); ++ fiat_secp384r1_addcarryx_u32(&x73, &x74, x72, x21, x51); ++ fiat_secp384r1_addcarryx_u32(&x75, &x76, x74, x22, x53); ++ fiat_secp384r1_addcarryx_u32(&x77, &x78, x76, 0x0, x55); ++ fiat_secp384r1_addcarryx_u32(&x79, &x80, x78, 0x0, x57); ++ fiat_secp384r1_addcarryx_u32(&x81, &x82, x80, 0x0, (x58 + x24)); ++ fiat_secp384r1_mulx_u32(&x83, &x84, x1, 0x2); ++ fiat_secp384r1_mulx_u32(&x85, &x86, x1, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x87, &x88, x1, 0x2); ++ fiat_secp384r1_mulx_u32(&x89, &x90, x1, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x91, &x92, 0x0, (fiat_secp384r1_uint1)x84, ++ x1); ++ fiat_secp384r1_addcarryx_u32(&x93, &x94, 0x0, x61, x1); ++ fiat_secp384r1_addcarryx_u32(&x95, &x96, x94, (x62 + x20), x89); ++ fiat_secp384r1_addcarryx_u32(&x97, &x98, x96, x63, x90); ++ fiat_secp384r1_addcarryx_u32(&x99, &x100, x98, x65, x87); ++ fiat_secp384r1_addcarryx_u32(&x101, &x102, x100, x67, ++ (fiat_secp384r1_uint1)x88); ++ fiat_secp384r1_addcarryx_u32(&x103, &x104, x102, x69, x85); ++ fiat_secp384r1_addcarryx_u32(&x105, &x106, x104, x71, x86); ++ fiat_secp384r1_addcarryx_u32(&x107, &x108, x106, x73, x83); ++ fiat_secp384r1_addcarryx_u32(&x109, &x110, x108, x75, x91); ++ fiat_secp384r1_addcarryx_u32(&x111, &x112, x110, x77, x92); ++ fiat_secp384r1_addcarryx_u32(&x113, &x114, x112, x79, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x115, &x116, x114, x81, 0x0); ++ fiat_secp384r1_mulx_u32(&x117, &x118, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x119, &x120, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x121, &x122, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x123, &x124, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x125, &x126, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x127, &x128, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x129, &x130, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x131, &x132, x93, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x133, &x134, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x135, &x136, x93, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x137, &x138, 0x0, x134, x131); ++ fiat_secp384r1_addcarryx_u32(&x139, &x140, x138, x132, x129); ++ fiat_secp384r1_addcarryx_u32(&x141, &x142, x140, x130, x127); ++ fiat_secp384r1_addcarryx_u32(&x143, &x144, x142, x128, x125); ++ fiat_secp384r1_addcarryx_u32(&x145, &x146, x144, x126, x123); ++ fiat_secp384r1_addcarryx_u32(&x147, &x148, x146, x124, x121); ++ fiat_secp384r1_addcarryx_u32(&x149, &x150, x148, x122, x119); ++ fiat_secp384r1_addcarryx_u32(&x151, &x152, x150, x120, x117); ++ fiat_secp384r1_addcarryx_u32(&x153, &x154, 0x0, x93, x135); ++ fiat_secp384r1_addcarryx_u32(&x155, &x156, x154, x95, x136); ++ fiat_secp384r1_addcarryx_u32(&x157, &x158, x156, x97, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x159, &x160, x158, x99, x133); ++ fiat_secp384r1_addcarryx_u32(&x161, &x162, x160, x101, x137); ++ fiat_secp384r1_addcarryx_u32(&x163, &x164, x162, x103, x139); ++ fiat_secp384r1_addcarryx_u32(&x165, &x166, x164, x105, x141); ++ fiat_secp384r1_addcarryx_u32(&x167, &x168, x166, x107, x143); ++ fiat_secp384r1_addcarryx_u32(&x169, &x170, x168, x109, x145); ++ fiat_secp384r1_addcarryx_u32(&x171, &x172, x170, x111, x147); ++ fiat_secp384r1_addcarryx_u32(&x173, &x174, x172, x113, x149); ++ fiat_secp384r1_addcarryx_u32(&x175, &x176, x174, x115, x151); ++ fiat_secp384r1_addcarryx_u32(&x177, &x178, x176, ((uint32_t)x116 + x82), ++ (x152 + x118)); ++ fiat_secp384r1_mulx_u32(&x179, &x180, x2, 0x2); ++ fiat_secp384r1_mulx_u32(&x181, &x182, x2, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x183, &x184, x2, 0x2); ++ fiat_secp384r1_mulx_u32(&x185, &x186, x2, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x187, &x188, 0x0, (fiat_secp384r1_uint1)x180, ++ x2); ++ fiat_secp384r1_addcarryx_u32(&x189, &x190, 0x0, x155, x2); ++ fiat_secp384r1_addcarryx_u32(&x191, &x192, x190, x157, x185); ++ fiat_secp384r1_addcarryx_u32(&x193, &x194, x192, x159, x186); ++ fiat_secp384r1_addcarryx_u32(&x195, &x196, x194, x161, x183); ++ fiat_secp384r1_addcarryx_u32(&x197, &x198, x196, x163, ++ (fiat_secp384r1_uint1)x184); ++ fiat_secp384r1_addcarryx_u32(&x199, &x200, x198, x165, x181); ++ fiat_secp384r1_addcarryx_u32(&x201, &x202, x200, x167, x182); ++ fiat_secp384r1_addcarryx_u32(&x203, &x204, x202, x169, x179); ++ fiat_secp384r1_addcarryx_u32(&x205, &x206, x204, x171, x187); ++ fiat_secp384r1_addcarryx_u32(&x207, &x208, x206, x173, x188); ++ fiat_secp384r1_addcarryx_u32(&x209, &x210, x208, x175, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x211, &x212, x210, x177, 0x0); ++ fiat_secp384r1_mulx_u32(&x213, &x214, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x215, &x216, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x217, &x218, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x219, &x220, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x221, &x222, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x223, &x224, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x225, &x226, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x227, &x228, x189, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x229, &x230, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x231, &x232, x189, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x233, &x234, 0x0, x230, x227); ++ fiat_secp384r1_addcarryx_u32(&x235, &x236, x234, x228, x225); ++ fiat_secp384r1_addcarryx_u32(&x237, &x238, x236, x226, x223); ++ fiat_secp384r1_addcarryx_u32(&x239, &x240, x238, x224, x221); ++ fiat_secp384r1_addcarryx_u32(&x241, &x242, x240, x222, x219); ++ fiat_secp384r1_addcarryx_u32(&x243, &x244, x242, x220, x217); ++ fiat_secp384r1_addcarryx_u32(&x245, &x246, x244, x218, x215); ++ fiat_secp384r1_addcarryx_u32(&x247, &x248, x246, x216, x213); ++ fiat_secp384r1_addcarryx_u32(&x249, &x250, 0x0, x189, x231); ++ fiat_secp384r1_addcarryx_u32(&x251, &x252, x250, x191, x232); ++ fiat_secp384r1_addcarryx_u32(&x253, &x254, x252, x193, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x255, &x256, x254, x195, x229); ++ fiat_secp384r1_addcarryx_u32(&x257, &x258, x256, x197, x233); ++ fiat_secp384r1_addcarryx_u32(&x259, &x260, x258, x199, x235); ++ fiat_secp384r1_addcarryx_u32(&x261, &x262, x260, x201, x237); ++ fiat_secp384r1_addcarryx_u32(&x263, &x264, x262, x203, x239); ++ fiat_secp384r1_addcarryx_u32(&x265, &x266, x264, x205, x241); ++ fiat_secp384r1_addcarryx_u32(&x267, &x268, x266, x207, x243); ++ fiat_secp384r1_addcarryx_u32(&x269, &x270, x268, x209, x245); ++ fiat_secp384r1_addcarryx_u32(&x271, &x272, x270, x211, x247); ++ fiat_secp384r1_addcarryx_u32(&x273, &x274, x272, ((uint32_t)x212 + x178), ++ (x248 + x214)); ++ fiat_secp384r1_mulx_u32(&x275, &x276, x3, 0x2); ++ fiat_secp384r1_mulx_u32(&x277, &x278, x3, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x279, &x280, x3, 0x2); ++ fiat_secp384r1_mulx_u32(&x281, &x282, x3, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x283, &x284, 0x0, (fiat_secp384r1_uint1)x276, ++ x3); ++ fiat_secp384r1_addcarryx_u32(&x285, &x286, 0x0, x251, x3); ++ fiat_secp384r1_addcarryx_u32(&x287, &x288, x286, x253, x281); ++ fiat_secp384r1_addcarryx_u32(&x289, &x290, x288, x255, x282); ++ fiat_secp384r1_addcarryx_u32(&x291, &x292, x290, x257, x279); ++ fiat_secp384r1_addcarryx_u32(&x293, &x294, x292, x259, ++ (fiat_secp384r1_uint1)x280); ++ fiat_secp384r1_addcarryx_u32(&x295, &x296, x294, x261, x277); ++ fiat_secp384r1_addcarryx_u32(&x297, &x298, x296, x263, x278); ++ fiat_secp384r1_addcarryx_u32(&x299, &x300, x298, x265, x275); ++ fiat_secp384r1_addcarryx_u32(&x301, &x302, x300, x267, x283); ++ fiat_secp384r1_addcarryx_u32(&x303, &x304, x302, x269, x284); ++ fiat_secp384r1_addcarryx_u32(&x305, &x306, x304, x271, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x307, &x308, x306, x273, 0x0); ++ fiat_secp384r1_mulx_u32(&x309, &x310, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x311, &x312, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x313, &x314, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x315, &x316, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x317, &x318, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x319, &x320, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x321, &x322, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x323, &x324, x285, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x325, &x326, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x327, &x328, x285, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x329, &x330, 0x0, x326, x323); ++ fiat_secp384r1_addcarryx_u32(&x331, &x332, x330, x324, x321); ++ fiat_secp384r1_addcarryx_u32(&x333, &x334, x332, x322, x319); ++ fiat_secp384r1_addcarryx_u32(&x335, &x336, x334, x320, x317); ++ fiat_secp384r1_addcarryx_u32(&x337, &x338, x336, x318, x315); ++ fiat_secp384r1_addcarryx_u32(&x339, &x340, x338, x316, x313); ++ fiat_secp384r1_addcarryx_u32(&x341, &x342, x340, x314, x311); ++ fiat_secp384r1_addcarryx_u32(&x343, &x344, x342, x312, x309); ++ fiat_secp384r1_addcarryx_u32(&x345, &x346, 0x0, x285, x327); ++ fiat_secp384r1_addcarryx_u32(&x347, &x348, x346, x287, x328); ++ fiat_secp384r1_addcarryx_u32(&x349, &x350, x348, x289, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x351, &x352, x350, x291, x325); ++ fiat_secp384r1_addcarryx_u32(&x353, &x354, x352, x293, x329); ++ fiat_secp384r1_addcarryx_u32(&x355, &x356, x354, x295, x331); ++ fiat_secp384r1_addcarryx_u32(&x357, &x358, x356, x297, x333); ++ fiat_secp384r1_addcarryx_u32(&x359, &x360, x358, x299, x335); ++ fiat_secp384r1_addcarryx_u32(&x361, &x362, x360, x301, x337); ++ fiat_secp384r1_addcarryx_u32(&x363, &x364, x362, x303, x339); ++ fiat_secp384r1_addcarryx_u32(&x365, &x366, x364, x305, x341); ++ fiat_secp384r1_addcarryx_u32(&x367, &x368, x366, x307, x343); ++ fiat_secp384r1_addcarryx_u32(&x369, &x370, x368, ((uint32_t)x308 + x274), ++ (x344 + x310)); ++ fiat_secp384r1_mulx_u32(&x371, &x372, x4, 0x2); ++ fiat_secp384r1_mulx_u32(&x373, &x374, x4, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x375, &x376, x4, 0x2); ++ fiat_secp384r1_mulx_u32(&x377, &x378, x4, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x379, &x380, 0x0, (fiat_secp384r1_uint1)x372, ++ x4); ++ fiat_secp384r1_addcarryx_u32(&x381, &x382, 0x0, x347, x4); ++ fiat_secp384r1_addcarryx_u32(&x383, &x384, x382, x349, x377); ++ fiat_secp384r1_addcarryx_u32(&x385, &x386, x384, x351, x378); ++ fiat_secp384r1_addcarryx_u32(&x387, &x388, x386, x353, x375); ++ fiat_secp384r1_addcarryx_u32(&x389, &x390, x388, x355, ++ (fiat_secp384r1_uint1)x376); ++ fiat_secp384r1_addcarryx_u32(&x391, &x392, x390, x357, x373); ++ fiat_secp384r1_addcarryx_u32(&x393, &x394, x392, x359, x374); ++ fiat_secp384r1_addcarryx_u32(&x395, &x396, x394, x361, x371); ++ fiat_secp384r1_addcarryx_u32(&x397, &x398, x396, x363, x379); ++ fiat_secp384r1_addcarryx_u32(&x399, &x400, x398, x365, x380); ++ fiat_secp384r1_addcarryx_u32(&x401, &x402, x400, x367, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x403, &x404, x402, x369, 0x0); ++ fiat_secp384r1_mulx_u32(&x405, &x406, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x407, &x408, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x409, &x410, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x411, &x412, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x413, &x414, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x415, &x416, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x417, &x418, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x419, &x420, x381, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x421, &x422, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x423, &x424, x381, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x425, &x426, 0x0, x422, x419); ++ fiat_secp384r1_addcarryx_u32(&x427, &x428, x426, x420, x417); ++ fiat_secp384r1_addcarryx_u32(&x429, &x430, x428, x418, x415); ++ fiat_secp384r1_addcarryx_u32(&x431, &x432, x430, x416, x413); ++ fiat_secp384r1_addcarryx_u32(&x433, &x434, x432, x414, x411); ++ fiat_secp384r1_addcarryx_u32(&x435, &x436, x434, x412, x409); ++ fiat_secp384r1_addcarryx_u32(&x437, &x438, x436, x410, x407); ++ fiat_secp384r1_addcarryx_u32(&x439, &x440, x438, x408, x405); ++ fiat_secp384r1_addcarryx_u32(&x441, &x442, 0x0, x381, x423); ++ fiat_secp384r1_addcarryx_u32(&x443, &x444, x442, x383, x424); ++ fiat_secp384r1_addcarryx_u32(&x445, &x446, x444, x385, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x447, &x448, x446, x387, x421); ++ fiat_secp384r1_addcarryx_u32(&x449, &x450, x448, x389, x425); ++ fiat_secp384r1_addcarryx_u32(&x451, &x452, x450, x391, x427); ++ fiat_secp384r1_addcarryx_u32(&x453, &x454, x452, x393, x429); ++ fiat_secp384r1_addcarryx_u32(&x455, &x456, x454, x395, x431); ++ fiat_secp384r1_addcarryx_u32(&x457, &x458, x456, x397, x433); ++ fiat_secp384r1_addcarryx_u32(&x459, &x460, x458, x399, x435); ++ fiat_secp384r1_addcarryx_u32(&x461, &x462, x460, x401, x437); ++ fiat_secp384r1_addcarryx_u32(&x463, &x464, x462, x403, x439); ++ fiat_secp384r1_addcarryx_u32(&x465, &x466, x464, ((uint32_t)x404 + x370), ++ (x440 + x406)); ++ fiat_secp384r1_mulx_u32(&x467, &x468, x5, 0x2); ++ fiat_secp384r1_mulx_u32(&x469, &x470, x5, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x471, &x472, x5, 0x2); ++ fiat_secp384r1_mulx_u32(&x473, &x474, x5, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x475, &x476, 0x0, (fiat_secp384r1_uint1)x468, ++ x5); ++ fiat_secp384r1_addcarryx_u32(&x477, &x478, 0x0, x443, x5); ++ fiat_secp384r1_addcarryx_u32(&x479, &x480, x478, x445, x473); ++ fiat_secp384r1_addcarryx_u32(&x481, &x482, x480, x447, x474); ++ fiat_secp384r1_addcarryx_u32(&x483, &x484, x482, x449, x471); ++ fiat_secp384r1_addcarryx_u32(&x485, &x486, x484, x451, ++ (fiat_secp384r1_uint1)x472); ++ fiat_secp384r1_addcarryx_u32(&x487, &x488, x486, x453, x469); ++ fiat_secp384r1_addcarryx_u32(&x489, &x490, x488, x455, x470); ++ fiat_secp384r1_addcarryx_u32(&x491, &x492, x490, x457, x467); ++ fiat_secp384r1_addcarryx_u32(&x493, &x494, x492, x459, x475); ++ fiat_secp384r1_addcarryx_u32(&x495, &x496, x494, x461, x476); ++ fiat_secp384r1_addcarryx_u32(&x497, &x498, x496, x463, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x499, &x500, x498, x465, 0x0); ++ fiat_secp384r1_mulx_u32(&x501, &x502, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x503, &x504, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x505, &x506, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x507, &x508, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x509, &x510, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x511, &x512, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x513, &x514, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x515, &x516, x477, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x517, &x518, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x519, &x520, x477, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x521, &x522, 0x0, x518, x515); ++ fiat_secp384r1_addcarryx_u32(&x523, &x524, x522, x516, x513); ++ fiat_secp384r1_addcarryx_u32(&x525, &x526, x524, x514, x511); ++ fiat_secp384r1_addcarryx_u32(&x527, &x528, x526, x512, x509); ++ fiat_secp384r1_addcarryx_u32(&x529, &x530, x528, x510, x507); ++ fiat_secp384r1_addcarryx_u32(&x531, &x532, x530, x508, x505); ++ fiat_secp384r1_addcarryx_u32(&x533, &x534, x532, x506, x503); ++ fiat_secp384r1_addcarryx_u32(&x535, &x536, x534, x504, x501); ++ fiat_secp384r1_addcarryx_u32(&x537, &x538, 0x0, x477, x519); ++ fiat_secp384r1_addcarryx_u32(&x539, &x540, x538, x479, x520); ++ fiat_secp384r1_addcarryx_u32(&x541, &x542, x540, x481, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x543, &x544, x542, x483, x517); ++ fiat_secp384r1_addcarryx_u32(&x545, &x546, x544, x485, x521); ++ fiat_secp384r1_addcarryx_u32(&x547, &x548, x546, x487, x523); ++ fiat_secp384r1_addcarryx_u32(&x549, &x550, x548, x489, x525); ++ fiat_secp384r1_addcarryx_u32(&x551, &x552, x550, x491, x527); ++ fiat_secp384r1_addcarryx_u32(&x553, &x554, x552, x493, x529); ++ fiat_secp384r1_addcarryx_u32(&x555, &x556, x554, x495, x531); ++ fiat_secp384r1_addcarryx_u32(&x557, &x558, x556, x497, x533); ++ fiat_secp384r1_addcarryx_u32(&x559, &x560, x558, x499, x535); ++ fiat_secp384r1_addcarryx_u32(&x561, &x562, x560, ((uint32_t)x500 + x466), ++ (x536 + x502)); ++ fiat_secp384r1_mulx_u32(&x563, &x564, x6, 0x2); ++ fiat_secp384r1_mulx_u32(&x565, &x566, x6, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x567, &x568, x6, 0x2); ++ fiat_secp384r1_mulx_u32(&x569, &x570, x6, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x571, &x572, 0x0, (fiat_secp384r1_uint1)x564, ++ x6); ++ fiat_secp384r1_addcarryx_u32(&x573, &x574, 0x0, x539, x6); ++ fiat_secp384r1_addcarryx_u32(&x575, &x576, x574, x541, x569); ++ fiat_secp384r1_addcarryx_u32(&x577, &x578, x576, x543, x570); ++ fiat_secp384r1_addcarryx_u32(&x579, &x580, x578, x545, x567); ++ fiat_secp384r1_addcarryx_u32(&x581, &x582, x580, x547, ++ (fiat_secp384r1_uint1)x568); ++ fiat_secp384r1_addcarryx_u32(&x583, &x584, x582, x549, x565); ++ fiat_secp384r1_addcarryx_u32(&x585, &x586, x584, x551, x566); ++ fiat_secp384r1_addcarryx_u32(&x587, &x588, x586, x553, x563); ++ fiat_secp384r1_addcarryx_u32(&x589, &x590, x588, x555, x571); ++ fiat_secp384r1_addcarryx_u32(&x591, &x592, x590, x557, x572); ++ fiat_secp384r1_addcarryx_u32(&x593, &x594, x592, x559, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x595, &x596, x594, x561, 0x0); ++ fiat_secp384r1_mulx_u32(&x597, &x598, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x599, &x600, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x601, &x602, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x603, &x604, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x605, &x606, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x607, &x608, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x609, &x610, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x611, &x612, x573, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x613, &x614, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x615, &x616, x573, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x617, &x618, 0x0, x614, x611); ++ fiat_secp384r1_addcarryx_u32(&x619, &x620, x618, x612, x609); ++ fiat_secp384r1_addcarryx_u32(&x621, &x622, x620, x610, x607); ++ fiat_secp384r1_addcarryx_u32(&x623, &x624, x622, x608, x605); ++ fiat_secp384r1_addcarryx_u32(&x625, &x626, x624, x606, x603); ++ fiat_secp384r1_addcarryx_u32(&x627, &x628, x626, x604, x601); ++ fiat_secp384r1_addcarryx_u32(&x629, &x630, x628, x602, x599); ++ fiat_secp384r1_addcarryx_u32(&x631, &x632, x630, x600, x597); ++ fiat_secp384r1_addcarryx_u32(&x633, &x634, 0x0, x573, x615); ++ fiat_secp384r1_addcarryx_u32(&x635, &x636, x634, x575, x616); ++ fiat_secp384r1_addcarryx_u32(&x637, &x638, x636, x577, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x639, &x640, x638, x579, x613); ++ fiat_secp384r1_addcarryx_u32(&x641, &x642, x640, x581, x617); ++ fiat_secp384r1_addcarryx_u32(&x643, &x644, x642, x583, x619); ++ fiat_secp384r1_addcarryx_u32(&x645, &x646, x644, x585, x621); ++ fiat_secp384r1_addcarryx_u32(&x647, &x648, x646, x587, x623); ++ fiat_secp384r1_addcarryx_u32(&x649, &x650, x648, x589, x625); ++ fiat_secp384r1_addcarryx_u32(&x651, &x652, x650, x591, x627); ++ fiat_secp384r1_addcarryx_u32(&x653, &x654, x652, x593, x629); ++ fiat_secp384r1_addcarryx_u32(&x655, &x656, x654, x595, x631); ++ fiat_secp384r1_addcarryx_u32(&x657, &x658, x656, ((uint32_t)x596 + x562), ++ (x632 + x598)); ++ fiat_secp384r1_mulx_u32(&x659, &x660, x7, 0x2); ++ fiat_secp384r1_mulx_u32(&x661, &x662, x7, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x663, &x664, x7, 0x2); ++ fiat_secp384r1_mulx_u32(&x665, &x666, x7, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x667, &x668, 0x0, (fiat_secp384r1_uint1)x660, ++ x7); ++ fiat_secp384r1_addcarryx_u32(&x669, &x670, 0x0, x635, x7); ++ fiat_secp384r1_addcarryx_u32(&x671, &x672, x670, x637, x665); ++ fiat_secp384r1_addcarryx_u32(&x673, &x674, x672, x639, x666); ++ fiat_secp384r1_addcarryx_u32(&x675, &x676, x674, x641, x663); ++ fiat_secp384r1_addcarryx_u32(&x677, &x678, x676, x643, ++ (fiat_secp384r1_uint1)x664); ++ fiat_secp384r1_addcarryx_u32(&x679, &x680, x678, x645, x661); ++ fiat_secp384r1_addcarryx_u32(&x681, &x682, x680, x647, x662); ++ fiat_secp384r1_addcarryx_u32(&x683, &x684, x682, x649, x659); ++ fiat_secp384r1_addcarryx_u32(&x685, &x686, x684, x651, x667); ++ fiat_secp384r1_addcarryx_u32(&x687, &x688, x686, x653, x668); ++ fiat_secp384r1_addcarryx_u32(&x689, &x690, x688, x655, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x691, &x692, x690, x657, 0x0); ++ fiat_secp384r1_mulx_u32(&x693, &x694, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x695, &x696, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x697, &x698, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x699, &x700, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x701, &x702, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x703, &x704, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x705, &x706, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x707, &x708, x669, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x709, &x710, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x711, &x712, x669, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x713, &x714, 0x0, x710, x707); ++ fiat_secp384r1_addcarryx_u32(&x715, &x716, x714, x708, x705); ++ fiat_secp384r1_addcarryx_u32(&x717, &x718, x716, x706, x703); ++ fiat_secp384r1_addcarryx_u32(&x719, &x720, x718, x704, x701); ++ fiat_secp384r1_addcarryx_u32(&x721, &x722, x720, x702, x699); ++ fiat_secp384r1_addcarryx_u32(&x723, &x724, x722, x700, x697); ++ fiat_secp384r1_addcarryx_u32(&x725, &x726, x724, x698, x695); ++ fiat_secp384r1_addcarryx_u32(&x727, &x728, x726, x696, x693); ++ fiat_secp384r1_addcarryx_u32(&x729, &x730, 0x0, x669, x711); ++ fiat_secp384r1_addcarryx_u32(&x731, &x732, x730, x671, x712); ++ fiat_secp384r1_addcarryx_u32(&x733, &x734, x732, x673, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x735, &x736, x734, x675, x709); ++ fiat_secp384r1_addcarryx_u32(&x737, &x738, x736, x677, x713); ++ fiat_secp384r1_addcarryx_u32(&x739, &x740, x738, x679, x715); ++ fiat_secp384r1_addcarryx_u32(&x741, &x742, x740, x681, x717); ++ fiat_secp384r1_addcarryx_u32(&x743, &x744, x742, x683, x719); ++ fiat_secp384r1_addcarryx_u32(&x745, &x746, x744, x685, x721); ++ fiat_secp384r1_addcarryx_u32(&x747, &x748, x746, x687, x723); ++ fiat_secp384r1_addcarryx_u32(&x749, &x750, x748, x689, x725); ++ fiat_secp384r1_addcarryx_u32(&x751, &x752, x750, x691, x727); ++ fiat_secp384r1_addcarryx_u32(&x753, &x754, x752, ((uint32_t)x692 + x658), ++ (x728 + x694)); ++ fiat_secp384r1_mulx_u32(&x755, &x756, x8, 0x2); ++ fiat_secp384r1_mulx_u32(&x757, &x758, x8, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x759, &x760, x8, 0x2); ++ fiat_secp384r1_mulx_u32(&x761, &x762, x8, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x763, &x764, 0x0, (fiat_secp384r1_uint1)x756, ++ x8); ++ fiat_secp384r1_addcarryx_u32(&x765, &x766, 0x0, x731, x8); ++ fiat_secp384r1_addcarryx_u32(&x767, &x768, x766, x733, x761); ++ fiat_secp384r1_addcarryx_u32(&x769, &x770, x768, x735, x762); ++ fiat_secp384r1_addcarryx_u32(&x771, &x772, x770, x737, x759); ++ fiat_secp384r1_addcarryx_u32(&x773, &x774, x772, x739, ++ (fiat_secp384r1_uint1)x760); ++ fiat_secp384r1_addcarryx_u32(&x775, &x776, x774, x741, x757); ++ fiat_secp384r1_addcarryx_u32(&x777, &x778, x776, x743, x758); ++ fiat_secp384r1_addcarryx_u32(&x779, &x780, x778, x745, x755); ++ fiat_secp384r1_addcarryx_u32(&x781, &x782, x780, x747, x763); ++ fiat_secp384r1_addcarryx_u32(&x783, &x784, x782, x749, x764); ++ fiat_secp384r1_addcarryx_u32(&x785, &x786, x784, x751, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x787, &x788, x786, x753, 0x0); ++ fiat_secp384r1_mulx_u32(&x789, &x790, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x791, &x792, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x793, &x794, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x795, &x796, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x797, &x798, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x799, &x800, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x801, &x802, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x803, &x804, x765, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x805, &x806, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x807, &x808, x765, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x809, &x810, 0x0, x806, x803); ++ fiat_secp384r1_addcarryx_u32(&x811, &x812, x810, x804, x801); ++ fiat_secp384r1_addcarryx_u32(&x813, &x814, x812, x802, x799); ++ fiat_secp384r1_addcarryx_u32(&x815, &x816, x814, x800, x797); ++ fiat_secp384r1_addcarryx_u32(&x817, &x818, x816, x798, x795); ++ fiat_secp384r1_addcarryx_u32(&x819, &x820, x818, x796, x793); ++ fiat_secp384r1_addcarryx_u32(&x821, &x822, x820, x794, x791); ++ fiat_secp384r1_addcarryx_u32(&x823, &x824, x822, x792, x789); ++ fiat_secp384r1_addcarryx_u32(&x825, &x826, 0x0, x765, x807); ++ fiat_secp384r1_addcarryx_u32(&x827, &x828, x826, x767, x808); ++ fiat_secp384r1_addcarryx_u32(&x829, &x830, x828, x769, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x831, &x832, x830, x771, x805); ++ fiat_secp384r1_addcarryx_u32(&x833, &x834, x832, x773, x809); ++ fiat_secp384r1_addcarryx_u32(&x835, &x836, x834, x775, x811); ++ fiat_secp384r1_addcarryx_u32(&x837, &x838, x836, x777, x813); ++ fiat_secp384r1_addcarryx_u32(&x839, &x840, x838, x779, x815); ++ fiat_secp384r1_addcarryx_u32(&x841, &x842, x840, x781, x817); ++ fiat_secp384r1_addcarryx_u32(&x843, &x844, x842, x783, x819); ++ fiat_secp384r1_addcarryx_u32(&x845, &x846, x844, x785, x821); ++ fiat_secp384r1_addcarryx_u32(&x847, &x848, x846, x787, x823); ++ fiat_secp384r1_addcarryx_u32(&x849, &x850, x848, ((uint32_t)x788 + x754), ++ (x824 + x790)); ++ fiat_secp384r1_mulx_u32(&x851, &x852, x9, 0x2); ++ fiat_secp384r1_mulx_u32(&x853, &x854, x9, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x855, &x856, x9, 0x2); ++ fiat_secp384r1_mulx_u32(&x857, &x858, x9, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x859, &x860, 0x0, (fiat_secp384r1_uint1)x852, ++ x9); ++ fiat_secp384r1_addcarryx_u32(&x861, &x862, 0x0, x827, x9); ++ fiat_secp384r1_addcarryx_u32(&x863, &x864, x862, x829, x857); ++ fiat_secp384r1_addcarryx_u32(&x865, &x866, x864, x831, x858); ++ fiat_secp384r1_addcarryx_u32(&x867, &x868, x866, x833, x855); ++ fiat_secp384r1_addcarryx_u32(&x869, &x870, x868, x835, ++ (fiat_secp384r1_uint1)x856); ++ fiat_secp384r1_addcarryx_u32(&x871, &x872, x870, x837, x853); ++ fiat_secp384r1_addcarryx_u32(&x873, &x874, x872, x839, x854); ++ fiat_secp384r1_addcarryx_u32(&x875, &x876, x874, x841, x851); ++ fiat_secp384r1_addcarryx_u32(&x877, &x878, x876, x843, x859); ++ fiat_secp384r1_addcarryx_u32(&x879, &x880, x878, x845, x860); ++ fiat_secp384r1_addcarryx_u32(&x881, &x882, x880, x847, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x883, &x884, x882, x849, 0x0); ++ fiat_secp384r1_mulx_u32(&x885, &x886, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x887, &x888, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x889, &x890, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x891, &x892, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x893, &x894, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x895, &x896, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x897, &x898, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x899, &x900, x861, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x901, &x902, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x903, &x904, x861, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x905, &x906, 0x0, x902, x899); ++ fiat_secp384r1_addcarryx_u32(&x907, &x908, x906, x900, x897); ++ fiat_secp384r1_addcarryx_u32(&x909, &x910, x908, x898, x895); ++ fiat_secp384r1_addcarryx_u32(&x911, &x912, x910, x896, x893); ++ fiat_secp384r1_addcarryx_u32(&x913, &x914, x912, x894, x891); ++ fiat_secp384r1_addcarryx_u32(&x915, &x916, x914, x892, x889); ++ fiat_secp384r1_addcarryx_u32(&x917, &x918, x916, x890, x887); ++ fiat_secp384r1_addcarryx_u32(&x919, &x920, x918, x888, x885); ++ fiat_secp384r1_addcarryx_u32(&x921, &x922, 0x0, x861, x903); ++ fiat_secp384r1_addcarryx_u32(&x923, &x924, x922, x863, x904); ++ fiat_secp384r1_addcarryx_u32(&x925, &x926, x924, x865, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x927, &x928, x926, x867, x901); ++ fiat_secp384r1_addcarryx_u32(&x929, &x930, x928, x869, x905); ++ fiat_secp384r1_addcarryx_u32(&x931, &x932, x930, x871, x907); ++ fiat_secp384r1_addcarryx_u32(&x933, &x934, x932, x873, x909); ++ fiat_secp384r1_addcarryx_u32(&x935, &x936, x934, x875, x911); ++ fiat_secp384r1_addcarryx_u32(&x937, &x938, x936, x877, x913); ++ fiat_secp384r1_addcarryx_u32(&x939, &x940, x938, x879, x915); ++ fiat_secp384r1_addcarryx_u32(&x941, &x942, x940, x881, x917); ++ fiat_secp384r1_addcarryx_u32(&x943, &x944, x942, x883, x919); ++ fiat_secp384r1_addcarryx_u32(&x945, &x946, x944, ((uint32_t)x884 + x850), ++ (x920 + x886)); ++ fiat_secp384r1_mulx_u32(&x947, &x948, x10, 0x2); ++ fiat_secp384r1_mulx_u32(&x949, &x950, x10, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x951, &x952, x10, 0x2); ++ fiat_secp384r1_mulx_u32(&x953, &x954, x10, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x955, &x956, 0x0, (fiat_secp384r1_uint1)x948, ++ x10); ++ fiat_secp384r1_addcarryx_u32(&x957, &x958, 0x0, x923, x10); ++ fiat_secp384r1_addcarryx_u32(&x959, &x960, x958, x925, x953); ++ fiat_secp384r1_addcarryx_u32(&x961, &x962, x960, x927, x954); ++ fiat_secp384r1_addcarryx_u32(&x963, &x964, x962, x929, x951); ++ fiat_secp384r1_addcarryx_u32(&x965, &x966, x964, x931, ++ (fiat_secp384r1_uint1)x952); ++ fiat_secp384r1_addcarryx_u32(&x967, &x968, x966, x933, x949); ++ fiat_secp384r1_addcarryx_u32(&x969, &x970, x968, x935, x950); ++ fiat_secp384r1_addcarryx_u32(&x971, &x972, x970, x937, x947); ++ fiat_secp384r1_addcarryx_u32(&x973, &x974, x972, x939, x955); ++ fiat_secp384r1_addcarryx_u32(&x975, &x976, x974, x941, x956); ++ fiat_secp384r1_addcarryx_u32(&x977, &x978, x976, x943, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x979, &x980, x978, x945, 0x0); ++ fiat_secp384r1_mulx_u32(&x981, &x982, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x983, &x984, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x985, &x986, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x987, &x988, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x989, &x990, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x991, &x992, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x993, &x994, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x995, &x996, x957, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x997, &x998, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x999, &x1000, x957, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1001, &x1002, 0x0, x998, x995); ++ fiat_secp384r1_addcarryx_u32(&x1003, &x1004, x1002, x996, x993); ++ fiat_secp384r1_addcarryx_u32(&x1005, &x1006, x1004, x994, x991); ++ fiat_secp384r1_addcarryx_u32(&x1007, &x1008, x1006, x992, x989); ++ fiat_secp384r1_addcarryx_u32(&x1009, &x1010, x1008, x990, x987); ++ fiat_secp384r1_addcarryx_u32(&x1011, &x1012, x1010, x988, x985); ++ fiat_secp384r1_addcarryx_u32(&x1013, &x1014, x1012, x986, x983); ++ fiat_secp384r1_addcarryx_u32(&x1015, &x1016, x1014, x984, x981); ++ fiat_secp384r1_addcarryx_u32(&x1017, &x1018, 0x0, x957, x999); ++ fiat_secp384r1_addcarryx_u32(&x1019, &x1020, x1018, x959, x1000); ++ fiat_secp384r1_addcarryx_u32(&x1021, &x1022, x1020, x961, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1023, &x1024, x1022, x963, x997); ++ fiat_secp384r1_addcarryx_u32(&x1025, &x1026, x1024, x965, x1001); ++ fiat_secp384r1_addcarryx_u32(&x1027, &x1028, x1026, x967, x1003); ++ fiat_secp384r1_addcarryx_u32(&x1029, &x1030, x1028, x969, x1005); ++ fiat_secp384r1_addcarryx_u32(&x1031, &x1032, x1030, x971, x1007); ++ fiat_secp384r1_addcarryx_u32(&x1033, &x1034, x1032, x973, x1009); ++ fiat_secp384r1_addcarryx_u32(&x1035, &x1036, x1034, x975, x1011); ++ fiat_secp384r1_addcarryx_u32(&x1037, &x1038, x1036, x977, x1013); ++ fiat_secp384r1_addcarryx_u32(&x1039, &x1040, x1038, x979, x1015); ++ fiat_secp384r1_addcarryx_u32(&x1041, &x1042, x1040, ((uint32_t)x980 + x946), ++ (x1016 + x982)); ++ fiat_secp384r1_mulx_u32(&x1043, &x1044, x11, 0x2); ++ fiat_secp384r1_mulx_u32(&x1045, &x1046, x11, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1047, &x1048, x11, 0x2); ++ fiat_secp384r1_mulx_u32(&x1049, &x1050, x11, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_addcarryx_u32(&x1051, &x1052, 0x0, ++ (fiat_secp384r1_uint1)x1044, x11); ++ fiat_secp384r1_addcarryx_u32(&x1053, &x1054, 0x0, x1019, x11); ++ fiat_secp384r1_addcarryx_u32(&x1055, &x1056, x1054, x1021, x1049); ++ fiat_secp384r1_addcarryx_u32(&x1057, &x1058, x1056, x1023, x1050); ++ fiat_secp384r1_addcarryx_u32(&x1059, &x1060, x1058, x1025, x1047); ++ fiat_secp384r1_addcarryx_u32(&x1061, &x1062, x1060, x1027, ++ (fiat_secp384r1_uint1)x1048); ++ fiat_secp384r1_addcarryx_u32(&x1063, &x1064, x1062, x1029, x1045); ++ fiat_secp384r1_addcarryx_u32(&x1065, &x1066, x1064, x1031, x1046); ++ fiat_secp384r1_addcarryx_u32(&x1067, &x1068, x1066, x1033, x1043); ++ fiat_secp384r1_addcarryx_u32(&x1069, &x1070, x1068, x1035, x1051); ++ fiat_secp384r1_addcarryx_u32(&x1071, &x1072, x1070, x1037, x1052); ++ fiat_secp384r1_addcarryx_u32(&x1073, &x1074, x1072, x1039, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1075, &x1076, x1074, x1041, 0x0); ++ fiat_secp384r1_mulx_u32(&x1077, &x1078, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1079, &x1080, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1081, &x1082, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1083, &x1084, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1085, &x1086, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1087, &x1088, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1089, &x1090, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1091, &x1092, x1053, UINT32_C(0xfffffffe)); ++ fiat_secp384r1_mulx_u32(&x1093, &x1094, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_mulx_u32(&x1095, &x1096, x1053, UINT32_C(0xffffffff)); ++ fiat_secp384r1_addcarryx_u32(&x1097, &x1098, 0x0, x1094, x1091); ++ fiat_secp384r1_addcarryx_u32(&x1099, &x1100, x1098, x1092, x1089); ++ fiat_secp384r1_addcarryx_u32(&x1101, &x1102, x1100, x1090, x1087); ++ fiat_secp384r1_addcarryx_u32(&x1103, &x1104, x1102, x1088, x1085); ++ fiat_secp384r1_addcarryx_u32(&x1105, &x1106, x1104, x1086, x1083); ++ fiat_secp384r1_addcarryx_u32(&x1107, &x1108, x1106, x1084, x1081); ++ fiat_secp384r1_addcarryx_u32(&x1109, &x1110, x1108, x1082, x1079); ++ fiat_secp384r1_addcarryx_u32(&x1111, &x1112, x1110, x1080, x1077); ++ fiat_secp384r1_addcarryx_u32(&x1113, &x1114, 0x0, x1053, x1095); ++ fiat_secp384r1_addcarryx_u32(&x1115, &x1116, x1114, x1055, x1096); ++ fiat_secp384r1_addcarryx_u32(&x1117, &x1118, x1116, x1057, 0x0); ++ fiat_secp384r1_addcarryx_u32(&x1119, &x1120, x1118, x1059, x1093); ++ fiat_secp384r1_addcarryx_u32(&x1121, &x1122, x1120, x1061, x1097); ++ fiat_secp384r1_addcarryx_u32(&x1123, &x1124, x1122, x1063, x1099); ++ fiat_secp384r1_addcarryx_u32(&x1125, &x1126, x1124, x1065, x1101); ++ fiat_secp384r1_addcarryx_u32(&x1127, &x1128, x1126, x1067, x1103); ++ fiat_secp384r1_addcarryx_u32(&x1129, &x1130, x1128, x1069, x1105); ++ fiat_secp384r1_addcarryx_u32(&x1131, &x1132, x1130, x1071, x1107); ++ fiat_secp384r1_addcarryx_u32(&x1133, &x1134, x1132, x1073, x1109); ++ fiat_secp384r1_addcarryx_u32(&x1135, &x1136, x1134, x1075, x1111); ++ fiat_secp384r1_addcarryx_u32(&x1137, &x1138, x1136, ++ ((uint32_t)x1076 + x1042), (x1112 + x1078)); ++ fiat_secp384r1_subborrowx_u32(&x1139, &x1140, 0x0, x1115, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1141, &x1142, x1140, x1117, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x1143, &x1144, x1142, x1119, 0x0); ++ fiat_secp384r1_subborrowx_u32(&x1145, &x1146, x1144, x1121, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1147, &x1148, x1146, x1123, ++ UINT32_C(0xfffffffe)); ++ fiat_secp384r1_subborrowx_u32(&x1149, &x1150, x1148, x1125, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1151, &x1152, x1150, x1127, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1153, &x1154, x1152, x1129, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1155, &x1156, x1154, x1131, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1157, &x1158, x1156, x1133, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1159, &x1160, x1158, x1135, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1161, &x1162, x1160, x1137, ++ UINT32_C(0xffffffff)); ++ fiat_secp384r1_subborrowx_u32(&x1163, &x1164, x1162, x1138, 0x0); ++ fiat_secp384r1_cmovznz_u32(&x1165, x1164, x1139, x1115); ++ fiat_secp384r1_cmovznz_u32(&x1166, x1164, x1141, x1117); ++ fiat_secp384r1_cmovznz_u32(&x1167, x1164, x1143, x1119); ++ fiat_secp384r1_cmovznz_u32(&x1168, x1164, x1145, x1121); ++ fiat_secp384r1_cmovznz_u32(&x1169, x1164, x1147, x1123); ++ fiat_secp384r1_cmovznz_u32(&x1170, x1164, x1149, x1125); ++ fiat_secp384r1_cmovznz_u32(&x1171, x1164, x1151, x1127); ++ fiat_secp384r1_cmovznz_u32(&x1172, x1164, x1153, x1129); ++ fiat_secp384r1_cmovznz_u32(&x1173, x1164, x1155, x1131); ++ fiat_secp384r1_cmovznz_u32(&x1174, x1164, x1157, x1133); ++ fiat_secp384r1_cmovznz_u32(&x1175, x1164, x1159, x1135); ++ fiat_secp384r1_cmovznz_u32(&x1176, x1164, x1161, x1137); ++ out1[0] = x1165; ++ out1[1] = x1166; ++ out1[2] = x1167; ++ out1[3] = x1168; ++ out1[4] = x1169; ++ out1[5] = x1170; ++ out1[6] = x1171; ++ out1[7] = x1172; ++ out1[8] = x1173; ++ out1[9] = x1174; ++ out1[10] = x1175; ++ out1[11] = x1176; ++} ++ ++/* ++ * The function fiat_secp384r1_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffff] ++ */ ++static void ++fiat_secp384r1_nonzero(uint32_t *out1, const uint32_t arg1[12]) ++{ ++ uint32_t x1; ++ x1 = ((arg1[0]) | ++ ((arg1[1]) | ++ ((arg1[2]) | ++ ((arg1[3]) | ++ ((arg1[4]) | ++ ((arg1[5]) | ++ ((arg1[6]) | ++ ((arg1[7]) | ++ ((arg1[8]) | ++ ((arg1[9]) | ++ ((arg1[10]) | ((arg1[11]) | (uint32_t)0x0)))))))))))); ++ *out1 = x1; ++} ++ ++/* ++ * The function fiat_secp384r1_selectznz is a multi-limb conditional select. ++ * Postconditions: ++ * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_selectznz(uint32_t out1[12], ++ fiat_secp384r1_uint1 arg1, ++ const uint32_t arg2[12], ++ const uint32_t arg3[12]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ fiat_secp384r1_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); ++ fiat_secp384r1_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); ++ fiat_secp384r1_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); ++ fiat_secp384r1_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); ++ fiat_secp384r1_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); ++ fiat_secp384r1_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); ++ fiat_secp384r1_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); ++ fiat_secp384r1_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); ++ fiat_secp384r1_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); ++ fiat_secp384r1_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); ++ fiat_secp384r1_cmovznz_u32(&x11, arg1, (arg2[10]), (arg3[10])); ++ fiat_secp384r1_cmovznz_u32(&x12, arg1, (arg2[11]), (arg3[11])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++ out1[9] = x10; ++ out1[10] = x11; ++ out1[11] = x12; ++} ++ ++/* ++ * The function fiat_secp384r1_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order. ++ * Preconditions: ++ * 0 ≤ eval arg1 < m ++ * Postconditions: ++ * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] ++ */ ++static void ++fiat_secp384r1_to_bytes(uint8_t out1[48], const uint32_t arg1[12]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint8_t x14; ++ uint32_t x15; ++ uint8_t x16; ++ uint8_t x17; ++ uint8_t x18; ++ uint8_t x19; ++ uint32_t x20; ++ uint8_t x21; ++ uint32_t x22; ++ uint8_t x23; ++ uint8_t x24; ++ uint8_t x25; ++ uint8_t x26; ++ uint32_t x27; ++ uint8_t x28; ++ uint32_t x29; ++ uint8_t x30; ++ uint8_t x31; ++ uint8_t x32; ++ uint8_t x33; ++ uint32_t x34; ++ uint8_t x35; ++ uint32_t x36; ++ uint8_t x37; ++ uint8_t x38; ++ uint8_t x39; ++ uint8_t x40; ++ uint32_t x41; ++ uint8_t x42; ++ uint32_t x43; ++ uint8_t x44; ++ uint8_t x45; ++ uint8_t x46; ++ uint8_t x47; ++ uint32_t x48; ++ uint8_t x49; ++ uint32_t x50; ++ uint8_t x51; ++ uint8_t x52; ++ uint8_t x53; ++ uint8_t x54; ++ uint32_t x55; ++ uint8_t x56; ++ uint32_t x57; ++ uint8_t x58; ++ uint8_t x59; ++ uint8_t x60; ++ uint8_t x61; ++ uint32_t x62; ++ uint8_t x63; ++ uint32_t x64; ++ uint8_t x65; ++ uint8_t x66; ++ uint8_t x67; ++ uint8_t x68; ++ uint32_t x69; ++ uint8_t x70; ++ uint32_t x71; ++ uint8_t x72; ++ uint8_t x73; ++ uint8_t x74; ++ uint8_t x75; ++ uint32_t x76; ++ uint8_t x77; ++ uint32_t x78; ++ uint8_t x79; ++ uint8_t x80; ++ uint8_t x81; ++ uint8_t x82; ++ uint32_t x83; ++ uint8_t x84; ++ uint32_t x85; ++ uint8_t x86; ++ uint8_t x87; ++ uint8_t x88; ++ uint8_t x89; ++ uint32_t x90; ++ uint8_t x91; ++ uint32_t x92; ++ uint8_t x93; ++ uint8_t x94; ++ uint8_t x95; ++ x1 = (arg1[11]); ++ x2 = (arg1[10]); ++ x3 = (arg1[9]); ++ x4 = (arg1[8]); ++ x5 = (arg1[7]); ++ x6 = (arg1[6]); ++ x7 = (arg1[5]); ++ x8 = (arg1[4]); ++ x9 = (arg1[3]); ++ x10 = (arg1[2]); ++ x11 = (arg1[1]); ++ x12 = (arg1[0]); ++ x13 = (x12 >> 8); ++ x14 = (uint8_t)(x12 & UINT8_C(0xff)); ++ x15 = (x13 >> 8); ++ x16 = (uint8_t)(x13 & UINT8_C(0xff)); ++ x17 = (uint8_t)(x15 >> 8); ++ x18 = (uint8_t)(x15 & UINT8_C(0xff)); ++ x19 = (uint8_t)(x17 & UINT8_C(0xff)); ++ x20 = (x11 >> 8); ++ x21 = (uint8_t)(x11 & UINT8_C(0xff)); ++ x22 = (x20 >> 8); ++ x23 = (uint8_t)(x20 & UINT8_C(0xff)); ++ x24 = (uint8_t)(x22 >> 8); ++ x25 = (uint8_t)(x22 & UINT8_C(0xff)); ++ x26 = (uint8_t)(x24 & UINT8_C(0xff)); ++ x27 = (x10 >> 8); ++ x28 = (uint8_t)(x10 & UINT8_C(0xff)); ++ x29 = (x27 >> 8); ++ x30 = (uint8_t)(x27 & UINT8_C(0xff)); ++ x31 = (uint8_t)(x29 >> 8); ++ x32 = (uint8_t)(x29 & UINT8_C(0xff)); ++ x33 = (uint8_t)(x31 & UINT8_C(0xff)); ++ x34 = (x9 >> 8); ++ x35 = (uint8_t)(x9 & UINT8_C(0xff)); ++ x36 = (x34 >> 8); ++ x37 = (uint8_t)(x34 & UINT8_C(0xff)); ++ x38 = (uint8_t)(x36 >> 8); ++ x39 = (uint8_t)(x36 & UINT8_C(0xff)); ++ x40 = (uint8_t)(x38 & UINT8_C(0xff)); ++ x41 = (x8 >> 8); ++ x42 = (uint8_t)(x8 & UINT8_C(0xff)); ++ x43 = (x41 >> 8); ++ x44 = (uint8_t)(x41 & UINT8_C(0xff)); ++ x45 = (uint8_t)(x43 >> 8); ++ x46 = (uint8_t)(x43 & UINT8_C(0xff)); ++ x47 = (uint8_t)(x45 & UINT8_C(0xff)); ++ x48 = (x7 >> 8); ++ x49 = (uint8_t)(x7 & UINT8_C(0xff)); ++ x50 = (x48 >> 8); ++ x51 = (uint8_t)(x48 & UINT8_C(0xff)); ++ x52 = (uint8_t)(x50 >> 8); ++ x53 = (uint8_t)(x50 & UINT8_C(0xff)); ++ x54 = (uint8_t)(x52 & UINT8_C(0xff)); ++ x55 = (x6 >> 8); ++ x56 = (uint8_t)(x6 & UINT8_C(0xff)); ++ x57 = (x55 >> 8); ++ x58 = (uint8_t)(x55 & UINT8_C(0xff)); ++ x59 = (uint8_t)(x57 >> 8); ++ x60 = (uint8_t)(x57 & UINT8_C(0xff)); ++ x61 = (uint8_t)(x59 & UINT8_C(0xff)); ++ x62 = (x5 >> 8); ++ x63 = (uint8_t)(x5 & UINT8_C(0xff)); ++ x64 = (x62 >> 8); ++ x65 = (uint8_t)(x62 & UINT8_C(0xff)); ++ x66 = (uint8_t)(x64 >> 8); ++ x67 = (uint8_t)(x64 & UINT8_C(0xff)); ++ x68 = (uint8_t)(x66 & UINT8_C(0xff)); ++ x69 = (x4 >> 8); ++ x70 = (uint8_t)(x4 & UINT8_C(0xff)); ++ x71 = (x69 >> 8); ++ x72 = (uint8_t)(x69 & UINT8_C(0xff)); ++ x73 = (uint8_t)(x71 >> 8); ++ x74 = (uint8_t)(x71 & UINT8_C(0xff)); ++ x75 = (uint8_t)(x73 & UINT8_C(0xff)); ++ x76 = (x3 >> 8); ++ x77 = (uint8_t)(x3 & UINT8_C(0xff)); ++ x78 = (x76 >> 8); ++ x79 = (uint8_t)(x76 & UINT8_C(0xff)); ++ x80 = (uint8_t)(x78 >> 8); ++ x81 = (uint8_t)(x78 & UINT8_C(0xff)); ++ x82 = (uint8_t)(x80 & UINT8_C(0xff)); ++ x83 = (x2 >> 8); ++ x84 = (uint8_t)(x2 & UINT8_C(0xff)); ++ x85 = (x83 >> 8); ++ x86 = (uint8_t)(x83 & UINT8_C(0xff)); ++ x87 = (uint8_t)(x85 >> 8); ++ x88 = (uint8_t)(x85 & UINT8_C(0xff)); ++ x89 = (uint8_t)(x87 & UINT8_C(0xff)); ++ x90 = (x1 >> 8); ++ x91 = (uint8_t)(x1 & UINT8_C(0xff)); ++ x92 = (x90 >> 8); ++ x93 = (uint8_t)(x90 & UINT8_C(0xff)); ++ x94 = (uint8_t)(x92 >> 8); ++ x95 = (uint8_t)(x92 & UINT8_C(0xff)); ++ out1[0] = x14; ++ out1[1] = x16; ++ out1[2] = x18; ++ out1[3] = x19; ++ out1[4] = x21; ++ out1[5] = x23; ++ out1[6] = x25; ++ out1[7] = x26; ++ out1[8] = x28; ++ out1[9] = x30; ++ out1[10] = x32; ++ out1[11] = x33; ++ out1[12] = x35; ++ out1[13] = x37; ++ out1[14] = x39; ++ out1[15] = x40; ++ out1[16] = x42; ++ out1[17] = x44; ++ out1[18] = x46; ++ out1[19] = x47; ++ out1[20] = x49; ++ out1[21] = x51; ++ out1[22] = x53; ++ out1[23] = x54; ++ out1[24] = x56; ++ out1[25] = x58; ++ out1[26] = x60; ++ out1[27] = x61; ++ out1[28] = x63; ++ out1[29] = x65; ++ out1[30] = x67; ++ out1[31] = x68; ++ out1[32] = x70; ++ out1[33] = x72; ++ out1[34] = x74; ++ out1[35] = x75; ++ out1[36] = x77; ++ out1[37] = x79; ++ out1[38] = x81; ++ out1[39] = x82; ++ out1[40] = x84; ++ out1[41] = x86; ++ out1[42] = x88; ++ out1[43] = x89; ++ out1[44] = x91; ++ out1[45] = x93; ++ out1[46] = x95; ++ out1[47] = x94; ++} ++ ++/* ++ * The function fiat_secp384r1_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order. ++ * Preconditions: ++ * 0 ≤ bytes_eval arg1 < m ++ * Postconditions: ++ * eval out1 mod m = bytes_eval arg1 mod m ++ * 0 ≤ eval out1 < m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp384r1_from_bytes(uint32_t out1[12], ++ const uint8_t arg1[48]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint8_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint8_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint8_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint8_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint8_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ uint32_t x23; ++ uint8_t x24; ++ uint32_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint8_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint8_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint8_t x36; ++ uint32_t x37; ++ uint32_t x38; ++ uint32_t x39; ++ uint8_t x40; ++ uint32_t x41; ++ uint32_t x42; ++ uint32_t x43; ++ uint8_t x44; ++ uint32_t x45; ++ uint32_t x46; ++ uint32_t x47; ++ uint8_t x48; ++ uint32_t x49; ++ uint32_t x50; ++ uint32_t x51; ++ uint32_t x52; ++ uint32_t x53; ++ uint32_t x54; ++ uint32_t x55; ++ uint32_t x56; ++ uint32_t x57; ++ uint32_t x58; ++ uint32_t x59; ++ uint32_t x60; ++ uint32_t x61; ++ uint32_t x62; ++ uint32_t x63; ++ uint32_t x64; ++ uint32_t x65; ++ uint32_t x66; ++ uint32_t x67; ++ uint32_t x68; ++ uint32_t x69; ++ uint32_t x70; ++ uint32_t x71; ++ x1 = ((uint32_t)(arg1[47]) << 24); ++ x2 = ((uint32_t)(arg1[46]) << 16); ++ x3 = ((uint32_t)(arg1[45]) << 8); ++ x4 = (arg1[44]); ++ x5 = ((uint32_t)(arg1[43]) << 24); ++ x6 = ((uint32_t)(arg1[42]) << 16); ++ x7 = ((uint32_t)(arg1[41]) << 8); ++ x8 = (arg1[40]); ++ x9 = ((uint32_t)(arg1[39]) << 24); ++ x10 = ((uint32_t)(arg1[38]) << 16); ++ x11 = ((uint32_t)(arg1[37]) << 8); ++ x12 = (arg1[36]); ++ x13 = ((uint32_t)(arg1[35]) << 24); ++ x14 = ((uint32_t)(arg1[34]) << 16); ++ x15 = ((uint32_t)(arg1[33]) << 8); ++ x16 = (arg1[32]); ++ x17 = ((uint32_t)(arg1[31]) << 24); ++ x18 = ((uint32_t)(arg1[30]) << 16); ++ x19 = ((uint32_t)(arg1[29]) << 8); ++ x20 = (arg1[28]); ++ x21 = ((uint32_t)(arg1[27]) << 24); ++ x22 = ((uint32_t)(arg1[26]) << 16); ++ x23 = ((uint32_t)(arg1[25]) << 8); ++ x24 = (arg1[24]); ++ x25 = ((uint32_t)(arg1[23]) << 24); ++ x26 = ((uint32_t)(arg1[22]) << 16); ++ x27 = ((uint32_t)(arg1[21]) << 8); ++ x28 = (arg1[20]); ++ x29 = ((uint32_t)(arg1[19]) << 24); ++ x30 = ((uint32_t)(arg1[18]) << 16); ++ x31 = ((uint32_t)(arg1[17]) << 8); ++ x32 = (arg1[16]); ++ x33 = ((uint32_t)(arg1[15]) << 24); ++ x34 = ((uint32_t)(arg1[14]) << 16); ++ x35 = ((uint32_t)(arg1[13]) << 8); ++ x36 = (arg1[12]); ++ x37 = ((uint32_t)(arg1[11]) << 24); ++ x38 = ((uint32_t)(arg1[10]) << 16); ++ x39 = ((uint32_t)(arg1[9]) << 8); ++ x40 = (arg1[8]); ++ x41 = ((uint32_t)(arg1[7]) << 24); ++ x42 = ((uint32_t)(arg1[6]) << 16); ++ x43 = ((uint32_t)(arg1[5]) << 8); ++ x44 = (arg1[4]); ++ x45 = ((uint32_t)(arg1[3]) << 24); ++ x46 = ((uint32_t)(arg1[2]) << 16); ++ x47 = ((uint32_t)(arg1[1]) << 8); ++ x48 = (arg1[0]); ++ x49 = (x48 + (x47 + (x46 + x45))); ++ x50 = (x49 & UINT32_C(0xffffffff)); ++ x51 = (x4 + (x3 + (x2 + x1))); ++ x52 = (x8 + (x7 + (x6 + x5))); ++ x53 = (x12 + (x11 + (x10 + x9))); ++ x54 = (x16 + (x15 + (x14 + x13))); ++ x55 = (x20 + (x19 + (x18 + x17))); ++ x56 = (x24 + (x23 + (x22 + x21))); ++ x57 = (x28 + (x27 + (x26 + x25))); ++ x58 = (x32 + (x31 + (x30 + x29))); ++ x59 = (x36 + (x35 + (x34 + x33))); ++ x60 = (x40 + (x39 + (x38 + x37))); ++ x61 = (x44 + (x43 + (x42 + x41))); ++ x62 = (x61 & UINT32_C(0xffffffff)); ++ x63 = (x60 & UINT32_C(0xffffffff)); ++ x64 = (x59 & UINT32_C(0xffffffff)); ++ x65 = (x58 & UINT32_C(0xffffffff)); ++ x66 = (x57 & UINT32_C(0xffffffff)); ++ x67 = (x56 & UINT32_C(0xffffffff)); ++ x68 = (x55 & UINT32_C(0xffffffff)); ++ x69 = (x54 & UINT32_C(0xffffffff)); ++ x70 = (x53 & UINT32_C(0xffffffff)); ++ x71 = (x52 & UINT32_C(0xffffffff)); ++ out1[0] = x50; ++ out1[1] = x62; ++ out1[2] = x63; ++ out1[3] = x64; ++ out1[4] = x65; ++ out1[5] = x66; ++ out1[6] = x67; ++ out1[7] = x68; ++ out1[8] = x69; ++ out1[9] = x70; ++ out1[10] = x71; ++ out1[11] = x51; ++} ++ ++/* END verbatim fiat code */ ++ ++/*- ++ * Finite field inversion via FLT. ++ * NB: this is not a real Fiat function, just named that way for consistency. ++ * Autogenerated: ecp/secp384r1/fe_inv.op3 ++ * custom repunit addition chain ++ */ ++static void ++fiat_secp384r1_inv(fe_t output, const fe_t t1) ++{ ++ int i; ++ /* temporary variables */ ++ fe_t acc, t10, t170, t2, t20, t255, t30, t32, t4, t64, t8, t84, t85; ++ ++ fiat_secp384r1_square(acc, t1); ++ fiat_secp384r1_mul(t2, acc, t1); ++ fiat_secp384r1_square(acc, t2); ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t4, acc, t2); ++ fiat_secp384r1_square(acc, t4); ++ for (i = 0; i < 3; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t8, acc, t4); ++ fiat_secp384r1_square(acc, t8); ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t10, acc, t2); ++ fiat_secp384r1_square(acc, t10); ++ for (i = 0; i < 9; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t20, acc, t10); ++ fiat_secp384r1_square(acc, t20); ++ for (i = 0; i < 9; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t30, acc, t10); ++ fiat_secp384r1_square(acc, t30); ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t32, acc, t2); ++ fiat_secp384r1_square(acc, t32); ++ for (i = 0; i < 31; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t64, acc, t32); ++ fiat_secp384r1_square(acc, t64); ++ for (i = 0; i < 19; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t84, acc, t20); ++ fiat_secp384r1_square(acc, t84); ++ fiat_secp384r1_mul(t85, acc, t1); ++ fiat_secp384r1_square(acc, t85); ++ for (i = 0; i < 84; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t170, acc, t85); ++ fiat_secp384r1_square(acc, t170); ++ for (i = 0; i < 84; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(t255, acc, t85); ++ fiat_secp384r1_square(acc, t255); ++ for (i = 0; i < 32; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(acc, acc, t32); ++ for (i = 0; i < 94; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(acc, acc, t30); ++ for (i = 0; i < 2; i++) ++ fiat_secp384r1_square(acc, acc); ++ fiat_secp384r1_mul(output, acc, t1); ++} ++ ++/* curve coefficient constants */ ++ ++static const limb_t const_one[12] = { ++ UINT32_C(0x00000001), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), ++ UINT32_C(0x00000000), UINT32_C(0x00000001), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000) ++}; ++ ++static const limb_t const_b[12] = { ++ UINT32_C(0x9D412DCC), UINT32_C(0x08118871), UINT32_C(0x7A4C32EC), ++ UINT32_C(0xF729ADD8), UINT32_C(0x1920022E), UINT32_C(0x77F2209B), ++ UINT32_C(0x94938AE2), UINT32_C(0xE3374BEE), UINT32_C(0x1F022094), ++ UINT32_C(0xB62B21F4), UINT32_C(0x604FBFF9), UINT32_C(0xCD08114B) ++}; ++ ++/* LUT for scalar multiplication by comb interleaving */ ++static const pt_aff_t lut_cmb[21][16] = { ++ { ++ { { UINT32_C(0x49C0B528), UINT32_C(0x3DD07566), UINT32_C(0xA0D6CE38), ++ UINT32_C(0x20E378E2), UINT32_C(0x541B4D6E), UINT32_C(0x879C3AFC), ++ UINT32_C(0x59A30EFF), UINT32_C(0x64548684), UINT32_C(0x614EDE2B), ++ UINT32_C(0x812FF723), UINT32_C(0x299E1513), UINT32_C(0x4D3AADC2) }, ++ { UINT32_C(0x4B03A4FE), UINT32_C(0x23043DAD), UINT32_C(0x7BB4A9AC), ++ UINT32_C(0xA1BFA8BF), UINT32_C(0x2E83B050), UINT32_C(0x8BADE756), ++ UINT32_C(0x68F4FFD9), UINT32_C(0xC6C35219), UINT32_C(0x3969A840), ++ UINT32_C(0xDD800226), UINT32_C(0x5A15C5E9), UINT32_C(0x2B78ABC2) } }, ++ { { UINT32_C(0xC1DC4073), UINT32_C(0x05E4DBE6), UINT32_C(0xF04F779C), ++ UINT32_C(0xC54EA9FF), UINT32_C(0xA170CCF0), UINT32_C(0x6B2034E9), ++ UINT32_C(0xD51C6C3E), UINT32_C(0x3A48D732), UINT32_C(0x263AA470), ++ UINT32_C(0xE36F7E2D), UINT32_C(0xE7C1C3AC), UINT32_C(0xD283FE68) }, ++ { UINT32_C(0xC04EE157), UINT32_C(0x7E284821), UINT32_C(0x7AE0E36D), ++ UINT32_C(0x92D789A7), UINT32_C(0x4EF67446), UINT32_C(0x132663C0), ++ UINT32_C(0xD2E1D0B4), UINT32_C(0x68012D5A), UINT32_C(0x5102B339), ++ UINT32_C(0xF6DB68B1), UINT32_C(0x983292AF), UINT32_C(0x465465FC) } }, ++ { { UINT32_C(0x68F1F0DF), UINT32_C(0xBB595EBA), UINT32_C(0xCC873466), ++ UINT32_C(0xC185C0CB), UINT32_C(0x293C703B), UINT32_C(0x7F1EB1B5), ++ UINT32_C(0xAACC05E6), UINT32_C(0x60DB2CF5), UINT32_C(0xE2E8E4C6), ++ UINT32_C(0xC676B987), UINT32_C(0x1D178FFB), UINT32_C(0xE1BB26B1) }, ++ { UINT32_C(0x7073FA21), UINT32_C(0x2B694BA0), UINT32_C(0x72F34566), ++ UINT32_C(0x22C16E2E), UINT32_C(0x01C35B99), UINT32_C(0x80B61B31), ++ UINT32_C(0x982C0411), UINT32_C(0x4B237FAF), UINT32_C(0x24DE236D), ++ UINT32_C(0xE6C59440), UINT32_C(0xE209E4A3), UINT32_C(0x4DB1C9D6) } }, ++ { { UINT32_C(0x7D69222B), UINT32_C(0xDF13B9D1), UINT32_C(0x874774B1), ++ UINT32_C(0x4CE6415F), UINT32_C(0x211FAA95), UINT32_C(0x731EDCF8), ++ UINT32_C(0x659753ED), UINT32_C(0x5F4215D1), UINT32_C(0x9DB2DF55), ++ UINT32_C(0xF893DB58), UINT32_C(0x1C89025B), UINT32_C(0x932C9F81) }, ++ { UINT32_C(0x7706A61E), UINT32_C(0x0996B220), UINT32_C(0xA8641C79), ++ UINT32_C(0x135349D5), UINT32_C(0x50130844), UINT32_C(0x65AAD76F), ++ UINT32_C(0x01FFF780), UINT32_C(0x0FF37C04), UINT32_C(0x693B0706), ++ UINT32_C(0xF57F238E), UINT32_C(0xAF6C9B3E), UINT32_C(0xD90A16B6) } }, ++ { { UINT32_C(0x2353B92F), UINT32_C(0x2F5D200E), UINT32_C(0x3FD7E4F9), ++ UINT32_C(0xE35D8729), UINT32_C(0xA96D745D), UINT32_C(0x26094833), ++ UINT32_C(0x3CBFFF3F), UINT32_C(0xDC351DC1), UINT32_C(0xDAD54D6A), ++ UINT32_C(0x26D464C6), UINT32_C(0x53636C6A), UINT32_C(0x5CAB1D1D) }, ++ { UINT32_C(0xB18EC0B0), UINT32_C(0xF2813072), UINT32_C(0xD742AA2F), ++ UINT32_C(0x3777E270), UINT32_C(0x033CA7C2), UINT32_C(0x27F061C7), ++ UINT32_C(0x68EAD0D8), UINT32_C(0xA6ECACCC), UINT32_C(0xEE69A754), ++ UINT32_C(0x7D9429F4), UINT32_C(0x31E8F5C6), UINT32_C(0xE7706334) } }, ++ { { UINT32_C(0xB68B8C7D), UINT32_C(0xC7708B19), UINT32_C(0x44377ABA), ++ UINT32_C(0x4532077C), UINT32_C(0x6CDAD64F), UINT32_C(0x0DCC6770), ++ UINT32_C(0x147B6602), UINT32_C(0x01B8BF56), UINT32_C(0xF0561D79), ++ UINT32_C(0xF8D89885), UINT32_C(0x7BA9C437), UINT32_C(0x9C19E9FC) }, ++ { UINT32_C(0xBDC4BA25), UINT32_C(0x764EB146), UINT32_C(0xAC144B83), ++ UINT32_C(0x604FE46B), UINT32_C(0x8A77E780), UINT32_C(0x3CE81329), ++ UINT32_C(0xFE9E682E), UINT32_C(0x2E070F36), UINT32_C(0x3A53287A), ++ UINT32_C(0x41821D0C), UINT32_C(0x3533F918), UINT32_C(0x9AA62F9F) } }, ++ { { UINT32_C(0x75CCBDFB), UINT32_C(0x9B7AEB7E), UINT32_C(0xF6749A95), ++ UINT32_C(0xB25E28C5), UINT32_C(0x33B7D4AE), UINT32_C(0x8A7A8E46), ++ UINT32_C(0xD9C1BD56), UINT32_C(0xDB5203A8), UINT32_C(0xED22DF97), ++ UINT32_C(0xD2657265), UINT32_C(0x8CF23C94), UINT32_C(0xB51C56E1) }, ++ { UINT32_C(0x6C3D812D), UINT32_C(0xF4D39459), UINT32_C(0x87CAE0C2), ++ UINT32_C(0xD8E88F1A), UINT32_C(0xCF4D0FE3), UINT32_C(0x789A2A48), ++ UINT32_C(0xFEC38D60), UINT32_C(0xB7FEAC2D), UINT32_C(0x3B490EC3), ++ UINT32_C(0x81FDBD1C), UINT32_C(0xCC6979E1), UINT32_C(0x4617ADB7) } }, ++ { { UINT32_C(0x4709F4A9), UINT32_C(0x446AD888), UINT32_C(0xEC3DABD8), ++ UINT32_C(0x2B7210E2), UINT32_C(0x50E07B34), UINT32_C(0x83CCF195), ++ UINT32_C(0x789B3075), UINT32_C(0x59500917), UINT32_C(0xEB085993), ++ UINT32_C(0x0FC01FD4), UINT32_C(0x4903026B), UINT32_C(0xFB62D26F) }, ++ { UINT32_C(0x6FE989BB), UINT32_C(0x2309CC9D), UINT32_C(0x144BD586), ++ UINT32_C(0x61609CBD), UINT32_C(0xDE06610C), UINT32_C(0x4B23D3A0), ++ UINT32_C(0xD898F470), UINT32_C(0xDDDC2866), UINT32_C(0x400C5797), ++ UINT32_C(0x8733FC41), UINT32_C(0xD0BC2716), UINT32_C(0x5A68C6FE) } }, ++ { { UINT32_C(0x4B4A3CD0), UINT32_C(0x8903E130), UINT32_C(0x8FF1F43E), ++ UINT32_C(0x3EA4EA4C), UINT32_C(0xF655A10D), UINT32_C(0xE6FC3F2A), ++ UINT32_C(0x524FFEFC), UINT32_C(0x7BE3737D), UINT32_C(0x5330455E), ++ UINT32_C(0x9F692855), UINT32_C(0xE475CE70), UINT32_C(0x524F166E) }, ++ { UINT32_C(0x6C12F055), UINT32_C(0x3FCC69CD), UINT32_C(0xD5B9C0DA), ++ UINT32_C(0x4E23B6FF), UINT32_C(0x336BF183), UINT32_C(0x49CE6993), ++ UINT32_C(0x4A54504A), UINT32_C(0xF87D6D85), UINT32_C(0xB3C2677A), ++ UINT32_C(0x25EB5DF1), UINT32_C(0x55B164C9), UINT32_C(0xAC37986F) } }, ++ { { UINT32_C(0xBAA84C08), UINT32_C(0x82A2ED4A), UINT32_C(0x41A8C912), ++ UINT32_C(0x22C4CC5F), UINT32_C(0x154AAD5E), UINT32_C(0xCA109C3B), ++ UINT32_C(0xFC38538E), UINT32_C(0x23891298), UINT32_C(0x539802AE), ++ UINT32_C(0xB3B6639C), UINT32_C(0x0390D706), UINT32_C(0xFA0F1F45) }, ++ { UINT32_C(0xB0DC21D0), UINT32_C(0x46B78E5D), UINT32_C(0xC3DA2EAC), ++ UINT32_C(0xA8C72D3C), UINT32_C(0x6FF2F643), UINT32_C(0x9170B378), ++ UINT32_C(0xB67F30C3), UINT32_C(0x3F5A799B), UINT32_C(0x8264B672), ++ UINT32_C(0x15D1DC77), UINT32_C(0xE9577764), UINT32_C(0xA1D47B23) } }, ++ { { UINT32_C(0x0422CE2F), UINT32_C(0x08265E51), UINT32_C(0xDD2F9E21), ++ UINT32_C(0x88E0D496), UINT32_C(0x6177F75D), UINT32_C(0x30128AA0), ++ UINT32_C(0xBD9EBE69), UINT32_C(0x2E59AB62), UINT32_C(0x5DF0E537), ++ UINT32_C(0x1B1A0F6C), UINT32_C(0xDAC012B5), UINT32_C(0xAB16C626) }, ++ { UINT32_C(0x008C5DE7), UINT32_C(0x8014214B), UINT32_C(0x38F17BEA), ++ UINT32_C(0xAA740A9E), UINT32_C(0x8A149098), UINT32_C(0x262EBB49), ++ UINT32_C(0x8527CD59), UINT32_C(0xB454111E), UINT32_C(0xACEA5817), ++ UINT32_C(0x266AD15A), UINT32_C(0x1353CCBA), UINT32_C(0x21824F41) } }, ++ { { UINT32_C(0x12E3683B), UINT32_C(0xD1B4E74D), UINT32_C(0x569B8EF6), ++ UINT32_C(0x990ED20B), UINT32_C(0x429C0A18), UINT32_C(0xB9D3DD25), ++ UINT32_C(0x2A351783), UINT32_C(0x1C75B8AB), UINT32_C(0x905432F0), ++ UINT32_C(0x61E4CA2B), UINT32_C(0xEEA8F224), UINT32_C(0x80826A69) }, ++ { UINT32_C(0xEC52ABAD), UINT32_C(0x7FC33A6B), UINT32_C(0xA65E4813), ++ UINT32_C(0x0BCCA3F0), UINT32_C(0xA527CEBE), UINT32_C(0x7AD8A132), ++ UINT32_C(0xEAF22C7E), UINT32_C(0xF0138950), UINT32_C(0x566718C1), ++ UINT32_C(0x282D2437), UINT32_C(0xE2212559), UINT32_C(0x9DFCCB0D) } }, ++ { { UINT32_C(0x58CE3B83), UINT32_C(0x1E937227), UINT32_C(0x3CB3FB36), ++ UINT32_C(0xBB280DFA), UINT32_C(0xE2BE174A), UINT32_C(0x57D0F3D2), ++ UINT32_C(0x208ABE1E), UINT32_C(0x9BD51B99), UINT32_C(0xDE248024), ++ UINT32_C(0x3809AB50), UINT32_C(0xA5BB7331), UINT32_C(0xC29C6E2C) }, ++ { UINT32_C(0x61124F05), UINT32_C(0x9944FD2E), UINT32_C(0x9009E391), ++ UINT32_C(0x83CCBC4E), UINT32_C(0x9424A3CC), UINT32_C(0x01628F05), ++ UINT32_C(0xEA8E4344), UINT32_C(0xD6A2F51D), UINT32_C(0x4CEBC96E), ++ UINT32_C(0xDA3E1A3D), UINT32_C(0xE97809DC), UINT32_C(0x1FE6FB42) } }, ++ { { UINT32_C(0x467D66E4), UINT32_C(0xA04482D2), UINT32_C(0x4D78291D), ++ UINT32_C(0xCF191293), UINT32_C(0x482396F9), UINT32_C(0x8E0D4168), ++ UINT32_C(0xD18F14D0), UINT32_C(0x7228E2D5), UINT32_C(0x9C6A58FE), ++ UINT32_C(0x2F7E8D50), UINT32_C(0x373E5AEC), UINT32_C(0xE8CA780E) }, ++ { UINT32_C(0x1B68E9F8), UINT32_C(0x42AAD1D6), UINT32_C(0x69E2F8F4), ++ UINT32_C(0x58A6D7F5), UINT32_C(0x31DA1BEA), UINT32_C(0xD779ADFE), ++ UINT32_C(0x38C85A85), UINT32_C(0x7D265406), UINT32_C(0xD44D3CDF), ++ UINT32_C(0x67E67195), UINT32_C(0xC5134ED7), UINT32_C(0x17820A0B) } }, ++ { { UINT32_C(0xD3021470), UINT32_C(0x019D6AC5), UINT32_C(0x780443D6), ++ UINT32_C(0x25846B66), UINT32_C(0x55C97647), UINT32_C(0xCE3C15ED), ++ UINT32_C(0x0E3FEB0F), UINT32_C(0x3DC22D49), UINT32_C(0xA7DF26E4), ++ UINT32_C(0x2065B7CB), UINT32_C(0x187CEA1F), UINT32_C(0xC8B00AE8) }, ++ { UINT32_C(0x865DDED3), UINT32_C(0x1A5284A0), UINT32_C(0x20C83DE2), ++ UINT32_C(0x293C1649), UINT32_C(0xCCE851B3), UINT32_C(0xAB178D26), ++ UINT32_C(0x404505FB), UINT32_C(0x8E6DB10B), UINT32_C(0x90C82033), ++ UINT32_C(0xF6F57E71), UINT32_C(0x5977F16C), UINT32_C(0x1D2A1C01) } }, ++ { { UINT32_C(0x7C8906A4), UINT32_C(0xA39C8931), UINT32_C(0x9E821EE6), ++ UINT32_C(0xB6E7ECDD), UINT32_C(0xF0DF4FE6), UINT32_C(0x2ECF8340), ++ UINT32_C(0x53C14965), UINT32_C(0xD42F7DC9), UINT32_C(0xE3BA8285), ++ UINT32_C(0x1AFB51A3), UINT32_C(0x0A3305D1), UINT32_C(0x6C07C404) }, ++ { UINT32_C(0x127FC1DA), UINT32_C(0xDAB83288), UINT32_C(0x374C4B08), ++ UINT32_C(0xBC0A699B), UINT32_C(0x42EB20DD), UINT32_C(0x402A9BAB), ++ UINT32_C(0x045A7A1C), UINT32_C(0xD7DD464F), UINT32_C(0x36BEECC4), ++ UINT32_C(0x5B3D0D6D), UINT32_C(0x6398A19D), UINT32_C(0x475A3E75) } }, ++ }, ++ { ++ { { UINT32_C(0x72876AE8), UINT32_C(0x31BDB483), UINT32_C(0x961ED1BF), ++ UINT32_C(0xE3325D98), UINT32_C(0x9B6FC64D), UINT32_C(0x18C04246), ++ UINT32_C(0x15786B8C), UINT32_C(0x0DCC15FA), UINT32_C(0x8E63DA4A), ++ UINT32_C(0x81ACDB06), UINT32_C(0xDADA70FB), UINT32_C(0xD3A4B643) }, ++ { UINT32_C(0xDEA424EB), UINT32_C(0x46361AFE), UINT32_C(0x89B92970), ++ UINT32_C(0xDC2D2CAE), UINT32_C(0x615694E6), UINT32_C(0xF389B61B), ++ UINT32_C(0x872951D2), UINT32_C(0x7036DEF1), UINT32_C(0xD93BADC7), ++ UINT32_C(0x40FD3BDA), UINT32_C(0x380A68D3), UINT32_C(0x45AB6321) } }, ++ { { UINT32_C(0x81A2703A), UINT32_C(0x23C1F744), UINT32_C(0xB9859136), ++ UINT32_C(0x1A5D075C), UINT32_C(0x5AFD1BFD), UINT32_C(0xA4F82C9D), ++ UINT32_C(0xF89D76FE), UINT32_C(0xA3D1E9A4), UINT32_C(0x75702F80), ++ UINT32_C(0x964F7050), UINT32_C(0xF56C089D), UINT32_C(0x182BF349) }, ++ { UINT32_C(0xBE0DA6E1), UINT32_C(0xE205FA8F), UINT32_C(0x0A40F8F3), ++ UINT32_C(0x32905EB9), UINT32_C(0x356D4395), UINT32_C(0x331A1004), ++ UINT32_C(0xFDBBDFDE), UINT32_C(0x58B78901), UINT32_C(0x9BA00E71), ++ UINT32_C(0xA52A1597), UINT32_C(0x55497A30), UINT32_C(0xE0092E1F) } }, ++ { { UINT32_C(0x70EE8F39), UINT32_C(0x5562A856), UINT32_C(0x64E52A9C), ++ UINT32_C(0x86B0C117), UINT32_C(0x09C75B8C), UINT32_C(0xC19F3174), ++ UINT32_C(0x24923F80), UINT32_C(0x21C7CC31), UINT32_C(0x8F5B291E), ++ UINT32_C(0xE63FE47F), UINT32_C(0x0DC08B05), UINT32_C(0x3D6D3C05) }, ++ { UINT32_C(0xEE0C39A1), UINT32_C(0x58AE455E), UINT32_C(0x0AD97942), ++ UINT32_C(0x78BEA431), UINT32_C(0x3EE3989C), UINT32_C(0x42C7C97F), ++ UINT32_C(0xF38759AE), UINT32_C(0xC1B03AF5), UINT32_C(0xBCF46899), ++ UINT32_C(0x1A673C75), UINT32_C(0x8D508C7D), UINT32_C(0x4831B7D3) } }, ++ { { UINT32_C(0xC552E354), UINT32_C(0x76512D1B), UINT32_C(0x273020FD), ++ UINT32_C(0x2B7EB6DF), UINT32_C(0x025A5F25), UINT32_C(0xD1C73AA8), ++ UINT32_C(0x5CBD2A40), UINT32_C(0x2ABA1929), UINT32_C(0xC88D61C6), ++ UINT32_C(0xB53CADC3), UINT32_C(0x098290F3), UINT32_C(0x7E66A95E) }, ++ { UINT32_C(0xAF4C5073), UINT32_C(0x72800ECB), UINT32_C(0x9DC63FAF), ++ UINT32_C(0x81F2725E), UINT32_C(0x282BA9D1), UINT32_C(0x14BF92A7), ++ UINT32_C(0xBD5F1BB2), UINT32_C(0x90629672), UINT32_C(0xA97C6C96), ++ UINT32_C(0x362F68EB), UINT32_C(0x7EA9D601), UINT32_C(0xB1D3BB8B) } }, ++ { { UINT32_C(0xA9C94429), UINT32_C(0x73878F7F), UINT32_C(0x456CA6D8), ++ UINT32_C(0xB35C3BC8), UINT32_C(0xF721923A), UINT32_C(0xD96F0B3C), ++ UINT32_C(0xE6D44FA1), UINT32_C(0x28D8F06C), UINT32_C(0xD5CD671A), ++ UINT32_C(0x94EFDCDC), UINT32_C(0x3F97D481), UINT32_C(0x0299AB93) }, ++ { UINT32_C(0x2FD1D324), UINT32_C(0xB7CED6EA), UINT32_C(0x7E932EC2), ++ UINT32_C(0xBD683208), UINT32_C(0xCB755A6E), UINT32_C(0x24ED31FB), ++ UINT32_C(0xE48781D2), UINT32_C(0xA636098E), UINT32_C(0xF0A4F297), ++ UINT32_C(0x8687C63C), UINT32_C(0x07478526), UINT32_C(0xBB523440) } }, ++ { { UINT32_C(0x34124B56), UINT32_C(0x2E5F7419), UINT32_C(0x4B3F02CA), ++ UINT32_C(0x1F223AE1), UINT32_C(0xE8336C7E), UINT32_C(0x6345B427), ++ UINT32_C(0xF5D0E3D0), UINT32_C(0x92123E16), UINT32_C(0x45E79F3A), ++ UINT32_C(0xDAF0D14D), UINT32_C(0x6F3BD0C6), UINT32_C(0x6ACA6765) }, ++ { UINT32_C(0x403813F4), UINT32_C(0xF6169FAB), UINT32_C(0x334A4C59), ++ UINT32_C(0x31DC39C0), UINT32_C(0xD589866D), UINT32_C(0x74C46753), ++ UINT32_C(0x984C6A5D), UINT32_C(0x5741511D), UINT32_C(0x97FED2D3), ++ UINT32_C(0xF2631287), UINT32_C(0x11614886), UINT32_C(0x5687CA1B) } }, ++ { { UINT32_C(0x33836D4B), UINT32_C(0x076D902A), UINT32_C(0x24AFB557), ++ UINT32_C(0xEC6C5C43), UINT32_C(0xA0516A0F), UINT32_C(0xA0FE2D1C), ++ UINT32_C(0x00D22ECC), UINT32_C(0x6FB8D737), UINT32_C(0xDAF1D7B3), ++ UINT32_C(0xF1DE9077), UINT32_C(0xD4C0C1EB), UINT32_C(0xE4695F77) }, ++ { UINT32_C(0xB4375573), UINT32_C(0x5F0FD8A8), UINT32_C(0x5E50944F), ++ UINT32_C(0x76238359), UINT32_C(0x635CD76F), UINT32_C(0x65EA2F28), ++ UINT32_C(0x25FDE7B0), UINT32_C(0x08547769), UINT32_C(0x51944304), ++ UINT32_C(0xB2345A2E), UINT32_C(0xA16C980D), UINT32_C(0x86EFA2F7) } }, ++ { { UINT32_C(0xBF4D1D63), UINT32_C(0x4CCBE2D0), UINT32_C(0x397366D5), ++ UINT32_C(0x32E33401), UINT32_C(0x71BDA2CE), UINT32_C(0xC83AFDDE), ++ UINT32_C(0x478ED9E6), UINT32_C(0x8DACE2AC), UINT32_C(0x763FDD9E), ++ UINT32_C(0x3AC6A559), UINT32_C(0xB398558F), UINT32_C(0x0FFDB04C) }, ++ { UINT32_C(0xAFB9D6B8), UINT32_C(0x6C1B99B2), UINT32_C(0x27F815DD), ++ UINT32_C(0x572BA39C), UINT32_C(0x0DBCF842), UINT32_C(0x9DE73EE7), ++ UINT32_C(0x29267B88), UINT32_C(0x2A3ED589), UINT32_C(0x15EBBBB3), ++ UINT32_C(0xD46A7FD3), UINT32_C(0xE29400C7), UINT32_C(0xD1D01863) } }, ++ { { UINT32_C(0xE1F89EC5), UINT32_C(0x8FB101D1), UINT32_C(0xF8508042), ++ UINT32_C(0xB87A1F53), UINT32_C(0x0ED7BEEF), UINT32_C(0x28C8DB24), ++ UINT32_C(0xACE8660A), UINT32_C(0x3940F845), UINT32_C(0xC6D453FD), ++ UINT32_C(0x4EACB619), UINT32_C(0x2BAD6160), UINT32_C(0x2E044C98) }, ++ { UINT32_C(0x80B16C02), UINT32_C(0x87928548), UINT32_C(0xC0A9EB64), ++ UINT32_C(0xF0D4BEB3), UINT32_C(0xC183C195), UINT32_C(0xD785B4AF), ++ UINT32_C(0x5E6C46EA), UINT32_C(0x23AAB0E6), UINT32_C(0xA930FECA), ++ UINT32_C(0x30F7E104), UINT32_C(0xD55C10FB), UINT32_C(0x6A1A7B8B) } }, ++ { { UINT32_C(0xDBFED1AA), UINT32_C(0xDA74EAEB), UINT32_C(0xDF0B025C), ++ UINT32_C(0xC8A59223), UINT32_C(0xD5B627F7), UINT32_C(0x7EF7DC85), ++ UINT32_C(0x197D7624), UINT32_C(0x02A13AE1), UINT32_C(0x2F785A9B), ++ UINT32_C(0x119E9BE1), UINT32_C(0x00D6B219), UINT32_C(0xC0B7572F) }, ++ { UINT32_C(0x6D4CAF30), UINT32_C(0x9B1E5126), UINT32_C(0x0A840BD1), ++ UINT32_C(0xA16A5117), UINT32_C(0x0E9CCF43), UINT32_C(0x5BE17B91), ++ UINT32_C(0x69CF2C9C), UINT32_C(0x5BDBEDDD), UINT32_C(0x4CF4F289), ++ UINT32_C(0x9FFBFBCF), UINT32_C(0x6C355CE9), UINT32_C(0xE1A62183) } }, ++ { { UINT32_C(0xA7B2FCCF), UINT32_C(0x056199D9), UINT32_C(0xCE1D784E), ++ UINT32_C(0x51F2E7B6), UINT32_C(0x339E2FF0), UINT32_C(0xA1D09C47), ++ UINT32_C(0xB836D0A9), UINT32_C(0xC8E64890), UINT32_C(0xC0D07EBE), ++ UINT32_C(0x2F781DCB), UINT32_C(0x3ACF934C), UINT32_C(0x5CF3C2AD) }, ++ { UINT32_C(0xA17E26AE), UINT32_C(0xE55DB190), UINT32_C(0x91245513), ++ UINT32_C(0xC9C61E1F), UINT32_C(0x61998C15), UINT32_C(0x83D7E6CF), ++ UINT32_C(0xE41D38E3), UINT32_C(0x4DB33C85), UINT32_C(0xC2FEE43D), ++ UINT32_C(0x74D5F91D), UINT32_C(0x36BBC826), UINT32_C(0x7EBBDB45) } }, ++ { { UINT32_C(0xCB655A9D), UINT32_C(0xE20EC7E9), UINT32_C(0x5C47D421), ++ UINT32_C(0x4977EB92), UINT32_C(0x3B9D72FA), UINT32_C(0xA237E12C), ++ UINT32_C(0xCBF7B145), UINT32_C(0xCAAEDBC1), UINT32_C(0x3B77AAA3), ++ UINT32_C(0x5200F5B2), UINT32_C(0xBDBE5380), UINT32_C(0x32EDED55) }, ++ { UINT32_C(0xE7C9B80A), UINT32_C(0x74E38A40), UINT32_C(0xAB6DE911), ++ UINT32_C(0x3A3F0CF8), UINT32_C(0xAD16AAF0), UINT32_C(0x56DCDD7A), ++ UINT32_C(0x8E861D5E), UINT32_C(0x3D292449), UINT32_C(0x985733E2), ++ UINT32_C(0xD6C61878), UINT32_C(0x6AA6CD5B), UINT32_C(0x2401FE7D) } }, ++ { { UINT32_C(0xB42E3686), UINT32_C(0xABB3DC75), UINT32_C(0xB4C57E61), ++ UINT32_C(0xAE712419), UINT32_C(0xB21B009B), UINT32_C(0x2C565F72), ++ UINT32_C(0x710C3699), UINT32_C(0xA5F1DA2E), UINT32_C(0xA5EBA59A), ++ UINT32_C(0x771099A0), UINT32_C(0xC10017A0), UINT32_C(0x4DA88F4A) }, ++ { UINT32_C(0x1927B56D), UINT32_C(0x987FFFD3), UINT32_C(0xC4E33478), ++ UINT32_C(0xB98CB8EC), UINT32_C(0xC2248166), UINT32_C(0xB224A971), ++ UINT32_C(0xDE1DC794), UINT32_C(0x5470F554), UINT32_C(0xE31FF983), ++ UINT32_C(0xD747CC24), UINT32_C(0xB5B22DAE), UINT32_C(0xB91745E9) } }, ++ { { UINT32_C(0x72F34420), UINT32_C(0x6CCBFED0), UINT32_C(0xA53039D2), ++ UINT32_C(0x95045E4D), UINT32_C(0x5A793944), UINT32_C(0x3B6C1154), ++ UINT32_C(0xDDB6B799), UINT32_C(0xAA114145), UINT32_C(0x252B7637), ++ UINT32_C(0xABC15CA4), UINT32_C(0xA5744634), UINT32_C(0x5745A35B) }, ++ { UINT32_C(0xDA596FC0), UINT32_C(0x05DC6BDE), UINT32_C(0xA8020881), ++ UINT32_C(0xCD52C18C), UINT32_C(0xD296BAD0), UINT32_C(0x03FA9F47), ++ UINT32_C(0x7268E139), UINT32_C(0xD8E2C129), UINT32_C(0x9EC450B0), ++ UINT32_C(0x58C1A98D), UINT32_C(0xDE48B20D), UINT32_C(0x909638DA) } }, ++ { { UINT32_C(0x9B7F8311), UINT32_C(0x7AFC30D4), UINT32_C(0x42368EA3), ++ UINT32_C(0x82A00422), UINT32_C(0x6F5F9865), UINT32_C(0xBFF95198), ++ UINT32_C(0xFC0A070F), UINT32_C(0x9B24F612), UINT32_C(0x620F489D), ++ UINT32_C(0x22C06CF2), UINT32_C(0x780F7DBB), UINT32_C(0x3C7ED052) }, ++ { UINT32_C(0x34DAFE9B), UINT32_C(0xDB87AB18), UINT32_C(0x9C4BBCA1), ++ UINT32_C(0x20C03B40), UINT32_C(0x59A42341), UINT32_C(0x5D718CF0), ++ UINT32_C(0x69E84538), UINT32_C(0x98631706), UINT32_C(0xD27D64E1), ++ UINT32_C(0x5557192B), UINT32_C(0xDA822766), UINT32_C(0x08B4EC52) } }, ++ { { UINT32_C(0xD66C1A59), UINT32_C(0xB2D986F6), UINT32_C(0x78E0E423), ++ UINT32_C(0x927DEB16), UINT32_C(0x49C3DEDC), UINT32_C(0x9E673CDE), ++ UINT32_C(0xF7ECB6CF), UINT32_C(0xFA362D84), UINT32_C(0x1BA17340), ++ UINT32_C(0x078E5F40), UINT32_C(0x1F4E489C), UINT32_C(0x934CA5D1) }, ++ { UINT32_C(0x64EEF493), UINT32_C(0xC03C0731), UINT32_C(0xD7931A7E), ++ UINT32_C(0x631A353B), UINT32_C(0x65DD74F1), UINT32_C(0x8E7CC3BB), ++ UINT32_C(0x702676A5), UINT32_C(0xD55864C5), UINT32_C(0x439F04BD), ++ UINT32_C(0x6D306AC4), UINT32_C(0x2BAFED57), UINT32_C(0x58544F67) } }, ++ }, ++ { ++ { { UINT32_C(0xEC074AEA), UINT32_C(0xB083BA6A), UINT32_C(0x7F0B505B), ++ UINT32_C(0x46FAC5EF), UINT32_C(0xFC82DC03), UINT32_C(0x95367A21), ++ UINT32_C(0x9D3679D8), UINT32_C(0x227BE26A), UINT32_C(0x7E9724C0), ++ UINT32_C(0xC70F6D6C), UINT32_C(0xF9EBEC0F), UINT32_C(0xCD68C757) }, ++ { UINT32_C(0x8FF321B2), UINT32_C(0x29DDE03E), UINT32_C(0x031939DC), ++ UINT32_C(0xF84AD7BB), UINT32_C(0x0F602F4B), UINT32_C(0xDAF590C9), ++ UINT32_C(0x49722BC4), UINT32_C(0x17C52888), UINT32_C(0x089B22B6), ++ UINT32_C(0xA8DF99F0), UINT32_C(0xE59B9B90), UINT32_C(0xC21BC5D4) } }, ++ { { UINT32_C(0x8A31973F), UINT32_C(0x4936C6A0), UINT32_C(0x83B8C205), ++ UINT32_C(0x54D442FA), UINT32_C(0x5714F2C6), UINT32_C(0x03AEE8B4), ++ UINT32_C(0x3F5AC25A), UINT32_C(0x139BD692), UINT32_C(0xB5B33794), ++ UINT32_C(0x6A2E42BA), UINT32_C(0x3FF7BBA9), UINT32_C(0x50FA1164) }, ++ { UINT32_C(0xF7E2C099), UINT32_C(0xB61D8643), UINT32_C(0xBD5C6637), ++ UINT32_C(0x2366C993), UINT32_C(0x72EB77FA), UINT32_C(0x62110E14), ++ UINT32_C(0x3B99C635), UINT32_C(0x3D5B96F1), UINT32_C(0xF674C9F2), ++ UINT32_C(0x956ECF64), UINT32_C(0xEF2BA250), UINT32_C(0xC56F7E51) } }, ++ { { UINT32_C(0xFF602C1B), UINT32_C(0x246FFCB6), UINT32_C(0x6E1258E0), ++ UINT32_C(0x1E1A1D74), UINT32_C(0x250E6676), UINT32_C(0xB4B43AE2), ++ UINT32_C(0x924CE5FA), UINT32_C(0x95C1B5F0), UINT32_C(0xEBD8C776), ++ UINT32_C(0x2555795B), UINT32_C(0xACD9D9D0), UINT32_C(0x4C1E03DC) }, ++ { UINT32_C(0x9CE90C61), UINT32_C(0xE1D74AA6), UINT32_C(0xA9C4B9F9), ++ UINT32_C(0xA88C0769), UINT32_C(0x95AF56DE), UINT32_C(0xDF74DF27), ++ UINT32_C(0xB331B6F4), UINT32_C(0x24B10C5F), UINT32_C(0x6559E137), ++ UINT32_C(0xB0A6DF9A), UINT32_C(0xC06637F2), UINT32_C(0x6ACC1B8F) } }, ++ { { UINT32_C(0x34B4E381), UINT32_C(0xBD8C0868), UINT32_C(0x30DFF271), ++ UINT32_C(0x278CACC7), UINT32_C(0x02459389), UINT32_C(0x87ED12DE), ++ UINT32_C(0xDEF840B6), UINT32_C(0x3F7D98FF), UINT32_C(0x5F0B56E1), ++ UINT32_C(0x71EEE0CB), UINT32_C(0xD8D9BE87), UINT32_C(0x462B5C9B) }, ++ { UINT32_C(0x98094C0F), UINT32_C(0xE6B50B5A), UINT32_C(0x508C67CE), ++ UINT32_C(0x26F3B274), UINT32_C(0x7CB1F992), UINT32_C(0x418B1BD1), ++ UINT32_C(0x4FF11827), UINT32_C(0x607818ED), UINT32_C(0x9B042C63), ++ UINT32_C(0xE630D93A), UINT32_C(0x8C779AE3), UINT32_C(0x38B9EFF3) } }, ++ { { UINT32_C(0x729C5431), UINT32_C(0xE8767D36), UINT32_C(0xBB94642C), ++ UINT32_C(0xA8BD07C0), UINT32_C(0x58F2E5B2), UINT32_C(0x0C11FC8E), ++ UINT32_C(0x547533FE), UINT32_C(0xD8912D48), UINT32_C(0x230D91FB), ++ UINT32_C(0xAAE14F5E), UINT32_C(0x676DFBA0), UINT32_C(0xC122051A) }, ++ { UINT32_C(0x5EA93078), UINT32_C(0x9ED4501F), UINT32_C(0xBD4BEE0A), ++ UINT32_C(0x2758515C), UINT32_C(0x94D21F52), UINT32_C(0x97733C6C), ++ UINT32_C(0x4AD306A2), UINT32_C(0x139BCD6D), UINT32_C(0x298123CC), ++ UINT32_C(0x0AAECBDC), UINT32_C(0x1CB7C7C9), UINT32_C(0x102B8A31) } }, ++ { { UINT32_C(0xFAF46675), UINT32_C(0x22A28E59), UINT32_C(0x10A31E7D), ++ UINT32_C(0x10757308), UINT32_C(0x2B4C2F4F), UINT32_C(0xC7EEAC84), ++ UINT32_C(0xB5EF5184), UINT32_C(0xBA370148), UINT32_C(0x8732E055), ++ UINT32_C(0x4A5A2866), UINT32_C(0xB887C36F), UINT32_C(0x14B8DCDC) }, ++ { UINT32_C(0x433F093D), UINT32_C(0xDBA8C85C), UINT32_C(0x1C9A201C), ++ UINT32_C(0x73DF549D), UINT32_C(0x70F927D8), UINT32_C(0x69AA0D7B), ++ UINT32_C(0xD7D2493A), UINT32_C(0xFA3A8685), UINT32_C(0x0A7F4013), ++ UINT32_C(0x6F48A255), UINT32_C(0xDD393067), UINT32_C(0xD20C8BF9) } }, ++ { { UINT32_C(0x81625E78), UINT32_C(0x4EC874EA), UINT32_C(0x3FBE9267), ++ UINT32_C(0x8B8D8B5A), UINT32_C(0x9421EC2F), UINT32_C(0xA3D9D164), ++ UINT32_C(0x880EA295), UINT32_C(0x490E92D9), UINT32_C(0xD8F3B6DA), ++ UINT32_C(0x745D1EDC), UINT32_C(0x8F18BA03), UINT32_C(0x0116628B) }, ++ { UINT32_C(0x834EADCE), UINT32_C(0x0FF6BCE0), UINT32_C(0x000827F7), ++ UINT32_C(0x464697F2), UINT32_C(0x498D724E), UINT32_C(0x08DCCF84), ++ UINT32_C(0x1E88304C), UINT32_C(0x7896D365), UINT32_C(0x135E3622), ++ UINT32_C(0xE63EBCCE), UINT32_C(0xDC007521), UINT32_C(0xFB942E8E) } }, ++ { { UINT32_C(0xA3688621), UINT32_C(0xBB155A66), UINT32_C(0xF91B52A3), ++ UINT32_C(0xED2FD7CD), UINT32_C(0xEA20CB88), UINT32_C(0x52798F5D), ++ UINT32_C(0x373F7DD8), UINT32_C(0x069CE105), UINT32_C(0x8CA78F6B), ++ UINT32_C(0xF9392EC7), UINT32_C(0x6B335169), UINT32_C(0xB3013E25) }, ++ { UINT32_C(0x6B11715C), UINT32_C(0x1D92F800), UINT32_C(0xFF9DC464), ++ UINT32_C(0xADD4050E), UINT32_C(0x8465B84A), UINT32_C(0x2AC22659), ++ UINT32_C(0x465B2BD6), UINT32_C(0x2729D646), UINT32_C(0xE4EFF9DD), ++ UINT32_C(0x6202344A), UINT32_C(0xCD9B90B9), UINT32_C(0x51F3198F) } }, ++ { { UINT32_C(0xE5F0AE1D), UINT32_C(0x17CE54EF), UINT32_C(0xB09852AF), ++ UINT32_C(0x984E8204), UINT32_C(0xC4B27A71), UINT32_C(0x3365B37A), ++ UINT32_C(0xA00E0A9C), UINT32_C(0x720E3152), UINT32_C(0x925BD606), ++ UINT32_C(0x3692F70D), UINT32_C(0x7BC7E9AB), UINT32_C(0xBE6E699D) }, ++ { UINT32_C(0x4C89A3C0), UINT32_C(0xD75C041F), UINT32_C(0x8DC100C0), ++ UINT32_C(0x8B9F592D), UINT32_C(0xAD228F71), UINT32_C(0x30750F3A), ++ UINT32_C(0xE8B17A11), UINT32_C(0x1B9ECF84), UINT32_C(0x0FBFA8A2), ++ UINT32_C(0xDF202562), UINT32_C(0xAA1B6D67), UINT32_C(0x45C811FC) } }, ++ { { UINT32_C(0x1A5151F8), UINT32_C(0xEC5B84B7), UINT32_C(0x550AB2D2), ++ UINT32_C(0x118E59E8), UINT32_C(0x049BD735), UINT32_C(0x2CCDEDA4), ++ UINT32_C(0x9CD62F0F), UINT32_C(0xC99CBA71), UINT32_C(0x62C9E4F8), ++ UINT32_C(0x69B8040A), UINT32_C(0x110B8283), UINT32_C(0x16F1A31A) }, ++ { UINT32_C(0x98E908A3), UINT32_C(0x53F63802), UINT32_C(0xD862F9DE), ++ UINT32_C(0x308CB6EF), UINT32_C(0xA521A95A), UINT32_C(0xE185DAD8), ++ UINT32_C(0x097F75CA), UINT32_C(0x4D8FE9A4), UINT32_C(0x1CA07D53), ++ UINT32_C(0xD1ECCEC7), UINT32_C(0x0DB07E83), UINT32_C(0x13DFA1DC) } }, ++ { { UINT32_C(0x0F591A76), UINT32_C(0xDDAF9DC6), UINT32_C(0x1685F412), ++ UINT32_C(0xE1A6D7CC), UINT32_C(0x002B6E8D), UINT32_C(0x153DE557), ++ UINT32_C(0xC6DA37D9), UINT32_C(0x730C38BC), UINT32_C(0x0914B597), ++ UINT32_C(0xAE180622), UINT32_C(0xDD8C3A0A), UINT32_C(0x84F98103) }, ++ { UINT32_C(0x8DA205B0), UINT32_C(0x369C5398), UINT32_C(0x3888A720), ++ UINT32_C(0xA3D95B81), UINT32_C(0xE10E2806), UINT32_C(0x1F3F8BBF), ++ UINT32_C(0x4530D1F3), UINT32_C(0x48663DF5), UINT32_C(0x3E377713), ++ UINT32_C(0x320523B4), UINT32_C(0xC7894814), UINT32_C(0xE8B1A575) } }, ++ { { UINT32_C(0x2EE8EA07), UINT32_C(0x33066871), UINT32_C(0x60DA199D), ++ UINT32_C(0xC6FB4EC5), UINT32_C(0xF4370A05), UINT32_C(0x33231860), ++ UINT32_C(0xC6DE4E26), UINT32_C(0x7ABECE72), UINT32_C(0xEBDECE7A), ++ UINT32_C(0xDE8D4BD8), UINT32_C(0x1CBE93C7), UINT32_C(0xC90EE657) }, ++ { UINT32_C(0x85AC2509), UINT32_C(0x0246751B), UINT32_C(0x30380245), ++ UINT32_C(0xD0EF142C), UINT32_C(0x7C76E39C), UINT32_C(0x086DF9C4), ++ UINT32_C(0xB789FB56), UINT32_C(0x68F1304F), UINT32_C(0xA5E4BD56), ++ UINT32_C(0x23E4CB98), UINT32_C(0x64663DCA), UINT32_C(0x69A4C63C) } }, ++ { { UINT32_C(0x7CB34E63), UINT32_C(0x6C72B6AF), UINT32_C(0x6DFC23FE), ++ UINT32_C(0x073C40CD), UINT32_C(0xC936693A), UINT32_C(0xBDEEE7A1), ++ UINT32_C(0x6EFAD378), UINT32_C(0xBC858E80), UINT32_C(0xF5BE55D4), ++ UINT32_C(0xEAD719FF), UINT32_C(0x04552F5F), UINT32_C(0xC8C3238F) }, ++ { UINT32_C(0x928D5784), UINT32_C(0x0952C068), UINT32_C(0x94C58F2B), ++ UINT32_C(0x89DFDF22), UINT32_C(0x67502C50), UINT32_C(0x332DEDF3), ++ UINT32_C(0xAC0BE258), UINT32_C(0x3ED2FA3A), UINT32_C(0x7C5C8244), ++ UINT32_C(0xAEDC9B8A), UINT32_C(0xDC0EA34F), UINT32_C(0x43A761B9) } }, ++ { { UINT32_C(0xCC5E21A5), UINT32_C(0x8FD683A2), UINT32_C(0xFBA2BB68), ++ UINT32_C(0x5F444C6E), UINT32_C(0xAF05586D), UINT32_C(0x709ACD0E), ++ UINT32_C(0xDE8FB348), UINT32_C(0x8EFA54D2), UINT32_C(0x34CFE29E), ++ UINT32_C(0x35276B71), UINT32_C(0x941EAC8C), UINT32_C(0x77A06FCD) }, ++ { UINT32_C(0x928322DD), UINT32_C(0x5815792D), UINT32_C(0x67F7CB59), ++ UINT32_C(0x82FF356B), UINT32_C(0x304980F4), UINT32_C(0x71E40A78), ++ UINT32_C(0x3667D021), UINT32_C(0xC8645C27), UINT32_C(0xAEBAE28F), ++ UINT32_C(0xE785741C), UINT32_C(0x53ECAC37), UINT32_C(0xB2C1BC75) } }, ++ { { UINT32_C(0x1D0A74DB), UINT32_C(0x633EB24F), UINT32_C(0xFA752512), ++ UINT32_C(0xF1F55E56), UINT32_C(0x8EFE11DE), UINT32_C(0x75FECA68), ++ UINT32_C(0xE6BF19EC), UINT32_C(0xC80FD91C), UINT32_C(0x2A14C908), ++ UINT32_C(0xAD0BAFEC), UINT32_C(0xADE4031F), UINT32_C(0x4E1C4ACA) }, ++ { UINT32_C(0x1EB1549A), UINT32_C(0x463A815B), UINT32_C(0x668F1298), ++ UINT32_C(0x5AD4253C), UINT32_C(0x38A37151), UINT32_C(0x5CB38662), ++ UINT32_C(0xAFF16B96), UINT32_C(0x34BB1CCF), UINT32_C(0xEE731AB0), ++ UINT32_C(0xDCA93B13), UINT32_C(0x9BE01A0B), UINT32_C(0x9F3CE5CC) } }, ++ { { UINT32_C(0xA110D331), UINT32_C(0x75DB5723), UINT32_C(0x7123D89F), ++ UINT32_C(0x67C66F6A), UINT32_C(0x4009D570), UINT32_C(0x27ABBD4B), ++ UINT32_C(0xC73451BC), UINT32_C(0xACDA6F84), UINT32_C(0x05575ACF), ++ UINT32_C(0xE4B9A239), UINT32_C(0xAB2D3D6C), UINT32_C(0x3C2DB7EF) }, ++ { UINT32_C(0x29115145), UINT32_C(0x01CCDD08), UINT32_C(0x57B5814A), ++ UINT32_C(0x9E0602FE), UINT32_C(0x87862838), UINT32_C(0x679B35C2), ++ UINT32_C(0x38AD598D), UINT32_C(0x0277DC4C), UINT32_C(0x6D896DD4), ++ UINT32_C(0xEF80A213), UINT32_C(0xE7B9047B), UINT32_C(0xC8812213) } }, ++ }, ++ { ++ { { UINT32_C(0xEDC9CE62), UINT32_C(0xAC6DBDF6), UINT32_C(0x0F9C006E), ++ UINT32_C(0xA58F5B44), UINT32_C(0xDC28E1B0), UINT32_C(0x16694DE3), ++ UINT32_C(0xA6647711), UINT32_C(0x2D039CF2), UINT32_C(0xC5B08B4B), ++ UINT32_C(0xA13BBE6F), UINT32_C(0x10EBD8CE), UINT32_C(0xE44DA930) }, ++ { UINT32_C(0x19649A16), UINT32_C(0xCD472087), UINT32_C(0x683E5DF1), ++ UINT32_C(0xE18F4E44), UINT32_C(0x929BFA28), UINT32_C(0xB3F66303), ++ UINT32_C(0x818249BF), UINT32_C(0x7C378E43), UINT32_C(0x847F7CD9), ++ UINT32_C(0x76068C80), UINT32_C(0x987EBA16), UINT32_C(0xEE3DB6D1) } }, ++ { { UINT32_C(0xC42A2F52), UINT32_C(0xCBBD8576), UINT32_C(0x9D2B06BB), ++ UINT32_C(0x9ACC6F70), UINT32_C(0x2E6B72A4), UINT32_C(0xE5CB5620), ++ UINT32_C(0x7C024443), UINT32_C(0x5738EA0E), UINT32_C(0xB55368F3), ++ UINT32_C(0x8ED06170), UINT32_C(0x1AEED44F), UINT32_C(0xE54C99BB) }, ++ { UINT32_C(0xE2E0D8B2), UINT32_C(0x3D90A6B2), UINT32_C(0xCF7B2856), ++ UINT32_C(0x21718977), UINT32_C(0xC5612AEC), UINT32_C(0x089093DC), ++ UINT32_C(0x99C1BACC), UINT32_C(0xC272EF6F), UINT32_C(0xDC43EAAD), ++ UINT32_C(0x47DB3B43), UINT32_C(0x0832D891), UINT32_C(0x730F30E4) } }, ++ { { UINT32_C(0x0C7FECDB), UINT32_C(0x9FFE5563), UINT32_C(0xF88101E5), ++ UINT32_C(0x55CC67B6), UINT32_C(0xCBEFA3C7), UINT32_C(0x3039F981), ++ UINT32_C(0x667BFD64), UINT32_C(0x2AB06883), UINT32_C(0x4340E3DF), ++ UINT32_C(0x9007A257), UINT32_C(0x5A3A49CA), UINT32_C(0x1AC3F3FA) }, ++ { UINT32_C(0xC97E20FD), UINT32_C(0x9C7BE629), UINT32_C(0xA3DAE003), ++ UINT32_C(0xF61823D3), UINT32_C(0xE7380DBA), UINT32_C(0xFFE7FF39), ++ UINT32_C(0x9FACC3B8), UINT32_C(0x620BB9B5), UINT32_C(0x31AE422C), ++ UINT32_C(0x2DDCB8CD), UINT32_C(0xD12C3C43), UINT32_C(0x1DE3BCFA) } }, ++ { { UINT32_C(0xD6E0F9A9), UINT32_C(0x8C074946), UINT32_C(0x51C3B05B), ++ UINT32_C(0x662FA995), UINT32_C(0x04BB2048), UINT32_C(0x6CDAE969), ++ UINT32_C(0xD6DC8B60), UINT32_C(0x6DEC9594), UINT32_C(0x54438BBC), ++ UINT32_C(0x8D265869), UINT32_C(0x1B0E95A5), UINT32_C(0x88E983E3) }, ++ { UINT32_C(0x60CBF838), UINT32_C(0x8189F114), UINT32_C(0x771DC46B), ++ UINT32_C(0x77190697), UINT32_C(0x27F8EC1A), UINT32_C(0x775775A2), ++ UINT32_C(0x607E3739), UINT32_C(0x7A125240), UINT32_C(0x4F793E4E), ++ UINT32_C(0xAFAE84E7), UINT32_C(0x5BF5BAF4), UINT32_C(0x44FA17F3) } }, ++ { { UINT32_C(0xD03AC439), UINT32_C(0xA21E69A5), UINT32_C(0x88AA8094), ++ UINT32_C(0x2069C5FC), UINT32_C(0x8C08F206), UINT32_C(0xB041EEA7), ++ UINT32_C(0x3D65B8ED), UINT32_C(0x55B9D461), UINT32_C(0xD392C7C4), ++ UINT32_C(0x951EA25C), UINT32_C(0x9D166232), UINT32_C(0x4B9A1CEC) }, ++ { UINT32_C(0xFCF931A4), UINT32_C(0xC184FCD8), UINT32_C(0x063AD374), ++ UINT32_C(0xBA59AD44), UINT32_C(0x1AA9796F), UINT32_C(0x1868AD2A), ++ UINT32_C(0xDFF29832), UINT32_C(0x38A34018), UINT32_C(0x03DF8070), ++ UINT32_C(0x01FC8801), UINT32_C(0x48DD334A), UINT32_C(0x1282CCE0) } }, ++ { { UINT32_C(0x26D8503C), UINT32_C(0x76AA9557), UINT32_C(0x6BC3E3D0), ++ UINT32_C(0xBE962B63), UINT32_C(0x97DE8841), UINT32_C(0xF5CA93E5), ++ UINT32_C(0xAF3F2C16), UINT32_C(0x1561B05E), UINT32_C(0xD34BFF98), ++ UINT32_C(0x34BE00AA), UINT32_C(0xD23D2925), UINT32_C(0xEA21E6E9) }, ++ { UINT32_C(0x394C3AFB), UINT32_C(0x55713230), UINT32_C(0xD6C8BECA), ++ UINT32_C(0xEAF0529B), UINT32_C(0x202B9A11), UINT32_C(0xFF38A743), ++ UINT32_C(0x6D3A398B), UINT32_C(0xA13E39FC), UINT32_C(0x86E2615A), ++ UINT32_C(0x8CBD644B), UINT32_C(0x191057EC), UINT32_C(0x92063988) } }, ++ { { UINT32_C(0x13F89146), UINT32_C(0x787835CE), UINT32_C(0x69446C3F), ++ UINT32_C(0x7FCD42CC), UINT32_C(0x840E679D), UINT32_C(0x0DA2AA98), ++ UINT32_C(0x18779A1B), UINT32_C(0x44F20523), UINT32_C(0xEFBF5935), ++ UINT32_C(0xE3A3B34F), UINT32_C(0xB9947B70), UINT32_C(0xA5D2CFD0) }, ++ { UINT32_C(0x27F4E16F), UINT32_C(0xAE2AF4EF), UINT32_C(0xB9D21322), ++ UINT32_C(0xA7FA70D2), UINT32_C(0xB3FD566B), UINT32_C(0x68084919), ++ UINT32_C(0xD7AAD6AB), UINT32_C(0xF04D71C8), UINT32_C(0x10BC4260), ++ UINT32_C(0xDBEA21E4), UINT32_C(0x8D949B42), UINT32_C(0xAA7DC665) } }, ++ { { UINT32_C(0x6CCB8213), UINT32_C(0xD8E958A0), UINT32_C(0x91900B54), ++ UINT32_C(0x118D9DB9), UINT32_C(0x85E8CED6), UINT32_C(0x09BB9D49), ++ UINT32_C(0x24019281), UINT32_C(0x410E9FB5), UINT32_C(0x6D74C86E), ++ UINT32_C(0x3B31B4E1), UINT32_C(0x020BB77D), UINT32_C(0x52BC0252) }, ++ { UINT32_C(0x27092CE4), UINT32_C(0x5616A26F), UINT32_C(0xA08F65CD), ++ UINT32_C(0x67774DBC), UINT32_C(0xC08BD569), UINT32_C(0x560AD494), ++ UINT32_C(0xAD498783), UINT32_C(0xBE26DA36), UINT32_C(0x7F019C91), ++ UINT32_C(0x0276C8AB), UINT32_C(0x5248266E), UINT32_C(0x09843ADA) } }, ++ { { UINT32_C(0x7D963CF2), UINT32_C(0xA0AE88A7), UINT32_C(0xD0E84920), ++ UINT32_C(0x91EF8986), UINT32_C(0xF8C58104), UINT32_C(0xC7EFE344), ++ UINT32_C(0xECA20773), UINT32_C(0x0A25D9FD), UINT32_C(0x00D8F1D5), ++ UINT32_C(0x9D989FAA), UINT32_C(0xC8B06264), UINT32_C(0x4204C8CE) }, ++ { UINT32_C(0xBE1A2796), UINT32_C(0x717C12E0), UINT32_C(0xC190C728), ++ UINT32_C(0x1FA4BA8C), UINT32_C(0x8C8A59BA), UINT32_C(0xA245CA8D), ++ UINT32_C(0x7672B935), UINT32_C(0xE3C37475), UINT32_C(0x2E4D6375), ++ UINT32_C(0x083D5E40), UINT32_C(0x5455E16E), UINT32_C(0x0B8D5AB3) } }, ++ { { UINT32_C(0xEED765D4), UINT32_C(0x1DB17DBF), UINT32_C(0xA5DDB965), ++ UINT32_C(0xBBC9B1BE), UINT32_C(0xDFC12ABC), UINT32_C(0x1948F76D), ++ UINT32_C(0x134EF489), UINT32_C(0x2C2714E5), UINT32_C(0x741C600F), ++ UINT32_C(0x60CE2EE8), UINT32_C(0xF80E6E63), UINT32_C(0x32396F22) }, ++ { UINT32_C(0x22537F59), UINT32_C(0x421DAC75), UINT32_C(0x49475DF5), ++ UINT32_C(0x58FB73C6), UINT32_C(0x6F18F1C7), UINT32_C(0x0ABF2885), ++ UINT32_C(0x9A398D16), UINT32_C(0x36474468), UINT32_C(0xBF673B87), ++ UINT32_C(0x87A661A7), UINT32_C(0x73819E17), UINT32_C(0x3E80698F) } }, ++ { { UINT32_C(0x53784CC4), UINT32_C(0xDFE49793), UINT32_C(0x486D508F), ++ UINT32_C(0x4280EAB0), UINT32_C(0xE534F5A4), UINT32_C(0x119593FF), ++ UINT32_C(0x9F63242F), UINT32_C(0x98AEFADD), UINT32_C(0xC4829CAE), ++ UINT32_C(0x9AE6A24A), UINT32_C(0x58E8BA80), UINT32_C(0xF2373CA5) }, ++ { UINT32_C(0x51765FB3), UINT32_C(0x4017AF7E), UINT32_C(0xAF4AEC4B), ++ UINT32_C(0xD1E40F7C), UINT32_C(0x0898E3BC), UINT32_C(0x87372C7A), ++ UINT32_C(0x85452CA9), UINT32_C(0x688982B2), UINT32_C(0xB1E50BCA), ++ UINT32_C(0x71E0B4BF), UINT32_C(0xF70E714A), UINT32_C(0x21FD2DBF) } }, ++ { { UINT32_C(0xFB78DDAC), UINT32_C(0xEE6E8820), UINT32_C(0x063892CD), ++ UINT32_C(0x0BAED29C), UINT32_C(0x28C0588D), UINT32_C(0x5F33049C), ++ UINT32_C(0x18DBC432), UINT32_C(0x90C2515E), UINT32_C(0x3B4CB0BD), ++ UINT32_C(0xB8A1B143), UINT32_C(0x68103043), UINT32_C(0x0AB5C0C9) }, ++ { UINT32_C(0x4005EC40), UINT32_C(0xF3788FA0), UINT32_C(0x039EE115), ++ UINT32_C(0x82571C99), UINT32_C(0x93260BED), UINT32_C(0xEE8FCED5), ++ UINT32_C(0x10836D18), UINT32_C(0x5A9BAF79), UINT32_C(0xC46AA4F6), ++ UINT32_C(0x7C258B09), UINT32_C(0x37F53D31), UINT32_C(0x46ECC5E8) } }, ++ { { UINT32_C(0xBFE0DD98), UINT32_C(0xFA32C0DC), UINT32_C(0x962B1066), ++ UINT32_C(0x66EFAFC4), UINT32_C(0x64BDF5EB), UINT32_C(0xBA81D33E), ++ UINT32_C(0xFC7FC512), UINT32_C(0x36C28536), UINT32_C(0xE0B4FA97), ++ UINT32_C(0x0C95176B), UINT32_C(0x3B9BC64A), UINT32_C(0x47DDE29B) }, ++ { UINT32_C(0x5C173B36), UINT32_C(0x08D986FD), UINT32_C(0x6CF3F28C), ++ UINT32_C(0x46D84B52), UINT32_C(0xF026BDB9), UINT32_C(0x6F6ED6C3), ++ UINT32_C(0x68206DC5), UINT32_C(0xAC90668B), UINT32_C(0xECBE4E70), ++ UINT32_C(0xE8ED5D98), UINT32_C(0xDC1A6974), UINT32_C(0xCFFF61DD) } }, ++ { { UINT32_C(0x77B1A5C1), UINT32_C(0xFF5C3A29), UINT32_C(0x0DDF995D), ++ UINT32_C(0x10C27E4A), UINT32_C(0xE23363E3), UINT32_C(0xCB745F77), ++ UINT32_C(0x32F399A3), UINT32_C(0xD765DF6F), UINT32_C(0x8A99E109), ++ UINT32_C(0xF0CA0C2F), UINT32_C(0x1E025CA0), UINT32_C(0xC3A6BFB7) }, ++ { UINT32_C(0x4F9D9FA5), UINT32_C(0x830B2C0A), UINT32_C(0xBD1A84E5), ++ UINT32_C(0xAE914CAC), UINT32_C(0xA4FEBCC1), UINT32_C(0x30B35ED8), ++ UINT32_C(0x84CFBF2E), UINT32_C(0xCB902B46), UINT32_C(0x25FC6375), ++ UINT32_C(0x0BD47628), UINT32_C(0x85509D04), UINT32_C(0xA858A53C) } }, ++ { { UINT32_C(0x552E0A3F), UINT32_C(0x8B995D0C), UINT32_C(0x17BE9FF7), ++ UINT32_C(0xEDBD4E94), UINT32_C(0x95085178), UINT32_C(0x3432E839), ++ UINT32_C(0x80C256F5), UINT32_C(0x0FE5C181), UINT32_C(0xEBF9597C), ++ UINT32_C(0x05A64EA8), UINT32_C(0x3F80371F), UINT32_C(0x6ED44BB1) }, ++ { UINT32_C(0xFE4C12EE), UINT32_C(0x6A29A05E), UINT32_C(0xE0BB83B3), ++ UINT32_C(0x3E436A43), UINT32_C(0x74D72921), UINT32_C(0x38365D9A), ++ UINT32_C(0xC38E1ED7), UINT32_C(0x3F5EE823), UINT32_C(0xE8FA063F), ++ UINT32_C(0x09A53213), UINT32_C(0xB435E713), UINT32_C(0x1E7FE47A) } }, ++ { { UINT32_C(0xFDDD17F3), UINT32_C(0xE4D9BC94), UINT32_C(0xC1016C20), ++ UINT32_C(0xC74B8FED), UINT32_C(0xB49C060E), UINT32_C(0x095DE39B), ++ UINT32_C(0x8AC0DF00), UINT32_C(0xDBCC6795), UINT32_C(0x1C34F4DF), ++ UINT32_C(0x4CF6BAEB), UINT32_C(0xE8390170), UINT32_C(0x72C55C21) }, ++ { UINT32_C(0xF6C48E79), UINT32_C(0x4F17BFD2), UINT32_C(0x017A80BA), ++ UINT32_C(0x18BF4DA0), UINT32_C(0xBCF4B138), UINT32_C(0xCF51D829), ++ UINT32_C(0xF48F8B0D), UINT32_C(0x598AEE5F), UINT32_C(0x20F10809), ++ UINT32_C(0x83FAEE56), UINT32_C(0x779F0850), UINT32_C(0x4615D4DC) } }, ++ }, ++ { ++ { { UINT32_C(0x5852B59B), UINT32_C(0x22313DEE), UINT32_C(0xB6A0B37F), ++ UINT32_C(0x6F56C8E8), UINT32_C(0xA76EC380), UINT32_C(0x43D6EEAE), ++ UINT32_C(0x0275AD36), UINT32_C(0xA1655136), UINT32_C(0xDF095BDA), ++ UINT32_C(0xE5C1B65A), UINT32_C(0x367C44B0), UINT32_C(0xBD1FFA8D) }, ++ { UINT32_C(0x6B48AF2B), UINT32_C(0xE2B419C2), UINT32_C(0x3DA194C8), ++ UINT32_C(0x57BBBD97), UINT32_C(0xA2BAFF05), UINT32_C(0xB5FBE51F), ++ UINT32_C(0x6269B5D0), UINT32_C(0xA0594D70), UINT32_C(0x23E8D667), ++ UINT32_C(0x0B07B705), UINT32_C(0x63E016E7), UINT32_C(0xAE1976B5) } }, ++ { { UINT32_C(0xFBECAAAE), UINT32_C(0x2FDE4893), UINT32_C(0x30332229), ++ UINT32_C(0x444346DE), UINT32_C(0x09456ED5), UINT32_C(0x157B8A5B), ++ UINT32_C(0x25797C6C), UINT32_C(0x73606A79), UINT32_C(0x33C14C06), ++ UINT32_C(0xA9D0F47C), UINT32_C(0xFAF971CA), UINT32_C(0x7BC8962C) }, ++ { UINT32_C(0x65909DFD), UINT32_C(0x6E763C51), UINT32_C(0x14A9BF42), ++ UINT32_C(0x1BBBE41B), UINT32_C(0xC49E9EFC), UINT32_C(0xD95B7ECB), ++ UINT32_C(0xB38F2B59), UINT32_C(0x0C317927), UINT32_C(0xB3C397DB), ++ UINT32_C(0x97912B53), UINT32_C(0x45C7ABC7), UINT32_C(0xCB3879AA) } }, ++ { { UINT32_C(0x24359B81), UINT32_C(0xCD81BDCF), UINT32_C(0xDB4C321C), ++ UINT32_C(0x6FD326E2), UINT32_C(0xF8EBE39C), UINT32_C(0x4CB0228B), ++ UINT32_C(0xB2CDD852), UINT32_C(0x496A9DCE), UINT32_C(0xD0E9B3AF), ++ UINT32_C(0x0F115A1A), UINT32_C(0xD8EEEF8A), UINT32_C(0xAA08BF36) }, ++ { UINT32_C(0x06E5E739), UINT32_C(0x5232A515), UINT32_C(0x8407A551), ++ UINT32_C(0x21FAE9D5), UINT32_C(0x8994B4E8), UINT32_C(0x289D18B0), ++ UINT32_C(0x09097A52), UINT32_C(0xB4E346A8), UINT32_C(0x324621D0), ++ UINT32_C(0xC641510F), UINT32_C(0x95A41AB8), UINT32_C(0xC567FD4A) } }, ++ { { UINT32_C(0xD57C8DE9), UINT32_C(0x261578C7), UINT32_C(0x3836C5C8), ++ UINT32_C(0xB9BC491F), UINT32_C(0x14C8038F), UINT32_C(0x993266B4), ++ UINT32_C(0xFAA7CC39), UINT32_C(0xBACAD755), UINT32_C(0xD69B7E27), ++ UINT32_C(0x418C4DEF), UINT32_C(0xAE751533), UINT32_C(0x53FDC5CD) }, ++ { UINT32_C(0xC3EEA63A), UINT32_C(0x6F3BD329), UINT32_C(0xE53DD29E), ++ UINT32_C(0xA7A22091), UINT32_C(0xDC4C54EC), UINT32_C(0xB7164F73), ++ UINT32_C(0x44D3D74E), UINT32_C(0xCA66290D), UINT32_C(0x4C9EA511), ++ UINT32_C(0xF77C6242), UINT32_C(0x1F714C49), UINT32_C(0x34337F55) } }, ++ { { UINT32_C(0xA64B6C4B), UINT32_C(0x5ED2B216), UINT32_C(0x3AAE640D), ++ UINT32_C(0x1C38794F), UINT32_C(0x8905794F), UINT32_C(0x30BBAEE0), ++ UINT32_C(0xC8699CFB), UINT32_C(0x0D9EE41E), UINT32_C(0xCF7B7C29), ++ UINT32_C(0xAF38DAF2), UINT32_C(0x43E53513), UINT32_C(0x0D6A05CA) }, ++ { UINT32_C(0x2606AB56), UINT32_C(0xBE96C644), UINT32_C(0xE9EB9734), ++ UINT32_C(0x13E7A072), UINT32_C(0x5FF50CD7), UINT32_C(0xF9669445), ++ UINT32_C(0x47DA6F1D), UINT32_C(0x68EF26B5), UINT32_C(0x23687CB7), ++ UINT32_C(0xF0028738), UINT32_C(0x6217C1CE), UINT32_C(0x5ED9C876) } }, ++ { { UINT32_C(0x0A3A9691), UINT32_C(0x423BA513), UINT32_C(0xB3179296), ++ UINT32_C(0xF421B1E7), UINT32_C(0x1A871E1B), UINT32_C(0x6B51BCDB), ++ UINT32_C(0x464E4300), UINT32_C(0x6E3BB5B5), UINT32_C(0xFC6C54CC), ++ UINT32_C(0x24171E2E), UINT32_C(0xD3E58DC2), UINT32_C(0xA9DFA947) }, ++ { UINT32_C(0x9DE9CFA7), UINT32_C(0x175B3309), UINT32_C(0x2D1015DA), ++ UINT32_C(0x707B2529), UINT32_C(0x993EA65A), UINT32_C(0xCBB95F17), ++ UINT32_C(0x0447450D), UINT32_C(0x93515063), UINT32_C(0x1B2753C9), ++ UINT32_C(0x0F47B205), UINT32_C(0xE7D427CF), UINT32_C(0x4A0BAB14) } }, ++ { { UINT32_C(0xB5AA7CA1), UINT32_C(0xA39DEF39), UINT32_C(0xC47C33DF), ++ UINT32_C(0x591CB173), UINT32_C(0x6BBAB872), UINT32_C(0xA09DAC79), ++ UINT32_C(0x7208BA2F), UINT32_C(0x3EF9D7CF), UINT32_C(0x7A0A34FC), ++ UINT32_C(0x3CC18931), UINT32_C(0xBCC3380F), UINT32_C(0xAE31C62B) }, ++ { UINT32_C(0x0287C0B4), UINT32_C(0xD72A6794), UINT32_C(0x68E334F1), ++ UINT32_C(0x3373382C), UINT32_C(0xBD20C6A6), UINT32_C(0xD0310CA8), ++ UINT32_C(0x42C033FD), UINT32_C(0xA2734B87), UINT32_C(0x8DCE4509), ++ UINT32_C(0xA5D390F1), UINT32_C(0x3E1AFCB5), UINT32_C(0xFC84E74B) } }, ++ { { UINT32_C(0xF2CD8A9C), UINT32_C(0xB028334D), UINT32_C(0x570F76F6), ++ UINT32_C(0xB8719291), UINT32_C(0x01065A2D), UINT32_C(0x662A386E), ++ UINT32_C(0x53D940AE), UINT32_C(0xDF1634CB), UINT32_C(0x8F5B41F9), ++ UINT32_C(0x625A7B83), UINT32_C(0xEE6AA1B4), UINT32_C(0xA033E4FE) }, ++ { UINT32_C(0x1E42BABB), UINT32_C(0x51E9D463), UINT32_C(0x0D388468), ++ UINT32_C(0x660BC2E4), UINT32_C(0xFCBB114A), UINT32_C(0x3F702189), ++ UINT32_C(0xB414CA78), UINT32_C(0x6B46FE35), UINT32_C(0x4A57316B), ++ UINT32_C(0x328F6CF2), UINT32_C(0x381AD156), UINT32_C(0x917423B5) } }, ++ { { UINT32_C(0x5373A607), UINT32_C(0xAC19306E), UINT32_C(0x191D0969), ++ UINT32_C(0x471DF8E3), UINT32_C(0xB9720D83), UINT32_C(0x380ADE35), ++ UINT32_C(0x48F1FD5C), UINT32_C(0x7423FDF5), UINT32_C(0x49CABC95), ++ UINT32_C(0x8B090C9F), UINT32_C(0xC9842F2F), UINT32_C(0xB768E8CD) }, ++ { UINT32_C(0xE56162D6), UINT32_C(0x399F456D), UINT32_C(0x4F326791), ++ UINT32_C(0xBB6BA240), UINT32_C(0x342590BE), UINT32_C(0x8F4FBA3B), ++ UINT32_C(0x3DFB6B3E), UINT32_C(0x053986B9), UINT32_C(0x190C7425), ++ UINT32_C(0xBB6739F1), UINT32_C(0x32F7E95F), UINT32_C(0x32D4A553) } }, ++ { { UINT32_C(0x0DDBFB21), UINT32_C(0x0205A0EC), UINT32_C(0x33AC3407), ++ UINT32_C(0x3010327D), UINT32_C(0x3348999B), UINT32_C(0xCF2F4DB3), ++ UINT32_C(0x1551604A), UINT32_C(0x660DB9F4), UINT32_C(0x5D38D335), ++ UINT32_C(0xC346C69A), UINT32_C(0x38882479), UINT32_C(0x64AAB3D3) }, ++ { UINT32_C(0x6AE44403), UINT32_C(0xA096B5E7), UINT32_C(0x645F76CD), ++ UINT32_C(0x6B4C9571), UINT32_C(0x4711120F), UINT32_C(0x72E1CD5F), ++ UINT32_C(0xF27CC3E1), UINT32_C(0x93EC42AC), UINT32_C(0xA72ABB12), ++ UINT32_C(0x2D18D004), UINT32_C(0xC9841A04), UINT32_C(0x232E9568) } }, ++ { { UINT32_C(0x3CC7F908), UINT32_C(0xFF01DB22), UINT32_C(0xD13CDD3B), ++ UINT32_C(0x9F214F8F), UINT32_C(0xE0B014B5), UINT32_C(0x38DADBB7), ++ UINT32_C(0x94245C95), UINT32_C(0x2C548CCC), UINT32_C(0x809AFCE3), ++ UINT32_C(0x714BE331), UINT32_C(0x9BFE957E), UINT32_C(0xBCC64410) }, ++ { UINT32_C(0x5B957F80), UINT32_C(0xC21C2D21), UINT32_C(0xBB8A4C42), ++ UINT32_C(0xBA2D4FDC), UINT32_C(0x74817CEC), UINT32_C(0xFA6CD4AF), ++ UINT32_C(0xC528EAD6), UINT32_C(0x9E7FB523), UINT32_C(0x7714B10E), ++ UINT32_C(0xAED781FF), UINT32_C(0x94F04455), UINT32_C(0xB52BB592) } }, ++ { { UINT32_C(0x868CC68B), UINT32_C(0xA578BD69), UINT32_C(0x603F2C08), ++ UINT32_C(0xA40FDC8D), UINT32_C(0x2D81B042), UINT32_C(0x53D79BD1), ++ UINT32_C(0xA7587EAB), UINT32_C(0x1B136AF3), UINT32_C(0x868A16DB), ++ UINT32_C(0x1ED4F939), UINT32_C(0xD0B98273), UINT32_C(0x775A61FB) }, ++ { UINT32_C(0xE56BEF8C), UINT32_C(0xBA5C12A6), UINT32_C(0xDDDC8595), ++ UINT32_C(0xF926CE52), UINT32_C(0x586FE1F8), UINT32_C(0xA13F5C8F), ++ UINT32_C(0x060DBB54), UINT32_C(0xEAC9F7F2), UINT32_C(0x51AF4342), ++ UINT32_C(0x70C0AC3A), UINT32_C(0x79CDA450), UINT32_C(0xC16E303C) } }, ++ { { UINT32_C(0x8113F4EA), UINT32_C(0xD0DADD6C), UINT32_C(0x07BDF09F), ++ UINT32_C(0xF14E3922), UINT32_C(0xAA7D877C), UINT32_C(0x3FE5E9C2), ++ UINT32_C(0x48779264), UINT32_C(0x9EA95C19), UINT32_C(0x4FCB8344), ++ UINT32_C(0xE93F65A7), UINT32_C(0x76D925A4), UINT32_C(0x9F40837E) }, ++ { UINT32_C(0x8271FFC7), UINT32_C(0x0EA6DA3F), UINT32_C(0xCC8F9B19), ++ UINT32_C(0x557FA529), UINT32_C(0x78E6DDFD), UINT32_C(0x2613DBF1), ++ UINT32_C(0x36B1E954), UINT32_C(0x7A7523B8), UINT32_C(0x406A87FB), ++ UINT32_C(0x20EB3168), UINT32_C(0x03ABA56A), UINT32_C(0x64C21C14) } }, ++ { { UINT32_C(0xC032DD5F), UINT32_C(0xE86C9C2D), UINT32_C(0x86F16A21), ++ UINT32_C(0x158CEB8E), UINT32_C(0x68326AF1), UINT32_C(0x0279FF53), ++ UINT32_C(0x59F12BA5), UINT32_C(0x1FFE2E2B), UINT32_C(0x86826D45), ++ UINT32_C(0xD75A46DB), UINT32_C(0x1E33E6AC), UINT32_C(0xE19B4841) }, ++ { UINT32_C(0x0E52991C), UINT32_C(0x5F0CC524), UINT32_C(0x8B116286), ++ UINT32_C(0x645871F9), UINT32_C(0xFCAEC5D3), UINT32_C(0xAB3B4B1E), ++ UINT32_C(0x51D0F698), UINT32_C(0x994C8DF0), UINT32_C(0xE5D13040), ++ UINT32_C(0x06F890AF), UINT32_C(0x5F96C7C2), UINT32_C(0x72D9DC23) } }, ++ { { UINT32_C(0xE7886A80), UINT32_C(0x7C018DEE), UINT32_C(0x8786E4A3), ++ UINT32_C(0xFA209330), UINT32_C(0xA4415CA1), UINT32_C(0xCEC8E2A3), ++ UINT32_C(0xCC83CC60), UINT32_C(0x5C736FC1), UINT32_C(0xF00C259F), ++ UINT32_C(0xFEF9788C), UINT32_C(0xDD29A6AD), UINT32_C(0xED5C01CB) }, ++ { UINT32_C(0x3E20825B), UINT32_C(0x87834A03), UINT32_C(0x123F9358), ++ UINT32_C(0x13B1239D), UINT32_C(0xFBC286C1), UINT32_C(0x7E8869D0), ++ UINT32_C(0x24CE8609), UINT32_C(0xC4AB5AA3), UINT32_C(0xB6349208), ++ UINT32_C(0x38716BEE), UINT32_C(0xB322AE21), UINT32_C(0x0BDF4F99) } }, ++ { { UINT32_C(0x53E3494B), UINT32_C(0x6B97A2BF), UINT32_C(0x70F7A13E), ++ UINT32_C(0xA8AA05C5), UINT32_C(0xF1305B51), UINT32_C(0x209709C2), ++ UINT32_C(0xDAB76F2C), UINT32_C(0x57B31888), UINT32_C(0xAA2A406A), ++ UINT32_C(0x75B2ECD7), UINT32_C(0xA35374A4), UINT32_C(0x88801A00) }, ++ { UINT32_C(0x45C0471B), UINT32_C(0xE1458D1C), UINT32_C(0x322C1AB0), ++ UINT32_C(0x5760E306), UINT32_C(0xAD6AB0A6), UINT32_C(0x789A0AF1), ++ UINT32_C(0xF458B9CE), UINT32_C(0x74398DE1), UINT32_C(0x32E0C65F), ++ UINT32_C(0x1652FF9F), UINT32_C(0xFFFB3A52), UINT32_C(0xFAF1F9D5) } }, ++ }, ++ { ++ { { UINT32_C(0xD1D1B007), UINT32_C(0xA05C751C), UINT32_C(0x0213E478), ++ UINT32_C(0x016C213B), UINT32_C(0xF4C98FEE), UINT32_C(0x9C56E26C), ++ UINT32_C(0xE7B3A7C7), UINT32_C(0x6084F8B9), UINT32_C(0xDECC1646), ++ UINT32_C(0xA0B042F6), UINT32_C(0xFBF3A0BC), UINT32_C(0x4A6F3C1A) }, ++ { UINT32_C(0x51C9F909), UINT32_C(0x94524C2C), UINT32_C(0x3A6D3748), ++ UINT32_C(0xF3B3AD40), UINT32_C(0x7CE1F9F5), UINT32_C(0x18792D6E), ++ UINT32_C(0xFC0C34FA), UINT32_C(0x8EBC2FD7), UINT32_C(0x780A1693), ++ UINT32_C(0x032A9F41), UINT32_C(0x56A60019), UINT32_C(0x34F9801E) } }, ++ { { UINT32_C(0xF0DB3751), UINT32_C(0xB398290C), UINT32_C(0xBA42C976), ++ UINT32_C(0x01170580), UINT32_C(0x56560B89), UINT32_C(0x3E71AA29), ++ UINT32_C(0x50E6647B), UINT32_C(0x80817AAC), UINT32_C(0xA0BE42DA), ++ UINT32_C(0x35C833AD), UINT32_C(0xF1BABA4E), UINT32_C(0xFA3C6148) }, ++ { UINT32_C(0xCD8F6253), UINT32_C(0xC57BE645), UINT32_C(0xC657AD0D), ++ UINT32_C(0x77CEE46B), UINT32_C(0x0DEFD908), UINT32_C(0x83007731), ++ UINT32_C(0x899CBA56), UINT32_C(0x92FE9BCE), UINT32_C(0xBCEFFB5A), ++ UINT32_C(0x48450EC4), UINT32_C(0xF2F5F4BF), UINT32_C(0xE615148D) } }, ++ { { UINT32_C(0x90B86166), UINT32_C(0xF55EDABB), UINT32_C(0x075430A2), ++ UINT32_C(0x27F7D784), UINT32_C(0x9BF17161), UINT32_C(0xF53E822B), ++ UINT32_C(0xAFE808DC), UINT32_C(0x4A5B3B93), UINT32_C(0xD7272F55), ++ UINT32_C(0x590BBBDE), UINT32_C(0xEAEA79A1), UINT32_C(0x233D63FA) }, ++ { UINT32_C(0xFE1EBA07), UINT32_C(0xD7042BEA), UINT32_C(0x10750D7E), ++ UINT32_C(0xD2B9AEA0), UINT32_C(0x31078AA5), UINT32_C(0xD8D1E690), ++ UINT32_C(0x7E37BC8B), UINT32_C(0x9E837F18), UINT32_C(0x85008975), ++ UINT32_C(0x9558FF4F), UINT32_C(0x421FE867), UINT32_C(0x93EDB837) } }, ++ { { UINT32_C(0x83D55B5A), UINT32_C(0xAA6489DF), UINT32_C(0x86BF27F7), ++ UINT32_C(0xEA092E49), UINT32_C(0x5FA2EFEC), UINT32_C(0x4D8943A9), ++ UINT32_C(0x720E1A8C), UINT32_C(0xC9BAAE53), UINT32_C(0x95A4F8A3), ++ UINT32_C(0xC055444B), UINT32_C(0xA7C1206B), UINT32_C(0x93BD01E8) }, ++ { UINT32_C(0x714A27DF), UINT32_C(0xD97765B6), UINT32_C(0x193F1B16), ++ UINT32_C(0xD622D954), UINT32_C(0xF1503B15), UINT32_C(0x115CC35A), ++ UINT32_C(0xA9FA21F8), UINT32_C(0x1DD5359F), UINT32_C(0x6DFED1F1), ++ UINT32_C(0x197C3299), UINT32_C(0xF77F2679), UINT32_C(0xDEE8B7C9) } }, ++ { { UINT32_C(0x394FD855), UINT32_C(0x5405179F), UINT32_C(0x49FDFB33), ++ UINT32_C(0xC9D6E244), UINT32_C(0xBD903393), UINT32_C(0x70EBCAB4), ++ UINT32_C(0xA2C56780), UINT32_C(0x0D3A3899), UINT32_C(0x683D1A0A), ++ UINT32_C(0x012C7256), UINT32_C(0x80A48F3B), UINT32_C(0xC688FC88) }, ++ { UINT32_C(0x6F7DF527), UINT32_C(0x18095754), UINT32_C(0x71315D16), ++ UINT32_C(0x9E339B4B), UINT32_C(0xA956BB12), UINT32_C(0x90560C28), ++ UINT32_C(0xD42EEE8D), UINT32_C(0x2BECEA60), UINT32_C(0x50632653), ++ UINT32_C(0x82AEB9A7), UINT32_C(0xDFA5CD6A), UINT32_C(0xED34353E) } }, ++ { { UINT32_C(0x91AECCE4), UINT32_C(0x82154D2C), UINT32_C(0x5041887F), ++ UINT32_C(0x312C6070), UINT32_C(0xFB9FBD71), UINT32_C(0xECF589F3), ++ UINT32_C(0xB524BDE4), UINT32_C(0x67660A7D), UINT32_C(0x724ACF23), ++ UINT32_C(0xE99B029D), UINT32_C(0x6D1CD891), UINT32_C(0xDF06E4AF) }, ++ { UINT32_C(0x80EE304D), UINT32_C(0x07806CB5), UINT32_C(0x7443A8F8), ++ UINT32_C(0x0C70BB9F), UINT32_C(0x08B0830A), UINT32_C(0x01EC3414), ++ UINT32_C(0x5A81510B), UINT32_C(0xFD7B63C3), UINT32_C(0x453B5F93), ++ UINT32_C(0xE90A0A39), UINT32_C(0x9BC71725), UINT32_C(0xAB700F8F) } }, ++ { { UINT32_C(0xB9F00793), UINT32_C(0x9401AEC2), UINT32_C(0xB997F0BF), ++ UINT32_C(0x064EC4F4), UINT32_C(0x849240C8), UINT32_C(0xDC0CC1FD), ++ UINT32_C(0xB6E92D72), UINT32_C(0x39A75F37), UINT32_C(0x0224A4AB), ++ UINT32_C(0xAA43CA5D), UINT32_C(0x54614C47), UINT32_C(0x9C4D6325) }, ++ { UINT32_C(0xC6709DA3), UINT32_C(0x1767366F), UINT32_C(0x23479232), ++ UINT32_C(0xA6B482D1), UINT32_C(0x84D63E85), UINT32_C(0x54DC6DDC), ++ UINT32_C(0xC99D3B9E), UINT32_C(0x0ACCB5AD), UINT32_C(0xE8AA3ABF), ++ UINT32_C(0x211716BB), UINT32_C(0x69EC6406), UINT32_C(0xD0FE25AD) } }, ++ { { UINT32_C(0xDF85C705), UINT32_C(0x0D5C1769), UINT32_C(0xA409DCD1), ++ UINT32_C(0x7086C93D), UINT32_C(0x0E8D75D8), UINT32_C(0x9710839D), ++ UINT32_C(0xEBDD4177), UINT32_C(0x17B7DB75), UINT32_C(0xF649A809), ++ UINT32_C(0xAF69EB58), UINT32_C(0x8A84E220), UINT32_C(0x6EF19EA2) }, ++ { UINT32_C(0x65C278B2), UINT32_C(0x36EB5C66), UINT32_C(0x81EA9D65), ++ UINT32_C(0xD2A15128), UINT32_C(0x769300AD), UINT32_C(0x4FCBA840), ++ UINT32_C(0xC8E536E5), UINT32_C(0xC2052CCD), UINT32_C(0xAC263B8F), ++ UINT32_C(0x9CAEE014), UINT32_C(0xF9239663), UINT32_C(0x56F7ED7A) } }, ++ { { UINT32_C(0xAC9E09E1), UINT32_C(0xF6FA251F), UINT32_C(0x955A2853), ++ UINT32_C(0xA3775605), UINT32_C(0xF2A4BD78), UINT32_C(0x977B8D21), ++ UINT32_C(0x3E096410), UINT32_C(0xF68AA7FF), UINT32_C(0x65F88419), ++ UINT32_C(0x01AB0552), UINT32_C(0xBB93F64E), UINT32_C(0xC4C8D77E) }, ++ { UINT32_C(0x3451FE64), UINT32_C(0x71825111), UINT32_C(0x46F9BAF0), ++ UINT32_C(0xFA0F905B), UINT32_C(0xCA49EF1A), UINT32_C(0x79BE3BF3), ++ UINT32_C(0x6CB02071), UINT32_C(0x831109B2), UINT32_C(0xC4DDBFE5), ++ UINT32_C(0x765F935F), UINT32_C(0x80E5A3BA), UINT32_C(0x6F99CD14) } }, ++ { { UINT32_C(0x234F91FF), UINT32_C(0xD2E8DA04), UINT32_C(0x813867AA), ++ UINT32_C(0x4DED4D6D), UINT32_C(0xE0A0D945), UINT32_C(0x3B50175D), ++ UINT32_C(0x4EB78137), UINT32_C(0x55AC7406), UINT32_C(0xE1D47730), ++ UINT32_C(0xE9FA7F6E), UINT32_C(0x5CBF2176), UINT32_C(0x2C171531) }, ++ { UINT32_C(0x2BE7A47D), UINT32_C(0xA521788F), UINT32_C(0x3FCF1AB3), ++ UINT32_C(0x95B15A27), UINT32_C(0xF28A946A), UINT32_C(0xAADA6401), ++ UINT32_C(0x8B4E898B), UINT32_C(0x628B2EF4), UINT32_C(0x6D6592CC), ++ UINT32_C(0x0E6F4629), UINT32_C(0xA723CADD), UINT32_C(0x997C7094) } }, ++ { { UINT32_C(0x6AFE80C6), UINT32_C(0x878BCE11), UINT32_C(0x007BBA38), ++ UINT32_C(0xA89ABC9D), UINT32_C(0xA7CC267F), UINT32_C(0xB0C1F87B), ++ UINT32_C(0x5104FF04), UINT32_C(0x86D33B9D), UINT32_C(0x2EF1BA42), ++ UINT32_C(0xB0504B1B), UINT32_C(0xB2827E88), UINT32_C(0x21693048) }, ++ { UINT32_C(0x79CFCD14), UINT32_C(0x11F1CCD5), UINT32_C(0x94AD227E), ++ UINT32_C(0x59C09FFA), UINT32_C(0x3EA91ACF), UINT32_C(0x95A4ADCB), ++ UINT32_C(0xB4370BAA), UINT32_C(0x1346238B), UINT32_C(0x3E1367B0), ++ UINT32_C(0xB099D202), UINT32_C(0x90F23CEA), UINT32_C(0xCF5BBDE6) } }, ++ { { UINT32_C(0xBCB3BE5E), UINT32_C(0x453299BB), UINT32_C(0x38E9FF97), ++ UINT32_C(0x123C588E), UINT32_C(0xF6A2E521), UINT32_C(0x8C115DD9), ++ UINT32_C(0xFF7D4B98), UINT32_C(0x6E333C11), UINT32_C(0xDA73E736), ++ UINT32_C(0x9DD061E5), UINT32_C(0x5CA53056), UINT32_C(0xC6AB7B3A) }, ++ { UINT32_C(0x5B30A76B), UINT32_C(0xF1EF3EE3), UINT32_C(0x961BA11F), ++ UINT32_C(0xADD6B44A), UINT32_C(0x2CA6E030), UINT32_C(0x7BB00B75), ++ UINT32_C(0x2FE270AD), UINT32_C(0x270272E8), UINT32_C(0x241A9239), ++ UINT32_C(0x23BC6F4F), UINT32_C(0x0BB94A94), UINT32_C(0x88581E13) } }, ++ { { UINT32_C(0x24EEF67F), UINT32_C(0xBD225A69), UINT32_C(0x0412CEB7), ++ UINT32_C(0x7CFD9614), UINT32_C(0x99AC298E), UINT32_C(0xF6DE1679), ++ UINT32_C(0xED6C3571), UINT32_C(0xB20FD895), UINT32_C(0x61836C56), ++ UINT32_C(0x03C73B78), UINT32_C(0xABA6CB34), UINT32_C(0xEE3C3A16) }, ++ { UINT32_C(0x4138408A), UINT32_C(0x9E8C5667), UINT32_C(0x2DD6EBDF), ++ UINT32_C(0xEC25FCB1), UINT32_C(0xDBBDF6E3), UINT32_C(0xC54C33FD), ++ UINT32_C(0x4A3C9DD4), UINT32_C(0x93E0913B), UINT32_C(0x35EDEED4), ++ UINT32_C(0x66D7D135), UINT32_C(0x453FB66E), UINT32_C(0xD29A36C4) } }, ++ { { UINT32_C(0x9F1943AF), UINT32_C(0x7F192F03), UINT32_C(0x4E0B5FB0), ++ UINT32_C(0x6488163F), UINT32_C(0x53599226), UINT32_C(0x66A45C69), ++ UINT32_C(0x9AD15A73), UINT32_C(0x924E2E43), UINT32_C(0x42A99D76), ++ UINT32_C(0x8B553DB7), UINT32_C(0x0451F521), UINT32_C(0x4BC6B53B) }, ++ { UINT32_C(0x101F8AD6), UINT32_C(0xC029B5EF), UINT32_C(0xC507EED9), ++ UINT32_C(0x6A4DA71C), UINT32_C(0x30BB22F3), UINT32_C(0x3ADFAEC0), ++ UINT32_C(0xB514F85B), UINT32_C(0x81BCAF7A), UINT32_C(0x5A7E60D3), ++ UINT32_C(0x2E1E6EFF), UINT32_C(0xAE39D42F), UINT32_C(0x5270ABC0) } }, ++ { { UINT32_C(0x3901F0F8), UINT32_C(0x86D56DEB), UINT32_C(0xEED5F650), ++ UINT32_C(0x1D0BC792), UINT32_C(0xCA1114A3), UINT32_C(0x1A2DDFD8), ++ UINT32_C(0xF1DD316D), UINT32_C(0x94ABF4B1), UINT32_C(0x3D9F18EF), ++ UINT32_C(0xF72179E4), UINT32_C(0x9AA2CABF), UINT32_C(0x52A0921E) }, ++ { UINT32_C(0xA7452883), UINT32_C(0xECDA9E27), UINT32_C(0xAFD771B4), ++ UINT32_C(0x7E90850A), UINT32_C(0x9CC0465C), UINT32_C(0xD40F87EA), ++ UINT32_C(0x865CDA36), UINT32_C(0x8CFCB60A), UINT32_C(0x7C650942), ++ UINT32_C(0x3DBEC2CC), UINT32_C(0xE718CA9D), UINT32_C(0x071A4EE7) } }, ++ { { UINT32_C(0x276AC5F3), UINT32_C(0x73C0E4FF), UINT32_C(0xBDB97EA1), ++ UINT32_C(0xE7BA5A6A), UINT32_C(0xC5808398), UINT32_C(0x638CA54E), ++ UINT32_C(0x413855E5), UINT32_C(0x8258DC82), UINT32_C(0x57F07614), ++ UINT32_C(0x35DDD2E9), UINT32_C(0x1DC13BF9), UINT32_C(0xF98DD692) }, ++ { UINT32_C(0xF16DCD84), UINT32_C(0x3A4C0088), UINT32_C(0x833D83F9), ++ UINT32_C(0xF192EADD), UINT32_C(0xA6D61D29), UINT32_C(0x3C26C931), ++ UINT32_C(0xDE0AD7A1), UINT32_C(0x589FDD52), UINT32_C(0x0442D37F), ++ UINT32_C(0x7CD83DD2), UINT32_C(0x403ECBFC), UINT32_C(0x1E47E777) } }, ++ }, ++ { ++ { { UINT32_C(0x70D4D7BC), UINT32_C(0x2AF8ED81), UINT32_C(0xB632435C), ++ UINT32_C(0xABC3E15F), UINT32_C(0x78219356), UINT32_C(0x4C0E726F), ++ UINT32_C(0xB87254C4), UINT32_C(0x8C1962A1), UINT32_C(0xC9E7691A), ++ UINT32_C(0x30796A71), UINT32_C(0xA75A12EE), UINT32_C(0xD453EF19) }, ++ { UINT32_C(0x13AE4964), UINT32_C(0x535F42C2), UINT32_C(0x0DA9586A), ++ UINT32_C(0x86831C3C), UINT32_C(0xE39A7A58), UINT32_C(0xB7F1EF35), ++ UINT32_C(0xD459B91A), UINT32_C(0xA2789AE2), UINT32_C(0x02FD429D), ++ UINT32_C(0xEADBCA7F), UINT32_C(0x65290F57), UINT32_C(0x94F215D4) } }, ++ { { UINT32_C(0x1CFB79AC), UINT32_C(0x37ED2BE5), UINT32_C(0xE7AF84C3), ++ UINT32_C(0x801946F3), UINT32_C(0xE77C2F00), UINT32_C(0xB061AD8A), ++ UINT32_C(0x44DE16A8), UINT32_C(0xE87E1A9A), UINT32_C(0x7EE490FF), ++ UINT32_C(0xDF4F57C8), UINT32_C(0x005993ED), UINT32_C(0x4E793B49) }, ++ { UINT32_C(0xBCCB593F), UINT32_C(0xE1036387), UINT32_C(0x95E09B80), ++ UINT32_C(0xF1749411), UINT32_C(0x5AB42F91), UINT32_C(0x59CB20D1), ++ UINT32_C(0xAC0FF033), UINT32_C(0xA738A18D), UINT32_C(0x2AC1E7F4), ++ UINT32_C(0xDA501A2E), UINT32_C(0x84D8A6E0), UINT32_C(0x1B67EDA0) } }, ++ { { UINT32_C(0x1080E90B), UINT32_C(0x1D27EFCE), UINT32_C(0x3FD01DC6), ++ UINT32_C(0xA2815246), UINT32_C(0xCAA26D18), UINT32_C(0x99A3FB83), ++ UINT32_C(0xB82BABBE), UINT32_C(0xD27E6133), UINT32_C(0xD783DD60), ++ UINT32_C(0x61030DFD), UINT32_C(0x73C78CB8), UINT32_C(0x295A2913) }, ++ { UINT32_C(0x68BE6A92), UINT32_C(0x8707A2CF), UINT32_C(0xEEB3474A), ++ UINT32_C(0xC9C2FB98), UINT32_C(0xA2B176B8), UINT32_C(0x7C3FD412), ++ UINT32_C(0xC7202101), UINT32_C(0xD5B52E2F), UINT32_C(0xF0A6D536), ++ UINT32_C(0x24A63030), UINT32_C(0x04648EC0), UINT32_C(0x05842DE3) } }, ++ { { UINT32_C(0x30577AC9), UINT32_C(0x67477CDC), UINT32_C(0x244F92A8), ++ UINT32_C(0x51DD9775), UINT32_C(0x917EEC66), UINT32_C(0x31FD60B9), ++ UINT32_C(0xD66C5C1D), UINT32_C(0xACD95BD4), UINT32_C(0xBF9508BA), ++ UINT32_C(0x2E0551F3), UINT32_C(0x688CB243), UINT32_C(0x121168E1) }, ++ { UINT32_C(0x4540D230), UINT32_C(0x8C039740), UINT32_C(0x009ECDF9), ++ UINT32_C(0xC4ED3CF6), UINT32_C(0x44DB62AF), UINT32_C(0x191825E1), ++ UINT32_C(0xC4A030DA), UINT32_C(0x3EE8ACAB), UINT32_C(0x94081504), ++ UINT32_C(0x8AB154A8), UINT32_C(0x486C9CD0), UINT32_C(0x1FE09E4B) } }, ++ { { UINT32_C(0xD113450B), UINT32_C(0x512F82F9), UINT32_C(0x2DBC9197), ++ UINT32_C(0x5878C901), UINT32_C(0xE13F355B), UINT32_C(0xDB87412B), ++ UINT32_C(0x935B8A5E), UINT32_C(0x0A0A4A9B), UINT32_C(0xF25A5351), ++ UINT32_C(0x818587BD), UINT32_C(0x31E3D9C7), UINT32_C(0xE8079310) }, ++ { UINT32_C(0x611BC1B1), UINT32_C(0x8B1D47C7), UINT32_C(0x72A823F2), ++ UINT32_C(0x51722B58), UINT32_C(0x53B36B3E), UINT32_C(0x6F97EE8A), ++ UINT32_C(0x946DD453), UINT32_C(0x6E085AAC), UINT32_C(0xE65E6533), ++ UINT32_C(0x2EC5057D), UINT32_C(0x4BB18801), UINT32_C(0xF82D9D71) } }, ++ { { UINT32_C(0x8BA5AA8E), UINT32_C(0xAD81FA93), UINT32_C(0x8F7AA69E), ++ UINT32_C(0x723E628E), UINT32_C(0xEF35937C), UINT32_C(0x0BA7C2DE), ++ UINT32_C(0x6DECFB40), UINT32_C(0x83A43EC5), UINT32_C(0xE60C4F2D), ++ UINT32_C(0xF520F849), UINT32_C(0x457E3B5E), UINT32_C(0x8260E8AE) }, ++ { UINT32_C(0xBF1D9ED7), UINT32_C(0x7CE874F0), UINT32_C(0x7F1A5466), ++ UINT32_C(0x5FDE3553), UINT32_C(0x0C162DBB), UINT32_C(0x5A63777C), ++ UINT32_C(0xDAD87289), UINT32_C(0x0FD04F8C), UINT32_C(0x640761D5), ++ UINT32_C(0xCA2D9E0E), UINT32_C(0x38501ADB), UINT32_C(0x4615CFF8) } }, ++ { { UINT32_C(0x110B4A25), UINT32_C(0x9422789B), UINT32_C(0x70AD8CC1), ++ UINT32_C(0x5C26779F), UINT32_C(0xEC4F1E14), UINT32_C(0x4EE6A748), ++ UINT32_C(0x5C7AB5E0), UINT32_C(0xFB584A0D), UINT32_C(0xFB21EE66), ++ UINT32_C(0xED1DCB0B), UINT32_C(0x11C6863C), UINT32_C(0xDBED1F00) }, ++ { UINT32_C(0xB1B1D187), UINT32_C(0xD2969269), UINT32_C(0xAFE964E6), ++ UINT32_C(0xF7D0C3F2), UINT32_C(0x12BB865E), UINT32_C(0xE05EE93F), ++ UINT32_C(0xED79118E), UINT32_C(0x1AFB7BEE), UINT32_C(0x0F0FE453), ++ UINT32_C(0x220AF138), UINT32_C(0x52782AB9), UINT32_C(0x1463AA1A) } }, ++ { { UINT32_C(0xD7DBE5F9), UINT32_C(0x7C139D56), UINT32_C(0x0B83685B), ++ UINT32_C(0xFC16E611), UINT32_C(0x9018463C), UINT32_C(0xFA723C02), ++ UINT32_C(0x840BF5D7), UINT32_C(0xC472458C), UINT32_C(0x0AF07591), ++ UINT32_C(0x4D809359), UINT32_C(0x3308DFD9), UINT32_C(0x418D8830) }, ++ { UINT32_C(0x0C365AE3), UINT32_C(0x9B381E04), UINT32_C(0xF8190FD1), ++ UINT32_C(0x3780BF33), UINT32_C(0xDD03E854), UINT32_C(0x45397418), ++ UINT32_C(0x4E51E491), UINT32_C(0xA95D030F), UINT32_C(0xE3286CEA), ++ UINT32_C(0x87C8C686), UINT32_C(0x900B5F83), UINT32_C(0x01C773BF) } }, ++ { { UINT32_C(0x78673B02), UINT32_C(0xDABE3475), UINT32_C(0xF6E7395E), ++ UINT32_C(0x4F0F25CE), UINT32_C(0xD181AD45), UINT32_C(0x3117ABB9), ++ UINT32_C(0xAA13DE0B), UINT32_C(0x4B559F88), UINT32_C(0xEA7C9745), ++ UINT32_C(0xFD8EFE78), UINT32_C(0x5DD21682), UINT32_C(0x08060047) }, ++ { UINT32_C(0xD4C86FFC), UINT32_C(0xC0F5DE4B), UINT32_C(0xF21AB6A2), ++ UINT32_C(0x4BB14B1E), UINT32_C(0xF50C1D12), UINT32_C(0xACB53A6C), ++ UINT32_C(0x5CC9162E), UINT32_C(0x46AAC450), UINT32_C(0x2DE240B6), ++ UINT32_C(0x049C51E0), UINT32_C(0xE383C3B0), UINT32_C(0xBB2DC016) } }, ++ { { UINT32_C(0x8E438C92), UINT32_C(0xA3C56AD2), UINT32_C(0xB2CEAF1A), ++ UINT32_C(0x7C43F98F), UINT32_C(0xE2150778), UINT32_C(0x397C44F7), ++ UINT32_C(0x71A24131), UINT32_C(0x48D17AB7), UINT32_C(0x1E2ACDA9), ++ UINT32_C(0xCC513863), UINT32_C(0xF0C9BAC9), UINT32_C(0x2C76A55E) }, ++ { UINT32_C(0x7EA4BB7B), UINT32_C(0x4D74CDCE), UINT32_C(0xB1B3C2BA), ++ UINT32_C(0x834BD5BF), UINT32_C(0xCCC310A4), UINT32_C(0x46E2911E), ++ UINT32_C(0x0FC1BF13), UINT32_C(0xD3DE84AA), UINT32_C(0x80A03AD3), ++ UINT32_C(0x27F2892F), UINT32_C(0x3BD2F08B), UINT32_C(0x85B47620) } }, ++ { { UINT32_C(0x567AF533), UINT32_C(0xAB1CB818), UINT32_C(0xBAC2705A), ++ UINT32_C(0x273B4537), UINT32_C(0x22C84AB6), UINT32_C(0x133066C4), ++ UINT32_C(0x4830BFC1), UINT32_C(0xC3590DE6), UINT32_C(0x5E4742D0), ++ UINT32_C(0xEA297869), UINT32_C(0x4F3164C0), UINT32_C(0xF6D8C694) }, ++ { UINT32_C(0xC1249588), UINT32_C(0x09E85F3D), UINT32_C(0x4EC64DF7), ++ UINT32_C(0x6C2BB05D), UINT32_C(0x8B78000F), UINT32_C(0xD267115E), ++ UINT32_C(0xC7E4A316), UINT32_C(0x07C5D7AE), UINT32_C(0x4619E5BD), ++ UINT32_C(0xCB1187BA), UINT32_C(0xA43F7EEE), UINT32_C(0x57B1D4EF) } }, ++ { { UINT32_C(0xC8176A96), UINT32_C(0x3618891F), UINT32_C(0xE5808B97), ++ UINT32_C(0x62C4B084), UINT32_C(0x4DD95D6E), UINT32_C(0xDE558546), ++ UINT32_C(0x730B2EA4), UINT32_C(0x27A8133E), UINT32_C(0x6AF318A0), ++ UINT32_C(0xE07CEEC3), UINT32_C(0xCE24FD2C), UINT32_C(0x0ACC1286) }, ++ { UINT32_C(0xDD4D307C), UINT32_C(0x8A48FE4A), UINT32_C(0x18CDE0DA), ++ UINT32_C(0x71A9BA9C), UINT32_C(0xD5D79747), UINT32_C(0x655E2B66), ++ UINT32_C(0xA79AEDC7), UINT32_C(0x409FE856), UINT32_C(0xD287E5CF), ++ UINT32_C(0xC5A9F244), UINT32_C(0x4E82EC39), UINT32_C(0xCCE10384) } }, ++ { { UINT32_C(0xF25D364C), UINT32_C(0x00675BA7), UINT32_C(0x68D36BDF), ++ UINT32_C(0x7A7F1629), UINT32_C(0xA9E23F29), UINT32_C(0x35EC468A), ++ UINT32_C(0x2D926E6C), UINT32_C(0xF797AC50), UINT32_C(0x4B4F4376), ++ UINT32_C(0x639BA453), UINT32_C(0x51FF9519), UINT32_C(0xD71B430F) }, ++ { UINT32_C(0x2CF5635C), UINT32_C(0xB8C439EC), UINT32_C(0x81980393), ++ UINT32_C(0x0CE4C8D1), UINT32_C(0x64123B15), UINT32_C(0x4C5362A9), ++ UINT32_C(0xFFDCF096), UINT32_C(0x6E0421E0), UINT32_C(0x10D1F914), ++ UINT32_C(0x624A855F), UINT32_C(0x614DCD29), UINT32_C(0x7D8F3AB7) } }, ++ { { UINT32_C(0xB3493CE0), UINT32_C(0xD9219ADA), UINT32_C(0x52F09AE5), ++ UINT32_C(0x971B243A), UINT32_C(0xE24E3674), UINT32_C(0xC16C9BF8), ++ UINT32_C(0xCE68C7CD), UINT32_C(0x026D408D), UINT32_C(0x358209E3), ++ UINT32_C(0xF9B33DD9), UINT32_C(0xF3B2A206), UINT32_C(0x02D0595D) }, ++ { UINT32_C(0x60D15640), UINT32_C(0xBF994271), UINT32_C(0x15B5466A), ++ UINT32_C(0x6DA7A04E), UINT32_C(0x1CADB50D), UINT32_C(0x03AA4ED8), ++ UINT32_C(0x129A4253), UINT32_C(0x1548F029), UINT32_C(0xB842865A), ++ UINT32_C(0x41741F7E), UINT32_C(0xA3F88C98), UINT32_C(0x859FE0A4) } }, ++ { { UINT32_C(0x05FD7553), UINT32_C(0x80DE085A), UINT32_C(0xB897566B), ++ UINT32_C(0x4A4AB91E), UINT32_C(0x2F1C173F), UINT32_C(0x33BCD475), ++ UINT32_C(0xC100C013), UINT32_C(0x4E238896), UINT32_C(0xD614B34B), ++ UINT32_C(0x1C88500D), UINT32_C(0xC3BA9E23), UINT32_C(0x0401C5F6) }, ++ { UINT32_C(0xD0AF0DE5), UINT32_C(0x8E8003C4), UINT32_C(0x9D0DCBB9), ++ UINT32_C(0x19B1DFB5), UINT32_C(0xEBEF7AB6), UINT32_C(0x4A3640A9), ++ UINT32_C(0x959B15F6), UINT32_C(0xEDAFD65B), UINT32_C(0x7FB95821), ++ UINT32_C(0x8092EF7F), UINT32_C(0xCE2E45D1), UINT32_C(0xAB8DD52E) } }, ++ { { UINT32_C(0xB9CFE6BF), UINT32_C(0xD1F2D6B8), UINT32_C(0x00073F6F), ++ UINT32_C(0x6358810B), UINT32_C(0xD712106E), UINT32_C(0x5FCE5993), ++ UINT32_C(0x1C024C91), UINT32_C(0x5EE6B271), UINT32_C(0x453DB663), ++ UINT32_C(0xD0248FF5), UINT32_C(0xADB835E8), UINT32_C(0xD6D81CB2) }, ++ { UINT32_C(0xFDFCB4C7), UINT32_C(0x8696CFEC), UINT32_C(0x53BC9045), ++ UINT32_C(0x696B7FCB), UINT32_C(0xDDA56981), UINT32_C(0xAB4D3807), ++ UINT32_C(0x1E4B943B), UINT32_C(0x2F998052), UINT32_C(0x166B7F18), ++ UINT32_C(0x8AA76ADB), UINT32_C(0x52A2D7ED), UINT32_C(0x63934301) } }, ++ }, ++ { ++ { { UINT32_C(0xA368EFF6), UINT32_C(0xBBCCCE39), UINT32_C(0x8CEB5C43), ++ UINT32_C(0xD8CAABDF), UINT32_C(0xD2252FDA), UINT32_C(0x9EAE35A5), ++ UINT32_C(0x54E7DD49), UINT32_C(0xA8F4F209), UINT32_C(0x295100FD), ++ UINT32_C(0xA56D72A6), UINT32_C(0x56767727), UINT32_C(0x20FC1FE8) }, ++ { UINT32_C(0x0BBAA5AB), UINT32_C(0xBF60B248), UINT32_C(0x313911F2), ++ UINT32_C(0xA4F3CE5A), UINT32_C(0xB93DAB9C), UINT32_C(0xC2A67AD4), ++ UINT32_C(0x22D71F39), UINT32_C(0x18CD0ED0), UINT32_C(0x5F304DB2), ++ UINT32_C(0x04380C42), UINT32_C(0x6729C821), UINT32_C(0x26420CBB) } }, ++ { { UINT32_C(0xBDFBCAE8), UINT32_C(0x26BD07D6), UINT32_C(0xDF01A80A), ++ UINT32_C(0x10B5173F), UINT32_C(0x6798B96C), UINT32_C(0xD831C546), ++ UINT32_C(0x1D3F3859), UINT32_C(0x1D6B4108), UINT32_C(0x991B9EC7), ++ UINT32_C(0x501D38EC), UINT32_C(0xD78431A9), UINT32_C(0x26319283) }, ++ { UINT32_C(0x118B343C), UINT32_C(0x8B85BAF7), UINT32_C(0x58DEF7D0), ++ UINT32_C(0x4696CDDD), UINT32_C(0x7ACDCF58), UINT32_C(0xEFC7C110), ++ UINT32_C(0x848D5842), UINT32_C(0xD9AF415C), UINT32_C(0x0AC7FDAC), ++ UINT32_C(0x6B5A06BC), UINT32_C(0xA344319B), UINT32_C(0x7D623E0D) } }, ++ { { UINT32_C(0x0C9D3547), UINT32_C(0x4C0D7806), UINT32_C(0xCF2AED47), ++ UINT32_C(0x993F048D), UINT32_C(0xE4B57E22), UINT32_C(0x5217C453), ++ UINT32_C(0xF4172B28), UINT32_C(0xB4669E35), UINT32_C(0x49F999F8), ++ UINT32_C(0x509A3CD0), UINT32_C(0x87C69D41), UINT32_C(0xD19F8632) }, ++ { UINT32_C(0x4C8FDED0), UINT32_C(0xE14D01E8), UINT32_C(0xEAFD9E1C), ++ UINT32_C(0x342880FD), UINT32_C(0x70DC2BF0), UINT32_C(0x0E17BFF2), ++ UINT32_C(0xC0186400), UINT32_C(0x46560B7B), UINT32_C(0x49A4DD34), ++ UINT32_C(0xE28C7B9C), UINT32_C(0x0F325D06), UINT32_C(0x18211916) } }, ++ { { UINT32_C(0xD7E02E18), UINT32_C(0x46D70888), UINT32_C(0xD9F11FD9), ++ UINT32_C(0x7C806954), UINT32_C(0x4FBEA271), UINT32_C(0xE4948FCA), ++ UINT32_C(0xBD80A9DF), UINT32_C(0x7D6C7765), UINT32_C(0xF3871C71), ++ UINT32_C(0x1B470EA6), UINT32_C(0x8330A570), UINT32_C(0xD62DE244) }, ++ { UINT32_C(0xC659C3A7), UINT32_C(0xDAECDDC1), UINT32_C(0x077F7AFC), ++ UINT32_C(0x8621E513), UINT32_C(0xCAEEEF13), UINT32_C(0x56C7CD84), ++ UINT32_C(0xC685A356), UINT32_C(0xC60C910F), UINT32_C(0x9DD93DDC), ++ UINT32_C(0xE68BC5C5), UINT32_C(0xFEB64895), UINT32_C(0xD904E89F) } }, ++ { { UINT32_C(0x8BA7917A), UINT32_C(0x75D874FB), UINT32_C(0xFD043BD4), ++ UINT32_C(0x18FA7F53), UINT32_C(0x1FC3979E), UINT32_C(0x212A0AD7), ++ UINT32_C(0x5D6EAC0E), UINT32_C(0x5703A7D9), UINT32_C(0x017DEAD5), ++ UINT32_C(0x222F7188), UINT32_C(0x0F6C1817), UINT32_C(0x1EC687B7) }, ++ { UINT32_C(0x238BACB6), UINT32_C(0x23412FC3), UINT32_C(0x54CED154), ++ UINT32_C(0xB85D70E9), UINT32_C(0xBDA674D0), UINT32_C(0xD4E06722), ++ UINT32_C(0x36F5A0C2), UINT32_C(0x3EA5F178), UINT32_C(0xF5C6D2CA), ++ UINT32_C(0x7E7D79CF), UINT32_C(0x3DBB3C73), UINT32_C(0x1FFF9464) } }, ++ { { UINT32_C(0xF163E4A8), UINT32_C(0x916E19D0), UINT32_C(0x1489DF17), ++ UINT32_C(0x1E6740E7), UINT32_C(0x339F3A47), UINT32_C(0x1EAF9723), ++ UINT32_C(0x124B8DAD), UINT32_C(0x22F0ED1A), UINT32_C(0x49C3DD04), ++ UINT32_C(0x39C9166C), UINT32_C(0xCE1E9ACC), UINT32_C(0x628E7FD4) }, ++ { UINT32_C(0x40031676), UINT32_C(0x124DDF27), UINT32_C(0x1EDDB9BE), ++ UINT32_C(0x00256939), UINT32_C(0xD360B0DA), UINT32_C(0xD39E25E7), ++ UINT32_C(0x4AA6C4C9), UINT32_C(0x6E3015A8), UINT32_C(0x623EDA09), ++ UINT32_C(0xC6A2F643), UINT32_C(0x50AA99FB), UINT32_C(0xBEFF2D12) } }, ++ { { UINT32_C(0x93EE8089), UINT32_C(0x1FEEF7CE), UINT32_C(0x252DD7BD), ++ UINT32_C(0xC6B180BC), UINT32_C(0x1788F051), UINT32_C(0xA16FB20B), ++ UINT32_C(0xE046ED39), UINT32_C(0xD86FD392), UINT32_C(0x9378CE1D), ++ UINT32_C(0xDA0A3611), UINT32_C(0xA5F7A61D), UINT32_C(0x121EF3E7) }, ++ { UINT32_C(0x92D13CAE), UINT32_C(0x94D22061), UINT32_C(0x77C72E08), ++ UINT32_C(0x5076046A), UINT32_C(0x7D2308B9), UINT32_C(0xF18BC233), ++ UINT32_C(0x17F977B1), UINT32_C(0x004DB3C5), UINT32_C(0x0471C11D), ++ UINT32_C(0xD05AE399), UINT32_C(0x85CD1726), UINT32_C(0x86A2A557) } }, ++ { { UINT32_C(0x72107804), UINT32_C(0xB8D9B286), UINT32_C(0x3303B79B), ++ UINT32_C(0xB5A7C413), UINT32_C(0x5FA37DED), UINT32_C(0x927EEF78), ++ UINT32_C(0xAD67DABA), UINT32_C(0xA1C5CF1E), UINT32_C(0x7360E7C7), ++ UINT32_C(0xAA5E3FB2), UINT32_C(0x0A0C0993), UINT32_C(0x8354E61A) }, ++ { UINT32_C(0x7F5458CC), UINT32_C(0x2EC73AF9), UINT32_C(0x48474325), ++ UINT32_C(0xDE4CB488), UINT32_C(0x7209BC69), UINT32_C(0x2DD134C7), ++ UINT32_C(0x451A2ABE), UINT32_C(0xB70C5567), UINT32_C(0x8E293018), ++ UINT32_C(0x2CD1B200), UINT32_C(0xD33C0D72), UINT32_C(0x15F8DA7A) } }, ++ { { UINT32_C(0xA8790657), UINT32_C(0x5DC386D0), UINT32_C(0xBC4D88BB), ++ UINT32_C(0xA4FDF676), UINT32_C(0x48BC6C49), UINT32_C(0x1B21F38F), ++ UINT32_C(0x543A7003), UINT32_C(0xCDCC7FAA), UINT32_C(0x8C9CF72C), ++ UINT32_C(0xEA97E7AA), UINT32_C(0x50D938A8), UINT32_C(0xA6B883F4) }, ++ { UINT32_C(0xA3A10F27), UINT32_C(0x51936F3A), UINT32_C(0xDECC76BF), ++ UINT32_C(0x0170785F), UINT32_C(0x908C578A), UINT32_C(0x7539ECE1), ++ UINT32_C(0x0F3E8C25), UINT32_C(0x5D9C8A8E), UINT32_C(0x9E4717A7), ++ UINT32_C(0x8681B43B), UINT32_C(0xA9D83E39), UINT32_C(0x94F42507) } }, ++ { { UINT32_C(0xA55ADDE7), UINT32_C(0xBBE11CA8), UINT32_C(0x3BC0896B), ++ UINT32_C(0x39E6F5CF), UINT32_C(0x1D2D8D94), UINT32_C(0x1447314E), ++ UINT32_C(0x5B012F8A), UINT32_C(0x45B48125), UINT32_C(0x08AD5283), ++ UINT32_C(0x41AD23FA), UINT32_C(0x41D13774), UINT32_C(0x837243E2) }, ++ { UINT32_C(0xBADCAA46), UINT32_C(0x1FC0BD9D), UINT32_C(0x26E84CAE), ++ UINT32_C(0x8DF164ED), UINT32_C(0x41017176), UINT32_C(0x8FF70EC0), ++ UINT32_C(0x5C848BA7), UINT32_C(0x23AD4BCE), UINT32_C(0x97A19CBB), ++ UINT32_C(0x89246FDE), UINT32_C(0x78397991), UINT32_C(0xA5EF987B) } }, ++ { { UINT32_C(0x4757964D), UINT32_C(0x111AF1B7), UINT32_C(0xDDBBF258), ++ UINT32_C(0x1D25D351), UINT32_C(0x7D2B06D6), UINT32_C(0x4161E776), ++ UINT32_C(0x1CAC0C5B), UINT32_C(0x6EFD2691), UINT32_C(0x211BFAEB), ++ UINT32_C(0x633B95DB), UINT32_C(0xE2BDF701), UINT32_C(0x9BEDFA5A) }, ++ { UINT32_C(0x73E099C8), UINT32_C(0xADAC2B0B), UINT32_C(0xBFB16BFF), ++ UINT32_C(0x436F0023), UINT32_C(0x30F55854), UINT32_C(0xB91B1002), ++ UINT32_C(0xF4C6C8B7), UINT32_C(0xAF6A2097), UINT32_C(0x3AD7B3D9), ++ UINT32_C(0x3FF65CED), UINT32_C(0x330E56DF), UINT32_C(0x6FA2626F) } }, ++ { { UINT32_C(0xFFCCFD07), UINT32_C(0x3D28BF2D), UINT32_C(0xD989603B), ++ UINT32_C(0x0514F6FF), UINT32_C(0x5514787A), UINT32_C(0xB9519629), ++ UINT32_C(0xC3DB4E9C), UINT32_C(0xA1848121), UINT32_C(0x2A3D4595), ++ UINT32_C(0x47FE2E39), UINT32_C(0x11B73ED4), UINT32_C(0x506F5D82) }, ++ { UINT32_C(0xA600D8BB), UINT32_C(0xA2257AE7), UINT32_C(0x0F9F122C), ++ UINT32_C(0xD659DBD1), UINT32_C(0x64DF160F), UINT32_C(0xDB0FDC67), ++ UINT32_C(0x7CB19690), UINT32_C(0xFF379339), UINT32_C(0x98E72EC1), ++ UINT32_C(0xDF4366B8), UINT32_C(0xDF437EB8), UINT32_C(0x97E72BEC) } }, ++ { { UINT32_C(0x1C81E5D9), UINT32_C(0x81DCEA27), UINT32_C(0x6717FC49), ++ UINT32_C(0x7E1B6CDA), UINT32_C(0x11EAE80D), UINT32_C(0xAA36B3B5), ++ UINT32_C(0x3CD7CBB3), UINT32_C(0x1306687C), UINT32_C(0xC4E89064), ++ UINT32_C(0xED670235), UINT32_C(0x58A94760), UINT32_C(0x9D3B0009) }, ++ { UINT32_C(0xE6A6333C), UINT32_C(0x5A64E158), UINT32_C(0x49453203), ++ UINT32_C(0x1A8B4A36), UINT32_C(0x1F77CC21), UINT32_C(0xF1CAD724), ++ UINT32_C(0x70518EF7), UINT32_C(0x693EBB4B), UINT32_C(0x0F39C91A), ++ UINT32_C(0xFB47BD81), UINT32_C(0xFA4BC64B), UINT32_C(0xCFE63DA2) } }, ++ { { UINT32_C(0xEAA66108), UINT32_C(0x82C1C684), UINT32_C(0x4CFE79FC), ++ UINT32_C(0xE3226218), UINT32_C(0x849C720E), UINT32_C(0x3F28B72B), ++ UINT32_C(0x8FEE1CA8), UINT32_C(0x137FB355), UINT32_C(0xE4F90C4E), ++ UINT32_C(0x4D18A9CD), UINT32_C(0xCC3E46FA), UINT32_C(0xC0344227) }, ++ { UINT32_C(0x79CDA392), UINT32_C(0x4FD5C08E), UINT32_C(0x8ADC87B5), ++ UINT32_C(0x65DB20DB), UINT32_C(0x916C1B84), UINT32_C(0x86F95D5B), ++ UINT32_C(0x17BB2B7C), UINT32_C(0x7EDA3871), UINT32_C(0x669A533B), ++ UINT32_C(0x18CCF7E7), UINT32_C(0xECAD0E06), UINT32_C(0x5E92421C) } }, ++ { { UINT32_C(0x4174B08B), UINT32_C(0x26063E12), UINT32_C(0x70DE8E4D), ++ UINT32_C(0xE621D9BE), UINT32_C(0x5ECDF350), UINT32_C(0xAEA0FD0F), ++ UINT32_C(0x9C20E5C9), UINT32_C(0x0D9F69E4), UINT32_C(0x0BBE2918), ++ UINT32_C(0xD3DADEB9), UINT32_C(0x58AA2F71), UINT32_C(0xD7B9B5DB) }, ++ { UINT32_C(0x3364CAF8), UINT32_C(0x7A971DD7), UINT32_C(0xC25D4BE4), ++ UINT32_C(0x702616A3), UINT32_C(0xA9E30071), UINT32_C(0xA30F0FA1), ++ UINT32_C(0x5573BC69), UINT32_C(0x98AB2438), UINT32_C(0x6FEC2E22), ++ UINT32_C(0xCBC63CDF), UINT32_C(0xCC901B9B), UINT32_C(0x965F90ED) } }, ++ { { UINT32_C(0x71E15BB3), UINT32_C(0xD53B592D), UINT32_C(0x8820E0D0), ++ UINT32_C(0x1F03C0E9), UINT32_C(0x3CCCB726), UINT32_C(0xCE93947D), ++ UINT32_C(0x1D547590), UINT32_C(0x2790FEE0), UINT32_C(0xC59CDD7A), ++ UINT32_C(0x4401D847), UINT32_C(0xA926DD9D), UINT32_C(0x72D69120) }, ++ { UINT32_C(0x4229F289), UINT32_C(0x38B8F21D), UINT32_C(0x7FE978AF), ++ UINT32_C(0x9F412E40), UINT32_C(0xCDB59AF1), UINT32_C(0xAE07901B), ++ UINT32_C(0xD1D4715E), UINT32_C(0x1E6BE5EB), UINT32_C(0x18C96BEF), ++ UINT32_C(0x3715BD8B), UINT32_C(0xE11B3798), UINT32_C(0x4B71F6E6) } }, ++ }, ++ { ++ { { UINT32_C(0xF0CE2DF4), UINT32_C(0x11A8FDE5), UINT32_C(0xFA8D26DF), ++ UINT32_C(0xBC70CA3E), UINT32_C(0xC74DFE82), UINT32_C(0x6818C275), ++ UINT32_C(0x38373A50), UINT32_C(0x2B0294AC), UINT32_C(0xE8E5F88F), ++ UINT32_C(0x584C4061), UINT32_C(0x7342383A), UINT32_C(0x1C05C1CA) }, ++ { UINT32_C(0x911430EC), UINT32_C(0x263895B3), UINT32_C(0xA5171453), ++ UINT32_C(0xEF9B0032), UINT32_C(0x84DA7F0C), UINT32_C(0x144359DA), ++ UINT32_C(0x924A09F2), UINT32_C(0x76E3095A), UINT32_C(0xD69AD835), ++ UINT32_C(0x612986E3), UINT32_C(0x392122AF), UINT32_C(0x70E03ADA) } }, ++ { { UINT32_C(0x67AAD17B), UINT32_C(0xFEB707EE), UINT32_C(0x83042995), ++ UINT32_C(0xBB21B287), UINT32_C(0x9A0D32BA), UINT32_C(0x26DE1645), ++ UINT32_C(0x1FFB9266), UINT32_C(0x9A2FF38A), UINT32_C(0x8F578B4A), ++ UINT32_C(0x4E5AD96D), UINT32_C(0x883E7443), UINT32_C(0x26CC0655) }, ++ { UINT32_C(0x2EE9367A), UINT32_C(0x1D8EECAB), UINT32_C(0x881DE2F8), ++ UINT32_C(0x42B84337), UINT32_C(0xD758AE41), UINT32_C(0xE49B2FAE), ++ UINT32_C(0x4A85D867), UINT32_C(0x6A9A2290), UINT32_C(0xE68CBA86), ++ UINT32_C(0x2FB89DCE), UINT32_C(0x7F09A982), UINT32_C(0xBC252635) } }, ++ { { UINT32_C(0x8C61AAAC), UINT32_C(0xADC79436), UINT32_C(0x5E926563), ++ UINT32_C(0x24C7FD13), UINT32_C(0x0406C129), UINT32_C(0xEF9FAAA4), ++ UINT32_C(0x8B658D3C), UINT32_C(0xF4E6388C), UINT32_C(0x1E435BAF), ++ UINT32_C(0x7262BEB4), UINT32_C(0xFDAEAC99), UINT32_C(0x3BF622CC) }, ++ { UINT32_C(0x4E1AEDDC), UINT32_C(0xD359F7D8), UINT32_C(0xD78C17B7), ++ UINT32_C(0x05DC4F8C), UINT32_C(0x29498BA5), UINT32_C(0xB18CF032), ++ UINT32_C(0x85BF35AD), UINT32_C(0xC67388CA), UINT32_C(0x62AA4BC8), ++ UINT32_C(0x8A7A6AA2), UINT32_C(0x72F4627A), UINT32_C(0x0B8F458E) } }, ++ { { UINT32_C(0xC68E4488), UINT32_C(0x3FB812EE), UINT32_C(0x60EF7281), ++ UINT32_C(0x53C5EAA4), UINT32_C(0x8FBEFBE4), UINT32_C(0xE5724183), ++ UINT32_C(0xA4B24A05), UINT32_C(0x2B7D49F4), UINT32_C(0x710C0A43), ++ UINT32_C(0x23B138D0), UINT32_C(0xA85EC1DB), UINT32_C(0x16A5B4C1) }, ++ { UINT32_C(0x305FEB02), UINT32_C(0x7CC1F3D7), UINT32_C(0x5B6C1B54), ++ UINT32_C(0x52F7947D), UINT32_C(0x8F56981C), UINT32_C(0x1BDA2312), ++ UINT32_C(0xB4080A01), UINT32_C(0x68663EAE), UINT32_C(0x9F999B7F), ++ UINT32_C(0x8DD7BA7E), UINT32_C(0xB686580C), UINT32_C(0xD8768D19) } }, ++ { { UINT32_C(0x7AFDDA94), UINT32_C(0xBCD0E0AD), UINT32_C(0x34A30687), ++ UINT32_C(0x95A0DBBE), UINT32_C(0x8C5E2665), UINT32_C(0xBBE3C3DF), ++ UINT32_C(0xEBF2BC16), UINT32_C(0x742BECD8), UINT32_C(0x3FA163A6), ++ UINT32_C(0x300CEB48), UINT32_C(0x4663354B), UINT32_C(0x0C5D02EE) }, ++ { UINT32_C(0xB5E606A4), UINT32_C(0xE4FB9AD6), UINT32_C(0xCF49FF95), ++ UINT32_C(0x93F507B8), UINT32_C(0x585C193B), UINT32_C(0x9406A90C), ++ UINT32_C(0x4ECF9517), UINT32_C(0xAD1440C1), UINT32_C(0x9CEA53F1), ++ UINT32_C(0x184CB475), UINT32_C(0x8EF11302), UINT32_C(0x6855C474) } }, ++ { { UINT32_C(0xEDCAFA52), UINT32_C(0x00ECB523), UINT32_C(0x086F69D3), ++ UINT32_C(0x0DA0AE0E), UINT32_C(0xC242F347), UINT32_C(0xC384DE15), ++ UINT32_C(0x848C12B7), UINT32_C(0xFB050E6E), UINT32_C(0x64E015CE), ++ UINT32_C(0x22F67654), UINT32_C(0x7CA122F2), UINT32_C(0xCBDC2A48) }, ++ { UINT32_C(0x445FB02C), UINT32_C(0xA940D973), UINT32_C(0x3767D89D), ++ UINT32_C(0x00F31E78), UINT32_C(0x613DABDD), UINT32_C(0x2B65A237), ++ UINT32_C(0xC875AE09), UINT32_C(0x2BE0AB05), UINT32_C(0xBA204F8E), ++ UINT32_C(0xB22E54FD), UINT32_C(0x0F7687B9), UINT32_C(0x65E2029D) } }, ++ { { UINT32_C(0x1855A71C), UINT32_C(0xFFD82538), UINT32_C(0x438BD8D8), ++ UINT32_C(0x26A330B3), UINT32_C(0xF9D8C5F9), UINT32_C(0x89628311), ++ UINT32_C(0x953738A0), UINT32_C(0x8D5FB9CF), UINT32_C(0xEDFCD4E5), ++ UINT32_C(0xCB7159C9), UINT32_C(0x2064C7C2), UINT32_C(0xD64E5230) }, ++ { UINT32_C(0x689F3CFE), UINT32_C(0xF858ED80), UINT32_C(0x56128B67), ++ UINT32_C(0x4830E309), UINT32_C(0xE0E90688), UINT32_C(0x2E1692DA), ++ UINT32_C(0xCA9CC232), UINT32_C(0xAB818913), UINT32_C(0xA5D229A6), ++ UINT32_C(0xE2E30C23), UINT32_C(0x0E740E23), UINT32_C(0xA544E8B1) } }, ++ { { UINT32_C(0xDC61E6CC), UINT32_C(0x1C15E569), UINT32_C(0x58FC7800), ++ UINT32_C(0x8FD72967), UINT32_C(0x37A9DFC5), UINT32_C(0xE61E7DB7), ++ UINT32_C(0x5AFD7822), UINT32_C(0x3F34A9C6), UINT32_C(0x19E80773), ++ UINT32_C(0x0A112742), UINT32_C(0x4760FC58), UINT32_C(0xA353460C) }, ++ { UINT32_C(0xB3124C71), UINT32_C(0x2FB7DEEB), UINT32_C(0x2D4009CC), ++ UINT32_C(0x48463627), UINT32_C(0xC3A10370), UINT32_C(0x399D1933), ++ UINT32_C(0x54388DBD), UINT32_C(0x7EB19450), UINT32_C(0x7C2A006A), ++ UINT32_C(0x8ECCE639), UINT32_C(0x55C932A0), UINT32_C(0x3D565DAF) } }, ++ { { UINT32_C(0xD9ADAE53), UINT32_C(0xCEF57A9F), UINT32_C(0xF83FD8CD), ++ UINT32_C(0xE2EB27D7), UINT32_C(0x9BBD2DDE), UINT32_C(0x4AC8F719), ++ UINT32_C(0xE91ABFB7), UINT32_C(0x604283AA), UINT32_C(0x34799F87), ++ UINT32_C(0xB6A4E115), UINT32_C(0xE4C2A8F3), UINT32_C(0x2B253224) }, ++ { UINT32_C(0xC8782294), UINT32_C(0xC34F8B92), UINT32_C(0xFCC2CB6B), ++ UINT32_C(0xC74D697D), UINT32_C(0xC2C84C46), UINT32_C(0xD990411B), ++ UINT32_C(0x31EA4955), UINT32_C(0x2807B5C6), UINT32_C(0xB9EB27F5), ++ UINT32_C(0x14AE2B93), UINT32_C(0x6163EDFA), UINT32_C(0xF0AE96A7) } }, ++ { { UINT32_C(0x42DB7180), UINT32_C(0xA7BDCBB4), UINT32_C(0xEDCA752F), ++ UINT32_C(0xC9FAA41F), UINT32_C(0xE820F401), UINT32_C(0x147F91B4), ++ UINT32_C(0xF5F2645F), UINT32_C(0x1E6CEF86), UINT32_C(0x31FE711D), ++ UINT32_C(0xB4AB4D7F), UINT32_C(0x743EF882), UINT32_C(0xCE68FB3C) }, ++ { UINT32_C(0x3EF2FCFF), UINT32_C(0xB9D7D682), UINT32_C(0x020DCAFD), ++ UINT32_C(0xF6893811), UINT32_C(0xBF81E760), UINT32_C(0x30D9A50C), ++ UINT32_C(0xB9B87228), UINT32_C(0x7F247D06), UINT32_C(0x5F40CFC0), ++ UINT32_C(0x143D4FEC), UINT32_C(0x329B2A88), UINT32_C(0x21D78D73) } }, ++ { { UINT32_C(0xED3F2055), UINT32_C(0x06B3FF8A), UINT32_C(0x522BE214), ++ UINT32_C(0x50482C77), UINT32_C(0xDDF54620), UINT32_C(0x8DF69CD8), ++ UINT32_C(0xF78A1165), UINT32_C(0x6D1DB204), UINT32_C(0x9AFE6BF2), ++ UINT32_C(0x459AE4A2), UINT32_C(0x24AC871E), UINT32_C(0xC23A9FFD) }, ++ { UINT32_C(0x89E85D81), UINT32_C(0xB7FD22E3), UINT32_C(0x122E9978), ++ UINT32_C(0x297F1F6B), UINT32_C(0x144BE1CE), UINT32_C(0xAB283D66), ++ UINT32_C(0xC00C614E), UINT32_C(0xC1F90AC2), UINT32_C(0x3224CD09), ++ UINT32_C(0x5465576E), UINT32_C(0x441B6059), UINT32_C(0x8E8D910D) } }, ++ { { UINT32_C(0xAAA228BC), UINT32_C(0xF73A060A), UINT32_C(0x56EFF87D), ++ UINT32_C(0xCF1B0783), UINT32_C(0xA54C9133), UINT32_C(0x11EF17C0), ++ UINT32_C(0x76A4DAA5), UINT32_C(0x9E476B15), UINT32_C(0x8018FB92), ++ UINT32_C(0x5624FEAC), UINT32_C(0xCFEEC1B9), UINT32_C(0x9826A0FC) }, ++ { UINT32_C(0x2DFE2046), UINT32_C(0xB732F7FE), UINT32_C(0x3B40DA6A), ++ UINT32_C(0x9260BD9F), UINT32_C(0x4F231773), UINT32_C(0xCC9F908F), ++ UINT32_C(0xDAFC0D55), UINT32_C(0x4827FEB9), UINT32_C(0x538ACE95), ++ UINT32_C(0x07D32E85), UINT32_C(0xB8EDAF37), UINT32_C(0xAD9F897C) } }, ++ { { UINT32_C(0xE3415498), UINT32_C(0x2F75B82F), UINT32_C(0xF1015F30), ++ UINT32_C(0xF99CAC5F), UINT32_C(0x7D7F25DE), UINT32_C(0x76640824), ++ UINT32_C(0xEE74C047), UINT32_C(0x714BC9CD), UINT32_C(0x07448879), ++ UINT32_C(0x70F847BF), UINT32_C(0x072165C0), UINT32_C(0xA14481DE) }, ++ { UINT32_C(0xDB1140A8), UINT32_C(0x9BFA59E3), UINT32_C(0xFCD13502), ++ UINT32_C(0x7B9C7FF0), UINT32_C(0x68459ABF), UINT32_C(0xF4D7538E), ++ UINT32_C(0xC8FC6AD2), UINT32_C(0xED93A791), UINT32_C(0xB51BD9B2), ++ UINT32_C(0xA8BBE2A8), UINT32_C(0x9FB34008), UINT32_C(0x084B5A27) } }, ++ { { UINT32_C(0xEB138C84), UINT32_C(0xB3BB9545), UINT32_C(0x3FC88BFD), ++ UINT32_C(0x59C3489C), UINT32_C(0x85F53EC7), UINT32_C(0x3A97FF63), ++ UINT32_C(0x0AA69C3D), UINT32_C(0x40FDF5A6), UINT32_C(0x53D19668), ++ UINT32_C(0x0E8CCEC7), UINT32_C(0x33FAA661), UINT32_C(0x0AA72EF9) }, ++ { UINT32_C(0x9B1E684B), UINT32_C(0xF5C5A6CF), UINT32_C(0x31A22EA1), ++ UINT32_C(0x630F9371), UINT32_C(0xAC60F7EA), UINT32_C(0x06B2AAC2), ++ UINT32_C(0x5BC37D80), UINT32_C(0xB181CAE2), UINT32_C(0x247B13EA), ++ UINT32_C(0x4601A929), UINT32_C(0x5F739797), UINT32_C(0x8A71C386) } }, ++ { { UINT32_C(0xAB134786), UINT32_C(0x545387B3), UINT32_C(0x1599B64A), ++ UINT32_C(0x3179BB06), UINT32_C(0x07593574), UINT32_C(0xB0A61986), ++ UINT32_C(0x63FA7C3B), UINT32_C(0xC7E39B21), UINT32_C(0x91585D13), ++ UINT32_C(0xA1173F86), UINT32_C(0xCB9525CD), UINT32_C(0x09D5CC8E) }, ++ { UINT32_C(0x8F3A3451), UINT32_C(0xAAD44FFD), UINT32_C(0x25820CC5), ++ UINT32_C(0x702B04F2), UINT32_C(0x1CB66C17), UINT32_C(0xE90CAC49), ++ UINT32_C(0xEE161DC4), UINT32_C(0x40F6B547), UINT32_C(0x1BA4AC4E), ++ UINT32_C(0xC08BB8B4), UINT32_C(0xAE5A6BC1), UINT32_C(0x7DC064FB) } }, ++ { { UINT32_C(0x9D76DDC7), UINT32_C(0x90A5E871), UINT32_C(0xEDFC8E2E), ++ UINT32_C(0x39DC8FAE), UINT32_C(0x5B079C62), UINT32_C(0x98467A23), ++ UINT32_C(0x05450C98), UINT32_C(0xE25E3785), UINT32_C(0x96140083), ++ UINT32_C(0x2FE23A4D), UINT32_C(0xE9900312), UINT32_C(0x65CE3B9A) }, ++ { UINT32_C(0x6B72B5D9), UINT32_C(0x1D87D088), UINT32_C(0xFD9AFC82), ++ UINT32_C(0x72F53220), UINT32_C(0x9E1F71FA), UINT32_C(0xC63C7C15), ++ UINT32_C(0x8D449637), UINT32_C(0x90DF26EA), UINT32_C(0xC1C2B215), ++ UINT32_C(0x97089F40), UINT32_C(0x42317FAA), UINT32_C(0x83AF2664) } }, ++ }, ++ { ++ { { UINT32_C(0x8D688E31), UINT32_C(0xFA2DB51A), UINT32_C(0xA09C88D4), ++ UINT32_C(0x225B696C), UINT32_C(0x6059171F), UINT32_C(0x9F88AF1D), ++ UINT32_C(0x782A0993), UINT32_C(0x1C5FEA5E), UINT32_C(0x4EC710D3), ++ UINT32_C(0xE0FB1588), UINT32_C(0xD32CE365), UINT32_C(0xFAF372E5) }, ++ { UINT32_C(0x26506F45), UINT32_C(0xD9F896AB), UINT32_C(0x8373C724), ++ UINT32_C(0x8D350338), UINT32_C(0xCA6E7342), UINT32_C(0x1B76992D), ++ UINT32_C(0x6FD0C08B), UINT32_C(0x76338FCA), UINT32_C(0xA00F5C23), ++ UINT32_C(0xC3EA4C65), UINT32_C(0xB316B35B), UINT32_C(0xDFAB29B3) } }, ++ { { UINT32_C(0x483AEBF9), UINT32_C(0x84E5541F), UINT32_C(0x49165772), ++ UINT32_C(0x8ADFF7DC), UINT32_C(0x9BEAAD3C), UINT32_C(0xE0A43AD6), ++ UINT32_C(0xF51C2714), UINT32_C(0x97DD1820), UINT32_C(0x57EA5B0C), ++ UINT32_C(0xAC2B4CB4), UINT32_C(0xD11767CA), UINT32_C(0x87DBD011) }, ++ { UINT32_C(0xBFC7957A), UINT32_C(0x18CCF36C), UINT32_C(0x1BC79227), ++ UINT32_C(0xD4A08841), UINT32_C(0xD8D292A8), UINT32_C(0x9811CE43), ++ UINT32_C(0xD58C4EE7), UINT32_C(0x72C5FC68), UINT32_C(0xD35C65A7), ++ UINT32_C(0x5BC0F0BE), UINT32_C(0xCBBF9669), UINT32_C(0x0B446DBC) } }, ++ { { UINT32_C(0x9CEE9BCE), UINT32_C(0x7EBA3DA6), UINT32_C(0xD5377750), ++ UINT32_C(0x3E2C1248), UINT32_C(0x2B93D8B2), UINT32_C(0x8C917D98), ++ UINT32_C(0x7CAD1F75), UINT32_C(0xCA8FC6AC), UINT32_C(0xA0FF150A), ++ UINT32_C(0x5F581F19), UINT32_C(0xE08327FA), UINT32_C(0x872CC14A) }, ++ { UINT32_C(0xE9333188), UINT32_C(0xC774F187), UINT32_C(0x497AF7E8), ++ UINT32_C(0x528ED4AC), UINT32_C(0x8AD72B10), UINT32_C(0xCE036E9B), ++ UINT32_C(0x917986CF), UINT32_C(0x463F9EBB), UINT32_C(0x1325CF9B), ++ UINT32_C(0xBE516328), UINT32_C(0xDD7E5FEA), UINT32_C(0xD28D5C50) } }, ++ { { UINT32_C(0xDD58BBE3), UINT32_C(0x714C1D1B), UINT32_C(0x039AFD0F), ++ UINT32_C(0x85BA01AE), UINT32_C(0x6951AC80), UINT32_C(0x7F23EA3A), ++ UINT32_C(0xAC00C837), UINT32_C(0x5C599290), UINT32_C(0xBF24CC1B), ++ UINT32_C(0xF6EFA2B3), UINT32_C(0x1E84462B), UINT32_C(0x393D8E42) }, ++ { UINT32_C(0xF8B89453), UINT32_C(0x9BDA627D), UINT32_C(0xB23E0D1B), ++ UINT32_C(0xE66FFF2E), UINT32_C(0xC3B94EC2), UINT32_C(0xD1EE7089), ++ UINT32_C(0x3031699A), UINT32_C(0xF75DBA6E), UINT32_C(0x242B2453), ++ UINT32_C(0x8FF75F79), UINT32_C(0x289BFED4), UINT32_C(0xE721EDEB) } }, ++ { { UINT32_C(0xC1390FA8), UINT32_C(0x083215A1), UINT32_C(0x6DCE8CE0), ++ UINT32_C(0x901D686A), UINT32_C(0x837073FF), UINT32_C(0x4AB1BA62), ++ UINT32_C(0x34BEABA5), UINT32_C(0x10C287AA), UINT32_C(0x46985239), ++ UINT32_C(0xB4931AF4), UINT32_C(0xB053C4DC), UINT32_C(0x07639899) }, ++ { UINT32_C(0xE721EECD), UINT32_C(0x29E7F44D), UINT32_C(0x57B3FF48), ++ UINT32_C(0x65817182), UINT32_C(0x5054E2E0), UINT32_C(0x198542E2), ++ UINT32_C(0x84616DE8), UINT32_C(0x923C9E15), UINT32_C(0xAD465BB9), ++ UINT32_C(0x2A9C15E1), UINT32_C(0x16319245), UINT32_C(0xD8D4EFC7) } }, ++ { { UINT32_C(0x9961A674), UINT32_C(0x72DC7943), UINT32_C(0xA0E13668), ++ UINT32_C(0x839A0A52), UINT32_C(0x334945EA), UINT32_C(0xD7A53FA9), ++ UINT32_C(0xE7AA25DB), UINT32_C(0xDB21DB77), UINT32_C(0x66E96DA3), ++ UINT32_C(0xB6675A7D), UINT32_C(0xE66F33C0), UINT32_C(0x2C31C406) }, ++ { UINT32_C(0x6EC7B9CB), UINT32_C(0x45020B62), UINT32_C(0x0391F267), ++ UINT32_C(0xFF46E9CD), UINT32_C(0x0FA2F221), UINT32_C(0x7DABD744), ++ UINT32_C(0x9D4A2A3E), UINT32_C(0x9A32364B), UINT32_C(0x52D2E47A), ++ UINT32_C(0xF0F84AE8), UINT32_C(0x888F488A), UINT32_C(0xD0B872BB) } }, ++ { { UINT32_C(0xC9790EEF), UINT32_C(0x531E4CEF), UINT32_C(0x2B8D1A58), ++ UINT32_C(0xF7B5735E), UINT32_C(0xEF568511), UINT32_C(0xB8882F1E), ++ UINT32_C(0x86A86DB3), UINT32_C(0xAFB08D1C), UINT32_C(0xF54DE8C7), ++ UINT32_C(0x88CB9DF2), UINT32_C(0x9A683282), UINT32_C(0xA44234F1) }, ++ { UINT32_C(0xA6E9AB2E), UINT32_C(0xBC1B3D3A), UINT32_C(0x87FC99EE), ++ UINT32_C(0xEFA071FB), UINT32_C(0xA102DC0F), UINT32_C(0xFA3C737D), ++ UINT32_C(0xD6A0CBD2), UINT32_C(0xDF3248A6), UINT32_C(0x1ECC1BF4), ++ UINT32_C(0x6E62A4FF), UINT32_C(0xC8F1BC17), UINT32_C(0xF718F940) } }, ++ { { UINT32_C(0x4F63F026), UINT32_C(0x2C8B0AAD), UINT32_C(0x50B253CC), ++ UINT32_C(0x2AFF6238), UINT32_C(0x10C4D122), UINT32_C(0xCAB3E942), ++ UINT32_C(0x07CD2816), UINT32_C(0x52B59F04), UINT32_C(0x982C41FC), ++ UINT32_C(0x22322803), UINT32_C(0x8CF50B19), UINT32_C(0x38844E66) }, ++ { UINT32_C(0xBE3264CD), UINT32_C(0x42A959F7), UINT32_C(0x6C983524), ++ UINT32_C(0xBDDC24BD), UINT32_C(0x462B8640), UINT32_C(0xA489EB0C), ++ UINT32_C(0x98029BE7), UINT32_C(0xB7C05092), UINT32_C(0xA1ADDC64), ++ UINT32_C(0xD5546B5F), UINT32_C(0xA0C655AF), UINT32_C(0xE7CAC1FC) } }, ++ { { UINT32_C(0x47636F97), UINT32_C(0x14547198), UINT32_C(0xEBCDCCFF), ++ UINT32_C(0x6FA67481), UINT32_C(0x395D3258), UINT32_C(0xC164872F), ++ UINT32_C(0xEE6ACDBC), UINT32_C(0xB8CECAFE), UINT32_C(0xA933F180), ++ UINT32_C(0x3FBFE5F3), UINT32_C(0x898C3B1E), UINT32_C(0xEC20CAC2) }, ++ { UINT32_C(0x87DA73F9), UINT32_C(0x6A031BEE), UINT32_C(0x5C5AF46E), ++ UINT32_C(0xD1E667D1), UINT32_C(0x1DC6EEF9), UINT32_C(0xCB3DC168), ++ UINT32_C(0x33D310C0), UINT32_C(0x2DD1BD94), UINT32_C(0x9207E438), ++ UINT32_C(0x0F78D493), UINT32_C(0xA99C0E75), UINT32_C(0xC233D544) } }, ++ { { UINT32_C(0x9E2A0113), UINT32_C(0x228F19F1), UINT32_C(0x0E1A5D37), ++ UINT32_C(0x58495BE5), UINT32_C(0x38D7F364), UINT32_C(0x97E08F69), ++ UINT32_C(0x510759B0), UINT32_C(0x1EC3BA3E), UINT32_C(0xE03CD40D), ++ UINT32_C(0x3682F19A), UINT32_C(0xF9E16D68), UINT32_C(0xC87745D8) }, ++ { UINT32_C(0x09A642EA), UINT32_C(0xFD527AB5), UINT32_C(0xF9C81F27), ++ UINT32_C(0x6308EEBD), UINT32_C(0x550C5D68), UINT32_C(0xFA9F666C), ++ UINT32_C(0x584AB153), UINT32_C(0xDEBA436F), UINT32_C(0x5B63E939), ++ UINT32_C(0x1D4861D3), UINT32_C(0xC9850221), UINT32_C(0x073BED9B) } }, ++ { { UINT32_C(0x8B171246), UINT32_C(0x802BCCF0), UINT32_C(0x733B072F), ++ UINT32_C(0xFFF7D15A), UINT32_C(0x4CBFA4EF), UINT32_C(0xEA386266), ++ UINT32_C(0xD635946B), UINT32_C(0x9E5B5073), UINT32_C(0xFA81BE95), ++ UINT32_C(0x16E9A979), UINT32_C(0xB14F701F), UINT32_C(0x41E8716E) }, ++ { UINT32_C(0x101A6719), UINT32_C(0x25782E0F), UINT32_C(0xC9D66959), ++ UINT32_C(0x442C4875), UINT32_C(0x2B85D153), UINT32_C(0x52D845D9), ++ UINT32_C(0x2E831117), UINT32_C(0xFF925138), UINT32_C(0x8E02434B), ++ UINT32_C(0x01B700CC), UINT32_C(0xEC0BAE3E), UINT32_C(0xD2DB7F8E) } }, ++ { { UINT32_C(0x966A4872), UINT32_C(0x1B225300), UINT32_C(0x566F537B), ++ UINT32_C(0x40C149BE), UINT32_C(0xCB680021), UINT32_C(0x3335F4D2), ++ UINT32_C(0x778E5F5F), UINT32_C(0x773D0263), UINT32_C(0x666FA9ED), ++ UINT32_C(0x1D9B7602), UINT32_C(0x2E6200CF), UINT32_C(0x52490A10) }, ++ { UINT32_C(0x961F290B), UINT32_C(0x8434C7DD), UINT32_C(0x64456446), ++ UINT32_C(0x773AC156), UINT32_C(0x47B712BB), UINT32_C(0x5E2BB789), ++ UINT32_C(0xBE0974AD), UINT32_C(0xFD3BCBFD), UINT32_C(0x791AD5D8), ++ UINT32_C(0x71AE9351), UINT32_C(0x6F4E1400), UINT32_C(0x1EE738BA) } }, ++ { { UINT32_C(0x0BE8E26E), UINT32_C(0x2FA428AB), UINT32_C(0xBB4CF9FC), ++ UINT32_C(0xFEFF0600), UINT32_C(0xB2EA5FB0), UINT32_C(0x76F25CA9), ++ UINT32_C(0x6835C5F4), UINT32_C(0xAB7FECF0), UINT32_C(0x19D5F328), ++ UINT32_C(0x649D0772), UINT32_C(0xACBCB12E), UINT32_C(0xABE7B895) }, ++ { UINT32_C(0xD69B1EA8), UINT32_C(0xF2D1031A), UINT32_C(0xC60B0BBB), ++ UINT32_C(0x46065D5D), UINT32_C(0x85D798FF), UINT32_C(0xB0908DC1), ++ UINT32_C(0xD2C9B18A), UINT32_C(0x4E2420F0), UINT32_C(0xD30432A2), ++ UINT32_C(0x6B3A9BDD), UINT32_C(0xC9B134AD), UINT32_C(0x501C3383) } }, ++ { { UINT32_C(0x98A21284), UINT32_C(0x608F0967), UINT32_C(0x059CCEDE), ++ UINT32_C(0x5361BE86), UINT32_C(0xAFD87EF7), UINT32_C(0x3A40655C), ++ UINT32_C(0x59083AA2), UINT32_C(0x03CF3117), UINT32_C(0xB6C366D9), ++ UINT32_C(0x57DB5F61), UINT32_C(0x6DD0D232), UINT32_C(0x29DC275B) }, ++ { UINT32_C(0x8FA67501), UINT32_C(0xBDAB24DD), UINT32_C(0x65D08C37), ++ UINT32_C(0x5928F775), UINT32_C(0x645D466A), UINT32_C(0x9448A856), ++ UINT32_C(0xC0E927A5), UINT32_C(0x6E6B5E2E), UINT32_C(0xE80C6871), ++ UINT32_C(0xE884D546), UINT32_C(0x53A9A851), UINT32_C(0x10C881C9) } }, ++ { { UINT32_C(0x9B627AA5), UINT32_C(0x35505374), UINT32_C(0x7976677B), ++ UINT32_C(0xE7CA1B57), UINT32_C(0x4976CE17), UINT32_C(0x81239712), ++ UINT32_C(0x96DA31B9), UINT32_C(0x96E9080B), UINT32_C(0xCC64AA1F), ++ UINT32_C(0x458254AB), UINT32_C(0x48E674C9), UINT32_C(0xFEFF6821) }, ++ { UINT32_C(0x021F1488), UINT32_C(0x8772F37A), UINT32_C(0xAB56345C), ++ UINT32_C(0x2E274E18), UINT32_C(0x29823B76), UINT32_C(0x7C7BE61C), ++ UINT32_C(0x9EEFB39E), UINT32_C(0x275DB7B2), UINT32_C(0xBF5CBCEF), ++ UINT32_C(0x83B10ED4), UINT32_C(0x518E5183), UINT32_C(0x40D7F5B4) } }, ++ { { UINT32_C(0xF960B41B), UINT32_C(0x315CCC01), UINT32_C(0x1D99E722), ++ UINT32_C(0x90B417C9), UINT32_C(0x013463E0), UINT32_C(0x84AFAA0D), ++ UINT32_C(0x13E6D9E1), UINT32_C(0xF133C5D8), UINT32_C(0x525B7430), ++ UINT32_C(0xD95C6ADC), UINT32_C(0x7A25106A), UINT32_C(0x082C61AD) }, ++ { UINT32_C(0xBA1CE179), UINT32_C(0xABC1966D), UINT32_C(0xA5DB529A), ++ UINT32_C(0xE0578B77), UINT32_C(0xEC84107D), UINT32_C(0x10988C05), ++ UINT32_C(0x1B207F83), UINT32_C(0xFCADE5D7), UINT32_C(0xC5BA83DB), ++ UINT32_C(0x0BEB6FDB), UINT32_C(0x57537E34), UINT32_C(0x1C39B86D) } }, ++ }, ++ { ++ { { UINT32_C(0x2A7AECED), UINT32_C(0x5B0B5D69), UINT32_C(0x01DC545F), ++ UINT32_C(0x4C03450C), UINT32_C(0x404A3458), UINT32_C(0x72AD0A4A), ++ UINT32_C(0x9F467B60), UINT32_C(0x1DE8E255), UINT32_C(0x90634809), ++ UINT32_C(0xA4B35705), UINT32_C(0x706F0178), UINT32_C(0x76F30205) }, ++ { UINT32_C(0x4454F0E5), UINT32_C(0x588D21AB), UINT32_C(0x64134928), ++ UINT32_C(0xD22DF549), UINT32_C(0x241BCD90), UINT32_C(0xF4E7E73D), ++ UINT32_C(0x2FACC7CC), UINT32_C(0xB8D8A1D2), UINT32_C(0x1D25D2A0), ++ UINT32_C(0x483C35A7), UINT32_C(0x1EF9F608), UINT32_C(0x7F8D2545) } }, ++ { { UINT32_C(0x54EBC926), UINT32_C(0xCB51F039), UINT32_C(0xB8D4A7BB), ++ UINT32_C(0xE235D356), UINT32_C(0xB41FE1A6), UINT32_C(0x93C8FAFA), ++ UINT32_C(0xA719F254), UINT32_C(0x6297701D), UINT32_C(0x644F5CDE), ++ UINT32_C(0x6E9165BC), UINT32_C(0x0C11C542), UINT32_C(0x6506329D) }, ++ { UINT32_C(0xA92B4250), UINT32_C(0xA2564809), UINT32_C(0x889C2E3E), ++ UINT32_C(0x0E9AC173), UINT32_C(0x22B1D1BE), UINT32_C(0x286A5926), ++ UINT32_C(0x6ECDD041), UINT32_C(0x86A3D752), UINT32_C(0x649F9524), ++ UINT32_C(0x4B867E0A), UINT32_C(0x0629CB0F), UINT32_C(0x1FE7D95A) } }, ++ { { UINT32_C(0xCA5BAF54), UINT32_C(0xF4F66843), UINT32_C(0xEFE7DB78), ++ UINT32_C(0x298DB357), UINT32_C(0x7365712F), UINT32_C(0xF607E86E), ++ UINT32_C(0x8A822BC0), UINT32_C(0xD5882298), UINT32_C(0xC61299B3), ++ UINT32_C(0x2CFBD63A), UINT32_C(0x67167B1A), UINT32_C(0x6F713D9B) }, ++ { UINT32_C(0xDE0B077A), UINT32_C(0x750F673F), UINT32_C(0xEE2178DA), ++ UINT32_C(0x07482708), UINT32_C(0x69123C75), UINT32_C(0x5E6D5BD1), ++ UINT32_C(0xEAB99B37), UINT32_C(0x6A93D1B6), UINT32_C(0x8CAEC6A3), ++ UINT32_C(0x6EF4F7E6), UINT32_C(0xCF3ED818), UINT32_C(0x7BE411D6) } }, ++ { { UINT32_C(0x63A0A7D2), UINT32_C(0xF92B3073), UINT32_C(0x881DC8CF), ++ UINT32_C(0x32DA431C), UINT32_C(0xC578E3A3), UINT32_C(0xE51BD5ED), ++ UINT32_C(0x9587FA22), UINT32_C(0xEFDA70D2), UINT32_C(0x9B2EBA85), ++ UINT32_C(0xCFEC1708), UINT32_C(0xAF7BA530), UINT32_C(0x6AB51A4B) }, ++ { UINT32_C(0x98174812), UINT32_C(0x5AC155AE), UINT32_C(0xCCB076E3), ++ UINT32_C(0xCAF07A71), UINT32_C(0xC38718A7), UINT32_C(0x280E86C2), ++ UINT32_C(0xD63745B7), UINT32_C(0x9D12DE73), UINT32_C(0xBF8A79AA), ++ UINT32_C(0x0E8EA855), UINT32_C(0xBD705BF7), UINT32_C(0x5EB2BED8) } }, ++ { { UINT32_C(0xAE16DE53), UINT32_C(0x33FE9578), UINT32_C(0x10BEC902), ++ UINT32_C(0x3AE85EB5), UINT32_C(0x44AF850E), UINT32_C(0xC4F49658), ++ UINT32_C(0x087DD658), UINT32_C(0x6EA222B3), UINT32_C(0xA51F1447), ++ UINT32_C(0xB255E6FD), UINT32_C(0x117E3F48), UINT32_C(0xB35E4997) }, ++ { UINT32_C(0x05616CA1), UINT32_C(0x562E813B), UINT32_C(0x8A61E156), ++ UINT32_C(0xDF5925D6), UINT32_C(0x571C728B), UINT32_C(0xB2FA8125), ++ UINT32_C(0xA2F2D1CF), UINT32_C(0x00864805), UINT32_C(0x1BCCB6FF), ++ UINT32_C(0x2DC26F41), UINT32_C(0x63AE37DD), UINT32_C(0xEBD5E093) } }, ++ { { UINT32_C(0x0A285611), UINT32_C(0xD2D68BB3), UINT32_C(0xDC8378F2), ++ UINT32_C(0x3EAE7596), UINT32_C(0x6CC688A3), UINT32_C(0x2DC6CCC6), ++ UINT32_C(0x011F5DFB), UINT32_C(0xC45E5713), UINT32_C(0x62D34487), ++ UINT32_C(0x6B9C4F6C), UINT32_C(0x1FC65551), UINT32_C(0xFAD6F077) }, ++ { UINT32_C(0x62B23B52), UINT32_C(0x5E3266E0), UINT32_C(0xE98F4715), ++ UINT32_C(0xF1DAF319), UINT32_C(0x3ED0AE83), UINT32_C(0x064D12EA), ++ UINT32_C(0x564125CB), UINT32_C(0x5CCF9326), UINT32_C(0xC63C1E9F), ++ UINT32_C(0x09057022), UINT32_C(0xDC9B5D2E), UINT32_C(0x7171972C) } }, ++ { { UINT32_C(0xEABD21B2), UINT32_C(0x2364FD9A), UINT32_C(0x9174AD6D), ++ UINT32_C(0x3CE5F4BB), UINT32_C(0xB38688C0), UINT32_C(0xA4D6D5D0), ++ UINT32_C(0x6D87FD7D), UINT32_C(0x2292A2D2), UINT32_C(0x4CA02E54), ++ UINT32_C(0x2A7D1B53), UINT32_C(0xB4185715), UINT32_C(0x7BEE6E7E) }, ++ { UINT32_C(0x8FC63ACD), UINT32_C(0x73E54609), UINT32_C(0x4064E09D), ++ UINT32_C(0xF4D93A12), UINT32_C(0x2B92DAA5), UINT32_C(0xD20E157A), ++ UINT32_C(0xC4B81A00), UINT32_C(0x90D125DB), UINT32_C(0x7682DE13), ++ UINT32_C(0xCB951C9E), UINT32_C(0x27987545), UINT32_C(0x1ABE58F4) } }, ++ { { UINT32_C(0x30C70C8D), UINT32_C(0x6D351640), UINT32_C(0xCE2361B8), ++ UINT32_C(0x8047D811), UINT32_C(0xDF8E2C81), UINT32_C(0x3F8B3D4F), ++ UINT32_C(0x33FA1F6C), UINT32_C(0x5D595477), UINT32_C(0xE29B8A91), ++ UINT32_C(0xF769FE5A), UINT32_C(0xD737B2A2), UINT32_C(0x26F0E606) }, ++ { UINT32_C(0xB8B31C6A), UINT32_C(0x70CBFA5D), UINT32_C(0x863D3AEA), ++ UINT32_C(0x0F883B4A), UINT32_C(0xE386AE2F), UINT32_C(0x156A4479), ++ UINT32_C(0xADE8A684), UINT32_C(0xA17A2FCD), UINT32_C(0xE2A7E335), ++ UINT32_C(0x78BDF958), UINT32_C(0x3B9E3041), UINT32_C(0xD1B4E673) } }, ++ { { UINT32_C(0x449A6D11), UINT32_C(0x1EAF48EC), UINT32_C(0x6D2FA7B9), ++ UINT32_C(0x6B94B8E4), UINT32_C(0x728E4C1B), UINT32_C(0x1D75D269), ++ UINT32_C(0xDD304E2C), UINT32_C(0x91123819), UINT32_C(0x88804F4B), ++ UINT32_C(0x0B34CAE3), UINT32_C(0xC5495E9A), UINT32_C(0x2BA192FB) }, ++ { UINT32_C(0xFF4D24BF), UINT32_C(0xC93FF6EF), UINT32_C(0x0342BA78), ++ UINT32_C(0xF8C2C0B0), UINT32_C(0x831EB94C), UINT32_C(0x8041F769), ++ UINT32_C(0x7782985E), UINT32_C(0x35310074), UINT32_C(0x3AF84E83), ++ UINT32_C(0xC755320B), UINT32_C(0x6F497E7F), UINT32_C(0x384B6D26) } }, ++ { { UINT32_C(0x17E6BD17), UINT32_C(0xEF92CD59), UINT32_C(0xA426965C), ++ UINT32_C(0xA087305B), UINT32_C(0xAC47F773), UINT32_C(0x13895CE7), ++ UINT32_C(0xE0BB2867), UINT32_C(0xB85F2A9F), UINT32_C(0x7CD7C58E), ++ UINT32_C(0x2926E6AA), UINT32_C(0x450459C5), UINT32_C(0xE544EDA6) }, ++ { UINT32_C(0xB90A9849), UINT32_C(0x73DBC351), UINT32_C(0x848EBE86), ++ UINT32_C(0x961183F6), UINT32_C(0x80534712), UINT32_C(0xC45BB210), ++ UINT32_C(0xA654D9A3), UINT32_C(0x379D08D7), UINT32_C(0xBD3FFA9C), ++ UINT32_C(0x5B97CEF2), UINT32_C(0xDDC2FCE5), UINT32_C(0x0F469F34) } }, ++ { { UINT32_C(0x0642F38D), UINT32_C(0x6D146108), UINT32_C(0xD21EB887), ++ UINT32_C(0x055171A0), UINT32_C(0xD0DCEB28), UINT32_C(0x28DFFAB4), ++ UINT32_C(0x98DE9CCD), UINT32_C(0x0D0E6312), UINT32_C(0x118C3C3F), ++ UINT32_C(0x750A9156), UINT32_C(0xB049D799), UINT32_C(0x8C1F1390) }, ++ { UINT32_C(0x439607C5), UINT32_C(0xE4823858), UINT32_C(0x5C111EAB), ++ UINT32_C(0x947E9BA0), UINT32_C(0xA355DF2E), UINT32_C(0x39C95616), ++ UINT32_C(0x10E54BDA), UINT32_C(0xF5F6B98E), UINT32_C(0x142B876A), ++ UINT32_C(0xB0E0B33D), UINT32_C(0xEA18C90C), UINT32_C(0x71197D73) } }, ++ { { UINT32_C(0xF52BE819), UINT32_C(0x36A5139D), UINT32_C(0x29A45D2B), ++ UINT32_C(0xF60DDF34), UINT32_C(0xE9220E34), UINT32_C(0x0727EFEC), ++ UINT32_C(0x4EF7F446), UINT32_C(0x431D3386), UINT32_C(0xFCC4962C), ++ UINT32_C(0xC3165A64), UINT32_C(0xD64362BB), UINT32_C(0xB7D926E1) }, ++ { UINT32_C(0xD45F9350), UINT32_C(0x216BC61F), UINT32_C(0xBBAED815), ++ UINT32_C(0xA974CB2F), UINT32_C(0x86FB2F76), UINT32_C(0x31DF342D), ++ UINT32_C(0x01D78314), UINT32_C(0x3AB67E05), UINT32_C(0xDEE33ED2), ++ UINT32_C(0x7AA951E0), UINT32_C(0xCEC78D94), UINT32_C(0x318FBBBD) } }, ++ { { UINT32_C(0xB8FE0204), UINT32_C(0xAD7EFB65), UINT32_C(0x230AB7F7), ++ UINT32_C(0x0432E1C5), UINT32_C(0x9C967400), UINT32_C(0x7563A62D), ++ UINT32_C(0x3524D4FF), UINT32_C(0xD88B9C74), UINT32_C(0xF1A823E3), ++ UINT32_C(0x16A1991C), UINT32_C(0xFA6F0FFB), UINT32_C(0xCF2F9BFE) }, ++ { UINT32_C(0xA50CA61F), UINT32_C(0x55AAA946), UINT32_C(0xFED4CAB3), ++ UINT32_C(0x8CBBD3C8), UINT32_C(0x7651365A), UINT32_C(0x03A0FAB8), ++ UINT32_C(0x62DC3913), UINT32_C(0x46B5234B), UINT32_C(0xB558CBBD), ++ UINT32_C(0xFD875B28), UINT32_C(0x11CEB361), UINT32_C(0xA48EC3AE) } }, ++ { { UINT32_C(0xB3ADBD8B), UINT32_C(0x5DD131A1), UINT32_C(0x29B45EF8), ++ UINT32_C(0xF9FBCA3A), UINT32_C(0x9341EE18), UINT32_C(0x02204866), ++ UINT32_C(0x83BF9618), UINT32_C(0x8D13B895), UINT32_C(0xE807459C), ++ UINT32_C(0x0E395BAE), UINT32_C(0xB190E7DB), UINT32_C(0xB9C110CC) }, ++ { UINT32_C(0x25D25063), UINT32_C(0xA0DC3452), UINT32_C(0x02371462), ++ UINT32_C(0x2FB78EC8), UINT32_C(0x8975C2D5), UINT32_C(0xC3A9E7BB), ++ UINT32_C(0x85A78264), UINT32_C(0x94666872), UINT32_C(0x8029AA92), ++ UINT32_C(0x480D2CC2), UINT32_C(0x5655726D), UINT32_C(0x237086C7) } }, ++ { { UINT32_C(0x65EB9EEE), UINT32_C(0x197F14BB), UINT32_C(0x9F12E5FD), ++ UINT32_C(0xFC93125C), UINT32_C(0x8BFBAE5E), UINT32_C(0x9C20BC53), ++ UINT32_C(0x4BC053BA), UINT32_C(0xB35E2154), UINT32_C(0x21C3898E), ++ UINT32_C(0xE5FA9CC7), UINT32_C(0xD42F950F), UINT32_C(0x502D72FF) }, ++ { UINT32_C(0xD1EB8C31), UINT32_C(0x6812D38A), UINT32_C(0x080D30BB), ++ UINT32_C(0x1F77F3F1), UINT32_C(0x5A8B1E98), UINT32_C(0x18D12833), ++ UINT32_C(0x299196CE), UINT32_C(0x7FD39FA9), UINT32_C(0xCF4ED6D6), ++ UINT32_C(0xFB8C9F11), UINT32_C(0xD6363194), UINT32_C(0x4C00F604) } }, ++ { { UINT32_C(0xFA2A21C2), UINT32_C(0x5C8AFCF9), UINT32_C(0x1928D133), ++ UINT32_C(0x71CBF282), UINT32_C(0x42B29506), UINT32_C(0x56BEF28E), ++ UINT32_C(0x70323DE2), UINT32_C(0xAFBA250C), UINT32_C(0x7DED2C30), ++ UINT32_C(0x3FE208D1), UINT32_C(0xCE9AA598), UINT32_C(0xBD2CD213) }, ++ { UINT32_C(0xCFEED070), UINT32_C(0x52C5EC52), UINT32_C(0xD3DA336B), ++ UINT32_C(0x0A7223E7), UINT32_C(0xCE156B46), UINT32_C(0x7156A4ED), ++ UINT32_C(0xED7E6159), UINT32_C(0x9AF6C499), UINT32_C(0x13C029AD), ++ UINT32_C(0x9D7A6797), UINT32_C(0x9018DC77), UINT32_C(0xE5B5C924) } }, ++ }, ++ { ++ { { UINT32_C(0xDE1E4E55), UINT32_C(0x3F2EFF53), UINT32_C(0xE4D3ECC4), ++ UINT32_C(0x6B749943), UINT32_C(0x0DDE190D), UINT32_C(0xAF10B18A), ++ UINT32_C(0xA26B0409), UINT32_C(0xF491B98D), UINT32_C(0xA2B1D944), ++ UINT32_C(0x66080782), UINT32_C(0x97E8C541), UINT32_C(0x59277DC6) }, ++ { UINT32_C(0x006F18AA), UINT32_C(0xFDBFC5F6), UINT32_C(0xFADD8BE1), ++ UINT32_C(0x435D165B), UINT32_C(0x57645EF4), UINT32_C(0x8E5D2638), ++ UINT32_C(0xA0258363), UINT32_C(0x31BCFDA6), UINT32_C(0xD35D2503), ++ UINT32_C(0xF5330AB8), UINT32_C(0xC7CAB285), UINT32_C(0xB71369F0) } }, ++ { { UINT32_C(0x40ACC5A8), UINT32_C(0xE6A19DCC), UINT32_C(0xDBC6DBF8), ++ UINT32_C(0x1C3A1FF1), UINT32_C(0xC6455613), UINT32_C(0xB4D89B9F), ++ UINT32_C(0xA7390D0E), UINT32_C(0x6CB0FE44), UINT32_C(0x59EA135A), ++ UINT32_C(0xADE197A4), UINT32_C(0x20680982), UINT32_C(0xDA6AA865) }, ++ { UINT32_C(0x5A442C1B), UINT32_C(0x03DB9BE9), UINT32_C(0x2BFB93F2), ++ UINT32_C(0x221A2D73), UINT32_C(0x753C196C), UINT32_C(0x44DEE8D4), ++ UINT32_C(0x0B7C6FF5), UINT32_C(0x59ADCC70), UINT32_C(0x4CA1B142), ++ UINT32_C(0xC6260EC2), UINT32_C(0x46CBD4F2), UINT32_C(0x4C3CB5C6) } }, ++ { { UINT32_C(0xA417111F), UINT32_C(0x8A15D6FE), UINT32_C(0x71D93FCC), ++ UINT32_C(0xFE4A16BD), UINT32_C(0x55BBE732), UINT32_C(0x7A7EE38C), ++ UINT32_C(0x1FF94A9D), UINT32_C(0xEFF146A5), UINT32_C(0xDD585AB5), ++ UINT32_C(0xE572D13E), UINT32_C(0x06491A5D), UINT32_C(0xD879790E) }, ++ { UINT32_C(0x2A58CB2E), UINT32_C(0x9C84E1C5), UINT32_C(0x6C938630), ++ UINT32_C(0xD79D1374), UINT32_C(0x385F06C7), UINT32_C(0xDB12CD9B), ++ UINT32_C(0x7A7759C3), UINT32_C(0x0C93EB97), UINT32_C(0x683BD706), ++ UINT32_C(0xF1F5B0FE), UINT32_C(0x85EC3D50), UINT32_C(0x541E4F72) } }, ++ { { UINT32_C(0x81833608), UINT32_C(0x9A0E1535), UINT32_C(0x6E2833AC), ++ UINT32_C(0x5CCE871E), UINT32_C(0xFB29777C), UINT32_C(0xC17059EA), ++ UINT32_C(0xE354CAFD), UINT32_C(0x7E40E5FA), UINT32_C(0x4D07C371), ++ UINT32_C(0x9CF59405), UINT32_C(0xA71C3945), UINT32_C(0x64CE36B2) }, ++ { UINT32_C(0x56CAF487), UINT32_C(0x69309E96), UINT32_C(0x1AE3454B), ++ UINT32_C(0x3D719E9F), UINT32_C(0xE25823B6), UINT32_C(0xF2164070), ++ UINT32_C(0x0BC27359), UINT32_C(0xEAD851BD), UINT32_C(0xB0925094), ++ UINT32_C(0x3D21BFE8), UINT32_C(0x34A97F4E), UINT32_C(0xA783B1E9) } }, ++ { { UINT32_C(0x9546491A), UINT32_C(0x406B0C26), UINT32_C(0xF293C4E5), ++ UINT32_C(0x9E5E15E2), UINT32_C(0x15B164DB), UINT32_C(0xC60D6413), ++ UINT32_C(0x0C75A78E), UINT32_C(0x0DA46F53), UINT32_C(0xEA0C656B), ++ UINT32_C(0x7C599BB7), UINT32_C(0x1B1A8122), UINT32_C(0x0F07A512) }, ++ { UINT32_C(0x15172686), UINT32_C(0x14C7204A), UINT32_C(0x5165625D), ++ UINT32_C(0x8FAEDFF8), UINT32_C(0x37AEDE40), UINT32_C(0x20F260CE), ++ UINT32_C(0x8F357FFE), UINT32_C(0xC81F771E), UINT32_C(0xB0912557), ++ UINT32_C(0x25499197), UINT32_C(0x4C739C74), UINT32_C(0x736197DC) } }, ++ { { UINT32_C(0x381B3462), UINT32_C(0x6151BAB1), UINT32_C(0x43DBD344), ++ UINT32_C(0x27E5A078), UINT32_C(0xA1C3E9FB), UINT32_C(0x2CB05BD6), ++ UINT32_C(0x27CF2A11), UINT32_C(0x2A759760), UINT32_C(0xFF43E702), ++ UINT32_C(0x0ADCF9DB), UINT32_C(0x1F484146), UINT32_C(0x4BBF03E2) }, ++ { UINT32_C(0x55B6521A), UINT32_C(0x0E74997F), UINT32_C(0xADE17086), ++ UINT32_C(0x15629231), UINT32_C(0x7493FC58), UINT32_C(0x7F143E86), ++ UINT32_C(0xAF8B9670), UINT32_C(0x60869095), UINT32_C(0x7E524869), ++ UINT32_C(0x482CFCD7), UINT32_C(0x1D454756), UINT32_C(0x9E8060C3) } }, ++ { { UINT32_C(0xC88B4D3B), UINT32_C(0xE495747A), UINT32_C(0xAE8A948F), ++ UINT32_C(0xB7559835), UINT32_C(0xDEB56853), UINT32_C(0x67EEF3A9), ++ UINT32_C(0x9DEE5ADF), UINT32_C(0x0E20E269), UINT32_C(0x61F0A1AA), ++ UINT32_C(0x9031AF67), UINT32_C(0x683402BC), UINT32_C(0x76669D32) }, ++ { UINT32_C(0x06718B16), UINT32_C(0x90BD2313), UINT32_C(0x864EFDAC), ++ UINT32_C(0xE1B22A21), UINT32_C(0x6620089F), UINT32_C(0xE4FFE909), ++ UINT32_C(0x3428E2D9), UINT32_C(0xB84C842E), UINT32_C(0xFE3871FC), ++ UINT32_C(0x0E28C880), UINT32_C(0x3F21C200), UINT32_C(0x8932F698) } }, ++ { { UINT32_C(0x6C90EA5D), UINT32_C(0x603F00CE), UINT32_C(0x40A2F693), ++ UINT32_C(0x64739307), UINT32_C(0x2174E517), UINT32_C(0xAF65148B), ++ UINT32_C(0xF784AE74), UINT32_C(0x162FC2CA), UINT32_C(0x4D5F6458), ++ UINT32_C(0x0D9A8825), UINT32_C(0x43AACE93), UINT32_C(0x0C2D5861) }, ++ { UINT32_C(0x9F73CBFC), UINT32_C(0xBF1EADDE), UINT32_C(0x9C68BBCA), ++ UINT32_C(0xDE9C34C0), UINT32_C(0x67EF8A1A), UINT32_C(0x6D95602D), ++ UINT32_C(0xA791B241), UINT32_C(0x0AF2581B), UINT32_C(0x12CAD604), ++ UINT32_C(0x14F77361), UINT32_C(0xE2ACD1AD), UINT32_C(0x19F2354D) } }, ++ { { UINT32_C(0x0D60F263), UINT32_C(0x272F78F6), UINT32_C(0x208FD785), ++ UINT32_C(0xE7A8F4AF), UINT32_C(0x36554F2C), UINT32_C(0x10E191C6), ++ UINT32_C(0xFD5CD0B3), UINT32_C(0x06D88551), UINT32_C(0x57069C27), ++ UINT32_C(0x29BF8568), UINT32_C(0x28AA6FAD), UINT32_C(0x3CE7ECD8) }, ++ { UINT32_C(0xE9F1A1D8), UINT32_C(0x7D8A92D0), UINT32_C(0xD30B5725), ++ UINT32_C(0xD40C7FF8), UINT32_C(0xF54CAEB8), UINT32_C(0x16BE6CB2), ++ UINT32_C(0x14CB0A91), UINT32_C(0x14CA471A), UINT32_C(0x02733CAE), ++ UINT32_C(0xD5FF15B8), UINT32_C(0xDAA76580), UINT32_C(0xCAF88D87) } }, ++ { { UINT32_C(0x2C046592), UINT32_C(0x39430E22), UINT32_C(0x1AD26706), ++ UINT32_C(0x6CDAE81F), UINT32_C(0xA25D9106), UINT32_C(0x8C102159), ++ UINT32_C(0x27CA9F30), UINT32_C(0x9A440572), UINT32_C(0x70287FBC), ++ UINT32_C(0x8D34C430), UINT32_C(0x29DB8AFA), UINT32_C(0x9003A455) }, ++ { UINT32_C(0x7FD971AD), UINT32_C(0x91364CC3), UINT32_C(0x9C60EDB7), ++ UINT32_C(0x7B3AA048), UINT32_C(0x526F4DD8), UINT32_C(0x58B0E008), ++ UINT32_C(0xD86D98AE), UINT32_C(0xB7674454), UINT32_C(0xB2B45747), ++ UINT32_C(0xC25F4051), UINT32_C(0xCC043E8F), UINT32_C(0x8243BF9C) } }, ++ { { UINT32_C(0x43A0C387), UINT32_C(0xA89641C6), UINT32_C(0x87B9AB17), ++ UINT32_C(0x6D92205C), UINT32_C(0xDAA0E102), UINT32_C(0x37D691F4), ++ UINT32_C(0xCDE5312E), UINT32_C(0xEB3E52D7), UINT32_C(0x16F518A2), ++ UINT32_C(0x60D3C099), UINT32_C(0x8A378EEB), UINT32_C(0x7854C051) }, ++ { UINT32_C(0x4BBCAAC5), UINT32_C(0x7359DB51), UINT32_C(0x1713F102), ++ UINT32_C(0xF5B1B68C), UINT32_C(0xE4398DE5), UINT32_C(0xDAEAE645), ++ UINT32_C(0xD1ABFB82), UINT32_C(0x8C8ACB6C), UINT32_C(0x136423E2), ++ UINT32_C(0x2E8B76C3), UINT32_C(0xA8BA015E), UINT32_C(0x509DCB2D) } }, ++ { { UINT32_C(0x9AD9C59C), UINT32_C(0x2FF36815), UINT32_C(0x658E65B9), ++ UINT32_C(0xB189A4E8), UINT32_C(0xEA786AD2), UINT32_C(0x7D33DDBB), ++ UINT32_C(0xC0D2DC05), UINT32_C(0x96D0D648), UINT32_C(0xBFA03BE9), ++ UINT32_C(0x05E49256), UINT32_C(0x8BAF5A1C), UINT32_C(0x0EA4E7A6) }, ++ { UINT32_C(0x9F9AD5A8), UINT32_C(0x3DDCE0B0), UINT32_C(0x9E49C2CB), ++ UINT32_C(0xF7809195), UINT32_C(0x21782C2F), UINT32_C(0xBFCEF29D), ++ UINT32_C(0xC41BFD97), UINT32_C(0xE57AD39F), UINT32_C(0x1355AD19), ++ UINT32_C(0xC04B93E8), UINT32_C(0x59440F9F), UINT32_C(0xAABC9E6E) } }, ++ { { UINT32_C(0x5B6459DA), UINT32_C(0x7AA48103), UINT32_C(0x0166E880), ++ UINT32_C(0x83EF7477), UINT32_C(0x511CCE80), UINT32_C(0x536182B1), ++ UINT32_C(0x73CA55AA), UINT32_C(0xAFDD2EEE), UINT32_C(0xA8716143), ++ UINT32_C(0xAB910D0D), UINT32_C(0x83707250), UINT32_C(0x8BEAA42B) }, ++ { UINT32_C(0x8DA2AB3D), UINT32_C(0x4BCCFD89), UINT32_C(0xEC6AA105), ++ UINT32_C(0x1DBF68A9), UINT32_C(0x68EB42DA), UINT32_C(0x32CE6108), ++ UINT32_C(0x8EA62E37), UINT32_C(0x5C2C2C85), UINT32_C(0xCD3088A7), ++ UINT32_C(0x1ED2791F), UINT32_C(0xFF05070C), UINT32_C(0x496B4FEB) } }, ++ { { UINT32_C(0x0AA629C5), UINT32_C(0x9FA9121A), UINT32_C(0x57558BEC), ++ UINT32_C(0xE286CFF1), UINT32_C(0x59813A4D), UINT32_C(0x4D9D657E), ++ UINT32_C(0x26103519), UINT32_C(0xC4676A16), UINT32_C(0x2BD4DF80), ++ UINT32_C(0x616160B3), UINT32_C(0x30FBAE87), UINT32_C(0x26FB78CC) }, ++ { UINT32_C(0x8F0F66BD), UINT32_C(0x09607013), UINT32_C(0x03D9B90D), ++ UINT32_C(0xDD4E2D0C), UINT32_C(0x600D1B12), UINT32_C(0x5D3A8912), ++ UINT32_C(0x4308E126), UINT32_C(0xF76DD52F), UINT32_C(0x9E4FCCA6), ++ UINT32_C(0x97CC0409), UINT32_C(0x04C4DF7B), UINT32_C(0x0CFBE311) } }, ++ { { UINT32_C(0x28437A23), UINT32_C(0x6CA62C12), UINT32_C(0x40E7A003), ++ UINT32_C(0x0DAF3353), UINT32_C(0xD20F8079), UINT32_C(0x1FD07DF0), ++ UINT32_C(0x3BBC9749), UINT32_C(0xEAE7969C), UINT32_C(0x9ECAD022), ++ UINT32_C(0x55861AFA), UINT32_C(0x1FBC3D4C), UINT32_C(0xEC41DAD9) }, ++ { UINT32_C(0xDA8B261B), UINT32_C(0x1FE4CB40), UINT32_C(0x427C5C9D), ++ UINT32_C(0xC2671AB6), UINT32_C(0x261D4939), UINT32_C(0xDFCDA7B8), ++ UINT32_C(0x2072C0B9), UINT32_C(0x9E7B802B), UINT32_C(0xC7828CC2), ++ UINT32_C(0x3AFEE900), UINT32_C(0xF6DE987F), UINT32_C(0x3488BF28) } }, ++ { { UINT32_C(0x7BE1F89E), UINT32_C(0x33B9F2DE), UINT32_C(0x299B15C9), ++ UINT32_C(0xD4E80821), UINT32_C(0x0E13F37F), UINT32_C(0x87A3067A), ++ UINT32_C(0x55FD239F), UINT32_C(0x6D4C09ED), UINT32_C(0x92EF014F), ++ UINT32_C(0x48B1042D), UINT32_C(0xB385A759), UINT32_C(0xA382B2E0) }, ++ { UINT32_C(0x7F6F84F8), UINT32_C(0xBF571BB0), UINT32_C(0x0CE87F50), ++ UINT32_C(0x25AFFA37), UINT32_C(0xFE54F1BC), UINT32_C(0x826906D3), ++ UINT32_C(0xC53AE76A), UINT32_C(0x6B0421F4), UINT32_C(0x4855EB3C), ++ UINT32_C(0x44F85A3A), UINT32_C(0x8D1F2B27), UINT32_C(0xF49E2151) } }, ++ }, ++ { ++ { { UINT32_C(0x5E3C647B), UINT32_C(0xC0426B77), UINT32_C(0x8CF05348), ++ UINT32_C(0xBFCBD939), UINT32_C(0x172C0D3D), UINT32_C(0x31D312E3), ++ UINT32_C(0xEE754737), UINT32_C(0x5F49FDE6), UINT32_C(0x6DA7EE61), ++ UINT32_C(0x895530F0), UINT32_C(0xE8B3A5FB), UINT32_C(0xCF281B0A) }, ++ { UINT32_C(0x41B8A543), UINT32_C(0xFD149735), UINT32_C(0x3080DD30), ++ UINT32_C(0x41A625A7), UINT32_C(0x653908CF), UINT32_C(0xE2BAAE07), ++ UINT32_C(0xBA02A278), UINT32_C(0xC3D01436), UINT32_C(0x7B21B8F8), ++ UINT32_C(0xA0D0222E), UINT32_C(0xD7EC1297), UINT32_C(0xFDC270E9) } }, ++ { { UINT32_C(0x9F101E64), UINT32_C(0x06A67BD2), UINT32_C(0xE1733A4A), ++ UINT32_C(0xCB6E0AC7), UINT32_C(0x97BC62D2), UINT32_C(0xEE0B5D51), ++ UINT32_C(0x24C51874), UINT32_C(0x52B17039), UINT32_C(0x82A1A0D5), ++ UINT32_C(0xFED1F423), UINT32_C(0xDB6270AC), UINT32_C(0x55D90569) }, ++ { UINT32_C(0x5D73D533), UINT32_C(0x36BE4A9C), UINT32_C(0x976ED4D5), ++ UINT32_C(0xBE9266D6), UINT32_C(0xB8F8074B), UINT32_C(0xC17436D3), ++ UINT32_C(0x718545C6), UINT32_C(0x3BB4D399), UINT32_C(0x5C757D21), ++ UINT32_C(0x8E1EA355), UINT32_C(0x8C474366), UINT32_C(0xF7EDBC97) } }, ++ { { UINT32_C(0x6EA83242), UINT32_C(0xEC72C650), UINT32_C(0x1B2D237F), ++ UINT32_C(0xF7DE7BE5), UINT32_C(0x1819EFB0), UINT32_C(0x3C5E2200), ++ UINT32_C(0x8CDDE870), UINT32_C(0xDF5AB6D6), UINT32_C(0x92A87AEE), ++ UINT32_C(0x75A44E9D), UINT32_C(0xBCF77F19), UINT32_C(0xBDDC46F4) }, ++ { UINT32_C(0x669B674D), UINT32_C(0x8191EFBD), UINT32_C(0xED71768F), ++ UINT32_C(0x52884DF9), UINT32_C(0x65CF242C), UINT32_C(0xE62BE582), ++ UINT32_C(0x80B1D17B), UINT32_C(0xAE99A3B1), UINT32_C(0x92DE59A9), ++ UINT32_C(0x48CBB446), UINT32_C(0x2DCB3CE2), UINT32_C(0xD3C226CF) } }, ++ { { UINT32_C(0x9FD94EC4), UINT32_C(0x9580CDFB), UINT32_C(0x28631AD9), ++ UINT32_C(0xED273A6C), UINT32_C(0xC327F3E7), UINT32_C(0x5D3D5F77), ++ UINT32_C(0x35353C5F), UINT32_C(0x05D5339C), UINT32_C(0x5C258EB1), ++ UINT32_C(0xC56FB5FE), UINT32_C(0xEDCE1F79), UINT32_C(0xEFF8425E) }, ++ { UINT32_C(0xCF83CF9C), UINT32_C(0xAB7AA141), UINT32_C(0x207D6D4F), ++ UINT32_C(0xBD2A690A), UINT32_C(0x458D9E52), UINT32_C(0xE1241491), ++ UINT32_C(0xAA7F0F31), UINT32_C(0xDD2448CC), UINT32_C(0xF0FDA7AB), ++ UINT32_C(0xEC58D3C7), UINT32_C(0xC91BBA4D), UINT32_C(0x7B6E122D) } }, ++ { { UINT32_C(0xB1B48156), UINT32_C(0x2A2DEDAF), UINT32_C(0xBB93DB87), ++ UINT32_C(0xA0A2C63A), UINT32_C(0x08ACD99E), UINT32_C(0xC6559078), ++ UINT32_C(0xFE4AC331), UINT32_C(0x03EA42AF), UINT32_C(0xEB180ED6), ++ UINT32_C(0x43D2C14A), UINT32_C(0xB1156A1A), UINT32_C(0xC2F293DD) }, ++ { UINT32_C(0xA9D81249), UINT32_C(0x1FAFABF5), UINT32_C(0x9A8EEE87), ++ UINT32_C(0x39ADDEAD), UINT32_C(0x119E2E92), UINT32_C(0x21E206F2), ++ UINT32_C(0xD74DCEB6), UINT32_C(0xBC5DCC2E), UINT32_C(0x0A73A358), ++ UINT32_C(0x86647FA3), UINT32_C(0x2F53F642), UINT32_C(0xEAD8BEA4) } }, ++ { { UINT32_C(0x91C09091), UINT32_C(0x636225F5), UINT32_C(0x71BDCFDF), ++ UINT32_C(0xCCF5070A), UINT32_C(0xB9668EE2), UINT32_C(0x0EF8D625), ++ UINT32_C(0xB5E04E4F), UINT32_C(0x57BDF6CD), UINT32_C(0x7C75EA43), ++ UINT32_C(0xFC6AB0A6), UINT32_C(0xF7FD6EF3), UINT32_C(0xEB6B8AFB) }, ++ { UINT32_C(0x2A3DF404), UINT32_C(0x5B2AEEF0), UINT32_C(0xB9823197), ++ UINT32_C(0x31FD3B48), UINT32_C(0x83A7EB23), UINT32_C(0x56226DB6), ++ UINT32_C(0x5BB1ED2F), UINT32_C(0x3772C21E), UINT32_C(0xCD1ABA6A), ++ UINT32_C(0x3E833624), UINT32_C(0xAC672DAD), UINT32_C(0xBAE58FFA) } }, ++ { { UINT32_C(0x31BA1705), UINT32_C(0xCE92224D), UINT32_C(0xF0197F63), ++ UINT32_C(0x022C6ED2), UINT32_C(0xA4DC1113), UINT32_C(0x21F18D99), ++ UINT32_C(0x03616BF1), UINT32_C(0x5CD04DE8), UINT32_C(0x9FF12E08), ++ UINT32_C(0x6F900679), UINT32_C(0x48E61DDF), UINT32_C(0xF59A3315) }, ++ { UINT32_C(0xB51BD024), UINT32_C(0x9474D42C), UINT32_C(0x9051E49D), ++ UINT32_C(0x11A0A413), UINT32_C(0xDCE70EDB), UINT32_C(0x79C92705), ++ UINT32_C(0x34198426), UINT32_C(0x113CE278), UINT32_C(0xEA8616D2), ++ UINT32_C(0x8978396F), UINT32_C(0xEA894C36), UINT32_C(0x9A2A14D0) } }, ++ { { UINT32_C(0x604F6E4A), UINT32_C(0x4F1E1254), UINT32_C(0x0187D585), ++ UINT32_C(0x4513B088), UINT32_C(0x19E0F482), UINT32_C(0x9022F257), ++ UINT32_C(0xE2239DBF), UINT32_C(0x51FB2A80), UINT32_C(0x998ED9D5), ++ UINT32_C(0x49940D9E), UINT32_C(0x6C932C5D), UINT32_C(0x0583D241) }, ++ { UINT32_C(0xF25B73F7), UINT32_C(0x1188CEC8), UINT32_C(0x3B3D06CD), ++ UINT32_C(0xA28788CB), UINT32_C(0xA083DB5A), UINT32_C(0xDEA194EC), ++ UINT32_C(0x22DF4272), UINT32_C(0xD93A4F7E), UINT32_C(0x6A009C49), ++ UINT32_C(0x8D84E4BF), UINT32_C(0x3E3E4A9E), UINT32_C(0x893D8DD9) } }, ++ { { UINT32_C(0x33D31160), UINT32_C(0x35E909EA), UINT32_C(0x57172F1E), ++ UINT32_C(0x50203168), UINT32_C(0x51F3D866), UINT32_C(0x2707FC44), ++ UINT32_C(0xD2442A5D), UINT32_C(0xEB9D2018), UINT32_C(0x5DBFE378), ++ UINT32_C(0x904D7209), UINT32_C(0x5F13CF77), UINT32_C(0x6DB132A3) }, ++ { UINT32_C(0x7A3AF54B), UINT32_C(0x9D842BA6), UINT32_C(0x5AA5B4F9), ++ UINT32_C(0x4E16EA19), UINT32_C(0xAF24228E), UINT32_C(0x2BBA457C), ++ UINT32_C(0x16F3C5FE), UINT32_C(0xCC04B3BB), UINT32_C(0x77E64944), ++ UINT32_C(0xBAFAC516), UINT32_C(0xF08BCEE0), UINT32_C(0x31580A34) } }, ++ { { UINT32_C(0x20C30ACA), UINT32_C(0xC6808DEE), UINT32_C(0xA3EA2056), ++ UINT32_C(0xDADD216F), UINT32_C(0x7A4A9F9D), UINT32_C(0xD331394E), ++ UINT32_C(0x424C4026), UINT32_C(0x9E0441AD), UINT32_C(0x0AEB5350), ++ UINT32_C(0xAEED102F), UINT32_C(0xD45B09DA), UINT32_C(0xC6697FBB) }, ++ { UINT32_C(0xDEAC1496), UINT32_C(0x52A2590E), UINT32_C(0x250B87AF), ++ UINT32_C(0x7142B831), UINT32_C(0x6D0784A8), UINT32_C(0xBEF2E68B), ++ UINT32_C(0xA5F71CEF), UINT32_C(0x5F62593A), UINT32_C(0xB5DA51A3), ++ UINT32_C(0x3B8F7616), UINT32_C(0xB680F5FE), UINT32_C(0xC7A6FA0D) } }, ++ { { UINT32_C(0x99C8227C), UINT32_C(0x36C21DE6), UINT32_C(0xC26813B1), ++ UINT32_C(0xBEE3E867), UINT32_C(0xBDD91549), UINT32_C(0x9B05F2E6), ++ UINT32_C(0xA7D1110F), UINT32_C(0x34FF2B1F), UINT32_C(0x37F67FD0), ++ UINT32_C(0x8E6953B9), UINT32_C(0xC3183E20), UINT32_C(0x56C7F18B) }, ++ { UINT32_C(0x9E2019ED), UINT32_C(0x48AF46DE), UINT32_C(0xF551BBBF), ++ UINT32_C(0xDEAF972E), UINT32_C(0xCC5E3EEF), UINT32_C(0x88EE38F8), ++ UINT32_C(0x392D6BAF), UINT32_C(0xFB8D7A44), UINT32_C(0x0127187D), ++ UINT32_C(0x32293BFC), UINT32_C(0xE58647CC), UINT32_C(0x7689E767) } }, ++ { { UINT32_C(0x52168013), UINT32_C(0x00CE901B), UINT32_C(0x837AAE71), ++ UINT32_C(0xC6BF8E38), UINT32_C(0x167677D8), UINT32_C(0xD6F11EFA), ++ UINT32_C(0x86C8E5CF), UINT32_C(0xE53BB485), UINT32_C(0xC48E74AB), ++ UINT32_C(0x671167CE), UINT32_C(0x8AD720A7), UINT32_C(0x8A40218C) }, ++ { UINT32_C(0xE7C1191A), UINT32_C(0x81E827A6), UINT32_C(0xADDB153D), ++ UINT32_C(0x54058F8D), UINT32_C(0x0D950FA2), UINT32_C(0x0BAF2925), ++ UINT32_C(0x576DDA13), UINT32_C(0xC244674D), UINT32_C(0x41BCD13B), ++ UINT32_C(0x8C4630AE), UINT32_C(0x5A077419), UINT32_C(0x6C2127BF) } }, ++ { { UINT32_C(0xA83C501F), UINT32_C(0xCF977FD5), UINT32_C(0xB6AB176F), ++ UINT32_C(0xD7C6DF36), UINT32_C(0x397BC6B5), UINT32_C(0x117F6331), ++ UINT32_C(0xF7A2D491), UINT32_C(0x72A6078B), UINT32_C(0x5242FE2E), ++ UINT32_C(0xE5A2AAED), UINT32_C(0xFEBDC212), UINT32_C(0x88ECFFDC) }, ++ { UINT32_C(0xCE33BA21), UINT32_C(0xF2DBBF50), UINT32_C(0xCEB19F07), ++ UINT32_C(0xE1343B76), UINT32_C(0xD2C28F71), UINT32_C(0x1F32D4C9), ++ UINT32_C(0x18587685), UINT32_C(0x93FC64B4), UINT32_C(0xBA1F8BD1), ++ UINT32_C(0x39CEEF9B), UINT32_C(0x8D6D6BB0), UINT32_C(0x99C36A78) } }, ++ { { UINT32_C(0x3E9561CF), UINT32_C(0x0D063817), UINT32_C(0x3D33704D), ++ UINT32_C(0x1D8646AA), UINT32_C(0x7A08BA33), UINT32_C(0x8C451384), ++ UINT32_C(0xE02D6624), UINT32_C(0x96446BD3), UINT32_C(0x2D6F4166), ++ UINT32_C(0x749849F0), UINT32_C(0x14268BF0), UINT32_C(0xE364DA01) }, ++ { UINT32_C(0x9AEBFCFD), UINT32_C(0x7CE4587E), UINT32_C(0x56234393), ++ UINT32_C(0xD4686064), UINT32_C(0x16DF73B2), UINT32_C(0x00231D51), ++ UINT32_C(0x7279C78C), UINT32_C(0xF6A969B7), UINT32_C(0x6CB4117C), ++ UINT32_C(0x1FF1F6B6), UINT32_C(0xD3EAB680), UINT32_C(0x30AEBC39) } }, ++ { { UINT32_C(0x93EF00B9), UINT32_C(0x5CC97E64), UINT32_C(0x972345AE), ++ UINT32_C(0xDAE13841), UINT32_C(0x4788F43C), UINT32_C(0x85839184), ++ UINT32_C(0xE2E6CF3E), UINT32_C(0xD0FF521E), UINT32_C(0x4B707C86), ++ UINT32_C(0xAED14A5B), UINT32_C(0xD2523CF7), UINT32_C(0x7EAAE4A6) }, ++ { UINT32_C(0x024C8AC6), UINT32_C(0x266472C5), UINT32_C(0xC0170051), ++ UINT32_C(0xE47E1522), UINT32_C(0x73826BAE), UINT32_C(0x7B83DA61), ++ UINT32_C(0xCF543F0D), UINT32_C(0xE97E19F5), UINT32_C(0x20BF38E2), ++ UINT32_C(0x5D5248FA), UINT32_C(0xDF56A037), UINT32_C(0x8A7C2F7D) } }, ++ { { UINT32_C(0x87B0526C), UINT32_C(0xB04659DD), UINT32_C(0x2307565E), ++ UINT32_C(0x593C604A), UINT32_C(0x7C630AB8), UINT32_C(0x49E52225), ++ UINT32_C(0xDCE9CD23), UINT32_C(0x24C1D0C6), UINT32_C(0x85177079), ++ UINT32_C(0x6FDB241C), UINT32_C(0xF250C351), UINT32_C(0x5F521D19) }, ++ { UINT32_C(0xA6FB61DF), UINT32_C(0xFB56134B), UINT32_C(0xD75C07ED), ++ UINT32_C(0xA4E70D69), UINT32_C(0x7D8825A8), UINT32_C(0xB7A82448), ++ UINT32_C(0xDD64BBCC), UINT32_C(0xA3AEA7D4), UINT32_C(0x8692F539), ++ UINT32_C(0xD53E6E6C), UINT32_C(0xF7AA4BC0), UINT32_C(0x8DDDA83B) } }, ++ }, ++ { ++ { { UINT32_C(0xDD93D50A), UINT32_C(0x140A0F9F), UINT32_C(0x83B7ABAC), ++ UINT32_C(0x4799FFDE), UINT32_C(0x04A1F742), UINT32_C(0x78FF7C23), ++ UINT32_C(0x195BA34E), UINT32_C(0xC0568F51), UINT32_C(0x3B7F78B4), ++ UINT32_C(0xE9718360), UINT32_C(0xF9EFAA53), UINT32_C(0x9CFD1FF1) }, ++ { UINT32_C(0xBB06022E), UINT32_C(0xE924D2C5), UINT32_C(0xFAA2AF6D), ++ UINT32_C(0x9987FA86), UINT32_C(0x6EE37E0F), UINT32_C(0x4B12E73F), ++ UINT32_C(0x5E5A1DDE), UINT32_C(0x1836FDFA), UINT32_C(0x9DCD6416), ++ UINT32_C(0x7F1B9225), UINT32_C(0x677544D8), UINT32_C(0xCB2C1B4D) } }, ++ { { UINT32_C(0x9C213D95), UINT32_C(0x0254486D), UINT32_C(0xCB2F6E94), ++ UINT32_C(0x68A9DB56), UINT32_C(0x000F5491), UINT32_C(0xFB5858BA), ++ UINT32_C(0x34009FB6), UINT32_C(0x1315BDD9), UINT32_C(0xC42BDE30), ++ UINT32_C(0xB18A8E0A), UINT32_C(0xF1070358), UINT32_C(0xFDCF93D1) }, ++ { UINT32_C(0x3022937E), UINT32_C(0xBEB1DB75), UINT32_C(0xCAC20DB4), ++ UINT32_C(0x9B9ECA7A), UINT32_C(0xE4122B20), UINT32_C(0x152214D4), ++ UINT32_C(0xAABCCC7B), UINT32_C(0xD3E673F2), UINT32_C(0xAED07571), ++ UINT32_C(0x94C50F64), UINT32_C(0xE66B4F17), UINT32_C(0xD767059A) } }, ++ { { UINT32_C(0xDCD6D14B), UINT32_C(0x40336B12), UINT32_C(0xE3B4919C), ++ UINT32_C(0xF6BCFF5D), UINT32_C(0x9C841F0C), UINT32_C(0xC337048D), ++ UINT32_C(0x1D617F50), UINT32_C(0x4CE6D025), UINT32_C(0x8117D379), ++ UINT32_C(0x00FEF219), UINT32_C(0xF95BE243), UINT32_C(0x18B7C4E9) }, ++ { UINT32_C(0x38DF08FF), UINT32_C(0x98DE119E), UINT32_C(0x8D772D20), ++ UINT32_C(0xDFD803BD), UINT32_C(0x0F9678BD), UINT32_C(0x94125B72), ++ UINT32_C(0x334ACE30), UINT32_C(0xFC5B57CD), UINT32_C(0xB7E86E04), ++ UINT32_C(0x09486527), UINT32_C(0x6E552039), UINT32_C(0xFE9F8BCC) } }, ++ { { UINT32_C(0xD6F5A10E), UINT32_C(0x3B75C45B), UINT32_C(0xC1C35F38), ++ UINT32_C(0xFD4680F4), UINT32_C(0xF8E0A113), UINT32_C(0x5450227D), ++ UINT32_C(0x73DDBA24), UINT32_C(0x5E69F1AE), UINT32_C(0x57F24645), ++ UINT32_C(0x2007B80E), UINT32_C(0x3D159741), UINT32_C(0xC63695DC) }, ++ { UINT32_C(0x4530F623), UINT32_C(0xCBE54D29), UINT32_C(0x2869586B), ++ UINT32_C(0x986AD573), UINT32_C(0x4CC39F73), UINT32_C(0xE19F7059), ++ UINT32_C(0x2B1B8DA9), UINT32_C(0x80F00AB3), UINT32_C(0x73F68D26), ++ UINT32_C(0xB765AAF9), UINT32_C(0xE993F829), UINT32_C(0xBC79A394) } }, ++ { { UINT32_C(0xF310D2A0), UINT32_C(0x9C441043), UINT32_C(0xDC5EB106), ++ UINT32_C(0x2865EE58), UINT32_C(0x9CB8065C), UINT32_C(0x71A95922), ++ UINT32_C(0xA052AF0F), UINT32_C(0x8EB3A733), UINT32_C(0xB09D716E), ++ UINT32_C(0x56009F42), UINT32_C(0xABCBE6AD), UINT32_C(0xA7F923C5) }, ++ { UINT32_C(0xFA375C01), UINT32_C(0x263B7669), UINT32_C(0x21EF27A2), ++ UINT32_C(0x641C47E5), UINT32_C(0xB08FFD25), UINT32_C(0xA89B474E), ++ UINT32_C(0xF0A239F3), UINT32_C(0x5BE8EC3F), UINT32_C(0x242A6C5A), ++ UINT32_C(0x0E79957A), UINT32_C(0x0C6C75F5), UINT32_C(0x1DFB26D0) } }, ++ { { UINT32_C(0x9DFBF22A), UINT32_C(0x2FD97B9B), UINT32_C(0x5643532D), ++ UINT32_C(0xDEC16CC8), UINT32_C(0x60FEE7C3), UINT32_C(0xDF0E6E39), ++ UINT32_C(0x545860C8), UINT32_C(0xD09AD7B6), UINT32_C(0x73FC3B7C), ++ UINT32_C(0xCC16E984), UINT32_C(0x0D4E1555), UINT32_C(0x6CE734C1) }, ++ { UINT32_C(0x4B5F6032), UINT32_C(0xC6EFE68B), UINT32_C(0x14F54073), ++ UINT32_C(0x3A64F34C), UINT32_C(0xAC44DC95), UINT32_C(0x25DA689C), ++ UINT32_C(0x5358AD8A), UINT32_C(0x990C477E), UINT32_C(0xF36DA7DE), ++ UINT32_C(0x00E958A5), UINT32_C(0xC9B6F161), UINT32_C(0x902B7360) } }, ++ { { UINT32_C(0x9347B90A), UINT32_C(0x454AB42C), UINT32_C(0xA698B02B), ++ UINT32_C(0xCAEBE64A), UINT32_C(0xFB86FA40), UINT32_C(0x119CDC69), ++ UINT32_C(0xC3109281), UINT32_C(0x2E5CB7AD), UINT32_C(0xCD0C3D00), ++ UINT32_C(0x67BB1EC5), UINT32_C(0x83F25BBF), UINT32_C(0x5D430BC7) }, ++ { UINT32_C(0x5CDE0ABB), UINT32_C(0x69FD84A8), UINT32_C(0x9816B688), ++ UINT32_C(0x69DA263E), UINT32_C(0x0E53CBB8), UINT32_C(0xE52D93DF), ++ UINT32_C(0xADD2D5A7), UINT32_C(0x42CF6F25), UINT32_C(0xC87CA88F), ++ UINT32_C(0x227BA59D), UINT32_C(0xDA738554), UINT32_C(0x7A1CA876) } }, ++ { { UINT32_C(0x1CAC82C4), UINT32_C(0x3FA5C105), UINT32_C(0x8A78C9BE), ++ UINT32_C(0x23C76087), UINT32_C(0x1C5CFA42), UINT32_C(0xE98CDAD6), ++ UINT32_C(0x0A6C0421), UINT32_C(0x09C30252), UINT32_C(0x42FC61B9), ++ UINT32_C(0x149BAC7C), UINT32_C(0x3004A3E2), UINT32_C(0x3A1C22AC) }, ++ { UINT32_C(0x202C7FED), UINT32_C(0xDE6B0D6E), UINT32_C(0xE7E63052), ++ UINT32_C(0xB2457377), UINT32_C(0x3706B3EF), UINT32_C(0x31725FD4), ++ UINT32_C(0x2B1AFDBF), UINT32_C(0xE16A347D), UINT32_C(0x8C29CF66), ++ UINT32_C(0xBE4850C4), UINT32_C(0x2939F23C), UINT32_C(0x8F51CC4D) } }, ++ { { UINT32_C(0x219AE6C1), UINT32_C(0x169E025B), UINT32_C(0x116E1CA1), ++ UINT32_C(0x55FF526F), UINT32_C(0xB191F55D), UINT32_C(0x01B810A3), ++ UINT32_C(0x29588A69), UINT32_C(0x2D981272), UINT32_C(0x48B92199), ++ UINT32_C(0x53C93770), UINT32_C(0x8A85236F), UINT32_C(0x8C7DD84E) }, ++ { UINT32_C(0xCAACF958), UINT32_C(0x293D48B6), UINT32_C(0x43572B30), ++ UINT32_C(0x1F084ACB), UINT32_C(0xFAD91F28), UINT32_C(0x628BFA2D), ++ UINT32_C(0x829386AF), UINT32_C(0x8D627B11), UINT32_C(0xD44A77BE), ++ UINT32_C(0x3EC1DD00), UINT32_C(0x649AC7F0), UINT32_C(0x8D3B0D08) } }, ++ { { UINT32_C(0x177513BF), UINT32_C(0x00A93DAA), UINT32_C(0x42AD79E1), ++ UINT32_C(0x2EF0B96F), UINT32_C(0xA07129D9), UINT32_C(0x81F5AAF1), ++ UINT32_C(0x923F2449), UINT32_C(0xFC04B7EF), UINT32_C(0x60CDB1B7), ++ UINT32_C(0x855DA795), UINT32_C(0xAD5D61D4), UINT32_C(0xB1EB5DAB) }, ++ { UINT32_C(0x353FD028), UINT32_C(0xD2CEF1AE), UINT32_C(0x9EE94847), ++ UINT32_C(0xC21D5439), UINT32_C(0x0380C1A8), UINT32_C(0x9ED552BB), ++ UINT32_C(0x2BAC328F), UINT32_C(0xB156FE7A), UINT32_C(0x7213C6A4), ++ UINT32_C(0xBB7E0196), UINT32_C(0x1701ED5B), UINT32_C(0x36002A33) } }, ++ { { UINT32_C(0xDDC9EF4D), UINT32_C(0x20B1632A), UINT32_C(0x272D082B), ++ UINT32_C(0x2A35FF4C), UINT32_C(0xF6CC9BD3), UINT32_C(0x30D39923), ++ UINT32_C(0xE65C9D08), UINT32_C(0x6D879BC2), UINT32_C(0x6FA9983C), ++ UINT32_C(0xCE8274E1), UINT32_C(0x0EB7424F), UINT32_C(0x652371E8) }, ++ { UINT32_C(0xC5C35282), UINT32_C(0x32B77503), UINT32_C(0xC885A931), ++ UINT32_C(0xD7306333), UINT32_C(0x72955AA8), UINT32_C(0x8A16D719), ++ UINT32_C(0x7D51F882), UINT32_C(0x5548F163), UINT32_C(0xBABA59EF), ++ UINT32_C(0xB311DC66), UINT32_C(0x0DB8F627), UINT32_C(0x773D5448) } }, ++ { { UINT32_C(0x7A62EB3B), UINT32_C(0x59B1B134), UINT32_C(0xCCEEFB34), ++ UINT32_C(0x0F8CE157), UINT32_C(0xA798CB2B), UINT32_C(0x3FE842A8), ++ UINT32_C(0x0BF4161D), UINT32_C(0xD01BC626), UINT32_C(0x4D016FDB), ++ UINT32_C(0x55EF6E55), UINT32_C(0xB242B201), UINT32_C(0xCB561503) }, ++ { UINT32_C(0xAF4199C1), UINT32_C(0x076EBC73), UINT32_C(0x697244F7), ++ UINT32_C(0x39DEDCBB), UINT32_C(0x040162BC), UINT32_C(0x9D184733), ++ UINT32_C(0x7F6B5FA6), UINT32_C(0x902992C1), UINT32_C(0xBB4952B5), ++ UINT32_C(0xAD1DE754), UINT32_C(0xA121F6C8), UINT32_C(0x7ACF1B93) } }, ++ { { UINT32_C(0x325C9B9A), UINT32_C(0x7A56867C), UINT32_C(0xF3DC3D6A), ++ UINT32_C(0x1A143999), UINT32_C(0x03F5BCB8), UINT32_C(0xCE109590), ++ UINT32_C(0xD6EEE5B7), UINT32_C(0x034E9035), UINT32_C(0x495DF1BC), ++ UINT32_C(0x2AFA81C8), UINT32_C(0x08924D02), UINT32_C(0x5EAB52DC) }, ++ { UINT32_C(0xAA181904), UINT32_C(0xEE6AA014), UINT32_C(0x310AD621), ++ UINT32_C(0xE62DEF09), UINT32_C(0xC7538A03), UINT32_C(0x6C9792FC), ++ UINT32_C(0x3E41D789), UINT32_C(0xA89D3E88), UINT32_C(0x9F94AE83), ++ UINT32_C(0xD60FA11C), UINT32_C(0xE0D6234A), UINT32_C(0x5E16A8C2) } }, ++ { { UINT32_C(0xA9242F3B), UINT32_C(0x87EC053D), UINT32_C(0xF0E03545), ++ UINT32_C(0x99544637), UINT32_C(0x6B7019E9), UINT32_C(0xEA0633FF), ++ UINT32_C(0x68DDDB5B), UINT32_C(0x8CB8AE07), UINT32_C(0x1A811AC7), ++ UINT32_C(0x892E7C84), UINT32_C(0x73664249), UINT32_C(0xC7EF19EB) }, ++ { UINT32_C(0xCD1489E3), UINT32_C(0xD1B5819A), UINT32_C(0xDE45D24A), ++ UINT32_C(0xF9C80FB0), UINT32_C(0x83BB7491), UINT32_C(0x045C21A6), ++ UINT32_C(0x73F7A47D), UINT32_C(0xA65325BE), UINT32_C(0x9C394F0C), ++ UINT32_C(0x08D09F0E), UINT32_C(0x268D4F08), UINT32_C(0xE7FB21C6) } }, ++ { { UINT32_C(0x6CA95C18), UINT32_C(0xC4CCAB95), UINT32_C(0xBC42E040), ++ UINT32_C(0x563FFD56), UINT32_C(0xE701C604), UINT32_C(0xFA3C64D8), ++ UINT32_C(0xB0ABAFEE), UINT32_C(0xC88D4426), UINT32_C(0x8542E4C3), ++ UINT32_C(0x1A353E5E), UINT32_C(0xED726186), UINT32_C(0x9A2D8B7C) }, ++ { UINT32_C(0x42D097FA), UINT32_C(0xD61CE190), UINT32_C(0x799A748B), ++ UINT32_C(0x6A63E280), UINT32_C(0x3225486B), UINT32_C(0x0F48D063), ++ UINT32_C(0x42A3C443), UINT32_C(0x848F8FE1), UINT32_C(0x8493CEF4), ++ UINT32_C(0x2CCDE250), UINT32_C(0x45E77E7C), UINT32_C(0x5450A508) } }, ++ { { UINT32_C(0x03112816), UINT32_C(0xD0F4E248), UINT32_C(0xCCBE9E16), ++ UINT32_C(0xFCAD9DDB), UINT32_C(0x5AE01EA0), UINT32_C(0x177999BF), ++ UINT32_C(0xCE832DCE), UINT32_C(0xD20C78B9), UINT32_C(0x50C8C646), ++ UINT32_C(0x3CC694FB), UINT32_C(0xC93D4887), UINT32_C(0x24D75968) }, ++ { UINT32_C(0x87BC08AF), UINT32_C(0x9F06366A), UINT32_C(0x7FD0DF2A), ++ UINT32_C(0x59FAB50E), UINT32_C(0x6C4CC234), UINT32_C(0x5FFCC7F7), ++ UINT32_C(0x65F52D86), UINT32_C(0x87198DD7), UINT32_C(0xA855DF04), ++ UINT32_C(0x5B9C94B0), UINT32_C(0x8A067AD7), UINT32_C(0xD8BA6C73) } }, ++ }, ++ { ++ { { UINT32_C(0x1C4C9D90), UINT32_C(0x9E9AF315), UINT32_C(0xD12E0A89), ++ UINT32_C(0x8665C5A9), UINT32_C(0x58286493), UINT32_C(0x204ABD92), ++ UINT32_C(0xB2E09205), UINT32_C(0x79959889), UINT32_C(0xFE56B101), ++ UINT32_C(0x0C727A3D), UINT32_C(0x8B657F26), UINT32_C(0xF366244C) }, ++ { UINT32_C(0xCCA65BE2), UINT32_C(0xDE35D954), UINT32_C(0xB0FD41CE), ++ UINT32_C(0x52EE1230), UINT32_C(0x36019FEE), UINT32_C(0xFA03261F), ++ UINT32_C(0x66511D8F), UINT32_C(0xAFDA42D9), UINT32_C(0x821148B9), ++ UINT32_C(0xF63211DD), UINT32_C(0x6F13A3E1), UINT32_C(0x7B56AF7E) } }, ++ { { UINT32_C(0x5913E184), UINT32_C(0x47FE4799), UINT32_C(0x82145900), ++ UINT32_C(0x5BBE584C), UINT32_C(0x9A867173), UINT32_C(0xB76CFA8B), ++ UINT32_C(0x514BF471), UINT32_C(0x9BC87BF0), UINT32_C(0x71DCF1FC), ++ UINT32_C(0x37392DCE), UINT32_C(0x3AD1EFA8), UINT32_C(0xEC3EFAE0) }, ++ { UINT32_C(0x14876451), UINT32_C(0xBBEA5A34), UINT32_C(0x6217090F), ++ UINT32_C(0x96E5F543), UINT32_C(0x9B1665A9), UINT32_C(0x5B3D4ECD), ++ UINT32_C(0xE329DF22), UINT32_C(0xE7B0DF26), UINT32_C(0x0BAA808D), ++ UINT32_C(0x18FB438E), UINT32_C(0xDD516FAF), UINT32_C(0x90757EBF) } }, ++ { { UINT32_C(0xD5A98D68), UINT32_C(0x1E6F9A95), UINT32_C(0x849DA828), ++ UINT32_C(0x759EA7DF), UINT32_C(0x6E8B4198), UINT32_C(0x365D5625), ++ UINT32_C(0x7A4A53F9), UINT32_C(0xE1B9C53B), UINT32_C(0xE32B9B16), ++ UINT32_C(0x55DC1D50), UINT32_C(0xBB6D5701), UINT32_C(0xA4657EBB) }, ++ { UINT32_C(0xEACC76E2), UINT32_C(0x4C270249), UINT32_C(0x162B1CC7), ++ UINT32_C(0xBE49EC75), UINT32_C(0x0689902B), UINT32_C(0x19A95B61), ++ UINT32_C(0xA4CFC5A8), UINT32_C(0xDD5706BF), UINT32_C(0x14E5B424), ++ UINT32_C(0xD33BDB73), UINT32_C(0xE69EBA87), UINT32_C(0x21311BD1) } }, ++ { { UINT32_C(0x72A21ACC), UINT32_C(0x75BA2F9B), UINT32_C(0xA28EDB4C), ++ UINT32_C(0x356688D4), UINT32_C(0x610D080F), UINT32_C(0x3C339E0B), ++ UINT32_C(0x33A99C2F), UINT32_C(0x614AC293), UINT32_C(0xAA580AFF), ++ UINT32_C(0xA5E23AF2), UINT32_C(0xE1FDBA3A), UINT32_C(0xA6BCB860) }, ++ { UINT32_C(0xB43F9425), UINT32_C(0xAA603365), UINT32_C(0xF7EE4635), ++ UINT32_C(0xAE8D7126), UINT32_C(0x56330A32), UINT32_C(0xA2B25244), ++ UINT32_C(0x9E025AA3), UINT32_C(0xC396B5BB), UINT32_C(0xF8A0D5CF), ++ UINT32_C(0xABBF77FA), UINT32_C(0xEA31C83B), UINT32_C(0xB322EE30) } }, ++ { { UINT32_C(0x7890E234), UINT32_C(0x04881384), UINT32_C(0x672E70C6), ++ UINT32_C(0x387F1159), UINT32_C(0x7B307F75), UINT32_C(0x1468A614), ++ UINT32_C(0xED85EC96), UINT32_C(0x56335B52), UINT32_C(0xD45BCAE9), ++ UINT32_C(0xDA1BB60F), UINT32_C(0xF9FAEADD), UINT32_C(0x4D94F3F0) }, ++ { UINT32_C(0xFC78D86B), UINT32_C(0x6C6A7183), UINT32_C(0x3018DEC6), ++ UINT32_C(0xA425B5C7), UINT32_C(0x2D877399), UINT32_C(0xB1549C33), ++ UINT32_C(0x92B2BC37), UINT32_C(0x6C41C50C), UINT32_C(0x83EE0DDB), ++ UINT32_C(0x3A9F380C), UINT32_C(0xC4599E73), UINT32_C(0xDED5FEB6) } }, ++ { { UINT32_C(0x0B7F8354), UINT32_C(0x14D34C21), UINT32_C(0x9177CE45), ++ UINT32_C(0x1475A1CD), UINT32_C(0x9B926E4B), UINT32_C(0x9F5F764A), ++ UINT32_C(0x05DD21FE), UINT32_C(0x77260D1E), UINT32_C(0xC4B937F7), ++ UINT32_C(0x3C882480), UINT32_C(0x722372F2), UINT32_C(0xC92DCD39) }, ++ { UINT32_C(0xEC6F657E), UINT32_C(0xF636A1BE), UINT32_C(0x1D30DD35), ++ UINT32_C(0xB0E6C312), UINT32_C(0xE4654EFE), UINT32_C(0xFE4B0528), ++ UINT32_C(0x21D230D2), UINT32_C(0x1C4A6820), UINT32_C(0x98FA45AB), ++ UINT32_C(0x615D2E48), UINT32_C(0x01FDBABF), UINT32_C(0x1F35D6D8) } }, ++ { { UINT32_C(0x3A7B10D1), UINT32_C(0xA636EEB8), UINT32_C(0xF4A29E73), ++ UINT32_C(0x4E1AE352), UINT32_C(0xE6BB1EC7), UINT32_C(0x01704F5F), ++ UINT32_C(0x0EF020AE), UINT32_C(0x75C04F72), UINT32_C(0x5A31E6A6), ++ UINT32_C(0x448D8CEE), UINT32_C(0x208F994B), UINT32_C(0xE40A9C29) }, ++ { UINT32_C(0xFD8F9D5D), UINT32_C(0x69E09A30), UINT32_C(0x449BAB7E), ++ UINT32_C(0xE6A5F7EB), UINT32_C(0x2AA1768B), UINT32_C(0xF25BC18A), ++ UINT32_C(0x3C841234), UINT32_C(0x9449E404), UINT32_C(0x016A7BEF), ++ UINT32_C(0x7A3BF43E), UINT32_C(0x2A150B60), UINT32_C(0xF25803E8) } }, ++ { { UINT32_C(0xB215F9E0), UINT32_C(0xE44A2A57), UINT32_C(0x19066F0A), ++ UINT32_C(0x38B34DCE), UINT32_C(0x40BB1BFB), UINT32_C(0x8BB91DAD), ++ UINT32_C(0xE67735FC), UINT32_C(0x64C9F775), UINT32_C(0x88D613CD), ++ UINT32_C(0xDE142417), UINT32_C(0x1901D88D), UINT32_C(0xC5014FF5) }, ++ { UINT32_C(0xF38116B0), UINT32_C(0xA250341D), UINT32_C(0x9D6CBCB2), ++ UINT32_C(0xF96B9DD4), UINT32_C(0x76B3FAC2), UINT32_C(0x15EC6C72), ++ UINT32_C(0x8124C1E9), UINT32_C(0x88F1952F), UINT32_C(0x975BE4F5), ++ UINT32_C(0x6B72F8EA), UINT32_C(0x061F7530), UINT32_C(0x23D288FF) } }, ++ { { UINT32_C(0xAFB96CE3), UINT32_C(0xEBFE3E5F), UINT32_C(0xB1979537), ++ UINT32_C(0x2275EDFB), UINT32_C(0xC97BA741), UINT32_C(0xC37AB9E8), ++ UINT32_C(0x63D7C626), UINT32_C(0x446E4B10), UINT32_C(0xD025EB02), ++ UINT32_C(0xB73E2DCE), UINT32_C(0x7669EEA7), UINT32_C(0x1F952B51) }, ++ { UINT32_C(0x6069A424), UINT32_C(0xABDD00F6), UINT32_C(0xDC298BFB), ++ UINT32_C(0x1C0F9D9B), UINT32_C(0xEB757B33), UINT32_C(0x831B1FD3), ++ UINT32_C(0x59D60B32), UINT32_C(0xD7DBE183), UINT32_C(0x9EF094B3), ++ UINT32_C(0x663D1F36), UINT32_C(0x67F7F11A), UINT32_C(0x1BD5732E) } }, ++ { { UINT32_C(0xC75D8892), UINT32_C(0x3C7FB3F5), UINT32_C(0xBA68DA69), ++ UINT32_C(0x2CFF9A0C), UINT32_C(0x60EC740B), UINT32_C(0x76455E8B), ++ UINT32_C(0x167B88F0), UINT32_C(0x4B8D67FF), UINT32_C(0x5A4186B1), ++ UINT32_C(0xEDEC0C02), UINT32_C(0xBEBF35AB), UINT32_C(0x127C462D) }, ++ { UINT32_C(0x049430FC), UINT32_C(0x9159C67E), UINT32_C(0xE7747320), ++ UINT32_C(0x86B21DD2), UINT32_C(0x0CF27B89), UINT32_C(0x0E0E0152), ++ UINT32_C(0xCD1316B6), UINT32_C(0x705F28F5), UINT32_C(0xBEAEA8A8), ++ UINT32_C(0x76751691), UINT32_C(0x360C5B69), UINT32_C(0x4C73E282) } }, ++ { { UINT32_C(0xFD7B3D74), UINT32_C(0x46BCC0D5), UINT32_C(0x0DC4F410), ++ UINT32_C(0x6F13C20E), UINT32_C(0x72F11CDF), UINT32_C(0x98A1AF7D), ++ UINT32_C(0x7928881C), UINT32_C(0x6099FD83), UINT32_C(0x371BB94B), ++ UINT32_C(0x66976356), UINT32_C(0x19B945AB), UINT32_C(0x673FBA72) }, ++ { UINT32_C(0xAED00700), UINT32_C(0xE4D8FA6E), UINT32_C(0x5C71A9F7), ++ UINT32_C(0xEA2313EC), UINT32_C(0xF99D4AEA), UINT32_C(0xF9ED8268), ++ UINT32_C(0x42AB59C7), UINT32_C(0xADD89164), UINT32_C(0x3F3A2D45), ++ UINT32_C(0xB37EB26F), UINT32_C(0xA924841E), UINT32_C(0x0B39BD7A) } }, ++ { { UINT32_C(0xE03CDBBB), UINT32_C(0xD811EB32), UINT32_C(0x7CC3610E), ++ UINT32_C(0x12055F1D), UINT32_C(0xA9046E3F), UINT32_C(0x6B23A1A0), ++ UINT32_C(0x9DD4A749), UINT32_C(0x4D712122), UINT32_C(0xB1BF0AC3), ++ UINT32_C(0xB0C2ACA1), UINT32_C(0xC1B0432F), UINT32_C(0x71EFF575) }, ++ { UINT32_C(0x2B44E285), UINT32_C(0x6CD81492), UINT32_C(0xD87E8D20), ++ UINT32_C(0x3088BD9C), UINT32_C(0xF567E8FA), UINT32_C(0xACE218E5), ++ UINT32_C(0xCF90CBBB), UINT32_C(0xB3FA0424), UINT32_C(0x770734D3), ++ UINT32_C(0xADBDA751), UINT32_C(0x5AD6569A), UINT32_C(0xBCD78BAD) } }, ++ { { UINT32_C(0x7F39641F), UINT32_C(0xCADB31FA), UINT32_C(0x825E5562), ++ UINT32_C(0x3EF3E295), UINT32_C(0xF4094C64), UINT32_C(0x4893C633), ++ UINT32_C(0x8ADDF432), UINT32_C(0x52F685F1), UINT32_C(0x7FDC9373), ++ UINT32_C(0x9FD887AB), UINT32_C(0xE8680E8B), UINT32_C(0x47A9ADA0) }, ++ { UINT32_C(0xF0CD44F6), UINT32_C(0x579313B7), UINT32_C(0xE188AE2E), ++ UINT32_C(0xAC4B8668), UINT32_C(0x8FB145BD), UINT32_C(0x648F4369), ++ UINT32_C(0x74629E31), UINT32_C(0xE0460AB3), UINT32_C(0x8FF2B05F), ++ UINT32_C(0xC25F2875), UINT32_C(0x2D31EAEA), UINT32_C(0x4720C2B6) } }, ++ { { UINT32_C(0x13D48F80), UINT32_C(0x4603CDF4), UINT32_C(0xA49725DA), ++ UINT32_C(0x9ADB50E2), UINT32_C(0x65DF63F0), UINT32_C(0x8CD33050), ++ UINT32_C(0xCD643003), UINT32_C(0x58D8B3BB), UINT32_C(0xB739826B), ++ UINT32_C(0x170A4F4A), UINT32_C(0x1EAD0E17), UINT32_C(0x857772B5) }, ++ { UINT32_C(0xE65320F1), UINT32_C(0x01B78152), UINT32_C(0xB7503FC0), ++ UINT32_C(0xA6B4D845), UINT32_C(0x3DD50798), UINT32_C(0x0F5089B9), ++ UINT32_C(0x5690B6BE), UINT32_C(0x488F200F), UINT32_C(0x9E096F36), ++ UINT32_C(0x220B4ADF), UINT32_C(0x8CE5BC7C), UINT32_C(0x474D7C9F) } }, ++ { { UINT32_C(0xC745F8C9), UINT32_C(0xFED8C058), UINT32_C(0x291262D1), ++ UINT32_C(0xB683179E), UINT32_C(0xD15EE88C), UINT32_C(0x26ABD367), ++ UINT32_C(0xF60A6249), UINT32_C(0x29E8EED3), UINT32_C(0x1E02D6E1), ++ UINT32_C(0xED6008BB), UINT32_C(0xA6B12B8D), UINT32_C(0xD82ECF4C) }, ++ { UINT32_C(0xAAE4FA22), UINT32_C(0x9929D021), UINT32_C(0x336A1AB3), ++ UINT32_C(0xBE4DEF14), UINT32_C(0x8C80A312), UINT32_C(0x529B7E09), ++ UINT32_C(0xEE0EB0CE), UINT32_C(0xB059188D), UINT32_C(0x16DEAB7F), ++ UINT32_C(0x1E42979A), UINT32_C(0x84EE9477), UINT32_C(0x24110349) } }, ++ { { UINT32_C(0x2BE579CC), UINT32_C(0xD6524685), UINT32_C(0xC456FDED), ++ UINT32_C(0x849316F1), UINT32_C(0x2D1B67DA), UINT32_C(0xC51B7DA4), ++ UINT32_C(0x41BC6D6A), UINT32_C(0xC25B539E), UINT32_C(0xA9BF8BED), ++ UINT32_C(0xE3B7CCA3), UINT32_C(0x045C15E4), UINT32_C(0x813EF18C) }, ++ { UINT32_C(0x697982C4), UINT32_C(0x5F3789A1), UINT32_C(0x8C435566), ++ UINT32_C(0x4C125369), UINT32_C(0xDC0A92C6), UINT32_C(0x00A7AE6E), ++ UINT32_C(0x2F64A053), UINT32_C(0x1ABC929B), UINT32_C(0x38666B44), ++ UINT32_C(0xF4925C4C), UINT32_C(0x0F3DE7F6), UINT32_C(0xA81044B0) } }, ++ }, ++ { ++ { { UINT32_C(0xC2EC3731), UINT32_C(0xBCC88422), UINT32_C(0x10DC4EC2), ++ UINT32_C(0x78A3E4D4), UINT32_C(0x2571D6B1), UINT32_C(0x745DA1EF), ++ UINT32_C(0x739A956E), UINT32_C(0xF01C2921), UINT32_C(0xE4BFFC16), ++ UINT32_C(0xEFFD8065), UINT32_C(0xF36FE72C), UINT32_C(0x6EFE62A1) }, ++ { UINT32_C(0x0F4629A4), UINT32_C(0xF49E90D2), UINT32_C(0x8CE646F4), ++ UINT32_C(0xADD1DCC7), UINT32_C(0xB7240D91), UINT32_C(0xCB78B583), ++ UINT32_C(0x03F8387F), UINT32_C(0x2E1A7C3C), UINT32_C(0x3200F2D9), ++ UINT32_C(0x16566C22), UINT32_C(0xAAF80A84), UINT32_C(0x2361B14B) } }, ++ { { UINT32_C(0xB5733309), UINT32_C(0xDB1CFFD2), UINT32_C(0x0F9DD939), ++ UINT32_C(0x24BC250B), UINT32_C(0xA3C1DB85), UINT32_C(0xA4181E5A), ++ UINT32_C(0xAC55D391), UINT32_C(0xE5183E51), UINT32_C(0xEFD270D0), ++ UINT32_C(0x2793D5EF), UINT32_C(0xC0631546), UINT32_C(0x7D56F63D) }, ++ { UINT32_C(0x0C1EE59D), UINT32_C(0xECB40A59), UINT32_C(0xBB5BFA2C), ++ UINT32_C(0xE613A9E4), UINT32_C(0x6C5830F9), UINT32_C(0xA89B14AB), ++ UINT32_C(0xA03F201E), UINT32_C(0x4DC477DC), UINT32_C(0xC88C54F6), ++ UINT32_C(0x5604F5DA), UINT32_C(0x2ACFC66E), UINT32_C(0xD49264DC) } }, ++ { { UINT32_C(0x1C4DFA95), UINT32_C(0x283DD7F0), UINT32_C(0x62C0B160), ++ UINT32_C(0xB898CC2C), UINT32_C(0x870282AA), UINT32_C(0xBA08C095), ++ UINT32_C(0xF4E36324), UINT32_C(0xB02B00D8), UINT32_C(0x604CECF2), ++ UINT32_C(0x53AADDC0), UINT32_C(0x84DDD24E), UINT32_C(0xF1F927D3) }, ++ { UINT32_C(0xE2ABC9E1), UINT32_C(0x34BC00A0), UINT32_C(0x60289F88), ++ UINT32_C(0x2DA1227D), UINT32_C(0xCEF68F74), UINT32_C(0x5228EAAA), ++ UINT32_C(0x3C029351), UINT32_C(0x40A790D2), UINT32_C(0x8442E3B7), ++ UINT32_C(0xE0E9AF5C), UINT32_C(0xA9F141E0), UINT32_C(0xA3214142) } }, ++ { { UINT32_C(0xF9A58E3D), UINT32_C(0x72F4949E), UINT32_C(0xA48660A6), ++ UINT32_C(0x738C700B), UINT32_C(0x092A5805), UINT32_C(0x71B04726), ++ UINT32_C(0x0F5CDB72), UINT32_C(0xAD5C3C11), UINT32_C(0x554BFC49), ++ UINT32_C(0xD4951F9E), UINT32_C(0x6131EBE7), UINT32_C(0xEE594EE5) }, ++ { UINT32_C(0x3C1AF0A9), UINT32_C(0x37DA59F3), UINT32_C(0xCB040A63), ++ UINT32_C(0xD7AFC73B), UINT32_C(0x4D89FA65), UINT32_C(0xD020962A), ++ UINT32_C(0x71D824F5), UINT32_C(0x2610C61E), UINT32_C(0x3C050E31), ++ UINT32_C(0x9C917DA7), UINT32_C(0xE6E7EBFB), UINT32_C(0x3840F92F) } }, ++ { { UINT32_C(0x8D8B8CED), UINT32_C(0x50FBD7FE), UINT32_C(0x47D240AE), ++ UINT32_C(0xC7282F75), UINT32_C(0x1930FF73), UINT32_C(0x79646A47), ++ UINT32_C(0x2F7F5A77), UINT32_C(0x2E0BAC4E), UINT32_C(0x26127E0B), ++ UINT32_C(0x0EE44FA5), UINT32_C(0x82BC2AA7), UINT32_C(0x678881B7) }, ++ { UINT32_C(0x67F5F497), UINT32_C(0xB9E5D384), UINT32_C(0xA9B7106B), ++ UINT32_C(0x8F94A7D4), UINT32_C(0x9D329F68), UINT32_C(0xBF7E0B07), ++ UINT32_C(0x45D192FB), UINT32_C(0x169B93EA), UINT32_C(0x20DBE8C0), ++ UINT32_C(0xCCAA9467), UINT32_C(0x938F9574), UINT32_C(0xD4513A50) } }, ++ { { UINT32_C(0x054CB874), UINT32_C(0x841C96B4), UINT32_C(0xA3C26834), ++ UINT32_C(0xD75B1AF1), UINT32_C(0xEE6575F0), UINT32_C(0x7237169D), ++ UINT32_C(0x0322AADC), UINT32_C(0xD71FC7E5), UINT32_C(0x949E3A8E), ++ UINT32_C(0xD7A23F1E), UINT32_C(0xDD31D8C7), UINT32_C(0x77E2D102) }, ++ { UINT32_C(0xD10F5A1F), UINT32_C(0x5AD69D09), UINT32_C(0xB99D9A0B), ++ UINT32_C(0x526C9CB4), UINT32_C(0x972B237D), UINT32_C(0x521BB10B), ++ UINT32_C(0xA326F342), UINT32_C(0x1E4CD42F), UINT32_C(0xF0F126CA), ++ UINT32_C(0x5BB6DB27), UINT32_C(0xA4A515AD), UINT32_C(0x587AF22C) } }, ++ { { UINT32_C(0xB12E542F), UINT32_C(0x1123A531), UINT32_C(0xB9EB2811), ++ UINT32_C(0x1D01A64D), UINT32_C(0xF2D70F87), UINT32_C(0xA4A3515B), ++ UINT32_C(0xB4BD0270), UINT32_C(0xFA205234), UINT32_C(0x5EDA26B9), ++ UINT32_C(0x74B81830), UINT32_C(0x56578E75), UINT32_C(0x9305D6E6) }, ++ { UINT32_C(0x9F11BE19), UINT32_C(0xF38E69DE), UINT32_C(0x44DBE89F), ++ UINT32_C(0x1E2A5C23), UINT32_C(0xFD286654), UINT32_C(0x1077E7BC), ++ UINT32_C(0x0FCA4741), UINT32_C(0xD3669894), UINT32_C(0x278F8497), ++ UINT32_C(0x893BF904), UINT32_C(0xEB3E14F4), UINT32_C(0xD6AC5F83) } }, ++ { { UINT32_C(0x488F5F74), UINT32_C(0x327B9DAB), UINT32_C(0xCAB7364F), ++ UINT32_C(0x2B44F4B8), UINT32_C(0x19B6C6BD), UINT32_C(0xB4A6D22D), ++ UINT32_C(0xFC77CD3E), UINT32_C(0xA087E613), UINT32_C(0xB0B49BC7), ++ UINT32_C(0x4558E327), UINT32_C(0xCD835D35), UINT32_C(0x188805BE) }, ++ { UINT32_C(0xC1DC1007), UINT32_C(0x592F293C), UINT32_C(0x6AF02B44), ++ UINT32_C(0xFAEE660F), UINT32_C(0x904035F2), UINT32_C(0x5BFBB3BF), ++ UINT32_C(0x79C07E70), UINT32_C(0xD7C9AE60), UINT32_C(0x234896C2), ++ UINT32_C(0xC5287DD4), UINT32_C(0xCB0E4121), UINT32_C(0xC4CE4523) } }, ++ { { UINT32_C(0x58344831), UINT32_C(0x3626B406), UINT32_C(0x8E55C984), ++ UINT32_C(0xABCCE356), UINT32_C(0x77241602), UINT32_C(0x495CC81C), ++ UINT32_C(0x6D70DF8F), UINT32_C(0x4FB79676), UINT32_C(0x5B071DCA), ++ UINT32_C(0x6354B37C), UINT32_C(0x8C0FC0AD), UINT32_C(0x2CAD80A4) }, ++ { UINT32_C(0xF68739B4), UINT32_C(0x18AADD51), UINT32_C(0x47F09C6C), ++ UINT32_C(0x1BFBB177), UINT32_C(0xA8FD51C4), UINT32_C(0x9355EA19), ++ UINT32_C(0xEE58DB7B), UINT32_C(0x3D512A84), UINT32_C(0xE9237640), ++ UINT32_C(0x70842AFD), UINT32_C(0xACAF858D), UINT32_C(0x36F515CA) } }, ++ { { UINT32_C(0x7E768B23), UINT32_C(0x3DDEC7C4), UINT32_C(0x036D43ED), ++ UINT32_C(0x97E13C53), UINT32_C(0x3A39AB5F), UINT32_C(0x871E5925), ++ UINT32_C(0x07E68E2B), UINT32_C(0x9AF292DE), UINT32_C(0x4A40112E), ++ UINT32_C(0x41158349), UINT32_C(0x3D4D97E6), UINT32_C(0xCDBB46AF) }, ++ { UINT32_C(0x3C0EBE40), UINT32_C(0x2F891293), UINT32_C(0x3EBAD1E5), ++ UINT32_C(0x696C7EEE), UINT32_C(0x33B50D99), UINT32_C(0x8A5F3B69), ++ UINT32_C(0x7ED47DDE), UINT32_C(0xB7BC4840), UINT32_C(0x1E6706D8), ++ UINT32_C(0x3A6F8E6C), UINT32_C(0x3D84BB8F), UINT32_C(0x6A147943) } }, ++ { { UINT32_C(0x603AE8D1), UINT32_C(0xEC3A9C78), UINT32_C(0x228C29E5), ++ UINT32_C(0xBFE07E37), UINT32_C(0x396DBC2B), UINT32_C(0xB0385C5B), ++ UINT32_C(0xDF85F41F), UINT32_C(0x7C14FE83), UINT32_C(0xADFD463E), ++ UINT32_C(0xE2E64676), UINT32_C(0x8BF9F23D), UINT32_C(0x5BEF10AA) }, ++ { UINT32_C(0xF6BAB6DA), UINT32_C(0xFA83EA0D), UINT32_C(0x966BF7E3), ++ UINT32_C(0xCD0C8BA5), UINT32_C(0x98501C2E), UINT32_C(0xD62216B4), ++ UINT32_C(0xC3E69F2D), UINT32_C(0xB7F298A4), UINT32_C(0x9C8740F4), ++ UINT32_C(0x42CEF13B), UINT32_C(0x0DD64307), UINT32_C(0xBB317E52) } }, ++ { { UINT32_C(0x3FFEE775), UINT32_C(0x22B6245C), UINT32_C(0xB37CE7AA), ++ UINT32_C(0x5C3F60BE), UINT32_C(0xE1FEC0DF), UINT32_C(0xDE195D40), ++ UINT32_C(0xA0A82074), UINT32_C(0x3BFAFBC5), UINT32_C(0xC72CA86A), ++ UINT32_C(0xC36EC86A), UINT32_C(0x13FD43EA), UINT32_C(0x56062851) }, ++ { UINT32_C(0x8E0B03A4), UINT32_C(0x8686BE80), UINT32_C(0xD540D440), ++ UINT32_C(0xC3BD1F93), UINT32_C(0xBF96CEC5), UINT32_C(0x13E4EBC0), ++ UINT32_C(0x9190C844), UINT32_C(0xE8E23984), UINT32_C(0x00844802), ++ UINT32_C(0x183593A6), UINT32_C(0x4D206878), UINT32_C(0x46716879) } }, ++ { { UINT32_C(0xB6F63D19), UINT32_C(0x358F394D), UINT32_C(0x6B052194), ++ UINT32_C(0xA75D4849), UINT32_C(0x5C8D7975), UINT32_C(0x58403590), ++ UINT32_C(0x6CBFBD77), UINT32_C(0x86DC9B6B), UINT32_C(0x647A51E5), ++ UINT32_C(0x2DB04D77), UINT32_C(0xF8950D88), UINT32_C(0x5E9A5B02) }, ++ { UINT32_C(0x017168B0), UINT32_C(0xCE69A7E5), UINT32_C(0xC4843AD3), ++ UINT32_C(0x94630FAC), UINT32_C(0x1EFC44FF), UINT32_C(0xB3B9D736), ++ UINT32_C(0xB14D7F93), UINT32_C(0xE729E9B6), UINT32_C(0xE0ED0ABC), ++ UINT32_C(0xA071FC60), UINT32_C(0x8C8D9B83), UINT32_C(0xFC1A9971) } }, ++ { { UINT32_C(0xD138E975), UINT32_C(0x49686031), UINT32_C(0x5A8EF0D1), ++ UINT32_C(0x64864038), UINT32_C(0xE7F7DE49), UINT32_C(0x32679713), ++ UINT32_C(0x29D1CD1D), UINT32_C(0x59132349), UINT32_C(0x20BE9ED2), ++ UINT32_C(0x849AA23A), UINT32_C(0x284B3F33), UINT32_C(0x15D303E1) }, ++ { UINT32_C(0xB63F9FE9), UINT32_C(0x37309475), UINT32_C(0x45B7256A), ++ UINT32_C(0x327BAC8B), UINT32_C(0xD17FC5D3), UINT32_C(0x291CD227), ++ UINT32_C(0xA973EDF1), UINT32_C(0x8291D8CD), UINT32_C(0x437ABA09), ++ UINT32_C(0xF3843562), UINT32_C(0x271D0785), UINT32_C(0x33FFB704) } }, ++ { { UINT32_C(0x47E11E5E), UINT32_C(0x5248D6E4), UINT32_C(0x269C7ED3), ++ UINT32_C(0x0F66FC3C), UINT32_C(0x903E346E), UINT32_C(0x18C0D2B9), ++ UINT32_C(0x4BEAE1B8), UINT32_C(0xD81D9D97), UINT32_C(0xFC30FDF3), ++ UINT32_C(0x610326B0), UINT32_C(0x19A7DFCD), UINT32_C(0x2B136870) }, ++ { UINT32_C(0xB9527676), UINT32_C(0xEC75F70A), UINT32_C(0x29A3D897), ++ UINT32_C(0x90829F51), UINT32_C(0x97980302), UINT32_C(0x92FE1809), ++ UINT32_C(0x68474991), UINT32_C(0xA3F2498E), UINT32_C(0x0F22BBAD), ++ UINT32_C(0x6A66307B), UINT32_C(0x20378557), UINT32_C(0x32014B91) } }, ++ { { UINT32_C(0x3CD98610), UINT32_C(0x72CD7D55), UINT32_C(0x74504ADF), ++ UINT32_C(0xC3D560B0), UINT32_C(0xCEBB5D5D), UINT32_C(0x23F0A982), ++ UINT32_C(0xB839DDB8), UINT32_C(0x1431C15B), UINT32_C(0xCEB72207), ++ UINT32_C(0x7E207CD8), UINT32_C(0xE7EFB28D), UINT32_C(0x28E0A848) }, ++ { UINT32_C(0x1BD96F6E), UINT32_C(0xD22561FE), UINT32_C(0x62A8236B), ++ UINT32_C(0x04812C18), UINT32_C(0x975491FA), UINT32_C(0xA0BF2334), ++ UINT32_C(0x435DF87F), UINT32_C(0x294F42A6), UINT32_C(0xA5D6F4F6), ++ UINT32_C(0x2772B783), UINT32_C(0x2724F853), UINT32_C(0x348F92ED) } }, ++ }, ++ { ++ { { UINT32_C(0x1A42E5E7), UINT32_C(0xC20FB911), UINT32_C(0x81D12863), ++ UINT32_C(0x075A678B), UINT32_C(0x5CC0AA89), UINT32_C(0x12BCBC6A), ++ UINT32_C(0x4FB9F01E), UINT32_C(0x5279C6AB), UINT32_C(0x11AE1B89), ++ UINT32_C(0xBC8E1789), UINT32_C(0xC290003C), UINT32_C(0xAE74A706) }, ++ { UINT32_C(0x79DF3F45), UINT32_C(0x9949D6EC), UINT32_C(0x96C8D37F), ++ UINT32_C(0xBA18E262), UINT32_C(0xDD2275BF), UINT32_C(0x68DE6EE2), ++ UINT32_C(0xC419F1D5), UINT32_C(0xA9E4FFF8), UINT32_C(0xA52B5A40), ++ UINT32_C(0xBC759CA4), UINT32_C(0x63B0996D), UINT32_C(0xFF18CBD8) } }, ++ { { UINT32_C(0xD7DD47E5), UINT32_C(0x73C57FDE), UINT32_C(0xD49A7F5D), ++ UINT32_C(0xB0FE5479), UINT32_C(0xCFB9821E), UINT32_C(0xD25C71F1), ++ UINT32_C(0xCF6A1D68), UINT32_C(0x9427E209), UINT32_C(0xACD24E64), ++ UINT32_C(0xBF3C3916), UINT32_C(0xBDA7B8B5), UINT32_C(0x7E9F5583) }, ++ { UINT32_C(0xCF971E11), UINT32_C(0xE7C5F7C8), UINT32_C(0x3C7F035E), ++ UINT32_C(0xEC16D5D7), UINT32_C(0xE66B277C), UINT32_C(0x818DC472), ++ UINT32_C(0xB2816F1E), UINT32_C(0x4413FD47), UINT32_C(0x48383C6D), ++ UINT32_C(0x40F262AF), UINT32_C(0x4F190537), UINT32_C(0xFB057584) } }, ++ { { UINT32_C(0x08962F6B), UINT32_C(0x487EDC07), UINT32_C(0x190A7E55), ++ UINT32_C(0x6002F1E7), UINT32_C(0x10FDBA0C), UINT32_C(0x7FC62BEA), ++ UINT32_C(0x2C3DBF33), UINT32_C(0xC836BBC5), UINT32_C(0x4F7D2A46), ++ UINT32_C(0x4FDFB5C3), UINT32_C(0xDCA0DF71), UINT32_C(0x824654DE) }, ++ { UINT32_C(0x0C23902B), UINT32_C(0x30A07676), UINT32_C(0x77FBBF37), ++ UINT32_C(0x7F1EBB93), UINT32_C(0xFACC13DB), UINT32_C(0xD307D49D), ++ UINT32_C(0xAE1A261A), UINT32_C(0x148D673A), UINT32_C(0x52D98650), ++ UINT32_C(0xE008F95B), UINT32_C(0x9F558FDE), UINT32_C(0xC7614440) } }, ++ { { UINT32_C(0x9CB16650), UINT32_C(0x17CD6AF6), UINT32_C(0x69F4EEBE), ++ UINT32_C(0x86CC27C1), UINT32_C(0x78822432), UINT32_C(0x7E495B1D), ++ UINT32_C(0x1B974525), UINT32_C(0xFED338E3), UINT32_C(0x86F3CE21), ++ UINT32_C(0x527743D3), UINT32_C(0xB515C896), UINT32_C(0x87948AD3) }, ++ { UINT32_C(0xB17F2FB8), UINT32_C(0x9FDE7039), UINT32_C(0xD9B89D96), ++ UINT32_C(0xA2FA9A5F), UINT32_C(0x36FF74DC), UINT32_C(0x5D46600B), ++ UINT32_C(0x8302C3C9), UINT32_C(0x8EA74B04), UINT32_C(0xF744B5EB), ++ UINT32_C(0xD560F570), UINT32_C(0xFE762402), UINT32_C(0xC921023B) } }, ++ { { UINT32_C(0xFFF4C8ED), UINT32_C(0xA35AB657), UINT32_C(0x8A5FABD7), ++ UINT32_C(0x017C6124), UINT32_C(0x09ACDA28), UINT32_C(0x56463025), ++ UINT32_C(0x14CF238A), UINT32_C(0x6038D361), UINT32_C(0xAF1B9F07), ++ UINT32_C(0x1428B1B6), UINT32_C(0x7482E95C), UINT32_C(0x5827FF44) }, ++ { UINT32_C(0x780FF362), UINT32_C(0xCB997E18), UINT32_C(0xE0BCAC1E), ++ UINT32_C(0x2B89D702), UINT32_C(0xA837DDC8), UINT32_C(0xC632A0B5), ++ UINT32_C(0x59762647), UINT32_C(0xF3EFCF1F), UINT32_C(0x38B0D60A), ++ UINT32_C(0xE9BA309A), UINT32_C(0x20B5FB37), UINT32_C(0x05DEABDD) } }, ++ { { UINT32_C(0xCB8AF047), UINT32_C(0xD44E5DBA), UINT32_C(0x943CFE82), ++ UINT32_C(0x15400CB4), UINT32_C(0x9DF88B67), UINT32_C(0xDBD69575), ++ UINT32_C(0xB2405A7D), UINT32_C(0x8299DB2B), UINT32_C(0x0B1D80CD), ++ UINT32_C(0x46E3BF77), UINT32_C(0xE82BA3D9), UINT32_C(0xC50CF66C) }, ++ { UINT32_C(0xF2F747A9), UINT32_C(0xB2910A07), UINT32_C(0x5ADC89C1), ++ UINT32_C(0xF6B669DB), UINT32_C(0x9052B081), UINT32_C(0x3B5EF1A0), ++ UINT32_C(0xB594ACE2), UINT32_C(0x0F5D5ED3), UINT32_C(0xD5F01320), ++ UINT32_C(0xDA30B8D5), UINT32_C(0xAAFCD58F), UINT32_C(0x0D688C5E) } }, ++ { { UINT32_C(0x2A161074), UINT32_C(0x5EEE3A31), UINT32_C(0xEFE2BE37), ++ UINT32_C(0x6BAAAE56), UINT32_C(0xE3D78698), UINT32_C(0xF9787F61), ++ UINT32_C(0x50630A30), UINT32_C(0xC6836B26), UINT32_C(0x1445DEF1), ++ UINT32_C(0x7445B85D), UINT32_C(0xD568A6A5), UINT32_C(0xD72016A2) }, ++ { UINT32_C(0xE355614F), UINT32_C(0x9DD6F533), UINT32_C(0x91E04588), ++ UINT32_C(0x637E7E5F), UINT32_C(0xB9FB1391), UINT32_C(0x42E142F3), ++ UINT32_C(0x41AFE5DA), UINT32_C(0x0D07C05C), UINT32_C(0x1394EDF1), ++ UINT32_C(0xD7CD25C8), UINT32_C(0xB99288EE), UINT32_C(0xEBE6A0FC) } }, ++ { { UINT32_C(0xBABBAD86), UINT32_C(0xB8E63B7B), UINT32_C(0x90D66766), ++ UINT32_C(0x63226A9F), UINT32_C(0x5CF26666), UINT32_C(0x26381836), ++ UINT32_C(0x4CADD0BF), UINT32_C(0xCCBD142D), UINT32_C(0x9AC29470), ++ UINT32_C(0xA070965E), UINT32_C(0x25FF23ED), UINT32_C(0x6BDCA260) }, ++ { UINT32_C(0x87DCA7B3), UINT32_C(0xD4E00FD4), UINT32_C(0x9E0E8734), ++ UINT32_C(0xA5097833), UINT32_C(0x048173A4), UINT32_C(0xF73F162E), ++ UINT32_C(0x9C3C2FA2), UINT32_C(0xD23F9196), UINT32_C(0xE4AC397A), ++ UINT32_C(0x9AB98B45), UINT32_C(0x543F2D4B), UINT32_C(0x2BAA0300) } }, ++ { { UINT32_C(0xC658C445), UINT32_C(0xBBBE15E7), UINT32_C(0xC28941D1), ++ UINT32_C(0xB8CBCB20), UINT32_C(0x027D6540), UINT32_C(0x65549BE2), ++ UINT32_C(0x1E8EF4F4), UINT32_C(0xEBBCA802), UINT32_C(0xD2ACA397), ++ UINT32_C(0x18214B4B), UINT32_C(0xE31784A3), UINT32_C(0xCBEC7DE2) }, ++ { UINT32_C(0x0116FDF3), UINT32_C(0x96F0533F), UINT32_C(0x5C8F5EE1), ++ UINT32_C(0x68911C90), UINT32_C(0xD568603A), UINT32_C(0x7DE9A3AE), ++ UINT32_C(0x6A3AD7B7), UINT32_C(0x3F56C52C), UINT32_C(0x670B4D0E), ++ UINT32_C(0x5BE9AFCA), UINT32_C(0x375DFE2F), UINT32_C(0x628BFEEE) } }, ++ { { UINT32_C(0xDD4ADDB3), UINT32_C(0x97DAE81B), UINT32_C(0x8704761B), ++ UINT32_C(0x12D2CF4E), UINT32_C(0x3247788D), UINT32_C(0x5E820B40), ++ UINT32_C(0x0051CA80), UINT32_C(0x82234B62), UINT32_C(0x6CB5EA74), ++ UINT32_C(0x0C62704D), UINT32_C(0x23941593), UINT32_C(0xDE560420) }, ++ { UINT32_C(0xF1B04145), UINT32_C(0xB3912A3C), UINT32_C(0xAF93688D), ++ UINT32_C(0xE3967CD7), UINT32_C(0x58DABB4B), UINT32_C(0x2E2DCD2F), ++ UINT32_C(0x0E303911), UINT32_C(0x6564836F), UINT32_C(0xECE07C5C), ++ UINT32_C(0x1F10F19B), UINT32_C(0xD8919126), UINT32_C(0xB47F07EE) } }, ++ { { UINT32_C(0xE9A2EEC9), UINT32_C(0xE3545085), UINT32_C(0x2C8E51FE), ++ UINT32_C(0x81866A97), UINT32_C(0x50027243), UINT32_C(0xD2BA7DB5), ++ UINT32_C(0x4AE87DE4), UINT32_C(0x29DAEAB5), UINT32_C(0x684F9497), ++ UINT32_C(0x5EF3D4B8), UINT32_C(0x9D5D6873), UINT32_C(0xE2DACE3B) }, ++ { UINT32_C(0xFFD29C9C), UINT32_C(0xF012C951), UINT32_C(0xADBADA14), ++ UINT32_C(0x48289445), UINT32_C(0x89558C49), UINT32_C(0x8751F50D), ++ UINT32_C(0x99E35BEE), UINT32_C(0x75511A4F), UINT32_C(0x7D59AA5F), ++ UINT32_C(0xEF802D6E), UINT32_C(0xA2A795E2), UINT32_C(0x14FCAD65) } }, ++ { { UINT32_C(0x08CB8F2C), UINT32_C(0xC8EB00E8), UINT32_C(0x2B45BD86), ++ UINT32_C(0x68607532), UINT32_C(0x59969713), UINT32_C(0x7A29B459), ++ UINT32_C(0xD684201B), UINT32_C(0x5FA15B9B), UINT32_C(0xB9E538EE), ++ UINT32_C(0x1A853190), UINT32_C(0xD573D043), UINT32_C(0x4150605C) }, ++ { UINT32_C(0xEB9FBB68), UINT32_C(0xEF011D3B), UINT32_C(0x66AE32B6), ++ UINT32_C(0x67279982), UINT32_C(0x445DE5EC), UINT32_C(0x861B86EA), ++ UINT32_C(0xA34A50E1), UINT32_C(0x62837D18), UINT32_C(0xBF5F0663), ++ UINT32_C(0x228C006A), UINT32_C(0x396DB36A), UINT32_C(0xE007FDE7) } }, ++ { { UINT32_C(0x5A916A55), UINT32_C(0xDEE4F881), UINT32_C(0xF39C82CB), ++ UINT32_C(0x20DC0370), UINT32_C(0x40F09821), UINT32_C(0xD9A71615), ++ UINT32_C(0xF7273492), UINT32_C(0xD50AD8BF), UINT32_C(0x32E7C4BF), ++ UINT32_C(0xA06F7D12), UINT32_C(0x4C5CEA36), UINT32_C(0xFA0F6154) }, ++ { UINT32_C(0x5FC49CFE), UINT32_C(0xF4FD9BED), UINT32_C(0xC9291678), ++ UINT32_C(0xD8CB45D1), UINT32_C(0x7B92C9F2), UINT32_C(0x94DB86CC), ++ UINT32_C(0x73C81169), UINT32_C(0x09CA5F38), UINT32_C(0xAEED06F0), ++ UINT32_C(0x109F40B0), UINT32_C(0x14DCAA0A), UINT32_C(0x9F0360B2) } }, ++ { { UINT32_C(0xE12AD3E7), UINT32_C(0x4189B70D), UINT32_C(0x10B06607), ++ UINT32_C(0x5208ADB2), UINT32_C(0xEE8497FA), UINT32_C(0xEBD8E2A2), ++ UINT32_C(0xE04F2ECB), UINT32_C(0x61B1BD67), UINT32_C(0x4F3F5F99), ++ UINT32_C(0x0E2DDA72), UINT32_C(0xF747B16D), UINT32_C(0xD5D96740) }, ++ { UINT32_C(0xA6BF397F), UINT32_C(0x308A48F6), UINT32_C(0x23A93595), ++ UINT32_C(0x7021C3E5), UINT32_C(0x36470AA0), UINT32_C(0xF10B0229), ++ UINT32_C(0x4E03295B), UINT32_C(0x7761E8EC), UINT32_C(0x07339770), ++ UINT32_C(0x16EFEF58), UINT32_C(0x5DA5DAA2), UINT32_C(0x0D55D2DD) } }, ++ { { UINT32_C(0x8A22F87A), UINT32_C(0x915EA6A3), UINT32_C(0x2E5A088E), ++ UINT32_C(0x191151C1), UINT32_C(0x7F1D5CBE), UINT32_C(0x190252F1), ++ UINT32_C(0x3B0EC99B), UINT32_C(0xE43F59C3), UINT32_C(0xFF2A6135), ++ UINT32_C(0xBE8588D4), UINT32_C(0x2ECB4B9F), UINT32_C(0x103877CC) }, ++ { UINT32_C(0x023CF92B), UINT32_C(0x8F4147E5), UINT32_C(0x0CC2085B), ++ UINT32_C(0xC24384CC), UINT32_C(0xD082D311), UINT32_C(0x6A2DB4A2), ++ UINT32_C(0xED7BA9AE), UINT32_C(0x06283811), UINT32_C(0x2A8E1592), ++ UINT32_C(0xE9A3F532), UINT32_C(0x5A59E894), UINT32_C(0xAC20F0F4) } }, ++ { { UINT32_C(0x74AAB4B1), UINT32_C(0x788CAA52), UINT32_C(0x2FEAFC7E), ++ UINT32_C(0xEB84ABA1), UINT32_C(0xAC04FF77), UINT32_C(0x31DA71DA), ++ UINT32_C(0x24E4D0BF), UINT32_C(0x39D12EB9), UINT32_C(0x87A34EF8), ++ UINT32_C(0x4F2F292F), UINT32_C(0xA237A8ED), UINT32_C(0x9B324372) }, ++ { UINT32_C(0x2EE3A82D), UINT32_C(0xBB2D04B1), UINT32_C(0xD18D36B2), ++ UINT32_C(0xED4FF367), UINT32_C(0xA6EA0138), UINT32_C(0x99D231EE), ++ UINT32_C(0x4F92E04A), UINT32_C(0x7C2D4F06), UINT32_C(0xCA272FD0), ++ UINT32_C(0x78A82AB2), UINT32_C(0xAB8CDC32), UINT32_C(0x7EC41340) } }, ++ }, ++ { ++ { { UINT32_C(0xD2E15A8C), UINT32_C(0xD23658C8), UINT32_C(0x16BA28CA), ++ UINT32_C(0x23F93DF7), UINT32_C(0x082210F1), UINT32_C(0x6DAB10EC), ++ UINT32_C(0xBFC36490), UINT32_C(0xFB1ADD91), UINT32_C(0x9A4F2D14), ++ UINT32_C(0xEDA8B02F), UINT32_C(0x56560443), UINT32_C(0x9060318C) }, ++ { UINT32_C(0x64711AB2), UINT32_C(0x6C01479E), UINT32_C(0xE337EB85), ++ UINT32_C(0x41446FC7), UINT32_C(0x71888397), UINT32_C(0x4DCF3C1D), ++ UINT32_C(0x13C34FD2), UINT32_C(0x87A9C04E), UINT32_C(0x510C15AC), ++ UINT32_C(0xFE0E08EC), UINT32_C(0xC0F495D2), UINT32_C(0xFC0D0413) } }, ++ { { UINT32_C(0x156636C2), UINT32_C(0xEB05C516), UINT32_C(0x090E93FC), ++ UINT32_C(0x2F613ABA), UINT32_C(0x489576F5), UINT32_C(0xCFD573CD), ++ UINT32_C(0x535A8D57), UINT32_C(0xE6535380), UINT32_C(0x671436C4), ++ UINT32_C(0x13947314), UINT32_C(0x5F0A122D), UINT32_C(0x1172FB0C) }, ++ { UINT32_C(0xC12F58F6), UINT32_C(0xAECC7EC1), UINT32_C(0x8E41AFD2), ++ UINT32_C(0xFE42F957), UINT32_C(0x3D4221AA), UINT32_C(0xDF96F652), ++ UINT32_C(0x2851996B), UINT32_C(0xFEF5649F), UINT32_C(0xD5CFB67E), ++ UINT32_C(0x46FB9F26), UINT32_C(0xEF5C4052), UINT32_C(0xB047BFC7) } }, ++ { { UINT32_C(0xF4484374), UINT32_C(0x5CBDC442), UINT32_C(0xF92452EF), ++ UINT32_C(0x6B156957), UINT32_C(0xC118D02A), UINT32_C(0x58A26886), ++ UINT32_C(0x75AAF276), UINT32_C(0x87FF74E6), UINT32_C(0xF65F6EC1), ++ UINT32_C(0xB133BE95), UINT32_C(0x4B1B8D32), UINT32_C(0xA89B6284) }, ++ { UINT32_C(0x09C81004), UINT32_C(0xDD8A8EF3), UINT32_C(0x0CF21991), ++ UINT32_C(0x7F8225DB), UINT32_C(0x26623FAF), UINT32_C(0xD525A6DB), ++ UINT32_C(0xBAE15453), UINT32_C(0xF2368D40), UINT32_C(0x84F89FC9), ++ UINT32_C(0x55D6A84D), UINT32_C(0x86021A3E), UINT32_C(0xAF38358A) } }, ++ { { UINT32_C(0xFF52E280), UINT32_C(0xBD048BDC), UINT32_C(0x526A1795), ++ UINT32_C(0x8A51D0B2), UINT32_C(0xA985AC0F), UINT32_C(0x40AAA758), ++ UINT32_C(0xF2C7ACE9), UINT32_C(0x6039BCDC), UINT32_C(0x6AEC347D), ++ UINT32_C(0x712092CC), UINT32_C(0x6B5ACAB7), UINT32_C(0x7976D090) }, ++ { UINT32_C(0x6EED9617), UINT32_C(0x1EBCF80D), UINT32_C(0xB0F404A4), ++ UINT32_C(0xB3A63149), UINT32_C(0xD0B610EF), UINT32_C(0x3FDD3D1A), ++ UINT32_C(0x98C28AC7), UINT32_C(0xDD3F6F94), UINT32_C(0x3A59750F), ++ UINT32_C(0x650B7794), UINT32_C(0x2D3991AC), UINT32_C(0xEC59BAB1) } }, ++ { { UINT32_C(0x2E552766), UINT32_C(0x01F40E88), UINT32_C(0x66F5354F), ++ UINT32_C(0x1FE3D509), UINT32_C(0xB3A8EA7F), UINT32_C(0x0E46D006), ++ UINT32_C(0xF831CD6A), UINT32_C(0xF75AB629), UINT32_C(0x91465119), ++ UINT32_C(0xDAD808D7), UINT32_C(0x17EF9B10), UINT32_C(0x442405AF) }, ++ { UINT32_C(0x672BDFCB), UINT32_C(0xD5FE0A96), UINT32_C(0x355DBDEC), ++ UINT32_C(0xA9DFA422), UINT32_C(0x79B25636), UINT32_C(0xFDB79AA1), ++ UINT32_C(0xEECE8AEC), UINT32_C(0xE7F26FFD), UINT32_C(0x7EDD5AA2), ++ UINT32_C(0xB5925550), UINT32_C(0x8EB3A6C2), UINT32_C(0x2C8F6FF0) } }, ++ { { UINT32_C(0x757D6136), UINT32_C(0x88887756), UINT32_C(0x88B92E72), ++ UINT32_C(0xAD9AC183), UINT32_C(0x8785D3EB), UINT32_C(0x92CB2FC4), ++ UINT32_C(0x9319764B), UINT32_C(0xD1A542FE), UINT32_C(0x626A62F8), ++ UINT32_C(0xAF4CC78F), UINT32_C(0x26BFFAAE), UINT32_C(0x7F3F5FC9) }, ++ { UINT32_C(0x40AE2231), UINT32_C(0x0A203D43), UINT32_C(0x387898E8), ++ UINT32_C(0xA8BFD9E0), UINT32_C(0x474B7DDD), UINT32_C(0x1A0C379C), ++ UINT32_C(0x34FD49EA), UINT32_C(0x03855E0A), UINT32_C(0xB3EF4AE1), ++ UINT32_C(0x02B26223), UINT32_C(0xE399E0A3), UINT32_C(0x804BD8CF) } }, ++ { { UINT32_C(0xDE865713), UINT32_C(0x11A9F3D0), UINT32_C(0xBDE98821), ++ UINT32_C(0x81E36B6B), UINT32_C(0x6AA891D0), UINT32_C(0x324996C8), ++ UINT32_C(0x395682B5), UINT32_C(0x7B95BDC1), UINT32_C(0xC1600563), ++ UINT32_C(0x47BF2219), UINT32_C(0x643E38B4), UINT32_C(0x7A473F50) }, ++ { UINT32_C(0xF5738288), UINT32_C(0x0911F50A), UINT32_C(0x6F9C415B), ++ UINT32_C(0xDF947A70), UINT32_C(0x67A067F6), UINT32_C(0xBDB994F2), ++ UINT32_C(0x88BE96CD), UINT32_C(0x3F4BEC1B), UINT32_C(0xE56DD6D9), ++ UINT32_C(0x9820E931), UINT32_C(0x0A80F419), UINT32_C(0xB138F14F) } }, ++ { { UINT32_C(0x0429077A), UINT32_C(0xA11A1A8F), UINT32_C(0x10351C68), ++ UINT32_C(0x2BB1E33D), UINT32_C(0x89459A27), UINT32_C(0x3C25ABFE), ++ UINT32_C(0x6B8AC774), UINT32_C(0x2D0091B8), UINT32_C(0x3B2415D9), ++ UINT32_C(0xDAFC7853), UINT32_C(0x9201680D), UINT32_C(0xDE713CF1) }, ++ { UINT32_C(0x68889D57), UINT32_C(0x8E5F445D), UINT32_C(0x60EABF5B), ++ UINT32_C(0x608B209C), UINT32_C(0xF9CFA408), UINT32_C(0x10EC0ACC), ++ UINT32_C(0x4D1EE754), UINT32_C(0xD5256B9D), UINT32_C(0x0AA6C18D), ++ UINT32_C(0xFF866BAB), UINT32_C(0xACB90A45), UINT32_C(0x9D196DB8) } }, ++ { { UINT32_C(0xB9B081B2), UINT32_C(0xA46D76A9), UINT32_C(0x62163C25), ++ UINT32_C(0xFC743A10), UINT32_C(0x7761C392), UINT32_C(0xCD2A5C8D), ++ UINT32_C(0xBE808583), UINT32_C(0x39BDDE0B), UINT32_C(0xB98E4DFE), ++ UINT32_C(0x7C416021), UINT32_C(0x65913A44), UINT32_C(0xF930E563) }, ++ { UINT32_C(0x7585CF3C), UINT32_C(0xC3555F7E), UINT32_C(0x3D6333D5), ++ UINT32_C(0xC737E383), UINT32_C(0xB430B03D), UINT32_C(0x5B60DBA4), ++ UINT32_C(0xE7555404), UINT32_C(0x42B715EB), UINT32_C(0x7C7796E3), ++ UINT32_C(0x571BDF5B), UINT32_C(0x6DB6331F), UINT32_C(0x33DC62C6) } }, ++ { { UINT32_C(0xE61DEE59), UINT32_C(0x3FB9CCB0), UINT32_C(0x18B14DB9), ++ UINT32_C(0xC5185F23), UINT32_C(0x845EF36C), UINT32_C(0x1B2ADC4F), ++ UINT32_C(0x5C1A33AB), UINT32_C(0x195D5B50), UINT32_C(0x421F59D2), ++ UINT32_C(0x8CEA528E), UINT32_C(0xD2931CEA), UINT32_C(0x7DFCCECF) }, ++ { UINT32_C(0x8CF7E3F7), UINT32_C(0x51FFA1D5), UINT32_C(0xBDC9FB43), ++ UINT32_C(0xF01B7886), UINT32_C(0x261A0D35), UINT32_C(0xD65AB610), ++ UINT32_C(0x7574A554), UINT32_C(0x84BCBAFD), UINT32_C(0xFAD70208), ++ UINT32_C(0x4B119956), UINT32_C(0x4FAB5243), UINT32_C(0xDDC329C2) } }, ++ { { UINT32_C(0x9CE92177), UINT32_C(0x1A08AA57), UINT32_C(0xDC2B5C36), ++ UINT32_C(0x3395E557), UINT32_C(0x394ED04E), UINT32_C(0xFDFE7041), ++ UINT32_C(0xC6DFCDDE), UINT32_C(0xB797EB24), UINT32_C(0xCB9DE5D6), ++ UINT32_C(0x284A6B2A), UINT32_C(0x07222765), UINT32_C(0xE0BD95C8) }, ++ { UINT32_C(0x9FE678A7), UINT32_C(0x114A951B), UINT32_C(0x9E4954EC), ++ UINT32_C(0xE7ECD0BD), UINT32_C(0x79F0B8A9), UINT32_C(0x7D4096FE), ++ UINT32_C(0x09724FE2), UINT32_C(0xBDB26E9A), UINT32_C(0xF787AF95), ++ UINT32_C(0x08741AD8), UINT32_C(0x24045AD8), UINT32_C(0x2BF97272) } }, ++ { { UINT32_C(0xA9451D57), UINT32_C(0xAB1FEDD9), UINT32_C(0x483E38C9), ++ UINT32_C(0xDF4D91DF), UINT32_C(0x24E9CF8E), UINT32_C(0x2D54D311), ++ UINT32_C(0x7A22EEB6), UINT32_C(0x9C2A5AF8), UINT32_C(0x0A43F123), ++ UINT32_C(0xBD9861EF), UINT32_C(0x38A18B7B), UINT32_C(0x581EA6A2) }, ++ { UINT32_C(0x296470A3), UINT32_C(0xAF339C85), UINT32_C(0xAFD8203E), ++ UINT32_C(0xF9603FCD), UINT32_C(0x96763C28), UINT32_C(0x95D05350), ++ UINT32_C(0x860EC831), UINT32_C(0x15445C16), UINT32_C(0x6867A323), ++ UINT32_C(0x2AFB8728), UINT32_C(0x0C4838BF), UINT32_C(0x4B152D6D) } }, ++ { { UINT32_C(0x837CACBA), UINT32_C(0x45BA0E4F), UINT32_C(0xC0725275), ++ UINT32_C(0x7ADB38AE), UINT32_C(0x942D3C28), UINT32_C(0x19C82831), ++ UINT32_C(0x6D0FE7DD), UINT32_C(0x94F4731D), UINT32_C(0x4898F1E6), ++ UINT32_C(0xC3C07E13), UINT32_C(0xED410B51), UINT32_C(0x76350EAC) }, ++ { UINT32_C(0xF99AACFC), UINT32_C(0x0FA8BECA), UINT32_C(0x65FAF9CF), ++ UINT32_C(0x2834D86F), UINT32_C(0x6F3866AF), UINT32_C(0x8E62846A), ++ UINT32_C(0x3DFD6A2B), UINT32_C(0xDAA9BD4F), UINT32_C(0xA6132655), ++ UINT32_C(0xC27115BB), UINT32_C(0xBD5A32C2), UINT32_C(0x83972DF7) } }, ++ { { UINT32_C(0xD513B825), UINT32_C(0xA330CB5B), UINT32_C(0xEE37BEC3), ++ UINT32_C(0xAE18B2D3), UINT32_C(0xF780A902), UINT32_C(0xFC3AB80A), ++ UINT32_C(0xD607DDF1), UINT32_C(0xD7835BE2), UINT32_C(0x5B6E4C2B), ++ UINT32_C(0x8120F767), UINT32_C(0x67E78CCB), UINT32_C(0xAA8C3859) }, ++ { UINT32_C(0xAA0ED321), UINT32_C(0xA8DA8CE2), UINT32_C(0xD766341A), ++ UINT32_C(0xCB8846FD), UINT32_C(0x33DC9D9A), UINT32_C(0xF2A342EE), ++ UINT32_C(0xD0A18A80), UINT32_C(0xA519E0BE), UINT32_C(0xAF48DF4C), ++ UINT32_C(0x9CDAA39C), UINT32_C(0x7E0C19EE), UINT32_C(0xA4B500CA) } }, ++ { { UINT32_C(0x8217001B), UINT32_C(0x83A7FD2F), UINT32_C(0x4296A8BA), ++ UINT32_C(0x4F6FCF06), UINT32_C(0x91619927), UINT32_C(0x7D748643), ++ UINT32_C(0x941E4D41), UINT32_C(0x174C1075), UINT32_C(0xA64F5A6C), ++ UINT32_C(0x037EDEBD), UINT32_C(0x6E29DC56), UINT32_C(0xCF64DB3A) }, ++ { UINT32_C(0x37C0B9F4), UINT32_C(0x150B3ACE), UINT32_C(0x7168178B), ++ UINT32_C(0x1323234A), UINT32_C(0xEF4D1879), UINT32_C(0x1CE47014), ++ UINT32_C(0x17FB4D5C), UINT32_C(0xA22E3742), UINT32_C(0xD985F794), ++ UINT32_C(0x69B81822), UINT32_C(0x081D7214), UINT32_C(0x199C21C4) } }, ++ { { UINT32_C(0x8F04B4D2), UINT32_C(0x160BC7A1), UINT32_C(0xB10DE174), ++ UINT32_C(0x79CA81DD), UINT32_C(0x2DA1E9C7), UINT32_C(0xE2A280B0), ++ UINT32_C(0x1D6A0A29), UINT32_C(0xB4F6BD99), UINT32_C(0x1C5B8F27), ++ UINT32_C(0x57CF3EDD), UINT32_C(0x158C2FD4), UINT32_C(0x7E34FC57) }, ++ { UINT32_C(0xCAC93459), UINT32_C(0x828CFD89), UINT32_C(0xB7AF499F), ++ UINT32_C(0x9E631B6F), UINT32_C(0xDA26C135), UINT32_C(0xF4DC8BC0), ++ UINT32_C(0x37186735), UINT32_C(0x6128ED39), UINT32_C(0x67BF0BA5), ++ UINT32_C(0xBB45538B), UINT32_C(0x0064A3AB), UINT32_C(0x1ADDD4C1) } }, ++ }, ++ { ++ { { UINT32_C(0xDD14D47E), UINT32_C(0xC32730E8), UINT32_C(0xC0F01E0F), ++ UINT32_C(0xCDC1FD42), UINT32_C(0x3F5CD846), UINT32_C(0x2BACFDBF), ++ UINT32_C(0x7272D4DD), UINT32_C(0x45F36416), UINT32_C(0x5EB75776), ++ UINT32_C(0xDD813A79), UINT32_C(0x50997BE2), UINT32_C(0xB57885E4) }, ++ { UINT32_C(0xDB8C9829), UINT32_C(0xDA054E2B), UINT32_C(0xAAB5A594), ++ UINT32_C(0x4161D820), UINT32_C(0x026116A3), UINT32_C(0x4C428F31), ++ UINT32_C(0xDCD85E91), UINT32_C(0x372AF9A0), UINT32_C(0x673ADC2D), ++ UINT32_C(0xFDA6E903), UINT32_C(0xA8DB59E6), UINT32_C(0x4526B8AC) } }, ++ { { UINT32_C(0xE23A8472), UINT32_C(0x68FE359D), UINT32_C(0x4CE3C101), ++ UINT32_C(0x43EB12BD), UINT32_C(0xFC704935), UINT32_C(0x0EC652C3), ++ UINT32_C(0x52E4E22D), UINT32_C(0x1EEFF1F9), UINT32_C(0x083E3ADA), ++ UINT32_C(0xBA6777CB), UINT32_C(0x8BEFC871), UINT32_C(0xAB52D7DC) }, ++ { UINT32_C(0x497CBD59), UINT32_C(0x4EDE689F), UINT32_C(0x27577DD9), ++ UINT32_C(0xC8AE42B9), UINT32_C(0x7AB83C27), UINT32_C(0xE0F08051), ++ UINT32_C(0x2C8C1F48), UINT32_C(0x1F3D5F25), UINT32_C(0xAF241AAC), ++ UINT32_C(0x57991607), UINT32_C(0xB8A337E0), UINT32_C(0xC4458B0A) } }, ++ { { UINT32_C(0x51DD1BA9), UINT32_C(0x3DBB3FA6), UINT32_C(0x545E960B), ++ UINT32_C(0xE53C1C4D), UINT32_C(0x793CE803), UINT32_C(0x35AC6574), ++ UINT32_C(0x83DBCE4F), UINT32_C(0xB2697DC7), UINT32_C(0xE13CF6B0), ++ UINT32_C(0xE35C5BF2), UINT32_C(0xB0C4A164), UINT32_C(0x35034280) }, ++ { UINT32_C(0xD9C0D3C1), UINT32_C(0xAA490908), UINT32_C(0xCB4D2E90), ++ UINT32_C(0x2CCE614D), UINT32_C(0x54D504E4), UINT32_C(0xF646E96C), ++ UINT32_C(0xB73310A3), UINT32_C(0xD74E7541), UINT32_C(0x18BDE5DA), ++ UINT32_C(0xEAD71596), UINT32_C(0xAA09AEF7), UINT32_C(0x96E7F4A8) } }, ++ { { UINT32_C(0x5D6E5F48), UINT32_C(0xA8393A24), UINT32_C(0xF9175CE8), ++ UINT32_C(0x2C8D7EA2), UINT32_C(0x55A20268), UINT32_C(0xD8824E02), ++ UINT32_C(0xA446BCC6), UINT32_C(0x9DD9A272), UINT32_C(0x5351499B), ++ UINT32_C(0xC929CDED), UINT32_C(0xCFE76535), UINT32_C(0xEA5AD9EC) }, ++ { UINT32_C(0xDC32D001), UINT32_C(0x26F3D7D9), UINT32_C(0x43EB9689), ++ UINT32_C(0x51C3BE83), UINT32_C(0x759E6DDB), UINT32_C(0x91FDCC06), ++ UINT32_C(0xE302B891), UINT32_C(0xAC2E1904), UINT32_C(0xC207E1F7), ++ UINT32_C(0xAD25C645), UINT32_C(0xAB3DEB4A), UINT32_C(0x28A70F0D) } }, ++ { { UINT32_C(0x03BEA8F1), UINT32_C(0x922D7F97), UINT32_C(0x584570BE), ++ UINT32_C(0x3AD820D4), UINT32_C(0x3CD46B43), UINT32_C(0x0CE0A850), ++ UINT32_C(0xAE66743D), UINT32_C(0x4C07911F), UINT32_C(0xFDA60023), ++ UINT32_C(0x66519EB9), UINT32_C(0xEC2ACD9C), UINT32_C(0x7F83004B) }, ++ { UINT32_C(0xC3117EAD), UINT32_C(0x001E0B80), UINT32_C(0x0722BA25), ++ UINT32_C(0xBB72D541), UINT32_C(0x6E9A5078), UINT32_C(0x3AF7DB96), ++ UINT32_C(0x701B6B4C), UINT32_C(0x86C5774E), UINT32_C(0x37824DB5), ++ UINT32_C(0xBD2C0E8E), UINT32_C(0xBFAC286D), UINT32_C(0x3AE3028C) } }, ++ { { UINT32_C(0xA33E071B), UINT32_C(0x83D4D4A8), UINT32_C(0x61444BB5), ++ UINT32_C(0x881C0A92), UINT32_C(0x520E3BC3), UINT32_C(0xEEA1E292), ++ UINT32_C(0x2AAAB729), UINT32_C(0x5A5F4C3C), UINT32_C(0xE63C7C94), ++ UINT32_C(0x0B766C5E), UINT32_C(0xBB2CC79C), UINT32_C(0x62BB8A9F) }, ++ { UINT32_C(0xAA5DC49D), UINT32_C(0x97ADC7D2), UINT32_C(0x31718681), ++ UINT32_C(0x30CC26B3), UINT32_C(0x56E86EDE), UINT32_C(0xAC86E6FF), ++ UINT32_C(0xCD52F7F2), UINT32_C(0x37BCA7A2), UINT32_C(0x9CE6D87F), ++ UINT32_C(0x734D2C94), UINT32_C(0xC2F7E0CA), UINT32_C(0x06A71D71) } }, ++ { { UINT32_C(0xC6357D33), UINT32_C(0x559DCF75), UINT32_C(0x652517DE), ++ UINT32_C(0x4616D940), UINT32_C(0x1CCF207B), UINT32_C(0x3D576B98), ++ UINT32_C(0x1979F631), UINT32_C(0x51E2D1EF), UINT32_C(0x06AE8296), ++ UINT32_C(0x57517DDD), UINT32_C(0xD6E7151F), UINT32_C(0x309A3D7F) }, ++ { UINT32_C(0x0E3A6FE5), UINT32_C(0xBA2A23E6), UINT32_C(0xD28B22C3), ++ UINT32_C(0x76CF674A), UINT32_C(0xF8B808C3), UINT32_C(0xD235AD07), ++ UINT32_C(0x6B71213A), UINT32_C(0x7BBF4C58), UINT32_C(0x93271EBB), ++ UINT32_C(0x0676792E), UINT32_C(0x05B1FC31), UINT32_C(0x2CFD2C76) } }, ++ { { UINT32_C(0x37A450F5), UINT32_C(0x4258E5C0), UINT32_C(0x52D2B118), ++ UINT32_C(0xC3245F1B), UINT32_C(0x82BC5963), UINT32_C(0x6DF7B484), ++ UINT32_C(0x9C273D1E), UINT32_C(0xE520DA4D), UINT32_C(0x2C3010E5), ++ UINT32_C(0xED78E012), UINT32_C(0x3C1D4C05), UINT32_C(0x11222948) }, ++ { UINT32_C(0xC692B490), UINT32_C(0xE3DAE5AF), UINT32_C(0xC197F793), ++ UINT32_C(0x3272BD10), UINT32_C(0xE709ACAA), UINT32_C(0xF7EAE411), ++ UINT32_C(0x778270A6), UINT32_C(0x00B0C95F), UINT32_C(0x220D4350), ++ UINT32_C(0x4DA76EE1), UINT32_C(0xAB71E308), UINT32_C(0x521E1461) } }, ++ { { UINT32_C(0x343196A3), UINT32_C(0x7B654323), UINT32_C(0xB0C95250), ++ UINT32_C(0x35D442AD), UINT32_C(0xE264FF17), UINT32_C(0x38AF50E6), ++ UINT32_C(0x2030D2EA), UINT32_C(0x28397A41), UINT32_C(0xF74EEDA1), ++ UINT32_C(0x8F1D84E9), UINT32_C(0xE6FB3C52), UINT32_C(0xD521F92D) }, ++ { UINT32_C(0x95733811), UINT32_C(0xAF358D77), UINT32_C(0x93ABFE94), ++ UINT32_C(0xEBFDDD01), UINT32_C(0xD18D99DE), UINT32_C(0x05D8A028), ++ UINT32_C(0xB5D5BDD9), UINT32_C(0x5A664019), UINT32_C(0x2AA12FE8), ++ UINT32_C(0x3DF17282), UINT32_C(0xB889A28E), UINT32_C(0xB42E006F) } }, ++ { { UINT32_C(0xBC35CB1A), UINT32_C(0xCF10E97D), UINT32_C(0x994DEDC5), ++ UINT32_C(0xC70A7BBD), UINT32_C(0x37D04FB9), UINT32_C(0x76A5327C), ++ UINT32_C(0xA76E0CDA), UINT32_C(0x87539F76), UINT32_C(0xCD60A6B1), ++ UINT32_C(0xE9FE493F), UINT32_C(0x132F01C0), UINT32_C(0xA4574796) }, ++ { UINT32_C(0xDB70B167), UINT32_C(0xC43B85EB), UINT32_C(0x98551DFA), ++ UINT32_C(0x81D5039A), UINT32_C(0x1D979FA4), UINT32_C(0x6B56FBE9), ++ UINT32_C(0x8615098F), UINT32_C(0x49714FD7), UINT32_C(0x94DECAB5), ++ UINT32_C(0xB10E1CEA), UINT32_C(0x480EF6E3), UINT32_C(0x8342EBA3) } }, ++ { { UINT32_C(0xB3677288), UINT32_C(0xE1E030B0), UINT32_C(0x8D5CE3AF), ++ UINT32_C(0x2978174C), UINT32_C(0xF7B2DE98), UINT32_C(0xAFC0271C), ++ UINT32_C(0xB99C20B5), UINT32_C(0x745BC6F3), UINT32_C(0x1E3BB4E5), ++ UINT32_C(0x9F6EDCED), UINT32_C(0x73C8C1FC), UINT32_C(0x58D3EE4E) }, ++ { UINT32_C(0x7FD30124), UINT32_C(0x1F3535F4), UINT32_C(0x5FA62502), ++ UINT32_C(0xF366AC70), UINT32_C(0x965363FE), UINT32_C(0x4C4C1FDD), ++ UINT32_C(0x1DE2CA2B), UINT32_C(0x8B2C7777), UINT32_C(0x882F1173), ++ UINT32_C(0x0CB54743), UINT32_C(0x71343331), UINT32_C(0x94B6B8C0) } }, ++ { { UINT32_C(0x65B8B35B), UINT32_C(0x75AF0141), UINT32_C(0x4670A1F5), ++ UINT32_C(0x6D7B8485), UINT32_C(0xA3B6D376), UINT32_C(0x6EAA3A47), ++ UINT32_C(0xCB3E5B66), UINT32_C(0xD7E673D2), UINT32_C(0x9589AB38), ++ UINT32_C(0xC0338E6C), UINT32_C(0x09440FAA), UINT32_C(0x4BE26CB3) }, ++ { UINT32_C(0x394F9AA3), UINT32_C(0x82CB05E7), UINT32_C(0x7F7792EA), ++ UINT32_C(0xC45C8A8A), UINT32_C(0xB687DC70), UINT32_C(0x37E5E33B), ++ UINT32_C(0xDFE48E49), UINT32_C(0x63853219), UINT32_C(0x6D0E5C8C), ++ UINT32_C(0x087951C1), UINT32_C(0x2BC27310), UINT32_C(0x7696A8C7) } }, ++ { { UINT32_C(0xB67E834A), UINT32_C(0xA05736D5), UINT32_C(0x9098D42A), ++ UINT32_C(0xDD2AA0F2), UINT32_C(0x49C69DDC), UINT32_C(0x09F0C1D8), ++ UINT32_C(0x8FF0F0F3), UINT32_C(0x81F8BC1C), UINT32_C(0x03037775), ++ UINT32_C(0x36FD3A4F), UINT32_C(0x4B06DF5C), UINT32_C(0x8286717D) }, ++ { UINT32_C(0xA9079EA2), UINT32_C(0xB878F496), UINT32_C(0xD7DC796D), ++ UINT32_C(0xA5642426), UINT32_C(0x67FDAC2B), UINT32_C(0x29B9351A), ++ UINT32_C(0x1D543CDE), UINT32_C(0x93774C0E), UINT32_C(0x1A8E31C4), ++ UINT32_C(0x4F8793BA), UINT32_C(0x6C94798A), UINT32_C(0x7C9F3F3A) } }, ++ { { UINT32_C(0xCB8ECDB8), UINT32_C(0x23C5AD11), UINT32_C(0x485A6A02), ++ UINT32_C(0x1E88D25E), UINT32_C(0xF1E268AE), UINT32_C(0xB27CBE84), ++ UINT32_C(0xF4CD0475), UINT32_C(0xDDA80238), UINT32_C(0x49F8EB1B), ++ UINT32_C(0x4F88857B), UINT32_C(0x52FB07F9), UINT32_C(0x91B1221F) }, ++ { UINT32_C(0x8637FA67), UINT32_C(0x7CE97460), UINT32_C(0x632198D8), ++ UINT32_C(0x528B3CF4), UINT32_C(0xF6623769), UINT32_C(0x33365AB3), ++ UINT32_C(0x3A83A30F), UINT32_C(0x6FEBCFFF), UINT32_C(0x9BD341EB), ++ UINT32_C(0x398F4C99), UINT32_C(0xB33A333C), UINT32_C(0x180712BB) } }, ++ { { UINT32_C(0xD93429E7), UINT32_C(0x2B8655A2), UINT32_C(0x75C8B9EE), ++ UINT32_C(0x99D600BB), UINT32_C(0x88FCA6CD), UINT32_C(0x9FC1AF8B), ++ UINT32_C(0x7C311F80), UINT32_C(0x2FB53386), UINT32_C(0xE8A71EEE), ++ UINT32_C(0x20743ECB), UINT32_C(0xE848B49E), UINT32_C(0xEC3713C4) }, ++ { UINT32_C(0xBB886817), UINT32_C(0x5B2037B5), UINT32_C(0x307DBAF4), ++ UINT32_C(0x40EF5AC2), UINT32_C(0x1B3F643D), UINT32_C(0xC2888AF2), ++ UINT32_C(0x9D5A4190), UINT32_C(0x0D8252E1), UINT32_C(0x2DB52A8A), ++ UINT32_C(0x06CC0BEC), UINT32_C(0xAB94E969), UINT32_C(0xB84B98EA) } }, ++ { { UINT32_C(0xA0321E0E), UINT32_C(0x2E7AC078), UINT32_C(0xEF3DAAB6), ++ UINT32_C(0x5C5A1168), UINT32_C(0xADDD454A), UINT32_C(0xD2D573CB), ++ UINT32_C(0x36259CC7), UINT32_C(0x27E149E2), UINT32_C(0xA63F47F1), ++ UINT32_C(0x1EDFD469), UINT32_C(0xF1BD2CFD), UINT32_C(0x039AD674) }, ++ { UINT32_C(0x3077D3CC), UINT32_C(0xBFA633FC), UINT32_C(0x2FD64E9F), ++ UINT32_C(0x14A7C82F), UINT32_C(0x9D824999), UINT32_C(0xAAA65014), ++ UINT32_C(0x21760F2E), UINT32_C(0x41AB113B), UINT32_C(0x1CAE260A), ++ UINT32_C(0x23E646C5), UINT32_C(0x68DC5159), UINT32_C(0x08062C8F) } }, ++ }, ++ { ++ { { UINT32_C(0x204BE028), UINT32_C(0x2E7D0A16), UINT32_C(0xD0E41851), ++ UINT32_C(0x4F1D082E), UINT32_C(0x3EB317F9), UINT32_C(0x15F1DDC6), ++ UINT32_C(0x5ADF71D7), UINT32_C(0xF0275071), UINT32_C(0xEE858BC3), ++ UINT32_C(0x2CE33C2E), UINT32_C(0xDA73B71A), UINT32_C(0xA24C76D1) }, ++ { UINT32_C(0x6C70C483), UINT32_C(0x9EF6A70A), UINT32_C(0x05CF9612), ++ UINT32_C(0xEFCF1705), UINT32_C(0x7502DE64), UINT32_C(0x9F5BF5A6), ++ UINT32_C(0xA4701973), UINT32_C(0xD11122A1), UINT32_C(0xA2EA7B24), ++ UINT32_C(0x82CFAAC2), UINT32_C(0x0A4582E1), UINT32_C(0x6CAD67CC) } }, ++ { { UINT32_C(0xB4DC8600), UINT32_C(0x597A26FF), UINT32_C(0xF9288555), ++ UINT32_C(0x264A09F3), UINT32_C(0x5C27F5F6), UINT32_C(0x0B06AFF6), ++ UINT32_C(0xD8D544E6), UINT32_C(0xCE5AB665), UINT32_C(0x99275C32), ++ UINT32_C(0x92F031BE), UINT32_C(0xF42E0E7C), UINT32_C(0xAF51C5BB) }, ++ { UINT32_C(0x1E37B36D), UINT32_C(0x5BB28B06), UINT32_C(0x8473543A), ++ UINT32_C(0x583FBA6A), UINT32_C(0xF93FB7DC), UINT32_C(0xE73FD299), ++ UINT32_C(0x6E2CCAD9), UINT32_C(0xFCD999A8), UINT32_C(0x334D4F57), ++ UINT32_C(0xB8C8A6DF), UINT32_C(0x9A2ACC9B), UINT32_C(0x5ADB28DD) } }, ++ { { UINT32_C(0x111792B9), UINT32_C(0x5ADF3D9A), UINT32_C(0x4F1E0D09), ++ UINT32_C(0x1C77A305), UINT32_C(0xA82D3736), UINT32_C(0xF9FBCE33), ++ UINT32_C(0x718C8AA3), UINT32_C(0xF307823E), UINT32_C(0x416CCF69), ++ UINT32_C(0x860578CF), UINT32_C(0x1EF8465B), UINT32_C(0xB942ADD8) }, ++ { UINT32_C(0xCD9472E1), UINT32_C(0x9EE0CF97), UINT32_C(0xB01528A8), ++ UINT32_C(0xE6792EEF), UINT32_C(0xC09DA90B), UINT32_C(0xF99B9A8D), ++ UINT32_C(0xCBF3CCB8), UINT32_C(0x1F521C2D), UINT32_C(0x91A62632), ++ UINT32_C(0x6BF66948), UINT32_C(0x854FE9DA), UINT32_C(0xCC7A9CEB) } }, ++ { { UINT32_C(0x491CCB92), UINT32_C(0x46303171), UINT32_C(0x2771235B), ++ UINT32_C(0xA80A8C0D), UINT32_C(0xF172C7CF), UINT32_C(0xD8E497FF), ++ UINT32_C(0x35B193CF), UINT32_C(0x7F7009D7), UINT32_C(0xF19DF4BC), ++ UINT32_C(0x6B9FD3F7), UINT32_C(0xB46F1E37), UINT32_C(0xADA548C3) }, ++ { UINT32_C(0xC7A20270), UINT32_C(0x87C6EAA9), UINT32_C(0xAE78EF99), ++ UINT32_C(0xEF2245D6), UINT32_C(0x539EAB95), UINT32_C(0x2A121042), ++ UINT32_C(0x79B8F5CC), UINT32_C(0x29A6D5D7), UINT32_C(0xB77840DC), ++ UINT32_C(0x33803A10), UINT32_C(0x11A6A30F), UINT32_C(0xFEDD3A70) } }, ++ { { UINT32_C(0x142403D1), UINT32_C(0xFA070E22), UINT32_C(0x15C6F7F5), ++ UINT32_C(0x68FF3160), UINT32_C(0x223A0CE8), UINT32_C(0xE09F04E6), ++ UINT32_C(0x53E14183), UINT32_C(0x22BBD018), UINT32_C(0xCF45B75B), ++ UINT32_C(0x35D9FAFC), UINT32_C(0x7ECEEC88), UINT32_C(0x3A34819D) }, ++ { UINT32_C(0xD33262D2), UINT32_C(0xD9CF7568), UINT32_C(0x841D1505), ++ UINT32_C(0x431036D5), UINT32_C(0x9EB2A79A), UINT32_C(0x0C800565), ++ UINT32_C(0x5F7EDC6A), UINT32_C(0x8E77D9F0), UINT32_C(0x65E800AA), ++ UINT32_C(0x19E12D05), UINT32_C(0xB7784E7C), UINT32_C(0x335C8D36) } }, ++ { { UINT32_C(0x6484FD40), UINT32_C(0x8B2FC4E9), UINT32_C(0xA35D24EA), ++ UINT32_C(0xEE702764), UINT32_C(0xB871C3F3), UINT32_C(0x15B28AC7), ++ UINT32_C(0xE097047F), UINT32_C(0x805B4048), UINT32_C(0x647CAD2F), ++ UINT32_C(0xD6F1B8DF), UINT32_C(0xDC7DD67F), UINT32_C(0xF1D5B458) }, ++ { UINT32_C(0x25148803), UINT32_C(0x324C529C), UINT32_C(0x21274FAF), ++ UINT32_C(0xF6185EBE), UINT32_C(0x95148B55), UINT32_C(0xAF14751E), ++ UINT32_C(0x28F284F4), UINT32_C(0x283ED89D), UINT32_C(0x4CBEBF1A), ++ UINT32_C(0x93AD20E7), UINT32_C(0x882935E1), UINT32_C(0x5F6EC65D) } }, ++ { { UINT32_C(0xA4DCEFE9), UINT32_C(0xE222EBA4), UINT32_C(0xEC1CEB74), ++ UINT32_C(0x63AD235F), UINT32_C(0xE05B18E7), UINT32_C(0x2E0BF749), ++ UINT32_C(0xB48BDD87), UINT32_C(0x547BD050), UINT32_C(0xF5AA2FC4), ++ UINT32_C(0x0490C970), UINT32_C(0x2B431390), UINT32_C(0xCED5E4CF) }, ++ { UINT32_C(0x51D2898E), UINT32_C(0x07D82704), UINT32_C(0x083B57D4), ++ UINT32_C(0x44B72442), UINT32_C(0x5037FCE8), UINT32_C(0xA4ADA230), ++ UINT32_C(0x50510DA6), UINT32_C(0x55F7905E), UINT32_C(0x8D890A98), ++ UINT32_C(0xD8EE724F), UINT32_C(0x11B85640), UINT32_C(0x925A8E7C) } }, ++ { { UINT32_C(0x1CA459ED), UINT32_C(0x5BFA10CD), UINT32_C(0x6DCF56BF), ++ UINT32_C(0x593F085A), UINT32_C(0xC0579C3E), UINT32_C(0xE6F0AD9B), ++ UINT32_C(0x2527C1AD), UINT32_C(0xC11C95A2), UINT32_C(0xCF1CB8B3), ++ UINT32_C(0x7CFA71E1), UINT32_C(0x1D6DC79D), UINT32_C(0xEDCFF833) }, ++ { UINT32_C(0x432521C9), UINT32_C(0x581C4BBE), UINT32_C(0x144E11A0), ++ UINT32_C(0xBF620096), UINT32_C(0xBE3A107B), UINT32_C(0x54C38B71), ++ UINT32_C(0xE2606EC0), UINT32_C(0xED555E37), UINT32_C(0xD721D034), ++ UINT32_C(0x3FB148B8), UINT32_C(0x0091BC90), UINT32_C(0x79D53DAD) } }, ++ { { UINT32_C(0xB7082C80), UINT32_C(0xE32068C5), UINT32_C(0x7A144E22), ++ UINT32_C(0x4140FFD2), UINT32_C(0x9EDD9E86), UINT32_C(0x5811D2F0), ++ UINT32_C(0xC572C465), UINT32_C(0xCDD79B5F), UINT32_C(0xC97BF450), ++ UINT32_C(0x3563FED1), UINT32_C(0xF2CE5C9C), UINT32_C(0x985C1444) }, ++ { UINT32_C(0x99950F1C), UINT32_C(0x260AE797), UINT32_C(0x765E9DED), ++ UINT32_C(0x659F4F40), UINT32_C(0x2E3BC286), UINT32_C(0x2A412D66), ++ UINT32_C(0xF87E0C82), UINT32_C(0xE865E62C), UINT32_C(0x6C05E7D7), ++ UINT32_C(0xD63D3A9A), UINT32_C(0x8686F89A), UINT32_C(0x96725D67) } }, ++ { { UINT32_C(0xAB7EA0F5), UINT32_C(0xC99A5E4C), UINT32_C(0xC5393FA9), ++ UINT32_C(0xC9860A1A), UINT32_C(0x8FDEEFC0), UINT32_C(0x9ED83CEE), ++ UINT32_C(0x5ED6869A), UINT32_C(0xE3EA8B4C), UINT32_C(0xD2EED3A9), ++ UINT32_C(0x89A85463), UINT32_C(0xE421A622), UINT32_C(0x2CD91B6D) }, ++ { UINT32_C(0x2C91C41D), UINT32_C(0x6FEC1EF3), UINT32_C(0x8171037D), ++ UINT32_C(0xB1540D1F), UINT32_C(0x1C010E5B), UINT32_C(0x4FE4991A), ++ UINT32_C(0xFC1C7368), UINT32_C(0x28A3469F), UINT32_C(0xAF118781), ++ UINT32_C(0xE1EEECD1), UINT32_C(0x99EF3531), UINT32_C(0x1BCCB977) } }, ++ { { UINT32_C(0xC4DAB7B8), UINT32_C(0x63D3B638), UINT32_C(0x3F7F5BAB), ++ UINT32_C(0xD92133B6), UINT32_C(0x09FB6069), UINT32_C(0x2573EE20), ++ UINT32_C(0x890A1686), UINT32_C(0x771FABDF), UINT32_C(0xA77AFFF5), ++ UINT32_C(0x1D0BA21F), UINT32_C(0xBA3DD2C0), UINT32_C(0x83145FCC) }, ++ { UINT32_C(0x2D115C20), UINT32_C(0xFA073A81), UINT32_C(0x19176F27), ++ UINT32_C(0x6AB7A9D3), UINT32_C(0x9AC639EE), UINT32_C(0xAF62CF93), ++ UINT32_C(0x2CCD1319), UINT32_C(0xF73848B9), UINT32_C(0x3C71659D), ++ UINT32_C(0x3B613234), UINT32_C(0x10AB3826), UINT32_C(0xF8E0011C) } }, ++ { { UINT32_C(0x0282FFA5), UINT32_C(0x0501F036), UINT32_C(0xD9E0F15A), ++ UINT32_C(0xC39A5CF4), UINT32_C(0x9A3D1F3C), UINT32_C(0x48D8C729), ++ UINT32_C(0x64E18EDA), UINT32_C(0xB5FC136B), UINT32_C(0x7E58FEF0), ++ UINT32_C(0xE81B53D9), UINT32_C(0xF7B0F28D), UINT32_C(0x0D534055) }, ++ { UINT32_C(0x7A80619B), UINT32_C(0x47B8DE12), UINT32_C(0x81F9E55D), ++ UINT32_C(0x60E2A2B3), UINT32_C(0xCF564CC5), UINT32_C(0x6E9624D7), ++ UINT32_C(0x6BDEDFFF), UINT32_C(0xFDF18A21), UINT32_C(0xC0D5FC82), ++ UINT32_C(0x3787DE38), UINT32_C(0x497A6B11), UINT32_C(0xCBCAA347) } }, ++ { { UINT32_C(0xB226465A), UINT32_C(0x6E7EF35E), UINT32_C(0x5F8A2BAF), ++ UINT32_C(0x4B469919), UINT32_C(0x1120D93F), UINT32_C(0x44B3A3CF), ++ UINT32_C(0x68F34AD1), UINT32_C(0xB052C8B6), UINT32_C(0xEF7632DD), ++ UINT32_C(0x27EC574B), UINT32_C(0x685DE26F), UINT32_C(0xAEBEA108) }, ++ { UINT32_C(0xE39424B6), UINT32_C(0xDA33236B), UINT32_C(0xEBCC22AD), ++ UINT32_C(0xB1BD94A9), UINT32_C(0x2CDFB5D5), UINT32_C(0x6DDEE6CC), ++ UINT32_C(0x6F14069A), UINT32_C(0xBDAED927), UINT32_C(0x2A247CB7), ++ UINT32_C(0x2ADE427C), UINT32_C(0xED156A40), UINT32_C(0xCE96B436) } }, ++ { { UINT32_C(0x81F3F819), UINT32_C(0xDDDCA360), UINT32_C(0xD419B96A), ++ UINT32_C(0x4AF4A49F), UINT32_C(0x7CB966B9), UINT32_C(0x746C6525), ++ UINT32_C(0x6F610023), UINT32_C(0x01E39088), UINT32_C(0x98DD33FC), ++ UINT32_C(0x05ECB38D), UINT32_C(0x8F84EDF4), UINT32_C(0x962B971B) }, ++ { UINT32_C(0x6A6F2602), UINT32_C(0xEB32C0A5), UINT32_C(0x562D60F2), ++ UINT32_C(0xF026AF71), UINT32_C(0x84615FAB), UINT32_C(0xA9E246BF), ++ UINT32_C(0x75DBAE01), UINT32_C(0xAD967092), UINT32_C(0x3ECE5D07), ++ UINT32_C(0xBF97C79B), UINT32_C(0x74EAA3D3), UINT32_C(0xE06266C7) } }, ++ { { UINT32_C(0x2E6DBB6E), UINT32_C(0x161A0157), UINT32_C(0x60FA8F47), ++ UINT32_C(0xB8AF4904), UINT32_C(0x00197F22), UINT32_C(0xE4336C44), ++ UINT32_C(0x9CEDCE0E), UINT32_C(0xF811AFFA), UINT32_C(0xF94C2EF1), ++ UINT32_C(0xB1DD7685), UINT32_C(0xCA957BB0), UINT32_C(0xEEDC0F4B) }, ++ { UINT32_C(0x4AA76BB1), UINT32_C(0xD319FD57), UINT32_C(0x16CD7CCB), ++ UINT32_C(0xB3525D7C), UINT32_C(0xA97DD072), UINT32_C(0x7B22DA9C), ++ UINT32_C(0x38A83E71), UINT32_C(0x99DB84BD), UINT32_C(0xC0EDD8BE), ++ UINT32_C(0x4939BC8D), UINT32_C(0x903A932C), UINT32_C(0x06D524EA) } }, ++ { { UINT32_C(0x0E31F639), UINT32_C(0x4BC950EC), UINT32_C(0x6016BE30), ++ UINT32_C(0xB7ABD3DC), UINT32_C(0x6703DAD0), UINT32_C(0x3B0F4473), ++ UINT32_C(0x0AC1C4EA), UINT32_C(0xCC405F8B), UINT32_C(0x176C3FEE), ++ UINT32_C(0x9BED5E57), UINT32_C(0x36AE36C2), UINT32_C(0xF4524810) }, ++ { UINT32_C(0x15D7B503), UINT32_C(0xC1EDBB83), UINT32_C(0xE30F3657), ++ UINT32_C(0x943B1156), UINT32_C(0x98377805), UINT32_C(0x984E9EEF), ++ UINT32_C(0x36CF1DEB), UINT32_C(0x291AE7AC), UINT32_C(0xA9F66DF3), ++ UINT32_C(0xFED8748C), UINT32_C(0xFEA8FA5D), UINT32_C(0xECA758BB) } }, ++ }, ++ { ++ { { UINT32_C(0x2DD1B249), UINT32_C(0xACC787EF), UINT32_C(0xD82976F1), ++ UINT32_C(0x736E1030), UINT32_C(0xA01B3649), UINT32_C(0x0A6940FA), ++ UINT32_C(0xC42341E7), UINT32_C(0xE00B926B), UINT32_C(0xDE8FFD6C), ++ UINT32_C(0x911508D0), UINT32_C(0x5276B0CB), UINT32_C(0x4DCF8D46) }, ++ { UINT32_C(0xCC3CAD8D), UINT32_C(0x23AD0A90), UINT32_C(0xADED962A), ++ UINT32_C(0x2A92E54C), UINT32_C(0xF231BFAF), UINT32_C(0x93FBEC4D), ++ UINT32_C(0x4798987A), UINT32_C(0x9544BC77), UINT32_C(0x08E29F60), ++ UINT32_C(0x48084E25), UINT32_C(0x32DE5869), UINT32_C(0x0C0D2F43) } }, ++ { { UINT32_C(0x3A9ABC13), UINT32_C(0x6778F970), UINT32_C(0x3D2B166B), ++ UINT32_C(0xFD014FAC), UINT32_C(0x3C6FED60), UINT32_C(0x1FE4FC78), ++ UINT32_C(0xAA7C69C5), UINT32_C(0x04295FA8), UINT32_C(0x7C123175), ++ UINT32_C(0xA01DE56D), UINT32_C(0x3D9A713A), UINT32_C(0x0FA0D3A8) }, ++ { UINT32_C(0xE3E08ADD), UINT32_C(0xA7A6E5E3), UINT32_C(0x1AC58F85), ++ UINT32_C(0xBD77E94B), UINT32_C(0xB7321A9C), UINT32_C(0x078F6FD2), ++ UINT32_C(0x911EF6D9), UINT32_C(0x9564601E), UINT32_C(0x415C6BEF), ++ UINT32_C(0x31C5C1B2), UINT32_C(0xD3212C62), UINT32_C(0xE6C0C91E) } }, ++ { { UINT32_C(0x0D16022F), UINT32_C(0xBA7BD23C), UINT32_C(0x198BE288), ++ UINT32_C(0xE9CF4750), UINT32_C(0x47DEEC65), UINT32_C(0x304E3169), ++ UINT32_C(0x96EEB288), UINT32_C(0xCF65B41F), UINT32_C(0x927E9E3B), ++ UINT32_C(0x17E99C17), UINT32_C(0xF6630A80), UINT32_C(0x82225546) }, ++ { UINT32_C(0xCA067BD9), UINT32_C(0x15122B8A), UINT32_C(0xB77B4E98), ++ UINT32_C(0xE2673205), UINT32_C(0x9407CA63), UINT32_C(0x13037565), ++ UINT32_C(0x8B621602), UINT32_C(0x53624F54), UINT32_C(0xEAE4BD06), ++ UINT32_C(0x96AF2CB1), UINT32_C(0x8FA20829), UINT32_C(0x576ECD1C) } }, ++ { { UINT32_C(0x7E02D2D0), UINT32_C(0xA551CE10), UINT32_C(0x9D13DBC7), ++ UINT32_C(0x1584ED24), UINT32_C(0x4DA7B6D8), UINT32_C(0x082017AD), ++ UINT32_C(0xE054BC48), UINT32_C(0x81918A8F), UINT32_C(0x572DC384), ++ UINT32_C(0x677DB48E), UINT32_C(0x6155484C), UINT32_C(0x2EF82296) }, ++ { UINT32_C(0x41B9C231), UINT32_C(0xC3DB14C6), UINT32_C(0x4A766192), ++ UINT32_C(0x910A87D1), UINT32_C(0x10AB8E0F), UINT32_C(0x93D5CC86), ++ UINT32_C(0xAE57CA1B), UINT32_C(0x4194D548), UINT32_C(0x267FC37A), ++ UINT32_C(0xFAF3A1D6), UINT32_C(0x13B87C97), UINT32_C(0x70EC2364) } }, ++ { { UINT32_C(0x5E12756A), UINT32_C(0x064B565B), UINT32_C(0xAE49C98E), ++ UINT32_C(0x953B7BD1), UINT32_C(0xF7001D91), UINT32_C(0xE0CE8284), ++ UINT32_C(0xF31108D0), UINT32_C(0x1546060B), UINT32_C(0x6779B6E2), ++ UINT32_C(0xDBC2C3F4), UINT32_C(0xE0DD07CF), UINT32_C(0x157AA47D) }, ++ { UINT32_C(0xF23B261E), UINT32_C(0xBF4A1C6F), UINT32_C(0x654F4BE5), ++ UINT32_C(0x5B8EED30), UINT32_C(0x6B20CCD8), UINT32_C(0xDF5896D3), ++ UINT32_C(0x559ED23D), UINT32_C(0x56920E2C), UINT32_C(0xFA6E3E27), ++ UINT32_C(0x901F342E), UINT32_C(0x896CA082), UINT32_C(0x745C747C) } }, ++ { { UINT32_C(0x2944EC84), UINT32_C(0xDBCCD575), UINT32_C(0xA5FF65FE), ++ UINT32_C(0x54A2A935), UINT32_C(0x1A1319B6), UINT32_C(0x88C92A5E), ++ UINT32_C(0x82DA96C1), UINT32_C(0x9537C28F), UINT32_C(0x35F93C46), ++ UINT32_C(0xB6836474), UINT32_C(0x65B0846C), UINT32_C(0xEC526A1D) }, ++ { UINT32_C(0xF382C412), UINT32_C(0x6F12AFBD), UINT32_C(0x9E99FA06), ++ UINT32_C(0x5EBC81D8), UINT32_C(0x869B93BD), UINT32_C(0x97B5D672), ++ UINT32_C(0x377E12AA), UINT32_C(0x2983C310), UINT32_C(0x24D681EA), ++ UINT32_C(0x48759681), UINT32_C(0x287FD767), UINT32_C(0x1E0BD106) } }, ++ { { UINT32_C(0x7231247F), UINT32_C(0x0AC75A3E), UINT32_C(0xEF27AD3A), ++ UINT32_C(0x65C20DE6), UINT32_C(0xBD02EEE5), UINT32_C(0x87EB6CF1), ++ UINT32_C(0x00147E03), UINT32_C(0x264ACA7A), UINT32_C(0xAE2A9437), ++ UINT32_C(0xEBC78581), UINT32_C(0x6316BFA5), UINT32_C(0x9929964E) }, ++ { UINT32_C(0x9AF207EF), UINT32_C(0xDC09E040), UINT32_C(0x0C9D8658), ++ UINT32_C(0x3ECFFE2D), UINT32_C(0xDFB43D38), UINT32_C(0x547EA735), ++ UINT32_C(0xD04B1B20), UINT32_C(0x5485247B), UINT32_C(0xBFD8B609), ++ UINT32_C(0xB18D3F02), UINT32_C(0xCCE73705), UINT32_C(0xEEB3E805) } }, ++ { { UINT32_C(0xDB93850F), UINT32_C(0xDAB1A525), UINT32_C(0x8365B7D5), ++ UINT32_C(0x18ADAA23), UINT32_C(0x113FC8C7), UINT32_C(0x58485C90), ++ UINT32_C(0x348AD323), UINT32_C(0x80C3DBB9), UINT32_C(0xE16ADCA1), ++ UINT32_C(0xAF892FB5), UINT32_C(0x979F005A), UINT32_C(0x2183C879) }, ++ { UINT32_C(0x0643A99E), UINT32_C(0x20FA1A94), UINT32_C(0x1A1609CB), ++ UINT32_C(0x2741221C), UINT32_C(0x3C2FBDDC), UINT32_C(0x1C1687E5), ++ UINT32_C(0xD420D6CF), UINT32_C(0xDCCF329E), UINT32_C(0x2B7197D1), ++ UINT32_C(0x75D5577D), UINT32_C(0xC8729D9C), UINT32_C(0x4C3C3875) } }, ++ { { UINT32_C(0xE5CBDCB9), UINT32_C(0x5E79F995), UINT32_C(0xA742FCC7), ++ UINT32_C(0x03139824), UINT32_C(0x239EF4A1), UINT32_C(0x6D0C214A), ++ UINT32_C(0x401A2944), UINT32_C(0x53A27952), UINT32_C(0xC10BCDF0), ++ UINT32_C(0xF42A1B34), UINT32_C(0x7CF38061), UINT32_C(0x426BAA43) }, ++ { UINT32_C(0xA96AD0C8), UINT32_C(0x16A53139), UINT32_C(0x6BAD5301), ++ UINT32_C(0x627F1D31), UINT32_C(0x4ACCD627), UINT32_C(0x5AF74877), ++ UINT32_C(0xB55B0FB8), UINT32_C(0x3C58A1C5), UINT32_C(0xF4399A6A), ++ UINT32_C(0xFAA57B91), UINT32_C(0xC28094B8), UINT32_C(0xBAD283FB) } }, ++ { { UINT32_C(0x83E10A93), UINT32_C(0xBA32AC61), UINT32_C(0xEC06BDB0), ++ UINT32_C(0x1C91F6B4), UINT32_C(0x65F60C93), UINT32_C(0x42E6CFBC), ++ UINT32_C(0x2C0CDCBE), UINT32_C(0xEFE33BC8), UINT32_C(0x4D6414F2), ++ UINT32_C(0xE0FE1D09), UINT32_C(0x76FA5C5B), UINT32_C(0x4C112316) }, ++ { UINT32_C(0x2E26200A), UINT32_C(0x812C1DC6), UINT32_C(0xEE879D25), ++ UINT32_C(0xD6C413C5), UINT32_C(0xBCA8BAFE), UINT32_C(0xBEADE255), ++ UINT32_C(0xCE2BA0E7), UINT32_C(0x0EAF4AE2), UINT32_C(0xC4F4408A), ++ UINT32_C(0x66E9FFB0), UINT32_C(0x9782C7AD), UINT32_C(0xB36A86D7) } }, ++ { { UINT32_C(0xBAD8D1C7), UINT32_C(0x10FCD1F4), UINT32_C(0x4502F645), ++ UINT32_C(0xC903816A), UINT32_C(0xA503B895), UINT32_C(0x7FAC1CC1), ++ UINT32_C(0x0778900C), UINT32_C(0x8BCD6041), UINT32_C(0x5BCF2784), ++ UINT32_C(0x5A5F2202), UINT32_C(0x10EDB896), UINT32_C(0x9B157E87) }, ++ { UINT32_C(0xF602A8B1), UINT32_C(0x4C58DA69), UINT32_C(0x59EC9D7E), ++ UINT32_C(0xD55132F8), UINT32_C(0xA26D4870), UINT32_C(0x155B719A), ++ UINT32_C(0x36441746), UINT32_C(0x25AAFCA3), UINT32_C(0xDD3B6B30), ++ UINT32_C(0x01F83338), UINT32_C(0x551917CC), UINT32_C(0xD52BB5C1) } }, ++ { { UINT32_C(0x6135066A), UINT32_C(0xA0B6207B), UINT32_C(0x2AEC8CBD), ++ UINT32_C(0xB3409F84), UINT32_C(0x19D87DF0), UINT32_C(0x5EBFD436), ++ UINT32_C(0xE8526DE2), UINT32_C(0xCB4C209B), UINT32_C(0x21E1A230), ++ UINT32_C(0xD764085B), UINT32_C(0x0899964A), UINT32_C(0x96F91554) }, ++ { UINT32_C(0xA57D122A), UINT32_C(0xB0BEC8EF), UINT32_C(0x5D9D0B33), ++ UINT32_C(0xC572EC56), UINT32_C(0xCFA7C72C), UINT32_C(0xEBE2A780), ++ UINT32_C(0x9EF3295C), UINT32_C(0x52D40CDB), UINT32_C(0x0DE74DFE), ++ UINT32_C(0x64004584), UINT32_C(0xC0809716), UINT32_C(0xA6846432) } }, ++ { { UINT32_C(0x02C979BC), UINT32_C(0x0D09E8CD), UINT32_C(0x409F4F2A), ++ UINT32_C(0xEC4B21F6), UINT32_C(0x13FB07CA), UINT32_C(0x68125C70), ++ UINT32_C(0x6FDFA72A), UINT32_C(0x1C4CFC17), UINT32_C(0x04539FCD), ++ UINT32_C(0xC9E71B9E), UINT32_C(0x8BA70797), UINT32_C(0x94B7103D) }, ++ { UINT32_C(0xB33FDE83), UINT32_C(0x6B81E82F), UINT32_C(0xEABAFD4B), ++ UINT32_C(0x7CA9A8CA), UINT32_C(0xEAB819CE), UINT32_C(0xADD85A67), ++ UINT32_C(0x98E99FFC), UINT32_C(0xAEC25483), UINT32_C(0x274A07B6), ++ UINT32_C(0x938D6440), UINT32_C(0x564A6AA0), UINT32_C(0x0A5C7097) } }, ++ { { UINT32_C(0x2F4FCEB6), UINT32_C(0x7284FF50), UINT32_C(0x78D0D5CB), ++ UINT32_C(0x0A28715A), UINT32_C(0xBFCE187C), UINT32_C(0xE70B7014), ++ UINT32_C(0x7A17148D), UINT32_C(0xA6B538F5), UINT32_C(0xDD427166), ++ UINT32_C(0x1DAB07C9), UINT32_C(0x149D23CA), UINT32_C(0x5C5578B0) }, ++ { UINT32_C(0x875B5EDE), UINT32_C(0x875E2056), UINT32_C(0x02C893B9), ++ UINT32_C(0xCBF44B6D), UINT32_C(0x5C2993FB), UINT32_C(0x5715A77E), ++ UINT32_C(0x3410597E), UINT32_C(0xAF328146), UINT32_C(0x42DC49DF), ++ UINT32_C(0x65DF418F), UINT32_C(0xA9EE52F6), UINT32_C(0x7AC9C720) } }, ++ { { UINT32_C(0x62955486), UINT32_C(0xB1C9AA07), UINT32_C(0x245061D7), ++ UINT32_C(0xCBF35BE3), UINT32_C(0x8CF4DDC0), UINT32_C(0x811E1BD3), ++ UINT32_C(0x948F7C84), UINT32_C(0xD9D4589C), UINT32_C(0xCB0F996D), ++ UINT32_C(0x30D09A0F), UINT32_C(0x590E7704), UINT32_C(0x1A1B3B7A) }, ++ { UINT32_C(0x2082768D), UINT32_C(0xA848E349), UINT32_C(0x9A249DF4), ++ UINT32_C(0x9FEBD492), UINT32_C(0x5F20439A), UINT32_C(0x503420AF), ++ UINT32_C(0x8E2BFCD4), UINT32_C(0x0CBE52B6), UINT32_C(0x118C91B2), ++ UINT32_C(0xB1D5E261), UINT32_C(0x71D8F2BC), UINT32_C(0x93CFF6DA) } }, ++ { { UINT32_C(0x8AB58944), UINT32_C(0x5F5BC06B), UINT32_C(0x4979882D), ++ UINT32_C(0xE4BED538), UINT32_C(0xD79B0EB1), UINT32_C(0x57C30362), ++ UINT32_C(0xEF7C56D8), UINT32_C(0x391AE2C1), UINT32_C(0xADD98625), ++ UINT32_C(0x28BC2E97), UINT32_C(0x1B257107), UINT32_C(0xFA8E86B8) }, ++ { UINT32_C(0x6118C715), UINT32_C(0x5E4859F8), UINT32_C(0x524C71DD), ++ UINT32_C(0x91C83324), UINT32_C(0x6D2F5E6D), UINT32_C(0xFB209243), ++ UINT32_C(0x2A900A43), UINT32_C(0x6B4FE21F), UINT32_C(0x32A73C1F), ++ UINT32_C(0x241F75D6), UINT32_C(0x5AE89613), UINT32_C(0xF5BC4629) } }, ++ } ++}; ++ ++/*- ++ * Q := 2P, both projective, Q and P same pointers OK ++ * Autogenerated: op3/dbl_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 6 ++ * ASSERT: a = -3 ++ */ ++static void ++point_double(pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X = P->X; ++ const limb_t *Y = P->Y; ++ const limb_t *Z = P->Z; ++ limb_t *X3 = Q->X; ++ limb_t *Y3 = Q->Y; ++ limb_t *Z3 = Q->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp384r1_square(t0, X); ++ fiat_secp384r1_square(t1, Y); ++ fiat_secp384r1_square(t2, Z); ++ fiat_secp384r1_mul(t3, X, Y); ++ fiat_secp384r1_add(t3, t3, t3); ++ fiat_secp384r1_mul(t4, Y, Z); ++ fiat_secp384r1_mul(Z3, X, Z); ++ fiat_secp384r1_add(Z3, Z3, Z3); ++ fiat_secp384r1_mul(Y3, b, t2); ++ fiat_secp384r1_sub(Y3, Y3, Z3); ++ fiat_secp384r1_add(X3, Y3, Y3); ++ fiat_secp384r1_add(Y3, X3, Y3); ++ fiat_secp384r1_sub(X3, t1, Y3); ++ fiat_secp384r1_add(Y3, t1, Y3); ++ fiat_secp384r1_mul(Y3, X3, Y3); ++ fiat_secp384r1_mul(X3, X3, t3); ++ fiat_secp384r1_add(t3, t2, t2); ++ fiat_secp384r1_add(t2, t2, t3); ++ fiat_secp384r1_mul(Z3, b, Z3); ++ fiat_secp384r1_sub(Z3, Z3, t2); ++ fiat_secp384r1_sub(Z3, Z3, t0); ++ fiat_secp384r1_add(t3, Z3, Z3); ++ fiat_secp384r1_add(Z3, Z3, t3); ++ fiat_secp384r1_add(t3, t0, t0); ++ fiat_secp384r1_add(t0, t3, t0); ++ fiat_secp384r1_sub(t0, t0, t2); ++ fiat_secp384r1_mul(t0, t0, Z3); ++ fiat_secp384r1_add(Y3, Y3, t0); ++ fiat_secp384r1_add(t0, t4, t4); ++ fiat_secp384r1_mul(Z3, t0, Z3); ++ fiat_secp384r1_sub(X3, X3, Z3); ++ fiat_secp384r1_mul(Z3, t0, t1); ++ fiat_secp384r1_add(Z3, Z3, Z3); ++ fiat_secp384r1_add(Z3, Z3, Z3); ++} ++ ++/*- ++ * R := Q + P where R and Q are projective, P affine. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_mixed.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 5 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_mixed(pt_prj_t *R, const pt_prj_t *Q, const pt_aff_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ fe_t X3; ++ fe_t Y3; ++ fe_t Z3; ++ limb_t nz; ++ ++ /* check P for affine inf */ ++ fiat_secp384r1_nonzero(&nz, P->Y); ++ ++ /* the curve arith formula */ ++ fiat_secp384r1_mul(t0, X1, X2); ++ fiat_secp384r1_mul(t1, Y1, Y2); ++ fiat_secp384r1_add(t3, X2, Y2); ++ fiat_secp384r1_add(t4, X1, Y1); ++ fiat_secp384r1_mul(t3, t3, t4); ++ fiat_secp384r1_add(t4, t0, t1); ++ fiat_secp384r1_sub(t3, t3, t4); ++ fiat_secp384r1_mul(t4, Y2, Z1); ++ fiat_secp384r1_add(t4, t4, Y1); ++ fiat_secp384r1_mul(Y3, X2, Z1); ++ fiat_secp384r1_add(Y3, Y3, X1); ++ fiat_secp384r1_mul(Z3, b, Z1); ++ fiat_secp384r1_sub(X3, Y3, Z3); ++ fiat_secp384r1_add(Z3, X3, X3); ++ fiat_secp384r1_add(X3, X3, Z3); ++ fiat_secp384r1_sub(Z3, t1, X3); ++ fiat_secp384r1_add(X3, t1, X3); ++ fiat_secp384r1_mul(Y3, b, Y3); ++ fiat_secp384r1_add(t1, Z1, Z1); ++ fiat_secp384r1_add(t2, t1, Z1); ++ fiat_secp384r1_sub(Y3, Y3, t2); ++ fiat_secp384r1_sub(Y3, Y3, t0); ++ fiat_secp384r1_add(t1, Y3, Y3); ++ fiat_secp384r1_add(Y3, t1, Y3); ++ fiat_secp384r1_add(t1, t0, t0); ++ fiat_secp384r1_add(t0, t1, t0); ++ fiat_secp384r1_sub(t0, t0, t2); ++ fiat_secp384r1_mul(t1, t4, Y3); ++ fiat_secp384r1_mul(t2, t0, Y3); ++ fiat_secp384r1_mul(Y3, X3, Z3); ++ fiat_secp384r1_add(Y3, Y3, t2); ++ fiat_secp384r1_mul(X3, t3, X3); ++ fiat_secp384r1_sub(X3, X3, t1); ++ fiat_secp384r1_mul(Z3, t4, Z3); ++ fiat_secp384r1_mul(t1, t3, t0); ++ fiat_secp384r1_add(Z3, Z3, t1); ++ ++ /* if P is inf, throw all that away and take Q */ ++ fiat_secp384r1_selectznz(R->X, nz, Q->X, X3); ++ fiat_secp384r1_selectznz(R->Y, nz, Q->Y, Y3); ++ fiat_secp384r1_selectznz(R->Z, nz, Q->Z, Z3); ++} ++ ++/*- ++ * R := Q + P all projective. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 4 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_proj(pt_prj_t *R, const pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4, t5; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ const limb_t *Z2 = P->Z; ++ limb_t *X3 = R->X; ++ limb_t *Y3 = R->Y; ++ limb_t *Z3 = R->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp384r1_mul(t0, X1, X2); ++ fiat_secp384r1_mul(t1, Y1, Y2); ++ fiat_secp384r1_mul(t2, Z1, Z2); ++ fiat_secp384r1_add(t3, X1, Y1); ++ fiat_secp384r1_add(t4, X2, Y2); ++ fiat_secp384r1_mul(t3, t3, t4); ++ fiat_secp384r1_add(t4, t0, t1); ++ fiat_secp384r1_sub(t3, t3, t4); ++ fiat_secp384r1_add(t4, Y1, Z1); ++ fiat_secp384r1_add(t5, Y2, Z2); ++ fiat_secp384r1_mul(t4, t4, t5); ++ fiat_secp384r1_add(t5, t1, t2); ++ fiat_secp384r1_sub(t4, t4, t5); ++ fiat_secp384r1_add(X3, X1, Z1); ++ fiat_secp384r1_add(Y3, X2, Z2); ++ fiat_secp384r1_mul(X3, X3, Y3); ++ fiat_secp384r1_add(Y3, t0, t2); ++ fiat_secp384r1_sub(Y3, X3, Y3); ++ fiat_secp384r1_mul(Z3, b, t2); ++ fiat_secp384r1_sub(X3, Y3, Z3); ++ fiat_secp384r1_add(Z3, X3, X3); ++ fiat_secp384r1_add(X3, X3, Z3); ++ fiat_secp384r1_sub(Z3, t1, X3); ++ fiat_secp384r1_add(X3, t1, X3); ++ fiat_secp384r1_mul(Y3, b, Y3); ++ fiat_secp384r1_add(t1, t2, t2); ++ fiat_secp384r1_add(t2, t1, t2); ++ fiat_secp384r1_sub(Y3, Y3, t2); ++ fiat_secp384r1_sub(Y3, Y3, t0); ++ fiat_secp384r1_add(t1, Y3, Y3); ++ fiat_secp384r1_add(Y3, t1, Y3); ++ fiat_secp384r1_add(t1, t0, t0); ++ fiat_secp384r1_add(t0, t1, t0); ++ fiat_secp384r1_sub(t0, t0, t2); ++ fiat_secp384r1_mul(t1, t4, Y3); ++ fiat_secp384r1_mul(t2, t0, Y3); ++ fiat_secp384r1_mul(Y3, X3, Z3); ++ fiat_secp384r1_add(Y3, Y3, t2); ++ fiat_secp384r1_mul(X3, t3, X3); ++ fiat_secp384r1_sub(X3, X3, t1); ++ fiat_secp384r1_mul(Z3, t4, Z3); ++ fiat_secp384r1_mul(t1, t3, t0); ++ fiat_secp384r1_add(Z3, Z3, t1); ++} ++ ++/* constants */ ++#define RADIX 5 ++#define DRADIX (1 << RADIX) ++#define DRADIX_WNAF ((DRADIX) << 1) ++ ++/*- ++ * precomp for wnaf scalar multiplication: ++ * precomp[0] = 1P ++ * precomp[1] = 3P ++ * precomp[2] = 5P ++ * precomp[3] = 7P ++ * precomp[4] = 9P ++ * ... ++ */ ++static void ++precomp_wnaf(pt_prj_t precomp[DRADIX / 2], const pt_aff_t *P) ++{ ++ int i; ++ ++ fe_copy(precomp[0].X, P->X); ++ fe_copy(precomp[0].Y, P->Y); ++ fe_copy(precomp[0].Z, const_one); ++ point_double(&precomp[DRADIX / 2 - 1], &precomp[0]); ++ ++ for (i = 1; i < DRADIX / 2; i++) ++ point_add_proj(&precomp[i], &precomp[DRADIX / 2 - 1], &precomp[i - 1]); ++} ++ ++/* fetch a scalar bit */ ++static int ++scalar_get_bit(const unsigned char in[48], int idx) ++{ ++ int widx, rshift; ++ ++ widx = idx >> 3; ++ rshift = idx & 0x7; ++ ++ if (idx < 0 || widx >= 48) ++ return 0; ++ ++ return (in[widx] >> rshift) & 0x1; ++} ++ ++/*- ++ * Compute "regular" wnaf representation of a scalar. ++ * See "Exponent Recoding and Regular Exponentiation Algorithms", ++ * Tunstall et al., AfricaCrypt 2009, Alg 6. ++ * It forces an odd scalar and outputs digits in ++ * {\pm 1, \pm 3, \pm 5, \pm 7, \pm 9, ...} ++ * i.e. signed odd digits with _no zeroes_ -- that makes it "regular". ++ */ ++static void ++scalar_rwnaf(int8_t out[77], const unsigned char in[48]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = (in[0] & (DRADIX_WNAF - 1)) | 1; ++ for (i = 0; i < 76; i++) { ++ d = (window & (DRADIX_WNAF - 1)) - DRADIX; ++ out[i] = d; ++ window = (window - d) >> RADIX; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 1) << 1; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 2) << 2; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 3) << 3; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 4) << 4; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 5) << 5; ++ } ++ out[i] = window; ++} ++ ++/*- ++ * Compute "textbook" wnaf representation of a scalar. ++ * NB: not constant time ++ */ ++static void ++scalar_wnaf(int8_t out[385], const unsigned char in[48]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = in[0] & (DRADIX_WNAF - 1); ++ for (i = 0; i < 385; i++) { ++ d = 0; ++ if ((window & 1) && ((d = window & (DRADIX_WNAF - 1)) & DRADIX)) ++ d -= DRADIX_WNAF; ++ out[i] = d; ++ window = (window - d) >> 1; ++ window += scalar_get_bit(in, i + 1 + RADIX) << RADIX; ++ } ++} ++ ++/*- ++ * Simulateous scalar multiplication: interleaved "textbook" wnaf. ++ * NB: not constant time ++ */ ++static void ++var_smul_wnaf_two(pt_aff_t *out, const unsigned char a[48], ++ const unsigned char b[48], const pt_aff_t *P) ++{ ++ int i, d, is_neg, is_inf = 1, flipped = 0; ++ int8_t anaf[385] = { 0 }; ++ int8_t bnaf[385] = { 0 }; ++ pt_prj_t Q; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_wnaf(anaf, a); ++ scalar_wnaf(bnaf, b); ++ ++ for (i = 384; i >= 0; i--) { ++ if (!is_inf) ++ point_double(&Q, &Q); ++ if ((d = bnaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp384r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &precomp[d].X); ++ fe_copy(Q.Y, &precomp[d].Y); ++ fe_copy(Q.Z, &precomp[d].Z); ++ is_inf = 0; ++ } else ++ point_add_proj(&Q, &Q, &precomp[d]); ++ } ++ if ((d = anaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp384r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &lut_cmb[0][d].X); ++ fe_copy(Q.Y, &lut_cmb[0][d].Y); ++ fe_copy(Q.Z, const_one); ++ is_inf = 0; ++ } else ++ point_add_mixed(&Q, &Q, &lut_cmb[0][d]); ++ } ++ } ++ ++ if (is_inf) { ++ /* initialize accumulator to inf: all-zero scalars */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ } ++ ++ if (flipped) { ++ /* correct sign */ ++ fiat_secp384r1_opp(Q.Y, Q.Y); ++ } ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp384r1_inv(Q.Z, Q.Z); ++ fiat_secp384r1_mul(out->X, Q.X, Q.Z); ++ fiat_secp384r1_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Variable point scalar multiplication with "regular" wnaf. ++ */ ++static void ++var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[48], ++ const pt_aff_t *P) ++{ ++ int i, j, d, diff, is_neg; ++ int8_t rnaf[77] = { 0 }; ++ pt_prj_t Q, lut; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_rwnaf(rnaf, scalar); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ /* initialize accumulator to high digit */ ++ d = (rnaf[76] - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp384r1_selectznz(Q.X, diff, Q.X, precomp[j].X); ++ fiat_secp384r1_selectznz(Q.Y, diff, Q.Y, precomp[j].Y); ++ fiat_secp384r1_selectznz(Q.Z, diff, Q.Z, precomp[j].Z); ++ } ++ ++ for (i = 75; i >= 0; i--) { ++ for (j = 0; j < RADIX; j++) ++ point_double(&Q, &Q); ++ d = rnaf[i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp384r1_selectznz(lut.X, diff, lut.X, precomp[j].X); ++ fiat_secp384r1_selectznz(lut.Y, diff, lut.Y, precomp[j].Y); ++ fiat_secp384r1_selectznz(lut.Z, diff, lut.Z, precomp[j].Z); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp384r1_opp(out->Y, lut.Y); ++ fiat_secp384r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_proj(&Q, &Q, &lut); ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, precomp[0].X); ++ fiat_secp384r1_opp(lut.Y, precomp[0].Y); ++ fe_copy(lut.Z, precomp[0].Z); ++ point_add_proj(&lut, &lut, &Q); ++ fiat_secp384r1_selectznz(Q.X, scalar[0] & 1, lut.X, Q.X); ++ fiat_secp384r1_selectznz(Q.Y, scalar[0] & 1, lut.Y, Q.Y); ++ fiat_secp384r1_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp384r1_inv(Q.Z, Q.Z); ++ fiat_secp384r1_mul(out->X, Q.X, Q.Z); ++ fiat_secp384r1_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Fixed scalar multiplication: comb with interleaving. ++ */ ++static void ++fixed_smul_cmb(pt_aff_t *out, const unsigned char scalar[48]) ++{ ++ int i, j, k, d, diff, is_neg = 0; ++ int8_t rnaf[77] = { 0 }; ++ pt_prj_t Q, R; ++ pt_aff_t lut; ++ ++ scalar_rwnaf(rnaf, scalar); ++ ++ /* initalize accumulator to inf */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ for (i = 3; i >= 0; i--) { ++ for (j = 0; i != 3 && j < RADIX; j++) ++ point_double(&Q, &Q); ++ for (j = 0; j < 21; j++) { ++ if (j * 4 + i > 76) ++ continue; ++ d = rnaf[j * 4 + i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (k = 0; k < DRADIX / 2; k++) { ++ diff = (1 - (-(d ^ k) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp384r1_selectznz(lut.X, diff, lut.X, lut_cmb[j][k].X); ++ fiat_secp384r1_selectznz(lut.Y, diff, lut.Y, lut_cmb[j][k].Y); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp384r1_opp(out->Y, lut.Y); ++ fiat_secp384r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_mixed(&Q, &Q, &lut); ++ } ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, lut_cmb[0][0].X); ++ fiat_secp384r1_opp(lut.Y, lut_cmb[0][0].Y); ++ point_add_mixed(&R, &Q, &lut); ++ fiat_secp384r1_selectznz(Q.X, scalar[0] & 1, R.X, Q.X); ++ fiat_secp384r1_selectznz(Q.Y, scalar[0] & 1, R.Y, Q.Y); ++ fiat_secp384r1_selectznz(Q.Z, scalar[0] & 1, R.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp384r1_inv(Q.Z, Q.Z); ++ fiat_secp384r1_mul(out->X, Q.X, Q.Z); ++ fiat_secp384r1_mul(out->Y, Q.Y, Q.Z); ++} ++ ++static void ++point_mul_two(unsigned char outx[48], unsigned char outy[48], ++ const unsigned char a[48], const unsigned char b[48], ++ const unsigned char inx[48], ++ const unsigned char iny[48]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp384r1_from_bytes(P.X, inx); ++ fiat_secp384r1_from_bytes(P.Y, iny); ++ fiat_secp384r1_to_montgomery(P.X, P.X); ++ fiat_secp384r1_to_montgomery(P.Y, P.Y); ++ /* simultaneous scalar multiplication */ ++ var_smul_wnaf_two(&P, a, b, &P); ++ ++ fiat_secp384r1_from_montgomery(P.X, P.X); ++ fiat_secp384r1_from_montgomery(P.Y, P.Y); ++ fiat_secp384r1_to_bytes(outx, P.X); ++ fiat_secp384r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul_g(unsigned char outx[48], unsigned char outy[48], ++ const unsigned char scalar[48]) ++{ ++ pt_aff_t P; ++ ++ /* fixed scmul function */ ++ fixed_smul_cmb(&P, scalar); ++ fiat_secp384r1_from_montgomery(P.X, P.X); ++ fiat_secp384r1_from_montgomery(P.Y, P.Y); ++ fiat_secp384r1_to_bytes(outx, P.X); ++ fiat_secp384r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul(unsigned char outx[48], unsigned char outy[48], ++ const unsigned char scalar[48], ++ const unsigned char inx[48], ++ const unsigned char iny[48]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp384r1_from_bytes(P.X, inx); ++ fiat_secp384r1_from_bytes(P.Y, iny); ++ fiat_secp384r1_to_montgomery(P.X, P.X); ++ fiat_secp384r1_to_montgomery(P.Y, P.Y); ++ /* var scmul function */ ++ var_smul_rwnaf(&P, scalar, &P); ++ fiat_secp384r1_from_montgomery(P.X, P.X); ++ fiat_secp384r1_from_montgomery(P.Y, P.Y); ++ fiat_secp384r1_to_bytes(outx, P.X); ++ fiat_secp384r1_to_bytes(outy, P.Y); ++} ++ ++#undef RADIX ++#include "ecp.h" ++#include "mplogic.h" ++ ++/*- ++ * reverse bytes -- total hack ++ */ ++#define MP_BE2LE(a) \ ++ do { \ ++ unsigned char z_bswap; \ ++ z_bswap = a[0]; \ ++ a[0] = a[47]; \ ++ a[47] = z_bswap; \ ++ z_bswap = a[1]; \ ++ a[1] = a[46]; \ ++ a[46] = z_bswap; \ ++ z_bswap = a[2]; \ ++ a[2] = a[45]; \ ++ a[45] = z_bswap; \ ++ z_bswap = a[3]; \ ++ a[3] = a[44]; \ ++ a[44] = z_bswap; \ ++ z_bswap = a[4]; \ ++ a[4] = a[43]; \ ++ a[43] = z_bswap; \ ++ z_bswap = a[5]; \ ++ a[5] = a[42]; \ ++ a[42] = z_bswap; \ ++ z_bswap = a[6]; \ ++ a[6] = a[41]; \ ++ a[41] = z_bswap; \ ++ z_bswap = a[7]; \ ++ a[7] = a[40]; \ ++ a[40] = z_bswap; \ ++ z_bswap = a[8]; \ ++ a[8] = a[39]; \ ++ a[39] = z_bswap; \ ++ z_bswap = a[9]; \ ++ a[9] = a[38]; \ ++ a[38] = z_bswap; \ ++ z_bswap = a[10]; \ ++ a[10] = a[37]; \ ++ a[37] = z_bswap; \ ++ z_bswap = a[11]; \ ++ a[11] = a[36]; \ ++ a[36] = z_bswap; \ ++ z_bswap = a[12]; \ ++ a[12] = a[35]; \ ++ a[35] = z_bswap; \ ++ z_bswap = a[13]; \ ++ a[13] = a[34]; \ ++ a[34] = z_bswap; \ ++ z_bswap = a[14]; \ ++ a[14] = a[33]; \ ++ a[33] = z_bswap; \ ++ z_bswap = a[15]; \ ++ a[15] = a[32]; \ ++ a[32] = z_bswap; \ ++ z_bswap = a[16]; \ ++ a[16] = a[31]; \ ++ a[31] = z_bswap; \ ++ z_bswap = a[17]; \ ++ a[17] = a[30]; \ ++ a[30] = z_bswap; \ ++ z_bswap = a[18]; \ ++ a[18] = a[29]; \ ++ a[29] = z_bswap; \ ++ z_bswap = a[19]; \ ++ a[19] = a[28]; \ ++ a[28] = z_bswap; \ ++ z_bswap = a[20]; \ ++ a[20] = a[27]; \ ++ a[27] = z_bswap; \ ++ z_bswap = a[21]; \ ++ a[21] = a[26]; \ ++ a[26] = z_bswap; \ ++ z_bswap = a[22]; \ ++ a[22] = a[25]; \ ++ a[25] = z_bswap; \ ++ z_bswap = a[23]; \ ++ a[23] = a[24]; \ ++ a[24] = z_bswap; \ ++ } while (0) ++ ++static mp_err ++point_mul_g_secp384r1(const mp_int *n, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[48]; ++ unsigned char b_y[48]; ++ unsigned char b_n[48]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && out_x != NULL && out_y != NULL, MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 384 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 48)); ++ MP_BE2LE(b_n); ++ point_mul_g(b_x, b_y, b_n); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 48)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 48)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_secp384r1(const mp_int *n, const mp_int *in_x, ++ const mp_int *in_y, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[48]; ++ unsigned char b_y[48]; ++ unsigned char b_n[48]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && in_x != NULL && in_y != NULL && out_x != NULL && ++ out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 384 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 48)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n); ++ point_mul(b_x, b_y, b_n, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 48)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 48)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_two_secp384r1(const mp_int *n1, const mp_int *n2, ++ const mp_int *in_x, const mp_int *in_y, ++ mp_int *out_x, mp_int *out_y, ++ const ECGroup *group) ++{ ++ unsigned char b_x[48]; ++ unsigned char b_y[48]; ++ unsigned char b_n1[48]; ++ unsigned char b_n2[48]; ++ mp_err res; ++ ++ /* If n2 == NULL, this is just a base-point multiplication. */ ++ if (n2 == NULL) ++ return point_mul_g_secp384r1(n1, out_x, out_y, group); ++ ++ /* If n1 == NULL, this is just an arbitary-point multiplication. */ ++ if (n1 == NULL) ++ return point_mul_secp384r1(n2, in_x, in_y, out_x, out_y, group); ++ ++ ARGCHK(in_x != NULL && in_y != NULL && out_x != NULL && out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n1) > 384 || mp_cmp_z(n1) != 1 || ++ mpl_significant_bits(n2) > 384 || mp_cmp_z(n2) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n1, b_n1, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(n2, b_n2, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 48)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 48)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n1); ++ MP_BE2LE(b_n2); ++ point_mul_two(b_x, b_y, b_n1, b_n2, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 48)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 48)); ++ ++CLEANUP: ++ return res; ++} ++ ++mp_err ++ec_group_set_secp384r1(ECGroup *group, ECCurveName name) ++{ ++ if (name == ECCurve_NIST_P384) { ++ group->base_point_mul = &point_mul_g_secp384r1; ++ group->point_mul = &point_mul_secp384r1; ++ group->points_mul = &point_mul_two_secp384r1; ++ } ++ return MP_OKAY; ++} ++ ++#endif /* __SIZEOF_INT128__ */ +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi +@@ -30,16 +30,17 @@ + 'ecl/ecp_256.c', + 'ecl/ecp_256_32.c', + 'ecl/ecp_384.c', + 'ecl/ecp_521.c', + 'ecl/ecp_aff.c', + 'ecl/ecp_jac.c', + 'ecl/ecp_jm.c', + 'ecl/ecp_mont.c', ++ 'ecl/ecp_secp384r1.c', + 'fipsfreebl.c', + 'blinit.c', + 'freeblver.c', + 'gcm.c', + 'hmacct.c', + 'jpake.c', + 'ldvector.c', + 'md2.c', +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn +@@ -102,17 +102,17 @@ PRIVATE_EXPORTS = \ + MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h + MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c + + + ECL_HDRS = ecl-exp.h ecl.h ecp.h ecl-priv.h + ECL_SRCS = ecl.c ecl_mult.c ecl_gf.c \ + ecp_aff.c ecp_jac.c ecp_mont.c \ + ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ +- ecp_256_32.c ecp_25519.c ++ ecp_256_32.c ecp_25519.c ecp_secp384r1.c + SHA_SRCS = sha_fast.c + MPCPU_SRCS = mpcpucache.c + VERIFIED_SRCS = $(NULL) + + CSRCS = \ + freeblver.c \ + ldvector.c \ + sysrand.c \ +diff --git a/tests/ec/ectest.sh b/tests/ec/ectest.sh +old mode 100644 +new mode 100755 + diff --git a/SOURCES/nss-3.53.1-constant-time-p521.patch b/SOURCES/nss-3.53.1-constant-time-p521.patch new file mode 100644 index 0000000..bacfd61 --- /dev/null +++ b/SOURCES/nss-3.53.1-constant-time-p521.patch @@ -0,0 +1,11923 @@ + +# HG changeset patch +# User Billy Brumley +# Date 1594915836 0 +# Node ID 3f022d5eca5d3cd0e366a825a5681953d76299d0 +# Parent e55ab3145546ae3cf1333b43956a974675d2d25c +Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche + +This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: + +[ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. + +Co-authored-by: Luis Rivera-Zamarripa +Co-authored-by: Jesús-Javier Chi-Domínguez + +Differential Revision: https://phabricator.services.mozilla.com/D80012 + +diff --git a/lib/freebl/ecl/ecl-priv.h b/lib/freebl/ecl/ecl-priv.h +--- a/lib/freebl/ecl/ecl-priv.h ++++ b/lib/freebl/ecl/ecl-priv.h +@@ -241,11 +241,12 @@ mp_err ec_group_set_gfp384(ECGroup *grou + mp_err ec_group_set_gfp521(ECGroup *group, ECCurveName); + mp_err ec_group_set_gf2m163(ECGroup *group, ECCurveName name); + mp_err ec_group_set_gf2m193(ECGroup *group, ECCurveName name); + mp_err ec_group_set_gf2m233(ECGroup *group, ECCurveName name); + + /* Optimized point multiplication */ + mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name); + mp_err ec_group_set_secp384r1(ECGroup *group, ECCurveName name); ++mp_err ec_group_set_secp521r1(ECGroup *group, ECCurveName name); + + SECStatus ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p); + #endif /* __ecl_priv_h_ */ +diff --git a/lib/freebl/ecl/ecl.c b/lib/freebl/ecl/ecl.c +--- a/lib/freebl/ecl/ecl.c ++++ b/lib/freebl/ecl/ecl.c +@@ -178,16 +178,17 @@ construct_ecgroup(const ECCurveName name + group = + ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, + &order, cofactor); + if (group == NULL) { + res = MP_UNDEF; + goto CLEANUP; + } + MP_CHECKOK(ec_group_set_gfp521(group, name)); ++ MP_CHECKOK(ec_group_set_secp521r1(group, name)); + break; + default: + /* use generic arithmetic */ + group = + ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny, + &order, cofactor); + if (group == NULL) { + res = MP_UNDEF; +diff --git a/lib/freebl/ecl/ecp_secp521r1.c b/lib/freebl/ecl/ecp_secp521r1.c +new file mode 100644 +--- /dev/null ++++ b/lib/freebl/ecl/ecp_secp521r1.c +@@ -0,0 +1,11820 @@ ++/* Autogenerated: ECCKiila https://gitlab.com/nisec/ecckiila */ ++/*- ++ * MIT License ++ * ++ * Copyright (c) 2020 Luis Rivera-Zamarripa, Jesús-Javier Chi-Domínguez, Billy Bob Brumley ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in all ++ * copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++#if defined(__SIZEOF_INT128__) && !defined(PEDANTIC) ++ ++#include ++#include ++#define LIMB_BITS 64 ++#define LIMB_CNT 9 ++/* Field elements */ ++typedef uint64_t fe_t[LIMB_CNT]; ++typedef uint64_t limb_t; ++ ++#define fe_copy(d, s) memcpy(d, s, sizeof(fe_t)) ++#define fe_set_zero(d) memset(d, 0, sizeof(fe_t)) ++ ++#define fiat_secp521r1_carry_add(c, a, b) \ ++ fiat_secp521r1_add(c, a, b); \ ++ fiat_secp521r1_carry(c, c) ++#define fiat_secp521r1_carry_sub(c, a, b) \ ++ fiat_secp521r1_sub(c, a, b); \ ++ fiat_secp521r1_carry(c, c) ++ ++/* Projective points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++ fe_t Z; ++} pt_prj_t; ++ ++/* Affine points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++} pt_aff_t; ++ ++/* BEGIN verbatim fiat code https://github.com/mit-plv/fiat-crypto */ ++/*- ++ * MIT License ++ * ++ * Copyright (c) 2020 the fiat-crypto authors (see the AUTHORS file) ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++ ++/* Autogenerated: unsaturated_solinas --static secp521r1 64 9 '2^521 - 1' */ ++/* curve description: secp521r1 */ ++/* machine_wordsize = 64 (from "64") */ ++/* requested operations: (all) */ ++/* n = 9 (from "9") */ ++/* s-c = 2^521 - [(1, 1)] (from "2^521 - 1") */ ++/* tight_bounds_multiplier = 1.1 (from "") */ ++/* */ ++/* Computed values: */ ++/* carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 0, 1] */ ++/* eval z = z[0] + (z[1] << 58) + (z[2] << 116) + (z[3] << 174) + (z[4] << 232) + (z[5] << 0x122) + (z[6] << 0x15c) + (z[7] << 0x196) + (z[8] << 0x1d0) */ ++/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) + (z[56] << 0x1c0) + (z[57] << 0x1c8) + (z[58] << 0x1d0) + (z[59] << 0x1d8) + (z[60] << 0x1e0) + (z[61] << 0x1e8) + (z[62] << 0x1f0) + (z[63] << 0x1f8) + (z[64] << 2^9) + (z[65] << 0x208) */ ++ ++#include ++typedef unsigned char fiat_secp521r1_uint1; ++typedef signed char fiat_secp521r1_int1; ++typedef signed __int128 fiat_secp521r1_int128; ++typedef unsigned __int128 fiat_secp521r1_uint128; ++ ++#if (-1 & 3) != 3 ++#error "This code only works on a two's complement system" ++#endif ++ ++/* ++ * The function fiat_secp521r1_addcarryx_u58 is an addition with carry. ++ * Postconditions: ++ * out1 = (arg1 + arg2 + arg3) mod 2^58 ++ * out2 = ⌊(arg1 + arg2 + arg3) / 2^58⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0x3ffffffffffffff] ++ * arg3: [0x0 ~> 0x3ffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0x3ffffffffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_addcarryx_u58(uint64_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint64_t arg2, uint64_t arg3) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ fiat_secp521r1_uint1 x3; ++ x1 = ((arg1 + arg2) + arg3); ++ x2 = (x1 & UINT64_C(0x3ffffffffffffff)); ++ x3 = (fiat_secp521r1_uint1)(x1 >> 58); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp521r1_subborrowx_u58 is a subtraction with borrow. ++ * Postconditions: ++ * out1 = (-arg1 + arg2 + -arg3) mod 2^58 ++ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^58⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0x3ffffffffffffff] ++ * arg3: [0x0 ~> 0x3ffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0x3ffffffffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_subborrowx_u58(uint64_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint64_t arg2, uint64_t arg3) ++{ ++ int64_t x1; ++ fiat_secp521r1_int1 x2; ++ uint64_t x3; ++ x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); ++ x2 = (fiat_secp521r1_int1)(x1 >> 58); ++ x3 = (x1 & UINT64_C(0x3ffffffffffffff)); ++ *out1 = x3; ++ *out2 = (fiat_secp521r1_uint1)(0x0 - x2); ++} ++ ++/* ++ * The function fiat_secp521r1_addcarryx_u57 is an addition with carry. ++ * Postconditions: ++ * out1 = (arg1 + arg2 + arg3) mod 2^57 ++ * out2 = ⌊(arg1 + arg2 + arg3) / 2^57⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0x1ffffffffffffff] ++ * arg3: [0x0 ~> 0x1ffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0x1ffffffffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_addcarryx_u57(uint64_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint64_t arg2, uint64_t arg3) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ fiat_secp521r1_uint1 x3; ++ x1 = ((arg1 + arg2) + arg3); ++ x2 = (x1 & UINT64_C(0x1ffffffffffffff)); ++ x3 = (fiat_secp521r1_uint1)(x1 >> 57); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp521r1_subborrowx_u57 is a subtraction with borrow. ++ * Postconditions: ++ * out1 = (-arg1 + arg2 + -arg3) mod 2^57 ++ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^57⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0x1ffffffffffffff] ++ * arg3: [0x0 ~> 0x1ffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0x1ffffffffffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_subborrowx_u57(uint64_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint64_t arg2, uint64_t arg3) ++{ ++ int64_t x1; ++ fiat_secp521r1_int1 x2; ++ uint64_t x3; ++ x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); ++ x2 = (fiat_secp521r1_int1)(x1 >> 57); ++ x3 = (x1 & UINT64_C(0x1ffffffffffffff)); ++ *out1 = x3; ++ *out2 = (fiat_secp521r1_uint1)(0x0 - x2); ++} ++ ++/* ++ * The function fiat_secp521r1_cmovznz_u64 is a single-word conditional move. ++ * Postconditions: ++ * out1 = (if arg1 = 0 then arg2 else arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffffffffffff] ++ * arg3: [0x0 ~> 0xffffffffffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffffffffffff] ++ */ ++static void ++fiat_secp521r1_cmovznz_u64(uint64_t *out1, ++ fiat_secp521r1_uint1 arg1, uint64_t arg2, ++ uint64_t arg3) ++{ ++ fiat_secp521r1_uint1 x1; ++ uint64_t x2; ++ uint64_t x3; ++ x1 = (!(!arg1)); ++ x2 = ((fiat_secp521r1_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); ++ x3 = ((x2 & arg3) | ((~x2) & arg2)); ++ *out1 = x3; ++} ++ ++/* ++ * The function fiat_secp521r1_carry_mul multiplies two field elements and reduces the result. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 * eval arg2) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ * arg2: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ */ ++static void ++fiat_secp521r1_carry_mul(uint64_t out1[9], const uint64_t arg1[9], ++ const uint64_t arg2[9]) ++{ ++ fiat_secp521r1_uint128 x1; ++ fiat_secp521r1_uint128 x2; ++ fiat_secp521r1_uint128 x3; ++ fiat_secp521r1_uint128 x4; ++ fiat_secp521r1_uint128 x5; ++ fiat_secp521r1_uint128 x6; ++ fiat_secp521r1_uint128 x7; ++ fiat_secp521r1_uint128 x8; ++ fiat_secp521r1_uint128 x9; ++ fiat_secp521r1_uint128 x10; ++ fiat_secp521r1_uint128 x11; ++ fiat_secp521r1_uint128 x12; ++ fiat_secp521r1_uint128 x13; ++ fiat_secp521r1_uint128 x14; ++ fiat_secp521r1_uint128 x15; ++ fiat_secp521r1_uint128 x16; ++ fiat_secp521r1_uint128 x17; ++ fiat_secp521r1_uint128 x18; ++ fiat_secp521r1_uint128 x19; ++ fiat_secp521r1_uint128 x20; ++ fiat_secp521r1_uint128 x21; ++ fiat_secp521r1_uint128 x22; ++ fiat_secp521r1_uint128 x23; ++ fiat_secp521r1_uint128 x24; ++ fiat_secp521r1_uint128 x25; ++ fiat_secp521r1_uint128 x26; ++ fiat_secp521r1_uint128 x27; ++ fiat_secp521r1_uint128 x28; ++ fiat_secp521r1_uint128 x29; ++ fiat_secp521r1_uint128 x30; ++ fiat_secp521r1_uint128 x31; ++ fiat_secp521r1_uint128 x32; ++ fiat_secp521r1_uint128 x33; ++ fiat_secp521r1_uint128 x34; ++ fiat_secp521r1_uint128 x35; ++ fiat_secp521r1_uint128 x36; ++ fiat_secp521r1_uint128 x37; ++ fiat_secp521r1_uint128 x38; ++ fiat_secp521r1_uint128 x39; ++ fiat_secp521r1_uint128 x40; ++ fiat_secp521r1_uint128 x41; ++ fiat_secp521r1_uint128 x42; ++ fiat_secp521r1_uint128 x43; ++ fiat_secp521r1_uint128 x44; ++ fiat_secp521r1_uint128 x45; ++ fiat_secp521r1_uint128 x46; ++ fiat_secp521r1_uint128 x47; ++ fiat_secp521r1_uint128 x48; ++ fiat_secp521r1_uint128 x49; ++ fiat_secp521r1_uint128 x50; ++ fiat_secp521r1_uint128 x51; ++ fiat_secp521r1_uint128 x52; ++ fiat_secp521r1_uint128 x53; ++ fiat_secp521r1_uint128 x54; ++ fiat_secp521r1_uint128 x55; ++ fiat_secp521r1_uint128 x56; ++ fiat_secp521r1_uint128 x57; ++ fiat_secp521r1_uint128 x58; ++ fiat_secp521r1_uint128 x59; ++ fiat_secp521r1_uint128 x60; ++ fiat_secp521r1_uint128 x61; ++ fiat_secp521r1_uint128 x62; ++ fiat_secp521r1_uint128 x63; ++ fiat_secp521r1_uint128 x64; ++ fiat_secp521r1_uint128 x65; ++ fiat_secp521r1_uint128 x66; ++ fiat_secp521r1_uint128 x67; ++ fiat_secp521r1_uint128 x68; ++ fiat_secp521r1_uint128 x69; ++ fiat_secp521r1_uint128 x70; ++ fiat_secp521r1_uint128 x71; ++ fiat_secp521r1_uint128 x72; ++ fiat_secp521r1_uint128 x73; ++ fiat_secp521r1_uint128 x74; ++ fiat_secp521r1_uint128 x75; ++ fiat_secp521r1_uint128 x76; ++ fiat_secp521r1_uint128 x77; ++ fiat_secp521r1_uint128 x78; ++ fiat_secp521r1_uint128 x79; ++ fiat_secp521r1_uint128 x80; ++ fiat_secp521r1_uint128 x81; ++ fiat_secp521r1_uint128 x82; ++ fiat_secp521r1_uint128 x83; ++ uint64_t x84; ++ fiat_secp521r1_uint128 x85; ++ fiat_secp521r1_uint128 x86; ++ fiat_secp521r1_uint128 x87; ++ fiat_secp521r1_uint128 x88; ++ fiat_secp521r1_uint128 x89; ++ fiat_secp521r1_uint128 x90; ++ fiat_secp521r1_uint128 x91; ++ fiat_secp521r1_uint128 x92; ++ fiat_secp521r1_uint128 x93; ++ fiat_secp521r1_uint128 x94; ++ uint64_t x95; ++ fiat_secp521r1_uint128 x96; ++ fiat_secp521r1_uint128 x97; ++ uint64_t x98; ++ fiat_secp521r1_uint128 x99; ++ fiat_secp521r1_uint128 x100; ++ uint64_t x101; ++ fiat_secp521r1_uint128 x102; ++ fiat_secp521r1_uint128 x103; ++ uint64_t x104; ++ fiat_secp521r1_uint128 x105; ++ fiat_secp521r1_uint128 x106; ++ uint64_t x107; ++ fiat_secp521r1_uint128 x108; ++ fiat_secp521r1_uint128 x109; ++ uint64_t x110; ++ fiat_secp521r1_uint128 x111; ++ fiat_secp521r1_uint128 x112; ++ uint64_t x113; ++ fiat_secp521r1_uint128 x114; ++ fiat_secp521r1_uint128 x115; ++ uint64_t x116; ++ fiat_secp521r1_uint128 x117; ++ uint64_t x118; ++ uint64_t x119; ++ uint64_t x120; ++ fiat_secp521r1_uint1 x121; ++ uint64_t x122; ++ uint64_t x123; ++ x1 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[8]) * 0x2)); ++ x2 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[7]) * 0x2)); ++ x3 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[6]) * 0x2)); ++ x4 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[5]) * 0x2)); ++ x5 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[4]) * 0x2)); ++ x6 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[3]) * 0x2)); ++ x7 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[2]) * 0x2)); ++ x8 = ((fiat_secp521r1_uint128)(arg1[8]) * ((arg2[1]) * 0x2)); ++ x9 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[8]) * 0x2)); ++ x10 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[7]) * 0x2)); ++ x11 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[6]) * 0x2)); ++ x12 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[5]) * 0x2)); ++ x13 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[4]) * 0x2)); ++ x14 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[3]) * 0x2)); ++ x15 = ((fiat_secp521r1_uint128)(arg1[7]) * ((arg2[2]) * 0x2)); ++ x16 = ((fiat_secp521r1_uint128)(arg1[6]) * ((arg2[8]) * 0x2)); ++ x17 = ((fiat_secp521r1_uint128)(arg1[6]) * ((arg2[7]) * 0x2)); ++ x18 = ((fiat_secp521r1_uint128)(arg1[6]) * ((arg2[6]) * 0x2)); ++ x19 = ((fiat_secp521r1_uint128)(arg1[6]) * ((arg2[5]) * 0x2)); ++ x20 = ((fiat_secp521r1_uint128)(arg1[6]) * ((arg2[4]) * 0x2)); ++ x21 = ((fiat_secp521r1_uint128)(arg1[6]) * ((arg2[3]) * 0x2)); ++ x22 = ((fiat_secp521r1_uint128)(arg1[5]) * ((arg2[8]) * 0x2)); ++ x23 = ((fiat_secp521r1_uint128)(arg1[5]) * ((arg2[7]) * 0x2)); ++ x24 = ((fiat_secp521r1_uint128)(arg1[5]) * ((arg2[6]) * 0x2)); ++ x25 = ((fiat_secp521r1_uint128)(arg1[5]) * ((arg2[5]) * 0x2)); ++ x26 = ((fiat_secp521r1_uint128)(arg1[5]) * ((arg2[4]) * 0x2)); ++ x27 = ((fiat_secp521r1_uint128)(arg1[4]) * ((arg2[8]) * 0x2)); ++ x28 = ((fiat_secp521r1_uint128)(arg1[4]) * ((arg2[7]) * 0x2)); ++ x29 = ((fiat_secp521r1_uint128)(arg1[4]) * ((arg2[6]) * 0x2)); ++ x30 = ((fiat_secp521r1_uint128)(arg1[4]) * ((arg2[5]) * 0x2)); ++ x31 = ((fiat_secp521r1_uint128)(arg1[3]) * ((arg2[8]) * 0x2)); ++ x32 = ((fiat_secp521r1_uint128)(arg1[3]) * ((arg2[7]) * 0x2)); ++ x33 = ((fiat_secp521r1_uint128)(arg1[3]) * ((arg2[6]) * 0x2)); ++ x34 = ((fiat_secp521r1_uint128)(arg1[2]) * ((arg2[8]) * 0x2)); ++ x35 = ((fiat_secp521r1_uint128)(arg1[2]) * ((arg2[7]) * 0x2)); ++ x36 = ((fiat_secp521r1_uint128)(arg1[1]) * ((arg2[8]) * 0x2)); ++ x37 = ((fiat_secp521r1_uint128)(arg1[8]) * (arg2[0])); ++ x38 = ((fiat_secp521r1_uint128)(arg1[7]) * (arg2[1])); ++ x39 = ((fiat_secp521r1_uint128)(arg1[7]) * (arg2[0])); ++ x40 = ((fiat_secp521r1_uint128)(arg1[6]) * (arg2[2])); ++ x41 = ((fiat_secp521r1_uint128)(arg1[6]) * (arg2[1])); ++ x42 = ((fiat_secp521r1_uint128)(arg1[6]) * (arg2[0])); ++ x43 = ((fiat_secp521r1_uint128)(arg1[5]) * (arg2[3])); ++ x44 = ((fiat_secp521r1_uint128)(arg1[5]) * (arg2[2])); ++ x45 = ((fiat_secp521r1_uint128)(arg1[5]) * (arg2[1])); ++ x46 = ((fiat_secp521r1_uint128)(arg1[5]) * (arg2[0])); ++ x47 = ((fiat_secp521r1_uint128)(arg1[4]) * (arg2[4])); ++ x48 = ((fiat_secp521r1_uint128)(arg1[4]) * (arg2[3])); ++ x49 = ((fiat_secp521r1_uint128)(arg1[4]) * (arg2[2])); ++ x50 = ((fiat_secp521r1_uint128)(arg1[4]) * (arg2[1])); ++ x51 = ((fiat_secp521r1_uint128)(arg1[4]) * (arg2[0])); ++ x52 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg2[5])); ++ x53 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg2[4])); ++ x54 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg2[3])); ++ x55 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg2[2])); ++ x56 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg2[1])); ++ x57 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg2[0])); ++ x58 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[6])); ++ x59 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[5])); ++ x60 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[4])); ++ x61 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[3])); ++ x62 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[2])); ++ x63 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[1])); ++ x64 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg2[0])); ++ x65 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[7])); ++ x66 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[6])); ++ x67 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[5])); ++ x68 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[4])); ++ x69 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[3])); ++ x70 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[2])); ++ x71 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[1])); ++ x72 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg2[0])); ++ x73 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[8])); ++ x74 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[7])); ++ x75 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[6])); ++ x76 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[5])); ++ x77 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[4])); ++ x78 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[3])); ++ x79 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[2])); ++ x80 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[1])); ++ x81 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg2[0])); ++ x82 = (x81 + (x36 + (x35 + (x33 + (x30 + (x26 + (x21 + (x15 + x8)))))))); ++ x83 = (x82 >> 58); ++ x84 = (uint64_t)(x82 & UINT64_C(0x3ffffffffffffff)); ++ x85 = (x73 + (x65 + (x58 + (x52 + (x47 + (x43 + (x40 + (x38 + x37)))))))); ++ x86 = (x74 + (x66 + (x59 + (x53 + (x48 + (x44 + (x41 + (x39 + x1)))))))); ++ x87 = (x75 + (x67 + (x60 + (x54 + (x49 + (x45 + (x42 + (x9 + x2)))))))); ++ x88 = (x76 + (x68 + (x61 + (x55 + (x50 + (x46 + (x16 + (x10 + x3)))))))); ++ x89 = (x77 + (x69 + (x62 + (x56 + (x51 + (x22 + (x17 + (x11 + x4)))))))); ++ x90 = (x78 + (x70 + (x63 + (x57 + (x27 + (x23 + (x18 + (x12 + x5)))))))); ++ x91 = (x79 + (x71 + (x64 + (x31 + (x28 + (x24 + (x19 + (x13 + x6)))))))); ++ x92 = (x80 + (x72 + (x34 + (x32 + (x29 + (x25 + (x20 + (x14 + x7)))))))); ++ x93 = (x83 + x92); ++ x94 = (x93 >> 58); ++ x95 = (uint64_t)(x93 & UINT64_C(0x3ffffffffffffff)); ++ x96 = (x94 + x91); ++ x97 = (x96 >> 58); ++ x98 = (uint64_t)(x96 & UINT64_C(0x3ffffffffffffff)); ++ x99 = (x97 + x90); ++ x100 = (x99 >> 58); ++ x101 = (uint64_t)(x99 & UINT64_C(0x3ffffffffffffff)); ++ x102 = (x100 + x89); ++ x103 = (x102 >> 58); ++ x104 = (uint64_t)(x102 & UINT64_C(0x3ffffffffffffff)); ++ x105 = (x103 + x88); ++ x106 = (x105 >> 58); ++ x107 = (uint64_t)(x105 & UINT64_C(0x3ffffffffffffff)); ++ x108 = (x106 + x87); ++ x109 = (x108 >> 58); ++ x110 = (uint64_t)(x108 & UINT64_C(0x3ffffffffffffff)); ++ x111 = (x109 + x86); ++ x112 = (x111 >> 58); ++ x113 = (uint64_t)(x111 & UINT64_C(0x3ffffffffffffff)); ++ x114 = (x112 + x85); ++ x115 = (x114 >> 57); ++ x116 = (uint64_t)(x114 & UINT64_C(0x1ffffffffffffff)); ++ x117 = (x84 + x115); ++ x118 = (uint64_t)(x117 >> 58); ++ x119 = (uint64_t)(x117 & UINT64_C(0x3ffffffffffffff)); ++ x120 = (x118 + x95); ++ x121 = (fiat_secp521r1_uint1)(x120 >> 58); ++ x122 = (x120 & UINT64_C(0x3ffffffffffffff)); ++ x123 = (x121 + x98); ++ out1[0] = x119; ++ out1[1] = x122; ++ out1[2] = x123; ++ out1[3] = x101; ++ out1[4] = x104; ++ out1[5] = x107; ++ out1[6] = x110; ++ out1[7] = x113; ++ out1[8] = x116; ++} ++ ++/* ++ * The function fiat_secp521r1_carry_square squares a field element and reduces the result. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 * eval arg1) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ */ ++static void ++fiat_secp521r1_carry_square(uint64_t out1[9], ++ const uint64_t arg1[9]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ fiat_secp521r1_uint128 x17; ++ fiat_secp521r1_uint128 x18; ++ fiat_secp521r1_uint128 x19; ++ fiat_secp521r1_uint128 x20; ++ fiat_secp521r1_uint128 x21; ++ fiat_secp521r1_uint128 x22; ++ fiat_secp521r1_uint128 x23; ++ fiat_secp521r1_uint128 x24; ++ fiat_secp521r1_uint128 x25; ++ fiat_secp521r1_uint128 x26; ++ fiat_secp521r1_uint128 x27; ++ fiat_secp521r1_uint128 x28; ++ fiat_secp521r1_uint128 x29; ++ fiat_secp521r1_uint128 x30; ++ fiat_secp521r1_uint128 x31; ++ fiat_secp521r1_uint128 x32; ++ fiat_secp521r1_uint128 x33; ++ fiat_secp521r1_uint128 x34; ++ fiat_secp521r1_uint128 x35; ++ fiat_secp521r1_uint128 x36; ++ fiat_secp521r1_uint128 x37; ++ fiat_secp521r1_uint128 x38; ++ fiat_secp521r1_uint128 x39; ++ fiat_secp521r1_uint128 x40; ++ fiat_secp521r1_uint128 x41; ++ fiat_secp521r1_uint128 x42; ++ fiat_secp521r1_uint128 x43; ++ fiat_secp521r1_uint128 x44; ++ fiat_secp521r1_uint128 x45; ++ fiat_secp521r1_uint128 x46; ++ fiat_secp521r1_uint128 x47; ++ fiat_secp521r1_uint128 x48; ++ fiat_secp521r1_uint128 x49; ++ fiat_secp521r1_uint128 x50; ++ fiat_secp521r1_uint128 x51; ++ fiat_secp521r1_uint128 x52; ++ fiat_secp521r1_uint128 x53; ++ fiat_secp521r1_uint128 x54; ++ fiat_secp521r1_uint128 x55; ++ fiat_secp521r1_uint128 x56; ++ fiat_secp521r1_uint128 x57; ++ fiat_secp521r1_uint128 x58; ++ fiat_secp521r1_uint128 x59; ++ fiat_secp521r1_uint128 x60; ++ fiat_secp521r1_uint128 x61; ++ fiat_secp521r1_uint128 x62; ++ fiat_secp521r1_uint128 x63; ++ uint64_t x64; ++ fiat_secp521r1_uint128 x65; ++ fiat_secp521r1_uint128 x66; ++ fiat_secp521r1_uint128 x67; ++ fiat_secp521r1_uint128 x68; ++ fiat_secp521r1_uint128 x69; ++ fiat_secp521r1_uint128 x70; ++ fiat_secp521r1_uint128 x71; ++ fiat_secp521r1_uint128 x72; ++ fiat_secp521r1_uint128 x73; ++ fiat_secp521r1_uint128 x74; ++ uint64_t x75; ++ fiat_secp521r1_uint128 x76; ++ fiat_secp521r1_uint128 x77; ++ uint64_t x78; ++ fiat_secp521r1_uint128 x79; ++ fiat_secp521r1_uint128 x80; ++ uint64_t x81; ++ fiat_secp521r1_uint128 x82; ++ fiat_secp521r1_uint128 x83; ++ uint64_t x84; ++ fiat_secp521r1_uint128 x85; ++ fiat_secp521r1_uint128 x86; ++ uint64_t x87; ++ fiat_secp521r1_uint128 x88; ++ fiat_secp521r1_uint128 x89; ++ uint64_t x90; ++ fiat_secp521r1_uint128 x91; ++ fiat_secp521r1_uint128 x92; ++ uint64_t x93; ++ fiat_secp521r1_uint128 x94; ++ fiat_secp521r1_uint128 x95; ++ uint64_t x96; ++ fiat_secp521r1_uint128 x97; ++ uint64_t x98; ++ uint64_t x99; ++ uint64_t x100; ++ fiat_secp521r1_uint1 x101; ++ uint64_t x102; ++ uint64_t x103; ++ x1 = (arg1[8]); ++ x2 = (x1 * 0x2); ++ x3 = ((arg1[8]) * 0x2); ++ x4 = (arg1[7]); ++ x5 = (x4 * 0x2); ++ x6 = ((arg1[7]) * 0x2); ++ x7 = (arg1[6]); ++ x8 = (x7 * 0x2); ++ x9 = ((arg1[6]) * 0x2); ++ x10 = (arg1[5]); ++ x11 = (x10 * 0x2); ++ x12 = ((arg1[5]) * 0x2); ++ x13 = ((arg1[4]) * 0x2); ++ x14 = ((arg1[3]) * 0x2); ++ x15 = ((arg1[2]) * 0x2); ++ x16 = ((arg1[1]) * 0x2); ++ x17 = ((fiat_secp521r1_uint128)(arg1[8]) * (x1 * 0x2)); ++ x18 = ((fiat_secp521r1_uint128)(arg1[7]) * (x2 * 0x2)); ++ x19 = ((fiat_secp521r1_uint128)(arg1[7]) * (x4 * 0x2)); ++ x20 = ((fiat_secp521r1_uint128)(arg1[6]) * (x2 * 0x2)); ++ x21 = ((fiat_secp521r1_uint128)(arg1[6]) * (x5 * 0x2)); ++ x22 = ((fiat_secp521r1_uint128)(arg1[6]) * (x7 * 0x2)); ++ x23 = ((fiat_secp521r1_uint128)(arg1[5]) * (x2 * 0x2)); ++ x24 = ((fiat_secp521r1_uint128)(arg1[5]) * (x5 * 0x2)); ++ x25 = ((fiat_secp521r1_uint128)(arg1[5]) * (x8 * 0x2)); ++ x26 = ((fiat_secp521r1_uint128)(arg1[5]) * (x10 * 0x2)); ++ x27 = ((fiat_secp521r1_uint128)(arg1[4]) * (x2 * 0x2)); ++ x28 = ((fiat_secp521r1_uint128)(arg1[4]) * (x5 * 0x2)); ++ x29 = ((fiat_secp521r1_uint128)(arg1[4]) * (x8 * 0x2)); ++ x30 = ((fiat_secp521r1_uint128)(arg1[4]) * (x11 * 0x2)); ++ x31 = ((fiat_secp521r1_uint128)(arg1[4]) * (arg1[4])); ++ x32 = ((fiat_secp521r1_uint128)(arg1[3]) * (x2 * 0x2)); ++ x33 = ((fiat_secp521r1_uint128)(arg1[3]) * (x5 * 0x2)); ++ x34 = ((fiat_secp521r1_uint128)(arg1[3]) * (x8 * 0x2)); ++ x35 = ((fiat_secp521r1_uint128)(arg1[3]) * x12); ++ x36 = ((fiat_secp521r1_uint128)(arg1[3]) * x13); ++ x37 = ((fiat_secp521r1_uint128)(arg1[3]) * (arg1[3])); ++ x38 = ((fiat_secp521r1_uint128)(arg1[2]) * (x2 * 0x2)); ++ x39 = ((fiat_secp521r1_uint128)(arg1[2]) * (x5 * 0x2)); ++ x40 = ((fiat_secp521r1_uint128)(arg1[2]) * x9); ++ x41 = ((fiat_secp521r1_uint128)(arg1[2]) * x12); ++ x42 = ((fiat_secp521r1_uint128)(arg1[2]) * x13); ++ x43 = ((fiat_secp521r1_uint128)(arg1[2]) * x14); ++ x44 = ((fiat_secp521r1_uint128)(arg1[2]) * (arg1[2])); ++ x45 = ((fiat_secp521r1_uint128)(arg1[1]) * (x2 * 0x2)); ++ x46 = ((fiat_secp521r1_uint128)(arg1[1]) * x6); ++ x47 = ((fiat_secp521r1_uint128)(arg1[1]) * x9); ++ x48 = ((fiat_secp521r1_uint128)(arg1[1]) * x12); ++ x49 = ((fiat_secp521r1_uint128)(arg1[1]) * x13); ++ x50 = ((fiat_secp521r1_uint128)(arg1[1]) * x14); ++ x51 = ((fiat_secp521r1_uint128)(arg1[1]) * x15); ++ x52 = ((fiat_secp521r1_uint128)(arg1[1]) * (arg1[1])); ++ x53 = ((fiat_secp521r1_uint128)(arg1[0]) * x3); ++ x54 = ((fiat_secp521r1_uint128)(arg1[0]) * x6); ++ x55 = ((fiat_secp521r1_uint128)(arg1[0]) * x9); ++ x56 = ((fiat_secp521r1_uint128)(arg1[0]) * x12); ++ x57 = ((fiat_secp521r1_uint128)(arg1[0]) * x13); ++ x58 = ((fiat_secp521r1_uint128)(arg1[0]) * x14); ++ x59 = ((fiat_secp521r1_uint128)(arg1[0]) * x15); ++ x60 = ((fiat_secp521r1_uint128)(arg1[0]) * x16); ++ x61 = ((fiat_secp521r1_uint128)(arg1[0]) * (arg1[0])); ++ x62 = (x61 + (x45 + (x39 + (x34 + x30)))); ++ x63 = (x62 >> 58); ++ x64 = (uint64_t)(x62 & UINT64_C(0x3ffffffffffffff)); ++ x65 = (x53 + (x46 + (x40 + (x35 + x31)))); ++ x66 = (x54 + (x47 + (x41 + (x36 + x17)))); ++ x67 = (x55 + (x48 + (x42 + (x37 + x18)))); ++ x68 = (x56 + (x49 + (x43 + (x20 + x19)))); ++ x69 = (x57 + (x50 + (x44 + (x23 + x21)))); ++ x70 = (x58 + (x51 + (x27 + (x24 + x22)))); ++ x71 = (x59 + (x52 + (x32 + (x28 + x25)))); ++ x72 = (x60 + (x38 + (x33 + (x29 + x26)))); ++ x73 = (x63 + x72); ++ x74 = (x73 >> 58); ++ x75 = (uint64_t)(x73 & UINT64_C(0x3ffffffffffffff)); ++ x76 = (x74 + x71); ++ x77 = (x76 >> 58); ++ x78 = (uint64_t)(x76 & UINT64_C(0x3ffffffffffffff)); ++ x79 = (x77 + x70); ++ x80 = (x79 >> 58); ++ x81 = (uint64_t)(x79 & UINT64_C(0x3ffffffffffffff)); ++ x82 = (x80 + x69); ++ x83 = (x82 >> 58); ++ x84 = (uint64_t)(x82 & UINT64_C(0x3ffffffffffffff)); ++ x85 = (x83 + x68); ++ x86 = (x85 >> 58); ++ x87 = (uint64_t)(x85 & UINT64_C(0x3ffffffffffffff)); ++ x88 = (x86 + x67); ++ x89 = (x88 >> 58); ++ x90 = (uint64_t)(x88 & UINT64_C(0x3ffffffffffffff)); ++ x91 = (x89 + x66); ++ x92 = (x91 >> 58); ++ x93 = (uint64_t)(x91 & UINT64_C(0x3ffffffffffffff)); ++ x94 = (x92 + x65); ++ x95 = (x94 >> 57); ++ x96 = (uint64_t)(x94 & UINT64_C(0x1ffffffffffffff)); ++ x97 = (x64 + x95); ++ x98 = (uint64_t)(x97 >> 58); ++ x99 = (uint64_t)(x97 & UINT64_C(0x3ffffffffffffff)); ++ x100 = (x98 + x75); ++ x101 = (fiat_secp521r1_uint1)(x100 >> 58); ++ x102 = (x100 & UINT64_C(0x3ffffffffffffff)); ++ x103 = (x101 + x78); ++ out1[0] = x99; ++ out1[1] = x102; ++ out1[2] = x103; ++ out1[3] = x81; ++ out1[4] = x84; ++ out1[5] = x87; ++ out1[6] = x90; ++ out1[7] = x93; ++ out1[8] = x96; ++} ++ ++/* ++ * The function fiat_secp521r1_carry reduces a field element. ++ * Postconditions: ++ * eval out1 mod m = eval arg1 mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ */ ++static void ++fiat_secp521r1_carry(uint64_t out1[9], const uint64_t arg1[9]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ uint64_t x17; ++ uint64_t x18; ++ uint64_t x19; ++ uint64_t x20; ++ x1 = (arg1[0]); ++ x2 = ((x1 >> 58) + (arg1[1])); ++ x3 = ((x2 >> 58) + (arg1[2])); ++ x4 = ((x3 >> 58) + (arg1[3])); ++ x5 = ((x4 >> 58) + (arg1[4])); ++ x6 = ((x5 >> 58) + (arg1[5])); ++ x7 = ((x6 >> 58) + (arg1[6])); ++ x8 = ((x7 >> 58) + (arg1[7])); ++ x9 = ((x8 >> 58) + (arg1[8])); ++ x10 = ((x1 & UINT64_C(0x3ffffffffffffff)) + (x9 >> 57)); ++ x11 = ((fiat_secp521r1_uint1)(x10 >> 58) + ++ (x2 & UINT64_C(0x3ffffffffffffff))); ++ x12 = (x10 & UINT64_C(0x3ffffffffffffff)); ++ x13 = (x11 & UINT64_C(0x3ffffffffffffff)); ++ x14 = ((fiat_secp521r1_uint1)(x11 >> 58) + ++ (x3 & UINT64_C(0x3ffffffffffffff))); ++ x15 = (x4 & UINT64_C(0x3ffffffffffffff)); ++ x16 = (x5 & UINT64_C(0x3ffffffffffffff)); ++ x17 = (x6 & UINT64_C(0x3ffffffffffffff)); ++ x18 = (x7 & UINT64_C(0x3ffffffffffffff)); ++ x19 = (x8 & UINT64_C(0x3ffffffffffffff)); ++ x20 = (x9 & UINT64_C(0x1ffffffffffffff)); ++ out1[0] = x12; ++ out1[1] = x13; ++ out1[2] = x14; ++ out1[3] = x15; ++ out1[4] = x16; ++ out1[5] = x17; ++ out1[6] = x18; ++ out1[7] = x19; ++ out1[8] = x20; ++} ++ ++/* ++ * The function fiat_secp521r1_add adds two field elements. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 + eval arg2) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ * arg2: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ */ ++static void ++fiat_secp521r1_add(uint64_t out1[9], const uint64_t arg1[9], ++ const uint64_t arg2[9]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ x1 = ((arg1[0]) + (arg2[0])); ++ x2 = ((arg1[1]) + (arg2[1])); ++ x3 = ((arg1[2]) + (arg2[2])); ++ x4 = ((arg1[3]) + (arg2[3])); ++ x5 = ((arg1[4]) + (arg2[4])); ++ x6 = ((arg1[5]) + (arg2[5])); ++ x7 = ((arg1[6]) + (arg2[6])); ++ x8 = ((arg1[7]) + (arg2[7])); ++ x9 = ((arg1[8]) + (arg2[8])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++} ++ ++/* ++ * The function fiat_secp521r1_sub subtracts two field elements. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 - eval arg2) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ * arg2: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ */ ++static void ++fiat_secp521r1_sub(uint64_t out1[9], const uint64_t arg1[9], ++ const uint64_t arg2[9]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ x1 = ((UINT64_C(0x7fffffffffffffe) + (arg1[0])) - (arg2[0])); ++ x2 = ((UINT64_C(0x7fffffffffffffe) + (arg1[1])) - (arg2[1])); ++ x3 = ((UINT64_C(0x7fffffffffffffe) + (arg1[2])) - (arg2[2])); ++ x4 = ((UINT64_C(0x7fffffffffffffe) + (arg1[3])) - (arg2[3])); ++ x5 = ((UINT64_C(0x7fffffffffffffe) + (arg1[4])) - (arg2[4])); ++ x6 = ((UINT64_C(0x7fffffffffffffe) + (arg1[5])) - (arg2[5])); ++ x7 = ((UINT64_C(0x7fffffffffffffe) + (arg1[6])) - (arg2[6])); ++ x8 = ((UINT64_C(0x7fffffffffffffe) + (arg1[7])) - (arg2[7])); ++ x9 = ((UINT64_C(0x3fffffffffffffe) + (arg1[8])) - (arg2[8])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++} ++ ++/* ++ * The function fiat_secp521r1_opp negates a field element. ++ * Postconditions: ++ * eval out1 mod m = -eval arg1 mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0xd33333333333332], [0x0 ~> 0x699999999999999]] ++ */ ++static void ++fiat_secp521r1_opp(uint64_t out1[9], const uint64_t arg1[9]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ x1 = (UINT64_C(0x7fffffffffffffe) - (arg1[0])); ++ x2 = (UINT64_C(0x7fffffffffffffe) - (arg1[1])); ++ x3 = (UINT64_C(0x7fffffffffffffe) - (arg1[2])); ++ x4 = (UINT64_C(0x7fffffffffffffe) - (arg1[3])); ++ x5 = (UINT64_C(0x7fffffffffffffe) - (arg1[4])); ++ x6 = (UINT64_C(0x7fffffffffffffe) - (arg1[5])); ++ x7 = (UINT64_C(0x7fffffffffffffe) - (arg1[6])); ++ x8 = (UINT64_C(0x7fffffffffffffe) - (arg1[7])); ++ x9 = (UINT64_C(0x3fffffffffffffe) - (arg1[8])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++} ++ ++/* ++ * The function fiat_secp521r1_selectznz is a multi-limb conditional select. ++ * Postconditions: ++ * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] ++ */ ++static void ++fiat_secp521r1_selectznz(uint64_t out1[9], ++ fiat_secp521r1_uint1 arg1, ++ const uint64_t arg2[9], ++ const uint64_t arg3[9]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ fiat_secp521r1_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); ++ fiat_secp521r1_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); ++ fiat_secp521r1_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); ++ fiat_secp521r1_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); ++ fiat_secp521r1_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); ++ fiat_secp521r1_cmovznz_u64(&x6, arg1, (arg2[5]), (arg3[5])); ++ fiat_secp521r1_cmovznz_u64(&x7, arg1, (arg2[6]), (arg3[6])); ++ fiat_secp521r1_cmovznz_u64(&x8, arg1, (arg2[7]), (arg3[7])); ++ fiat_secp521r1_cmovznz_u64(&x9, arg1, (arg2[8]), (arg3[8])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++} ++ ++/* ++ * The function fiat_secp521r1_to_bytes serializes a field element to bytes in little-endian order. ++ * Postconditions: ++ * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65] ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] ++ */ ++static void ++fiat_secp521r1_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) ++{ ++ uint64_t x1; ++ fiat_secp521r1_uint1 x2; ++ uint64_t x3; ++ fiat_secp521r1_uint1 x4; ++ uint64_t x5; ++ fiat_secp521r1_uint1 x6; ++ uint64_t x7; ++ fiat_secp521r1_uint1 x8; ++ uint64_t x9; ++ fiat_secp521r1_uint1 x10; ++ uint64_t x11; ++ fiat_secp521r1_uint1 x12; ++ uint64_t x13; ++ fiat_secp521r1_uint1 x14; ++ uint64_t x15; ++ fiat_secp521r1_uint1 x16; ++ uint64_t x17; ++ fiat_secp521r1_uint1 x18; ++ uint64_t x19; ++ uint64_t x20; ++ fiat_secp521r1_uint1 x21; ++ uint64_t x22; ++ fiat_secp521r1_uint1 x23; ++ uint64_t x24; ++ fiat_secp521r1_uint1 x25; ++ uint64_t x26; ++ fiat_secp521r1_uint1 x27; ++ uint64_t x28; ++ fiat_secp521r1_uint1 x29; ++ uint64_t x30; ++ fiat_secp521r1_uint1 x31; ++ uint64_t x32; ++ fiat_secp521r1_uint1 x33; ++ uint64_t x34; ++ fiat_secp521r1_uint1 x35; ++ uint64_t x36; ++ fiat_secp521r1_uint1 x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint64_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ uint8_t x45; ++ uint64_t x46; ++ uint8_t x47; ++ uint64_t x48; ++ uint8_t x49; ++ uint64_t x50; ++ uint8_t x51; ++ uint64_t x52; ++ uint8_t x53; ++ uint64_t x54; ++ uint8_t x55; ++ uint8_t x56; ++ uint8_t x57; ++ uint64_t x58; ++ uint64_t x59; ++ uint8_t x60; ++ uint64_t x61; ++ uint8_t x62; ++ uint64_t x63; ++ uint8_t x64; ++ uint64_t x65; ++ uint8_t x66; ++ uint64_t x67; ++ uint8_t x68; ++ uint64_t x69; ++ uint8_t x70; ++ uint8_t x71; ++ uint8_t x72; ++ uint64_t x73; ++ uint64_t x74; ++ uint8_t x75; ++ uint64_t x76; ++ uint8_t x77; ++ uint64_t x78; ++ uint8_t x79; ++ uint64_t x80; ++ uint8_t x81; ++ uint64_t x82; ++ uint8_t x83; ++ uint64_t x84; ++ uint8_t x85; ++ uint8_t x86; ++ uint8_t x87; ++ uint64_t x88; ++ uint64_t x89; ++ uint8_t x90; ++ uint64_t x91; ++ uint8_t x92; ++ uint64_t x93; ++ uint8_t x94; ++ uint64_t x95; ++ uint8_t x96; ++ uint64_t x97; ++ uint8_t x98; ++ uint64_t x99; ++ uint8_t x100; ++ uint8_t x101; ++ uint8_t x102; ++ uint8_t x103; ++ uint64_t x104; ++ uint8_t x105; ++ uint64_t x106; ++ uint8_t x107; ++ uint64_t x108; ++ uint8_t x109; ++ uint64_t x110; ++ uint8_t x111; ++ uint64_t x112; ++ uint8_t x113; ++ uint64_t x114; ++ uint8_t x115; ++ uint8_t x116; ++ uint8_t x117; ++ uint64_t x118; ++ uint64_t x119; ++ uint8_t x120; ++ uint64_t x121; ++ uint8_t x122; ++ uint64_t x123; ++ uint8_t x124; ++ uint64_t x125; ++ uint8_t x126; ++ uint64_t x127; ++ uint8_t x128; ++ uint64_t x129; ++ uint8_t x130; ++ uint8_t x131; ++ uint8_t x132; ++ uint64_t x133; ++ uint64_t x134; ++ uint8_t x135; ++ uint64_t x136; ++ uint8_t x137; ++ uint64_t x138; ++ uint8_t x139; ++ uint64_t x140; ++ uint8_t x141; ++ uint64_t x142; ++ uint8_t x143; ++ uint64_t x144; ++ uint8_t x145; ++ uint8_t x146; ++ uint8_t x147; ++ uint64_t x148; ++ uint64_t x149; ++ uint8_t x150; ++ uint64_t x151; ++ uint8_t x152; ++ uint64_t x153; ++ uint8_t x154; ++ uint64_t x155; ++ uint8_t x156; ++ uint64_t x157; ++ uint8_t x158; ++ uint64_t x159; ++ uint8_t x160; ++ uint8_t x161; ++ uint8_t x162; ++ uint8_t x163; ++ uint64_t x164; ++ uint8_t x165; ++ uint64_t x166; ++ uint8_t x167; ++ uint64_t x168; ++ uint8_t x169; ++ uint64_t x170; ++ uint8_t x171; ++ uint64_t x172; ++ uint8_t x173; ++ uint64_t x174; ++ uint8_t x175; ++ fiat_secp521r1_uint1 x176; ++ uint8_t x177; ++ fiat_secp521r1_subborrowx_u58(&x1, &x2, 0x0, (arg1[0]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x3, &x4, x2, (arg1[1]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x5, &x6, x4, (arg1[2]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x7, &x8, x6, (arg1[3]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x9, &x10, x8, (arg1[4]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x11, &x12, x10, (arg1[5]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x13, &x14, x12, (arg1[6]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u58(&x15, &x16, x14, (arg1[7]), ++ UINT64_C(0x3ffffffffffffff)); ++ fiat_secp521r1_subborrowx_u57(&x17, &x18, x16, (arg1[8]), ++ UINT64_C(0x1ffffffffffffff)); ++ fiat_secp521r1_cmovznz_u64(&x19, x18, 0x0, UINT64_C(0xffffffffffffffff)); ++ fiat_secp521r1_addcarryx_u58(&x20, &x21, 0x0, x1, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x22, &x23, x21, x3, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x24, &x25, x23, x5, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x26, &x27, x25, x7, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x28, &x29, x27, x9, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x30, &x31, x29, x11, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x32, &x33, x31, x13, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u58(&x34, &x35, x33, x15, ++ (x19 & UINT64_C(0x3ffffffffffffff))); ++ fiat_secp521r1_addcarryx_u57(&x36, &x37, x35, x17, ++ (x19 & UINT64_C(0x1ffffffffffffff))); ++ x38 = (x34 << 6); ++ x39 = (x32 << 4); ++ x40 = (x30 << 2); ++ x41 = (x26 << 6); ++ x42 = (x24 << 4); ++ x43 = (x22 << 2); ++ x44 = (x20 >> 8); ++ x45 = (uint8_t)(x20 & UINT8_C(0xff)); ++ x46 = (x44 >> 8); ++ x47 = (uint8_t)(x44 & UINT8_C(0xff)); ++ x48 = (x46 >> 8); ++ x49 = (uint8_t)(x46 & UINT8_C(0xff)); ++ x50 = (x48 >> 8); ++ x51 = (uint8_t)(x48 & UINT8_C(0xff)); ++ x52 = (x50 >> 8); ++ x53 = (uint8_t)(x50 & UINT8_C(0xff)); ++ x54 = (x52 >> 8); ++ x55 = (uint8_t)(x52 & UINT8_C(0xff)); ++ x56 = (uint8_t)(x54 >> 8); ++ x57 = (uint8_t)(x54 & UINT8_C(0xff)); ++ x58 = (x56 + x43); ++ x59 = (x58 >> 8); ++ x60 = (uint8_t)(x58 & UINT8_C(0xff)); ++ x61 = (x59 >> 8); ++ x62 = (uint8_t)(x59 & UINT8_C(0xff)); ++ x63 = (x61 >> 8); ++ x64 = (uint8_t)(x61 & UINT8_C(0xff)); ++ x65 = (x63 >> 8); ++ x66 = (uint8_t)(x63 & UINT8_C(0xff)); ++ x67 = (x65 >> 8); ++ x68 = (uint8_t)(x65 & UINT8_C(0xff)); ++ x69 = (x67 >> 8); ++ x70 = (uint8_t)(x67 & UINT8_C(0xff)); ++ x71 = (uint8_t)(x69 >> 8); ++ x72 = (uint8_t)(x69 & UINT8_C(0xff)); ++ x73 = (x71 + x42); ++ x74 = (x73 >> 8); ++ x75 = (uint8_t)(x73 & UINT8_C(0xff)); ++ x76 = (x74 >> 8); ++ x77 = (uint8_t)(x74 & UINT8_C(0xff)); ++ x78 = (x76 >> 8); ++ x79 = (uint8_t)(x76 & UINT8_C(0xff)); ++ x80 = (x78 >> 8); ++ x81 = (uint8_t)(x78 & UINT8_C(0xff)); ++ x82 = (x80 >> 8); ++ x83 = (uint8_t)(x80 & UINT8_C(0xff)); ++ x84 = (x82 >> 8); ++ x85 = (uint8_t)(x82 & UINT8_C(0xff)); ++ x86 = (uint8_t)(x84 >> 8); ++ x87 = (uint8_t)(x84 & UINT8_C(0xff)); ++ x88 = (x86 + x41); ++ x89 = (x88 >> 8); ++ x90 = (uint8_t)(x88 & UINT8_C(0xff)); ++ x91 = (x89 >> 8); ++ x92 = (uint8_t)(x89 & UINT8_C(0xff)); ++ x93 = (x91 >> 8); ++ x94 = (uint8_t)(x91 & UINT8_C(0xff)); ++ x95 = (x93 >> 8); ++ x96 = (uint8_t)(x93 & UINT8_C(0xff)); ++ x97 = (x95 >> 8); ++ x98 = (uint8_t)(x95 & UINT8_C(0xff)); ++ x99 = (x97 >> 8); ++ x100 = (uint8_t)(x97 & UINT8_C(0xff)); ++ x101 = (uint8_t)(x99 >> 8); ++ x102 = (uint8_t)(x99 & UINT8_C(0xff)); ++ x103 = (uint8_t)(x101 & UINT8_C(0xff)); ++ x104 = (x28 >> 8); ++ x105 = (uint8_t)(x28 & UINT8_C(0xff)); ++ x106 = (x104 >> 8); ++ x107 = (uint8_t)(x104 & UINT8_C(0xff)); ++ x108 = (x106 >> 8); ++ x109 = (uint8_t)(x106 & UINT8_C(0xff)); ++ x110 = (x108 >> 8); ++ x111 = (uint8_t)(x108 & UINT8_C(0xff)); ++ x112 = (x110 >> 8); ++ x113 = (uint8_t)(x110 & UINT8_C(0xff)); ++ x114 = (x112 >> 8); ++ x115 = (uint8_t)(x112 & UINT8_C(0xff)); ++ x116 = (uint8_t)(x114 >> 8); ++ x117 = (uint8_t)(x114 & UINT8_C(0xff)); ++ x118 = (x116 + x40); ++ x119 = (x118 >> 8); ++ x120 = (uint8_t)(x118 & UINT8_C(0xff)); ++ x121 = (x119 >> 8); ++ x122 = (uint8_t)(x119 & UINT8_C(0xff)); ++ x123 = (x121 >> 8); ++ x124 = (uint8_t)(x121 & UINT8_C(0xff)); ++ x125 = (x123 >> 8); ++ x126 = (uint8_t)(x123 & UINT8_C(0xff)); ++ x127 = (x125 >> 8); ++ x128 = (uint8_t)(x125 & UINT8_C(0xff)); ++ x129 = (x127 >> 8); ++ x130 = (uint8_t)(x127 & UINT8_C(0xff)); ++ x131 = (uint8_t)(x129 >> 8); ++ x132 = (uint8_t)(x129 & UINT8_C(0xff)); ++ x133 = (x131 + x39); ++ x134 = (x133 >> 8); ++ x135 = (uint8_t)(x133 & UINT8_C(0xff)); ++ x136 = (x134 >> 8); ++ x137 = (uint8_t)(x134 & UINT8_C(0xff)); ++ x138 = (x136 >> 8); ++ x139 = (uint8_t)(x136 & UINT8_C(0xff)); ++ x140 = (x138 >> 8); ++ x141 = (uint8_t)(x138 & UINT8_C(0xff)); ++ x142 = (x140 >> 8); ++ x143 = (uint8_t)(x140 & UINT8_C(0xff)); ++ x144 = (x142 >> 8); ++ x145 = (uint8_t)(x142 & UINT8_C(0xff)); ++ x146 = (uint8_t)(x144 >> 8); ++ x147 = (uint8_t)(x144 & UINT8_C(0xff)); ++ x148 = (x146 + x38); ++ x149 = (x148 >> 8); ++ x150 = (uint8_t)(x148 & UINT8_C(0xff)); ++ x151 = (x149 >> 8); ++ x152 = (uint8_t)(x149 & UINT8_C(0xff)); ++ x153 = (x151 >> 8); ++ x154 = (uint8_t)(x151 & UINT8_C(0xff)); ++ x155 = (x153 >> 8); ++ x156 = (uint8_t)(x153 & UINT8_C(0xff)); ++ x157 = (x155 >> 8); ++ x158 = (uint8_t)(x155 & UINT8_C(0xff)); ++ x159 = (x157 >> 8); ++ x160 = (uint8_t)(x157 & UINT8_C(0xff)); ++ x161 = (uint8_t)(x159 >> 8); ++ x162 = (uint8_t)(x159 & UINT8_C(0xff)); ++ x163 = (uint8_t)(x161 & UINT8_C(0xff)); ++ x164 = (x36 >> 8); ++ x165 = (uint8_t)(x36 & UINT8_C(0xff)); ++ x166 = (x164 >> 8); ++ x167 = (uint8_t)(x164 & UINT8_C(0xff)); ++ x168 = (x166 >> 8); ++ x169 = (uint8_t)(x166 & UINT8_C(0xff)); ++ x170 = (x168 >> 8); ++ x171 = (uint8_t)(x168 & UINT8_C(0xff)); ++ x172 = (x170 >> 8); ++ x173 = (uint8_t)(x170 & UINT8_C(0xff)); ++ x174 = (x172 >> 8); ++ x175 = (uint8_t)(x172 & UINT8_C(0xff)); ++ x176 = (fiat_secp521r1_uint1)(x174 >> 8); ++ x177 = (uint8_t)(x174 & UINT8_C(0xff)); ++ out1[0] = x45; ++ out1[1] = x47; ++ out1[2] = x49; ++ out1[3] = x51; ++ out1[4] = x53; ++ out1[5] = x55; ++ out1[6] = x57; ++ out1[7] = x60; ++ out1[8] = x62; ++ out1[9] = x64; ++ out1[10] = x66; ++ out1[11] = x68; ++ out1[12] = x70; ++ out1[13] = x72; ++ out1[14] = x75; ++ out1[15] = x77; ++ out1[16] = x79; ++ out1[17] = x81; ++ out1[18] = x83; ++ out1[19] = x85; ++ out1[20] = x87; ++ out1[21] = x90; ++ out1[22] = x92; ++ out1[23] = x94; ++ out1[24] = x96; ++ out1[25] = x98; ++ out1[26] = x100; ++ out1[27] = x102; ++ out1[28] = x103; ++ out1[29] = x105; ++ out1[30] = x107; ++ out1[31] = x109; ++ out1[32] = x111; ++ out1[33] = x113; ++ out1[34] = x115; ++ out1[35] = x117; ++ out1[36] = x120; ++ out1[37] = x122; ++ out1[38] = x124; ++ out1[39] = x126; ++ out1[40] = x128; ++ out1[41] = x130; ++ out1[42] = x132; ++ out1[43] = x135; ++ out1[44] = x137; ++ out1[45] = x139; ++ out1[46] = x141; ++ out1[47] = x143; ++ out1[48] = x145; ++ out1[49] = x147; ++ out1[50] = x150; ++ out1[51] = x152; ++ out1[52] = x154; ++ out1[53] = x156; ++ out1[54] = x158; ++ out1[55] = x160; ++ out1[56] = x162; ++ out1[57] = x163; ++ out1[58] = x165; ++ out1[59] = x167; ++ out1[60] = x169; ++ out1[61] = x171; ++ out1[62] = x173; ++ out1[63] = x175; ++ out1[64] = x177; ++ out1[65] = x176; ++} ++ ++/* ++ * The function fiat_secp521r1_from_bytes deserializes a field element from bytes in little-endian order. ++ * Postconditions: ++ * eval out1 mod m = bytes_eval arg1 mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x466666666666666], [0x0 ~> 0x233333333333333]] ++ */ ++static void ++fiat_secp521r1_from_bytes(uint64_t out1[9], ++ const uint8_t arg1[66]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint8_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ uint64_t x17; ++ uint64_t x18; ++ uint64_t x19; ++ uint64_t x20; ++ uint64_t x21; ++ uint64_t x22; ++ uint64_t x23; ++ uint64_t x24; ++ uint64_t x25; ++ uint64_t x26; ++ uint64_t x27; ++ uint64_t x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint64_t x32; ++ uint64_t x33; ++ uint64_t x34; ++ uint64_t x35; ++ uint64_t x36; ++ uint8_t x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint64_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ uint64_t x45; ++ uint64_t x46; ++ uint64_t x47; ++ uint64_t x48; ++ uint64_t x49; ++ uint64_t x50; ++ uint64_t x51; ++ uint64_t x52; ++ uint64_t x53; ++ uint64_t x54; ++ uint64_t x55; ++ uint64_t x56; ++ uint64_t x57; ++ uint64_t x58; ++ uint64_t x59; ++ uint64_t x60; ++ uint64_t x61; ++ uint64_t x62; ++ uint64_t x63; ++ uint64_t x64; ++ uint64_t x65; ++ uint8_t x66; ++ uint64_t x67; ++ uint8_t x68; ++ uint64_t x69; ++ uint64_t x70; ++ uint64_t x71; ++ uint64_t x72; ++ uint64_t x73; ++ uint64_t x74; ++ uint64_t x75; ++ uint64_t x76; ++ uint64_t x77; ++ uint64_t x78; ++ uint8_t x79; ++ uint64_t x80; ++ uint64_t x81; ++ uint8_t x82; ++ uint64_t x83; ++ uint64_t x84; ++ uint64_t x85; ++ uint8_t x86; ++ uint64_t x87; ++ uint64_t x88; ++ uint8_t x89; ++ uint64_t x90; ++ uint64_t x91; ++ uint8_t x92; ++ uint64_t x93; ++ uint64_t x94; ++ uint64_t x95; ++ x1 = ((uint64_t)(fiat_secp521r1_uint1)(arg1[65]) << 56); ++ x2 = ((uint64_t)(arg1[64]) << 48); ++ x3 = ((uint64_t)(arg1[63]) << 40); ++ x4 = ((uint64_t)(arg1[62]) << 32); ++ x5 = ((uint64_t)(arg1[61]) << 24); ++ x6 = ((uint64_t)(arg1[60]) << 16); ++ x7 = ((uint64_t)(arg1[59]) << 8); ++ x8 = (arg1[58]); ++ x9 = ((uint64_t)(arg1[57]) << 50); ++ x10 = ((uint64_t)(arg1[56]) << 42); ++ x11 = ((uint64_t)(arg1[55]) << 34); ++ x12 = ((uint64_t)(arg1[54]) << 26); ++ x13 = ((uint64_t)(arg1[53]) << 18); ++ x14 = ((uint64_t)(arg1[52]) << 10); ++ x15 = ((uint64_t)(arg1[51]) << 2); ++ x16 = ((uint64_t)(arg1[50]) << 52); ++ x17 = ((uint64_t)(arg1[49]) << 44); ++ x18 = ((uint64_t)(arg1[48]) << 36); ++ x19 = ((uint64_t)(arg1[47]) << 28); ++ x20 = ((uint64_t)(arg1[46]) << 20); ++ x21 = ((uint64_t)(arg1[45]) << 12); ++ x22 = ((uint64_t)(arg1[44]) << 4); ++ x23 = ((uint64_t)(arg1[43]) << 54); ++ x24 = ((uint64_t)(arg1[42]) << 46); ++ x25 = ((uint64_t)(arg1[41]) << 38); ++ x26 = ((uint64_t)(arg1[40]) << 30); ++ x27 = ((uint64_t)(arg1[39]) << 22); ++ x28 = ((uint64_t)(arg1[38]) << 14); ++ x29 = ((uint64_t)(arg1[37]) << 6); ++ x30 = ((uint64_t)(arg1[36]) << 56); ++ x31 = ((uint64_t)(arg1[35]) << 48); ++ x32 = ((uint64_t)(arg1[34]) << 40); ++ x33 = ((uint64_t)(arg1[33]) << 32); ++ x34 = ((uint64_t)(arg1[32]) << 24); ++ x35 = ((uint64_t)(arg1[31]) << 16); ++ x36 = ((uint64_t)(arg1[30]) << 8); ++ x37 = (arg1[29]); ++ x38 = ((uint64_t)(arg1[28]) << 50); ++ x39 = ((uint64_t)(arg1[27]) << 42); ++ x40 = ((uint64_t)(arg1[26]) << 34); ++ x41 = ((uint64_t)(arg1[25]) << 26); ++ x42 = ((uint64_t)(arg1[24]) << 18); ++ x43 = ((uint64_t)(arg1[23]) << 10); ++ x44 = ((uint64_t)(arg1[22]) << 2); ++ x45 = ((uint64_t)(arg1[21]) << 52); ++ x46 = ((uint64_t)(arg1[20]) << 44); ++ x47 = ((uint64_t)(arg1[19]) << 36); ++ x48 = ((uint64_t)(arg1[18]) << 28); ++ x49 = ((uint64_t)(arg1[17]) << 20); ++ x50 = ((uint64_t)(arg1[16]) << 12); ++ x51 = ((uint64_t)(arg1[15]) << 4); ++ x52 = ((uint64_t)(arg1[14]) << 54); ++ x53 = ((uint64_t)(arg1[13]) << 46); ++ x54 = ((uint64_t)(arg1[12]) << 38); ++ x55 = ((uint64_t)(arg1[11]) << 30); ++ x56 = ((uint64_t)(arg1[10]) << 22); ++ x57 = ((uint64_t)(arg1[9]) << 14); ++ x58 = ((uint64_t)(arg1[8]) << 6); ++ x59 = ((uint64_t)(arg1[7]) << 56); ++ x60 = ((uint64_t)(arg1[6]) << 48); ++ x61 = ((uint64_t)(arg1[5]) << 40); ++ x62 = ((uint64_t)(arg1[4]) << 32); ++ x63 = ((uint64_t)(arg1[3]) << 24); ++ x64 = ((uint64_t)(arg1[2]) << 16); ++ x65 = ((uint64_t)(arg1[1]) << 8); ++ x66 = (arg1[0]); ++ x67 = (x66 + (x65 + (x64 + (x63 + (x62 + (x61 + (x60 + x59))))))); ++ x68 = (uint8_t)(x67 >> 58); ++ x69 = (x67 & UINT64_C(0x3ffffffffffffff)); ++ x70 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); ++ x71 = (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9)))))); ++ x72 = (x22 + (x21 + (x20 + (x19 + (x18 + (x17 + x16)))))); ++ x73 = (x29 + (x28 + (x27 + (x26 + (x25 + (x24 + x23)))))); ++ x74 = (x37 + (x36 + (x35 + (x34 + (x33 + (x32 + (x31 + x30))))))); ++ x75 = (x44 + (x43 + (x42 + (x41 + (x40 + (x39 + x38)))))); ++ x76 = (x51 + (x50 + (x49 + (x48 + (x47 + (x46 + x45)))))); ++ x77 = (x58 + (x57 + (x56 + (x55 + (x54 + (x53 + x52)))))); ++ x78 = (x68 + x77); ++ x79 = (uint8_t)(x78 >> 58); ++ x80 = (x78 & UINT64_C(0x3ffffffffffffff)); ++ x81 = (x79 + x76); ++ x82 = (uint8_t)(x81 >> 58); ++ x83 = (x81 & UINT64_C(0x3ffffffffffffff)); ++ x84 = (x82 + x75); ++ x85 = (x84 & UINT64_C(0x3ffffffffffffff)); ++ x86 = (uint8_t)(x74 >> 58); ++ x87 = (x74 & UINT64_C(0x3ffffffffffffff)); ++ x88 = (x86 + x73); ++ x89 = (uint8_t)(x88 >> 58); ++ x90 = (x88 & UINT64_C(0x3ffffffffffffff)); ++ x91 = (x89 + x72); ++ x92 = (uint8_t)(x91 >> 58); ++ x93 = (x91 & UINT64_C(0x3ffffffffffffff)); ++ x94 = (x92 + x71); ++ x95 = (x94 & UINT64_C(0x3ffffffffffffff)); ++ out1[0] = x69; ++ out1[1] = x80; ++ out1[2] = x83; ++ out1[3] = x85; ++ out1[4] = x87; ++ out1[5] = x90; ++ out1[6] = x93; ++ out1[7] = x95; ++ out1[8] = x70; ++} ++ ++/* END verbatim fiat code */ ++ ++/*- ++ * Finite field inversion via FLT. ++ * NB: this is not a real Fiat function, just named that way for consistency. ++ * Autogenerated: ecp/secp521r1/fe_inv.op3 ++ * custom repunit addition chain ++ */ ++static void ++fiat_secp521r1_inv(fe_t output, const fe_t t1) ++{ ++ int i; ++ /* temporary variables */ ++ fe_t acc, t128, t16, t2, t256, t32, t4, t512, t516, t518, t519, t64, t8; ++ ++ fiat_secp521r1_carry_square(acc, t1); ++ fiat_secp521r1_carry_mul(t2, acc, t1); ++ fiat_secp521r1_carry_square(acc, t2); ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t4, acc, t2); ++ fiat_secp521r1_carry_square(acc, t4); ++ for (i = 0; i < 3; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t8, acc, t4); ++ fiat_secp521r1_carry_square(acc, t8); ++ for (i = 0; i < 7; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t16, acc, t8); ++ fiat_secp521r1_carry_square(acc, t16); ++ for (i = 0; i < 15; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t32, acc, t16); ++ fiat_secp521r1_carry_square(acc, t32); ++ for (i = 0; i < 31; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t64, acc, t32); ++ fiat_secp521r1_carry_square(acc, t64); ++ for (i = 0; i < 63; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t128, acc, t64); ++ fiat_secp521r1_carry_square(acc, t128); ++ for (i = 0; i < 127; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t256, acc, t128); ++ fiat_secp521r1_carry_square(acc, t256); ++ for (i = 0; i < 255; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t512, acc, t256); ++ fiat_secp521r1_carry_square(acc, t512); ++ for (i = 0; i < 3; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t516, acc, t4); ++ fiat_secp521r1_carry_square(acc, t516); ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t518, acc, t2); ++ fiat_secp521r1_carry_square(acc, t518); ++ fiat_secp521r1_carry_mul(t519, acc, t1); ++ fiat_secp521r1_carry_square(acc, t519); ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(output, acc, t1); ++} ++ ++/* curve coefficient constants */ ++ ++static const limb_t const_one[9] = { ++ UINT64_C(0x0000000000000001), UINT64_C(0x0000000000000000), ++ UINT64_C(0x0000000000000000), UINT64_C(0x0000000000000000), ++ UINT64_C(0x0000000000000000), UINT64_C(0x0000000000000000), ++ UINT64_C(0x0000000000000000), UINT64_C(0x0000000000000000), ++ UINT64_C(0x0000000000000000) ++}; ++ ++static const limb_t const_b[9] = { ++ UINT64_C(0x03451FD46B503F00), UINT64_C(0x00F7E20F4B0D3C7B), ++ UINT64_C(0x000BD3BB1BF07357), UINT64_C(0x0147B1FA4DEC594B), ++ UINT64_C(0x018EF109E1561939), UINT64_C(0x026CC57CEE2D2264), ++ UINT64_C(0x00540EEA2DA725B9), UINT64_C(0x02687E4A688682DA), ++ UINT64_C(0x0051953EB9618E1C) ++}; ++ ++/* LUT for scalar multiplication by comb interleaving */ ++static const pt_aff_t lut_cmb[13][16] = { ++ { ++ { { UINT64_C(0x017E7E31C2E5BD66), UINT64_C(0x022CF0615A90A6FE), ++ UINT64_C(0x00127A2FFA8DE334), UINT64_C(0x01DFBF9D64A3F877), ++ UINT64_C(0x006B4D3DBAA14B5E), UINT64_C(0x014FED487E0A2BD8), ++ UINT64_C(0x015B4429C6481390), UINT64_C(0x03A73678FB2D988E), ++ UINT64_C(0x00C6858E06B70404) }, ++ { UINT64_C(0x00BE94769FD16650), UINT64_C(0x031C21A89CB09022), ++ UINT64_C(0x039013FAD0761353), UINT64_C(0x02657BD099031542), ++ UINT64_C(0x03273E662C97EE72), UINT64_C(0x01E6D11A05EBEF45), ++ UINT64_C(0x03D1BD998F544495), UINT64_C(0x03001172297ED0B1), ++ UINT64_C(0x011839296A789A3B) } }, ++ { { UINT64_C(0x01919D2EDE37AD7D), UINT64_C(0x0124218B0CBA8169), ++ UINT64_C(0x03D16B59FE21BAEB), UINT64_C(0x0128E920C814769A), ++ UINT64_C(0x012D7A8DD1AD3F16), UINT64_C(0x008F66AE796B5E84), ++ UINT64_C(0x0159479B52A6E5B1), UINT64_C(0x0065776475A992D6), ++ UINT64_C(0x01A73D352443DE29) }, ++ { UINT64_C(0x03588CA1EE86C0E5), UINT64_C(0x01726F24E9641097), ++ UINT64_C(0x00ED1DEC3C70CF10), UINT64_C(0x033E3715D6C0B56B), ++ UINT64_C(0x03A355CEEC2E2DD4), UINT64_C(0x02A740C5F4BE2AC7), ++ UINT64_C(0x03814F2F1557FA82), UINT64_C(0x0377665E7E1B1B2A), ++ UINT64_C(0x013E9B03B97DFA62) } }, ++ { { UINT64_C(0x01AB5096EC8F3078), UINT64_C(0x01F879B624C5CE35), ++ UINT64_C(0x03EAF137E79A329D), UINT64_C(0x01B578C0508DC44B), ++ UINT64_C(0x00F177ACE4383C0C), UINT64_C(0x014FC34933C0F6AE), ++ UINT64_C(0x00EB0BF7A596EFDB), UINT64_C(0x00CB1CF6F0CE4701), ++ UINT64_C(0x00652BF3C52927A4) }, ++ { UINT64_C(0x033CC3E8DEB090CB), UINT64_C(0x0001C95CD53DFE05), ++ UINT64_C(0x000211CF5FF79D1F), UINT64_C(0x03241CB3CDD0C455), ++ UINT64_C(0x01A0347087BB6897), UINT64_C(0x01CB80147B7605F2), ++ UINT64_C(0x00112911CD8FE8E8), UINT64_C(0x035BB228ADCC452A), ++ UINT64_C(0x015BE6EF1BDD6601) } }, ++ { { UINT64_C(0x01CEAD882816ECD4), UINT64_C(0x014FD43F70986680), ++ UINT64_C(0x01F30DCE3BBC46F9), UINT64_C(0x002AFF1A6363269B), ++ UINT64_C(0x02F7114C5D8C308D), UINT64_C(0x01520C8A3C0634B0), ++ UINT64_C(0x0073A0C5F22E0E8F), UINT64_C(0x018D1BBAD97F682C), ++ UINT64_C(0x0056D5D1D99D5B7F) }, ++ { UINT64_C(0x006B8BC90525251B), UINT64_C(0x019C4A9777BF1ED7), ++ UINT64_C(0x0234591CE1A5F9E7), UINT64_C(0x024F37B278AE548E), ++ UINT64_C(0x0226CBDE556BD0F2), UINT64_C(0x02093C375C76F662), ++ UINT64_C(0x0168478B5C582D02), UINT64_C(0x0284434760C5E8E7), ++ UINT64_C(0x003D2D1B7D9BAAA2) } }, ++ { { UINT64_C(0x0345627967CBE207), UINT64_C(0x002EAF61734A1987), ++ UINT64_C(0x016DF725A318F4F5), UINT64_C(0x00E584D368D7CF15), ++ UINT64_C(0x01B8C6B6657429E1), UINT64_C(0x0221D1A64B12AC51), ++ UINT64_C(0x016D488ED34541B9), UINT64_C(0x00609A8BD6FC55C5), ++ UINT64_C(0x01585389E359E1E2) }, ++ { UINT64_C(0x02A0EA86B9AD2A4E), UINT64_C(0x030ABA4A2203CD0E), ++ UINT64_C(0x02ECF4ABFD87D736), UINT64_C(0x01D5815EB2103FD5), ++ UINT64_C(0x023DDB446E0D69E5), UINT64_C(0x03873AEDB2096E89), ++ UINT64_C(0x02E938E3088A654E), UINT64_C(0x03CE7C2D5555E89E), ++ UINT64_C(0x002A2E618C9A8AED) } }, ++ { { UINT64_C(0x00C0E02DDA0CDB9A), UINT64_C(0x030093E9326A40BB), ++ UINT64_C(0x01AEBE3191085015), UINT64_C(0x00CC998F686F466C), ++ UINT64_C(0x00F2991652F3DBC5), UINT64_C(0x0305E12550FBCB15), ++ UINT64_C(0x00315CFED5DC7ED7), UINT64_C(0x03FD51BC68E55CED), ++ UINT64_C(0x008A75841259FDED) }, ++ { UINT64_C(0x00874F92CE48C808), UINT64_C(0x032038FD2066D756), ++ UINT64_C(0x0331914A95336DCA), UINT64_C(0x003A2D0A92ACE248), ++ UINT64_C(0x00E0B9B82B1BC8A9), UINT64_C(0x002F4124FB4BA575), ++ UINT64_C(0x00FB2293ADD56621), UINT64_C(0x00A6127432A1DC15), ++ UINT64_C(0x0096FB303FCBBA21) } }, ++ { { UINT64_C(0x0087848D32FBCDA7), UINT64_C(0x030EC02ACE3BFE06), ++ UINT64_C(0x025E79AB88EE94BE), UINT64_C(0x002380F265A8D542), ++ UINT64_C(0x02AF5B866132C459), UINT64_C(0x006D308E13BB74AF), ++ UINT64_C(0x024861A93F736CDE), UINT64_C(0x02B6735E1974AD24), ++ UINT64_C(0x007E3E98F984C396) }, ++ { UINT64_C(0x011A01FB022A71C9), UINT64_C(0x027AABE445FA7DCA), ++ UINT64_C(0x01D351CBFBBC3619), UINT64_C(0x0160E2F1D8FC9B7F), ++ UINT64_C(0x025C1E212AC1BD5D), UINT64_C(0x03550871A71E99EB), ++ UINT64_C(0x02D5A08CED50A386), UINT64_C(0x03B6A468649B6A8F), ++ UINT64_C(0x0108EE58EB6D781F) } }, ++ { { UINT64_C(0x01AFE337BCB8DB55), UINT64_C(0x0365A6078FE4AF7A), ++ UINT64_C(0x03D1C8FC0331D9B8), UINT64_C(0x009F6F403FF9E1D6), ++ UINT64_C(0x02DF128E11B91CCE), UINT64_C(0x01028214B5A5ED4C), ++ UINT64_C(0x014300FB8FBCC30B), UINT64_C(0x0197C105563F151B), ++ UINT64_C(0x006B6AD89ABCB924) }, ++ { UINT64_C(0x02343480A1475465), UINT64_C(0x036433111AAF7655), ++ UINT64_C(0x022232C96C99246F), UINT64_C(0x0322651C2A008523), ++ UINT64_C(0x0197485ED57E9062), UINT64_C(0x02B4832E92D8841A), ++ UINT64_C(0x02DBF63DF0496A9B), UINT64_C(0x0075A9F399348CCF), ++ UINT64_C(0x01B468DA27157139) } }, ++ { { UINT64_C(0x02F817A853110AE0), UINT64_C(0x00C10ABC3469041D), ++ UINT64_C(0x0399B5681380FF8C), UINT64_C(0x0399D3F80A1F7D39), ++ UINT64_C(0x0269250858760A69), UINT64_C(0x03E8ACED3599493C), ++ UINT64_C(0x023906A99EE9E269), UINT64_C(0x03684E82E1D19164), ++ UINT64_C(0x01B00DDB707F130E) }, ++ { UINT64_C(0x01B9CB7C70E64647), UINT64_C(0x00156530ADD57D4D), ++ UINT64_C(0x0357F16ADF420E69), UINT64_C(0x013BDB742FC34BD9), ++ UINT64_C(0x0322A1323DF9DA56), UINT64_C(0x01A6442A635A2B0A), ++ UINT64_C(0x01DD106B799534CF), UINT64_C(0x01DB6F04475392BB), ++ UINT64_C(0x0085683F1D7DB165) } }, ++ { { UINT64_C(0x00FF0B2418D6A19B), UINT64_C(0x03D0C79C96EF791E), ++ UINT64_C(0x0157D7A45970DFEC), UINT64_C(0x0258D899A59E48C9), ++ UINT64_C(0x033790E7F1FA3B30), UINT64_C(0x0177D51FBFFC2B36), ++ UINT64_C(0x021A07245B77E075), UINT64_C(0x00D21F03E5230B56), ++ UINT64_C(0x00998DCCE486419C) }, ++ { UINT64_C(0x01091A695BFD0575), UINT64_C(0x013627AA7EFF912A), ++ UINT64_C(0x039991631C377F5A), UINT64_C(0x00FFCBAE33E6C3B0), ++ UINT64_C(0x036545772773AD96), UINT64_C(0x02DEF3D2B3143BB8), ++ UINT64_C(0x01B245D67D28AEE2), UINT64_C(0x03B5730E50925D4D), ++ UINT64_C(0x0137D5DA0626A021) } }, ++ { { UINT64_C(0x02EF399693C8C9ED), UINT64_C(0x032480E4E91B4B50), ++ UINT64_C(0x03EAED827D75B37A), UINT64_C(0x02B9358A8C276525), ++ UINT64_C(0x019C467FA946257E), UINT64_C(0x03B457A606548F9D), ++ UINT64_C(0x02D3B10268BB98C2), UINT64_C(0x034BECF321542167), ++ UINT64_C(0x01A1CBB2C11A742B) }, ++ { UINT64_C(0x020BC43C9CBA4DF5), UINT64_C(0x02C3C5D92732D879), ++ UINT64_C(0x03A372C63EEC57C9), UINT64_C(0x014F6920CA56FAD0), ++ UINT64_C(0x036BAFA7F7DF741A), UINT64_C(0x01464F9B06028A5B), ++ UINT64_C(0x000CE62E83C0059C), UINT64_C(0x00F520B04B69F179), ++ UINT64_C(0x011A209D7D4F8EEB) } }, ++ { { UINT64_C(0x01C6A5ECE2AF535C), UINT64_C(0x007C6B09AB9601A8), ++ UINT64_C(0x038E9A5EC53E207E), UINT64_C(0x03F26BD6C2BFA78F), ++ UINT64_C(0x010CDD45101F6F83), UINT64_C(0x0217ECA0924348D3), ++ UINT64_C(0x0147B8EEE7A39BA7), UINT64_C(0x024DDB6C72B3B17D), ++ UINT64_C(0x01AE0B275D729015) }, ++ { UINT64_C(0x0015C3536FA0D000), UINT64_C(0x02D1142A348E15B6), ++ UINT64_C(0x0327BB07DD0C2213), UINT64_C(0x0187BA5FF3D0F09E), ++ UINT64_C(0x0044C2DC0E108433), UINT64_C(0x0034160CAD0C591E), ++ UINT64_C(0x028471C7D759FF89), UINT64_C(0x00E019A28A163F01), ++ UINT64_C(0x00F2C97A825E5385) } }, ++ { { UINT64_C(0x038C2460BF70ACE0), UINT64_C(0x0383AC70974FEC4F), ++ UINT64_C(0x03E2AA648FF27E41), UINT64_C(0x0245F0DBB9355BA1), ++ UINT64_C(0x005499994AA91856), UINT64_C(0x006C41EC471DCB23), ++ UINT64_C(0x01FF9D2007310265), UINT64_C(0x0060D28D61D29BD7), ++ UINT64_C(0x0154E84C6D5C5A9A) }, ++ { UINT64_C(0x0325BCE404C78230), UINT64_C(0x038A9519CB9ADB50), ++ UINT64_C(0x0370A6A5972F5EED), UINT64_C(0x00D5CBEF06834788), ++ UINT64_C(0x00151666A6DEE354), UINT64_C(0x0008A831FD9B0A22), ++ UINT64_C(0x0360D3F15A923EB0), UINT64_C(0x011CEB88A8A3E02E), ++ UINT64_C(0x00CD0FDCE9171910) } }, ++ { { UINT64_C(0x017643017002D68B), UINT64_C(0x01581124BB115A0D), ++ UINT64_C(0x03AEDA0D3163CB21), UINT64_C(0x00F69C67520D44D4), ++ UINT64_C(0x03E135854D80B212), UINT64_C(0x0393E18B0CFCD461), ++ UINT64_C(0x01E646F8739535D0), UINT64_C(0x02DA9D8A9353AE22), ++ UINT64_C(0x0160373EDF8218F9) }, ++ { UINT64_C(0x03E6AECA5D90B740), UINT64_C(0x03FF9C27516B2CFC), ++ UINT64_C(0x034F4A8BB572E463), UINT64_C(0x007B64BAF1504EE1), ++ UINT64_C(0x021A1B22011EFA49), UINT64_C(0x03D4B0EED295BDE3), ++ UINT64_C(0x006A3FA9FD193C5C), UINT64_C(0x038717960A1006B0), ++ UINT64_C(0x00F1597050014DCF) } }, ++ { { UINT64_C(0x003927618EDA25DC), UINT64_C(0x0361657547DB658B), ++ UINT64_C(0x02B8E847FFB9EF33), UINT64_C(0x001A1DB5CA45000E), ++ UINT64_C(0x037664A1305CA9BC), UINT64_C(0x0218997B0A2FBCE3), ++ UINT64_C(0x01A085FF9F45131E), UINT64_C(0x00A1F6CF07EFF2D9), ++ UINT64_C(0x0174C644D6C94B68) }, ++ { UINT64_C(0x007BBBC4821A0C30), UINT64_C(0x02649F09BAEFEF46), ++ UINT64_C(0x0332D706D303F067), UINT64_C(0x0254B383642D4309), ++ UINT64_C(0x0395AD34B7BE0E21), UINT64_C(0x02D9107F2D73D7AD), ++ UINT64_C(0x037B7820233EF8FC), UINT64_C(0x0279A016B3256D06), ++ UINT64_C(0x011AF3A7C2F87F41) } }, ++ { { UINT64_C(0x0257D0E0C16A8803), UINT64_C(0x03ED792238920488), ++ UINT64_C(0x001AC09CD6B220DC), UINT64_C(0x02A4132750A7F053), ++ UINT64_C(0x00A5E7726CD65543), UINT64_C(0x01F0A9985C982A0F), ++ UINT64_C(0x0307B7DB57458965), UINT64_C(0x01985401A96336DC), ++ UINT64_C(0x00D8E9920CF30F0C) }, ++ { UINT64_C(0x024677C739792D19), UINT64_C(0x02F65F1ED50C62B2), ++ UINT64_C(0x0068CAE4CC263AA1), UINT64_C(0x00C913451E404E6A), ++ UINT64_C(0x00BED1AA30F76B8C), UINT64_C(0x03C4320182BBEDCB), ++ UINT64_C(0x00A30EC8B5406328), UINT64_C(0x00E61F7C2704E885), ++ UINT64_C(0x0127B023B5454A66) } }, ++ }, ++ { ++ { { UINT64_C(0x00E9E114E43C6A8B), UINT64_C(0x027E2C20105A2E23), ++ UINT64_C(0x03D5B5FA745094EE), UINT64_C(0x01337080223BD7FF), ++ UINT64_C(0x00D8CCA5AD4589D8), UINT64_C(0x0132DCA140336E19), ++ UINT64_C(0x0302098FAB8EE167), UINT64_C(0x00625B5791BF1AAD), ++ UINT64_C(0x01ECCAEB2EF79CDB) }, ++ { UINT64_C(0x01886BBC26B04438), UINT64_C(0x004F43B6559C663D), ++ UINT64_C(0x035D8CA99B91E616), UINT64_C(0x01354ED06659D27A), ++ UINT64_C(0x0054DF4765586194), UINT64_C(0x021052BBF70881C7), ++ UINT64_C(0x031C5EA1F6288A8B), UINT64_C(0x018AC1ACD36CBDFF), ++ UINT64_C(0x002E5EDF2873FF52) } }, ++ { { UINT64_C(0x0192DA26804ED5E3), UINT64_C(0x019DEC17F31925DE), ++ UINT64_C(0x01585208EBD95AC4), UINT64_C(0x039C6674D066C682), ++ UINT64_C(0x000715A11D1C0CFA), UINT64_C(0x032AD56C1F218BD5), ++ UINT64_C(0x0310FABD23E934F9), UINT64_C(0x009AF7F574942B50), ++ UINT64_C(0x005E0976782CAEF4) }, ++ { UINT64_C(0x038B0A7A2A7D5B37), UINT64_C(0x0315653FB7DA77BD), ++ UINT64_C(0x023F157F76616F31), UINT64_C(0x03C8C103329ACAE7), ++ UINT64_C(0x005A72502EE9CFA2), UINT64_C(0x03204345A2A46FC3), ++ UINT64_C(0x03666DC71F8A5B63), UINT64_C(0x01671725C07390A9), ++ UINT64_C(0x01E82DA80D6C216A) } }, ++ { { UINT64_C(0x02F28395A29D2024), UINT64_C(0x031A09859C9B6A2D), ++ UINT64_C(0x0047073FD20F177A), UINT64_C(0x03D961594C7CA571), ++ UINT64_C(0x019555237A9B2EC3), UINT64_C(0x029EFFFB7289E9D9), ++ UINT64_C(0x008D541E497546F7), UINT64_C(0x0270E93D46DCEE94), ++ UINT64_C(0x00396B23A204BEFD) }, ++ { UINT64_C(0x024295052DDD93A9), UINT64_C(0x0081670F33C07709), ++ UINT64_C(0x00B1D851D4CDFDA9), UINT64_C(0x014DF8329142BB29), ++ UINT64_C(0x00CDDB9A15F7FCFB), UINT64_C(0x0225454F3A1F5B86), ++ UINT64_C(0x01A46C8B126C191D), UINT64_C(0x03D3D3229D104DF9), ++ UINT64_C(0x018B36AD8A91DE12) } }, ++ { { UINT64_C(0x008FA75A590E92D6), UINT64_C(0x02223AFBB681AD2D), ++ UINT64_C(0x000DD9E71FEC0AB1), UINT64_C(0x03B4A988F4ABFEC5), ++ UINT64_C(0x02BDD3FD9A8FB4C8), UINT64_C(0x037A5B9AD9171110), ++ UINT64_C(0x0225D2934ADB68F2), UINT64_C(0x008BA6F5E067B164), ++ UINT64_C(0x014EA0A8B0C5768B) }, ++ { UINT64_C(0x000AB8407662F537), UINT64_C(0x02F781E22DFF31BF), ++ UINT64_C(0x03E22656A1F21F75), UINT64_C(0x01054C62C579B73D), ++ UINT64_C(0x0177A8529E6C1116), UINT64_C(0x03211865DCC5D46F), ++ UINT64_C(0x012706123E7C2723), UINT64_C(0x0396C31AADED99AB), ++ UINT64_C(0x01637E315762AAD0) } }, ++ { { UINT64_C(0x03847D336B9839DA), UINT64_C(0x02200E98133D266E), ++ UINT64_C(0x0039A8261B62D7DC), UINT64_C(0x033295F072A9D5EA), ++ UINT64_C(0x000C3FE4DCCB2B2A), UINT64_C(0x03907B7861011A91), ++ UINT64_C(0x023BC0EFEDB5EE58), UINT64_C(0x0288D6CD63BC03CD), ++ UINT64_C(0x01280E54E8A553CA) }, ++ { UINT64_C(0x036493BB1C1962CE), UINT64_C(0x0361F9CAD30DAC24), ++ UINT64_C(0x023856E058F7248C), UINT64_C(0x01EBC4CE9BBA1951), ++ UINT64_C(0x00FE14205169D78D), UINT64_C(0x01237D85837C8C98), ++ UINT64_C(0x017C4E2A95E40B90), UINT64_C(0x004E446F2E2C7819), ++ UINT64_C(0x0007FA80EDA9F2C8) } }, ++ { { UINT64_C(0x009A65815D2BF9A7), UINT64_C(0x027CB047E8DF8668), ++ UINT64_C(0x0391C32A60456677), UINT64_C(0x01CBC26A69AB3F09), ++ UINT64_C(0x0334D4D8DE25229B), UINT64_C(0x0383C0FA69B0DD79), ++ UINT64_C(0x01D206CDCC54B9E2), UINT64_C(0x02E51DE738338588), ++ UINT64_C(0x006112D5229EA977) }, ++ { UINT64_C(0x03CE85BEE20C30CB), UINT64_C(0x02FEBC02D12BC9D5), ++ UINT64_C(0x02AEDC3A968E7052), UINT64_C(0x02090B846E5AD878), ++ UINT64_C(0x00E4B6AEE2DDC2E3), UINT64_C(0x00269BE91139208A), ++ UINT64_C(0x02FEA688006D25C9), UINT64_C(0x002F5EFACF2F785D), ++ UINT64_C(0x009FE82D05CAC96A) } }, ++ { { UINT64_C(0x02EE8F69AB2E6D92), UINT64_C(0x0213F64F73B9A354), ++ UINT64_C(0x000A9DDA2E925D3C), UINT64_C(0x0192E31297313B4F), ++ UINT64_C(0x02B3145C4DD947AF), UINT64_C(0x03401B39394615DA), ++ UINT64_C(0x01C98D9DFBE6AE7D), UINT64_C(0x02BB8069EC7A7746), ++ UINT64_C(0x00A8BDC9CF002A7B) }, ++ { UINT64_C(0x00A3BF702EB71C5F), UINT64_C(0x00A25EDAE6446CE2), ++ UINT64_C(0x00108D65D5F288B8), UINT64_C(0x02FF972C1494ABED), ++ UINT64_C(0x0398342A5B4A102C), UINT64_C(0x00CD83A6E3855FF3), ++ UINT64_C(0x02D6848441981C93), UINT64_C(0x0335A209E0E8D9AA), ++ UINT64_C(0x01ED6F04D42258A5) } }, ++ { { UINT64_C(0x01FC3B47C1490429), UINT64_C(0x01B9A21B27B6F4B1), ++ UINT64_C(0x0193FF421EE32901), UINT64_C(0x03CC9F551147E445), ++ UINT64_C(0x01773B6B14BB7010), UINT64_C(0x005040A2326FD6EA), ++ UINT64_C(0x01949206C0BB7211), UINT64_C(0x02643DEA7E3C37CC), ++ UINT64_C(0x01725F6694BF623F) }, ++ { UINT64_C(0x014D9BD8587CA374), UINT64_C(0x020B8D6C1F3C983C), ++ UINT64_C(0x0395B0E3A7CCCE2F), UINT64_C(0x0071FCA214298293), ++ UINT64_C(0x038CF96F2462B942), UINT64_C(0x00DD1C97E2E6BCA4), ++ UINT64_C(0x00DEC4ACF114C9D6), UINT64_C(0x005DCE68C5288587), ++ UINT64_C(0x017B1DC591DEA2A9) } }, ++ { { UINT64_C(0x01A03D95A3ACF0F9), UINT64_C(0x0123031B8850C86B), ++ UINT64_C(0x0269AB94408A086E), UINT64_C(0x0181DEF245438334), ++ UINT64_C(0x00AB4F62CC0E7BA5), UINT64_C(0x0294A03CC0C2A98D), ++ UINT64_C(0x02234FBFCCAA23F6), UINT64_C(0x0304B9AF501D1961), ++ UINT64_C(0x0037258E9F9B8667) }, ++ { UINT64_C(0x0344657939436D81), UINT64_C(0x010709812083B7CE), ++ UINT64_C(0x00DBCA5B5A81714D), UINT64_C(0x00396E25D33E3896), ++ UINT64_C(0x00C0A65FA9547A23), UINT64_C(0x03F6796EDC3F72D8), ++ UINT64_C(0x022AA55EA0053589), UINT64_C(0x031E838C917FDA1B), ++ UINT64_C(0x014AF707C515D93F) } }, ++ { { UINT64_C(0x00E48C0436C8D427), UINT64_C(0x02A85992128BD380), ++ UINT64_C(0x03861C4538E26A42), UINT64_C(0x027A6E7784D042DB), ++ UINT64_C(0x0129555575E66B0A), UINT64_C(0x017362D6E2713125), ++ UINT64_C(0x00A08F82306ED961), UINT64_C(0x007FCDDA0F78CBC0), ++ UINT64_C(0x010F4598B67DA097) }, ++ { UINT64_C(0x03448C05AD400463), UINT64_C(0x03CB26D3975CCFCD), ++ UINT64_C(0x0067B9FD99A88F1D), UINT64_C(0x001F257A56DADDC1), ++ UINT64_C(0x03AEAFB6384BA84C), UINT64_C(0x0010C9301FE7F887), ++ UINT64_C(0x03D65C213A46C68C), UINT64_C(0x029BB4A1F8A5E81E), ++ UINT64_C(0x00C1838AFD6E3F39) } }, ++ { { UINT64_C(0x03CE07505924C15F), UINT64_C(0x0043A08ED31A1B99), ++ UINT64_C(0x0339C4C25E8B8B88), UINT64_C(0x0380DFF73DEBF4DA), ++ UINT64_C(0x031FBA11E366BE60), UINT64_C(0x001D2B7C0FA8BD42), ++ UINT64_C(0x009DE3ACE8B8A24D), UINT64_C(0x02B5F07FB5B5BD4F), ++ UINT64_C(0x018247CA534C6F7F) }, ++ { UINT64_C(0x01E0A02B3DBEEE78), UINT64_C(0x001E200666AB15CD), ++ UINT64_C(0x0186BEA684E8C48E), UINT64_C(0x00F3F1894CDB68E0), ++ UINT64_C(0x032ECC59DF1BBB85), UINT64_C(0x02D06C53B9B53209), ++ UINT64_C(0x004A86739B90C8A8), UINT64_C(0x03AD8A97D98C89BC), ++ UINT64_C(0x00F01344204A1E2F) } }, ++ { { UINT64_C(0x03582A68690F8C80), UINT64_C(0x012E151E3D7485DA), ++ UINT64_C(0x02527AD70F6AC0B4), UINT64_C(0x018B935CB107A3CD), ++ UINT64_C(0x036AA37D7A7E3625), UINT64_C(0x034CFB229578C67F), ++ UINT64_C(0x00A3FBC7740B7E16), UINT64_C(0x03D0C73BF6F5756D), ++ UINT64_C(0x009FFA51FEAC33FA) }, ++ { UINT64_C(0x0208A8D791982847), UINT64_C(0x03EDDBD997642B6C), ++ UINT64_C(0x025D551977914C26), UINT64_C(0x02DD352759CA1376), ++ UINT64_C(0x00654090371E1000), UINT64_C(0x004AC720BEC03C34), ++ UINT64_C(0x03C06BE7F6C95884), UINT64_C(0x01FA475777DF0765), ++ UINT64_C(0x00A99275E15E46C7) } }, ++ { { UINT64_C(0x016A50E0A643409F), UINT64_C(0x0122617180184D38), ++ UINT64_C(0x0105E92945AC97AB), UINT64_C(0x01A1B865FE31BAD8), ++ UINT64_C(0x033E0DC143E2D46B), UINT64_C(0x03DD157DF58A1946), ++ UINT64_C(0x02DF8E8C2EC7FB6D), UINT64_C(0x00E031916AFF1478), ++ UINT64_C(0x017A7BE92C9A8A1C) }, ++ { UINT64_C(0x02063F9B1AF2F29D), UINT64_C(0x0275AF845DF62346), ++ UINT64_C(0x010016B05B22BD9F), UINT64_C(0x03772DD9DE8A3F70), ++ UINT64_C(0x011B489BE6C04500), UINT64_C(0x0122DEDE177B839E), ++ UINT64_C(0x008B9ED1DBF81860), UINT64_C(0x00CDA67D0D8CEDC1), ++ UINT64_C(0x01984030C18BF083) } }, ++ { { UINT64_C(0x02791762137B93A2), UINT64_C(0x01F9DE3C5491E823), ++ UINT64_C(0x01E50243877F23E4), UINT64_C(0x0144F0B0081F37BC), ++ UINT64_C(0x00D7A781DD6DE5E2), UINT64_C(0x036A5EFE959E26D1), ++ UINT64_C(0x03A51922038AEEA2), UINT64_C(0x0054D452C10BD4F0), ++ UINT64_C(0x01B8A51151884AEF) }, ++ { UINT64_C(0x0241D85F77A00331), UINT64_C(0x023528AF19A313C4), ++ UINT64_C(0x0176DFC98292A79E), UINT64_C(0x03AADEBB4F7B06B1), ++ UINT64_C(0x00DAB141E4CE727F), UINT64_C(0x0388E18953348B42), ++ UINT64_C(0x03FD5A751265E468), UINT64_C(0x024673750B3DB1AB), ++ UINT64_C(0x00E57DD5F1A23923) } }, ++ { { UINT64_C(0x019D69A891328CE4), UINT64_C(0x008F01053E7A765C), ++ UINT64_C(0x030B5EE16F612292), UINT64_C(0x020A99C1AB590289), ++ UINT64_C(0x01D62D438BE82D64), UINT64_C(0x037D8D3250B87A70), ++ UINT64_C(0x03ACF90A3316DB71), UINT64_C(0x011F2D638816284F), ++ UINT64_C(0x000D63B1CF94E578) }, ++ { UINT64_C(0x026288694B620A88), UINT64_C(0x01D7EC9688B643F5), ++ UINT64_C(0x0329AC344C36F494), UINT64_C(0x01F7C91E725E18A1), ++ UINT64_C(0x02FEB98C58EA0341), UINT64_C(0x00A508DDA6BF1EC5), ++ UINT64_C(0x00733B2463BD7A85), UINT64_C(0x0384EBC8AB299B36), ++ UINT64_C(0x00074909BD45312A) } }, ++ { { UINT64_C(0x03E08C2C5C95FF29), UINT64_C(0x00C670644C808211), ++ UINT64_C(0x012D8021671FE338), UINT64_C(0x039F033363AA44CD), ++ UINT64_C(0x0337E7DB83662796), UINT64_C(0x03DDF327E2706223), ++ UINT64_C(0x005FBC050700CAFA), UINT64_C(0x020FC3C9D5CBB556), ++ UINT64_C(0x0105E1BC0BF33DC4) }, ++ { UINT64_C(0x03F3D06894519732), UINT64_C(0x029248D001BE65FE), ++ UINT64_C(0x011EC77A8F1A11E3), UINT64_C(0x0365A31B2279F38F), ++ UINT64_C(0x014E2577747A12CD), UINT64_C(0x0160E01F73DAA243), ++ UINT64_C(0x01E3B9CC567EDCCC), UINT64_C(0x03E1B7F6A7B42960), ++ UINT64_C(0x01809B863B2F3F5A) } }, ++ }, ++ { ++ { { UINT64_C(0x0373B24CDED2EB86), UINT64_C(0x02402CCFAA26116F), ++ UINT64_C(0x005073857CDB6102), UINT64_C(0x01AE6F89575C7623), ++ UINT64_C(0x022FF653B3A939A7), UINT64_C(0x0190B7CB0A3545D4), ++ UINT64_C(0x02353B26D8170467), UINT64_C(0x003C64522D17855F), ++ UINT64_C(0x01E5D565F776B34F) }, ++ { UINT64_C(0x025185A2C4B5DE1E), UINT64_C(0x02B3AFFAB7E382B2), ++ UINT64_C(0x0194B86479736527), UINT64_C(0x026B4BE5E81594AE), ++ UINT64_C(0x01D6960578E25220), UINT64_C(0x00993E60F26C1FF2), ++ UINT64_C(0x019B938479BA949D), UINT64_C(0x01FCA32034CAD7A3), ++ UINT64_C(0x017759280D580A6A) } }, ++ { { UINT64_C(0x02346AE90C2CA70B), UINT64_C(0x013757CC55F070F5), ++ UINT64_C(0x017E107D86CA7681), UINT64_C(0x005AD490EBA565E0), ++ UINT64_C(0x02C9C614514CB60C), UINT64_C(0x03BEAF2AC475AF2B), ++ UINT64_C(0x008C591B4CE3CC44), UINT64_C(0x014A9DDFA491CE57), ++ UINT64_C(0x001268735793A719) }, ++ { UINT64_C(0x007F97B31426994D), UINT64_C(0x01A96DF191B418F1), ++ UINT64_C(0x027DF055755518F4), UINT64_C(0x025DAAC2254C5D3C), ++ UINT64_C(0x0262D34E340FC2C3), UINT64_C(0x01F14824C8F72557), ++ UINT64_C(0x02A4819301BACB9F), UINT64_C(0x0268E03E6BEAB510), ++ UINT64_C(0x00EA805018D6E199) } }, ++ { { UINT64_C(0x00FEA5E6ABEE1F7B), UINT64_C(0x00538DB9B2D8E2D4), ++ UINT64_C(0x0305BA64218318A0), UINT64_C(0x022BD39A67AA3F20), ++ UINT64_C(0x01157632723B17F9), UINT64_C(0x00C8DAAF646E78C9), ++ UINT64_C(0x0158EFBD367A27CD), UINT64_C(0x011375E95CB4F12F), ++ UINT64_C(0x005E40D5A4D44054) }, ++ { UINT64_C(0x0297475C1D71A4FA), UINT64_C(0x03C1DABD876A7908), ++ UINT64_C(0x0038CB20D99CAE76), UINT64_C(0x03D63A3A005959E9), ++ UINT64_C(0x02AF78B93B764B6F), UINT64_C(0x0109A0342CFC2D30), ++ UINT64_C(0x01C301BEC294E434), UINT64_C(0x01972384DAD5FD67), ++ UINT64_C(0x01C3F5C9DF46F8D3) } }, ++ { { UINT64_C(0x03C115A0432574BE), UINT64_C(0x01495DBDA1F302E5), ++ UINT64_C(0x010568069CC94673), UINT64_C(0x000A2EEAB0E37751), ++ UINT64_C(0x033EE9D566902CC4), UINT64_C(0x006B34AFED584340), ++ UINT64_C(0x02B50803E9B165A1), UINT64_C(0x03E38D1CBBEC3EC2), ++ UINT64_C(0x0023CF19CC14F82C) }, ++ { UINT64_C(0x01CCAAFE462EC0F0), UINT64_C(0x02E714845D028EE6), ++ UINT64_C(0x02DCB47FF5021595), UINT64_C(0x030908AA9B079880), ++ UINT64_C(0x00371B5A69854385), UINT64_C(0x0185FE540E9AE9FF), ++ UINT64_C(0x02EE86F4F1A83CE4), UINT64_C(0x03AB730574E67F57), ++ UINT64_C(0x01F85953DB252C4B) } }, ++ { { UINT64_C(0x02EC254BFD8CB3CC), UINT64_C(0x01DFEE8DE5F7858B), ++ UINT64_C(0x019C8AD2711F9096), UINT64_C(0x00B1E57CC4C26707), ++ UINT64_C(0x03511BB53983E402), UINT64_C(0x02A4019CDD626E9F), ++ UINT64_C(0x03BA2E0AC5C44D84), UINT64_C(0x00A965FE7663AD49), ++ UINT64_C(0x01739420DA2DD7E5) }, ++ { UINT64_C(0x001E59C7B82FB619), UINT64_C(0x007B29CCEEF8AD83), ++ UINT64_C(0x02907C71BFFAE931), UINT64_C(0x003F110EC15CB5CF), ++ UINT64_C(0x02A76ECA58531793), UINT64_C(0x02D8D0EB5EA2FA03), ++ UINT64_C(0x0302231943B524FC), UINT64_C(0x01EBC24F8F0A0C29), ++ UINT64_C(0x019802CBF5F3CE73) } }, ++ { { UINT64_C(0x01852168BF26ECDA), UINT64_C(0x03BA5FFA1597B73C), ++ UINT64_C(0x00E55E47A88BF735), UINT64_C(0x03EF5511C575EFAA), ++ UINT64_C(0x03BEAAED274CB2F4), UINT64_C(0x01A2B7AEE5E82012), ++ UINT64_C(0x00161524928CEDED), UINT64_C(0x0243FB8CEB1DB1ED), ++ UINT64_C(0x00A939AAE7662875) }, ++ { UINT64_C(0x035FC996431E0BB4), UINT64_C(0x03871F05A029588C), ++ UINT64_C(0x024685D44F302D5A), UINT64_C(0x03D65DBBB0A24C64), ++ UINT64_C(0x031CCDBD89C13824), UINT64_C(0x03EEC80794841ADF), ++ UINT64_C(0x02BDD19433E827DB), UINT64_C(0x025D0DEF338BCA12), ++ UINT64_C(0x019DD1E057A3957F) } }, ++ { { UINT64_C(0x028221686CEBC7BE), UINT64_C(0x00550CAC829C5C56), ++ UINT64_C(0x024473DA711003E5), UINT64_C(0x01D2D356A63016BD), ++ UINT64_C(0x016B5C937B93F5AA), UINT64_C(0x016BA509AE911631), ++ UINT64_C(0x03BB387F2983AA08), UINT64_C(0x0087050F624145D1), ++ UINT64_C(0x00430D39E6B578E6) }, ++ { UINT64_C(0x02E690EFE2E3859D), UINT64_C(0x021D189217E0C7B9), ++ UINT64_C(0x03BC89797B1B794C), UINT64_C(0x01D6B16B566AB9D7), ++ UINT64_C(0x02935CEB8993E4D1), UINT64_C(0x03C0BF4C7D6967AE), ++ UINT64_C(0x00EA7B0862929371), UINT64_C(0x014624F22194B5D9), ++ UINT64_C(0x00D68221B3478C47) } }, ++ { { UINT64_C(0x03BEC558C2EB8133), UINT64_C(0x031106A5F911659D), ++ UINT64_C(0x00D07C39AEFB3CBE), UINT64_C(0x02F06E730A651F25), ++ UINT64_C(0x0183C527F019A937), UINT64_C(0x0153E778C8608775), ++ UINT64_C(0x0214C61DB43A7203), UINT64_C(0x00CD284ED5892F97), ++ UINT64_C(0x0198EB083CFD5B2B) }, ++ { UINT64_C(0x0393B136D6835A15), UINT64_C(0x03ED1013491B6647), ++ UINT64_C(0x00702068040A8E55), UINT64_C(0x0136DD3C55BF5BE4), ++ UINT64_C(0x03D053D6F8B28F3A), UINT64_C(0x00FAF9585D310B40), ++ UINT64_C(0x002690874B88A2A9), UINT64_C(0x02651384F1D8C181), ++ UINT64_C(0x00E5D3BFA7EC53DE) } }, ++ { { UINT64_C(0x033F039A91D85118), UINT64_C(0x03A170E9A74E89EC), ++ UINT64_C(0x03EBE8F17E2B4C68), UINT64_C(0x032E08DD52962FFF), ++ UINT64_C(0x01F682C887362E38), UINT64_C(0x02848A835A72A2EE), ++ UINT64_C(0x00AFA36F7A88966F), UINT64_C(0x02D505E8ED473B2D), ++ UINT64_C(0x007B6EF0E4DAA123) }, ++ { UINT64_C(0x03F322E8CD472029), UINT64_C(0x009B31F349123C63), ++ UINT64_C(0x024396A463AE29B2), UINT64_C(0x035A559411C8D9B7), ++ UINT64_C(0x0302AAF84FEF53A7), UINT64_C(0x00322717487DC79C), ++ UINT64_C(0x02CA6AE27A92266C), UINT64_C(0x03E6B6580391B525), ++ UINT64_C(0x00647CC677EE4353) } }, ++ { { UINT64_C(0x0015F4FB3CE12393), UINT64_C(0x013D9CD65B87D1CA), ++ UINT64_C(0x03ED1458BDACF05A), UINT64_C(0x011BC2A44D7A03F7), ++ UINT64_C(0x00D1E2748EE247CF), UINT64_C(0x025C05134193D6D7), ++ UINT64_C(0x03D8D4701057B20F), UINT64_C(0x03CD86409D914C19), ++ UINT64_C(0x0123EE9725146150) }, ++ { UINT64_C(0x03B85772CCE5DBF5), UINT64_C(0x024E60E34E33C627), ++ UINT64_C(0x00CEB58FBCFD7F20), UINT64_C(0x0213A9AF85D15B81), ++ UINT64_C(0x00879FD075FE76EA), UINT64_C(0x01883D1962AC7DA6), ++ UINT64_C(0x0041CDD770D92E82), UINT64_C(0x024CF83E19940701), ++ UINT64_C(0x0001A7D69F562E49) } }, ++ { { UINT64_C(0x03F06D3661D1EEDB), UINT64_C(0x01062600B09B6B3E), ++ UINT64_C(0x01A0A640D07EFC7A), UINT64_C(0x0317F67E20F296A1), ++ UINT64_C(0x034843017C701C3C), UINT64_C(0x033891152A103E33), ++ UINT64_C(0x01C00AE12BC93968), UINT64_C(0x0280A3403412AA1F), ++ UINT64_C(0x0111DA6A8E2C4EE1) }, ++ { UINT64_C(0x0138BBADC5A4238D), UINT64_C(0x02BB1A5504498DAF), ++ UINT64_C(0x03D55FD7A02F99F7), UINT64_C(0x030B36D2716AAE98), ++ UINT64_C(0x00846799916170BE), UINT64_C(0x021843A1130EBD86), ++ UINT64_C(0x01602A0048ED7277), UINT64_C(0x010F628883F5C170), ++ UINT64_C(0x00A879F20138FE97) } }, ++ { { UINT64_C(0x010B697E6BB71E17), UINT64_C(0x00A5FF1EE44F8A1A), ++ UINT64_C(0x02F0A65F0594ADDF), UINT64_C(0x01B97DFF3B989E00), ++ UINT64_C(0x02EBB1D34E1BC0B6), UINT64_C(0x0318AB0F908D45CA), ++ UINT64_C(0x006D84E0ECA51F49), UINT64_C(0x022CBEFDFAF29F0C), ++ UINT64_C(0x019FF3250EDA2D48) }, ++ { UINT64_C(0x0247BD9A1791633D), UINT64_C(0x001017CA6D44DB39), ++ UINT64_C(0x001392DBCF3C08AE), UINT64_C(0x00BBFD8C9245DBED), ++ UINT64_C(0x03C6094D363A2A9B), UINT64_C(0x0026C46C1B980722), ++ UINT64_C(0x014C00915831C495), UINT64_C(0x03480A51EA642A61), ++ UINT64_C(0x018A2CD0EE26C545) } }, ++ { { UINT64_C(0x00179F4F97812A25), UINT64_C(0x02A5E9E3F33BC581), ++ UINT64_C(0x000BD5248493D239), UINT64_C(0x02B7DE8E94D0B6E5), ++ UINT64_C(0x01D8674B49C2359A), UINT64_C(0x020163E368BE3C3B), ++ UINT64_C(0x0332717F9505C7C1), UINT64_C(0x035A143000B7EC9C), ++ UINT64_C(0x00C999A3E0BCCAF1) }, ++ { UINT64_C(0x007B047729EF75E3), UINT64_C(0x02CC12EE110A5B9B), ++ UINT64_C(0x0330E2E6286E55F0), UINT64_C(0x00C6FC4CB1CD5C12), ++ UINT64_C(0x014B93EA65F0CCE4), UINT64_C(0x01E5A20D3788D937), ++ UINT64_C(0x039AB1AC6BF17BFB), UINT64_C(0x0397FE82B1886D3A), ++ UINT64_C(0x000C112A21CE8FCD) } }, ++ { { UINT64_C(0x02B7C1C48CF8D334), UINT64_C(0x0078EAF1E0B9AA5A), ++ UINT64_C(0x0397B9A209EF9EF0), UINT64_C(0x001CFFAFD847B222), ++ UINT64_C(0x0321A14F818F0142), UINT64_C(0x0214D3F98F9D0ED8), ++ UINT64_C(0x011305B71C04D0D3), UINT64_C(0x03DE98EACA808006), ++ UINT64_C(0x01360AA21413198A) }, ++ { UINT64_C(0x028D3F07FD51E170), UINT64_C(0x023F03474306CBA2), ++ UINT64_C(0x034205D496752F99), UINT64_C(0x02D4BC03F380060F), ++ UINT64_C(0x01E2CE3EBF008299), UINT64_C(0x03EE2B7C9CF44A54), ++ UINT64_C(0x022CB7C6BCE06379), UINT64_C(0x03934E9100F4AD3F), ++ UINT64_C(0x001B8D6D7EA30D7F) } }, ++ { { UINT64_C(0x0175E6F14594D02E), UINT64_C(0x0107CFBBB666C104), ++ UINT64_C(0x0043C920F3FC7184), UINT64_C(0x01D3F596321DF679), ++ UINT64_C(0x034FBFA8E62660AC), UINT64_C(0x02F07B7B2F64B7D6), ++ UINT64_C(0x020B7A4B1CB30890), UINT64_C(0x0027370AF3A01ACE), ++ UINT64_C(0x004C3DF94ED57F1B) }, ++ { UINT64_C(0x02F7E28D420891BB), UINT64_C(0x00A165AF3355D551), ++ UINT64_C(0x03E2077F4C7840E2), UINT64_C(0x010A42F1F956CFC2), ++ UINT64_C(0x01586FF6FC545309), UINT64_C(0x00E2A2E3F8A44D6A), ++ UINT64_C(0x01BCD7CFAB0CD9EA), UINT64_C(0x02CD7B5AA257EF8B), ++ UINT64_C(0x01E161EB6461E56F) } }, ++ { { UINT64_C(0x03AA1E440B1B7656), UINT64_C(0x02DB3F4D449DEBD4), ++ UINT64_C(0x025617A010F1A335), UINT64_C(0x010C03757E20D72C), ++ UINT64_C(0x01EA95F9EFACD59B), UINT64_C(0x0126D8DDDE17B239), ++ UINT64_C(0x02DBF2D291F6AEC7), UINT64_C(0x02F6100FC8834353), ++ UINT64_C(0x00C18C83BB58FB77) }, ++ { UINT64_C(0x03754C15A7EEE80E), UINT64_C(0x00247AB9412690FE), ++ UINT64_C(0x016E9C7BD742F5DF), UINT64_C(0x02361FAE95827D75), ++ UINT64_C(0x029E41CC30EA15A1), UINT64_C(0x005F53D5863CB83F), ++ UINT64_C(0x0025C9FC701A2B9B), UINT64_C(0x0389C7702E9DAFBA), ++ UINT64_C(0x00ED3C35310B5895) } }, ++ }, ++ { ++ { { UINT64_C(0x0373C85A8201C48B), UINT64_C(0x000BE293272BB8C3), ++ UINT64_C(0x0299641D84048EF5), UINT64_C(0x012EE83CEE0A37DD), ++ UINT64_C(0x00D6A81ED893F8A3), UINT64_C(0x01988A5103EE9A5B), ++ UINT64_C(0x01495F90BE6C8319), UINT64_C(0x00954437A6A3C821), ++ UINT64_C(0x010E12D843E6580B) }, ++ { UINT64_C(0x007820FBE51DE678), UINT64_C(0x013364C5E0C684D4), ++ UINT64_C(0x009D1721196C2E40), UINT64_C(0x01933769A5FD2063), ++ UINT64_C(0x00BAB8B58BEFA01A), UINT64_C(0x012866F6B7334CBC), ++ UINT64_C(0x025340A51AC6E1FB), UINT64_C(0x03B1135009A4FD38), ++ UINT64_C(0x018AD6567590AFBB) } }, ++ { { UINT64_C(0x03F7CC1DCD9C3B89), UINT64_C(0x03F2238DF027BB54), ++ UINT64_C(0x014C7FD4BA95DD01), UINT64_C(0x01DBD8CC489F6AB6), ++ UINT64_C(0x03A6066BFEA7BAB5), UINT64_C(0x0065E8AD52465D5E), ++ UINT64_C(0x03E8F9DA8D525106), UINT64_C(0x001A6869F0B37603), ++ UINT64_C(0x016D47A0587C292E) }, ++ { UINT64_C(0x0374FC0618A5170B), UINT64_C(0x0152FB1A3C0C1CC0), ++ UINT64_C(0x01710A373C6A380E), UINT64_C(0x00845789535E37A3), ++ UINT64_C(0x035D0DA356C25D05), UINT64_C(0x00C2670CA5FED688), ++ UINT64_C(0x010367DAE1D930AA), UINT64_C(0x0109B528D8B5E2DD), ++ UINT64_C(0x0160EAA2FD7C6C7E) } }, ++ { { UINT64_C(0x02EB058989126FAC), UINT64_C(0x03391866A50E5BF0), ++ UINT64_C(0x0249D99C7ECCC796), UINT64_C(0x031F124A928D03B2), ++ UINT64_C(0x0106FA952E20ED57), UINT64_C(0x001BC6E7D0224A59), ++ UINT64_C(0x00CE05E4690915C9), UINT64_C(0x020A90266CA1AD52), ++ UINT64_C(0x0094293617B76FE5) }, ++ { UINT64_C(0x034B04313831CD9D), UINT64_C(0x03B7732D91E90928), ++ UINT64_C(0x014A1E82A9C3D51E), UINT64_C(0x02AEC53126F32DDD), ++ UINT64_C(0x028AC8F7A359BD6C), UINT64_C(0x01B3A0EDE3DB4B4B), ++ UINT64_C(0x028EB875F2FBF434), UINT64_C(0x01AE764FB3A07035), ++ UINT64_C(0x006701271A1304D0) } }, ++ { { UINT64_C(0x0015B0C258BC45E5), UINT64_C(0x00500CF779654876), ++ UINT64_C(0x00D61185031EC91A), UINT64_C(0x0237D26B8AB4ABC0), ++ UINT64_C(0x0303DB5DD0B1113F), UINT64_C(0x02C21386988E1A69), ++ UINT64_C(0x002A78FA27F52A38), UINT64_C(0x02373FFEB8A111FB), ++ UINT64_C(0x01ED316A4A837D78) }, ++ { UINT64_C(0x02151FA30AE71753), UINT64_C(0x018559984522D236), ++ UINT64_C(0x02AA1CED8D6E9D2C), UINT64_C(0x0336B3277D457875), ++ UINT64_C(0x01FEB5FD684C784F), UINT64_C(0x0312F506AD5C57EB), ++ UINT64_C(0x026506BE8AA4F453), UINT64_C(0x0334630A573CB20E), ++ UINT64_C(0x00AA6EBCFBE68959) } }, ++ { { UINT64_C(0x0339D37CD0D9229F), UINT64_C(0x0170E57961291D98), ++ UINT64_C(0x029AE28566E91600), UINT64_C(0x02402C0C57E9B401), ++ UINT64_C(0x01EC520A49429756), UINT64_C(0x02A2CF079E7747FF), ++ UINT64_C(0x03751BAC838751C0), UINT64_C(0x021ED034A3B7C53C), ++ UINT64_C(0x0118500D09678BBC) }, ++ { UINT64_C(0x007E207E14E4C072), UINT64_C(0x039277F4D05B1F1F), ++ UINT64_C(0x02A052EAB5B31E63), UINT64_C(0x02B6A467E3451DEA), ++ UINT64_C(0x001613AC11B73C00), UINT64_C(0x00C5A6FA0FE24B0C), ++ UINT64_C(0x034F01404D69886A), UINT64_C(0x00324E28B3CA9FD4), ++ UINT64_C(0x005A3181E5A8A0B8) } }, ++ { { UINT64_C(0x02CE6BA9219403A6), UINT64_C(0x030DFB5CBE0CA405), ++ UINT64_C(0x039D700EFB6B4704), UINT64_C(0x0365CAD8F9D06BE7), ++ UINT64_C(0x00FE6873B0456CD8), UINT64_C(0x0090EC1026095A01), ++ UINT64_C(0x016F3A2CC5EC6B62), UINT64_C(0x001AD035AE2286FC), ++ UINT64_C(0x018819632B44D890) }, ++ { UINT64_C(0x039574FA6B48EFBA), UINT64_C(0x029D9BE545F8EFA2), ++ UINT64_C(0x00F42C7789B73AA2), UINT64_C(0x03CB90D731504D3E), ++ UINT64_C(0x0202ACD7E2DE6E8A), UINT64_C(0x02C8AD45BF6E2A24), ++ UINT64_C(0x0067A40E7FC99B4D), UINT64_C(0x03E0738CFADACE29), ++ UINT64_C(0x01177C98831102AA) } }, ++ { { UINT64_C(0x030A8610AC5E165D), UINT64_C(0x014AA32172C55EC2), ++ UINT64_C(0x027CE551CABE6211), UINT64_C(0x02477F69861DB6E6), ++ UINT64_C(0x01E8FF337E7E36EC), UINT64_C(0x0054ACDF3E1C9EF7), ++ UINT64_C(0x03DED626009E6F01), UINT64_C(0x02E49BFEF7555C32), ++ UINT64_C(0x002E4F1C3DB00152) }, ++ { UINT64_C(0x0332D8B606C8A9BC), UINT64_C(0x03AD929E6D810A1A), ++ UINT64_C(0x02C0030394592734), UINT64_C(0x02442FE9824BDA03), ++ UINT64_C(0x03CBAC9513FF99FB), UINT64_C(0x03B3D4E910EDA5AD), ++ UINT64_C(0x005A6F83029FFE7F), UINT64_C(0x02F6FF8D9E1F29A6), ++ UINT64_C(0x0188A1C08A99132D) } }, ++ { { UINT64_C(0x001F1A68F391B195), UINT64_C(0x00F016D21D573BA5), ++ UINT64_C(0x00EB4A4B11B13F56), UINT64_C(0x0390443801100BE8), ++ UINT64_C(0x00CDF1786689F09F), UINT64_C(0x008708E6F68D807B), ++ UINT64_C(0x00CFC70B63E2B318), UINT64_C(0x02DA65CABECA51A9), ++ UINT64_C(0x01BB4CC16417876B) }, ++ { UINT64_C(0x002270E155C4416F), UINT64_C(0x0275E82A3EE6287C), ++ UINT64_C(0x019550DEBAE641A6), UINT64_C(0x0189E9D792313D48), ++ UINT64_C(0x022E11801B0D93FC), UINT64_C(0x006308C9DD555E4E), ++ UINT64_C(0x02F9EBC6E275E976), UINT64_C(0x00011D5E55FC63C6), ++ UINT64_C(0x01D3E16AA048085F) } }, ++ { { UINT64_C(0x01C6845EE45C5FF5), UINT64_C(0x03B6D8ADC4E97112), ++ UINT64_C(0x0068C305E2731ED0), UINT64_C(0x037AFCABEDF2C8B5), ++ UINT64_C(0x016C0203DF9F154E), UINT64_C(0x03FF6DCCA97B1A6C), ++ UINT64_C(0x019D691BB5C8CD06), UINT64_C(0x022C5EA48F6FE25F), ++ UINT64_C(0x00553B7F4065FABA) }, ++ { UINT64_C(0x006009B918BF712A), UINT64_C(0x0087FAC6655FF7A7), ++ UINT64_C(0x039DB19E2FDB3477), UINT64_C(0x014389D0D15C2072), ++ UINT64_C(0x02B3AB48E4A3E0DF), UINT64_C(0x00D55CD68B325E8D), ++ UINT64_C(0x020332F2B62898A4), UINT64_C(0x019DB12158F6D4D6), ++ UINT64_C(0x010E1F4D65633E42) } }, ++ { { UINT64_C(0x035FDBF97A66FBB8), UINT64_C(0x0397FDA15F48E249), ++ UINT64_C(0x0314912B73A0AD12), UINT64_C(0x018B5A1F5856CC06), ++ UINT64_C(0x026DB1F90C057E46), UINT64_C(0x02BC203FE8141974), ++ UINT64_C(0x032698D0DBE8152C), UINT64_C(0x01BC802ED9745CEA), ++ UINT64_C(0x00B1E80CFCF35D14) }, ++ { UINT64_C(0x026A4890175570A1), UINT64_C(0x03DEFA508892558E), ++ UINT64_C(0x00D274862CB6E1EF), UINT64_C(0x02F12D3DF3D2916D), ++ UINT64_C(0x01D9AF2100AA8841), UINT64_C(0x024123BB5E94517B), ++ UINT64_C(0x00CEA1686B604BBF), UINT64_C(0x007E9A1A2F8E072B), ++ UINT64_C(0x012919949C3170DE) } }, ++ { { UINT64_C(0x028CFBD7509B3F23), UINT64_C(0x0341392CF0D37CE2), ++ UINT64_C(0x03BB3B849E04FCBA), UINT64_C(0x004BCCA7E7C71C3F), ++ UINT64_C(0x007EAF927839C8E2), UINT64_C(0x0061602F3DAFE11E), ++ UINT64_C(0x01D0F1831E9A3AE7), UINT64_C(0x032630A59BC245BA), ++ UINT64_C(0x00C9122EE0775F54) }, ++ { UINT64_C(0x027706840C226E2C), UINT64_C(0x021FC974C3A78386), ++ UINT64_C(0x0254E3803EE94792), UINT64_C(0x02763098FB07712F), ++ UINT64_C(0x03085BE39396F8D2), UINT64_C(0x039CDBB83C0DCAE5), ++ UINT64_C(0x0275170CD909C685), UINT64_C(0x02A48EFA2F7CBD9D), ++ UINT64_C(0x0151800A47F18A8F) } }, ++ { { UINT64_C(0x0266B421EDA35EBF), UINT64_C(0x016EE661AEE22D67), ++ UINT64_C(0x02189CC63A33934C), UINT64_C(0x02035BBEEF2E6505), ++ UINT64_C(0x03A21BDAB12827FF), UINT64_C(0x010837E5E86E37F7), ++ UINT64_C(0x000889F4FF18C641), UINT64_C(0x00B83D668CF5F701), ++ UINT64_C(0x00A90A0E4C84A45C) }, ++ { UINT64_C(0x014A9DB7546020F0), UINT64_C(0x026B8123F183E007), ++ UINT64_C(0x014172F8A29A74BC), UINT64_C(0x03ECB113DDF05CC6), ++ UINT64_C(0x0056019B554AE591), UINT64_C(0x01C3E5A8AC670B45), ++ UINT64_C(0x0328112932236FCD), UINT64_C(0x0147D09F4CAD8D13), ++ UINT64_C(0x007CA80EB751C2E8) } }, ++ { { UINT64_C(0x03260C3CA6A09384), UINT64_C(0x01A2DAEF9F24A534), ++ UINT64_C(0x01FA415780AE38B6), UINT64_C(0x02FE728B02BEADE2), ++ UINT64_C(0x031F71486AA63A4A), UINT64_C(0x021F907074346F6D), ++ UINT64_C(0x00225A4DA564511F), UINT64_C(0x02CC4C97BC497C99), ++ UINT64_C(0x01C2DD5CCD878296) }, ++ { UINT64_C(0x03CD4A619B2264B8), UINT64_C(0x03093FC7F1583EA2), ++ UINT64_C(0x02B47AD7D9A2FB6F), UINT64_C(0x00C0D0B440BCA2A9), ++ UINT64_C(0x00B22B3DB051C447), UINT64_C(0x01CEC4D502303875), ++ UINT64_C(0x0340F66A4D33C79A), UINT64_C(0x00C02F44477E4379), ++ UINT64_C(0x01A54038DE4CD448) } }, ++ { { UINT64_C(0x036F26FDD184B415), UINT64_C(0x0077144A843CA00F), ++ UINT64_C(0x012DE3D50936A2A0), UINT64_C(0x00F1A915BEF669FD), ++ UINT64_C(0x02A728B908D36285), UINT64_C(0x023009A8F3585930), ++ UINT64_C(0x01AFE37F5F6903E6), UINT64_C(0x015BE42AC69043A0), ++ UINT64_C(0x0029A3961324FE67) }, ++ { UINT64_C(0x03744629EA87B468), UINT64_C(0x01B1B421D820F115), ++ UINT64_C(0x009DEF11D39EF564), UINT64_C(0x002A1D3B4419573F), ++ UINT64_C(0x00558617DEFBD955), UINT64_C(0x03E4BE19D9F46F14), ++ UINT64_C(0x012A38F1BF3ED4C3), UINT64_C(0x00B5C5CD4AC51A53), ++ UINT64_C(0x00A0E10EBF360168) } }, ++ { { UINT64_C(0x011616DEF784F95B), UINT64_C(0x02677312C6AD8D2D), ++ UINT64_C(0x03F3EF6B22617C90), UINT64_C(0x029E26932332F57D), ++ UINT64_C(0x0285AE820DE6D58A), UINT64_C(0x014C9337216D597B), ++ UINT64_C(0x00A6F170854E55AF), UINT64_C(0x010EA56E5DFB91ED), ++ UINT64_C(0x012F8DBABA868C11) }, ++ { UINT64_C(0x015249FC91DCCF70), UINT64_C(0x0306C5CB46C7DD02), ++ UINT64_C(0x021954201045F6CB), UINT64_C(0x00E2B058688BC602), ++ UINT64_C(0x002D5DDCF79B78E3), UINT64_C(0x03AF429058EAD023), ++ UINT64_C(0x016A3FA5F7DB5234), UINT64_C(0x01EAFE34B82E4D26), ++ UINT64_C(0x0095115BD2F5AE74) } }, ++ { { UINT64_C(0x01C1741308F9B528), UINT64_C(0x011456D2FA27C256), ++ UINT64_C(0x029EE8BA38AC33BC), UINT64_C(0x0162AD2DF7E46CB7), ++ UINT64_C(0x01239C1DD2198564), UINT64_C(0x00D634D586B52D14), ++ UINT64_C(0x00362033A3D5AE2B), UINT64_C(0x00F403720300250C), ++ UINT64_C(0x0134664850978D32) }, ++ { UINT64_C(0x032ECC2C4837554E), UINT64_C(0x008F4BC077701F7F), ++ UINT64_C(0x002D0F7435107071), UINT64_C(0x015A21A6D90E61B2), ++ UINT64_C(0x03E1B78AD2E928DC), UINT64_C(0x02A2214D7306E1AF), ++ UINT64_C(0x01C4FCA92A1694C1), UINT64_C(0x00656FBD23561E1B), ++ UINT64_C(0x013FF3454072CB98) } }, ++ }, ++ { ++ { { UINT64_C(0x003C182D851368EE), UINT64_C(0x0128CF55F2467CB0), ++ UINT64_C(0x00767E333ACE3BB9), UINT64_C(0x011F65D379FE73C3), ++ UINT64_C(0x038B18FA5C037C7D), UINT64_C(0x01B3CD7DFA5B80B3), ++ UINT64_C(0x0086C596F1A3E912), UINT64_C(0x00A8AD1EBFF700CD), ++ UINT64_C(0x00E12C370BFEEC8C) }, ++ { UINT64_C(0x00E5DE2C18A3F84B), UINT64_C(0x02D9CB8AB50B28B7), ++ UINT64_C(0x01D7EDD0731B2C4B), UINT64_C(0x0328A026B1FAD960), ++ UINT64_C(0x02189B0FF8B6CA46), UINT64_C(0x03FD18C777A3B6E8), ++ UINT64_C(0x0004BCBA72EE3E81), UINT64_C(0x0214C7D12A3F1BC4), ++ UINT64_C(0x01CA103DD1B9C887) } }, ++ { { UINT64_C(0x00A781D5DE024391), UINT64_C(0x01D4AC6B9AA04C66), ++ UINT64_C(0x0298088919924A4E), UINT64_C(0x02295F237B9E2B5F), ++ UINT64_C(0x0228FA8EA8570017), UINT64_C(0x01AE7F1814C6B59C), ++ UINT64_C(0x008FF64625C08899), UINT64_C(0x002A626C4EECF6A1), ++ UINT64_C(0x0118A9AD8CEFC12E) }, ++ { UINT64_C(0x014B05DA9E9AB68C), UINT64_C(0x036EDCE530984903), ++ UINT64_C(0x03147DF5F527C318), UINT64_C(0x0196BC1DED347CDD), ++ UINT64_C(0x01BB4AC96E14A591), UINT64_C(0x03C4F3EDF23B9460), ++ UINT64_C(0x03547D14C90381B8), UINT64_C(0x03693FA10D27208C), ++ UINT64_C(0x003B75AA5EA458F7) } }, ++ { { UINT64_C(0x02779CC419496A3E), UINT64_C(0x01D3BB2E4FE62409), ++ UINT64_C(0x032F4C70FCAE21C4), UINT64_C(0x013310DA0ECE14A3), ++ UINT64_C(0x03F3B3593FC9DDBB), UINT64_C(0x0051822EF8CFB99D), ++ UINT64_C(0x012D89EA3AE1C997), UINT64_C(0x00D12E2856922EAE), ++ UINT64_C(0x00E81549D787C4C8) }, ++ { UINT64_C(0x02337896D4B88B67), UINT64_C(0x00A59FC2D1584FBE), ++ UINT64_C(0x02FAA1ED2840EB09), UINT64_C(0x02061203F2AA6499), ++ UINT64_C(0x03BF834C1997385E), UINT64_C(0x02274588F3F24162), ++ UINT64_C(0x001CC1FD4A622D5A), UINT64_C(0x0044FEAA4FA76E84), ++ UINT64_C(0x00B3619A1E813DA3) } }, ++ { { UINT64_C(0x0276BEE0D076683D), UINT64_C(0x030210C875AFAF69), ++ UINT64_C(0x0011EDC7657E64F0), UINT64_C(0x02488D3166D94F20), ++ UINT64_C(0x011EA313A85E0E01), UINT64_C(0x032E12BF7FFAF1B4), ++ UINT64_C(0x00327C5A8CCEF85B), UINT64_C(0x0252EF23E4C30C4E), ++ UINT64_C(0x01CC6A9EB749B839) }, ++ { UINT64_C(0x02B00795BB99594F), UINT64_C(0x01F383BC6F8BE7AA), ++ UINT64_C(0x00760524F18BF5F2), UINT64_C(0x013AA36073E7DDA9), ++ UINT64_C(0x025A0A5A67DE0097), UINT64_C(0x01A61B644AB9486A), ++ UINT64_C(0x0313B98AABF5EA94), UINT64_C(0x003BB89B65E51F0D), ++ UINT64_C(0x01776B040E0F32AB) } }, ++ { { UINT64_C(0x01721BA5B2662A6A), UINT64_C(0x0215447AF117F66C), ++ UINT64_C(0x03DB83ECC5D3D99A), UINT64_C(0x0215A6C6CE2794E3), ++ UINT64_C(0x010BE3489ECF31F8), UINT64_C(0x012B3FA3634CDEF2), ++ UINT64_C(0x017C1F03CDFBCD8A), UINT64_C(0x02EE6A91A626677E), ++ UINT64_C(0x003FF1568F6BE74E) }, ++ { UINT64_C(0x01995519CD76A58E), UINT64_C(0x02DC3A3040585EF5), ++ UINT64_C(0x0061DDCAE3A68494), UINT64_C(0x025E1A1EF3C2AAA5), ++ UINT64_C(0x00CA54B0D55B6CE8), UINT64_C(0x00543A97F9E4CC22), ++ UINT64_C(0x01F7F09EDEFF8BFA), UINT64_C(0x00168473D37DD44E), ++ UINT64_C(0x00FE410E086ACD40) } }, ++ { { UINT64_C(0x006AF7630DA09D54), UINT64_C(0x010ABA844C57F2B5), ++ UINT64_C(0x03C9AC1832567F47), UINT64_C(0x00B3CFD3C603E8BB), ++ UINT64_C(0x01A04969EEACA1C9), UINT64_C(0x02E57B7E17E4591D), ++ UINT64_C(0x03E68AB3619DA17B), UINT64_C(0x00ECCA930F030279), ++ UINT64_C(0x01B2C98B4036BF1D) }, ++ { UINT64_C(0x0077C78B045007F6), UINT64_C(0x03CCE2791A0C0815), ++ UINT64_C(0x01688DB89F24D07A), UINT64_C(0x0017DBDDD43EAD41), ++ UINT64_C(0x033A80BF740D6693), UINT64_C(0x02F768ED65974242), ++ UINT64_C(0x026B74A3E2B11EFF), UINT64_C(0x023E110BE2C45B38), ++ UINT64_C(0x00B98CD56F7AB2CD) } }, ++ { { UINT64_C(0x0383E5A50FB0D3ED), UINT64_C(0x034513587B8AB555), ++ UINT64_C(0x03B1C6783B97BD45), UINT64_C(0x0062B781B344D4E1), ++ UINT64_C(0x00FD5DFB5083FED9), UINT64_C(0x00CF4B880197BC29), ++ UINT64_C(0x02084C42BE014183), UINT64_C(0x01C81317B056C149), ++ UINT64_C(0x016318E131F69642) }, ++ { UINT64_C(0x019B4B41240FA002), UINT64_C(0x0312BAA4E914151E), ++ UINT64_C(0x0180907D9FACF5B0), UINT64_C(0x007774B33895C1D0), ++ UINT64_C(0x017E17EBCCA7FA72), UINT64_C(0x030812EEB0BC890A), ++ UINT64_C(0x02294B1CB2912B73), UINT64_C(0x03835B7F1FA5A17D), ++ UINT64_C(0x001712AC45AB3EC9) } }, ++ { { UINT64_C(0x006603D4F696BA83), UINT64_C(0x00D22CAFE710B52F), ++ UINT64_C(0x00A86019255DD155), UINT64_C(0x03D9E86EE758D999), ++ UINT64_C(0x024051D5CE463A6D), UINT64_C(0x02906D0203D86E6E), ++ UINT64_C(0x02B53E1EA3B77733), UINT64_C(0x01298EBA501720C6), ++ UINT64_C(0x00A49AB3D5669F64) }, ++ { UINT64_C(0x00C3477F5E8C01EF), UINT64_C(0x02CFF8B3EED1F46C), ++ UINT64_C(0x02588DBF2A1259EE), UINT64_C(0x01BC0AE8F9969F27), ++ UINT64_C(0x0284232123DA5F9F), UINT64_C(0x03E79C894325C436), ++ UINT64_C(0x00FE809311DA7F3B), UINT64_C(0x0102255D12EBA535), ++ UINT64_C(0x01F50E25AE34114E) } }, ++ { { UINT64_C(0x0277D803646C1FB6), UINT64_C(0x02488A5E5052BBB1), ++ UINT64_C(0x000391356EAC8F11), UINT64_C(0x01646437C00A834F), ++ UINT64_C(0x02EAB8F940B93B40), UINT64_C(0x024958DF1C74ED20), ++ UINT64_C(0x03F2F1AF37BD1D73), UINT64_C(0x011FE3F5381F17F4), ++ UINT64_C(0x00EF826DAE390184) }, ++ { UINT64_C(0x00D2D6B4BA78B572), UINT64_C(0x0073D6C96322203E), ++ UINT64_C(0x018C7B2E976AA1E5), UINT64_C(0x026E3F6920E5F016), ++ UINT64_C(0x01E846537687AFF5), UINT64_C(0x017563948203FD81), ++ UINT64_C(0x019F1D17DABC8810), UINT64_C(0x00F8ED530C4E3A67), ++ UINT64_C(0x0196F10721B62324) } }, ++ { { UINT64_C(0x032F87D12878503F), UINT64_C(0x03648B98DC48ECC8), ++ UINT64_C(0x0184FD4C8EF53242), UINT64_C(0x01333846A9EEDB04), ++ UINT64_C(0x02C1DF317872BBBF), UINT64_C(0x002D6E1FAF12E7FB), ++ UINT64_C(0x039480C808CCDA38), UINT64_C(0x02845D8F6413B928), ++ UINT64_C(0x01979462C493957E) }, ++ { UINT64_C(0x02E38CCA2947A480), UINT64_C(0x00298B225770DDF9), ++ UINT64_C(0x02859B366A105BC5), UINT64_C(0x00C80C32E8803179), ++ UINT64_C(0x01DEC1627A49675D), UINT64_C(0x018FD7B10ED2384C), ++ UINT64_C(0x00CE729C9A700811), UINT64_C(0x00B9251157C6408C), ++ UINT64_C(0x00D18FB5EDB29090) } }, ++ { { UINT64_C(0x0019C27F1002FA40), UINT64_C(0x0187B6686A1976EA), ++ UINT64_C(0x03089E6ABFDCA1BA), UINT64_C(0x01E3A9276DAB6A31), ++ UINT64_C(0x01010381B56E1374), UINT64_C(0x02059C3444CA22AD), ++ UINT64_C(0x0340D48C52418852), UINT64_C(0x001C397FEACAD014), ++ UINT64_C(0x00A9B91476DE1E3B) }, ++ { UINT64_C(0x01B18811D2203C97), UINT64_C(0x006802C3244A5143), ++ UINT64_C(0x034CC7484B00B0C2), UINT64_C(0x02D138E88D39FE0E), ++ UINT64_C(0x00035A355C8D48A2), UINT64_C(0x01257073943DE7F1), ++ UINT64_C(0x003B2AA49BD592AC), UINT64_C(0x03D7C1DBA4418663), ++ UINT64_C(0x01A24E3A67DAF410) } }, ++ { { UINT64_C(0x02B819FA06A8409F), UINT64_C(0x004A52ACCE9D798F), ++ UINT64_C(0x0342BCE5E942F51F), UINT64_C(0x01499CF92BE85899), ++ UINT64_C(0x03ACD69B9655760D), UINT64_C(0x020F4E9A7813F0D0), ++ UINT64_C(0x03880853D5E05E02), UINT64_C(0x02B0666045F612A7), ++ UINT64_C(0x00302D53FFFEEF1D) }, ++ { UINT64_C(0x025294489593BC03), UINT64_C(0x013D42D26192AAEB), ++ UINT64_C(0x010D09630D5F95E5), UINT64_C(0x02152684A6D53F7C), ++ UINT64_C(0x022DD5DAD7C7B4A8), UINT64_C(0x02966500C48498D3), ++ UINT64_C(0x03D763E4EB3C2E33), UINT64_C(0x027FAC6AFEDC5F61), ++ UINT64_C(0x0074EA2C83E52FE7) } }, ++ { { UINT64_C(0x01DB9F78868172DA), UINT64_C(0x0100A5C0A0C25D2E), ++ UINT64_C(0x023587D7C3E66CE7), UINT64_C(0x0234D19B042FCCD7), ++ UINT64_C(0x0059721B0F60680E), UINT64_C(0x03A0B2DF23AB3A42), ++ UINT64_C(0x0177AFB700329CAC), UINT64_C(0x03D5A5CFAF392AE7), ++ UINT64_C(0x00CF59BC96ECDBA2) }, ++ { UINT64_C(0x03CE38933BF1C993), UINT64_C(0x0388C35CC45F89F5), ++ UINT64_C(0x039286D1ED3DB46C), UINT64_C(0x0061947308D0F830), ++ UINT64_C(0x0307100E3F7C9C8E), UINT64_C(0x00967048E8CC7CC9), ++ UINT64_C(0x03CAD0590370F457), UINT64_C(0x0110D9420ECE3996), ++ UINT64_C(0x009955E94586B830) } }, ++ { { UINT64_C(0x03B6822745F0E5DA), UINT64_C(0x03120B5D07E9C6A5), ++ UINT64_C(0x01F88B173B2A0839), UINT64_C(0x0245CA639869EE96), ++ UINT64_C(0x0199F585B26F8120), UINT64_C(0x01D2153C5D41B782), ++ UINT64_C(0x009EAD730F2E3B2D), UINT64_C(0x007E27FEF3F3388E), ++ UINT64_C(0x01DD0BBF32960B2B) }, ++ { UINT64_C(0x0298F45E5931C0F0), UINT64_C(0x012A6F48D3898EAD), ++ UINT64_C(0x01EFD537B310CFED), UINT64_C(0x030390CD48666C4B), ++ UINT64_C(0x01DCF41DD16073BB), UINT64_C(0x035CF923EABD525A), ++ UINT64_C(0x00DDF48F41B47311), UINT64_C(0x0316E0000BFFF7E2), ++ UINT64_C(0x003C6A0632821286) } }, ++ { { UINT64_C(0x006FA434852228CC), UINT64_C(0x03EE279533E093C6), ++ UINT64_C(0x03C215EE36B974E7), UINT64_C(0x02FA330552481892), ++ UINT64_C(0x01ABFC67F3C2F700), UINT64_C(0x000945F47832719D), ++ UINT64_C(0x01BA378921E29D68), UINT64_C(0x0364936B83B66609), ++ UINT64_C(0x0137B7B2011DE260) }, ++ { UINT64_C(0x00A7EBAC8BA1E090), UINT64_C(0x0343E15BB9BADFCE), ++ UINT64_C(0x01C5AFA1059527D8), UINT64_C(0x039CE94C694D78AB), ++ UINT64_C(0x020EE7FF8C758AFB), UINT64_C(0x03859CF409F61041), ++ UINT64_C(0x033F2682BABD9F38), UINT64_C(0x0344ED7AA22D40CE), ++ UINT64_C(0x00C59BE4543774E1) } }, ++ { { UINT64_C(0x01B5777A8F1CAC2C), UINT64_C(0x001A1BB0AB5E6822), ++ UINT64_C(0x011BC043646DAF27), UINT64_C(0x03F711C68F6A2900), ++ UINT64_C(0x001C279115DF5830), UINT64_C(0x017D6649CFD4D909), ++ UINT64_C(0x02270B8E48C4FC60), UINT64_C(0x01D402B5FB5683E0), ++ UINT64_C(0x001F8DB87807BBF7) }, ++ { UINT64_C(0x00C9DAC0A9244F78), UINT64_C(0x02B03A3698AE7AB0), ++ UINT64_C(0x02CCF3FF50BC045B), UINT64_C(0x03BCD2148E821FFF), ++ UINT64_C(0x035E87616BD7E71C), UINT64_C(0x034B54F4034B6093), ++ UINT64_C(0x02C5BEA4BCD01770), UINT64_C(0x0219F4B5BD513DB4), ++ UINT64_C(0x01DF5AC58C13B575) } }, ++ }, ++ { ++ { { UINT64_C(0x019885D110E10587), UINT64_C(0x0225E6982614E90C), ++ UINT64_C(0x03FE389B08EF52DA), UINT64_C(0x02986A5F6773FA41), ++ UINT64_C(0x02D7E3FB92A3A338), UINT64_C(0x02804DB8E96B46A6), ++ UINT64_C(0x02ED29A77A3BFC07), UINT64_C(0x021EDA658D1622A9), ++ UINT64_C(0x00DC41F148BEEF47) }, ++ { UINT64_C(0x00671195EBF698BD), UINT64_C(0x02DA5978A5D3B8AE), ++ UINT64_C(0x0067084C20702323), UINT64_C(0x01BAE92F07B45047), ++ UINT64_C(0x01EECFF9A6840B39), UINT64_C(0x00B5A0A6F615E949), ++ UINT64_C(0x02CE02C0AFAD4F4D), UINT64_C(0x02CCCE13BD8C56FD), ++ UINT64_C(0x001BC38FE857CCC6) } }, ++ { { UINT64_C(0x00081356B6965640), UINT64_C(0x006CE26431E83C07), ++ UINT64_C(0x01BA4874007EE7A0), UINT64_C(0x02537377BE8BDCBF), ++ UINT64_C(0x0248DB2FA66BD85D), UINT64_C(0x028C676B603EF79F), ++ UINT64_C(0x011FB7160B2BE1C4), UINT64_C(0x02E60E65885FEFB9), ++ UINT64_C(0x012B85F1B13BE0ED) }, ++ { UINT64_C(0x0353AA14ECFB1D0D), UINT64_C(0x01FF0DDD82885F37), ++ UINT64_C(0x0331E99B56FBDDD7), UINT64_C(0x03AEB28F8419966F), ++ UINT64_C(0x021F907EA8D0F042), UINT64_C(0x013BD7D21430856E), ++ UINT64_C(0x0386870C6BB892CA), UINT64_C(0x03E04B0EFADCEFFA), ++ UINT64_C(0x007C04B740BD4123) } }, ++ { { UINT64_C(0x0003B2CD3E0BF039), UINT64_C(0x00C735DA6B8581E9), ++ UINT64_C(0x0012D9341E1131F3), UINT64_C(0x03D2B2BBE7116022), ++ UINT64_C(0x00A056CCF73BDC37), UINT64_C(0x027C9AA3BBBDE400), ++ UINT64_C(0x02165FF6E36E8907), UINT64_C(0x0139C88969C85A96), ++ UINT64_C(0x00C7B0F49EEA4A8D) }, ++ { UINT64_C(0x01F03CD678EAF6EB), UINT64_C(0x01BF3F1E8FBD78DF), ++ UINT64_C(0x00857FD3BFA434E9), UINT64_C(0x008641B0E586D15E), ++ UINT64_C(0x021227FC18AF0795), UINT64_C(0x022F892EEA381B7A), ++ UINT64_C(0x00B3FA1F0F06E680), UINT64_C(0x01EAB02BC55C4EE1), ++ UINT64_C(0x01116BB9BA45D30F) } }, ++ { { UINT64_C(0x03B557A9EDCBF5E2), UINT64_C(0x00B1DFD3ECC7A54C), ++ UINT64_C(0x02DCE258E5A7E8D4), UINT64_C(0x00CA7703C434FC01), ++ UINT64_C(0x038801282507AB56), UINT64_C(0x025FD9FA5A9E7C74), ++ UINT64_C(0x0084D0CBBC9F71D9), UINT64_C(0x00D621CCEBB93EC1), ++ UINT64_C(0x007E0D7D26AF06B2) }, ++ { UINT64_C(0x02584763447D2B4B), UINT64_C(0x00E02402AF814CEB), ++ UINT64_C(0x01A0946A66DEBE3C), UINT64_C(0x025BDCD462246772), ++ UINT64_C(0x032E9062B0C5E215), UINT64_C(0x037BCF49D9FBECDC), ++ UINT64_C(0x001F56138C539278), UINT64_C(0x000AEA3CABF951BB), ++ UINT64_C(0x007AA80F0C621590) } }, ++ { { UINT64_C(0x00B8EEBBBD959BD9), UINT64_C(0x001BE3997D083340), ++ UINT64_C(0x01B3F063154C5C54), UINT64_C(0x0258C476F7A9A983), ++ UINT64_C(0x0042A485E75D36E5), UINT64_C(0x034928BB28AF526A), ++ UINT64_C(0x01BA009661FE033D), UINT64_C(0x039E10035E2FEDA5), ++ UINT64_C(0x01AFFCC1198129AF) }, ++ { UINT64_C(0x030AD5348384E611), UINT64_C(0x01579499B7C9277C), ++ UINT64_C(0x01969EE33931346F), UINT64_C(0x025C5C1EBDB572DA), ++ UINT64_C(0x033A65D217266A39), UINT64_C(0x026F0D4AD6360EAB), ++ UINT64_C(0x037599346289BDA2), UINT64_C(0x0092404E9E02CE9C), ++ UINT64_C(0x01D0C694EC0434A7) } }, ++ { { UINT64_C(0x0099723AA10FBD04), UINT64_C(0x03F7E7474E4B9E21), ++ UINT64_C(0x03ECBDF12C367638), UINT64_C(0x009B6D83C1B5EFBE), ++ UINT64_C(0x03E6CE2FC3522A5D), UINT64_C(0x0083A6DEF388FDCF), ++ UINT64_C(0x0001D8542F4EA36B), UINT64_C(0x035D032BD68C8381), ++ UINT64_C(0x0131DF4BF7A79938) }, ++ { UINT64_C(0x008A14C7B9493BE8), UINT64_C(0x0273BD54452391FF), ++ UINT64_C(0x035758B804AAD2E8), UINT64_C(0x0218D8B66AABA8CD), ++ UINT64_C(0x0013BC5120CE58B7), UINT64_C(0x027C6BF5C3CF36BB), ++ UINT64_C(0x0325B4A1E773C0D4), UINT64_C(0x01C2F7A449EA2D3B), ++ UINT64_C(0x01C6E6D30CAF29F6) } }, ++ { { UINT64_C(0x0321B0EB2DAA2FB7), UINT64_C(0x001AF441996ABD26), ++ UINT64_C(0x0075B82E9704E625), UINT64_C(0x00FD42C4DDFBEF6D), ++ UINT64_C(0x0199707C61408809), UINT64_C(0x017F62CF54E5FBA8), ++ UINT64_C(0x03E8914D3356B6E7), UINT64_C(0x010B415870E01C17), ++ UINT64_C(0x01B8D0304825F773) }, ++ { UINT64_C(0x01AA92433FDAA949), UINT64_C(0x01186BD47A9D105F), ++ UINT64_C(0x03D995A63573F12F), UINT64_C(0x032129C097A55B0D), ++ UINT64_C(0x01817B31A05D6C77), UINT64_C(0x03D1CAF9B4BCAF81), ++ UINT64_C(0x01524CCC3B01B281), UINT64_C(0x0296DAA6FDAA7E18), ++ UINT64_C(0x002F1DC74BE29F0C) } }, ++ { { UINT64_C(0x02171F9BDC8D6167), UINT64_C(0x03D306F736B287BD), ++ UINT64_C(0x021943224F5B91BE), UINT64_C(0x02B6BA63BB681A7A), ++ UINT64_C(0x003527F99B16E603), UINT64_C(0x00CC933DC7095468), ++ UINT64_C(0x0265D81677BFCEEF), UINT64_C(0x028AA225CE78ABEA), ++ UINT64_C(0x00837C63F321EE01) }, ++ { UINT64_C(0x00A4B775684BF04E), UINT64_C(0x00AB33042AB3CA3F), ++ UINT64_C(0x019796F5B70DA12B), UINT64_C(0x00CD06B6726983AD), ++ UINT64_C(0x002698B98D097375), UINT64_C(0x03BB3A2632FF6007), ++ UINT64_C(0x00B02BB6915F2608), UINT64_C(0x0267E64CB1F79BA2), ++ UINT64_C(0x01DAB183858DB0F4) } }, ++ { { UINT64_C(0x01D545A21757C756), UINT64_C(0x001D934F1E31FF52), ++ UINT64_C(0x023B0285CE4B1861), UINT64_C(0x031354B83A06220D), ++ UINT64_C(0x017177FFE06AFE14), UINT64_C(0x019E6D07584A960E), ++ UINT64_C(0x0119B9405A4BEA49), UINT64_C(0x019D70486EC70531), ++ UINT64_C(0x00D7844A95DDF521) }, ++ { UINT64_C(0x02045C5C7288CF7B), UINT64_C(0x00677CB68405B1B1), ++ UINT64_C(0x01845055E3EA0793), UINT64_C(0x035EFB9C55059FBD), ++ UINT64_C(0x038843F3AF91E7EA), UINT64_C(0x00822747CA170235), ++ UINT64_C(0x037B132A90F3A94C), UINT64_C(0x00526CF439B472A8), ++ UINT64_C(0x00132F18D93B62FB) } }, ++ { { UINT64_C(0x01D84FC9D0CF69E7), UINT64_C(0x006503AA38D2A5EE), ++ UINT64_C(0x03A94DFC118DD98F), UINT64_C(0x03B7F19AE7F392FF), ++ UINT64_C(0x007287A7DC1849A3), UINT64_C(0x00067A7B188F6CE5), ++ UINT64_C(0x02A347BDE0D7D087), UINT64_C(0x0268E88CC6AAFE02), ++ UINT64_C(0x010F44A365B11B99) }, ++ { UINT64_C(0x018F73AC92AE7427), UINT64_C(0x0371CC00B812BB06), ++ UINT64_C(0x0093D3088101FF62), UINT64_C(0x00C8613B7544141B), ++ UINT64_C(0x01AF7C6201945AC7), UINT64_C(0x030C7CA555FE097F), ++ UINT64_C(0x025B2E6EDA00AB31), UINT64_C(0x0214A3B6A76443D0), ++ UINT64_C(0x0040A360259C7CDD) } }, ++ { { UINT64_C(0x006047E27F3DE4D2), UINT64_C(0x01FC4A47DA6A0A53), ++ UINT64_C(0x015A543BD0BC352A), UINT64_C(0x014AACDA98A2B65E), ++ UINT64_C(0x036FE6BD165C71A3), UINT64_C(0x02DF772BAC823A1F), ++ UINT64_C(0x00416598B2CD1443), UINT64_C(0x032CA3B1D0CAEDD0), ++ UINT64_C(0x0032FB284CCCEF17) }, ++ { UINT64_C(0x006DC83E96A2607F), UINT64_C(0x013B7280B80B6341), ++ UINT64_C(0x004551B88CA47813), UINT64_C(0x01849A56EE6AB37F), ++ UINT64_C(0x00C3074BC3D0074A), UINT64_C(0x0049915404661EF6), ++ UINT64_C(0x017F0B8543807006), UINT64_C(0x01235802E0AA61E9), ++ UINT64_C(0x016866C456C5454B) } }, ++ { { UINT64_C(0x0397A466381DC2A6), UINT64_C(0x00CD4D54FE413A43), ++ UINT64_C(0x0320035D8FD47311), UINT64_C(0x03FEF7B90109A77E), ++ UINT64_C(0x01FF2C161A6CFCBA), UINT64_C(0x014089BF152955D6), ++ UINT64_C(0x00595A7ADB79909F), UINT64_C(0x02E10BC4FB022F89), ++ UINT64_C(0x012739D14BF39AB2) }, ++ { UINT64_C(0x03045804E123BA29), UINT64_C(0x037196AFA31BDBE1), ++ UINT64_C(0x01A3BADADE7D8795), UINT64_C(0x005FE72D3736F1F7), ++ UINT64_C(0x00B261A79C9F5DAE), UINT64_C(0x00CC055F3C4A27EA), ++ UINT64_C(0x018DD7C9E5958FC2), UINT64_C(0x0096748344CCC75E), ++ UINT64_C(0x0065ADD88400A218) } }, ++ { { UINT64_C(0x033557744356B52C), UINT64_C(0x03DD368D0EA0209F), ++ UINT64_C(0x02EA630FD3CCDE4D), UINT64_C(0x037A07B902382B40), ++ UINT64_C(0x000B7AF2CF41C092), UINT64_C(0x0221D85556DCC533), ++ UINT64_C(0x03C92114F14EA6E1), UINT64_C(0x006813B827858B16), ++ UINT64_C(0x011933B0203B754D) }, ++ { UINT64_C(0x03A2396D5A659158), UINT64_C(0x0350A8E07708486E), ++ UINT64_C(0x0306EEBAE2B49C8B), UINT64_C(0x00EC9E65F76A5B29), ++ UINT64_C(0x03CECDD7F9A47F6A), UINT64_C(0x024DB8B97AA04533), ++ UINT64_C(0x028D089D2C8EBEAE), UINT64_C(0x01959F5D1CB2E7ED), ++ UINT64_C(0x0024A23BD4403D34) } }, ++ { { UINT64_C(0x038B31C4EED9CDF5), UINT64_C(0x0185AFF2C98A930A), ++ UINT64_C(0x0245E4B7D7DD3E7E), UINT64_C(0x00232AA32609076B), ++ UINT64_C(0x023F2A9E6F982A24), UINT64_C(0x03087A8E3FF2F39E), ++ UINT64_C(0x02F6CA050121ACCC), UINT64_C(0x03568930B3D90B8C), ++ UINT64_C(0x01C922F3A5335B36) }, ++ { UINT64_C(0x032AD6EEE92B1FE6), UINT64_C(0x02FC436D7BD6B2C7), ++ UINT64_C(0x023EDD35035286A3), UINT64_C(0x003D77B6144EB9BC), ++ UINT64_C(0x0304C9A105C2BAEE), UINT64_C(0x01ADB987C7CA786C), ++ UINT64_C(0x0132676ADD1D742E), UINT64_C(0x02A9E9CB749E88B9), ++ UINT64_C(0x00A99A53E3A5AC0A) } }, ++ { { UINT64_C(0x03639306E80DE633), UINT64_C(0x01AB767B97949EED), ++ UINT64_C(0x006F4BAA789B6820), UINT64_C(0x039D5F497550BD7A), ++ UINT64_C(0x00B4B2B380BC772D), UINT64_C(0x03022AD28F3A1DD0), ++ UINT64_C(0x0017950F61ACF7EB), UINT64_C(0x019CAC6E06DC1B93), ++ UINT64_C(0x008470E16670F97A) }, ++ { UINT64_C(0x03C11D39EE5D0D74), UINT64_C(0x01C090F08CC26FEC), ++ UINT64_C(0x0006AD970C46C574), UINT64_C(0x015907C555DF013E), ++ UINT64_C(0x0070AB35D20A91F0), UINT64_C(0x00C0481F822220A4), ++ UINT64_C(0x03A92E8B413E83FE), UINT64_C(0x00C3982C5F8D922E), ++ UINT64_C(0x017CB1B97D4ED7B4) } }, ++ { { UINT64_C(0x0057D40664DA7708), UINT64_C(0x00D1DC31FC3ED514), ++ UINT64_C(0x01C1C72DE7D6ECFF), UINT64_C(0x00DAEABFA1F9C5DE), ++ UINT64_C(0x0027EE8200E32455), UINT64_C(0x00F2A2064D51F4F3), ++ UINT64_C(0x0087C336FD335B37), UINT64_C(0x0350C7F9A0D4FC4D), ++ UINT64_C(0x01D53465439099CD) }, ++ { UINT64_C(0x01B27DD4E9031706), UINT64_C(0x0197F1275CBBB42C), ++ UINT64_C(0x015ABB1962BC7CE5), UINT64_C(0x015AEBA4FCC2D21C), ++ UINT64_C(0x01DB34AC91849D8B), UINT64_C(0x02168D50E8D52313), ++ UINT64_C(0x024C7BCFFA60FB49), UINT64_C(0x00653790EC4A5122), ++ UINT64_C(0x0021ECA115250E74) } }, ++ }, ++ { ++ { { UINT64_C(0x01017ED5F1C86157), UINT64_C(0x01C5FACEAAF3291A), ++ UINT64_C(0x01980E57AC2978AD), UINT64_C(0x012E4C78C1EF8537), ++ UINT64_C(0x019080B37DC2F0DA), UINT64_C(0x0104D379379FF55E), ++ UINT64_C(0x0019CF345BF6F641), UINT64_C(0x01CE7973781C9EB0), ++ UINT64_C(0x00E6B4E5C2E7863E) }, ++ { UINT64_C(0x014E085628E15F36), UINT64_C(0x03113ED189D82402), ++ UINT64_C(0x0198521CB21CCF92), UINT64_C(0x03CB794E55F64866), ++ UINT64_C(0x01B6C417EBCEDCD4), UINT64_C(0x001D79C7600B1BE5), ++ UINT64_C(0x02EC6810EA41A2B6), UINT64_C(0x0083606535BEC6E7), ++ UINT64_C(0x01CA8E7CD41F2E03) } }, ++ { { UINT64_C(0x01BA87BAF1C9C2EC), UINT64_C(0x00D55499AAADC0DE), ++ UINT64_C(0x019712C990B590E5), UINT64_C(0x00384B1ACA78C747), ++ UINT64_C(0x03563BCAB01E0B5D), UINT64_C(0x0190C274005354FF), ++ UINT64_C(0x00B9D6C425986F2F), UINT64_C(0x038E491D7F2754C6), ++ UINT64_C(0x01B202739C50FF59) }, ++ { UINT64_C(0x03F58DFC16F1CACC), UINT64_C(0x00EE939AC23381A2), ++ UINT64_C(0x020399FE184301C9), UINT64_C(0x0351F7998C95E6D7), ++ UINT64_C(0x03713D0FEFC9F67B), UINT64_C(0x02651504977BC9CC), ++ UINT64_C(0x039962831BD8B37B), UINT64_C(0x03398A2CADA7CFCE), ++ UINT64_C(0x00D4F08A7E5A3118) } }, ++ { { UINT64_C(0x03C9826425A2D6F0), UINT64_C(0x00ECC054CD119CA9), ++ UINT64_C(0x00C8AF9373A85F21), UINT64_C(0x03167F72CB478C61), ++ UINT64_C(0x01CE9F2616361F7A), UINT64_C(0x03FB08CCEB9E536B), ++ UINT64_C(0x0319FD98C00E9131), UINT64_C(0x0010725A47005067), ++ UINT64_C(0x01D7C9A8F84C990D) }, ++ { UINT64_C(0x029CA261BAF35FA1), UINT64_C(0x0220865C1BFEF071), ++ UINT64_C(0x0115DF412660A5A4), UINT64_C(0x02257646F5EF524C), ++ UINT64_C(0x019648D3BF5907D4), UINT64_C(0x03B8287D6BB4E923), ++ UINT64_C(0x00C1831BA518EF96), UINT64_C(0x01147F1EC444000D), ++ UINT64_C(0x001BEB2743E8CF72) } }, ++ { { UINT64_C(0x017385BC9719C87C), UINT64_C(0x038E9A8AC23E84A0), ++ UINT64_C(0x03B86FA4168B29E6), UINT64_C(0x0259140D286A2701), ++ UINT64_C(0x0248D5F9426712B4), UINT64_C(0x01E876B4EE205101), ++ UINT64_C(0x016F0D598FB30248), UINT64_C(0x020D4EEE450E3327), ++ UINT64_C(0x0075F0EB2FEC4E8C) }, ++ { UINT64_C(0x02999066B392D834), UINT64_C(0x03A4F34FCBCA75D9), ++ UINT64_C(0x029F3E28ABFA2CC4), UINT64_C(0x0207E1A7B58B1513), ++ UINT64_C(0x036C4EE93B0C1C40), UINT64_C(0x038D0C53869B6127), ++ UINT64_C(0x02203321AF3FCDF2), UINT64_C(0x0016E986CD98C912), ++ UINT64_C(0x019AB5DBF8618B76) } }, ++ { { UINT64_C(0x02775F5E811FA55B), UINT64_C(0x002FF97CDF8F7EDE), ++ UINT64_C(0x00AA05F646486F8F), UINT64_C(0x0357ABB8FF5CB222), ++ UINT64_C(0x0047A8176117A59D), UINT64_C(0x01ED8538F6CBC1A6), ++ UINT64_C(0x0209FE9034A7F53F), UINT64_C(0x0364120EC4B9D3CF), ++ UINT64_C(0x019B67A37C660EDC) }, ++ { UINT64_C(0x0038B0D828C7A5B7), UINT64_C(0x015D9C74EAC7C806), ++ UINT64_C(0x0118152AAA9222B5), UINT64_C(0x01B83339A6AA2783), ++ UINT64_C(0x01993B4601A314EF), UINT64_C(0x0325A7A416B3D288), ++ UINT64_C(0x019D7FD16DD01F3A), UINT64_C(0x021D190386BFFC60), ++ UINT64_C(0x011CF2C0B0E2A983) } }, ++ { { UINT64_C(0x00D7DE7D18D8BE36), UINT64_C(0x02F0734BAAC04BF5), ++ UINT64_C(0x0048BB9E44C3F40B), UINT64_C(0x035994B7094672F1), ++ UINT64_C(0x02BD0CFD78BD4138), UINT64_C(0x0015A28B8F06A61A), ++ UINT64_C(0x014D5DF2A7F95274), UINT64_C(0x028141F42EAB92B1), ++ UINT64_C(0x00B25EF25C149754) }, ++ { UINT64_C(0x0057378C324BFA00), UINT64_C(0x001F4C62175258AF), ++ UINT64_C(0x03153B4FD5FCA3E4), UINT64_C(0x000682DC5C05BE3E), ++ UINT64_C(0x0330954DA1D1973A), UINT64_C(0x01BC1D711118932D), ++ UINT64_C(0x0168D97A2A9692FD), UINT64_C(0x012BBEB288330777), ++ UINT64_C(0x00E133BE00A38BE4) } }, ++ { { UINT64_C(0x03F431A945F8022D), UINT64_C(0x01CDF8AABB4F5212), ++ UINT64_C(0x02CC1D637215E00A), UINT64_C(0x03D36BA40B447ED7), ++ UINT64_C(0x02513AB7E6956FDD), UINT64_C(0x008D5E83EDDB9727), ++ UINT64_C(0x01B75785B4FDC3C7), UINT64_C(0x01EAB35E8B3CAE24), ++ UINT64_C(0x01339E1C87AA8ECC) }, ++ { UINT64_C(0x02D325A33450FD39), UINT64_C(0x00322202FEDA09D5), ++ UINT64_C(0x024827340C12DF41), UINT64_C(0x01E66CCCF20D3B06), ++ UINT64_C(0x02001372B74C978F), UINT64_C(0x012C696C6F55CD58), ++ UINT64_C(0x02D10F2EED8A9308), UINT64_C(0x02688747F53110D6), ++ UINT64_C(0x0188C13D0F26D624) } }, ++ { { UINT64_C(0x0239E7FBF9FFF942), UINT64_C(0x024391DE07C9C0A8), ++ UINT64_C(0x03BB90544685654F), UINT64_C(0x010453EE881DA06B), ++ UINT64_C(0x02D2A672E21ACDCD), UINT64_C(0x0047CF596F209D90), ++ UINT64_C(0x0321D4C73047EE1B), UINT64_C(0x008011F4FFA1ADC5), ++ UINT64_C(0x0051B7DD6F083F62) }, ++ { UINT64_C(0x00B4E0D173BF30CF), UINT64_C(0x0142CF0DBD8DD71C), ++ UINT64_C(0x02FE7953062D3E36), UINT64_C(0x02A5AB5A7D6604A9), ++ UINT64_C(0x03CC08A13AACC423), UINT64_C(0x024662C655FF1A2F), ++ UINT64_C(0x0179D6E29B6B1FCA), UINT64_C(0x03C8D9EF4E5B76E6), ++ UINT64_C(0x00CD341C315CEB11) } }, ++ { { UINT64_C(0x00CC4030AC8B2AF6), UINT64_C(0x016D6A39FA7E9D4C), ++ UINT64_C(0x0392D441BAE14C3A), UINT64_C(0x038840FEA9B7D65B), ++ UINT64_C(0x02398CE4933605AF), UINT64_C(0x022CD8745AC294D0), ++ UINT64_C(0x00B8391D34172B85), UINT64_C(0x035C1A0D5C360EA4), ++ UINT64_C(0x00B2CE02EA54ADC4) }, ++ { UINT64_C(0x004B32E432779E4D), UINT64_C(0x0396A43E6B80B056), ++ UINT64_C(0x035AEFC64CE26A3C), UINT64_C(0x01E9181F393D3B2C), ++ UINT64_C(0x0224B7B616D6F2A9), UINT64_C(0x0127AF2D0AF23C91), ++ UINT64_C(0x000AD7965D20EADA), UINT64_C(0x0379FD4481124D87), ++ UINT64_C(0x01BB6F3DFED6FF8E) } }, ++ { { UINT64_C(0x001E54056209B80C), UINT64_C(0x01535B3A19C72F26), ++ UINT64_C(0x0160AA689BA423E2), UINT64_C(0x0188ECB5D9CC3A27), ++ UINT64_C(0x02349FCF75CC0736), UINT64_C(0x0298585615D70FD1), ++ UINT64_C(0x03A32918B91165DF), UINT64_C(0x022291948224D8DA), ++ UINT64_C(0x0099F8E69358E726) }, ++ { UINT64_C(0x01F00247AE9F76E1), UINT64_C(0x0128BAD6165EB802), ++ UINT64_C(0x01B045052E08E61D), UINT64_C(0x032D595886F8C4D8), ++ UINT64_C(0x00186E393A2F7214), UINT64_C(0x016991BB5064F4DD), ++ UINT64_C(0x02AD9C4CF5574CEF), UINT64_C(0x0255AD5071D22CCE), ++ UINT64_C(0x01456916FD8D5687) } }, ++ { { UINT64_C(0x0133F0C2BD45283F), UINT64_C(0x01B7E6242FDEFD97), ++ UINT64_C(0x035D6B97C76FCAF7), UINT64_C(0x01DEAC7652ACAD19), ++ UINT64_C(0x03C4E3BEA33C8BB3), UINT64_C(0x0217A37165F99AD5), ++ UINT64_C(0x0269B9B99EC2F11A), UINT64_C(0x028A7868FC6E7D80), ++ UINT64_C(0x01D15668B929808B) }, ++ { UINT64_C(0x028D12F5F8D82B0E), UINT64_C(0x03E7880D363FAA5E), ++ UINT64_C(0x00437A04942C06CB), UINT64_C(0x0049CD3A9C99AEE3), ++ UINT64_C(0x015E2D9B6B404613), UINT64_C(0x0162924B16171DEA), ++ UINT64_C(0x00D5B19300B07C85), UINT64_C(0x02FDE0650EE6F8B2), ++ UINT64_C(0x00BB3143583D139C) } }, ++ { { UINT64_C(0x009BBB9CD613AC50), UINT64_C(0x0128ACBF00659E30), ++ UINT64_C(0x003847B178A6C039), UINT64_C(0x03CE96D95CB2F3AB), ++ UINT64_C(0x0319F2188F1C72FB), UINT64_C(0x0082FCC27E7E96A0), ++ UINT64_C(0x00E32363BCE8DAB7), UINT64_C(0x0014FD07C4ADAC1E), ++ UINT64_C(0x0130440FC8AE58D8) }, ++ { UINT64_C(0x0065ADF64359ED2E), UINT64_C(0x037ED7D5FA4BC647), ++ UINT64_C(0x03FF76F3555C909F), UINT64_C(0x03512196FF57D59B), ++ UINT64_C(0x00299F8EAAC04382), UINT64_C(0x0329BF8D6A784DA0), ++ UINT64_C(0x0175E680B9D87F6E), UINT64_C(0x000779614D617559), ++ UINT64_C(0x0091C31FD7BBAA02) } }, ++ { { UINT64_C(0x007961B4B2C087ED), UINT64_C(0x019162C863ECAFF8), ++ UINT64_C(0x02BAA68FEDC62170), UINT64_C(0x00E14BEB5E7390A9), ++ UINT64_C(0x014BD12090B0D96E), UINT64_C(0x01E7BB1B54107513), ++ UINT64_C(0x023B8205C7A4AC9C), UINT64_C(0x0077AA83FD6A3B9F), ++ UINT64_C(0x00B556918DDE426E) }, ++ { UINT64_C(0x007982C0406E7D53), UINT64_C(0x00514C5527392914), ++ UINT64_C(0x030F83C68AD1F365), UINT64_C(0x01248844664ABB22), ++ UINT64_C(0x00E9372C39E53CD3), UINT64_C(0x019288EBDD26390E), ++ UINT64_C(0x0175B25020B2C5E2), UINT64_C(0x01BE6F3235A8D35E), ++ UINT64_C(0x01BF2B1514039839) } }, ++ { { UINT64_C(0x00ACAC37A302E505), UINT64_C(0x027765CE9E34F2E4), ++ UINT64_C(0x02EC67D63AAF96D8), UINT64_C(0x000F998F38DDD8C4), ++ UINT64_C(0x01F09C36E648CC10), UINT64_C(0x00F522A0C94D1ACD), ++ UINT64_C(0x01621C139782CB28), UINT64_C(0x002ADC14FDA30F4F), ++ UINT64_C(0x000AFE14E60E403A) }, ++ { UINT64_C(0x03F6E66F873938D8), UINT64_C(0x008370549C4A240B), ++ UINT64_C(0x019BCDB6FBB27AB2), UINT64_C(0x03968D48A1554399), ++ UINT64_C(0x02AE029F24D2343E), UINT64_C(0x008518D4096DF4BA), ++ UINT64_C(0x011410655CE49E44), UINT64_C(0x030585BCC07AC55D), ++ UINT64_C(0x00DBC52BEF1D2C2E) } }, ++ { { UINT64_C(0x031E0D6D77452267), UINT64_C(0x02FDA38F6A949512), ++ UINT64_C(0x01F65ED3128F260F), UINT64_C(0x0268DE30B333E479), ++ UINT64_C(0x03FD84E6AC2E676C), UINT64_C(0x0393B320720BDA53), ++ UINT64_C(0x009EDD5FCCBB47ED), UINT64_C(0x01B82B4900272372), ++ UINT64_C(0x01D21A307BE4561F) }, ++ { UINT64_C(0x01FB6C41FDBC2674), UINT64_C(0x02FC0F6001620C6D), ++ UINT64_C(0x009450A0F3C6CB0F), UINT64_C(0x015385B69A47DECA), ++ UINT64_C(0x026E2296F08B9474), UINT64_C(0x0194DEC7BE891DCB), ++ UINT64_C(0x008B5DA06C5F46EF), UINT64_C(0x019F5A58030A2A18), ++ UINT64_C(0x00207771A8172F5B) } }, ++ { { UINT64_C(0x02D0EED2AA2FCC67), UINT64_C(0x028799FC7DD58724), ++ UINT64_C(0x01664BF5933707D3), UINT64_C(0x039B5E487A0167D1), ++ UINT64_C(0x02767C865F544F76), UINT64_C(0x012879933B9C8060), ++ UINT64_C(0x03EBB40C5524547A), UINT64_C(0x0173A7851D6D690E), ++ UINT64_C(0x01CF4AB59422F25D) }, ++ { UINT64_C(0x02E0C44B926C197B), UINT64_C(0x021DCFA310FAD65B), ++ UINT64_C(0x03309DFCCBCED9CA), UINT64_C(0x02A11F05E3D88EA0), ++ UINT64_C(0x039FE02B0CE3AE95), UINT64_C(0x023B5E3CAC5E3536), ++ UINT64_C(0x02C9903F85BF51A2), UINT64_C(0x018141A1EBBB4D03), ++ UINT64_C(0x01B6F9AE1517FBCC) } }, ++ }, ++ { ++ { { UINT64_C(0x01CE126EEC3D1383), UINT64_C(0x03E60292016C63B4), ++ UINT64_C(0x01086FC1B1F4E0C7), UINT64_C(0x02B824B832819651), ++ UINT64_C(0x018B5EE5C0AC1703), UINT64_C(0x03467EED60D31DFE), ++ UINT64_C(0x0370BD13E722F576), UINT64_C(0x01C406BA2A512BD9), ++ UINT64_C(0x00D7E1D110502A7C) }, ++ { UINT64_C(0x02029FD2CA303000), UINT64_C(0x031CB26B2D4BB358), ++ UINT64_C(0x001AACC8DD8A2366), UINT64_C(0x02FD746E61373E27), ++ UINT64_C(0x01D1A80D5295C235), UINT64_C(0x01FA56B74D0D3443), ++ UINT64_C(0x0203660094D0A8F7), UINT64_C(0x006ACC0E24009F44), ++ UINT64_C(0x007532FAF2732979) } }, ++ { { UINT64_C(0x00CC8937C5CFE5E0), UINT64_C(0x036CA3F94D098379), ++ UINT64_C(0x0127E76C1F2F6B01), UINT64_C(0x03F376385910CC44), ++ UINT64_C(0x005AE2B93F0F4F7C), UINT64_C(0x001F51D975E23E7E), ++ UINT64_C(0x0159FF4F64431F80), UINT64_C(0x0215FECEB62BCA1C), ++ UINT64_C(0x00168401E32600A7) }, ++ { UINT64_C(0x01B5A301E78A8DB5), UINT64_C(0x00FF512D35D3F2D2), ++ UINT64_C(0x0354D19F77E5A97B), UINT64_C(0x0271EFC5E9AFD789), ++ UINT64_C(0x006980179F908FBC), UINT64_C(0x034A31A6FEF922C2), ++ UINT64_C(0x01832DCC33A8480C), UINT64_C(0x02589E9D28BAFB44), ++ UINT64_C(0x0115572B5F3957D4) } }, ++ { { UINT64_C(0x02B1A9337E8401D3), UINT64_C(0x0290DCDD374D1722), ++ UINT64_C(0x03B06DFC52EC6DB8), UINT64_C(0x0230EA32F50E3F05), ++ UINT64_C(0x00FF74654453A452), UINT64_C(0x01A248F21E47C014), ++ UINT64_C(0x01E2CED97C15ABF4), UINT64_C(0x0283D12E9548735C), ++ UINT64_C(0x011DE7FF5CC44367) }, ++ { UINT64_C(0x0397C8B2CA828FA8), UINT64_C(0x023C2C16EF221608), ++ UINT64_C(0x0079F7CCDCEE62D1), UINT64_C(0x02ABBC4A12FA2ABB), ++ UINT64_C(0x02D3E0D3AF058906), UINT64_C(0x016EE5FFCAFF1F4D), ++ UINT64_C(0x0383A01497A17543), UINT64_C(0x015456C9C2BA3AA0), ++ UINT64_C(0x00833A7F70B8DB1E) } }, ++ { { UINT64_C(0x02874A121147F509), UINT64_C(0x00814720ED638371), ++ UINT64_C(0x03306823E9395088), UINT64_C(0x02A5E552F8389554), ++ UINT64_C(0x00F06CF7F0BA5751), UINT64_C(0x030415DEE1815B81), ++ UINT64_C(0x00E24A9DB057CA02), UINT64_C(0x0130F23B0BDFF500), ++ UINT64_C(0x00CD32356D2FBCF3) }, ++ { UINT64_C(0x031835514BB690A0), UINT64_C(0x011475889E6369E4), ++ UINT64_C(0x02A366B8DA44B373), UINT64_C(0x01336BAE9A4C91D2), ++ UINT64_C(0x0321F6D6C8947D98), UINT64_C(0x0331E2910F0F8ECA), ++ UINT64_C(0x01F6B3937B0234FE), UINT64_C(0x016C792D27998656), ++ UINT64_C(0x009729CAFA8B37BB) } }, ++ { { UINT64_C(0x030BF08BF55F34E4), UINT64_C(0x01472A877A6E6046), ++ UINT64_C(0x03502971975705FE), UINT64_C(0x00F5A66B1DDF090E), ++ UINT64_C(0x01DD9C80102CADCC), UINT64_C(0x004EB57A202D88C1), ++ UINT64_C(0x0383DED93A003D31), UINT64_C(0x00DF42EE4835E279), ++ UINT64_C(0x010B2A2DF2E8CDFC) }, ++ { UINT64_C(0x00E3757112860379), UINT64_C(0x0049E41486F1D305), ++ UINT64_C(0x007F50407D2B699F), UINT64_C(0x0186CFF64543014A), ++ UINT64_C(0x015D637AD6EB6B8D), UINT64_C(0x03EDC1A07906ADD6), ++ UINT64_C(0x025B1CE8EFA6E451), UINT64_C(0x0281938DC6CCB3C0), ++ UINT64_C(0x01E95BF35241E85F) } }, ++ { { UINT64_C(0x01900B5C8B1B724E), UINT64_C(0x00091B0E23027016), ++ UINT64_C(0x033EA7B567F8D8DD), UINT64_C(0x0149CA26370EF3C0), ++ UINT64_C(0x0224F7CCEEAEB621), UINT64_C(0x01056822C07633BE), ++ UINT64_C(0x02682C8A34D4C312), UINT64_C(0x017F1D80C56ACAFB), ++ UINT64_C(0x000D28BD510F85EC) }, ++ { UINT64_C(0x0031C759D505A0E7), UINT64_C(0x00695B369E0D5C70), ++ UINT64_C(0x007414EC503E140D), UINT64_C(0x02998878F14B0559), ++ UINT64_C(0x03EB48B235BD02B9), UINT64_C(0x02030C241863472E), ++ UINT64_C(0x00302A0DF1BDB378), UINT64_C(0x02ADB25754F52D99), ++ UINT64_C(0x01EBEAF9E9BDE9AC) } }, ++ { { UINT64_C(0x0016D2E6C4CB8040), UINT64_C(0x0251BE4AB3BBC8D1), ++ UINT64_C(0x00979A86B1EA6004), UINT64_C(0x03197F4F1967EFAE), ++ UINT64_C(0x03A8E572D3878481), UINT64_C(0x0175BC0B4A3D453E), ++ UINT64_C(0x0067A078B9E4BDD5), UINT64_C(0x00C290F9DB5CD51A), ++ UINT64_C(0x00C8A1050BE75174) }, ++ { UINT64_C(0x0138FA01526AE111), UINT64_C(0x01E92EC50AC0E2D9), ++ UINT64_C(0x03430EFE4DD66F27), UINT64_C(0x027E3E362221AF89), ++ UINT64_C(0x0065DC30B6D8ED5E), UINT64_C(0x0194B4AA3299C658), ++ UINT64_C(0x03FCCBD1A1EE5AFC), UINT64_C(0x0011C786A00C112C), ++ UINT64_C(0x01770EC65BD04CBD) } }, ++ { { UINT64_C(0x0219978F485193F0), UINT64_C(0x0169EF77837E1846), ++ UINT64_C(0x039A4F73B9DC8ADB), UINT64_C(0x0060DDE7E026EABA), ++ UINT64_C(0x033EDEE638C66335), UINT64_C(0x0296BFF6A6D575A3), ++ UINT64_C(0x01B793FCB261CF96), UINT64_C(0x00066B2DAA6E8B8E), ++ UINT64_C(0x00FAA4EE0DF08936) }, ++ { UINT64_C(0x0082665D53161177), UINT64_C(0x00BF125BA82F6D39), ++ UINT64_C(0x022B5DABCDFDBE3B), UINT64_C(0x021CD6983941E0F2), ++ UINT64_C(0x010414D9EC902549), UINT64_C(0x03C8E709DAE4453B), ++ UINT64_C(0x03B39712A9467665), UINT64_C(0x01718D188F0108E5), ++ UINT64_C(0x0001E683E6E53299) } }, ++ { { UINT64_C(0x026BEC9ED63E2975), UINT64_C(0x02445B0FA3670F21), ++ UINT64_C(0x01B0436EA7FA88A2), UINT64_C(0x01B3E0317834AC34), ++ UINT64_C(0x0370A51D7EBF7519), UINT64_C(0x028FE5E7A5374634), ++ UINT64_C(0x004F9C7DD9D61B9E), UINT64_C(0x024629F3A018136E), ++ UINT64_C(0x01B14207DD17A593) }, ++ { UINT64_C(0x02B49CBF0B981980), UINT64_C(0x03D510AA4EE52E56), ++ UINT64_C(0x0223FC5E38C54336), UINT64_C(0x006CECAD3BD995A0), ++ UINT64_C(0x01C1E9CE9CFF80F2), UINT64_C(0x03F2A4F91A9DFFC4), ++ UINT64_C(0x023C10907D4D0C02), UINT64_C(0x0266DE5575DC75DB), ++ UINT64_C(0x00C42F22C54D0AE1) } }, ++ { { UINT64_C(0x02CA7240C82B5AA4), UINT64_C(0x009FC67BD6157E6E), ++ UINT64_C(0x0237AEA0E986F61E), UINT64_C(0x0295536DA6F6D324), ++ UINT64_C(0x03CCCEAED7D090D6), UINT64_C(0x02AEB5185AD3ED8F), ++ UINT64_C(0x01709E10CC89909F), UINT64_C(0x02104E7DD9DB3C2E), ++ UINT64_C(0x018FBE92AA69FDDA) }, ++ { UINT64_C(0x019CC5A0410AA767), UINT64_C(0x01BD2A1F9D7CB636), ++ UINT64_C(0x016925EEC5FA539B), UINT64_C(0x030EE211BCC86603), ++ UINT64_C(0x02286DD13B9B314D), UINT64_C(0x019EE14925C53864), ++ UINT64_C(0x03BA30594CCCD2C4), UINT64_C(0x03CF135ECF524017), ++ UINT64_C(0x009675B7F38F7A5F) } }, ++ { { UINT64_C(0x034097FDD5C529C4), UINT64_C(0x022BABC53852C90D), ++ UINT64_C(0x005FA5449B2CFEAE), UINT64_C(0x0213E3712D2D891B), ++ UINT64_C(0x01EC7B3EEE99C138), UINT64_C(0x027C357D0B9CBABB), ++ UINT64_C(0x025A19E877887A6F), UINT64_C(0x00D4CD3E5DC97F03), ++ UINT64_C(0x01A0BD7971FE9BC8) }, ++ { UINT64_C(0x01302079C035FA1B), UINT64_C(0x03A553C1D7472F9E), ++ UINT64_C(0x01A4254310460FA3), UINT64_C(0x00172E37209ED67F), ++ UINT64_C(0x01598766A435004B), UINT64_C(0x015F6DA2FE9089F7), ++ UINT64_C(0x03D7A8AD6610ED72), UINT64_C(0x00218A47CD395F7C), ++ UINT64_C(0x01CEBC586BD69C42) } }, ++ { { UINT64_C(0x005E156C633E8718), UINT64_C(0x036F6921E8311E5A), ++ UINT64_C(0x012516B3E4747664), UINT64_C(0x016B6481265AF56F), ++ UINT64_C(0x005B9CA959873FB0), UINT64_C(0x01215A2E38706CDD), ++ UINT64_C(0x00C64AAAEE1FE5AB), UINT64_C(0x009494AE29DD5833), ++ UINT64_C(0x001DE0FFFA144A84) }, ++ { UINT64_C(0x01AB0B04D7864A53), UINT64_C(0x03B6589B739D3720), ++ UINT64_C(0x0342AE6EE03B4D2D), UINT64_C(0x0366C4CD40B083D3), ++ UINT64_C(0x02E583D735216939), UINT64_C(0x028069A08705938A), ++ UINT64_C(0x03470E4558BB0247), UINT64_C(0x037269A3A352E23F), ++ UINT64_C(0x000A1B500F437A69) } }, ++ { { UINT64_C(0x017C93D92A097CC4), UINT64_C(0x001BA88CC46C7150), ++ UINT64_C(0x01AE786C3A4D3E20), UINT64_C(0x028BF5869DC58997), ++ UINT64_C(0x02E52726A122777F), UINT64_C(0x00972F198872159B), ++ UINT64_C(0x02552DD5544B0BA5), UINT64_C(0x009FAC089C64945A), ++ UINT64_C(0x00A926F159FE26EE) }, ++ { UINT64_C(0x003998CBAECC32F4), UINT64_C(0x01BD7CE18DCAAA28), ++ UINT64_C(0x00A1F5FB988BB383), UINT64_C(0x03AEB19DEFD835C2), ++ UINT64_C(0x00244E47BC8D865E), UINT64_C(0x0038157724E1BB10), ++ UINT64_C(0x007BD8BF38E25231), UINT64_C(0x00C5E24E2CD69DAB), ++ UINT64_C(0x01A779CC34494897) } }, ++ { { UINT64_C(0x004BD43B7D176E2E), UINT64_C(0x005E93AB83087469), ++ UINT64_C(0x03E80C170CBB6730), UINT64_C(0x02CA4F7C8BEDBE63), ++ UINT64_C(0x02A85DD542AB5799), UINT64_C(0x0066D2B71D97D372), ++ UINT64_C(0x03558E6854EDDBC6), UINT64_C(0x01014B87714911B3), ++ UINT64_C(0x0150C0A4F996E45F) }, ++ { UINT64_C(0x01E0E94EA8A05AA1), UINT64_C(0x02AFE47CFC92BB70), ++ UINT64_C(0x0203EC4D3CE6EAF1), UINT64_C(0x024771DB1D696301), ++ UINT64_C(0x0196D9AA529C496E), UINT64_C(0x03B56E31398127F0), ++ UINT64_C(0x0387E08D7862B4A2), UINT64_C(0x032941073AE64CE3), ++ UINT64_C(0x0000E769C78F3C16) } }, ++ { { UINT64_C(0x034AFDE7FF46E9D5), UINT64_C(0x01174874945BB22A), ++ UINT64_C(0x0315AE08354CD33E), UINT64_C(0x020944101FCD5584), ++ UINT64_C(0x02AD3EF0CDDE6E15), UINT64_C(0x030A2698AB480B82), ++ UINT64_C(0x03BF15403C92749F), UINT64_C(0x025EFF1408AEDEF4), ++ UINT64_C(0x00853B2112F03584) }, ++ { UINT64_C(0x017A76C60E367447), UINT64_C(0x031C3B84E9CFE4B6), ++ UINT64_C(0x0383807320E00DD1), UINT64_C(0x02152F5E5EE3BE00), ++ UINT64_C(0x035287A9CC92FA2D), UINT64_C(0x0007C4F52ABBB00A), ++ UINT64_C(0x006B2558DC7D9071), UINT64_C(0x0266DBFFAED357E3), ++ UINT64_C(0x007E76EA86C8A78C) } }, ++ { { UINT64_C(0x00DA97D33D831A04), UINT64_C(0x0273CA87AB20DA80), ++ UINT64_C(0x004C77C7C118ED92), UINT64_C(0x00F87131473BDF57), ++ UINT64_C(0x036EC3E2E0DE7125), UINT64_C(0x00C7E8EADB491D0D), ++ UINT64_C(0x0299CB19B912B7BF), UINT64_C(0x0399A443D4E010F6), ++ UINT64_C(0x0098FCF8A99C2A16) }, ++ { UINT64_C(0x030D9571D49B2FC3), UINT64_C(0x02127D20D334D6E9), ++ UINT64_C(0x00CF98756BB05081), UINT64_C(0x02A955A34EA7C78A), ++ UINT64_C(0x0099BBA4C82FA729), UINT64_C(0x03B80CA8EED74492), ++ UINT64_C(0x03A7668CD742B7C3), UINT64_C(0x039AA1A4CD0B2F61), ++ UINT64_C(0x01769BB74BE7BFCF) } }, ++ }, ++ { ++ { { UINT64_C(0x01AE6D7AF8ECE594), UINT64_C(0x004BD233382C1067), ++ UINT64_C(0x02FC7E73749707AD), UINT64_C(0x01A0C47D78BA765F), ++ UINT64_C(0x02BB7416407B8B16), UINT64_C(0x02F996A9035A29ED), ++ UINT64_C(0x01C78A5F9EA3DEA9), UINT64_C(0x03997AA8F9A04684), ++ UINT64_C(0x0062155AD4E50AC6) }, ++ { UINT64_C(0x0136D4FEFEBBFAD7), UINT64_C(0x03C498A8C3B5B196), ++ UINT64_C(0x03AF4B2081A7DC94), UINT64_C(0x02FE1693A20D804F), ++ UINT64_C(0x0019DBDAD1684FFD), UINT64_C(0x03E47903EABFC90E), ++ UINT64_C(0x00EA7078F3484441), UINT64_C(0x037A0851741BD87B), ++ UINT64_C(0x004DEB7A4980ECBA) } }, ++ { { UINT64_C(0x02A998A0008164D4), UINT64_C(0x014B73504FD3FC3A), ++ UINT64_C(0x00C19E4FF76A915D), UINT64_C(0x00D30C3B2FD0EC60), ++ UINT64_C(0x01518FD432879FDC), UINT64_C(0x018585905FB0DE73), ++ UINT64_C(0x002E0E88A51BB32E), UINT64_C(0x011E824BA1621756), ++ UINT64_C(0x008F5503550AE008) }, ++ { UINT64_C(0x01F4C5CC039B003C), UINT64_C(0x034FE4F1205365F7), ++ UINT64_C(0x029B502075F020C8), UINT64_C(0x02E622483E3884F2), ++ UINT64_C(0x0096DBF1B7347D87), UINT64_C(0x03E49F71A5BBC472), ++ UINT64_C(0x028F694B092BA1CC), UINT64_C(0x03911DA84B731F41), ++ UINT64_C(0x00AEE98DB68D16A6) } }, ++ { { UINT64_C(0x03335FA8EB78796F), UINT64_C(0x02878D6632487FA2), ++ UINT64_C(0x023DC13EBB873632), UINT64_C(0x0328E4AB268A2A07), ++ UINT64_C(0x017A111FE36EA0A1), UINT64_C(0x02DD260BC4AB23DF), ++ UINT64_C(0x02BD012E8019E481), UINT64_C(0x02DAEA5C2102ACDC), ++ UINT64_C(0x0191F08F46778030) }, ++ { UINT64_C(0x01DAFF85FF6CA70B), UINT64_C(0x00C20C713262D23C), ++ UINT64_C(0x0002F4B44F09083A), UINT64_C(0x014BFF17F10ECF45), ++ UINT64_C(0x025ADB2237EA42A8), UINT64_C(0x03E47544193ED683), ++ UINT64_C(0x016D405A3F97D5CE), UINT64_C(0x03412AAA28009BC3), ++ UINT64_C(0x0061A9DB41BEFEDC) } }, ++ { { UINT64_C(0x02DE586F26762E69), UINT64_C(0x016435D71514BA52), ++ UINT64_C(0x016D7A3D17B63A4D), UINT64_C(0x026D50DCE42619B6), ++ UINT64_C(0x0071889F59482029), UINT64_C(0x011CE57167125C3C), ++ UINT64_C(0x00A0EA2BE409EA4A), UINT64_C(0x009EDE87052C5E58), ++ UINT64_C(0x01024A33C8A03073) }, ++ { UINT64_C(0x0190FE7C2B54A6C6), UINT64_C(0x006AD6F23DFB4339), ++ UINT64_C(0x01A290051C927B4A), UINT64_C(0x001E3AB0900247C6), ++ UINT64_C(0x02F0CF556BD9F5D6), UINT64_C(0x0044A9D7E6F09A3D), ++ UINT64_C(0x03647C4823C77404), UINT64_C(0x0174246A05A125F4), ++ UINT64_C(0x005046F70E49B3B4) } }, ++ { { UINT64_C(0x0168F14947F5FEA0), UINT64_C(0x00769E99AB9E6CB3), ++ UINT64_C(0x0132518C89E21038), UINT64_C(0x01B680C1A8696720), ++ UINT64_C(0x002ED6053CD44327), UINT64_C(0x01D30DD43B7E58A9), ++ UINT64_C(0x00944E2E081D9491), UINT64_C(0x006831ACBEAD123C), ++ UINT64_C(0x0152C11DC5777195) }, ++ { UINT64_C(0x00241773802E1A49), UINT64_C(0x01BAF7037807F846), ++ UINT64_C(0x03D3C7A48FA494BE), UINT64_C(0x011E5017010FAAB7), ++ UINT64_C(0x02754857375E5F4A), UINT64_C(0x03779B43EFE7F8E1), ++ UINT64_C(0x0012FF3BABC982CB), UINT64_C(0x00FFF200A782A57D), ++ UINT64_C(0x01525BFCB1CE27F1) } }, ++ { { UINT64_C(0x03E552EA093A81E5), UINT64_C(0x0289B3D7E8ED9281), ++ UINT64_C(0x0342009AC81D0D79), UINT64_C(0x03AD34454A991783), ++ UINT64_C(0x01E2910F69599605), UINT64_C(0x03D879F03BB2582D), ++ UINT64_C(0x027BC06449C49ACB), UINT64_C(0x008DC219F862EDC8), ++ UINT64_C(0x01C5BFA6129C1E94) }, ++ { UINT64_C(0x026A51D1748353E7), UINT64_C(0x0181475224C056F6), ++ UINT64_C(0x00C626EAA883505E), UINT64_C(0x0279EE327830A7B4), ++ UINT64_C(0x0320D8F515A684E8), UINT64_C(0x00C3F8E23CD44D3F), ++ UINT64_C(0x02C122EE12C67CA1), UINT64_C(0x00E99C91530D5183), ++ UINT64_C(0x0021144C6B142C61) } }, ++ { { UINT64_C(0x011D351AD93C77DA), UINT64_C(0x03AA1509EA474780), ++ UINT64_C(0x018659BD1EF489E2), UINT64_C(0x003305C7CD548712), ++ UINT64_C(0x0274078260A570D7), UINT64_C(0x0053143C92277CEB), ++ UINT64_C(0x002C9848EA865C9F), UINT64_C(0x02CCE08E86A1AEA9), ++ UINT64_C(0x017387D78B16B104) }, ++ { UINT64_C(0x004AA27AD541016D), UINT64_C(0x018249526E484E54), ++ UINT64_C(0x02AB312423D0089E), UINT64_C(0x0219D7F11A43C693), ++ UINT64_C(0x02063682A176BD49), UINT64_C(0x03B53A444F4AA295), ++ UINT64_C(0x00795B99C8C7C949), UINT64_C(0x03E13055864354E1), ++ UINT64_C(0x00AD0290F60CD7D0) } }, ++ { { UINT64_C(0x012D2A436D526DD9), UINT64_C(0x01CD402DD6D978C6), ++ UINT64_C(0x00A58E861B88A485), UINT64_C(0x02D5660B63C2B513), ++ UINT64_C(0x00AC661A50344950), UINT64_C(0x005912EC7C3046DF), ++ UINT64_C(0x00386C50A42C0A1A), UINT64_C(0x03AB81C1B172201D), ++ UINT64_C(0x00C7E276190DAFE0) }, ++ { UINT64_C(0x02C2EF02CE4F4EFB), UINT64_C(0x036C62A28EE8E529), ++ UINT64_C(0x007713DEA66609AC), UINT64_C(0x0335AC64B1B06D35), ++ UINT64_C(0x030C33E87E4697D9), UINT64_C(0x02A8B6DA5FD2C060), ++ UINT64_C(0x00A7681837DA7123), UINT64_C(0x034383051138278A), ++ UINT64_C(0x0100BA5CB675B5C3) } }, ++ { { UINT64_C(0x007A90498A37CD61), UINT64_C(0x00C21A3950646D6E), ++ UINT64_C(0x00E24CC900B23BA5), UINT64_C(0x00177482F428680B), ++ UINT64_C(0x008C265BAA81CF89), UINT64_C(0x035D3B4D224FFF8E), ++ UINT64_C(0x036D6B85A5B0977B), UINT64_C(0x00D1075A6C1311DD), ++ UINT64_C(0x01CE20C3E0DE4C26) }, ++ { UINT64_C(0x03983305308A7408), UINT64_C(0x034CC1C79BB9BDAE), ++ UINT64_C(0x02079940C900D507), UINT64_C(0x011184B7705AB688), ++ UINT64_C(0x00BE018DECC7C858), UINT64_C(0x00059833EA10EFD5), ++ UINT64_C(0x03D3C58726A0CFF9), UINT64_C(0x03FAC56BC268E09A), ++ UINT64_C(0x00AF6C171D653277) } }, ++ { { UINT64_C(0x01151276D19DDB66), UINT64_C(0x00BE849EE9A2D3A8), ++ UINT64_C(0x02C6A7580CC1CD5D), UINT64_C(0x03AE7FCF32E2402D), ++ UINT64_C(0x0077F3388646E57B), UINT64_C(0x0321275FFC38AED4), ++ UINT64_C(0x035220194FAC16E6), UINT64_C(0x00AC60DD1664CBF4), ++ UINT64_C(0x005C9F4FAEB1E475) }, ++ { UINT64_C(0x03454E2FDA228C02), UINT64_C(0x03CE54CE918B9E80), ++ UINT64_C(0x01E6700CB1251E2C), UINT64_C(0x004D9EF2E269258E), ++ UINT64_C(0x0271A9DFD10397F8), UINT64_C(0x01D68E1301C08065), ++ UINT64_C(0x0255D3F4888FC07C), UINT64_C(0x01EA14C32D6DB6C1), ++ UINT64_C(0x00641A5E7FF0CED4) } }, ++ { { UINT64_C(0x03D2DB7494E80EB1), UINT64_C(0x03429AAC7DF50EDF), ++ UINT64_C(0x0193B4233D776372), UINT64_C(0x00FA6676BCB0445B), ++ UINT64_C(0x00962AF93FA06ADE), UINT64_C(0x00ED262149C44EC5), ++ UINT64_C(0x00DD0F0802C2CD3B), UINT64_C(0x0349A7F09C0CD9BA), ++ UINT64_C(0x019BCEE240624924) }, ++ { UINT64_C(0x0301B8CB30F92986), UINT64_C(0x02FBD5618F84FCAA), ++ UINT64_C(0x020844CC6DEA56EF), UINT64_C(0x0399AC423AE9922A), ++ UINT64_C(0x0304B577679CF04F), UINT64_C(0x033A00D5B3E1E90B), ++ UINT64_C(0x02E0EA5DF7501CB6), UINT64_C(0x01AEEBA7909CF3AB), ++ UINT64_C(0x00D1F739C1192316) } }, ++ { { UINT64_C(0x03FBED19829AE558), UINT64_C(0x018A508538E70057), ++ UINT64_C(0x00CB16FE844A9E7C), UINT64_C(0x02A5D97534D7DBBC), ++ UINT64_C(0x005769E43FDAB701), UINT64_C(0x02371B260F0C6E67), ++ UINT64_C(0x0088CED91D562ACB), UINT64_C(0x03FF0E5F0D26F719), ++ UINT64_C(0x009911094F5E4AA4) }, ++ { UINT64_C(0x014DA634DAAD22D1), UINT64_C(0x0126CD74DB263614), ++ UINT64_C(0x00B20F1368A80FE1), UINT64_C(0x01C40150F01BDEEF), ++ UINT64_C(0x036B7B115D665EA4), UINT64_C(0x00E64D810EAB1790), ++ UINT64_C(0x037432C58B6DDE4A), UINT64_C(0x02689716E469337C), ++ UINT64_C(0x009023B703EED1A4) } }, ++ { { UINT64_C(0x0168DF986EB8B398), UINT64_C(0x0373053537795BF1), ++ UINT64_C(0x018911988685F26D), UINT64_C(0x0387383FA6C93770), ++ UINT64_C(0x019704736EAD528F), UINT64_C(0x0271A2FD2A7AB31F), ++ UINT64_C(0x016F759D385DF60B), UINT64_C(0x00588A673CE9E385), ++ UINT64_C(0x00F00D2C74D140B1) }, ++ { UINT64_C(0x037761186D05FF6A), UINT64_C(0x021D5810D7AE7578), ++ UINT64_C(0x032F7D951B6FE596), UINT64_C(0x00F101711823BB39), ++ UINT64_C(0x028DE92770998580), UINT64_C(0x037C0C99F0D97BF8), ++ UINT64_C(0x030EB60AA7504E10), UINT64_C(0x038624C9A9EBB17E), ++ UINT64_C(0x0117D8E0506A5993) } }, ++ { { UINT64_C(0x02D315A154D9F1F8), UINT64_C(0x00A34DBD30332164), ++ UINT64_C(0x0306F497C34DB615), UINT64_C(0x03599315A4DB339F), ++ UINT64_C(0x007E9E0F8E2399AC), UINT64_C(0x003A93148F4FA95A), ++ UINT64_C(0x011F62B5F0DC45EF), UINT64_C(0x02C2CA027E1C8CCA), ++ UINT64_C(0x017EDB2AB60DCF2F) }, ++ { UINT64_C(0x03D0BE47BDAF0C41), UINT64_C(0x0261770EA9BAF337), ++ UINT64_C(0x00123C9A8D5C885C), UINT64_C(0x02304942CA223A54), ++ UINT64_C(0x027514FEE2CC680A), UINT64_C(0x02845D9CADE7E084), ++ UINT64_C(0x037BF3E603649E24), UINT64_C(0x00221D7FD1EC9BB3), ++ UINT64_C(0x019ABE2E017E3282) } }, ++ { { UINT64_C(0x022C310986DBC74A), UINT64_C(0x016910C9D8D292FA), ++ UINT64_C(0x0168FBA7C0C784B2), UINT64_C(0x02F0C2E785D2A006), ++ UINT64_C(0x01AE45ADAA754923), UINT64_C(0x0340D3039A77094C), ++ UINT64_C(0x028C800560A74DE4), UINT64_C(0x0209DAB7CF99A92A), ++ UINT64_C(0x01A7AE95C3D65A81) }, ++ { UINT64_C(0x03D0EF28C4FA3D53), UINT64_C(0x01C7BD38B1347859), ++ UINT64_C(0x0005A7461F21783E), UINT64_C(0x01367207E2FE3122), ++ UINT64_C(0x033746BBB79E2E44), UINT64_C(0x0279FE17A5803572), ++ UINT64_C(0x03015592FFEC7617), UINT64_C(0x02742174C25F4D16), ++ UINT64_C(0x00E410A0B89682D7) } }, ++ { { UINT64_C(0x02B22FBEE727DDB2), UINT64_C(0x024FD40DFE0DC5F9), ++ UINT64_C(0x015C3DCCFE2E8278), UINT64_C(0x029992449755EB6E), ++ UINT64_C(0x03FD36B4574277E1), UINT64_C(0x02D49C964F2299EE), ++ UINT64_C(0x021CD67B9805D246), UINT64_C(0x0157D17DBA6DBB8F), ++ UINT64_C(0x014315532B63B009) }, ++ { UINT64_C(0x0192F41C11B068CF), UINT64_C(0x013ADE386B9A6252), ++ UINT64_C(0x0023510A4F9C5B28), UINT64_C(0x027BD3DC9B9B0039), ++ UINT64_C(0x02377F19B4B907D4), UINT64_C(0x0292B925A6106638), ++ UINT64_C(0x01058CF22E01616A), UINT64_C(0x017799C00E576B04), ++ UINT64_C(0x00A289A954F56291) } }, ++ }, ++ { ++ { { UINT64_C(0x00C4AC143FFE4858), UINT64_C(0x0306D22EAAC4A5AD), ++ UINT64_C(0x01F0A5791E3783D9), UINT64_C(0x03A0A974CB2ACA2D), ++ UINT64_C(0x02E76FB3F03AA34D), UINT64_C(0x0217400AE3A40C22), ++ UINT64_C(0x0040CD3B74A7ED3C), UINT64_C(0x00FCB122891AAD96), ++ UINT64_C(0x01B8C8494718771D) }, ++ { UINT64_C(0x03F57D14A28DA023), UINT64_C(0x022E364741E3E46C), ++ UINT64_C(0x01A7ABA67F27FDBC), UINT64_C(0x030FF1837DC3E97D), ++ UINT64_C(0x00618486CF4908AD), UINT64_C(0x02CF161553F374F8), ++ UINT64_C(0x019DD012E725571E), UINT64_C(0x033EDF6BF47BD717), ++ UINT64_C(0x0125806554EE19B9) } }, ++ { { UINT64_C(0x018E9A7BA994A7B1), UINT64_C(0x02AC0D7BEC6A8983), ++ UINT64_C(0x03D38D705E07CD01), UINT64_C(0x005566DD3C426505), ++ UINT64_C(0x0067EB2AB8C5C6E4), UINT64_C(0x02833D0E2656CD6B), ++ UINT64_C(0x01DDCA9C78AA1909), UINT64_C(0x00EDF1FB3DAA7F12), ++ UINT64_C(0x0166F72F3DE51C63) }, ++ { UINT64_C(0x02B78FAEB96F6D73), UINT64_C(0x02052F35A5545293), ++ UINT64_C(0x005CD62AD9BF553E), UINT64_C(0x00B728FA50CC968E), ++ UINT64_C(0x019295FA16301250), UINT64_C(0x0287D8B59A13D480), ++ UINT64_C(0x0316813DDF4A21F3), UINT64_C(0x01769E5723184C7C), ++ UINT64_C(0x0066E0E7009AE7B5) } }, ++ { { UINT64_C(0x021F2EE46CDE12CD), UINT64_C(0x003D0000412CCD1F), ++ UINT64_C(0x02C67E761CB63537), UINT64_C(0x02C1A38D4F403A59), ++ UINT64_C(0x03B812F8D1F26B87), UINT64_C(0x029994AD5ACE97AC), ++ UINT64_C(0x026C55C785488093), UINT64_C(0x01869CEF172A91D6), ++ UINT64_C(0x01661593B4702F1D) }, ++ { UINT64_C(0x0197935A2366B021), UINT64_C(0x01C8C53ECC9EEE7B), ++ UINT64_C(0x02C636CFB825AB8B), UINT64_C(0x02EEC0E46E96B427), ++ UINT64_C(0x00525F145382F270), UINT64_C(0x0133F597DCA61576), ++ UINT64_C(0x0237ACF913367D38), UINT64_C(0x02C6B96EB5398F41), ++ UINT64_C(0x0088A6A556F6EF14) } }, ++ { { UINT64_C(0x03AE1C8DCCD34315), UINT64_C(0x0157B6DF5CCF4DF6), ++ UINT64_C(0x02191AB191DCA071), UINT64_C(0x01897CF46F10173C), ++ UINT64_C(0x02767320BD61533A), UINT64_C(0x01A9DAB7019D6315), ++ UINT64_C(0x01911BB32715F1BB), UINT64_C(0x001C7F74F8A656CA), ++ UINT64_C(0x0009C70F08ACB68E) }, ++ { UINT64_C(0x0072A1ED9356A25A), UINT64_C(0x01556970A7D5EEF6), ++ UINT64_C(0x0350BEDB0F71D649), UINT64_C(0x03EA3565DDFF826F), ++ UINT64_C(0x013B29E08B1AF8F4), UINT64_C(0x0331B92ACB74C5CA), ++ UINT64_C(0x03A4E6E26F5AAC1D), UINT64_C(0x036F06A79D110118), ++ UINT64_C(0x00631FDFA318D2BC) } }, ++ { { UINT64_C(0x035871450EAD4FF9), UINT64_C(0x0045783A9CFF37E4), ++ UINT64_C(0x03713AE92AC33512), UINT64_C(0x009A3896CE34EF6D), ++ UINT64_C(0x03A8EE82555DC9D1), UINT64_C(0x002C620829E4335D), ++ UINT64_C(0x0375E016D1AE1B50), UINT64_C(0x016D891B140E00CD), ++ UINT64_C(0x00097FE78FE880E9) }, ++ { UINT64_C(0x01A323FFCB8B195A), UINT64_C(0x014E7DA6CA0AAFF4), ++ UINT64_C(0x00C88E8E6528DDB5), UINT64_C(0x01A720372EE878E6), ++ UINT64_C(0x015A2426F3EF9BB8), UINT64_C(0x01604A559CF4A620), ++ UINT64_C(0x02C8F10B967488E1), UINT64_C(0x028191262B209448), ++ UINT64_C(0x019E5661C083C48E) } }, ++ { { UINT64_C(0x01D1ED07D6920A2A), UINT64_C(0x03909AA105A814DB), ++ UINT64_C(0x029B1BBB7F2ECAC2), UINT64_C(0x03BB4096CC1FBE27), ++ UINT64_C(0x0382CAD68C150CCC), UINT64_C(0x00F1CBB480EE5E69), ++ UINT64_C(0x03933B382F4CE45C), UINT64_C(0x0283D1969E6EC1D6), ++ UINT64_C(0x008C6BE4F8FBF5F9) }, ++ { UINT64_C(0x00C2A30AF1CA3CCC), UINT64_C(0x02FF4D4359C3CABE), ++ UINT64_C(0x020AA78B337657B0), UINT64_C(0x01C5C613D10C423A), ++ UINT64_C(0x003249BB2418CB6D), UINT64_C(0x00CAB4378A53687C), ++ UINT64_C(0x0147E31B6118850C), UINT64_C(0x02D08DC29C2D596C), ++ UINT64_C(0x00409A1F9C9C0372) } }, ++ { { UINT64_C(0x03985FC5DEB5DCD3), UINT64_C(0x02328F30C46302C2), ++ UINT64_C(0x00260388D4747802), UINT64_C(0x03BFBB0240E60F52), ++ UINT64_C(0x03B209042D288213), UINT64_C(0x00F7BBEE239C04F6), ++ UINT64_C(0x039A7EE4CF9007B4), UINT64_C(0x01BFEC97A07FF7ED), ++ UINT64_C(0x00F46BA7F4461BE4) }, ++ { UINT64_C(0x02FF04BE53B68E6C), UINT64_C(0x01CA69133AC1C9A1), ++ UINT64_C(0x001C0711D4BE94AE), UINT64_C(0x02E7507B45945E53), ++ UINT64_C(0x011B7A5F7EC81DBE), UINT64_C(0x0329BFC6DA7CDB63), ++ UINT64_C(0x01FCD3B287A0A497), UINT64_C(0x01F250F924D3B826), ++ UINT64_C(0x0174EABAF5F90BA0) } }, ++ { { UINT64_C(0x0288B8614B07B1BF), UINT64_C(0x00AE0C951E1C4290), ++ UINT64_C(0x01FC49AB7CD0CA2F), UINT64_C(0x0139ED7FA367ECE7), ++ UINT64_C(0x007ACFF8F0933B14), UINT64_C(0x01BE527A6CE02D5F), ++ UINT64_C(0x03F3D3A06B11DFFE), UINT64_C(0x021959D14B1DF4BB), ++ UINT64_C(0x01BC6741AD8DA8F8) }, ++ { UINT64_C(0x034CD028C42166D8), UINT64_C(0x0185807E32738495), ++ UINT64_C(0x005883F1CCD9FD2E), UINT64_C(0x03CA0BFCEE08ED5A), ++ UINT64_C(0x03EAF8CDFF12C8BC), UINT64_C(0x039F9E6871AF8AEE), ++ UINT64_C(0x0109893E423B3304), UINT64_C(0x0120DC6E783F51AB), ++ UINT64_C(0x011A855D5413AED9) } }, ++ { { UINT64_C(0x03EC078648AA3834), UINT64_C(0x022666BDFBC08928), ++ UINT64_C(0x020CD318C559ED79), UINT64_C(0x031A1F3F1113AB91), ++ UINT64_C(0x0225DA57498B9B85), UINT64_C(0x00501D2B9387A084), ++ UINT64_C(0x01462ED6150B49FB), UINT64_C(0x0270A359C4EB430D), ++ UINT64_C(0x01AD03ACD7F1F2DA) }, ++ { UINT64_C(0x00577220553E08C6), UINT64_C(0x02711DCC2A6176C2), ++ UINT64_C(0x00D41E0F942DF9B3), UINT64_C(0x032019849BF44B40), ++ UINT64_C(0x006F6F65E6AF51C1), UINT64_C(0x02192F8FD6395745), ++ UINT64_C(0x0369C64E6D49408A), UINT64_C(0x01C1CA82AADBB384), ++ UINT64_C(0x00252180D9240A33) } }, ++ { { UINT64_C(0x03B36603F69B34EA), UINT64_C(0x023601EA98DB7FF6), ++ UINT64_C(0x0119384D5B4D0084), UINT64_C(0x009CB1557E1A2117), ++ UINT64_C(0x0120F29FC187E5AB), UINT64_C(0x020795FEFEF91AF3), ++ UINT64_C(0x01654BD2C20FF213), UINT64_C(0x0193B09B2AFFB3A3), ++ UINT64_C(0x01F2DBD41C09A92B) }, ++ { UINT64_C(0x0190B8EB79047156), UINT64_C(0x002863629F98DF90), ++ UINT64_C(0x0131D825BFCD5C94), UINT64_C(0x012459BCEEE81461), ++ UINT64_C(0x012AEB328B250B06), UINT64_C(0x031E1C2DAC09694B), ++ UINT64_C(0x000530A4AD5276F9), UINT64_C(0x02B3D1F18BB7C853), ++ UINT64_C(0x01E8BD2FCCA04F6F) } }, ++ { { UINT64_C(0x02834F110665B1CF), UINT64_C(0x017AA90109CDC18A), ++ UINT64_C(0x009242A3E1F2E720), UINT64_C(0x02D5A60BD5F8954E), ++ UINT64_C(0x03508324EB838D5B), UINT64_C(0x02EDD0C3ED33B190), ++ UINT64_C(0x00AAD5DC3A119996), UINT64_C(0x01CD04A457847144), ++ UINT64_C(0x008F9F585EE51416) }, ++ { UINT64_C(0x0353544CA94CC511), UINT64_C(0x03C458B74ECFBB85), ++ UINT64_C(0x00DFB34B9CF940F6), UINT64_C(0x025DDCAA8FA2C670), ++ UINT64_C(0x005DE224A75FEDB1), UINT64_C(0x0133692E8F60712D), ++ UINT64_C(0x0273753106CAA7BE), UINT64_C(0x01408D58EA2D6196), ++ UINT64_C(0x00E26553508F8448) } }, ++ { { UINT64_C(0x01A3A4F60BB13D25), UINT64_C(0x0023ED9ED8B71298), ++ UINT64_C(0x03FFC9A520FCC5AA), UINT64_C(0x0045A041830B9268), ++ UINT64_C(0x00CC9DB2983FF213), UINT64_C(0x0121E74580D3BD97), ++ UINT64_C(0x03180DFFF5302191), UINT64_C(0x017F708B61C069C2), ++ UINT64_C(0x00AFC5190BADFB44) }, ++ { UINT64_C(0x0059EAFDA4B66F01), UINT64_C(0x007705DA965D6F67), ++ UINT64_C(0x020B87871134FA29), UINT64_C(0x01AD088735B31B4F), ++ UINT64_C(0x018012C061713383), UINT64_C(0x0284C3C51E97DE38), ++ UINT64_C(0x011439AE9AC5E3B5), UINT64_C(0x0201A73CE2ADC421), ++ UINT64_C(0x013663825C862321) } }, ++ { { UINT64_C(0x018D68C0B140A004), UINT64_C(0x01BFAA6599011216), ++ UINT64_C(0x01E7950576D7B0B1), UINT64_C(0x0078B24B131D0E5F), ++ UINT64_C(0x02AD5C3FFEDF02C1), UINT64_C(0x0322CFD3147C6177), ++ UINT64_C(0x038BD27915C61C9C), UINT64_C(0x02F37687B9498DE9), ++ UINT64_C(0x00EBB6AC6E166ECF) }, ++ { UINT64_C(0x01DE078E81F8F797), UINT64_C(0x036F3FD0C148612A), ++ UINT64_C(0x00D42800CEE62CC8), UINT64_C(0x02EF08C94C9988E1), ++ UINT64_C(0x02A200E24C7221CE), UINT64_C(0x0087BB91FBA9446C), ++ UINT64_C(0x01AEF9F64351AA5D), UINT64_C(0x0379F61D1F515F5C), ++ UINT64_C(0x01D6BBEA838FBDE0) } }, ++ { { UINT64_C(0x029C5257AC98DFAE), UINT64_C(0x033122DA34CA0C86), ++ UINT64_C(0x02E5AEB04EB596D8), UINT64_C(0x01866E31FF449E97), ++ UINT64_C(0x01EFC618512D868E), UINT64_C(0x02AB8DD8A2E422DD), ++ UINT64_C(0x0315FBBF0AB5F678), UINT64_C(0x029B64EE769245C7), ++ UINT64_C(0x006C6C12185D61E3) }, ++ { UINT64_C(0x008781A5F0C92FB5), UINT64_C(0x02186CDBC76A7DC2), ++ UINT64_C(0x02BF30F2AE35EBF2), UINT64_C(0x02A9033768598F59), ++ UINT64_C(0x026D8F763CE2DDB2), UINT64_C(0x000096A41DC06247), ++ UINT64_C(0x0378DBDD308791A2), UINT64_C(0x0303B0E7D471E5F3), ++ UINT64_C(0x0047B4CFEAEEA101) } }, ++ { { UINT64_C(0x03329136A629DD22), UINT64_C(0x00E5BE3AD1E98750), ++ UINT64_C(0x00E718574118A518), UINT64_C(0x0001BFD334A31B85), ++ UINT64_C(0x010ACC7BD56131AD), UINT64_C(0x01BAE8680FF31AF2), ++ UINT64_C(0x033BF365D3656538), UINT64_C(0x01275681F6A3E780), ++ UINT64_C(0x01D9134C0EBA1F9E) }, ++ { UINT64_C(0x03FC0784F75200EB), UINT64_C(0x02505880E37CB45D), ++ UINT64_C(0x02D012B6F4AEDF75), UINT64_C(0x0239FE68EEDA06B2), ++ UINT64_C(0x0214FD97D35A83E1), UINT64_C(0x0161FD60913389DA), ++ UINT64_C(0x02E06AA08A955A74), UINT64_C(0x00A478BB3A540872), ++ UINT64_C(0x0194213360ACA782) } }, ++ { { UINT64_C(0x01C7D837402145D7), UINT64_C(0x029A3987EA8CF574), ++ UINT64_C(0x017B7322E3920EED), UINT64_C(0x01DA90CCE8A07229), ++ UINT64_C(0x019966632762CF1A), UINT64_C(0x02EA82E975BFDBB2), ++ UINT64_C(0x00D089776CD7C2DA), UINT64_C(0x01094FFA3D38BAB2), ++ UINT64_C(0x00ED9425E7C61A8F) }, ++ { UINT64_C(0x030890ADFDDB406F), UINT64_C(0x02F38194427778C1), ++ UINT64_C(0x02645A577E29DB0B), UINT64_C(0x02B73BB5A04F839F), ++ UINT64_C(0x02CBE569872B94D6), UINT64_C(0x034D3051E8314100), ++ UINT64_C(0x0228FAA39358328C), UINT64_C(0x00F6B458D19C41F5), ++ UINT64_C(0x01B60D6BFFF120A1) } }, ++ }, ++ { ++ { { UINT64_C(0x03B0D91DCEF34144), UINT64_C(0x0240FE90ACAA2EEA), ++ UINT64_C(0x02F5638E4C5FABC5), UINT64_C(0x0279B56C13AF89E7), ++ UINT64_C(0x007BB923CEB3416E), UINT64_C(0x024528E9111E0646), ++ UINT64_C(0x0019F3658FEFA212), UINT64_C(0x007942C115ACBB8B), ++ UINT64_C(0x00B3176361BBE92C) }, ++ { UINT64_C(0x0056A1AF824FDE34), UINT64_C(0x03EFECC262943F2F), ++ UINT64_C(0x00F55AB9CFA7333B), UINT64_C(0x02E423937E89B9C8), ++ UINT64_C(0x0177865B2FF1E104), UINT64_C(0x00D9D0346E5AE2AF), ++ UINT64_C(0x0250F4369EB257AA), UINT64_C(0x02479F5CEE51B49A), ++ UINT64_C(0x007A588E4A1470CD) } }, ++ { { UINT64_C(0x006FD0B27FF5FDD9), UINT64_C(0x0315207EADCA6EB7), ++ UINT64_C(0x038531FDE9E82663), UINT64_C(0x03E9C7DA1307DC24), ++ UINT64_C(0x007FCF66FC293D27), UINT64_C(0x0073411170172CF4), ++ UINT64_C(0x03FA0B1709D86BA1), UINT64_C(0x0023FC735B565525), ++ UINT64_C(0x00C65EABD8A0D474) }, ++ { UINT64_C(0x001EA477B6B64713), UINT64_C(0x03CAD4127E803700), ++ UINT64_C(0x02F97EFCE2EC6148), UINT64_C(0x021B881732700041), ++ UINT64_C(0x01A6D874ACACA115), UINT64_C(0x00A7CA705835C220), ++ UINT64_C(0x01191B137DD5C14D), UINT64_C(0x02CB4161AB1B2384), ++ UINT64_C(0x01EA96470F229677) } }, ++ { { UINT64_C(0x016F41AA44BE78BD), UINT64_C(0x00DBC87805312BB8), ++ UINT64_C(0x0318156EA17D7B54), UINT64_C(0x026CDF0148DE5C45), ++ UINT64_C(0x03F974EA0D77EB08), UINT64_C(0x02136BB03794FF4E), ++ UINT64_C(0x01B53A227C4C2E9C), UINT64_C(0x02B0229F1C11498E), ++ UINT64_C(0x01CDAB34CEF9122C) }, ++ { UINT64_C(0x01942B2B520FED74), UINT64_C(0x0278BB0606178C91), ++ UINT64_C(0x03C70799A5848E33), UINT64_C(0x01024AF0188FBCA7), ++ UINT64_C(0x017502FD5E81CD21), UINT64_C(0x0341AC8FD5BE6E9F), ++ UINT64_C(0x03807308C0C55507), UINT64_C(0x02DA9120D7D39BD9), ++ UINT64_C(0x0078E0C0ADC9F3B8) } }, ++ { { UINT64_C(0x0249E4056736B7A8), UINT64_C(0x000AD5FD0E326A32), ++ UINT64_C(0x00F1D8DD5BD49BAE), UINT64_C(0x03C65D240FD61C7B), ++ UINT64_C(0x0348AA1A2246B05E), UINT64_C(0x03D6D10E55244A30), ++ UINT64_C(0x02E9906E8F8D085E), UINT64_C(0x0187FD8BEFA8BFBF), ++ UINT64_C(0x00F8ECD06F55C492) }, ++ { UINT64_C(0x003A56FE1DEF19D6), UINT64_C(0x0197C74F933E6798), ++ UINT64_C(0x005694559A51C48D), UINT64_C(0x028423114901AE4B), ++ UINT64_C(0x006C134B2FD133CC), UINT64_C(0x01F5B1FDE595A9F1), ++ UINT64_C(0x037CDF87E407C290), UINT64_C(0x01C9430D19026B6E), ++ UINT64_C(0x00AE4EBC0B91EEC4) } }, ++ { { UINT64_C(0x0027F5A2CFACC519), UINT64_C(0x0007D8CA3F95188A), ++ UINT64_C(0x02386E76D1ED1FA2), UINT64_C(0x012CFC615ECB44AE), ++ UINT64_C(0x02BAC8E16C4EECC0), UINT64_C(0x030FC8B6EACB48A4), ++ UINT64_C(0x0356F1C94FF8F3DD), UINT64_C(0x00E7898C9228D80E), ++ UINT64_C(0x0100391DE5D28C45) }, ++ { UINT64_C(0x00DDA167BAEA3E6E), UINT64_C(0x024E9B6238591A96), ++ UINT64_C(0x000B124B20D76C9C), UINT64_C(0x00844E80DAD85B15), ++ UINT64_C(0x006322B9CC9CFBC9), UINT64_C(0x03C3F3E68B0EC1FB), ++ UINT64_C(0x0198C8988C8CDF43), UINT64_C(0x012F63F58B2E6769), ++ UINT64_C(0x0146D6A4BBF8FA16) } }, ++ { { UINT64_C(0x025929A379C36058), UINT64_C(0x03AA8D69D0F228FC), ++ UINT64_C(0x03137C58503106D0), UINT64_C(0x031D3407BEC09250), ++ UINT64_C(0x012A5E9F3CB78FCD), UINT64_C(0x03C89A97F7DE8B2F), ++ UINT64_C(0x03FFA336D8C2CB9D), UINT64_C(0x03CDFCCBE0B2ABB7), ++ UINT64_C(0x018DB520A44381C3) }, ++ { UINT64_C(0x037F91B7E71EFA02), UINT64_C(0x02CD2A4F8F2A0051), ++ UINT64_C(0x03247FBAA82739BD), UINT64_C(0x004F7652DC5CA6F6), ++ UINT64_C(0x0247D54BFA1094B5), UINT64_C(0x01201F41A5F24EA8), ++ UINT64_C(0x036AE048899075C8), UINT64_C(0x008DE5B2C2092D5F), ++ UINT64_C(0x01A05D1DEF90E6C9) } }, ++ { { UINT64_C(0x009C63F00DDEF055), UINT64_C(0x029E867514AE17BD), ++ UINT64_C(0x0071477B7FA6548A), UINT64_C(0x01DCF23B30CCB894), ++ UINT64_C(0x039F3EAF10214846), UINT64_C(0x0131314742EE42E6), ++ UINT64_C(0x025A42537B162041), UINT64_C(0x0344D321CAEDE286), ++ UINT64_C(0x00C49346566A2F80) }, ++ { UINT64_C(0x00AC1057A1A2F1BD), UINT64_C(0x01B16F3F4CF6D85A), ++ UINT64_C(0x00470A35FA26D12C), UINT64_C(0x02FDF7EC571664A6), ++ UINT64_C(0x00357DE22954AF5D), UINT64_C(0x01CB9B6C3295D89E), ++ UINT64_C(0x02A6D5E003D32198), UINT64_C(0x02BCFEFCD08395C8), ++ UINT64_C(0x0024E3256C9EC29E) } }, ++ { { UINT64_C(0x02E3E3726899A80A), UINT64_C(0x0026F9277D12E5D8), ++ UINT64_C(0x03A9F147B7CC784D), UINT64_C(0x02D1E1BE2785B816), ++ UINT64_C(0x035FD35148DBC7EB), UINT64_C(0x008735EF566F4D0B), ++ UINT64_C(0x023A56774FF10ABF), UINT64_C(0x02650BA6B7B26925), ++ UINT64_C(0x016ADF49024BBCF1) }, ++ { UINT64_C(0x003AD342E4E67976), UINT64_C(0x03C92192D00DAB16), ++ UINT64_C(0x020460FDED50A384), UINT64_C(0x034C8C7A7CCCB477), ++ UINT64_C(0x026F1F63625979C2), UINT64_C(0x01C81B4E10D5FC66), ++ UINT64_C(0x036A3D003DC0490C), UINT64_C(0x012B902A026C1347), ++ UINT64_C(0x01F7B86A36390DAD) } }, ++ { { UINT64_C(0x000691E2EC112CB8), UINT64_C(0x024EF99D143B7D60), ++ UINT64_C(0x0115A42EEFCFA47F), UINT64_C(0x01E802D725D2BBE5), ++ UINT64_C(0x0121B37EFA442937), UINT64_C(0x0017BB506D32E10E), ++ UINT64_C(0x026AAA87600CCD57), UINT64_C(0x016CF4C8E0A70FF4), ++ UINT64_C(0x009FFBF163AE94B4) }, ++ { UINT64_C(0x0295886926814D18), UINT64_C(0x03A0FBF4C1A9E1DB), ++ UINT64_C(0x03C42214E510B980), UINT64_C(0x01795048E2D2FBCB), ++ UINT64_C(0x007E6ECA8AF45230), UINT64_C(0x03B7348F6C6F8B62), ++ UINT64_C(0x0082EEE297D2810F), UINT64_C(0x001262A01DEC143A), ++ UINT64_C(0x01B9903A2D05B891) } }, ++ { { UINT64_C(0x023634A86BE77EA4), UINT64_C(0x00A0B41ED63F1BFE), ++ UINT64_C(0x0275C4824374C264), UINT64_C(0x02608A7A328E460A), ++ UINT64_C(0x00FED89AAE8DD2B7), UINT64_C(0x02109029EF3CE021), ++ UINT64_C(0x011969F67E04BEBE), UINT64_C(0x01A57DE74BB6D7CF), ++ UINT64_C(0x0032260FF5FAEF2A) }, ++ { UINT64_C(0x02058C1764B8EB93), UINT64_C(0x034A7BEAEE142796), ++ UINT64_C(0x01C4178E14455ABA), UINT64_C(0x0089C0C3FD3F4E75), ++ UINT64_C(0x006C6AD7C0E981DA), UINT64_C(0x0228FCA3E86007B0), ++ UINT64_C(0x025CE2ECCA48B8F4), UINT64_C(0x01E5A636E10EA6E7), ++ UINT64_C(0x00B998D460C196E1) } }, ++ { { UINT64_C(0x0160926185730C8D), UINT64_C(0x032DE7C19EF3EB5F), ++ UINT64_C(0x01B89DB78DA4AF19), UINT64_C(0x03E8BF1A8A7D683F), ++ UINT64_C(0x00C74484F132486E), UINT64_C(0x0020C78A33777ADF), ++ UINT64_C(0x028B418FCCA39E1E), UINT64_C(0x03C6B30F7BDFA864), ++ UINT64_C(0x012E1D3651FF3815) }, ++ { UINT64_C(0x023FC40DA01A8D36), UINT64_C(0x0396DC8A8E0AC356), ++ UINT64_C(0x0257ECBA277518BE), UINT64_C(0x015E0BE8CDCF0B5F), ++ UINT64_C(0x017CA95C0BC967EE), UINT64_C(0x0305AA19591EC746), ++ UINT64_C(0x00ECEE9B1C5E531F), UINT64_C(0x017F62DDF7CD8C93), ++ UINT64_C(0x01843F3A5D58D681) } }, ++ { { UINT64_C(0x008235BF1CE87EAC), UINT64_C(0x0337B13BA7D5C15E), ++ UINT64_C(0x03846B02056DE241), UINT64_C(0x033C6CAEB5DEAB90), ++ UINT64_C(0x030248638020D787), UINT64_C(0x0224F8D01B9221DD), ++ UINT64_C(0x01F402C62FF58E8A), UINT64_C(0x03AAD9850E5506F5), ++ UINT64_C(0x003902A9875C05FB) }, ++ { UINT64_C(0x0020DA18AA01F6F0), UINT64_C(0x030A6715F4E78D18), ++ UINT64_C(0x037807033B777232), UINT64_C(0x01B7606FD787D415), ++ UINT64_C(0x008A9CC327698B87), UINT64_C(0x0061BCA066C82FF1), ++ UINT64_C(0x01BFA28EB25A2709), UINT64_C(0x024D6272DC7593CB), ++ UINT64_C(0x00EC0BB76A281871) } }, ++ { { UINT64_C(0x032999435C8AA41D), UINT64_C(0x01A489157A228E17), ++ UINT64_C(0x0156F793B6B0E956), UINT64_C(0x028D96D92EBD33D6), ++ UINT64_C(0x0359740492EFE167), UINT64_C(0x015A71262E572E91), ++ UINT64_C(0x01FA4485B8FC6399), UINT64_C(0x0347A0956647A542), ++ UINT64_C(0x010E38E5A425F12F) }, ++ { UINT64_C(0x00AEFDFC244C41BB), UINT64_C(0x003952945BE8B3B5), ++ UINT64_C(0x0319FE9C6BCFD1F0), UINT64_C(0x03F504A658EDEE0B), ++ UINT64_C(0x02ED873A43F5A1E1), UINT64_C(0x02712F6EE0434187), ++ UINT64_C(0x03F8F26F084CADB4), UINT64_C(0x0037A2587E5D9BC4), ++ UINT64_C(0x007E3E8815CB75BB) } }, ++ { { UINT64_C(0x00D0B08F2FB80E07), UINT64_C(0x001F1C3F02C8AA99), ++ UINT64_C(0x02C965AB70A7B621), UINT64_C(0x02934839B849A6F8), ++ UINT64_C(0x003F88BA718D98ED), UINT64_C(0x02899A10EC155762), ++ UINT64_C(0x0019825E2EA0BBFE), UINT64_C(0x031BADAF50BB1556), ++ UINT64_C(0x00C2052564BF2D01) }, ++ { UINT64_C(0x02BBD600B64986F4), UINT64_C(0x0001308CBE96F1C1), ++ UINT64_C(0x00C849F303B9F9E3), UINT64_C(0x02D14076FC63D1DE), ++ UINT64_C(0x0236169D2D35EA78), UINT64_C(0x0264B3B8EE95BD05), ++ UINT64_C(0x002F66E82F19619B), UINT64_C(0x0095E5BD3AAECF3F), ++ UINT64_C(0x004DAC1BA614BE0C) } }, ++ { { UINT64_C(0x031F00ED67DF6D6E), UINT64_C(0x03D70047AC4E0BA7), ++ UINT64_C(0x02D8711992AA1754), UINT64_C(0x036ECAEB89D30859), ++ UINT64_C(0x0036A42A32CE3566), UINT64_C(0x01D98A9D0A6301E2), ++ UINT64_C(0x0254343364F9506D), UINT64_C(0x00BA44E9D5246E7C), ++ UINT64_C(0x01A19768E78BDB19) }, ++ { UINT64_C(0x01612B559D4C1CFE), UINT64_C(0x00FD06AC0FA53998), ++ UINT64_C(0x01000FCBA8F910A9), UINT64_C(0x02941E6AFC5E6D3F), ++ UINT64_C(0x00CAEFF18F01E2A7), UINT64_C(0x00C3611A9DC5189A), ++ UINT64_C(0x004BD42C721A7B6E), UINT64_C(0x02CFCE0AB6DE8255), ++ UINT64_C(0x0157E0604D9A6299) } }, ++ { { UINT64_C(0x004C36A17F3F00C1), UINT64_C(0x03AAE85897960B4C), ++ UINT64_C(0x00162519D94A771E), UINT64_C(0x00EFA894195CFB14), ++ UINT64_C(0x0377393E0BEA5785), UINT64_C(0x01275D68934C0C3C), ++ UINT64_C(0x020E33D09CE0D489), UINT64_C(0x00636664BBECE0A2), ++ UINT64_C(0x01D94E3BA2F10531) }, ++ { UINT64_C(0x00F1D932B72461C9), UINT64_C(0x030803CCCD33A980), ++ UINT64_C(0x03D527D0F91F6DBE), UINT64_C(0x032A75271076B0B3), ++ UINT64_C(0x00618C0762DDDF10), UINT64_C(0x0023381E1F452B93), ++ UINT64_C(0x02E55888093553F9), UINT64_C(0x0179B91A78A3270C), ++ UINT64_C(0x008109452184E2A2) } }, ++ }, ++ { ++ { { UINT64_C(0x039BF352B2648196), UINT64_C(0x0255A7410BF9D82B), ++ UINT64_C(0x00E69B9D9444400A), UINT64_C(0x0115B8CE4ADD0E15), ++ UINT64_C(0x0286C0702CA01A26), UINT64_C(0x0343E585D0F62B8D), ++ UINT64_C(0x0270AB3B658EDEED), UINT64_C(0x00BDF019DAC3BE2C), ++ UINT64_C(0x01DA71CEBA8F0207) }, ++ { UINT64_C(0x031B398D4D9BC7BB), UINT64_C(0x000CF24C3929C7AB), ++ UINT64_C(0x01B421C8D3FD5E6F), UINT64_C(0x007CC4196EE4E246), ++ UINT64_C(0x020BD4BEA34DCA8A), UINT64_C(0x0290B50CAE9698DF), ++ UINT64_C(0x00FCD1330F886EB9), UINT64_C(0x01E1AC79F03E8C00), ++ UINT64_C(0x00DA9DFFAC1D7299) } }, ++ { { UINT64_C(0x023B6F4171DE62A2), UINT64_C(0x02483565211B08E1), ++ UINT64_C(0x03590C48E9F4C557), UINT64_C(0x0300655D7CA7761E), ++ UINT64_C(0x000FC94679705CC8), UINT64_C(0x03F1F51E4C554176), ++ UINT64_C(0x02F4AA91C9B85DEC), UINT64_C(0x01830B06FDF1C0BD), ++ UINT64_C(0x01705BC114A4818F) }, ++ { UINT64_C(0x026AF34683BFC242), UINT64_C(0x02704B0386A138E6), ++ UINT64_C(0x0201A2D902335BC5), UINT64_C(0x00F97548337FE82F), ++ UINT64_C(0x0068481E95BAAC46), UINT64_C(0x02198BC38D3244C8), ++ UINT64_C(0x02FB3AE37E76F25B), UINT64_C(0x0051FD7A6C46B763), ++ UINT64_C(0x00BB4F63544525E2) } }, ++ { { UINT64_C(0x0184463DCFE3927A), UINT64_C(0x038592C4A5446C69), ++ UINT64_C(0x00820DA1FCA22B30), UINT64_C(0x01BE68F5BD638385), ++ UINT64_C(0x01820BD08BDBAACC), UINT64_C(0x02A44306C3D5797E), ++ UINT64_C(0x0038CCA1AA697778), UINT64_C(0x00C7C5B9FA5A6346), ++ UINT64_C(0x00AF09862D4121FA) }, ++ { UINT64_C(0x01CB3F3FBEBC6638), UINT64_C(0x037E0A83514FED33), ++ UINT64_C(0x03EACD5523409D6F), UINT64_C(0x020D6BA55D786340), ++ UINT64_C(0x01CCC13F9ADFA032), UINT64_C(0x0019CA4869978150), ++ UINT64_C(0x039E387EBA3B5F3E), UINT64_C(0x02E531E4CE95EAED), ++ UINT64_C(0x019F9D4B6C1E271A) } }, ++ { { UINT64_C(0x03D9C637E6B4D0F2), UINT64_C(0x02F39727B4A2B4A9), ++ UINT64_C(0x03B1C91C466BE1FF), UINT64_C(0x0002CA1D422DB470), ++ UINT64_C(0x035959F6F8064E3B), UINT64_C(0x01A06409B64B70C1), ++ UINT64_C(0x0138166589198416), UINT64_C(0x01E4D2E6E69DFBF6), ++ UINT64_C(0x01235B6CCAD8ED3A) }, ++ { UINT64_C(0x036BC004511EBBDB), UINT64_C(0x03C77128404EB6AD), ++ UINT64_C(0x02C7DBC63944D083), UINT64_C(0x00A0B83D92DC53A7), ++ UINT64_C(0x0236B4A39AE88503), UINT64_C(0x03A8D6E5C0E1C279), ++ UINT64_C(0x029FE38FA8BE1456), UINT64_C(0x03585B0A0A7CC668), ++ UINT64_C(0x00A7641453F65799) } }, ++ { { UINT64_C(0x00158306BEA400A9), UINT64_C(0x007F40534A2A445F), ++ UINT64_C(0x01C35C303D86F4A4), UINT64_C(0x00EDDE592FDFA8FD), ++ UINT64_C(0x0103A9EFC14289AA), UINT64_C(0x03407BDDBE6E50BA), ++ UINT64_C(0x009401AB57CFB13E), UINT64_C(0x0399C8A12EA5A5B1), ++ UINT64_C(0x00FC6AFA631B2401) }, ++ { UINT64_C(0x03676F7FA3EA1F68), UINT64_C(0x0292D21900F132BA), ++ UINT64_C(0x023C1FDE32777454), UINT64_C(0x016AD44E9E4A043B), ++ UINT64_C(0x034CE0B6BF5A83B8), UINT64_C(0x007C5DBECEE12BCA), ++ UINT64_C(0x034C6521C9D71204), UINT64_C(0x0295DA0F38E7DE8B), ++ UINT64_C(0x0062381F9092A871) } }, ++ { { UINT64_C(0x021E20A63FBBA24C), UINT64_C(0x036388882DF52B55), ++ UINT64_C(0x00530F2F7C7C2371), UINT64_C(0x03643DB108CC955E), ++ UINT64_C(0x024B18165F1B6107), UINT64_C(0x02769559E8B8FA46), ++ UINT64_C(0x00ABDA3964357585), UINT64_C(0x006A3DE26D6BDE65), ++ UINT64_C(0x00FA0EF45FF0F7F0) }, ++ { UINT64_C(0x0328AF72F4ADEFE3), UINT64_C(0x00F209DB1F3C181A), ++ UINT64_C(0x01A0AC16B36B8052), UINT64_C(0x03FE68F1AFEB358F), ++ UINT64_C(0x011BB7B356C432BB), UINT64_C(0x03D087AF0D447953), ++ UINT64_C(0x00088B00BECEF91E), UINT64_C(0x0330A2DA3B763B85), ++ UINT64_C(0x01CC26379FF0902A) } }, ++ { { UINT64_C(0x02451A0F72841A85), UINT64_C(0x0354FC0056ED797F), ++ UINT64_C(0x03F4EAB6EB12B346), UINT64_C(0x0032B842273C8FB8), ++ UINT64_C(0x024B836D935DD874), UINT64_C(0x0090627CCD9E0492), ++ UINT64_C(0x0244927C3C49DF5D), UINT64_C(0x0042534A4E5AA66E), ++ UINT64_C(0x00B4C23CB62729C6) }, ++ { UINT64_C(0x00295DE15E7B0D82), UINT64_C(0x003481AED4B38216), ++ UINT64_C(0x020CB574DA2A8CEB), UINT64_C(0x03DB292DC006EFC3), ++ UINT64_C(0x03153DE3966C31DB), UINT64_C(0x0398C0D13BB538D2), ++ UINT64_C(0x00D2735B5509DAE6), UINT64_C(0x00BBE1C7422AD656), ++ UINT64_C(0x006495E2F55306CC) } }, ++ { { UINT64_C(0x00FC0E58752517BF), UINT64_C(0x0287DC3FE2714AA6), ++ UINT64_C(0x024BBBD332D8AADB), UINT64_C(0x000BF6FA0D08504F), ++ UINT64_C(0x02E724A624D71D7E), UINT64_C(0x01F16EF435B7F288), ++ UINT64_C(0x024E6F71370923F3), UINT64_C(0x00C2B9525922566C), ++ UINT64_C(0x005733338A43CFE0) }, ++ { UINT64_C(0x0372270A8BB6E5C0), UINT64_C(0x0023295E1C578E27), ++ UINT64_C(0x01EA019B1BDD171A), UINT64_C(0x0243564F2EC5E9B6), ++ UINT64_C(0x01283B58FFA9DAE7), UINT64_C(0x00215CCB462BFC41), ++ UINT64_C(0x03E3900D562119A3), UINT64_C(0x0273C10EF622442D), ++ UINT64_C(0x00D7B5F5A5718A0A) } }, ++ { { UINT64_C(0x03E792204254F3D7), UINT64_C(0x0197A7FB52460AD3), ++ UINT64_C(0x0387DC97132E1376), UINT64_C(0x00D82DE34F7F5873), ++ UINT64_C(0x03B853655C8CF8AC), UINT64_C(0x0173E013A8BD55E9), ++ UINT64_C(0x008A7D4896369A87), UINT64_C(0x024DBCC16EA9BB3A), ++ UINT64_C(0x010910C0CEC40352) }, ++ { UINT64_C(0x03B95A34F108C612), UINT64_C(0x0333E2F3D8672331), ++ UINT64_C(0x028C77D48D5C235B), UINT64_C(0x0233CC3106C11962), ++ UINT64_C(0x03EBBF90DDDA15FE), UINT64_C(0x0369066DD81ED647), ++ UINT64_C(0x03BD05AA96CD4304), UINT64_C(0x039E3FFACDB3BA32), ++ UINT64_C(0x01EAC4B260DDEC7F) } }, ++ { { UINT64_C(0x035858F23BBE227D), UINT64_C(0x00EAE5030697E923), ++ UINT64_C(0x02368A87F3DE71C5), UINT64_C(0x0168E7B6DEE0F7C3), ++ UINT64_C(0x00527543ED139D52), UINT64_C(0x0127219B1CDD187E), ++ UINT64_C(0x023DB1516D99AC2E), UINT64_C(0x008101C88F395DB5), ++ UINT64_C(0x00C6A87659F9030E) }, ++ { UINT64_C(0x039C69A3A7EC3A20), UINT64_C(0x02842173900384B8), ++ UINT64_C(0x0136BA0852E2F7FE), UINT64_C(0x034921364764BE1F), ++ UINT64_C(0x02C74764840F38B3), UINT64_C(0x02F37D32908AE4DC), ++ UINT64_C(0x0138C24B162396AC), UINT64_C(0x02A70AD1A514245D), ++ UINT64_C(0x00C442ABF244BFAF) } }, ++ { { UINT64_C(0x02A6B09F093E7BB1), UINT64_C(0x027395A268EC7AC7), ++ UINT64_C(0x028CC643D554CA43), UINT64_C(0x0035243849E2C949), ++ UINT64_C(0x03CF25745B571D36), UINT64_C(0x00F8968B891A06D4), ++ UINT64_C(0x03F9158462DF4912), UINT64_C(0x0277B23F176B632C), ++ UINT64_C(0x0100FDC9203FE38B) }, ++ { UINT64_C(0x024667E35C0213B3), UINT64_C(0x001C9D8E55C59D73), ++ UINT64_C(0x03C67911C028CE7C), UINT64_C(0x01D6BE78640D4CA8), ++ UINT64_C(0x024E359FD8B3F600), UINT64_C(0x03240449153262A6), ++ UINT64_C(0x03B253E7A16A83A5), UINT64_C(0x02FDB9879C3019FF), ++ UINT64_C(0x01D5771531A45180) } }, ++ { { UINT64_C(0x02FFF1EEAD72BA02), UINT64_C(0x01773B2AD40CD7B5), ++ UINT64_C(0x00B549067C93A24B), UINT64_C(0x0040E568D769A5B9), ++ UINT64_C(0x01CBA8C547CFD559), UINT64_C(0x01B900D1740D29F8), ++ UINT64_C(0x0153A5FEC2807EDD), UINT64_C(0x003616B13CBFDC6E), ++ UINT64_C(0x014FA30FBEC2B9FF) }, ++ { UINT64_C(0x03CEBD84555A3B73), UINT64_C(0x011642C087A74BA4), ++ UINT64_C(0x03FAF4C90C28B568), UINT64_C(0x00D2B6FE13831FC3), ++ UINT64_C(0x02F1845F4A404C99), UINT64_C(0x03031352DB2945ED), ++ UINT64_C(0x0192B108B24A2CC8), UINT64_C(0x008B79F2C497B8AE), ++ UINT64_C(0x016844B1F9A48A1A) } }, ++ { { UINT64_C(0x033F1B159EA0B318), UINT64_C(0x015BA4F73890FCA5), ++ UINT64_C(0x03AB1671767AEB58), UINT64_C(0x0190DE3F4B53983C), ++ UINT64_C(0x01C67D39EE1606B7), UINT64_C(0x02092898897E0832), ++ UINT64_C(0x016BC61B17E221D9), UINT64_C(0x0302B2A3F7863F1A), ++ UINT64_C(0x0153FC11A3315E45) }, ++ { UINT64_C(0x02AC9E25352466CC), UINT64_C(0x03A49408E6FA3892), ++ UINT64_C(0x03B3B7FC83F96BAA), UINT64_C(0x02447E01B52DE677), ++ UINT64_C(0x01EB6353F032192D), UINT64_C(0x00910C3CF3E5926D), ++ UINT64_C(0x02261F650A5EA2DB), UINT64_C(0x03AA8819EC45E274), ++ UINT64_C(0x01F274F4B47595FA) } }, ++ { { UINT64_C(0x0026282EB3F78C83), UINT64_C(0x00C28C0709CFCB19), ++ UINT64_C(0x01821376CE1FE0A2), UINT64_C(0x01FDCED392DF4511), ++ UINT64_C(0x007CEFA4CDFC46EC), UINT64_C(0x01C18D201835A1D3), ++ UINT64_C(0x021190BA9D0FC1B3), UINT64_C(0x01CF1181F215C327), ++ UINT64_C(0x0144F63DC1DC2337) }, ++ { UINT64_C(0x02467154F82AE76F), UINT64_C(0x00A8E4BC6B21A6C1), ++ UINT64_C(0x003C5960D11DFC29), UINT64_C(0x02CCE05B7F97DFEA), ++ UINT64_C(0x0155EBEF61A21A64), UINT64_C(0x02E5A1DD22DB3809), ++ UINT64_C(0x008CACD3BAEA4ADC), UINT64_C(0x01AF102BA92E48C7), ++ UINT64_C(0x0060B7381DB1721E) } }, ++ { { UINT64_C(0x03861A0264B1FB35), UINT64_C(0x02F8C8B3CD33A6FA), ++ UINT64_C(0x030806F41BBA295F), UINT64_C(0x0164D82631325495), ++ UINT64_C(0x00CE9EA6FF0E358B), UINT64_C(0x0079012DD18DCC6B), ++ UINT64_C(0x000CC353D3BB1AC0), UINT64_C(0x03AB6D47DE397D50), ++ UINT64_C(0x00AD096897EA08E2) }, ++ { UINT64_C(0x023B78EFC3812C10), UINT64_C(0x0089EFA9532A659C), ++ UINT64_C(0x0281A0EB9A3DF013), UINT64_C(0x03AE4559CDF48DB0), ++ UINT64_C(0x00CF5D05BA21B5A4), UINT64_C(0x000FB2B315217C86), ++ UINT64_C(0x018D07209C8D7927), UINT64_C(0x0142BF514B4FAA4C), ++ UINT64_C(0x002374D59706AD5B) } }, ++ { { UINT64_C(0x00C15F67DD00894F), UINT64_C(0x0365718AE78487A2), ++ UINT64_C(0x01F5CF8A8DD7221A), UINT64_C(0x00B966824944DA72), ++ UINT64_C(0x039495E53E96A028), UINT64_C(0x017A489926C99CDF), ++ UINT64_C(0x03E7DBA2A6042AD8), UINT64_C(0x0070896FE2C77ED8), ++ UINT64_C(0x01DE2D3E99009396) }, ++ { UINT64_C(0x02CDACE519305F18), UINT64_C(0x0199321FCFA0FFC9), ++ UINT64_C(0x01FDEB80C6DC481C), UINT64_C(0x02944307EF501A18), ++ UINT64_C(0x0007F535095DB6A0), UINT64_C(0x01898CF112F16E56), ++ UINT64_C(0x00CB5741AFE7E00B), UINT64_C(0x01926B1FD8D17FCB), ++ UINT64_C(0x015E5CD28BDE5A59) } }, ++ }, ++ { ++ { { UINT64_C(0x0287283D0F0DB502), UINT64_C(0x01F7D518BD1DEC47), ++ UINT64_C(0x0110E901D0288278), UINT64_C(0x000A9C8AA5A57C0C), ++ UINT64_C(0x03B765C5FA16BDCF), UINT64_C(0x03E5DF4E7DE798D7), ++ UINT64_C(0x00F43CD382F586CB), UINT64_C(0x016DF729B4C5BFE2), ++ UINT64_C(0x00F84CAB1D3D3490) }, ++ { UINT64_C(0x03C62F43F45CE248), UINT64_C(0x01779CCA073E2076), ++ UINT64_C(0x003E7EB22E4B1573), UINT64_C(0x0192926CE48BFBEA), ++ UINT64_C(0x00AEAE190B45D381), UINT64_C(0x02BD36FBE7AB443A), ++ UINT64_C(0x00906E0CD124F126), UINT64_C(0x025881B2A14C49E4), ++ UINT64_C(0x016E768F54273911) } }, ++ { { UINT64_C(0x0339D7B298B06389), UINT64_C(0x00171C63E44DC1B1), ++ UINT64_C(0x00C31B1589FD2080), UINT64_C(0x00B27F131898A9FA), ++ UINT64_C(0x0342FE5ADE76B5A2), UINT64_C(0x01090D97105A2655), ++ UINT64_C(0x0388BB1432187198), UINT64_C(0x02D27D0C82BF52D7), ++ UINT64_C(0x00807B9F1B11A583) }, ++ { UINT64_C(0x01F3344975177EBC), UINT64_C(0x00D1C4854243F6DB), ++ UINT64_C(0x00CF85E1839AB312), UINT64_C(0x00D9C19A12D20012), ++ UINT64_C(0x01709110819085E7), UINT64_C(0x011FEDA170483D5C), ++ UINT64_C(0x01B28F055EEB31A0), UINT64_C(0x02289D0F2CBAB0E6), ++ UINT64_C(0x000867BA2963A0E1) } }, ++ { { UINT64_C(0x03F6911B90581DC0), UINT64_C(0x01F1FB19987F20FB), ++ UINT64_C(0x0134E22EFA2F437F), UINT64_C(0x00398E1EB156A4E0), ++ UINT64_C(0x0325F4C0DBD2FAF4), UINT64_C(0x0204D252D5C55B5B), ++ UINT64_C(0x00E279F64EA373DA), UINT64_C(0x01DB9B5CD34A8E6F), ++ UINT64_C(0x00D14F2FC1B2EE3D) }, ++ { UINT64_C(0x0391CF084FAB453E), UINT64_C(0x016D9E632F3C4388), ++ UINT64_C(0x01D15FD339420C4A), UINT64_C(0x026356CC61C907C7), ++ UINT64_C(0x026E23E3D6197795), UINT64_C(0x0142F5E058DB2B6C), ++ UINT64_C(0x020EFE8EAFF59180), UINT64_C(0x00A481A4F4563A8C), ++ UINT64_C(0x012FEE21C8B4C4E9) } }, ++ { { UINT64_C(0x02056DCD3DB8A57B), UINT64_C(0x0317AAE4B46AB720), ++ UINT64_C(0x031833D064C1F1CD), UINT64_C(0x03A3CC17BEBD056B), ++ UINT64_C(0x03F05A7034003715), UINT64_C(0x009FAC41671C58C9), ++ UINT64_C(0x01BEE4D8BD8671CA), UINT64_C(0x0004BC6DBD8A8392), ++ UINT64_C(0x01F15A2D6E92E74A) }, ++ { UINT64_C(0x010933993D4BD6B6), UINT64_C(0x028502613D6FDD77), ++ UINT64_C(0x0134D55E73D97A09), UINT64_C(0x001DB5E602D2AA86), ++ UINT64_C(0x00FE1E6979BF531F), UINT64_C(0x02AC99028117960B), ++ UINT64_C(0x03849A42EAAB4E66), UINT64_C(0x0190FBBD3B94D87F), ++ UINT64_C(0x011CAB9AC249065C) } }, ++ { { UINT64_C(0x03000D01D5AD0B4E), UINT64_C(0x01E094F415439045), ++ UINT64_C(0x0071645EF32A823C), UINT64_C(0x013C18E27FCF9EA5), ++ UINT64_C(0x00B2733886CDC7A9), UINT64_C(0x02902330EF732EA5), ++ UINT64_C(0x003C25CEA5C5686B), UINT64_C(0x029DF5773028F0CD), ++ UINT64_C(0x016FB941FCD6583D) }, ++ { UINT64_C(0x01DEA99AF3494AD9), UINT64_C(0x03BA2C1B9C712901), ++ UINT64_C(0x02E32E4B0A8430F2), UINT64_C(0x00CB695E8BF6F96B), ++ UINT64_C(0x0161F767B32907C2), UINT64_C(0x002FC8531B5E7CEC), ++ UINT64_C(0x00298C1304153AFA), UINT64_C(0x0189BCBF02EE4544), ++ UINT64_C(0x0035592EC7CAC39B) } }, ++ { { UINT64_C(0x0359513866647B76), UINT64_C(0x00DB6945523879DD), ++ UINT64_C(0x0349C662AF030344), UINT64_C(0x03638440AAB5A275), ++ UINT64_C(0x02A0720FE9DC8A6B), UINT64_C(0x011CEE4DF271AE5F), ++ UINT64_C(0x00BC676869500BE5), UINT64_C(0x02F5135FF9B7674F), ++ UINT64_C(0x00142511483B55E9) }, ++ { UINT64_C(0x02DE083E6D8A2C33), UINT64_C(0x014C0545D4B8062F), ++ UINT64_C(0x01AD94143AC28589), UINT64_C(0x01AEBAA37C00A634), ++ UINT64_C(0x0078E06973DA0209), UINT64_C(0x03F56A237FA0E6B0), ++ UINT64_C(0x02879F4A94D49E71), UINT64_C(0x01BE6BF822D1FD4F), ++ UINT64_C(0x00F9E2018F9FBF87) } }, ++ { { UINT64_C(0x025B8DCB938F6A40), UINT64_C(0x0026725B42FA4F9B), ++ UINT64_C(0x039198D12A999847), UINT64_C(0x010A9C957A1EFA18), ++ UINT64_C(0x012FAA8E7E5D1356), UINT64_C(0x0205AB8BB7E3A8BA), ++ UINT64_C(0x015652F190E95489), UINT64_C(0x0231452E385A88C6), ++ UINT64_C(0x0096A500D25B0C46) }, ++ { UINT64_C(0x01B6696514F1EAD3), UINT64_C(0x026BE39E6BD0E127), ++ UINT64_C(0x01725DEFE2C66DD3), UINT64_C(0x01FEAE05ECA5B5BB), ++ UINT64_C(0x015AA101430609C7), UINT64_C(0x0274AAB1807123A3), ++ UINT64_C(0x02A446B243B7DBAC), UINT64_C(0x007DC3A911987A6B), ++ UINT64_C(0x005309D7E2813F76) } }, ++ { { UINT64_C(0x01966924104023FD), UINT64_C(0x0020B1F67AD27833), ++ UINT64_C(0x03DFD742FB1D5AC6), UINT64_C(0x017F6DD6D843D1C9), ++ UINT64_C(0x01DEAB06F70CFD0B), UINT64_C(0x00F3AAA1D84BA46E), ++ UINT64_C(0x01535D03B00F23FA), UINT64_C(0x02F223786ADE70A7), ++ UINT64_C(0x00DC3F149A4B2AAE) }, ++ { UINT64_C(0x0318A8079CA626DD), UINT64_C(0x00A1DE38CE5C6BE6), ++ UINT64_C(0x032F55E2E4E50992), UINT64_C(0x0192257A6FB7EED9), ++ UINT64_C(0x020B9106C175FDEB), UINT64_C(0x001ACA988C739470), ++ UINT64_C(0x02A12D0A78C3DAD7), UINT64_C(0x02A0BFDBC1802E4D), ++ UINT64_C(0x0138CB75E6BBB8BA) } }, ++ { { UINT64_C(0x00B271637F32AB3F), UINT64_C(0x02196867BE3CDC78), ++ UINT64_C(0x00647C1710CC4F5D), UINT64_C(0x00A0EDE0B8D8DB71), ++ UINT64_C(0x0092AB51B9BB942A), UINT64_C(0x030CEE5FF47C8C77), ++ UINT64_C(0x0172B6296758CE89), UINT64_C(0x03FBF70A184CFE5F), ++ UINT64_C(0x0101B88E67F1E05D) }, ++ { UINT64_C(0x02FFBCD12737D38E), UINT64_C(0x02754305441EA3F7), ++ UINT64_C(0x0174766ADA98B6A0), UINT64_C(0x00EEEAD822C29CD7), ++ UINT64_C(0x02D88F6B991FA26B), UINT64_C(0x02CB655B1E5DF95B), ++ UINT64_C(0x03DD0BD505307E4F), UINT64_C(0x010182FDFC359D4A), ++ UINT64_C(0x00755C3675A01A9E) } }, ++ { { UINT64_C(0x00371ACBFD4D4113), UINT64_C(0x01CD0CEE90EDA0C0), ++ UINT64_C(0x023F0667BA099F71), UINT64_C(0x0122476EC028AFF8), ++ UINT64_C(0x0057490C1B9D3C8E), UINT64_C(0x0037D1A2CAFBC030), ++ UINT64_C(0x0357613B144BA059), UINT64_C(0x030B5ED5F7E2DFAA), ++ UINT64_C(0x00C03407E66571BC) }, ++ { UINT64_C(0x015B2051592A3113), UINT64_C(0x033C0B977FE1CA61), ++ UINT64_C(0x0114564ECE17F466), UINT64_C(0x02770F5D995C1ECC), ++ UINT64_C(0x01D8797648C617E7), UINT64_C(0x00B30F6FB78CAD34), ++ UINT64_C(0x036CD504495109EC), UINT64_C(0x02EA78A9F6758E7F), ++ UINT64_C(0x007A71C9E769E9C6) } }, ++ { { UINT64_C(0x011D5BE35201CD59), UINT64_C(0x0209D1C58765C0EE), ++ UINT64_C(0x01D25192839B1DB8), UINT64_C(0x03EAD38ED4A2B60E), ++ UINT64_C(0x0057B36709A7B7AA), UINT64_C(0x0085B62AF338BC2B), ++ UINT64_C(0x030F3BEF5577F894), UINT64_C(0x0390BAA242140FD9), ++ UINT64_C(0x011B9BF27FA21CD6) }, ++ { UINT64_C(0x031FF60458FFB263), UINT64_C(0x00D71C9EC589C2CE), ++ UINT64_C(0x006C50B6449B7493), UINT64_C(0x034EF7D63824AD56), ++ UINT64_C(0x038578A6820938F3), UINT64_C(0x00843B021ED27247), ++ UINT64_C(0x02672B0B7E864C01), UINT64_C(0x00FE28A0AD914F56), ++ UINT64_C(0x01870F7E6544AD26) } }, ++ { { UINT64_C(0x03FABFF21E593E49), UINT64_C(0x01EB902CACEDCD38), ++ UINT64_C(0x010907F07EA1634E), UINT64_C(0x013A3B3D20F1ACCD), ++ UINT64_C(0x035F3C751269190C), UINT64_C(0x02F6BAE3746C46A6), ++ UINT64_C(0x00097CBB9F7B998C), UINT64_C(0x016B88BF2C151BD8), ++ UINT64_C(0x01317587E7C4BAF5) }, ++ { UINT64_C(0x027516E2062B46F6), UINT64_C(0x01703ECD4583F2AB), ++ UINT64_C(0x007D01ABE67B4364), UINT64_C(0x00F1753628034E7C), ++ UINT64_C(0x0108FF0FECD3BD76), UINT64_C(0x033B697531A2F0AC), ++ UINT64_C(0x010AC9943B9A6425), UINT64_C(0x020BC633526FFAA7), ++ UINT64_C(0x0006E03EC9A132B1) } }, ++ { { UINT64_C(0x016BC247531FFCBB), UINT64_C(0x02EE2DDBF721D516), ++ UINT64_C(0x0052E0725E10638A), UINT64_C(0x013566F49B1AAC88), ++ UINT64_C(0x007343ED5106C60D), UINT64_C(0x02985C4AAAB232AC), ++ UINT64_C(0x0113830C6312DE7A), UINT64_C(0x0136F1CF05895FFF), ++ UINT64_C(0x01ED7817C0B0027B) }, ++ { UINT64_C(0x02716A42F749B010), UINT64_C(0x039DC807B7BDBC44), ++ UINT64_C(0x035DFD64A2C7F19C), UINT64_C(0x00AFE5B488D67F84), ++ UINT64_C(0x03831B1AD5D8B241), UINT64_C(0x00FEF3BA557CC901), ++ UINT64_C(0x0082C2A38F96B970), UINT64_C(0x027380F80F3D96E5), ++ UINT64_C(0x014FDF6544812C07) } }, ++ { { UINT64_C(0x03600187B0C6A752), UINT64_C(0x019E405A0263FA53), ++ UINT64_C(0x000E0EA369E1C1BF), UINT64_C(0x0130C422E3895E24), ++ UINT64_C(0x035F4072E884BDCB), UINT64_C(0x0284B4DBC9FDB267), ++ UINT64_C(0x0159D4401B2054DE), UINT64_C(0x03649FACE16E526C), ++ UINT64_C(0x0100AC3AAFFE225D) }, ++ { UINT64_C(0x03BA224ACAFA8C2B), UINT64_C(0x031E5C26E31FAF8C), ++ UINT64_C(0x00B183566D47E97E), UINT64_C(0x0020C64F9C9C2688), ++ UINT64_C(0x02F6655D04CC893B), UINT64_C(0x03908BE8D4648FE4), ++ UINT64_C(0x02F14F85922DC116), UINT64_C(0x031D345610C10114), ++ UINT64_C(0x00FC287447A5FA2D) } }, ++ { { UINT64_C(0x020880798CEE5802), UINT64_C(0x03BE370A4C38C7FF), ++ UINT64_C(0x00934BE76CF041A3), UINT64_C(0x011B7A12BC50EEE4), ++ UINT64_C(0x0301BD4FC9636CD4), UINT64_C(0x03C53C2A0264C2CE), ++ UINT64_C(0x0347FF0A389DC319), UINT64_C(0x03A848048891AD07), ++ UINT64_C(0x0110D35394388CFB) }, ++ { UINT64_C(0x0042E86EE18DA0C0), UINT64_C(0x0359DB5D730A12EE), ++ UINT64_C(0x03D8CD72D5690026), UINT64_C(0x01FD191FD18F2690), ++ UINT64_C(0x00B8691FD8727A16), UINT64_C(0x0135130205267C55), ++ UINT64_C(0x011FDBAF57A304DB), UINT64_C(0x012D7FC9DED7342D), ++ UINT64_C(0x01BFE56058019C74) } }, ++ { { UINT64_C(0x00ADCF21754184BF), UINT64_C(0x02532EC18F101A1B), ++ UINT64_C(0x02E7AA58B7598AF4), UINT64_C(0x0297C67528666348), ++ UINT64_C(0x022BAF11DF85DAD5), UINT64_C(0x0097F7BCDA9CFFA7), ++ UINT64_C(0x03F0C563228A2E65), UINT64_C(0x0316126723B57D49), ++ UINT64_C(0x019B45ECCD3F5983) }, ++ { UINT64_C(0x02B86D25E0A95EDC), UINT64_C(0x027ED42D9C73BD22), ++ UINT64_C(0x0385F10181D77392), UINT64_C(0x02C8AA05E16378DB), ++ UINT64_C(0x02962E884B04947C), UINT64_C(0x00A054D788CF48A9), ++ UINT64_C(0x006616654F6E2CF7), UINT64_C(0x021848D66B0ACC97), ++ UINT64_C(0x00E73704171C5696) } }, ++ } ++}; ++ ++/*- ++ * Q := 2P, both projective, Q and P same pointers OK ++ * Autogenerated: op3/dbl_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 6 ++ * ASSERT: a = -3 ++ */ ++static void ++point_double(pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X = P->X; ++ const limb_t *Y = P->Y; ++ const limb_t *Z = P->Z; ++ limb_t *X3 = Q->X; ++ limb_t *Y3 = Q->Y; ++ limb_t *Z3 = Q->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp521r1_carry_square(t0, X); ++ fiat_secp521r1_carry_square(t1, Y); ++ fiat_secp521r1_carry_square(t2, Z); ++ fiat_secp521r1_carry_mul(t3, X, Y); ++ fiat_secp521r1_carry_add(t3, t3, t3); ++ fiat_secp521r1_carry_mul(t4, Y, Z); ++ fiat_secp521r1_carry_mul(Z3, X, Z); ++ fiat_secp521r1_carry_add(Z3, Z3, Z3); ++ fiat_secp521r1_carry_mul(Y3, b, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, Z3); ++ fiat_secp521r1_carry_add(X3, Y3, Y3); ++ fiat_secp521r1_carry_add(Y3, X3, Y3); ++ fiat_secp521r1_carry_sub(X3, t1, Y3); ++ fiat_secp521r1_carry_add(Y3, t1, Y3); ++ fiat_secp521r1_carry_mul(Y3, X3, Y3); ++ fiat_secp521r1_carry_mul(X3, X3, t3); ++ fiat_secp521r1_carry_add(t3, t2, t2); ++ fiat_secp521r1_carry_add(t2, t2, t3); ++ fiat_secp521r1_carry_mul(Z3, b, Z3); ++ fiat_secp521r1_carry_sub(Z3, Z3, t2); ++ fiat_secp521r1_carry_sub(Z3, Z3, t0); ++ fiat_secp521r1_carry_add(t3, Z3, Z3); ++ fiat_secp521r1_carry_add(Z3, Z3, t3); ++ fiat_secp521r1_carry_add(t3, t0, t0); ++ fiat_secp521r1_carry_add(t0, t3, t0); ++ fiat_secp521r1_carry_sub(t0, t0, t2); ++ fiat_secp521r1_carry_mul(t0, t0, Z3); ++ fiat_secp521r1_carry_add(Y3, Y3, t0); ++ fiat_secp521r1_carry_add(t0, t4, t4); ++ fiat_secp521r1_carry_mul(Z3, t0, Z3); ++ fiat_secp521r1_carry_sub(X3, X3, Z3); ++ fiat_secp521r1_carry_mul(Z3, t0, t1); ++ fiat_secp521r1_carry_add(Z3, Z3, Z3); ++ fiat_secp521r1_carry_add(Z3, Z3, Z3); ++} ++ ++/*- ++ * out1 = (arg1 == 0) ? 0 : nz ++ * NB: this is not a "mod p equiv" 0, but literal 0 ++ * NB: this is not a real Fiat function, just named that way for consistency. ++ */ ++static void ++fiat_secp521r1_nonzero(limb_t *out1, const fe_t arg1) ++{ ++ limb_t x1 = 0; ++ int i; ++ ++ for (i = 0; i < LIMB_CNT; i++) ++ x1 |= arg1[i]; ++ *out1 = x1; ++} ++ ++/*- ++ * R := Q + P where R and Q are projective, P affine. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_mixed.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 5 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_mixed(pt_prj_t *R, const pt_prj_t *Q, const pt_aff_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ fe_t X3; ++ fe_t Y3; ++ fe_t Z3; ++ limb_t nz; ++ ++ /* check P for affine inf */ ++ fiat_secp521r1_nonzero(&nz, P->Y); ++ ++ /* the curve arith formula */ ++ fiat_secp521r1_carry_mul(t0, X1, X2); ++ fiat_secp521r1_carry_mul(t1, Y1, Y2); ++ fiat_secp521r1_carry_add(t3, X2, Y2); ++ fiat_secp521r1_carry_add(t4, X1, Y1); ++ fiat_secp521r1_carry_mul(t3, t3, t4); ++ fiat_secp521r1_carry_add(t4, t0, t1); ++ fiat_secp521r1_carry_sub(t3, t3, t4); ++ fiat_secp521r1_carry_mul(t4, Y2, Z1); ++ fiat_secp521r1_carry_add(t4, t4, Y1); ++ fiat_secp521r1_carry_mul(Y3, X2, Z1); ++ fiat_secp521r1_carry_add(Y3, Y3, X1); ++ fiat_secp521r1_carry_mul(Z3, b, Z1); ++ fiat_secp521r1_carry_sub(X3, Y3, Z3); ++ fiat_secp521r1_carry_add(Z3, X3, X3); ++ fiat_secp521r1_carry_add(X3, X3, Z3); ++ fiat_secp521r1_carry_sub(Z3, t1, X3); ++ fiat_secp521r1_carry_add(X3, t1, X3); ++ fiat_secp521r1_carry_mul(Y3, b, Y3); ++ fiat_secp521r1_carry_add(t1, Z1, Z1); ++ fiat_secp521r1_carry_add(t2, t1, Z1); ++ fiat_secp521r1_carry_sub(Y3, Y3, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, t0); ++ fiat_secp521r1_carry_add(t1, Y3, Y3); ++ fiat_secp521r1_carry_add(Y3, t1, Y3); ++ fiat_secp521r1_carry_add(t1, t0, t0); ++ fiat_secp521r1_carry_add(t0, t1, t0); ++ fiat_secp521r1_carry_sub(t0, t0, t2); ++ fiat_secp521r1_carry_mul(t1, t4, Y3); ++ fiat_secp521r1_carry_mul(t2, t0, Y3); ++ fiat_secp521r1_carry_mul(Y3, X3, Z3); ++ fiat_secp521r1_carry_add(Y3, Y3, t2); ++ fiat_secp521r1_carry_mul(X3, t3, X3); ++ fiat_secp521r1_carry_sub(X3, X3, t1); ++ fiat_secp521r1_carry_mul(Z3, t4, Z3); ++ fiat_secp521r1_carry_mul(t1, t3, t0); ++ fiat_secp521r1_carry_add(Z3, Z3, t1); ++ ++ /* if P is inf, throw all that away and take Q */ ++ fiat_secp521r1_selectznz(R->X, nz, Q->X, X3); ++ fiat_secp521r1_selectznz(R->Y, nz, Q->Y, Y3); ++ fiat_secp521r1_selectznz(R->Z, nz, Q->Z, Z3); ++} ++ ++/*- ++ * R := Q + P all projective. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 4 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_proj(pt_prj_t *R, const pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4, t5; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ const limb_t *Z2 = P->Z; ++ limb_t *X3 = R->X; ++ limb_t *Y3 = R->Y; ++ limb_t *Z3 = R->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp521r1_carry_mul(t0, X1, X2); ++ fiat_secp521r1_carry_mul(t1, Y1, Y2); ++ fiat_secp521r1_carry_mul(t2, Z1, Z2); ++ fiat_secp521r1_carry_add(t3, X1, Y1); ++ fiat_secp521r1_carry_add(t4, X2, Y2); ++ fiat_secp521r1_carry_mul(t3, t3, t4); ++ fiat_secp521r1_carry_add(t4, t0, t1); ++ fiat_secp521r1_carry_sub(t3, t3, t4); ++ fiat_secp521r1_carry_add(t4, Y1, Z1); ++ fiat_secp521r1_carry_add(t5, Y2, Z2); ++ fiat_secp521r1_carry_mul(t4, t4, t5); ++ fiat_secp521r1_carry_add(t5, t1, t2); ++ fiat_secp521r1_carry_sub(t4, t4, t5); ++ fiat_secp521r1_carry_add(X3, X1, Z1); ++ fiat_secp521r1_carry_add(Y3, X2, Z2); ++ fiat_secp521r1_carry_mul(X3, X3, Y3); ++ fiat_secp521r1_carry_add(Y3, t0, t2); ++ fiat_secp521r1_carry_sub(Y3, X3, Y3); ++ fiat_secp521r1_carry_mul(Z3, b, t2); ++ fiat_secp521r1_carry_sub(X3, Y3, Z3); ++ fiat_secp521r1_carry_add(Z3, X3, X3); ++ fiat_secp521r1_carry_add(X3, X3, Z3); ++ fiat_secp521r1_carry_sub(Z3, t1, X3); ++ fiat_secp521r1_carry_add(X3, t1, X3); ++ fiat_secp521r1_carry_mul(Y3, b, Y3); ++ fiat_secp521r1_carry_add(t1, t2, t2); ++ fiat_secp521r1_carry_add(t2, t1, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, t0); ++ fiat_secp521r1_carry_add(t1, Y3, Y3); ++ fiat_secp521r1_carry_add(Y3, t1, Y3); ++ fiat_secp521r1_carry_add(t1, t0, t0); ++ fiat_secp521r1_carry_add(t0, t1, t0); ++ fiat_secp521r1_carry_sub(t0, t0, t2); ++ fiat_secp521r1_carry_mul(t1, t4, Y3); ++ fiat_secp521r1_carry_mul(t2, t0, Y3); ++ fiat_secp521r1_carry_mul(Y3, X3, Z3); ++ fiat_secp521r1_carry_add(Y3, Y3, t2); ++ fiat_secp521r1_carry_mul(X3, t3, X3); ++ fiat_secp521r1_carry_sub(X3, X3, t1); ++ fiat_secp521r1_carry_mul(Z3, t4, Z3); ++ fiat_secp521r1_carry_mul(t1, t3, t0); ++ fiat_secp521r1_carry_add(Z3, Z3, t1); ++} ++ ++/* constants */ ++#define RADIX 5 ++#define DRADIX (1 << RADIX) ++#define DRADIX_WNAF ((DRADIX) << 1) ++ ++/*- ++ * precomp for wnaf scalar multiplication: ++ * precomp[0] = 1P ++ * precomp[1] = 3P ++ * precomp[2] = 5P ++ * precomp[3] = 7P ++ * precomp[4] = 9P ++ * ... ++ */ ++static void ++precomp_wnaf(pt_prj_t precomp[DRADIX / 2], const pt_aff_t *P) ++{ ++ int i; ++ ++ fe_copy(precomp[0].X, P->X); ++ fe_copy(precomp[0].Y, P->Y); ++ fe_copy(precomp[0].Z, const_one); ++ point_double(&precomp[DRADIX / 2 - 1], &precomp[0]); ++ ++ for (i = 1; i < DRADIX / 2; i++) ++ point_add_proj(&precomp[i], &precomp[DRADIX / 2 - 1], &precomp[i - 1]); ++} ++ ++/* fetch a scalar bit */ ++static int ++scalar_get_bit(const unsigned char in[66], int idx) ++{ ++ int widx, rshift; ++ ++ widx = idx >> 3; ++ rshift = idx & 0x7; ++ ++ if (idx < 0 || widx >= 66) ++ return 0; ++ ++ return (in[widx] >> rshift) & 0x1; ++} ++ ++/*- ++ * Compute "regular" wnaf representation of a scalar. ++ * See "Exponent Recoding and Regular Exponentiation Algorithms", ++ * Tunstall et al., AfricaCrypt 2009, Alg 6. ++ * It forces an odd scalar and outputs digits in ++ * {\pm 1, \pm 3, \pm 5, \pm 7, \pm 9, ...} ++ * i.e. signed odd digits with _no zeroes_ -- that makes it "regular". ++ */ ++static void ++scalar_rwnaf(int8_t out[106], const unsigned char in[66]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = (in[0] & (DRADIX_WNAF - 1)) | 1; ++ for (i = 0; i < 105; i++) { ++ d = (window & (DRADIX_WNAF - 1)) - DRADIX; ++ out[i] = d; ++ window = (window - d) >> RADIX; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 1) << 1; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 2) << 2; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 3) << 3; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 4) << 4; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 5) << 5; ++ } ++ out[i] = window; ++} ++ ++/*- ++ * Compute "textbook" wnaf representation of a scalar. ++ * NB: not constant time ++ */ ++static void ++scalar_wnaf(int8_t out[529], const unsigned char in[66]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = in[0] & (DRADIX_WNAF - 1); ++ for (i = 0; i < 529; i++) { ++ d = 0; ++ if ((window & 1) && ((d = window & (DRADIX_WNAF - 1)) & DRADIX)) ++ d -= DRADIX_WNAF; ++ out[i] = d; ++ window = (window - d) >> 1; ++ window += scalar_get_bit(in, i + 1 + RADIX) << RADIX; ++ } ++} ++ ++/*- ++ * Simulateous scalar multiplication: interleaved "textbook" wnaf. ++ * NB: not constant time ++ */ ++static void ++var_smul_wnaf_two(pt_aff_t *out, const unsigned char a[66], ++ const unsigned char b[66], const pt_aff_t *P) ++{ ++ int i, d, is_neg, is_inf = 1, flipped = 0; ++ int8_t anaf[529] = { 0 }; ++ int8_t bnaf[529] = { 0 }; ++ pt_prj_t Q; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_wnaf(anaf, a); ++ scalar_wnaf(bnaf, b); ++ ++ for (i = 528; i >= 0; i--) { ++ if (!is_inf) ++ point_double(&Q, &Q); ++ if ((d = bnaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp521r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &precomp[d].X); ++ fe_copy(Q.Y, &precomp[d].Y); ++ fe_copy(Q.Z, &precomp[d].Z); ++ is_inf = 0; ++ } else ++ point_add_proj(&Q, &Q, &precomp[d]); ++ } ++ if ((d = anaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp521r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &lut_cmb[0][d].X); ++ fe_copy(Q.Y, &lut_cmb[0][d].Y); ++ fe_copy(Q.Z, const_one); ++ is_inf = 0; ++ } else ++ point_add_mixed(&Q, &Q, &lut_cmb[0][d]); ++ } ++ } ++ ++ if (is_inf) { ++ /* initialize accumulator to inf: all-zero scalars */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ } ++ ++ if (flipped) { ++ /* correct sign */ ++ fiat_secp521r1_opp(Q.Y, Q.Y); ++ } ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp521r1_inv(Q.Z, Q.Z); ++ fiat_secp521r1_carry_mul(out->X, Q.X, Q.Z); ++ fiat_secp521r1_carry_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Variable point scalar multiplication with "regular" wnaf. ++ */ ++static void ++var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[66], ++ const pt_aff_t *P) ++{ ++ int i, j, d, diff, is_neg; ++ int8_t rnaf[106] = { 0 }; ++ pt_prj_t Q, lut; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_rwnaf(rnaf, scalar); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ /* initialize accumulator to high digit */ ++ d = (rnaf[105] - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp521r1_selectznz(Q.X, diff, Q.X, precomp[j].X); ++ fiat_secp521r1_selectznz(Q.Y, diff, Q.Y, precomp[j].Y); ++ fiat_secp521r1_selectznz(Q.Z, diff, Q.Z, precomp[j].Z); ++ } ++ ++ for (i = 104; i >= 0; i--) { ++ for (j = 0; j < RADIX; j++) ++ point_double(&Q, &Q); ++ d = rnaf[i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp521r1_selectznz(lut.X, diff, lut.X, precomp[j].X); ++ fiat_secp521r1_selectznz(lut.Y, diff, lut.Y, precomp[j].Y); ++ fiat_secp521r1_selectznz(lut.Z, diff, lut.Z, precomp[j].Z); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp521r1_opp(out->Y, lut.Y); ++ fiat_secp521r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_proj(&Q, &Q, &lut); ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, precomp[0].X); ++ fiat_secp521r1_opp(lut.Y, precomp[0].Y); ++ fe_copy(lut.Z, precomp[0].Z); ++ point_add_proj(&lut, &lut, &Q); ++ fiat_secp521r1_selectznz(Q.X, scalar[0] & 1, lut.X, Q.X); ++ fiat_secp521r1_selectznz(Q.Y, scalar[0] & 1, lut.Y, Q.Y); ++ fiat_secp521r1_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp521r1_inv(Q.Z, Q.Z); ++ fiat_secp521r1_carry_mul(out->X, Q.X, Q.Z); ++ fiat_secp521r1_carry_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Fixed scalar multiplication: comb with interleaving. ++ */ ++static void ++fixed_smul_cmb(pt_aff_t *out, const unsigned char scalar[66]) ++{ ++ int i, j, k, d, diff, is_neg = 0; ++ int8_t rnaf[106] = { 0 }; ++ pt_prj_t Q, R; ++ pt_aff_t lut; ++ ++ scalar_rwnaf(rnaf, scalar); ++ ++ /* initalize accumulator to inf */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ for (i = 8; i >= 0; i--) { ++ for (j = 0; i != 8 && j < RADIX; j++) ++ point_double(&Q, &Q); ++ for (j = 0; j < 13; j++) { ++ if (j * 9 + i > 105) ++ continue; ++ d = rnaf[j * 9 + i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (k = 0; k < DRADIX / 2; k++) { ++ diff = (1 - (-(d ^ k) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp521r1_selectznz(lut.X, diff, lut.X, lut_cmb[j][k].X); ++ fiat_secp521r1_selectznz(lut.Y, diff, lut.Y, lut_cmb[j][k].Y); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp521r1_opp(out->Y, lut.Y); ++ fiat_secp521r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_mixed(&Q, &Q, &lut); ++ } ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, lut_cmb[0][0].X); ++ fiat_secp521r1_opp(lut.Y, lut_cmb[0][0].Y); ++ point_add_mixed(&R, &Q, &lut); ++ fiat_secp521r1_selectznz(Q.X, scalar[0] & 1, R.X, Q.X); ++ fiat_secp521r1_selectznz(Q.Y, scalar[0] & 1, R.Y, Q.Y); ++ fiat_secp521r1_selectznz(Q.Z, scalar[0] & 1, R.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp521r1_inv(Q.Z, Q.Z); ++ fiat_secp521r1_carry_mul(out->X, Q.X, Q.Z); ++ fiat_secp521r1_carry_mul(out->Y, Q.Y, Q.Z); ++} ++ ++static void ++point_mul_two(unsigned char outx[66], unsigned char outy[66], ++ const unsigned char a[66], const unsigned char b[66], ++ const unsigned char inx[66], ++ const unsigned char iny[66]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp521r1_from_bytes(P.X, inx); ++ fiat_secp521r1_from_bytes(P.Y, iny); ++ /* simultaneous scalar multiplication */ ++ var_smul_wnaf_two(&P, a, b, &P); ++ ++ fiat_secp521r1_to_bytes(outx, P.X); ++ fiat_secp521r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul_g(unsigned char outx[66], unsigned char outy[66], ++ const unsigned char scalar[66]) ++{ ++ pt_aff_t P; ++ ++ /* fixed scmul function */ ++ fixed_smul_cmb(&P, scalar); ++ fiat_secp521r1_to_bytes(outx, P.X); ++ fiat_secp521r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul(unsigned char outx[66], unsigned char outy[66], ++ const unsigned char scalar[66], ++ const unsigned char inx[66], ++ const unsigned char iny[66]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp521r1_from_bytes(P.X, inx); ++ fiat_secp521r1_from_bytes(P.Y, iny); ++ /* var scmul function */ ++ var_smul_rwnaf(&P, scalar, &P); ++ fiat_secp521r1_to_bytes(outx, P.X); ++ fiat_secp521r1_to_bytes(outy, P.Y); ++} ++ ++#undef RADIX ++#include "ecp.h" ++#include "mplogic.h" ++ ++/*- ++ * reverse bytes -- total hack ++ */ ++#define MP_BE2LE(a) \ ++ do { \ ++ unsigned char z_bswap; \ ++ z_bswap = a[0]; \ ++ a[0] = a[65]; \ ++ a[65] = z_bswap; \ ++ z_bswap = a[1]; \ ++ a[1] = a[64]; \ ++ a[64] = z_bswap; \ ++ z_bswap = a[2]; \ ++ a[2] = a[63]; \ ++ a[63] = z_bswap; \ ++ z_bswap = a[3]; \ ++ a[3] = a[62]; \ ++ a[62] = z_bswap; \ ++ z_bswap = a[4]; \ ++ a[4] = a[61]; \ ++ a[61] = z_bswap; \ ++ z_bswap = a[5]; \ ++ a[5] = a[60]; \ ++ a[60] = z_bswap; \ ++ z_bswap = a[6]; \ ++ a[6] = a[59]; \ ++ a[59] = z_bswap; \ ++ z_bswap = a[7]; \ ++ a[7] = a[58]; \ ++ a[58] = z_bswap; \ ++ z_bswap = a[8]; \ ++ a[8] = a[57]; \ ++ a[57] = z_bswap; \ ++ z_bswap = a[9]; \ ++ a[9] = a[56]; \ ++ a[56] = z_bswap; \ ++ z_bswap = a[10]; \ ++ a[10] = a[55]; \ ++ a[55] = z_bswap; \ ++ z_bswap = a[11]; \ ++ a[11] = a[54]; \ ++ a[54] = z_bswap; \ ++ z_bswap = a[12]; \ ++ a[12] = a[53]; \ ++ a[53] = z_bswap; \ ++ z_bswap = a[13]; \ ++ a[13] = a[52]; \ ++ a[52] = z_bswap; \ ++ z_bswap = a[14]; \ ++ a[14] = a[51]; \ ++ a[51] = z_bswap; \ ++ z_bswap = a[15]; \ ++ a[15] = a[50]; \ ++ a[50] = z_bswap; \ ++ z_bswap = a[16]; \ ++ a[16] = a[49]; \ ++ a[49] = z_bswap; \ ++ z_bswap = a[17]; \ ++ a[17] = a[48]; \ ++ a[48] = z_bswap; \ ++ z_bswap = a[18]; \ ++ a[18] = a[47]; \ ++ a[47] = z_bswap; \ ++ z_bswap = a[19]; \ ++ a[19] = a[46]; \ ++ a[46] = z_bswap; \ ++ z_bswap = a[20]; \ ++ a[20] = a[45]; \ ++ a[45] = z_bswap; \ ++ z_bswap = a[21]; \ ++ a[21] = a[44]; \ ++ a[44] = z_bswap; \ ++ z_bswap = a[22]; \ ++ a[22] = a[43]; \ ++ a[43] = z_bswap; \ ++ z_bswap = a[23]; \ ++ a[23] = a[42]; \ ++ a[42] = z_bswap; \ ++ z_bswap = a[24]; \ ++ a[24] = a[41]; \ ++ a[41] = z_bswap; \ ++ z_bswap = a[25]; \ ++ a[25] = a[40]; \ ++ a[40] = z_bswap; \ ++ z_bswap = a[26]; \ ++ a[26] = a[39]; \ ++ a[39] = z_bswap; \ ++ z_bswap = a[27]; \ ++ a[27] = a[38]; \ ++ a[38] = z_bswap; \ ++ z_bswap = a[28]; \ ++ a[28] = a[37]; \ ++ a[37] = z_bswap; \ ++ z_bswap = a[29]; \ ++ a[29] = a[36]; \ ++ a[36] = z_bswap; \ ++ z_bswap = a[30]; \ ++ a[30] = a[35]; \ ++ a[35] = z_bswap; \ ++ z_bswap = a[31]; \ ++ a[31] = a[34]; \ ++ a[34] = z_bswap; \ ++ z_bswap = a[32]; \ ++ a[32] = a[33]; \ ++ a[33] = z_bswap; \ ++ } while (0) ++ ++static mp_err ++point_mul_g_secp521r1(const mp_int *n, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[66]; ++ unsigned char b_y[66]; ++ unsigned char b_n[66]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && out_x != NULL && out_y != NULL, MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 521 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 66)); ++ MP_BE2LE(b_n); ++ point_mul_g(b_x, b_y, b_n); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 66)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 66)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_secp521r1(const mp_int *n, const mp_int *in_x, ++ const mp_int *in_y, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[66]; ++ unsigned char b_y[66]; ++ unsigned char b_n[66]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && in_x != NULL && in_y != NULL && out_x != NULL && ++ out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 521 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 66)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n); ++ point_mul(b_x, b_y, b_n, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 66)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 66)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_two_secp521r1(const mp_int *n1, const mp_int *n2, ++ const mp_int *in_x, const mp_int *in_y, ++ mp_int *out_x, mp_int *out_y, ++ const ECGroup *group) ++{ ++ unsigned char b_x[66]; ++ unsigned char b_y[66]; ++ unsigned char b_n1[66]; ++ unsigned char b_n2[66]; ++ mp_err res; ++ ++ /* If n2 == NULL, this is just a base-point multiplication. */ ++ if (n2 == NULL) ++ return point_mul_g_secp521r1(n1, out_x, out_y, group); ++ ++ /* If n1 == NULL, this is just an arbitary-point multiplication. */ ++ if (n1 == NULL) ++ return point_mul_secp521r1(n2, in_x, in_y, out_x, out_y, group); ++ ++ ARGCHK(in_x != NULL && in_y != NULL && out_x != NULL && out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n1) > 521 || mp_cmp_z(n1) != 1 || ++ mpl_significant_bits(n2) > 521 || mp_cmp_z(n2) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n1, b_n1, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(n2, b_n2, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 66)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n1); ++ MP_BE2LE(b_n2); ++ point_mul_two(b_x, b_y, b_n1, b_n2, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 66)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 66)); ++ ++CLEANUP: ++ return res; ++} ++ ++mp_err ++ec_group_set_secp521r1(ECGroup *group, ECCurveName name) ++{ ++ if (name == ECCurve_NIST_P521) { ++ group->base_point_mul = &point_mul_g_secp521r1; ++ group->point_mul = &point_mul_secp521r1; ++ group->points_mul = &point_mul_two_secp521r1; ++ } ++ return MP_OKAY; ++} ++ ++#else /* __SIZEOF_INT128__ */ ++ ++#include ++#include ++#define LIMB_BITS 32 ++#define LIMB_CNT 19 ++/* Field elements */ ++typedef uint32_t fe_t[LIMB_CNT]; ++typedef uint32_t limb_t; ++ ++#define fe_copy(d, s) memcpy(d, s, sizeof(fe_t)) ++#define fe_set_zero(d) memset(d, 0, sizeof(fe_t)) ++ ++#define fiat_secp521r1_carry_add(c, a, b) \ ++ fiat_secp521r1_add(c, a, b); \ ++ fiat_secp521r1_carry(c, c) ++#define fiat_secp521r1_carry_sub(c, a, b) \ ++ fiat_secp521r1_sub(c, a, b); \ ++ fiat_secp521r1_carry(c, c) ++ ++/* Projective points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++ fe_t Z; ++} pt_prj_t; ++ ++/* Affine points */ ++typedef struct { ++ fe_t X; ++ fe_t Y; ++} pt_aff_t; ++ ++/* BEGIN verbatim fiat code https://github.com/mit-plv/fiat-crypto */ ++/*- ++ * MIT License ++ * ++ * Copyright (c) 2020 the fiat-crypto authors (see the AUTHORS file) ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++ ++/* Autogenerated: unsaturated_solinas --static secp521r1 32 '(auto)' '2^521 - 1' */ ++/* curve description: secp521r1 */ ++/* machine_wordsize = 32 (from "32") */ ++/* requested operations: (all) */ ++/* n = 19 (from "(auto)") */ ++/* s-c = 2^521 - [(1, 1)] (from "2^521 - 1") */ ++/* tight_bounds_multiplier = 1.1 (from "") */ ++/* */ ++/* Computed values: */ ++/* carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 0, 1] */ ++/* eval z = z[0] + (z[1] << 28) + (z[2] << 55) + (z[3] << 83) + (z[4] << 110) + (z[5] << 138) + (z[6] << 165) + (z[7] << 192) + (z[8] << 220) + (z[9] << 247) + (z[10] << 0x113) + (z[11] << 0x12e) + (z[12] << 0x14a) + (z[13] << 0x165) + (z[14] << 0x180) + (z[15] << 0x19c) + (z[16] << 0x1b7) + (z[17] << 0x1d3) + (z[18] << 0x1ee) */ ++/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) + (z[56] << 0x1c0) + (z[57] << 0x1c8) + (z[58] << 0x1d0) + (z[59] << 0x1d8) + (z[60] << 0x1e0) + (z[61] << 0x1e8) + (z[62] << 0x1f0) + (z[63] << 0x1f8) + (z[64] << 2^9) + (z[65] << 0x208) */ ++ ++#include ++typedef unsigned char fiat_secp521r1_uint1; ++typedef signed char fiat_secp521r1_int1; ++ ++#if (-1 & 3) != 3 ++#error "This code only works on a two's complement system" ++#endif ++ ++/* ++ * The function fiat_secp521r1_addcarryx_u28 is an addition with carry. ++ * Postconditions: ++ * out1 = (arg1 + arg2 + arg3) mod 2^28 ++ * out2 = ⌊(arg1 + arg2 + arg3) / 2^28⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xfffffff] ++ * arg3: [0x0 ~> 0xfffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xfffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_addcarryx_u28(uint32_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint32_t arg2, uint32_t arg3) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ fiat_secp521r1_uint1 x3; ++ x1 = ((arg1 + arg2) + arg3); ++ x2 = (x1 & UINT32_C(0xfffffff)); ++ x3 = (fiat_secp521r1_uint1)(x1 >> 28); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp521r1_subborrowx_u28 is a subtraction with borrow. ++ * Postconditions: ++ * out1 = (-arg1 + arg2 + -arg3) mod 2^28 ++ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^28⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xfffffff] ++ * arg3: [0x0 ~> 0xfffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xfffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_subborrowx_u28(uint32_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint32_t arg2, uint32_t arg3) ++{ ++ int32_t x1; ++ fiat_secp521r1_int1 x2; ++ uint32_t x3; ++ x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); ++ x2 = (fiat_secp521r1_int1)(x1 >> 28); ++ x3 = (x1 & UINT32_C(0xfffffff)); ++ *out1 = x3; ++ *out2 = (fiat_secp521r1_uint1)(0x0 - x2); ++} ++ ++/* ++ * The function fiat_secp521r1_addcarryx_u27 is an addition with carry. ++ * Postconditions: ++ * out1 = (arg1 + arg2 + arg3) mod 2^27 ++ * out2 = ⌊(arg1 + arg2 + arg3) / 2^27⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0x7ffffff] ++ * arg3: [0x0 ~> 0x7ffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0x7ffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_addcarryx_u27(uint32_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint32_t arg2, uint32_t arg3) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ fiat_secp521r1_uint1 x3; ++ x1 = ((arg1 + arg2) + arg3); ++ x2 = (x1 & UINT32_C(0x7ffffff)); ++ x3 = (fiat_secp521r1_uint1)(x1 >> 27); ++ *out1 = x2; ++ *out2 = x3; ++} ++ ++/* ++ * The function fiat_secp521r1_subborrowx_u27 is a subtraction with borrow. ++ * Postconditions: ++ * out1 = (-arg1 + arg2 + -arg3) mod 2^27 ++ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^27⌋ ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0x7ffffff] ++ * arg3: [0x0 ~> 0x7ffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0x7ffffff] ++ * out2: [0x0 ~> 0x1] ++ */ ++static void ++fiat_secp521r1_subborrowx_u27(uint32_t *out1, ++ fiat_secp521r1_uint1 *out2, ++ fiat_secp521r1_uint1 arg1, ++ uint32_t arg2, uint32_t arg3) ++{ ++ int32_t x1; ++ fiat_secp521r1_int1 x2; ++ uint32_t x3; ++ x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); ++ x2 = (fiat_secp521r1_int1)(x1 >> 27); ++ x3 = (x1 & UINT32_C(0x7ffffff)); ++ *out1 = x3; ++ *out2 = (fiat_secp521r1_uint1)(0x0 - x2); ++} ++ ++/* ++ * The function fiat_secp521r1_cmovznz_u32 is a single-word conditional move. ++ * Postconditions: ++ * out1 = (if arg1 = 0 then arg2 else arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [0x0 ~> 0xffffffff] ++ * arg3: [0x0 ~> 0xffffffff] ++ * Output Bounds: ++ * out1: [0x0 ~> 0xffffffff] ++ */ ++static void ++fiat_secp521r1_cmovznz_u32(uint32_t *out1, ++ fiat_secp521r1_uint1 arg1, uint32_t arg2, ++ uint32_t arg3) ++{ ++ fiat_secp521r1_uint1 x1; ++ uint32_t x2; ++ uint32_t x3; ++ x1 = (!(!arg1)); ++ x2 = ((fiat_secp521r1_int1)(0x0 - x1) & UINT32_C(0xffffffff)); ++ x3 = ((x2 & arg3) | ((~x2) & arg2)); ++ *out1 = x3; ++} ++ ++/* ++ * The function fiat_secp521r1_carry_mul multiplies two field elements and reduces the result. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 * eval arg2) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ * arg2: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ */ ++static void ++fiat_secp521r1_carry_mul(uint32_t out1[19], const uint32_t arg1[19], ++ const uint32_t arg2[19]) ++{ ++ uint64_t x1; ++ uint64_t x2; ++ uint64_t x3; ++ uint64_t x4; ++ uint64_t x5; ++ uint64_t x6; ++ uint64_t x7; ++ uint64_t x8; ++ uint64_t x9; ++ uint64_t x10; ++ uint64_t x11; ++ uint64_t x12; ++ uint64_t x13; ++ uint64_t x14; ++ uint64_t x15; ++ uint64_t x16; ++ uint64_t x17; ++ uint64_t x18; ++ uint64_t x19; ++ uint64_t x20; ++ uint64_t x21; ++ uint64_t x22; ++ uint64_t x23; ++ uint64_t x24; ++ uint64_t x25; ++ uint64_t x26; ++ uint64_t x27; ++ uint64_t x28; ++ uint64_t x29; ++ uint64_t x30; ++ uint64_t x31; ++ uint64_t x32; ++ uint64_t x33; ++ uint64_t x34; ++ uint64_t x35; ++ uint64_t x36; ++ uint64_t x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint64_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ uint64_t x45; ++ uint64_t x46; ++ uint64_t x47; ++ uint64_t x48; ++ uint64_t x49; ++ uint64_t x50; ++ uint64_t x51; ++ uint64_t x52; ++ uint64_t x53; ++ uint64_t x54; ++ uint64_t x55; ++ uint64_t x56; ++ uint64_t x57; ++ uint64_t x58; ++ uint64_t x59; ++ uint64_t x60; ++ uint64_t x61; ++ uint64_t x62; ++ uint64_t x63; ++ uint64_t x64; ++ uint64_t x65; ++ uint64_t x66; ++ uint64_t x67; ++ uint64_t x68; ++ uint64_t x69; ++ uint64_t x70; ++ uint64_t x71; ++ uint64_t x72; ++ uint64_t x73; ++ uint64_t x74; ++ uint64_t x75; ++ uint64_t x76; ++ uint64_t x77; ++ uint64_t x78; ++ uint64_t x79; ++ uint64_t x80; ++ uint64_t x81; ++ uint64_t x82; ++ uint64_t x83; ++ uint64_t x84; ++ uint64_t x85; ++ uint64_t x86; ++ uint64_t x87; ++ uint64_t x88; ++ uint64_t x89; ++ uint64_t x90; ++ uint64_t x91; ++ uint64_t x92; ++ uint64_t x93; ++ uint64_t x94; ++ uint64_t x95; ++ uint64_t x96; ++ uint64_t x97; ++ uint64_t x98; ++ uint64_t x99; ++ uint64_t x100; ++ uint64_t x101; ++ uint64_t x102; ++ uint64_t x103; ++ uint64_t x104; ++ uint64_t x105; ++ uint64_t x106; ++ uint64_t x107; ++ uint64_t x108; ++ uint64_t x109; ++ uint64_t x110; ++ uint64_t x111; ++ uint64_t x112; ++ uint64_t x113; ++ uint64_t x114; ++ uint64_t x115; ++ uint64_t x116; ++ uint64_t x117; ++ uint64_t x118; ++ uint64_t x119; ++ uint64_t x120; ++ uint64_t x121; ++ uint64_t x122; ++ uint64_t x123; ++ uint64_t x124; ++ uint64_t x125; ++ uint64_t x126; ++ uint64_t x127; ++ uint64_t x128; ++ uint64_t x129; ++ uint64_t x130; ++ uint64_t x131; ++ uint64_t x132; ++ uint64_t x133; ++ uint64_t x134; ++ uint64_t x135; ++ uint64_t x136; ++ uint64_t x137; ++ uint64_t x138; ++ uint64_t x139; ++ uint64_t x140; ++ uint64_t x141; ++ uint64_t x142; ++ uint64_t x143; ++ uint64_t x144; ++ uint64_t x145; ++ uint64_t x146; ++ uint64_t x147; ++ uint64_t x148; ++ uint64_t x149; ++ uint64_t x150; ++ uint64_t x151; ++ uint64_t x152; ++ uint64_t x153; ++ uint64_t x154; ++ uint64_t x155; ++ uint64_t x156; ++ uint64_t x157; ++ uint64_t x158; ++ uint64_t x159; ++ uint64_t x160; ++ uint64_t x161; ++ uint64_t x162; ++ uint64_t x163; ++ uint64_t x164; ++ uint64_t x165; ++ uint64_t x166; ++ uint64_t x167; ++ uint64_t x168; ++ uint64_t x169; ++ uint64_t x170; ++ uint64_t x171; ++ uint64_t x172; ++ uint64_t x173; ++ uint64_t x174; ++ uint64_t x175; ++ uint64_t x176; ++ uint64_t x177; ++ uint64_t x178; ++ uint64_t x179; ++ uint64_t x180; ++ uint64_t x181; ++ uint64_t x182; ++ uint64_t x183; ++ uint64_t x184; ++ uint64_t x185; ++ uint64_t x186; ++ uint64_t x187; ++ uint64_t x188; ++ uint64_t x189; ++ uint64_t x190; ++ uint64_t x191; ++ uint64_t x192; ++ uint64_t x193; ++ uint64_t x194; ++ uint64_t x195; ++ uint64_t x196; ++ uint64_t x197; ++ uint64_t x198; ++ uint64_t x199; ++ uint64_t x200; ++ uint64_t x201; ++ uint64_t x202; ++ uint64_t x203; ++ uint64_t x204; ++ uint64_t x205; ++ uint64_t x206; ++ uint64_t x207; ++ uint64_t x208; ++ uint64_t x209; ++ uint64_t x210; ++ uint64_t x211; ++ uint64_t x212; ++ uint64_t x213; ++ uint64_t x214; ++ uint64_t x215; ++ uint64_t x216; ++ uint64_t x217; ++ uint64_t x218; ++ uint64_t x219; ++ uint64_t x220; ++ uint64_t x221; ++ uint64_t x222; ++ uint64_t x223; ++ uint64_t x224; ++ uint64_t x225; ++ uint64_t x226; ++ uint64_t x227; ++ uint64_t x228; ++ uint64_t x229; ++ uint64_t x230; ++ uint64_t x231; ++ uint64_t x232; ++ uint64_t x233; ++ uint64_t x234; ++ uint64_t x235; ++ uint64_t x236; ++ uint64_t x237; ++ uint64_t x238; ++ uint64_t x239; ++ uint64_t x240; ++ uint64_t x241; ++ uint64_t x242; ++ uint64_t x243; ++ uint64_t x244; ++ uint64_t x245; ++ uint64_t x246; ++ uint64_t x247; ++ uint64_t x248; ++ uint64_t x249; ++ uint64_t x250; ++ uint64_t x251; ++ uint64_t x252; ++ uint64_t x253; ++ uint64_t x254; ++ uint64_t x255; ++ uint64_t x256; ++ uint64_t x257; ++ uint64_t x258; ++ uint64_t x259; ++ uint64_t x260; ++ uint64_t x261; ++ uint64_t x262; ++ uint64_t x263; ++ uint64_t x264; ++ uint64_t x265; ++ uint64_t x266; ++ uint64_t x267; ++ uint64_t x268; ++ uint64_t x269; ++ uint64_t x270; ++ uint64_t x271; ++ uint64_t x272; ++ uint64_t x273; ++ uint64_t x274; ++ uint64_t x275; ++ uint64_t x276; ++ uint64_t x277; ++ uint64_t x278; ++ uint64_t x279; ++ uint64_t x280; ++ uint64_t x281; ++ uint64_t x282; ++ uint64_t x283; ++ uint64_t x284; ++ uint64_t x285; ++ uint64_t x286; ++ uint64_t x287; ++ uint64_t x288; ++ uint64_t x289; ++ uint64_t x290; ++ uint64_t x291; ++ uint64_t x292; ++ uint64_t x293; ++ uint64_t x294; ++ uint64_t x295; ++ uint64_t x296; ++ uint64_t x297; ++ uint64_t x298; ++ uint64_t x299; ++ uint64_t x300; ++ uint64_t x301; ++ uint64_t x302; ++ uint64_t x303; ++ uint64_t x304; ++ uint64_t x305; ++ uint64_t x306; ++ uint64_t x307; ++ uint64_t x308; ++ uint64_t x309; ++ uint64_t x310; ++ uint64_t x311; ++ uint64_t x312; ++ uint64_t x313; ++ uint64_t x314; ++ uint64_t x315; ++ uint64_t x316; ++ uint64_t x317; ++ uint64_t x318; ++ uint64_t x319; ++ uint64_t x320; ++ uint64_t x321; ++ uint64_t x322; ++ uint64_t x323; ++ uint64_t x324; ++ uint64_t x325; ++ uint64_t x326; ++ uint64_t x327; ++ uint64_t x328; ++ uint64_t x329; ++ uint64_t x330; ++ uint64_t x331; ++ uint64_t x332; ++ uint64_t x333; ++ uint64_t x334; ++ uint64_t x335; ++ uint64_t x336; ++ uint64_t x337; ++ uint64_t x338; ++ uint64_t x339; ++ uint64_t x340; ++ uint64_t x341; ++ uint64_t x342; ++ uint64_t x343; ++ uint64_t x344; ++ uint64_t x345; ++ uint64_t x346; ++ uint64_t x347; ++ uint64_t x348; ++ uint64_t x349; ++ uint64_t x350; ++ uint64_t x351; ++ uint64_t x352; ++ uint64_t x353; ++ uint64_t x354; ++ uint64_t x355; ++ uint64_t x356; ++ uint64_t x357; ++ uint64_t x358; ++ uint64_t x359; ++ uint64_t x360; ++ uint64_t x361; ++ uint64_t x362; ++ uint64_t x363; ++ uint32_t x364; ++ uint64_t x365; ++ uint64_t x366; ++ uint64_t x367; ++ uint64_t x368; ++ uint64_t x369; ++ uint64_t x370; ++ uint64_t x371; ++ uint64_t x372; ++ uint64_t x373; ++ uint64_t x374; ++ uint64_t x375; ++ uint64_t x376; ++ uint64_t x377; ++ uint64_t x378; ++ uint64_t x379; ++ uint64_t x380; ++ uint64_t x381; ++ uint64_t x382; ++ uint64_t x383; ++ uint64_t x384; ++ uint32_t x385; ++ uint64_t x386; ++ uint64_t x387; ++ uint32_t x388; ++ uint64_t x389; ++ uint64_t x390; ++ uint32_t x391; ++ uint64_t x392; ++ uint64_t x393; ++ uint32_t x394; ++ uint64_t x395; ++ uint64_t x396; ++ uint32_t x397; ++ uint64_t x398; ++ uint64_t x399; ++ uint32_t x400; ++ uint64_t x401; ++ uint64_t x402; ++ uint32_t x403; ++ uint64_t x404; ++ uint64_t x405; ++ uint32_t x406; ++ uint64_t x407; ++ uint64_t x408; ++ uint32_t x409; ++ uint64_t x410; ++ uint64_t x411; ++ uint32_t x412; ++ uint64_t x413; ++ uint64_t x414; ++ uint32_t x415; ++ uint64_t x416; ++ uint64_t x417; ++ uint32_t x418; ++ uint64_t x419; ++ uint64_t x420; ++ uint32_t x421; ++ uint64_t x422; ++ uint64_t x423; ++ uint32_t x424; ++ uint64_t x425; ++ uint64_t x426; ++ uint32_t x427; ++ uint64_t x428; ++ uint64_t x429; ++ uint32_t x430; ++ uint64_t x431; ++ uint64_t x432; ++ uint32_t x433; ++ uint64_t x434; ++ uint64_t x435; ++ uint32_t x436; ++ uint64_t x437; ++ uint32_t x438; ++ uint32_t x439; ++ uint32_t x440; ++ fiat_secp521r1_uint1 x441; ++ uint32_t x442; ++ uint32_t x443; ++ x1 = ((uint64_t)(arg1[18]) * (arg2[18])); ++ x2 = ((uint64_t)(arg1[18]) * ((arg2[17]) * 0x2)); ++ x3 = ((uint64_t)(arg1[18]) * (arg2[16])); ++ x4 = ((uint64_t)(arg1[18]) * ((arg2[15]) * 0x2)); ++ x5 = ((uint64_t)(arg1[18]) * (arg2[14])); ++ x6 = ((uint64_t)(arg1[18]) * (arg2[13])); ++ x7 = ((uint64_t)(arg1[18]) * ((arg2[12]) * 0x2)); ++ x8 = ((uint64_t)(arg1[18]) * (arg2[11])); ++ x9 = ((uint64_t)(arg1[18]) * ((arg2[10]) * 0x2)); ++ x10 = ((uint64_t)(arg1[18]) * (arg2[9])); ++ x11 = ((uint64_t)(arg1[18]) * ((arg2[8]) * 0x2)); ++ x12 = ((uint64_t)(arg1[18]) * (arg2[7])); ++ x13 = ((uint64_t)(arg1[18]) * (arg2[6])); ++ x14 = ((uint64_t)(arg1[18]) * ((arg2[5]) * 0x2)); ++ x15 = ((uint64_t)(arg1[18]) * (arg2[4])); ++ x16 = ((uint64_t)(arg1[18]) * ((arg2[3]) * 0x2)); ++ x17 = ((uint64_t)(arg1[18]) * (arg2[2])); ++ x18 = ((uint64_t)(arg1[18]) * ((arg2[1]) * 0x2)); ++ x19 = ((uint64_t)(arg1[17]) * ((arg2[18]) * 0x2)); ++ x20 = ((uint64_t)(arg1[17]) * ((arg2[17]) * 0x2)); ++ x21 = ((uint64_t)(arg1[17]) * ((arg2[16]) * 0x2)); ++ x22 = ((uint64_t)(arg1[17]) * ((arg2[15]) * 0x2)); ++ x23 = ((uint64_t)(arg1[17]) * (arg2[14])); ++ x24 = ((uint64_t)(arg1[17]) * ((arg2[13]) * 0x2)); ++ x25 = ((uint64_t)(arg1[17]) * ((arg2[12]) * 0x2)); ++ x26 = ((uint64_t)(arg1[17]) * ((arg2[11]) * 0x2)); ++ x27 = ((uint64_t)(arg1[17]) * ((arg2[10]) * 0x2)); ++ x28 = ((uint64_t)(arg1[17]) * ((arg2[9]) * 0x2)); ++ x29 = ((uint64_t)(arg1[17]) * ((arg2[8]) * 0x2)); ++ x30 = ((uint64_t)(arg1[17]) * (arg2[7])); ++ x31 = ((uint64_t)(arg1[17]) * ((arg2[6]) * 0x2)); ++ x32 = ((uint64_t)(arg1[17]) * ((arg2[5]) * 0x2)); ++ x33 = ((uint64_t)(arg1[17]) * ((arg2[4]) * 0x2)); ++ x34 = ((uint64_t)(arg1[17]) * ((arg2[3]) * 0x2)); ++ x35 = ((uint64_t)(arg1[17]) * ((arg2[2]) * 0x2)); ++ x36 = ((uint64_t)(arg1[16]) * (arg2[18])); ++ x37 = ((uint64_t)(arg1[16]) * ((arg2[17]) * 0x2)); ++ x38 = ((uint64_t)(arg1[16]) * (arg2[16])); ++ x39 = ((uint64_t)(arg1[16]) * (arg2[15])); ++ x40 = ((uint64_t)(arg1[16]) * (arg2[14])); ++ x41 = ((uint64_t)(arg1[16]) * (arg2[13])); ++ x42 = ((uint64_t)(arg1[16]) * ((arg2[12]) * 0x2)); ++ x43 = ((uint64_t)(arg1[16]) * (arg2[11])); ++ x44 = ((uint64_t)(arg1[16]) * ((arg2[10]) * 0x2)); ++ x45 = ((uint64_t)(arg1[16]) * (arg2[9])); ++ x46 = ((uint64_t)(arg1[16]) * (arg2[8])); ++ x47 = ((uint64_t)(arg1[16]) * (arg2[7])); ++ x48 = ((uint64_t)(arg1[16]) * (arg2[6])); ++ x49 = ((uint64_t)(arg1[16]) * ((arg2[5]) * 0x2)); ++ x50 = ((uint64_t)(arg1[16]) * (arg2[4])); ++ x51 = ((uint64_t)(arg1[16]) * ((arg2[3]) * 0x2)); ++ x52 = ((uint64_t)(arg1[15]) * ((arg2[18]) * 0x2)); ++ x53 = ((uint64_t)(arg1[15]) * ((arg2[17]) * 0x2)); ++ x54 = ((uint64_t)(arg1[15]) * (arg2[16])); ++ x55 = ((uint64_t)(arg1[15]) * ((arg2[15]) * 0x2)); ++ x56 = ((uint64_t)(arg1[15]) * (arg2[14])); ++ x57 = ((uint64_t)(arg1[15]) * ((arg2[13]) * 0x2)); ++ x58 = ((uint64_t)(arg1[15]) * ((arg2[12]) * 0x2)); ++ x59 = ((uint64_t)(arg1[15]) * ((arg2[11]) * 0x2)); ++ x60 = ((uint64_t)(arg1[15]) * ((arg2[10]) * 0x2)); ++ x61 = ((uint64_t)(arg1[15]) * (arg2[9])); ++ x62 = ((uint64_t)(arg1[15]) * ((arg2[8]) * 0x2)); ++ x63 = ((uint64_t)(arg1[15]) * (arg2[7])); ++ x64 = ((uint64_t)(arg1[15]) * ((arg2[6]) * 0x2)); ++ x65 = ((uint64_t)(arg1[15]) * ((arg2[5]) * 0x2)); ++ x66 = ((uint64_t)(arg1[15]) * ((arg2[4]) * 0x2)); ++ x67 = ((uint64_t)(arg1[14]) * (arg2[18])); ++ x68 = ((uint64_t)(arg1[14]) * (arg2[17])); ++ x69 = ((uint64_t)(arg1[14]) * (arg2[16])); ++ x70 = ((uint64_t)(arg1[14]) * (arg2[15])); ++ x71 = ((uint64_t)(arg1[14]) * (arg2[14])); ++ x72 = ((uint64_t)(arg1[14]) * (arg2[13])); ++ x73 = ((uint64_t)(arg1[14]) * ((arg2[12]) * 0x2)); ++ x74 = ((uint64_t)(arg1[14]) * (arg2[11])); ++ x75 = ((uint64_t)(arg1[14]) * (arg2[10])); ++ x76 = ((uint64_t)(arg1[14]) * (arg2[9])); ++ x77 = ((uint64_t)(arg1[14]) * (arg2[8])); ++ x78 = ((uint64_t)(arg1[14]) * (arg2[7])); ++ x79 = ((uint64_t)(arg1[14]) * (arg2[6])); ++ x80 = ((uint64_t)(arg1[14]) * ((arg2[5]) * 0x2)); ++ x81 = ((uint64_t)(arg1[13]) * (arg2[18])); ++ x82 = ((uint64_t)(arg1[13]) * ((arg2[17]) * 0x2)); ++ x83 = ((uint64_t)(arg1[13]) * (arg2[16])); ++ x84 = ((uint64_t)(arg1[13]) * ((arg2[15]) * 0x2)); ++ x85 = ((uint64_t)(arg1[13]) * (arg2[14])); ++ x86 = ((uint64_t)(arg1[13]) * ((arg2[13]) * 0x2)); ++ x87 = ((uint64_t)(arg1[13]) * ((arg2[12]) * 0x2)); ++ x88 = ((uint64_t)(arg1[13]) * (arg2[11])); ++ x89 = ((uint64_t)(arg1[13]) * ((arg2[10]) * 0x2)); ++ x90 = ((uint64_t)(arg1[13]) * (arg2[9])); ++ x91 = ((uint64_t)(arg1[13]) * ((arg2[8]) * 0x2)); ++ x92 = ((uint64_t)(arg1[13]) * (arg2[7])); ++ x93 = ((uint64_t)(arg1[13]) * ((arg2[6]) * 0x2)); ++ x94 = ((uint64_t)(arg1[12]) * ((arg2[18]) * 0x2)); ++ x95 = ((uint64_t)(arg1[12]) * ((arg2[17]) * 0x2)); ++ x96 = ((uint64_t)(arg1[12]) * ((arg2[16]) * 0x2)); ++ x97 = ((uint64_t)(arg1[12]) * ((arg2[15]) * 0x2)); ++ x98 = ((uint64_t)(arg1[12]) * ((arg2[14]) * 0x2)); ++ x99 = ((uint64_t)(arg1[12]) * ((arg2[13]) * 0x2)); ++ x100 = ((uint64_t)(arg1[12]) * ((arg2[12]) * 0x2)); ++ x101 = ((uint64_t)(arg1[12]) * ((arg2[11]) * 0x2)); ++ x102 = ((uint64_t)(arg1[12]) * ((arg2[10]) * 0x2)); ++ x103 = ((uint64_t)(arg1[12]) * ((arg2[9]) * 0x2)); ++ x104 = ((uint64_t)(arg1[12]) * ((arg2[8]) * 0x2)); ++ x105 = ((uint64_t)(arg1[12]) * ((arg2[7]) * 0x2)); ++ x106 = ((uint64_t)(arg1[11]) * (arg2[18])); ++ x107 = ((uint64_t)(arg1[11]) * ((arg2[17]) * 0x2)); ++ x108 = ((uint64_t)(arg1[11]) * (arg2[16])); ++ x109 = ((uint64_t)(arg1[11]) * ((arg2[15]) * 0x2)); ++ x110 = ((uint64_t)(arg1[11]) * (arg2[14])); ++ x111 = ((uint64_t)(arg1[11]) * (arg2[13])); ++ x112 = ((uint64_t)(arg1[11]) * ((arg2[12]) * 0x2)); ++ x113 = ((uint64_t)(arg1[11]) * (arg2[11])); ++ x114 = ((uint64_t)(arg1[11]) * ((arg2[10]) * 0x2)); ++ x115 = ((uint64_t)(arg1[11]) * (arg2[9])); ++ x116 = ((uint64_t)(arg1[11]) * ((arg2[8]) * 0x2)); ++ x117 = ((uint64_t)(arg1[10]) * ((arg2[18]) * 0x2)); ++ x118 = ((uint64_t)(arg1[10]) * ((arg2[17]) * 0x2)); ++ x119 = ((uint64_t)(arg1[10]) * ((arg2[16]) * 0x2)); ++ x120 = ((uint64_t)(arg1[10]) * ((arg2[15]) * 0x2)); ++ x121 = ((uint64_t)(arg1[10]) * (arg2[14])); ++ x122 = ((uint64_t)(arg1[10]) * ((arg2[13]) * 0x2)); ++ x123 = ((uint64_t)(arg1[10]) * ((arg2[12]) * 0x2)); ++ x124 = ((uint64_t)(arg1[10]) * ((arg2[11]) * 0x2)); ++ x125 = ((uint64_t)(arg1[10]) * ((arg2[10]) * 0x2)); ++ x126 = ((uint64_t)(arg1[10]) * ((arg2[9]) * 0x2)); ++ x127 = ((uint64_t)(arg1[9]) * (arg2[18])); ++ x128 = ((uint64_t)(arg1[9]) * ((arg2[17]) * 0x2)); ++ x129 = ((uint64_t)(arg1[9]) * (arg2[16])); ++ x130 = ((uint64_t)(arg1[9]) * (arg2[15])); ++ x131 = ((uint64_t)(arg1[9]) * (arg2[14])); ++ x132 = ((uint64_t)(arg1[9]) * (arg2[13])); ++ x133 = ((uint64_t)(arg1[9]) * ((arg2[12]) * 0x2)); ++ x134 = ((uint64_t)(arg1[9]) * (arg2[11])); ++ x135 = ((uint64_t)(arg1[9]) * ((arg2[10]) * 0x2)); ++ x136 = ((uint64_t)(arg1[8]) * ((arg2[18]) * 0x2)); ++ x137 = ((uint64_t)(arg1[8]) * ((arg2[17]) * 0x2)); ++ x138 = ((uint64_t)(arg1[8]) * (arg2[16])); ++ x139 = ((uint64_t)(arg1[8]) * ((arg2[15]) * 0x2)); ++ x140 = ((uint64_t)(arg1[8]) * (arg2[14])); ++ x141 = ((uint64_t)(arg1[8]) * ((arg2[13]) * 0x2)); ++ x142 = ((uint64_t)(arg1[8]) * ((arg2[12]) * 0x2)); ++ x143 = ((uint64_t)(arg1[8]) * ((arg2[11]) * 0x2)); ++ x144 = ((uint64_t)(arg1[7]) * (arg2[18])); ++ x145 = ((uint64_t)(arg1[7]) * (arg2[17])); ++ x146 = ((uint64_t)(arg1[7]) * (arg2[16])); ++ x147 = ((uint64_t)(arg1[7]) * (arg2[15])); ++ x148 = ((uint64_t)(arg1[7]) * (arg2[14])); ++ x149 = ((uint64_t)(arg1[7]) * (arg2[13])); ++ x150 = ((uint64_t)(arg1[7]) * ((arg2[12]) * 0x2)); ++ x151 = ((uint64_t)(arg1[6]) * (arg2[18])); ++ x152 = ((uint64_t)(arg1[6]) * ((arg2[17]) * 0x2)); ++ x153 = ((uint64_t)(arg1[6]) * (arg2[16])); ++ x154 = ((uint64_t)(arg1[6]) * ((arg2[15]) * 0x2)); ++ x155 = ((uint64_t)(arg1[6]) * (arg2[14])); ++ x156 = ((uint64_t)(arg1[6]) * ((arg2[13]) * 0x2)); ++ x157 = ((uint64_t)(arg1[5]) * ((arg2[18]) * 0x2)); ++ x158 = ((uint64_t)(arg1[5]) * ((arg2[17]) * 0x2)); ++ x159 = ((uint64_t)(arg1[5]) * ((arg2[16]) * 0x2)); ++ x160 = ((uint64_t)(arg1[5]) * ((arg2[15]) * 0x2)); ++ x161 = ((uint64_t)(arg1[5]) * ((arg2[14]) * 0x2)); ++ x162 = ((uint64_t)(arg1[4]) * (arg2[18])); ++ x163 = ((uint64_t)(arg1[4]) * ((arg2[17]) * 0x2)); ++ x164 = ((uint64_t)(arg1[4]) * (arg2[16])); ++ x165 = ((uint64_t)(arg1[4]) * ((arg2[15]) * 0x2)); ++ x166 = ((uint64_t)(arg1[3]) * ((arg2[18]) * 0x2)); ++ x167 = ((uint64_t)(arg1[3]) * ((arg2[17]) * 0x2)); ++ x168 = ((uint64_t)(arg1[3]) * ((arg2[16]) * 0x2)); ++ x169 = ((uint64_t)(arg1[2]) * (arg2[18])); ++ x170 = ((uint64_t)(arg1[2]) * ((arg2[17]) * 0x2)); ++ x171 = ((uint64_t)(arg1[1]) * ((arg2[18]) * 0x2)); ++ x172 = ((uint64_t)(arg1[18]) * (arg2[0])); ++ x173 = ((uint64_t)(arg1[17]) * ((arg2[1]) * 0x2)); ++ x174 = ((uint64_t)(arg1[17]) * (arg2[0])); ++ x175 = ((uint64_t)(arg1[16]) * (arg2[2])); ++ x176 = ((uint64_t)(arg1[16]) * (arg2[1])); ++ x177 = ((uint64_t)(arg1[16]) * (arg2[0])); ++ x178 = ((uint64_t)(arg1[15]) * ((arg2[3]) * 0x2)); ++ x179 = ((uint64_t)(arg1[15]) * (arg2[2])); ++ x180 = ((uint64_t)(arg1[15]) * ((arg2[1]) * 0x2)); ++ x181 = ((uint64_t)(arg1[15]) * (arg2[0])); ++ x182 = ((uint64_t)(arg1[14]) * (arg2[4])); ++ x183 = ((uint64_t)(arg1[14]) * (arg2[3])); ++ x184 = ((uint64_t)(arg1[14]) * (arg2[2])); ++ x185 = ((uint64_t)(arg1[14]) * (arg2[1])); ++ x186 = ((uint64_t)(arg1[14]) * (arg2[0])); ++ x187 = ((uint64_t)(arg1[13]) * ((arg2[5]) * 0x2)); ++ x188 = ((uint64_t)(arg1[13]) * (arg2[4])); ++ x189 = ((uint64_t)(arg1[13]) * ((arg2[3]) * 0x2)); ++ x190 = ((uint64_t)(arg1[13]) * (arg2[2])); ++ x191 = ((uint64_t)(arg1[13]) * ((arg2[1]) * 0x2)); ++ x192 = ((uint64_t)(arg1[13]) * (arg2[0])); ++ x193 = ((uint64_t)(arg1[12]) * ((arg2[6]) * 0x2)); ++ x194 = ((uint64_t)(arg1[12]) * ((arg2[5]) * 0x2)); ++ x195 = ((uint64_t)(arg1[12]) * ((arg2[4]) * 0x2)); ++ x196 = ((uint64_t)(arg1[12]) * ((arg2[3]) * 0x2)); ++ x197 = ((uint64_t)(arg1[12]) * ((arg2[2]) * 0x2)); ++ x198 = ((uint64_t)(arg1[12]) * ((arg2[1]) * 0x2)); ++ x199 = ((uint64_t)(arg1[12]) * (arg2[0])); ++ x200 = ((uint64_t)(arg1[11]) * (arg2[7])); ++ x201 = ((uint64_t)(arg1[11]) * (arg2[6])); ++ x202 = ((uint64_t)(arg1[11]) * ((arg2[5]) * 0x2)); ++ x203 = ((uint64_t)(arg1[11]) * (arg2[4])); ++ x204 = ((uint64_t)(arg1[11]) * ((arg2[3]) * 0x2)); ++ x205 = ((uint64_t)(arg1[11]) * (arg2[2])); ++ x206 = ((uint64_t)(arg1[11]) * (arg2[1])); ++ x207 = ((uint64_t)(arg1[11]) * (arg2[0])); ++ x208 = ((uint64_t)(arg1[10]) * ((arg2[8]) * 0x2)); ++ x209 = ((uint64_t)(arg1[10]) * (arg2[7])); ++ x210 = ((uint64_t)(arg1[10]) * ((arg2[6]) * 0x2)); ++ x211 = ((uint64_t)(arg1[10]) * ((arg2[5]) * 0x2)); ++ x212 = ((uint64_t)(arg1[10]) * ((arg2[4]) * 0x2)); ++ x213 = ((uint64_t)(arg1[10]) * ((arg2[3]) * 0x2)); ++ x214 = ((uint64_t)(arg1[10]) * (arg2[2])); ++ x215 = ((uint64_t)(arg1[10]) * ((arg2[1]) * 0x2)); ++ x216 = ((uint64_t)(arg1[10]) * (arg2[0])); ++ x217 = ((uint64_t)(arg1[9]) * (arg2[9])); ++ x218 = ((uint64_t)(arg1[9]) * (arg2[8])); ++ x219 = ((uint64_t)(arg1[9]) * (arg2[7])); ++ x220 = ((uint64_t)(arg1[9]) * (arg2[6])); ++ x221 = ((uint64_t)(arg1[9]) * ((arg2[5]) * 0x2)); ++ x222 = ((uint64_t)(arg1[9]) * (arg2[4])); ++ x223 = ((uint64_t)(arg1[9]) * (arg2[3])); ++ x224 = ((uint64_t)(arg1[9]) * (arg2[2])); ++ x225 = ((uint64_t)(arg1[9]) * (arg2[1])); ++ x226 = ((uint64_t)(arg1[9]) * (arg2[0])); ++ x227 = ((uint64_t)(arg1[8]) * ((arg2[10]) * 0x2)); ++ x228 = ((uint64_t)(arg1[8]) * (arg2[9])); ++ x229 = ((uint64_t)(arg1[8]) * ((arg2[8]) * 0x2)); ++ x230 = ((uint64_t)(arg1[8]) * (arg2[7])); ++ x231 = ((uint64_t)(arg1[8]) * ((arg2[6]) * 0x2)); ++ x232 = ((uint64_t)(arg1[8]) * ((arg2[5]) * 0x2)); ++ x233 = ((uint64_t)(arg1[8]) * (arg2[4])); ++ x234 = ((uint64_t)(arg1[8]) * ((arg2[3]) * 0x2)); ++ x235 = ((uint64_t)(arg1[8]) * (arg2[2])); ++ x236 = ((uint64_t)(arg1[8]) * ((arg2[1]) * 0x2)); ++ x237 = ((uint64_t)(arg1[8]) * (arg2[0])); ++ x238 = ((uint64_t)(arg1[7]) * (arg2[11])); ++ x239 = ((uint64_t)(arg1[7]) * (arg2[10])); ++ x240 = ((uint64_t)(arg1[7]) * (arg2[9])); ++ x241 = ((uint64_t)(arg1[7]) * (arg2[8])); ++ x242 = ((uint64_t)(arg1[7]) * (arg2[7])); ++ x243 = ((uint64_t)(arg1[7]) * (arg2[6])); ++ x244 = ((uint64_t)(arg1[7]) * (arg2[5])); ++ x245 = ((uint64_t)(arg1[7]) * (arg2[4])); ++ x246 = ((uint64_t)(arg1[7]) * (arg2[3])); ++ x247 = ((uint64_t)(arg1[7]) * (arg2[2])); ++ x248 = ((uint64_t)(arg1[7]) * (arg2[1])); ++ x249 = ((uint64_t)(arg1[7]) * (arg2[0])); ++ x250 = ((uint64_t)(arg1[6]) * ((arg2[12]) * 0x2)); ++ x251 = ((uint64_t)(arg1[6]) * (arg2[11])); ++ x252 = ((uint64_t)(arg1[6]) * ((arg2[10]) * 0x2)); ++ x253 = ((uint64_t)(arg1[6]) * (arg2[9])); ++ x254 = ((uint64_t)(arg1[6]) * ((arg2[8]) * 0x2)); ++ x255 = ((uint64_t)(arg1[6]) * (arg2[7])); ++ x256 = ((uint64_t)(arg1[6]) * (arg2[6])); ++ x257 = ((uint64_t)(arg1[6]) * ((arg2[5]) * 0x2)); ++ x258 = ((uint64_t)(arg1[6]) * (arg2[4])); ++ x259 = ((uint64_t)(arg1[6]) * ((arg2[3]) * 0x2)); ++ x260 = ((uint64_t)(arg1[6]) * (arg2[2])); ++ x261 = ((uint64_t)(arg1[6]) * ((arg2[1]) * 0x2)); ++ x262 = ((uint64_t)(arg1[6]) * (arg2[0])); ++ x263 = ((uint64_t)(arg1[5]) * ((arg2[13]) * 0x2)); ++ x264 = ((uint64_t)(arg1[5]) * ((arg2[12]) * 0x2)); ++ x265 = ((uint64_t)(arg1[5]) * ((arg2[11]) * 0x2)); ++ x266 = ((uint64_t)(arg1[5]) * ((arg2[10]) * 0x2)); ++ x267 = ((uint64_t)(arg1[5]) * ((arg2[9]) * 0x2)); ++ x268 = ((uint64_t)(arg1[5]) * ((arg2[8]) * 0x2)); ++ x269 = ((uint64_t)(arg1[5]) * (arg2[7])); ++ x270 = ((uint64_t)(arg1[5]) * ((arg2[6]) * 0x2)); ++ x271 = ((uint64_t)(arg1[5]) * ((arg2[5]) * 0x2)); ++ x272 = ((uint64_t)(arg1[5]) * ((arg2[4]) * 0x2)); ++ x273 = ((uint64_t)(arg1[5]) * ((arg2[3]) * 0x2)); ++ x274 = ((uint64_t)(arg1[5]) * ((arg2[2]) * 0x2)); ++ x275 = ((uint64_t)(arg1[5]) * ((arg2[1]) * 0x2)); ++ x276 = ((uint64_t)(arg1[5]) * (arg2[0])); ++ x277 = ((uint64_t)(arg1[4]) * (arg2[14])); ++ x278 = ((uint64_t)(arg1[4]) * (arg2[13])); ++ x279 = ((uint64_t)(arg1[4]) * ((arg2[12]) * 0x2)); ++ x280 = ((uint64_t)(arg1[4]) * (arg2[11])); ++ x281 = ((uint64_t)(arg1[4]) * ((arg2[10]) * 0x2)); ++ x282 = ((uint64_t)(arg1[4]) * (arg2[9])); ++ x283 = ((uint64_t)(arg1[4]) * (arg2[8])); ++ x284 = ((uint64_t)(arg1[4]) * (arg2[7])); ++ x285 = ((uint64_t)(arg1[4]) * (arg2[6])); ++ x286 = ((uint64_t)(arg1[4]) * ((arg2[5]) * 0x2)); ++ x287 = ((uint64_t)(arg1[4]) * (arg2[4])); ++ x288 = ((uint64_t)(arg1[4]) * ((arg2[3]) * 0x2)); ++ x289 = ((uint64_t)(arg1[4]) * (arg2[2])); ++ x290 = ((uint64_t)(arg1[4]) * (arg2[1])); ++ x291 = ((uint64_t)(arg1[4]) * (arg2[0])); ++ x292 = ((uint64_t)(arg1[3]) * ((arg2[15]) * 0x2)); ++ x293 = ((uint64_t)(arg1[3]) * (arg2[14])); ++ x294 = ((uint64_t)(arg1[3]) * ((arg2[13]) * 0x2)); ++ x295 = ((uint64_t)(arg1[3]) * ((arg2[12]) * 0x2)); ++ x296 = ((uint64_t)(arg1[3]) * ((arg2[11]) * 0x2)); ++ x297 = ((uint64_t)(arg1[3]) * ((arg2[10]) * 0x2)); ++ x298 = ((uint64_t)(arg1[3]) * (arg2[9])); ++ x299 = ((uint64_t)(arg1[3]) * ((arg2[8]) * 0x2)); ++ x300 = ((uint64_t)(arg1[3]) * (arg2[7])); ++ x301 = ((uint64_t)(arg1[3]) * ((arg2[6]) * 0x2)); ++ x302 = ((uint64_t)(arg1[3]) * ((arg2[5]) * 0x2)); ++ x303 = ((uint64_t)(arg1[3]) * ((arg2[4]) * 0x2)); ++ x304 = ((uint64_t)(arg1[3]) * ((arg2[3]) * 0x2)); ++ x305 = ((uint64_t)(arg1[3]) * (arg2[2])); ++ x306 = ((uint64_t)(arg1[3]) * ((arg2[1]) * 0x2)); ++ x307 = ((uint64_t)(arg1[3]) * (arg2[0])); ++ x308 = ((uint64_t)(arg1[2]) * (arg2[16])); ++ x309 = ((uint64_t)(arg1[2]) * (arg2[15])); ++ x310 = ((uint64_t)(arg1[2]) * (arg2[14])); ++ x311 = ((uint64_t)(arg1[2]) * (arg2[13])); ++ x312 = ((uint64_t)(arg1[2]) * ((arg2[12]) * 0x2)); ++ x313 = ((uint64_t)(arg1[2]) * (arg2[11])); ++ x314 = ((uint64_t)(arg1[2]) * (arg2[10])); ++ x315 = ((uint64_t)(arg1[2]) * (arg2[9])); ++ x316 = ((uint64_t)(arg1[2]) * (arg2[8])); ++ x317 = ((uint64_t)(arg1[2]) * (arg2[7])); ++ x318 = ((uint64_t)(arg1[2]) * (arg2[6])); ++ x319 = ((uint64_t)(arg1[2]) * ((arg2[5]) * 0x2)); ++ x320 = ((uint64_t)(arg1[2]) * (arg2[4])); ++ x321 = ((uint64_t)(arg1[2]) * (arg2[3])); ++ x322 = ((uint64_t)(arg1[2]) * (arg2[2])); ++ x323 = ((uint64_t)(arg1[2]) * (arg2[1])); ++ x324 = ((uint64_t)(arg1[2]) * (arg2[0])); ++ x325 = ((uint64_t)(arg1[1]) * ((arg2[17]) * 0x2)); ++ x326 = ((uint64_t)(arg1[1]) * (arg2[16])); ++ x327 = ((uint64_t)(arg1[1]) * ((arg2[15]) * 0x2)); ++ x328 = ((uint64_t)(arg1[1]) * (arg2[14])); ++ x329 = ((uint64_t)(arg1[1]) * ((arg2[13]) * 0x2)); ++ x330 = ((uint64_t)(arg1[1]) * ((arg2[12]) * 0x2)); ++ x331 = ((uint64_t)(arg1[1]) * (arg2[11])); ++ x332 = ((uint64_t)(arg1[1]) * ((arg2[10]) * 0x2)); ++ x333 = ((uint64_t)(arg1[1]) * (arg2[9])); ++ x334 = ((uint64_t)(arg1[1]) * ((arg2[8]) * 0x2)); ++ x335 = ((uint64_t)(arg1[1]) * (arg2[7])); ++ x336 = ((uint64_t)(arg1[1]) * ((arg2[6]) * 0x2)); ++ x337 = ((uint64_t)(arg1[1]) * ((arg2[5]) * 0x2)); ++ x338 = ((uint64_t)(arg1[1]) * (arg2[4])); ++ x339 = ((uint64_t)(arg1[1]) * ((arg2[3]) * 0x2)); ++ x340 = ((uint64_t)(arg1[1]) * (arg2[2])); ++ x341 = ((uint64_t)(arg1[1]) * ((arg2[1]) * 0x2)); ++ x342 = ((uint64_t)(arg1[1]) * (arg2[0])); ++ x343 = ((uint64_t)(arg1[0]) * (arg2[18])); ++ x344 = ((uint64_t)(arg1[0]) * (arg2[17])); ++ x345 = ((uint64_t)(arg1[0]) * (arg2[16])); ++ x346 = ((uint64_t)(arg1[0]) * (arg2[15])); ++ x347 = ((uint64_t)(arg1[0]) * (arg2[14])); ++ x348 = ((uint64_t)(arg1[0]) * (arg2[13])); ++ x349 = ((uint64_t)(arg1[0]) * (arg2[12])); ++ x350 = ((uint64_t)(arg1[0]) * (arg2[11])); ++ x351 = ((uint64_t)(arg1[0]) * (arg2[10])); ++ x352 = ((uint64_t)(arg1[0]) * (arg2[9])); ++ x353 = ((uint64_t)(arg1[0]) * (arg2[8])); ++ x354 = ((uint64_t)(arg1[0]) * (arg2[7])); ++ x355 = ((uint64_t)(arg1[0]) * (arg2[6])); ++ x356 = ((uint64_t)(arg1[0]) * (arg2[5])); ++ x357 = ((uint64_t)(arg1[0]) * (arg2[4])); ++ x358 = ((uint64_t)(arg1[0]) * (arg2[3])); ++ x359 = ((uint64_t)(arg1[0]) * (arg2[2])); ++ x360 = ((uint64_t)(arg1[0]) * (arg2[1])); ++ x361 = ((uint64_t)(arg1[0]) * (arg2[0])); ++ x362 = ++ (x361 + ++ (x171 + ++ (x170 + ++ (x168 + ++ (x165 + ++ (x161 + ++ (x156 + ++ (x150 + ++ (x143 + ++ (x135 + ++ (x126 + ++ (x116 + ++ (x105 + ++ (x93 + (x80 + (x66 + (x51 + (x35 + x18)))))))))))))))))); ++ x363 = (x362 >> 28); ++ x364 = (uint32_t)(x362 & UINT32_C(0xfffffff)); ++ x365 = (x343 + ++ (x325 + ++ (x308 + ++ (x292 + ++ (x277 + ++ (x263 + ++ (x250 + ++ (x238 + ++ (x227 + ++ (x217 + ++ (x208 + ++ (x200 + ++ (x193 + ++ (x187 + ++ (x182 + (x178 + (x175 + (x173 + x172)))))))))))))))))); ++ x366 = (x344 + ++ (x326 + ++ (x309 + ++ (x293 + ++ (x278 + ++ (x264 + ++ (x251 + ++ (x239 + ++ (x228 + ++ (x218 + ++ (x209 + ++ (x201 + ++ (x194 + ++ (x188 + ++ (x183 + (x179 + (x176 + (x174 + x1)))))))))))))))))); ++ x367 = (x345 + ++ (x327 + ++ (x310 + ++ (x294 + ++ (x279 + ++ (x265 + ++ (x252 + ++ (x240 + ++ (x229 + ++ (x219 + ++ (x210 + ++ (x202 + ++ (x195 + ++ (x189 + ++ (x184 + (x180 + (x177 + (x19 + x2)))))))))))))))))); ++ x368 = ++ (x346 + ++ (x328 + ++ (x311 + ++ (x295 + ++ (x280 + ++ (x266 + ++ (x253 + ++ (x241 + ++ (x230 + ++ (x220 + ++ (x211 + ++ (x203 + ++ (x196 + ++ (x190 + (x185 + (x181 + (x36 + (x20 + x3)))))))))))))))))); ++ x369 = ++ (x347 + ++ (x329 + ++ (x312 + ++ (x296 + ++ (x281 + ++ (x267 + ++ (x254 + ++ (x242 + ++ (x231 + ++ (x221 + ++ (x212 + ++ (x204 + ++ (x197 + ++ (x191 + (x186 + (x52 + (x37 + (x21 + x4)))))))))))))))))); ++ x370 = ++ (x348 + ++ (x330 + ++ (x313 + ++ (x297 + ++ (x282 + ++ (x268 + ++ (x255 + ++ (x243 + ++ (x232 + ++ (x222 + ++ (x213 + ++ (x205 + ++ (x198 + ++ (x192 + (x67 + (x53 + (x38 + (x22 + x5)))))))))))))))))); ++ x371 = (x349 + ++ (x331 + ++ (x314 + ++ (x298 + ++ (x283 + ++ (x269 + ++ (x256 + ++ (x244 + ++ (x233 + ++ (x223 + ++ (x214 + ++ (x206 + ++ (x199 + ++ (x81 + (x68 + (x54 + (x39 + (x23 + x6)))))))))))))))))); ++ x372 = (x350 + ++ (x332 + ++ (x315 + ++ (x299 + ++ (x284 + ++ (x270 + ++ (x257 + ++ (x245 + ++ (x234 + ++ (x224 + ++ (x215 + ++ (x207 + ++ (x94 + ++ (x82 + (x69 + (x55 + (x40 + (x24 + x7)))))))))))))))))); ++ x373 = (x351 + ++ (x333 + ++ (x316 + ++ (x300 + ++ (x285 + ++ (x271 + ++ (x258 + ++ (x246 + ++ (x235 + ++ (x225 + ++ (x216 + ++ (x106 + ++ (x95 + ++ (x83 + (x70 + (x56 + (x41 + (x25 + x8)))))))))))))))))); ++ x374 = (x352 + ++ (x334 + ++ (x317 + ++ (x301 + ++ (x286 + ++ (x272 + ++ (x259 + ++ (x247 + ++ (x236 + ++ (x226 + ++ (x117 + ++ (x107 + ++ (x96 + ++ (x84 + (x71 + (x57 + (x42 + (x26 + x9)))))))))))))))))); ++ x375 = ++ (x353 + ++ (x335 + ++ (x318 + ++ (x302 + ++ (x287 + ++ (x273 + ++ (x260 + ++ (x248 + ++ (x237 + ++ (x127 + ++ (x118 + ++ (x108 + ++ (x97 + ++ (x85 + (x72 + (x58 + (x43 + (x27 + x10)))))))))))))))))); ++ x376 = ++ (x354 + ++ (x336 + ++ (x319 + ++ (x303 + ++ (x288 + ++ (x274 + ++ (x261 + ++ (x249 + ++ (x136 + ++ (x128 + ++ (x119 + ++ (x109 + ++ (x98 + ++ (x86 + (x73 + (x59 + (x44 + (x28 + x11)))))))))))))))))); ++ x377 = ++ (x355 + ++ (x337 + ++ (x320 + ++ (x304 + ++ (x289 + ++ (x275 + ++ (x262 + ++ (x144 + ++ (x137 + ++ (x129 + ++ (x120 + ++ (x110 + ++ (x99 + ++ (x87 + (x74 + (x60 + (x45 + (x29 + x12)))))))))))))))))); ++ x378 = ++ (x356 + ++ (x338 + ++ (x321 + ++ (x305 + ++ (x290 + ++ (x276 + ++ (x151 + ++ (x145 + ++ (x138 + ++ (x130 + ++ (x121 + ++ (x111 + ++ (x100 + ++ (x88 + (x75 + (x61 + (x46 + (x30 + x13)))))))))))))))))); ++ x379 = ++ (x357 + ++ (x339 + ++ (x322 + ++ (x306 + ++ (x291 + ++ (x157 + ++ (x152 + ++ (x146 + ++ (x139 + ++ (x131 + ++ (x122 + ++ (x112 + ++ (x101 + ++ (x89 + (x76 + (x62 + (x47 + (x31 + x14)))))))))))))))))); ++ x380 = ++ (x358 + ++ (x340 + ++ (x323 + ++ (x307 + ++ (x162 + ++ (x158 + ++ (x153 + ++ (x147 + ++ (x140 + ++ (x132 + ++ (x123 + ++ (x113 + ++ (x102 + ++ (x90 + (x77 + (x63 + (x48 + (x32 + x15)))))))))))))))))); ++ x381 = ++ (x359 + ++ (x341 + ++ (x324 + ++ (x166 + ++ (x163 + ++ (x159 + ++ (x154 + ++ (x148 + ++ (x141 + ++ (x133 + ++ (x124 + ++ (x114 + ++ (x103 + ++ (x91 + (x78 + (x64 + (x49 + (x33 + x16)))))))))))))))))); ++ x382 = ++ (x360 + ++ (x342 + ++ (x169 + ++ (x167 + ++ (x164 + ++ (x160 + ++ (x155 + ++ (x149 + ++ (x142 + ++ (x134 + ++ (x125 + ++ (x115 + ++ (x104 + ++ (x92 + (x79 + (x65 + (x50 + (x34 + x17)))))))))))))))))); ++ x383 = (x363 + x382); ++ x384 = (x383 >> 27); ++ x385 = (uint32_t)(x383 & UINT32_C(0x7ffffff)); ++ x386 = (x384 + x381); ++ x387 = (x386 >> 28); ++ x388 = (uint32_t)(x386 & UINT32_C(0xfffffff)); ++ x389 = (x387 + x380); ++ x390 = (x389 >> 27); ++ x391 = (uint32_t)(x389 & UINT32_C(0x7ffffff)); ++ x392 = (x390 + x379); ++ x393 = (x392 >> 28); ++ x394 = (uint32_t)(x392 & UINT32_C(0xfffffff)); ++ x395 = (x393 + x378); ++ x396 = (x395 >> 27); ++ x397 = (uint32_t)(x395 & UINT32_C(0x7ffffff)); ++ x398 = (x396 + x377); ++ x399 = (x398 >> 27); ++ x400 = (uint32_t)(x398 & UINT32_C(0x7ffffff)); ++ x401 = (x399 + x376); ++ x402 = (x401 >> 28); ++ x403 = (uint32_t)(x401 & UINT32_C(0xfffffff)); ++ x404 = (x402 + x375); ++ x405 = (x404 >> 27); ++ x406 = (uint32_t)(x404 & UINT32_C(0x7ffffff)); ++ x407 = (x405 + x374); ++ x408 = (x407 >> 28); ++ x409 = (uint32_t)(x407 & UINT32_C(0xfffffff)); ++ x410 = (x408 + x373); ++ x411 = (x410 >> 27); ++ x412 = (uint32_t)(x410 & UINT32_C(0x7ffffff)); ++ x413 = (x411 + x372); ++ x414 = (x413 >> 28); ++ x415 = (uint32_t)(x413 & UINT32_C(0xfffffff)); ++ x416 = (x414 + x371); ++ x417 = (x416 >> 27); ++ x418 = (uint32_t)(x416 & UINT32_C(0x7ffffff)); ++ x419 = (x417 + x370); ++ x420 = (x419 >> 27); ++ x421 = (uint32_t)(x419 & UINT32_C(0x7ffffff)); ++ x422 = (x420 + x369); ++ x423 = (x422 >> 28); ++ x424 = (uint32_t)(x422 & UINT32_C(0xfffffff)); ++ x425 = (x423 + x368); ++ x426 = (x425 >> 27); ++ x427 = (uint32_t)(x425 & UINT32_C(0x7ffffff)); ++ x428 = (x426 + x367); ++ x429 = (x428 >> 28); ++ x430 = (uint32_t)(x428 & UINT32_C(0xfffffff)); ++ x431 = (x429 + x366); ++ x432 = (x431 >> 27); ++ x433 = (uint32_t)(x431 & UINT32_C(0x7ffffff)); ++ x434 = (x432 + x365); ++ x435 = (x434 >> 27); ++ x436 = (uint32_t)(x434 & UINT32_C(0x7ffffff)); ++ x437 = (x364 + x435); ++ x438 = (uint32_t)(x437 >> 28); ++ x439 = (uint32_t)(x437 & UINT32_C(0xfffffff)); ++ x440 = (x438 + x385); ++ x441 = (fiat_secp521r1_uint1)(x440 >> 27); ++ x442 = (x440 & UINT32_C(0x7ffffff)); ++ x443 = (x441 + x388); ++ out1[0] = x439; ++ out1[1] = x442; ++ out1[2] = x443; ++ out1[3] = x391; ++ out1[4] = x394; ++ out1[5] = x397; ++ out1[6] = x400; ++ out1[7] = x403; ++ out1[8] = x406; ++ out1[9] = x409; ++ out1[10] = x412; ++ out1[11] = x415; ++ out1[12] = x418; ++ out1[13] = x421; ++ out1[14] = x424; ++ out1[15] = x427; ++ out1[16] = x430; ++ out1[17] = x433; ++ out1[18] = x436; ++} ++ ++/* ++ * The function fiat_secp521r1_carry_square squares a field element and reduces the result. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 * eval arg1) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ */ ++static void ++fiat_secp521r1_carry_square(uint32_t out1[19], ++ const uint32_t arg1[19]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ uint32_t x23; ++ uint32_t x24; ++ uint32_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint32_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint32_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint32_t x36; ++ uint64_t x37; ++ uint64_t x38; ++ uint64_t x39; ++ uint64_t x40; ++ uint64_t x41; ++ uint64_t x42; ++ uint64_t x43; ++ uint64_t x44; ++ uint64_t x45; ++ uint64_t x46; ++ uint64_t x47; ++ uint64_t x48; ++ uint64_t x49; ++ uint64_t x50; ++ uint64_t x51; ++ uint64_t x52; ++ uint64_t x53; ++ uint64_t x54; ++ uint64_t x55; ++ uint64_t x56; ++ uint64_t x57; ++ uint64_t x58; ++ uint64_t x59; ++ uint64_t x60; ++ uint64_t x61; ++ uint64_t x62; ++ uint64_t x63; ++ uint64_t x64; ++ uint64_t x65; ++ uint64_t x66; ++ uint64_t x67; ++ uint64_t x68; ++ uint64_t x69; ++ uint64_t x70; ++ uint64_t x71; ++ uint64_t x72; ++ uint64_t x73; ++ uint64_t x74; ++ uint64_t x75; ++ uint64_t x76; ++ uint64_t x77; ++ uint64_t x78; ++ uint64_t x79; ++ uint64_t x80; ++ uint64_t x81; ++ uint64_t x82; ++ uint64_t x83; ++ uint64_t x84; ++ uint64_t x85; ++ uint64_t x86; ++ uint64_t x87; ++ uint64_t x88; ++ uint64_t x89; ++ uint64_t x90; ++ uint64_t x91; ++ uint64_t x92; ++ uint64_t x93; ++ uint64_t x94; ++ uint64_t x95; ++ uint64_t x96; ++ uint64_t x97; ++ uint64_t x98; ++ uint64_t x99; ++ uint64_t x100; ++ uint64_t x101; ++ uint64_t x102; ++ uint64_t x103; ++ uint64_t x104; ++ uint64_t x105; ++ uint64_t x106; ++ uint64_t x107; ++ uint64_t x108; ++ uint64_t x109; ++ uint64_t x110; ++ uint64_t x111; ++ uint64_t x112; ++ uint64_t x113; ++ uint64_t x114; ++ uint64_t x115; ++ uint64_t x116; ++ uint64_t x117; ++ uint64_t x118; ++ uint64_t x119; ++ uint64_t x120; ++ uint64_t x121; ++ uint64_t x122; ++ uint64_t x123; ++ uint64_t x124; ++ uint64_t x125; ++ uint64_t x126; ++ uint64_t x127; ++ uint64_t x128; ++ uint64_t x129; ++ uint64_t x130; ++ uint64_t x131; ++ uint64_t x132; ++ uint64_t x133; ++ uint64_t x134; ++ uint64_t x135; ++ uint64_t x136; ++ uint64_t x137; ++ uint64_t x138; ++ uint64_t x139; ++ uint64_t x140; ++ uint64_t x141; ++ uint64_t x142; ++ uint64_t x143; ++ uint64_t x144; ++ uint64_t x145; ++ uint64_t x146; ++ uint64_t x147; ++ uint64_t x148; ++ uint64_t x149; ++ uint64_t x150; ++ uint64_t x151; ++ uint64_t x152; ++ uint64_t x153; ++ uint64_t x154; ++ uint64_t x155; ++ uint64_t x156; ++ uint64_t x157; ++ uint64_t x158; ++ uint64_t x159; ++ uint64_t x160; ++ uint64_t x161; ++ uint64_t x162; ++ uint64_t x163; ++ uint64_t x164; ++ uint64_t x165; ++ uint64_t x166; ++ uint64_t x167; ++ uint64_t x168; ++ uint64_t x169; ++ uint64_t x170; ++ uint64_t x171; ++ uint64_t x172; ++ uint64_t x173; ++ uint64_t x174; ++ uint64_t x175; ++ uint64_t x176; ++ uint64_t x177; ++ uint64_t x178; ++ uint64_t x179; ++ uint64_t x180; ++ uint64_t x181; ++ uint64_t x182; ++ uint64_t x183; ++ uint64_t x184; ++ uint64_t x185; ++ uint64_t x186; ++ uint64_t x187; ++ uint64_t x188; ++ uint64_t x189; ++ uint64_t x190; ++ uint64_t x191; ++ uint64_t x192; ++ uint64_t x193; ++ uint64_t x194; ++ uint64_t x195; ++ uint64_t x196; ++ uint64_t x197; ++ uint64_t x198; ++ uint64_t x199; ++ uint64_t x200; ++ uint64_t x201; ++ uint64_t x202; ++ uint64_t x203; ++ uint64_t x204; ++ uint64_t x205; ++ uint64_t x206; ++ uint64_t x207; ++ uint64_t x208; ++ uint64_t x209; ++ uint64_t x210; ++ uint64_t x211; ++ uint64_t x212; ++ uint64_t x213; ++ uint64_t x214; ++ uint64_t x215; ++ uint64_t x216; ++ uint64_t x217; ++ uint64_t x218; ++ uint64_t x219; ++ uint64_t x220; ++ uint64_t x221; ++ uint64_t x222; ++ uint64_t x223; ++ uint64_t x224; ++ uint64_t x225; ++ uint64_t x226; ++ uint64_t x227; ++ uint64_t x228; ++ uint32_t x229; ++ uint64_t x230; ++ uint64_t x231; ++ uint64_t x232; ++ uint64_t x233; ++ uint64_t x234; ++ uint64_t x235; ++ uint64_t x236; ++ uint64_t x237; ++ uint64_t x238; ++ uint64_t x239; ++ uint64_t x240; ++ uint64_t x241; ++ uint64_t x242; ++ uint64_t x243; ++ uint64_t x244; ++ uint64_t x245; ++ uint64_t x246; ++ uint64_t x247; ++ uint64_t x248; ++ uint64_t x249; ++ uint32_t x250; ++ uint64_t x251; ++ uint64_t x252; ++ uint32_t x253; ++ uint64_t x254; ++ uint64_t x255; ++ uint32_t x256; ++ uint64_t x257; ++ uint64_t x258; ++ uint32_t x259; ++ uint64_t x260; ++ uint64_t x261; ++ uint32_t x262; ++ uint64_t x263; ++ uint64_t x264; ++ uint32_t x265; ++ uint64_t x266; ++ uint64_t x267; ++ uint32_t x268; ++ uint64_t x269; ++ uint64_t x270; ++ uint32_t x271; ++ uint64_t x272; ++ uint64_t x273; ++ uint32_t x274; ++ uint64_t x275; ++ uint64_t x276; ++ uint32_t x277; ++ uint64_t x278; ++ uint64_t x279; ++ uint32_t x280; ++ uint64_t x281; ++ uint64_t x282; ++ uint32_t x283; ++ uint64_t x284; ++ uint64_t x285; ++ uint32_t x286; ++ uint64_t x287; ++ uint64_t x288; ++ uint32_t x289; ++ uint64_t x290; ++ uint64_t x291; ++ uint32_t x292; ++ uint64_t x293; ++ uint64_t x294; ++ uint32_t x295; ++ uint64_t x296; ++ uint64_t x297; ++ uint32_t x298; ++ uint64_t x299; ++ uint64_t x300; ++ uint32_t x301; ++ uint64_t x302; ++ uint32_t x303; ++ uint32_t x304; ++ uint32_t x305; ++ fiat_secp521r1_uint1 x306; ++ uint32_t x307; ++ uint32_t x308; ++ x1 = (arg1[18]); ++ x2 = (x1 * 0x2); ++ x3 = ((arg1[18]) * 0x2); ++ x4 = (arg1[17]); ++ x5 = (x4 * 0x2); ++ x6 = ((arg1[17]) * 0x2); ++ x7 = (arg1[16]); ++ x8 = (x7 * 0x2); ++ x9 = ((arg1[16]) * 0x2); ++ x10 = (arg1[15]); ++ x11 = (x10 * 0x2); ++ x12 = ((arg1[15]) * 0x2); ++ x13 = (arg1[14]); ++ x14 = (x13 * 0x2); ++ x15 = ((arg1[14]) * 0x2); ++ x16 = (arg1[13]); ++ x17 = (x16 * 0x2); ++ x18 = ((arg1[13]) * 0x2); ++ x19 = (arg1[12]); ++ x20 = (x19 * 0x2); ++ x21 = ((arg1[12]) * 0x2); ++ x22 = (arg1[11]); ++ x23 = (x22 * 0x2); ++ x24 = ((arg1[11]) * 0x2); ++ x25 = (arg1[10]); ++ x26 = (x25 * 0x2); ++ x27 = ((arg1[10]) * 0x2); ++ x28 = ((arg1[9]) * 0x2); ++ x29 = ((arg1[8]) * 0x2); ++ x30 = ((arg1[7]) * 0x2); ++ x31 = ((arg1[6]) * 0x2); ++ x32 = ((arg1[5]) * 0x2); ++ x33 = ((arg1[4]) * 0x2); ++ x34 = ((arg1[3]) * 0x2); ++ x35 = ((arg1[2]) * 0x2); ++ x36 = ((arg1[1]) * 0x2); ++ x37 = ((uint64_t)(arg1[18]) * x1); ++ x38 = ((uint64_t)(arg1[17]) * (x2 * 0x2)); ++ x39 = ((uint64_t)(arg1[17]) * (x4 * 0x2)); ++ x40 = ((uint64_t)(arg1[16]) * x2); ++ x41 = ((uint64_t)(arg1[16]) * (x5 * 0x2)); ++ x42 = ((uint64_t)(arg1[16]) * x7); ++ x43 = ((uint64_t)(arg1[15]) * (x2 * 0x2)); ++ x44 = ((uint64_t)(arg1[15]) * (x5 * 0x2)); ++ x45 = ((uint64_t)(arg1[15]) * x8); ++ x46 = ((uint64_t)(arg1[15]) * (x10 * 0x2)); ++ x47 = ((uint64_t)(arg1[14]) * x2); ++ x48 = ((uint64_t)(arg1[14]) * x5); ++ x49 = ((uint64_t)(arg1[14]) * x8); ++ x50 = ((uint64_t)(arg1[14]) * x11); ++ x51 = ((uint64_t)(arg1[14]) * x13); ++ x52 = ((uint64_t)(arg1[13]) * x2); ++ x53 = ((uint64_t)(arg1[13]) * (x5 * 0x2)); ++ x54 = ((uint64_t)(arg1[13]) * x8); ++ x55 = ((uint64_t)(arg1[13]) * (x11 * 0x2)); ++ x56 = ((uint64_t)(arg1[13]) * x14); ++ x57 = ((uint64_t)(arg1[13]) * (x16 * 0x2)); ++ x58 = ((uint64_t)(arg1[12]) * (x2 * 0x2)); ++ x59 = ((uint64_t)(arg1[12]) * (x5 * 0x2)); ++ x60 = ((uint64_t)(arg1[12]) * (x8 * 0x2)); ++ x61 = ((uint64_t)(arg1[12]) * (x11 * 0x2)); ++ x62 = ((uint64_t)(arg1[12]) * (x14 * 0x2)); ++ x63 = ((uint64_t)(arg1[12]) * (x17 * 0x2)); ++ x64 = ((uint64_t)(arg1[12]) * (x19 * 0x2)); ++ x65 = ((uint64_t)(arg1[11]) * x2); ++ x66 = ((uint64_t)(arg1[11]) * (x5 * 0x2)); ++ x67 = ((uint64_t)(arg1[11]) * x8); ++ x68 = ((uint64_t)(arg1[11]) * (x11 * 0x2)); ++ x69 = ((uint64_t)(arg1[11]) * x14); ++ x70 = ((uint64_t)(arg1[11]) * x17); ++ x71 = ((uint64_t)(arg1[11]) * (x20 * 0x2)); ++ x72 = ((uint64_t)(arg1[11]) * x22); ++ x73 = ((uint64_t)(arg1[10]) * (x2 * 0x2)); ++ x74 = ((uint64_t)(arg1[10]) * (x5 * 0x2)); ++ x75 = ((uint64_t)(arg1[10]) * (x8 * 0x2)); ++ x76 = ((uint64_t)(arg1[10]) * (x11 * 0x2)); ++ x77 = ((uint64_t)(arg1[10]) * x14); ++ x78 = ((uint64_t)(arg1[10]) * (x17 * 0x2)); ++ x79 = ((uint64_t)(arg1[10]) * (x20 * 0x2)); ++ x80 = ((uint64_t)(arg1[10]) * (x23 * 0x2)); ++ x81 = ((uint64_t)(arg1[10]) * (x25 * 0x2)); ++ x82 = ((uint64_t)(arg1[9]) * x2); ++ x83 = ((uint64_t)(arg1[9]) * (x5 * 0x2)); ++ x84 = ((uint64_t)(arg1[9]) * x8); ++ x85 = ((uint64_t)(arg1[9]) * x11); ++ x86 = ((uint64_t)(arg1[9]) * x14); ++ x87 = ((uint64_t)(arg1[9]) * x17); ++ x88 = ((uint64_t)(arg1[9]) * (x20 * 0x2)); ++ x89 = ((uint64_t)(arg1[9]) * x23); ++ x90 = ((uint64_t)(arg1[9]) * (x26 * 0x2)); ++ x91 = ((uint64_t)(arg1[9]) * (arg1[9])); ++ x92 = ((uint64_t)(arg1[8]) * (x2 * 0x2)); ++ x93 = ((uint64_t)(arg1[8]) * (x5 * 0x2)); ++ x94 = ((uint64_t)(arg1[8]) * x8); ++ x95 = ((uint64_t)(arg1[8]) * (x11 * 0x2)); ++ x96 = ((uint64_t)(arg1[8]) * x14); ++ x97 = ((uint64_t)(arg1[8]) * (x17 * 0x2)); ++ x98 = ((uint64_t)(arg1[8]) * (x20 * 0x2)); ++ x99 = ((uint64_t)(arg1[8]) * (x23 * 0x2)); ++ x100 = ((uint64_t)(arg1[8]) * (x27 * 0x2)); ++ x101 = ((uint64_t)(arg1[8]) * x28); ++ x102 = ((uint64_t)(arg1[8]) * ((arg1[8]) * 0x2)); ++ x103 = ((uint64_t)(arg1[7]) * x2); ++ x104 = ((uint64_t)(arg1[7]) * x5); ++ x105 = ((uint64_t)(arg1[7]) * x8); ++ x106 = ((uint64_t)(arg1[7]) * x11); ++ x107 = ((uint64_t)(arg1[7]) * x14); ++ x108 = ((uint64_t)(arg1[7]) * x17); ++ x109 = ((uint64_t)(arg1[7]) * (x20 * 0x2)); ++ x110 = ((uint64_t)(arg1[7]) * x24); ++ x111 = ((uint64_t)(arg1[7]) * x27); ++ x112 = ((uint64_t)(arg1[7]) * x28); ++ x113 = ((uint64_t)(arg1[7]) * x29); ++ x114 = ((uint64_t)(arg1[7]) * (arg1[7])); ++ x115 = ((uint64_t)(arg1[6]) * x2); ++ x116 = ((uint64_t)(arg1[6]) * (x5 * 0x2)); ++ x117 = ((uint64_t)(arg1[6]) * x8); ++ x118 = ((uint64_t)(arg1[6]) * (x11 * 0x2)); ++ x119 = ((uint64_t)(arg1[6]) * x14); ++ x120 = ((uint64_t)(arg1[6]) * (x17 * 0x2)); ++ x121 = ((uint64_t)(arg1[6]) * (x21 * 0x2)); ++ x122 = ((uint64_t)(arg1[6]) * x24); ++ x123 = ((uint64_t)(arg1[6]) * (x27 * 0x2)); ++ x124 = ((uint64_t)(arg1[6]) * x28); ++ x125 = ((uint64_t)(arg1[6]) * (x29 * 0x2)); ++ x126 = ((uint64_t)(arg1[6]) * x30); ++ x127 = ((uint64_t)(arg1[6]) * (arg1[6])); ++ x128 = ((uint64_t)(arg1[5]) * (x2 * 0x2)); ++ x129 = ((uint64_t)(arg1[5]) * (x5 * 0x2)); ++ x130 = ((uint64_t)(arg1[5]) * (x8 * 0x2)); ++ x131 = ((uint64_t)(arg1[5]) * (x11 * 0x2)); ++ x132 = ((uint64_t)(arg1[5]) * (x14 * 0x2)); ++ x133 = ((uint64_t)(arg1[5]) * (x18 * 0x2)); ++ x134 = ((uint64_t)(arg1[5]) * (x21 * 0x2)); ++ x135 = ((uint64_t)(arg1[5]) * (x24 * 0x2)); ++ x136 = ((uint64_t)(arg1[5]) * (x27 * 0x2)); ++ x137 = ((uint64_t)(arg1[5]) * (x28 * 0x2)); ++ x138 = ((uint64_t)(arg1[5]) * (x29 * 0x2)); ++ x139 = ((uint64_t)(arg1[5]) * x30); ++ x140 = ((uint64_t)(arg1[5]) * (x31 * 0x2)); ++ x141 = ((uint64_t)(arg1[5]) * ((arg1[5]) * 0x2)); ++ x142 = ((uint64_t)(arg1[4]) * x2); ++ x143 = ((uint64_t)(arg1[4]) * (x5 * 0x2)); ++ x144 = ((uint64_t)(arg1[4]) * x8); ++ x145 = ((uint64_t)(arg1[4]) * (x11 * 0x2)); ++ x146 = ((uint64_t)(arg1[4]) * x15); ++ x147 = ((uint64_t)(arg1[4]) * x18); ++ x148 = ((uint64_t)(arg1[4]) * (x21 * 0x2)); ++ x149 = ((uint64_t)(arg1[4]) * x24); ++ x150 = ((uint64_t)(arg1[4]) * (x27 * 0x2)); ++ x151 = ((uint64_t)(arg1[4]) * x28); ++ x152 = ((uint64_t)(arg1[4]) * x29); ++ x153 = ((uint64_t)(arg1[4]) * x30); ++ x154 = ((uint64_t)(arg1[4]) * x31); ++ x155 = ((uint64_t)(arg1[4]) * (x32 * 0x2)); ++ x156 = ((uint64_t)(arg1[4]) * (arg1[4])); ++ x157 = ((uint64_t)(arg1[3]) * (x2 * 0x2)); ++ x158 = ((uint64_t)(arg1[3]) * (x5 * 0x2)); ++ x159 = ((uint64_t)(arg1[3]) * (x8 * 0x2)); ++ x160 = ((uint64_t)(arg1[3]) * (x12 * 0x2)); ++ x161 = ((uint64_t)(arg1[3]) * x15); ++ x162 = ((uint64_t)(arg1[3]) * (x18 * 0x2)); ++ x163 = ((uint64_t)(arg1[3]) * (x21 * 0x2)); ++ x164 = ((uint64_t)(arg1[3]) * (x24 * 0x2)); ++ x165 = ((uint64_t)(arg1[3]) * (x27 * 0x2)); ++ x166 = ((uint64_t)(arg1[3]) * x28); ++ x167 = ((uint64_t)(arg1[3]) * (x29 * 0x2)); ++ x168 = ((uint64_t)(arg1[3]) * x30); ++ x169 = ((uint64_t)(arg1[3]) * (x31 * 0x2)); ++ x170 = ((uint64_t)(arg1[3]) * (x32 * 0x2)); ++ x171 = ((uint64_t)(arg1[3]) * (x33 * 0x2)); ++ x172 = ((uint64_t)(arg1[3]) * ((arg1[3]) * 0x2)); ++ x173 = ((uint64_t)(arg1[2]) * x2); ++ x174 = ((uint64_t)(arg1[2]) * (x5 * 0x2)); ++ x175 = ((uint64_t)(arg1[2]) * x9); ++ x176 = ((uint64_t)(arg1[2]) * x12); ++ x177 = ((uint64_t)(arg1[2]) * x15); ++ x178 = ((uint64_t)(arg1[2]) * x18); ++ x179 = ((uint64_t)(arg1[2]) * (x21 * 0x2)); ++ x180 = ((uint64_t)(arg1[2]) * x24); ++ x181 = ((uint64_t)(arg1[2]) * x27); ++ x182 = ((uint64_t)(arg1[2]) * x28); ++ x183 = ((uint64_t)(arg1[2]) * x29); ++ x184 = ((uint64_t)(arg1[2]) * x30); ++ x185 = ((uint64_t)(arg1[2]) * x31); ++ x186 = ((uint64_t)(arg1[2]) * (x32 * 0x2)); ++ x187 = ((uint64_t)(arg1[2]) * x33); ++ x188 = ((uint64_t)(arg1[2]) * x34); ++ x189 = ((uint64_t)(arg1[2]) * (arg1[2])); ++ x190 = ((uint64_t)(arg1[1]) * (x2 * 0x2)); ++ x191 = ((uint64_t)(arg1[1]) * (x6 * 0x2)); ++ x192 = ((uint64_t)(arg1[1]) * x9); ++ x193 = ((uint64_t)(arg1[1]) * (x12 * 0x2)); ++ x194 = ((uint64_t)(arg1[1]) * x15); ++ x195 = ((uint64_t)(arg1[1]) * (x18 * 0x2)); ++ x196 = ((uint64_t)(arg1[1]) * (x21 * 0x2)); ++ x197 = ((uint64_t)(arg1[1]) * x24); ++ x198 = ((uint64_t)(arg1[1]) * (x27 * 0x2)); ++ x199 = ((uint64_t)(arg1[1]) * x28); ++ x200 = ((uint64_t)(arg1[1]) * (x29 * 0x2)); ++ x201 = ((uint64_t)(arg1[1]) * x30); ++ x202 = ((uint64_t)(arg1[1]) * (x31 * 0x2)); ++ x203 = ((uint64_t)(arg1[1]) * (x32 * 0x2)); ++ x204 = ((uint64_t)(arg1[1]) * x33); ++ x205 = ((uint64_t)(arg1[1]) * (x34 * 0x2)); ++ x206 = ((uint64_t)(arg1[1]) * x35); ++ x207 = ((uint64_t)(arg1[1]) * ((arg1[1]) * 0x2)); ++ x208 = ((uint64_t)(arg1[0]) * x3); ++ x209 = ((uint64_t)(arg1[0]) * x6); ++ x210 = ((uint64_t)(arg1[0]) * x9); ++ x211 = ((uint64_t)(arg1[0]) * x12); ++ x212 = ((uint64_t)(arg1[0]) * x15); ++ x213 = ((uint64_t)(arg1[0]) * x18); ++ x214 = ((uint64_t)(arg1[0]) * x21); ++ x215 = ((uint64_t)(arg1[0]) * x24); ++ x216 = ((uint64_t)(arg1[0]) * x27); ++ x217 = ((uint64_t)(arg1[0]) * x28); ++ x218 = ((uint64_t)(arg1[0]) * x29); ++ x219 = ((uint64_t)(arg1[0]) * x30); ++ x220 = ((uint64_t)(arg1[0]) * x31); ++ x221 = ((uint64_t)(arg1[0]) * x32); ++ x222 = ((uint64_t)(arg1[0]) * x33); ++ x223 = ((uint64_t)(arg1[0]) * x34); ++ x224 = ((uint64_t)(arg1[0]) * x35); ++ x225 = ((uint64_t)(arg1[0]) * x36); ++ x226 = ((uint64_t)(arg1[0]) * (arg1[0])); ++ x227 = ++ (x226 + ++ (x190 + ++ (x174 + (x159 + (x145 + (x132 + (x120 + (x109 + (x99 + x90))))))))); ++ x228 = (x227 >> 28); ++ x229 = (uint32_t)(x227 & UINT32_C(0xfffffff)); ++ x230 = ++ (x208 + ++ (x191 + ++ (x175 + (x160 + (x146 + (x133 + (x121 + (x110 + (x100 + x91))))))))); ++ x231 = ++ (x209 + ++ (x192 + ++ (x176 + (x161 + (x147 + (x134 + (x122 + (x111 + (x101 + x37))))))))); ++ x232 = ++ (x210 + ++ (x193 + ++ (x177 + (x162 + (x148 + (x135 + (x123 + (x112 + (x102 + x38))))))))); ++ x233 = ++ (x211 + ++ (x194 + ++ (x178 + (x163 + (x149 + (x136 + (x124 + (x113 + (x40 + x39))))))))); ++ x234 = ++ (x212 + ++ (x195 + ++ (x179 + (x164 + (x150 + (x137 + (x125 + (x114 + (x43 + x41))))))))); ++ x235 = (x213 + ++ (x196 + ++ (x180 + (x165 + (x151 + (x138 + (x126 + (x47 + (x44 + x42))))))))); ++ x236 = (x214 + ++ (x197 + ++ (x181 + (x166 + (x152 + (x139 + (x127 + (x52 + (x48 + x45))))))))); ++ x237 = (x215 + ++ (x198 + ++ (x182 + (x167 + (x153 + (x140 + (x58 + (x53 + (x49 + x46))))))))); ++ x238 = (x216 + ++ (x199 + ++ (x183 + (x168 + (x154 + (x141 + (x65 + (x59 + (x54 + x50))))))))); ++ x239 = (x217 + ++ (x200 + ++ (x184 + (x169 + (x155 + (x73 + (x66 + (x60 + (x55 + x51))))))))); ++ x240 = (x218 + ++ (x201 + ++ (x185 + (x170 + (x156 + (x82 + (x74 + (x67 + (x61 + x56))))))))); ++ x241 = (x219 + ++ (x202 + ++ (x186 + (x171 + (x92 + (x83 + (x75 + (x68 + (x62 + x57))))))))); ++ x242 = (x220 + ++ (x203 + ++ (x187 + (x172 + (x103 + (x93 + (x84 + (x76 + (x69 + x63))))))))); ++ x243 = (x221 + ++ (x204 + ++ (x188 + (x115 + (x104 + (x94 + (x85 + (x77 + (x70 + x64))))))))); ++ x244 = (x222 + ++ (x205 + ++ (x189 + (x128 + (x116 + (x105 + (x95 + (x86 + (x78 + x71))))))))); ++ x245 = (x223 + ++ (x206 + ++ (x142 + (x129 + (x117 + (x106 + (x96 + (x87 + (x79 + x72))))))))); ++ x246 = (x224 + ++ (x207 + ++ (x157 + (x143 + (x130 + (x118 + (x107 + (x97 + (x88 + x80))))))))); ++ x247 = (x225 + ++ (x173 + ++ (x158 + (x144 + (x131 + (x119 + (x108 + (x98 + (x89 + x81))))))))); ++ x248 = (x228 + x247); ++ x249 = (x248 >> 27); ++ x250 = (uint32_t)(x248 & UINT32_C(0x7ffffff)); ++ x251 = (x249 + x246); ++ x252 = (x251 >> 28); ++ x253 = (uint32_t)(x251 & UINT32_C(0xfffffff)); ++ x254 = (x252 + x245); ++ x255 = (x254 >> 27); ++ x256 = (uint32_t)(x254 & UINT32_C(0x7ffffff)); ++ x257 = (x255 + x244); ++ x258 = (x257 >> 28); ++ x259 = (uint32_t)(x257 & UINT32_C(0xfffffff)); ++ x260 = (x258 + x243); ++ x261 = (x260 >> 27); ++ x262 = (uint32_t)(x260 & UINT32_C(0x7ffffff)); ++ x263 = (x261 + x242); ++ x264 = (x263 >> 27); ++ x265 = (uint32_t)(x263 & UINT32_C(0x7ffffff)); ++ x266 = (x264 + x241); ++ x267 = (x266 >> 28); ++ x268 = (uint32_t)(x266 & UINT32_C(0xfffffff)); ++ x269 = (x267 + x240); ++ x270 = (x269 >> 27); ++ x271 = (uint32_t)(x269 & UINT32_C(0x7ffffff)); ++ x272 = (x270 + x239); ++ x273 = (x272 >> 28); ++ x274 = (uint32_t)(x272 & UINT32_C(0xfffffff)); ++ x275 = (x273 + x238); ++ x276 = (x275 >> 27); ++ x277 = (uint32_t)(x275 & UINT32_C(0x7ffffff)); ++ x278 = (x276 + x237); ++ x279 = (x278 >> 28); ++ x280 = (uint32_t)(x278 & UINT32_C(0xfffffff)); ++ x281 = (x279 + x236); ++ x282 = (x281 >> 27); ++ x283 = (uint32_t)(x281 & UINT32_C(0x7ffffff)); ++ x284 = (x282 + x235); ++ x285 = (x284 >> 27); ++ x286 = (uint32_t)(x284 & UINT32_C(0x7ffffff)); ++ x287 = (x285 + x234); ++ x288 = (x287 >> 28); ++ x289 = (uint32_t)(x287 & UINT32_C(0xfffffff)); ++ x290 = (x288 + x233); ++ x291 = (x290 >> 27); ++ x292 = (uint32_t)(x290 & UINT32_C(0x7ffffff)); ++ x293 = (x291 + x232); ++ x294 = (x293 >> 28); ++ x295 = (uint32_t)(x293 & UINT32_C(0xfffffff)); ++ x296 = (x294 + x231); ++ x297 = (x296 >> 27); ++ x298 = (uint32_t)(x296 & UINT32_C(0x7ffffff)); ++ x299 = (x297 + x230); ++ x300 = (x299 >> 27); ++ x301 = (uint32_t)(x299 & UINT32_C(0x7ffffff)); ++ x302 = (x229 + x300); ++ x303 = (uint32_t)(x302 >> 28); ++ x304 = (uint32_t)(x302 & UINT32_C(0xfffffff)); ++ x305 = (x303 + x250); ++ x306 = (fiat_secp521r1_uint1)(x305 >> 27); ++ x307 = (x305 & UINT32_C(0x7ffffff)); ++ x308 = (x306 + x253); ++ out1[0] = x304; ++ out1[1] = x307; ++ out1[2] = x308; ++ out1[3] = x256; ++ out1[4] = x259; ++ out1[5] = x262; ++ out1[6] = x265; ++ out1[7] = x268; ++ out1[8] = x271; ++ out1[9] = x274; ++ out1[10] = x277; ++ out1[11] = x280; ++ out1[12] = x283; ++ out1[13] = x286; ++ out1[14] = x289; ++ out1[15] = x292; ++ out1[16] = x295; ++ out1[17] = x298; ++ out1[18] = x301; ++} ++ ++/* ++ * The function fiat_secp521r1_carry reduces a field element. ++ * Postconditions: ++ * eval out1 mod m = eval arg1 mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ */ ++static void ++fiat_secp521r1_carry(uint32_t out1[19], const uint32_t arg1[19]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ uint32_t x23; ++ uint32_t x24; ++ uint32_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint32_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint32_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint32_t x36; ++ uint32_t x37; ++ uint32_t x38; ++ uint32_t x39; ++ uint32_t x40; ++ x1 = (arg1[0]); ++ x2 = ((x1 >> 28) + (arg1[1])); ++ x3 = ((x2 >> 27) + (arg1[2])); ++ x4 = ((x3 >> 28) + (arg1[3])); ++ x5 = ((x4 >> 27) + (arg1[4])); ++ x6 = ((x5 >> 28) + (arg1[5])); ++ x7 = ((x6 >> 27) + (arg1[6])); ++ x8 = ((x7 >> 27) + (arg1[7])); ++ x9 = ((x8 >> 28) + (arg1[8])); ++ x10 = ((x9 >> 27) + (arg1[9])); ++ x11 = ((x10 >> 28) + (arg1[10])); ++ x12 = ((x11 >> 27) + (arg1[11])); ++ x13 = ((x12 >> 28) + (arg1[12])); ++ x14 = ((x13 >> 27) + (arg1[13])); ++ x15 = ((x14 >> 27) + (arg1[14])); ++ x16 = ((x15 >> 28) + (arg1[15])); ++ x17 = ((x16 >> 27) + (arg1[16])); ++ x18 = ((x17 >> 28) + (arg1[17])); ++ x19 = ((x18 >> 27) + (arg1[18])); ++ x20 = ((x1 & UINT32_C(0xfffffff)) + (x19 >> 27)); ++ x21 = ((fiat_secp521r1_uint1)(x20 >> 28) + (x2 & UINT32_C(0x7ffffff))); ++ x22 = (x20 & UINT32_C(0xfffffff)); ++ x23 = (x21 & UINT32_C(0x7ffffff)); ++ x24 = ((fiat_secp521r1_uint1)(x21 >> 27) + (x3 & UINT32_C(0xfffffff))); ++ x25 = (x4 & UINT32_C(0x7ffffff)); ++ x26 = (x5 & UINT32_C(0xfffffff)); ++ x27 = (x6 & UINT32_C(0x7ffffff)); ++ x28 = (x7 & UINT32_C(0x7ffffff)); ++ x29 = (x8 & UINT32_C(0xfffffff)); ++ x30 = (x9 & UINT32_C(0x7ffffff)); ++ x31 = (x10 & UINT32_C(0xfffffff)); ++ x32 = (x11 & UINT32_C(0x7ffffff)); ++ x33 = (x12 & UINT32_C(0xfffffff)); ++ x34 = (x13 & UINT32_C(0x7ffffff)); ++ x35 = (x14 & UINT32_C(0x7ffffff)); ++ x36 = (x15 & UINT32_C(0xfffffff)); ++ x37 = (x16 & UINT32_C(0x7ffffff)); ++ x38 = (x17 & UINT32_C(0xfffffff)); ++ x39 = (x18 & UINT32_C(0x7ffffff)); ++ x40 = (x19 & UINT32_C(0x7ffffff)); ++ out1[0] = x22; ++ out1[1] = x23; ++ out1[2] = x24; ++ out1[3] = x25; ++ out1[4] = x26; ++ out1[5] = x27; ++ out1[6] = x28; ++ out1[7] = x29; ++ out1[8] = x30; ++ out1[9] = x31; ++ out1[10] = x32; ++ out1[11] = x33; ++ out1[12] = x34; ++ out1[13] = x35; ++ out1[14] = x36; ++ out1[15] = x37; ++ out1[16] = x38; ++ out1[17] = x39; ++ out1[18] = x40; ++} ++ ++/* ++ * The function fiat_secp521r1_add adds two field elements. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 + eval arg2) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ * arg2: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ */ ++static void ++fiat_secp521r1_add(uint32_t out1[19], const uint32_t arg1[19], ++ const uint32_t arg2[19]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ x1 = ((arg1[0]) + (arg2[0])); ++ x2 = ((arg1[1]) + (arg2[1])); ++ x3 = ((arg1[2]) + (arg2[2])); ++ x4 = ((arg1[3]) + (arg2[3])); ++ x5 = ((arg1[4]) + (arg2[4])); ++ x6 = ((arg1[5]) + (arg2[5])); ++ x7 = ((arg1[6]) + (arg2[6])); ++ x8 = ((arg1[7]) + (arg2[7])); ++ x9 = ((arg1[8]) + (arg2[8])); ++ x10 = ((arg1[9]) + (arg2[9])); ++ x11 = ((arg1[10]) + (arg2[10])); ++ x12 = ((arg1[11]) + (arg2[11])); ++ x13 = ((arg1[12]) + (arg2[12])); ++ x14 = ((arg1[13]) + (arg2[13])); ++ x15 = ((arg1[14]) + (arg2[14])); ++ x16 = ((arg1[15]) + (arg2[15])); ++ x17 = ((arg1[16]) + (arg2[16])); ++ x18 = ((arg1[17]) + (arg2[17])); ++ x19 = ((arg1[18]) + (arg2[18])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++ out1[9] = x10; ++ out1[10] = x11; ++ out1[11] = x12; ++ out1[12] = x13; ++ out1[13] = x14; ++ out1[14] = x15; ++ out1[15] = x16; ++ out1[16] = x17; ++ out1[17] = x18; ++ out1[18] = x19; ++} ++ ++/* ++ * The function fiat_secp521r1_sub subtracts two field elements. ++ * Postconditions: ++ * eval out1 mod m = (eval arg1 - eval arg2) mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ * arg2: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ */ ++static void ++fiat_secp521r1_sub(uint32_t out1[19], const uint32_t arg1[19], ++ const uint32_t arg2[19]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ x1 = ((UINT32_C(0x1ffffffe) + (arg1[0])) - (arg2[0])); ++ x2 = ((UINT32_C(0xffffffe) + (arg1[1])) - (arg2[1])); ++ x3 = ((UINT32_C(0x1ffffffe) + (arg1[2])) - (arg2[2])); ++ x4 = ((UINT32_C(0xffffffe) + (arg1[3])) - (arg2[3])); ++ x5 = ((UINT32_C(0x1ffffffe) + (arg1[4])) - (arg2[4])); ++ x6 = ((UINT32_C(0xffffffe) + (arg1[5])) - (arg2[5])); ++ x7 = ((UINT32_C(0xffffffe) + (arg1[6])) - (arg2[6])); ++ x8 = ((UINT32_C(0x1ffffffe) + (arg1[7])) - (arg2[7])); ++ x9 = ((UINT32_C(0xffffffe) + (arg1[8])) - (arg2[8])); ++ x10 = ((UINT32_C(0x1ffffffe) + (arg1[9])) - (arg2[9])); ++ x11 = ((UINT32_C(0xffffffe) + (arg1[10])) - (arg2[10])); ++ x12 = ((UINT32_C(0x1ffffffe) + (arg1[11])) - (arg2[11])); ++ x13 = ((UINT32_C(0xffffffe) + (arg1[12])) - (arg2[12])); ++ x14 = ((UINT32_C(0xffffffe) + (arg1[13])) - (arg2[13])); ++ x15 = ((UINT32_C(0x1ffffffe) + (arg1[14])) - (arg2[14])); ++ x16 = ((UINT32_C(0xffffffe) + (arg1[15])) - (arg2[15])); ++ x17 = ((UINT32_C(0x1ffffffe) + (arg1[16])) - (arg2[16])); ++ x18 = ((UINT32_C(0xffffffe) + (arg1[17])) - (arg2[17])); ++ x19 = ((UINT32_C(0xffffffe) + (arg1[18])) - (arg2[18])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++ out1[9] = x10; ++ out1[10] = x11; ++ out1[11] = x12; ++ out1[12] = x13; ++ out1[13] = x14; ++ out1[14] = x15; ++ out1[15] = x16; ++ out1[16] = x17; ++ out1[17] = x18; ++ out1[18] = x19; ++} ++ ++/* ++ * The function fiat_secp521r1_opp negates a field element. ++ * Postconditions: ++ * eval out1 mod m = -eval arg1 mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x34cccccb], [0x0 ~> 0x1a666664], [0x0 ~> 0x1a666664]] ++ */ ++static void ++fiat_secp521r1_opp(uint32_t out1[19], const uint32_t arg1[19]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ x1 = (UINT32_C(0x1ffffffe) - (arg1[0])); ++ x2 = (UINT32_C(0xffffffe) - (arg1[1])); ++ x3 = (UINT32_C(0x1ffffffe) - (arg1[2])); ++ x4 = (UINT32_C(0xffffffe) - (arg1[3])); ++ x5 = (UINT32_C(0x1ffffffe) - (arg1[4])); ++ x6 = (UINT32_C(0xffffffe) - (arg1[5])); ++ x7 = (UINT32_C(0xffffffe) - (arg1[6])); ++ x8 = (UINT32_C(0x1ffffffe) - (arg1[7])); ++ x9 = (UINT32_C(0xffffffe) - (arg1[8])); ++ x10 = (UINT32_C(0x1ffffffe) - (arg1[9])); ++ x11 = (UINT32_C(0xffffffe) - (arg1[10])); ++ x12 = (UINT32_C(0x1ffffffe) - (arg1[11])); ++ x13 = (UINT32_C(0xffffffe) - (arg1[12])); ++ x14 = (UINT32_C(0xffffffe) - (arg1[13])); ++ x15 = (UINT32_C(0x1ffffffe) - (arg1[14])); ++ x16 = (UINT32_C(0xffffffe) - (arg1[15])); ++ x17 = (UINT32_C(0x1ffffffe) - (arg1[16])); ++ x18 = (UINT32_C(0xffffffe) - (arg1[17])); ++ x19 = (UINT32_C(0xffffffe) - (arg1[18])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++ out1[9] = x10; ++ out1[10] = x11; ++ out1[11] = x12; ++ out1[12] = x13; ++ out1[13] = x14; ++ out1[14] = x15; ++ out1[15] = x16; ++ out1[16] = x17; ++ out1[17] = x18; ++ out1[18] = x19; ++} ++ ++/* ++ * The function fiat_secp521r1_selectznz is a multi-limb conditional select. ++ * Postconditions: ++ * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) ++ * ++ * Input Bounds: ++ * arg1: [0x0 ~> 0x1] ++ * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] ++ */ ++static void ++fiat_secp521r1_selectznz(uint32_t out1[19], ++ fiat_secp521r1_uint1 arg1, ++ const uint32_t arg2[19], ++ const uint32_t arg3[19]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint32_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint32_t x18; ++ uint32_t x19; ++ fiat_secp521r1_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); ++ fiat_secp521r1_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); ++ fiat_secp521r1_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); ++ fiat_secp521r1_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); ++ fiat_secp521r1_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); ++ fiat_secp521r1_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); ++ fiat_secp521r1_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); ++ fiat_secp521r1_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); ++ fiat_secp521r1_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); ++ fiat_secp521r1_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); ++ fiat_secp521r1_cmovznz_u32(&x11, arg1, (arg2[10]), (arg3[10])); ++ fiat_secp521r1_cmovznz_u32(&x12, arg1, (arg2[11]), (arg3[11])); ++ fiat_secp521r1_cmovznz_u32(&x13, arg1, (arg2[12]), (arg3[12])); ++ fiat_secp521r1_cmovznz_u32(&x14, arg1, (arg2[13]), (arg3[13])); ++ fiat_secp521r1_cmovznz_u32(&x15, arg1, (arg2[14]), (arg3[14])); ++ fiat_secp521r1_cmovznz_u32(&x16, arg1, (arg2[15]), (arg3[15])); ++ fiat_secp521r1_cmovznz_u32(&x17, arg1, (arg2[16]), (arg3[16])); ++ fiat_secp521r1_cmovznz_u32(&x18, arg1, (arg2[17]), (arg3[17])); ++ fiat_secp521r1_cmovznz_u32(&x19, arg1, (arg2[18]), (arg3[18])); ++ out1[0] = x1; ++ out1[1] = x2; ++ out1[2] = x3; ++ out1[3] = x4; ++ out1[4] = x5; ++ out1[5] = x6; ++ out1[6] = x7; ++ out1[7] = x8; ++ out1[8] = x9; ++ out1[9] = x10; ++ out1[10] = x11; ++ out1[11] = x12; ++ out1[12] = x13; ++ out1[13] = x14; ++ out1[14] = x15; ++ out1[15] = x16; ++ out1[16] = x17; ++ out1[17] = x18; ++ out1[18] = x19; ++} ++ ++/* ++ * The function fiat_secp521r1_to_bytes serializes a field element to bytes in little-endian order. ++ * Postconditions: ++ * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65] ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] ++ */ ++static void ++fiat_secp521r1_to_bytes(uint8_t out1[66], const uint32_t arg1[19]) ++{ ++ uint32_t x1; ++ fiat_secp521r1_uint1 x2; ++ uint32_t x3; ++ fiat_secp521r1_uint1 x4; ++ uint32_t x5; ++ fiat_secp521r1_uint1 x6; ++ uint32_t x7; ++ fiat_secp521r1_uint1 x8; ++ uint32_t x9; ++ fiat_secp521r1_uint1 x10; ++ uint32_t x11; ++ fiat_secp521r1_uint1 x12; ++ uint32_t x13; ++ fiat_secp521r1_uint1 x14; ++ uint32_t x15; ++ fiat_secp521r1_uint1 x16; ++ uint32_t x17; ++ fiat_secp521r1_uint1 x18; ++ uint32_t x19; ++ fiat_secp521r1_uint1 x20; ++ uint32_t x21; ++ fiat_secp521r1_uint1 x22; ++ uint32_t x23; ++ fiat_secp521r1_uint1 x24; ++ uint32_t x25; ++ fiat_secp521r1_uint1 x26; ++ uint32_t x27; ++ fiat_secp521r1_uint1 x28; ++ uint32_t x29; ++ fiat_secp521r1_uint1 x30; ++ uint32_t x31; ++ fiat_secp521r1_uint1 x32; ++ uint32_t x33; ++ fiat_secp521r1_uint1 x34; ++ uint32_t x35; ++ fiat_secp521r1_uint1 x36; ++ uint32_t x37; ++ fiat_secp521r1_uint1 x38; ++ uint32_t x39; ++ uint32_t x40; ++ fiat_secp521r1_uint1 x41; ++ uint32_t x42; ++ fiat_secp521r1_uint1 x43; ++ uint32_t x44; ++ fiat_secp521r1_uint1 x45; ++ uint32_t x46; ++ fiat_secp521r1_uint1 x47; ++ uint32_t x48; ++ fiat_secp521r1_uint1 x49; ++ uint32_t x50; ++ fiat_secp521r1_uint1 x51; ++ uint32_t x52; ++ fiat_secp521r1_uint1 x53; ++ uint32_t x54; ++ fiat_secp521r1_uint1 x55; ++ uint32_t x56; ++ fiat_secp521r1_uint1 x57; ++ uint32_t x58; ++ fiat_secp521r1_uint1 x59; ++ uint32_t x60; ++ fiat_secp521r1_uint1 x61; ++ uint32_t x62; ++ fiat_secp521r1_uint1 x63; ++ uint32_t x64; ++ fiat_secp521r1_uint1 x65; ++ uint32_t x66; ++ fiat_secp521r1_uint1 x67; ++ uint32_t x68; ++ fiat_secp521r1_uint1 x69; ++ uint32_t x70; ++ fiat_secp521r1_uint1 x71; ++ uint32_t x72; ++ fiat_secp521r1_uint1 x73; ++ uint32_t x74; ++ fiat_secp521r1_uint1 x75; ++ uint32_t x76; ++ fiat_secp521r1_uint1 x77; ++ uint64_t x78; ++ uint32_t x79; ++ uint64_t x80; ++ uint32_t x81; ++ uint32_t x82; ++ uint32_t x83; ++ uint64_t x84; ++ uint32_t x85; ++ uint64_t x86; ++ uint32_t x87; ++ uint32_t x88; ++ uint32_t x89; ++ uint64_t x90; ++ uint32_t x91; ++ uint64_t x92; ++ uint32_t x93; ++ uint32_t x94; ++ uint8_t x95; ++ uint32_t x96; ++ uint8_t x97; ++ uint8_t x98; ++ uint8_t x99; ++ uint32_t x100; ++ uint32_t x101; ++ uint8_t x102; ++ uint32_t x103; ++ uint8_t x104; ++ uint8_t x105; ++ uint8_t x106; ++ uint64_t x107; ++ uint32_t x108; ++ uint8_t x109; ++ uint32_t x110; ++ uint8_t x111; ++ uint32_t x112; ++ uint8_t x113; ++ uint8_t x114; ++ uint8_t x115; ++ uint32_t x116; ++ uint32_t x117; ++ uint8_t x118; ++ uint32_t x119; ++ uint8_t x120; ++ uint8_t x121; ++ uint8_t x122; ++ uint64_t x123; ++ uint32_t x124; ++ uint8_t x125; ++ uint32_t x126; ++ uint8_t x127; ++ uint32_t x128; ++ uint8_t x129; ++ uint8_t x130; ++ uint8_t x131; ++ uint32_t x132; ++ uint32_t x133; ++ uint8_t x134; ++ uint32_t x135; ++ uint8_t x136; ++ uint8_t x137; ++ uint8_t x138; ++ uint32_t x139; ++ uint32_t x140; ++ uint8_t x141; ++ uint32_t x142; ++ uint8_t x143; ++ uint8_t x144; ++ uint8_t x145; ++ uint8_t x146; ++ uint32_t x147; ++ uint8_t x148; ++ uint32_t x149; ++ uint8_t x150; ++ uint8_t x151; ++ uint8_t x152; ++ uint32_t x153; ++ uint32_t x154; ++ uint8_t x155; ++ uint32_t x156; ++ uint8_t x157; ++ uint8_t x158; ++ uint8_t x159; ++ uint64_t x160; ++ uint32_t x161; ++ uint8_t x162; ++ uint32_t x163; ++ uint8_t x164; ++ uint32_t x165; ++ uint8_t x166; ++ uint8_t x167; ++ uint8_t x168; ++ uint32_t x169; ++ uint32_t x170; ++ uint8_t x171; ++ uint32_t x172; ++ uint8_t x173; ++ uint8_t x174; ++ uint8_t x175; ++ uint64_t x176; ++ uint32_t x177; ++ uint8_t x178; ++ uint32_t x179; ++ uint8_t x180; ++ uint32_t x181; ++ uint8_t x182; ++ uint8_t x183; ++ uint8_t x184; ++ uint32_t x185; ++ uint32_t x186; ++ uint8_t x187; ++ uint32_t x188; ++ uint8_t x189; ++ uint8_t x190; ++ uint8_t x191; ++ uint32_t x192; ++ uint32_t x193; ++ uint8_t x194; ++ uint32_t x195; ++ uint8_t x196; ++ uint8_t x197; ++ uint8_t x198; ++ uint8_t x199; ++ uint32_t x200; ++ uint8_t x201; ++ uint32_t x202; ++ uint8_t x203; ++ uint8_t x204; ++ uint8_t x205; ++ uint32_t x206; ++ uint32_t x207; ++ uint8_t x208; ++ uint32_t x209; ++ uint8_t x210; ++ uint8_t x211; ++ uint8_t x212; ++ uint64_t x213; ++ uint32_t x214; ++ uint8_t x215; ++ uint32_t x216; ++ uint8_t x217; ++ uint32_t x218; ++ uint8_t x219; ++ uint8_t x220; ++ uint8_t x221; ++ uint32_t x222; ++ uint32_t x223; ++ uint8_t x224; ++ uint32_t x225; ++ uint8_t x226; ++ uint8_t x227; ++ uint8_t x228; ++ uint64_t x229; ++ uint32_t x230; ++ uint8_t x231; ++ uint32_t x232; ++ uint8_t x233; ++ uint32_t x234; ++ uint8_t x235; ++ fiat_secp521r1_uint1 x236; ++ uint8_t x237; ++ fiat_secp521r1_subborrowx_u28(&x1, &x2, 0x0, (arg1[0]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x3, &x4, x2, (arg1[1]), UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x5, &x6, x4, (arg1[2]), UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x7, &x8, x6, (arg1[3]), UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x9, &x10, x8, (arg1[4]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x11, &x12, x10, (arg1[5]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u27(&x13, &x14, x12, (arg1[6]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x15, &x16, x14, (arg1[7]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x17, &x18, x16, (arg1[8]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x19, &x20, x18, (arg1[9]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x21, &x22, x20, (arg1[10]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x23, &x24, x22, (arg1[11]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x25, &x26, x24, (arg1[12]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u27(&x27, &x28, x26, (arg1[13]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x29, &x30, x28, (arg1[14]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x31, &x32, x30, (arg1[15]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u28(&x33, &x34, x32, (arg1[16]), ++ UINT32_C(0xfffffff)); ++ fiat_secp521r1_subborrowx_u27(&x35, &x36, x34, (arg1[17]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_subborrowx_u27(&x37, &x38, x36, (arg1[18]), ++ UINT32_C(0x7ffffff)); ++ fiat_secp521r1_cmovznz_u32(&x39, x38, 0x0, UINT32_C(0xffffffff)); ++ fiat_secp521r1_addcarryx_u28(&x40, &x41, 0x0, x1, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x42, &x43, x41, x3, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x44, &x45, x43, x5, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x46, &x47, x45, x7, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x48, &x49, x47, x9, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x50, &x51, x49, x11, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u27(&x52, &x53, x51, x13, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x54, &x55, x53, x15, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x56, &x57, x55, x17, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x58, &x59, x57, x19, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x60, &x61, x59, x21, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x62, &x63, x61, x23, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x64, &x65, x63, x25, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u27(&x66, &x67, x65, x27, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x68, &x69, x67, x29, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x70, &x71, x69, x31, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u28(&x72, &x73, x71, x33, ++ (x39 & UINT32_C(0xfffffff))); ++ fiat_secp521r1_addcarryx_u27(&x74, &x75, x73, x35, ++ (x39 & UINT32_C(0x7ffffff))); ++ fiat_secp521r1_addcarryx_u27(&x76, &x77, x75, x37, ++ (x39 & UINT32_C(0x7ffffff))); ++ x78 = ((uint64_t)x76 << 6); ++ x79 = (x74 << 3); ++ x80 = ((uint64_t)x72 << 7); ++ x81 = (x70 << 4); ++ x82 = (x66 << 5); ++ x83 = (x64 << 2); ++ x84 = ((uint64_t)x62 << 6); ++ x85 = (x60 << 3); ++ x86 = ((uint64_t)x58 << 7); ++ x87 = (x56 << 4); ++ x88 = (x52 << 5); ++ x89 = (x50 << 2); ++ x90 = ((uint64_t)x48 << 6); ++ x91 = (x46 << 3); ++ x92 = ((uint64_t)x44 << 7); ++ x93 = (x42 << 4); ++ x94 = (x40 >> 8); ++ x95 = (uint8_t)(x40 & UINT8_C(0xff)); ++ x96 = (x94 >> 8); ++ x97 = (uint8_t)(x94 & UINT8_C(0xff)); ++ x98 = (uint8_t)(x96 >> 8); ++ x99 = (uint8_t)(x96 & UINT8_C(0xff)); ++ x100 = (x98 + x93); ++ x101 = (x100 >> 8); ++ x102 = (uint8_t)(x100 & UINT8_C(0xff)); ++ x103 = (x101 >> 8); ++ x104 = (uint8_t)(x101 & UINT8_C(0xff)); ++ x105 = (uint8_t)(x103 >> 8); ++ x106 = (uint8_t)(x103 & UINT8_C(0xff)); ++ x107 = (x105 + x92); ++ x108 = (uint32_t)(x107 >> 8); ++ x109 = (uint8_t)(x107 & UINT8_C(0xff)); ++ x110 = (x108 >> 8); ++ x111 = (uint8_t)(x108 & UINT8_C(0xff)); ++ x112 = (x110 >> 8); ++ x113 = (uint8_t)(x110 & UINT8_C(0xff)); ++ x114 = (uint8_t)(x112 >> 8); ++ x115 = (uint8_t)(x112 & UINT8_C(0xff)); ++ x116 = (x114 + x91); ++ x117 = (x116 >> 8); ++ x118 = (uint8_t)(x116 & UINT8_C(0xff)); ++ x119 = (x117 >> 8); ++ x120 = (uint8_t)(x117 & UINT8_C(0xff)); ++ x121 = (uint8_t)(x119 >> 8); ++ x122 = (uint8_t)(x119 & UINT8_C(0xff)); ++ x123 = (x121 + x90); ++ x124 = (uint32_t)(x123 >> 8); ++ x125 = (uint8_t)(x123 & UINT8_C(0xff)); ++ x126 = (x124 >> 8); ++ x127 = (uint8_t)(x124 & UINT8_C(0xff)); ++ x128 = (x126 >> 8); ++ x129 = (uint8_t)(x126 & UINT8_C(0xff)); ++ x130 = (uint8_t)(x128 >> 8); ++ x131 = (uint8_t)(x128 & UINT8_C(0xff)); ++ x132 = (x130 + x89); ++ x133 = (x132 >> 8); ++ x134 = (uint8_t)(x132 & UINT8_C(0xff)); ++ x135 = (x133 >> 8); ++ x136 = (uint8_t)(x133 & UINT8_C(0xff)); ++ x137 = (uint8_t)(x135 >> 8); ++ x138 = (uint8_t)(x135 & UINT8_C(0xff)); ++ x139 = (x137 + x88); ++ x140 = (x139 >> 8); ++ x141 = (uint8_t)(x139 & UINT8_C(0xff)); ++ x142 = (x140 >> 8); ++ x143 = (uint8_t)(x140 & UINT8_C(0xff)); ++ x144 = (uint8_t)(x142 >> 8); ++ x145 = (uint8_t)(x142 & UINT8_C(0xff)); ++ x146 = (uint8_t)(x144 & UINT8_C(0xff)); ++ x147 = (x54 >> 8); ++ x148 = (uint8_t)(x54 & UINT8_C(0xff)); ++ x149 = (x147 >> 8); ++ x150 = (uint8_t)(x147 & UINT8_C(0xff)); ++ x151 = (uint8_t)(x149 >> 8); ++ x152 = (uint8_t)(x149 & UINT8_C(0xff)); ++ x153 = (x151 + x87); ++ x154 = (x153 >> 8); ++ x155 = (uint8_t)(x153 & UINT8_C(0xff)); ++ x156 = (x154 >> 8); ++ x157 = (uint8_t)(x154 & UINT8_C(0xff)); ++ x158 = (uint8_t)(x156 >> 8); ++ x159 = (uint8_t)(x156 & UINT8_C(0xff)); ++ x160 = (x158 + x86); ++ x161 = (uint32_t)(x160 >> 8); ++ x162 = (uint8_t)(x160 & UINT8_C(0xff)); ++ x163 = (x161 >> 8); ++ x164 = (uint8_t)(x161 & UINT8_C(0xff)); ++ x165 = (x163 >> 8); ++ x166 = (uint8_t)(x163 & UINT8_C(0xff)); ++ x167 = (uint8_t)(x165 >> 8); ++ x168 = (uint8_t)(x165 & UINT8_C(0xff)); ++ x169 = (x167 + x85); ++ x170 = (x169 >> 8); ++ x171 = (uint8_t)(x169 & UINT8_C(0xff)); ++ x172 = (x170 >> 8); ++ x173 = (uint8_t)(x170 & UINT8_C(0xff)); ++ x174 = (uint8_t)(x172 >> 8); ++ x175 = (uint8_t)(x172 & UINT8_C(0xff)); ++ x176 = (x174 + x84); ++ x177 = (uint32_t)(x176 >> 8); ++ x178 = (uint8_t)(x176 & UINT8_C(0xff)); ++ x179 = (x177 >> 8); ++ x180 = (uint8_t)(x177 & UINT8_C(0xff)); ++ x181 = (x179 >> 8); ++ x182 = (uint8_t)(x179 & UINT8_C(0xff)); ++ x183 = (uint8_t)(x181 >> 8); ++ x184 = (uint8_t)(x181 & UINT8_C(0xff)); ++ x185 = (x183 + x83); ++ x186 = (x185 >> 8); ++ x187 = (uint8_t)(x185 & UINT8_C(0xff)); ++ x188 = (x186 >> 8); ++ x189 = (uint8_t)(x186 & UINT8_C(0xff)); ++ x190 = (uint8_t)(x188 >> 8); ++ x191 = (uint8_t)(x188 & UINT8_C(0xff)); ++ x192 = (x190 + x82); ++ x193 = (x192 >> 8); ++ x194 = (uint8_t)(x192 & UINT8_C(0xff)); ++ x195 = (x193 >> 8); ++ x196 = (uint8_t)(x193 & UINT8_C(0xff)); ++ x197 = (uint8_t)(x195 >> 8); ++ x198 = (uint8_t)(x195 & UINT8_C(0xff)); ++ x199 = (uint8_t)(x197 & UINT8_C(0xff)); ++ x200 = (x68 >> 8); ++ x201 = (uint8_t)(x68 & UINT8_C(0xff)); ++ x202 = (x200 >> 8); ++ x203 = (uint8_t)(x200 & UINT8_C(0xff)); ++ x204 = (uint8_t)(x202 >> 8); ++ x205 = (uint8_t)(x202 & UINT8_C(0xff)); ++ x206 = (x204 + x81); ++ x207 = (x206 >> 8); ++ x208 = (uint8_t)(x206 & UINT8_C(0xff)); ++ x209 = (x207 >> 8); ++ x210 = (uint8_t)(x207 & UINT8_C(0xff)); ++ x211 = (uint8_t)(x209 >> 8); ++ x212 = (uint8_t)(x209 & UINT8_C(0xff)); ++ x213 = (x211 + x80); ++ x214 = (uint32_t)(x213 >> 8); ++ x215 = (uint8_t)(x213 & UINT8_C(0xff)); ++ x216 = (x214 >> 8); ++ x217 = (uint8_t)(x214 & UINT8_C(0xff)); ++ x218 = (x216 >> 8); ++ x219 = (uint8_t)(x216 & UINT8_C(0xff)); ++ x220 = (uint8_t)(x218 >> 8); ++ x221 = (uint8_t)(x218 & UINT8_C(0xff)); ++ x222 = (x220 + x79); ++ x223 = (x222 >> 8); ++ x224 = (uint8_t)(x222 & UINT8_C(0xff)); ++ x225 = (x223 >> 8); ++ x226 = (uint8_t)(x223 & UINT8_C(0xff)); ++ x227 = (uint8_t)(x225 >> 8); ++ x228 = (uint8_t)(x225 & UINT8_C(0xff)); ++ x229 = (x227 + x78); ++ x230 = (uint32_t)(x229 >> 8); ++ x231 = (uint8_t)(x229 & UINT8_C(0xff)); ++ x232 = (x230 >> 8); ++ x233 = (uint8_t)(x230 & UINT8_C(0xff)); ++ x234 = (x232 >> 8); ++ x235 = (uint8_t)(x232 & UINT8_C(0xff)); ++ x236 = (fiat_secp521r1_uint1)(x234 >> 8); ++ x237 = (uint8_t)(x234 & UINT8_C(0xff)); ++ out1[0] = x95; ++ out1[1] = x97; ++ out1[2] = x99; ++ out1[3] = x102; ++ out1[4] = x104; ++ out1[5] = x106; ++ out1[6] = x109; ++ out1[7] = x111; ++ out1[8] = x113; ++ out1[9] = x115; ++ out1[10] = x118; ++ out1[11] = x120; ++ out1[12] = x122; ++ out1[13] = x125; ++ out1[14] = x127; ++ out1[15] = x129; ++ out1[16] = x131; ++ out1[17] = x134; ++ out1[18] = x136; ++ out1[19] = x138; ++ out1[20] = x141; ++ out1[21] = x143; ++ out1[22] = x145; ++ out1[23] = x146; ++ out1[24] = x148; ++ out1[25] = x150; ++ out1[26] = x152; ++ out1[27] = x155; ++ out1[28] = x157; ++ out1[29] = x159; ++ out1[30] = x162; ++ out1[31] = x164; ++ out1[32] = x166; ++ out1[33] = x168; ++ out1[34] = x171; ++ out1[35] = x173; ++ out1[36] = x175; ++ out1[37] = x178; ++ out1[38] = x180; ++ out1[39] = x182; ++ out1[40] = x184; ++ out1[41] = x187; ++ out1[42] = x189; ++ out1[43] = x191; ++ out1[44] = x194; ++ out1[45] = x196; ++ out1[46] = x198; ++ out1[47] = x199; ++ out1[48] = x201; ++ out1[49] = x203; ++ out1[50] = x205; ++ out1[51] = x208; ++ out1[52] = x210; ++ out1[53] = x212; ++ out1[54] = x215; ++ out1[55] = x217; ++ out1[56] = x219; ++ out1[57] = x221; ++ out1[58] = x224; ++ out1[59] = x226; ++ out1[60] = x228; ++ out1[61] = x231; ++ out1[62] = x233; ++ out1[63] = x235; ++ out1[64] = x237; ++ out1[65] = x236; ++} ++ ++/* ++ * The function fiat_secp521r1_from_bytes deserializes a field element from bytes in little-endian order. ++ * Postconditions: ++ * eval out1 mod m = bytes_eval arg1 mod m ++ * ++ * Input Bounds: ++ * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] ++ * Output Bounds: ++ * out1: [[0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x11999999], [0x0 ~> 0x8cccccc], [0x0 ~> 0x8cccccc]] ++ */ ++static void ++fiat_secp521r1_from_bytes(uint32_t out1[19], ++ const uint8_t arg1[66]) ++{ ++ uint32_t x1; ++ uint32_t x2; ++ uint32_t x3; ++ uint32_t x4; ++ uint32_t x5; ++ uint32_t x6; ++ uint32_t x7; ++ uint64_t x8; ++ uint32_t x9; ++ uint32_t x10; ++ uint32_t x11; ++ uint32_t x12; ++ uint32_t x13; ++ uint32_t x14; ++ uint32_t x15; ++ uint32_t x16; ++ uint32_t x17; ++ uint8_t x18; ++ uint32_t x19; ++ uint32_t x20; ++ uint32_t x21; ++ uint32_t x22; ++ uint32_t x23; ++ uint32_t x24; ++ uint64_t x25; ++ uint32_t x26; ++ uint32_t x27; ++ uint32_t x28; ++ uint32_t x29; ++ uint32_t x30; ++ uint32_t x31; ++ uint64_t x32; ++ uint32_t x33; ++ uint32_t x34; ++ uint32_t x35; ++ uint32_t x36; ++ uint32_t x37; ++ uint32_t x38; ++ uint32_t x39; ++ uint32_t x40; ++ uint32_t x41; ++ uint8_t x42; ++ uint32_t x43; ++ uint32_t x44; ++ uint32_t x45; ++ uint32_t x46; ++ uint32_t x47; ++ uint32_t x48; ++ uint64_t x49; ++ uint32_t x50; ++ uint32_t x51; ++ uint32_t x52; ++ uint32_t x53; ++ uint32_t x54; ++ uint32_t x55; ++ uint64_t x56; ++ uint32_t x57; ++ uint32_t x58; ++ uint32_t x59; ++ uint32_t x60; ++ uint32_t x61; ++ uint32_t x62; ++ uint32_t x63; ++ uint32_t x64; ++ uint32_t x65; ++ uint8_t x66; ++ uint32_t x67; ++ uint8_t x68; ++ uint32_t x69; ++ uint32_t x70; ++ uint32_t x71; ++ uint64_t x72; ++ uint32_t x73; ++ uint32_t x74; ++ uint32_t x75; ++ uint32_t x76; ++ uint64_t x77; ++ uint32_t x78; ++ uint64_t x79; ++ uint32_t x80; ++ uint32_t x81; ++ uint32_t x82; ++ uint32_t x83; ++ uint64_t x84; ++ uint32_t x85; ++ uint64_t x86; ++ uint32_t x87; ++ uint32_t x88; ++ fiat_secp521r1_uint1 x89; ++ uint32_t x90; ++ uint64_t x91; ++ uint8_t x92; ++ uint32_t x93; ++ uint32_t x94; ++ uint8_t x95; ++ uint32_t x96; ++ uint64_t x97; ++ uint8_t x98; ++ uint32_t x99; ++ uint32_t x100; ++ uint8_t x101; ++ uint32_t x102; ++ uint32_t x103; ++ uint32_t x104; ++ uint8_t x105; ++ uint32_t x106; ++ uint32_t x107; ++ fiat_secp521r1_uint1 x108; ++ uint32_t x109; ++ uint64_t x110; ++ uint8_t x111; ++ uint32_t x112; ++ uint32_t x113; ++ uint8_t x114; ++ uint32_t x115; ++ uint64_t x116; ++ uint8_t x117; ++ uint32_t x118; ++ uint32_t x119; ++ uint8_t x120; ++ uint32_t x121; ++ uint32_t x122; ++ uint32_t x123; ++ uint8_t x124; ++ uint32_t x125; ++ uint32_t x126; ++ fiat_secp521r1_uint1 x127; ++ uint32_t x128; ++ uint64_t x129; ++ uint8_t x130; ++ uint32_t x131; ++ uint32_t x132; ++ uint8_t x133; ++ uint32_t x134; ++ uint32_t x135; ++ x1 = ((uint32_t)(fiat_secp521r1_uint1)(arg1[65]) << 26); ++ x2 = ((uint32_t)(arg1[64]) << 18); ++ x3 = ((uint32_t)(arg1[63]) << 10); ++ x4 = ((uint32_t)(arg1[62]) << 2); ++ x5 = ((uint32_t)(arg1[61]) << 21); ++ x6 = ((uint32_t)(arg1[60]) << 13); ++ x7 = ((uint32_t)(arg1[59]) << 5); ++ x8 = ((uint64_t)(arg1[58]) << 25); ++ x9 = ((uint32_t)(arg1[57]) << 17); ++ x10 = ((uint32_t)(arg1[56]) << 9); ++ x11 = ((uint32_t)(arg1[55]) * 0x2); ++ x12 = ((uint32_t)(arg1[54]) << 20); ++ x13 = ((uint32_t)(arg1[53]) << 12); ++ x14 = ((uint32_t)(arg1[52]) << 4); ++ x15 = ((uint32_t)(arg1[51]) << 24); ++ x16 = ((uint32_t)(arg1[50]) << 16); ++ x17 = ((uint32_t)(arg1[49]) << 8); ++ x18 = (arg1[48]); ++ x19 = ((uint32_t)(arg1[47]) << 19); ++ x20 = ((uint32_t)(arg1[46]) << 11); ++ x21 = ((uint32_t)(arg1[45]) << 3); ++ x22 = ((uint32_t)(arg1[44]) << 22); ++ x23 = ((uint32_t)(arg1[43]) << 14); ++ x24 = ((uint32_t)(arg1[42]) << 6); ++ x25 = ((uint64_t)(arg1[41]) << 26); ++ x26 = ((uint32_t)(arg1[40]) << 18); ++ x27 = ((uint32_t)(arg1[39]) << 10); ++ x28 = ((uint32_t)(arg1[38]) << 2); ++ x29 = ((uint32_t)(arg1[37]) << 21); ++ x30 = ((uint32_t)(arg1[36]) << 13); ++ x31 = ((uint32_t)(arg1[35]) << 5); ++ x32 = ((uint64_t)(arg1[34]) << 25); ++ x33 = ((uint32_t)(arg1[33]) << 17); ++ x34 = ((uint32_t)(arg1[32]) << 9); ++ x35 = ((uint32_t)(arg1[31]) * 0x2); ++ x36 = ((uint32_t)(arg1[30]) << 20); ++ x37 = ((uint32_t)(arg1[29]) << 12); ++ x38 = ((uint32_t)(arg1[28]) << 4); ++ x39 = ((uint32_t)(arg1[27]) << 24); ++ x40 = ((uint32_t)(arg1[26]) << 16); ++ x41 = ((uint32_t)(arg1[25]) << 8); ++ x42 = (arg1[24]); ++ x43 = ((uint32_t)(arg1[23]) << 19); ++ x44 = ((uint32_t)(arg1[22]) << 11); ++ x45 = ((uint32_t)(arg1[21]) << 3); ++ x46 = ((uint32_t)(arg1[20]) << 22); ++ x47 = ((uint32_t)(arg1[19]) << 14); ++ x48 = ((uint32_t)(arg1[18]) << 6); ++ x49 = ((uint64_t)(arg1[17]) << 26); ++ x50 = ((uint32_t)(arg1[16]) << 18); ++ x51 = ((uint32_t)(arg1[15]) << 10); ++ x52 = ((uint32_t)(arg1[14]) << 2); ++ x53 = ((uint32_t)(arg1[13]) << 21); ++ x54 = ((uint32_t)(arg1[12]) << 13); ++ x55 = ((uint32_t)(arg1[11]) << 5); ++ x56 = ((uint64_t)(arg1[10]) << 25); ++ x57 = ((uint32_t)(arg1[9]) << 17); ++ x58 = ((uint32_t)(arg1[8]) << 9); ++ x59 = ((uint32_t)(arg1[7]) * 0x2); ++ x60 = ((uint32_t)(arg1[6]) << 20); ++ x61 = ((uint32_t)(arg1[5]) << 12); ++ x62 = ((uint32_t)(arg1[4]) << 4); ++ x63 = ((uint32_t)(arg1[3]) << 24); ++ x64 = ((uint32_t)(arg1[2]) << 16); ++ x65 = ((uint32_t)(arg1[1]) << 8); ++ x66 = (arg1[0]); ++ x67 = (x66 + (x65 + (x64 + x63))); ++ x68 = (uint8_t)(x67 >> 28); ++ x69 = (x67 & UINT32_C(0xfffffff)); ++ x70 = (x4 + (x3 + (x2 + x1))); ++ x71 = (x7 + (x6 + x5)); ++ x72 = (x11 + (x10 + (x9 + x8))); ++ x73 = (x14 + (x13 + x12)); ++ x74 = (x18 + (x17 + (x16 + x15))); ++ x75 = (x21 + (x20 + x19)); ++ x76 = (x24 + (x23 + x22)); ++ x77 = (x28 + (x27 + (x26 + x25))); ++ x78 = (x31 + (x30 + x29)); ++ x79 = (x35 + (x34 + (x33 + x32))); ++ x80 = (x38 + (x37 + x36)); ++ x81 = (x42 + (x41 + (x40 + x39))); ++ x82 = (x45 + (x44 + x43)); ++ x83 = (x48 + (x47 + x46)); ++ x84 = (x52 + (x51 + (x50 + x49))); ++ x85 = (x55 + (x54 + x53)); ++ x86 = (x59 + (x58 + (x57 + x56))); ++ x87 = (x62 + (x61 + x60)); ++ x88 = (x68 + x87); ++ x89 = (fiat_secp521r1_uint1)(x88 >> 27); ++ x90 = (x88 & UINT32_C(0x7ffffff)); ++ x91 = (x89 + x86); ++ x92 = (uint8_t)(x91 >> 28); ++ x93 = (uint32_t)(x91 & UINT32_C(0xfffffff)); ++ x94 = (x92 + x85); ++ x95 = (uint8_t)(x94 >> 27); ++ x96 = (x94 & UINT32_C(0x7ffffff)); ++ x97 = (x95 + x84); ++ x98 = (uint8_t)(x97 >> 28); ++ x99 = (uint32_t)(x97 & UINT32_C(0xfffffff)); ++ x100 = (x98 + x83); ++ x101 = (uint8_t)(x100 >> 27); ++ x102 = (x100 & UINT32_C(0x7ffffff)); ++ x103 = (x101 + x82); ++ x104 = (x103 & UINT32_C(0x7ffffff)); ++ x105 = (uint8_t)(x81 >> 28); ++ x106 = (x81 & UINT32_C(0xfffffff)); ++ x107 = (x105 + x80); ++ x108 = (fiat_secp521r1_uint1)(x107 >> 27); ++ x109 = (x107 & UINT32_C(0x7ffffff)); ++ x110 = (x108 + x79); ++ x111 = (uint8_t)(x110 >> 28); ++ x112 = (uint32_t)(x110 & UINT32_C(0xfffffff)); ++ x113 = (x111 + x78); ++ x114 = (uint8_t)(x113 >> 27); ++ x115 = (x113 & UINT32_C(0x7ffffff)); ++ x116 = (x114 + x77); ++ x117 = (uint8_t)(x116 >> 28); ++ x118 = (uint32_t)(x116 & UINT32_C(0xfffffff)); ++ x119 = (x117 + x76); ++ x120 = (uint8_t)(x119 >> 27); ++ x121 = (x119 & UINT32_C(0x7ffffff)); ++ x122 = (x120 + x75); ++ x123 = (x122 & UINT32_C(0x7ffffff)); ++ x124 = (uint8_t)(x74 >> 28); ++ x125 = (x74 & UINT32_C(0xfffffff)); ++ x126 = (x124 + x73); ++ x127 = (fiat_secp521r1_uint1)(x126 >> 27); ++ x128 = (x126 & UINT32_C(0x7ffffff)); ++ x129 = (x127 + x72); ++ x130 = (uint8_t)(x129 >> 28); ++ x131 = (uint32_t)(x129 & UINT32_C(0xfffffff)); ++ x132 = (x130 + x71); ++ x133 = (uint8_t)(x132 >> 27); ++ x134 = (x132 & UINT32_C(0x7ffffff)); ++ x135 = (x133 + x70); ++ out1[0] = x69; ++ out1[1] = x90; ++ out1[2] = x93; ++ out1[3] = x96; ++ out1[4] = x99; ++ out1[5] = x102; ++ out1[6] = x104; ++ out1[7] = x106; ++ out1[8] = x109; ++ out1[9] = x112; ++ out1[10] = x115; ++ out1[11] = x118; ++ out1[12] = x121; ++ out1[13] = x123; ++ out1[14] = x125; ++ out1[15] = x128; ++ out1[16] = x131; ++ out1[17] = x134; ++ out1[18] = x135; ++} ++ ++/* END verbatim fiat code */ ++ ++/*- ++ * Finite field inversion via FLT. ++ * NB: this is not a real Fiat function, just named that way for consistency. ++ * Autogenerated: ecp/secp521r1/fe_inv.op3 ++ * custom repunit addition chain ++ */ ++static void ++fiat_secp521r1_inv(fe_t output, const fe_t t1) ++{ ++ int i; ++ /* temporary variables */ ++ fe_t acc, t128, t16, t2, t256, t32, t4, t512, t516, t518, t519, t64, t8; ++ ++ fiat_secp521r1_carry_square(acc, t1); ++ fiat_secp521r1_carry_mul(t2, acc, t1); ++ fiat_secp521r1_carry_square(acc, t2); ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t4, acc, t2); ++ fiat_secp521r1_carry_square(acc, t4); ++ for (i = 0; i < 3; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t8, acc, t4); ++ fiat_secp521r1_carry_square(acc, t8); ++ for (i = 0; i < 7; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t16, acc, t8); ++ fiat_secp521r1_carry_square(acc, t16); ++ for (i = 0; i < 15; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t32, acc, t16); ++ fiat_secp521r1_carry_square(acc, t32); ++ for (i = 0; i < 31; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t64, acc, t32); ++ fiat_secp521r1_carry_square(acc, t64); ++ for (i = 0; i < 63; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t128, acc, t64); ++ fiat_secp521r1_carry_square(acc, t128); ++ for (i = 0; i < 127; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t256, acc, t128); ++ fiat_secp521r1_carry_square(acc, t256); ++ for (i = 0; i < 255; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t512, acc, t256); ++ fiat_secp521r1_carry_square(acc, t512); ++ for (i = 0; i < 3; i++) ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t516, acc, t4); ++ fiat_secp521r1_carry_square(acc, t516); ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(t518, acc, t2); ++ fiat_secp521r1_carry_square(acc, t518); ++ fiat_secp521r1_carry_mul(t519, acc, t1); ++ fiat_secp521r1_carry_square(acc, t519); ++ fiat_secp521r1_carry_square(acc, acc); ++ fiat_secp521r1_carry_mul(output, acc, t1); ++} ++ ++/* curve coefficient constants */ ++ ++static const limb_t const_one[19] = { ++ UINT32_C(0x00000001), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), ++ UINT32_C(0x00000000) ++}; ++ ++static const limb_t const_b[19] = { ++ UINT32_C(0x0B503F00), UINT32_C(0x0451FD46), UINT32_C(0x0869E3DE), ++ UINT32_C(0x03F107A5), UINT32_C(0x0C1CD5CF), UINT32_C(0x074EEC6F), ++ UINT32_C(0x00B29605), UINT32_C(0x0C7E937B), UINT32_C(0x0193951E), ++ UINT32_C(0x0213C2AC), UINT32_C(0x013231DE), UINT32_C(0x07CEE2D2), ++ UINT32_C(0x06E66CC5), UINT32_C(0x0516D392), UINT32_C(0x068540EE), ++ UINT32_C(0x01A21A0B), UINT32_C(0x09343F25), UINT32_C(0x072C31C3), ++ UINT32_C(0x014654FA) ++}; ++ ++/* LUT for scalar multiplication by comb interleaving */ ++static const pt_aff_t lut_cmb[13][16] = { ++ { ++ { { UINT32_C(0x02E5BD66), UINT32_C(0x07E7E31C), UINT32_C(0x048537F2), ++ UINT32_C(0x067830AD), UINT32_C(0x0378CD22), UINT32_C(0x01E8BFEA), ++ UINT32_C(0x07F0EE09), UINT32_C(0x0FE75928), UINT32_C(0x04B5E77E), ++ UINT32_C(0x0A7B7542), UINT32_C(0x05EC0D69), UINT32_C(0x0487E0A2), ++ UINT32_C(0x06414FED), UINT32_C(0x04E32409), UINT32_C(0x0395B442), ++ UINT32_C(0x03ECB662), UINT32_C(0x09D39B3C), UINT32_C(0x00D6E080), ++ UINT32_C(0x031A1638) }, ++ { UINT32_C(0x0FD16650), UINT32_C(0x03E94769), UINT32_C(0x05848111), ++ UINT32_C(0x0610D44E), UINT32_C(0x0D84D4F1), UINT32_C(0x004FEB41), ++ UINT32_C(0x062A85C8), UINT32_C(0x0EF42640), UINT32_C(0x06E72995), ++ UINT32_C(0x0CCC592F), UINT32_C(0x07A2E4E7), UINT32_C(0x01A05EBE), ++ UINT32_C(0x0255E6D1), UINT32_C(0x04C7AA22), UINT32_C(0x0C7D1BD9), ++ UINT32_C(0x00A5FB42), UINT32_C(0x078008B9), UINT32_C(0x054F1347), ++ UINT32_C(0x0460E4A5) } }, ++ { { UINT32_C(0x0E37AD7D), UINT32_C(0x0119D2ED), UINT32_C(0x05D40B4B), ++ UINT32_C(0x0210C586), UINT32_C(0x086EBAD2), UINT32_C(0x05AD67F8), ++ UINT32_C(0x00ED35E8), UINT32_C(0x0A483205), UINT32_C(0x03F164A3), ++ UINT32_C(0x051BA35A), UINT32_C(0x074225AF), UINT32_C(0x0AE796B5), ++ UINT32_C(0x06C48F66), UINT32_C(0x05A95372), UINT32_C(0x05959479), ++ UINT32_C(0x01D6A64B), UINT32_C(0x0232BBB2), UINT32_C(0x04887BC5), ++ UINT32_C(0x069CF4D4) }, ++ { UINT32_C(0x0E86C0E5), UINT32_C(0x0588CA1E), UINT32_C(0x0B2084BE), ++ UINT32_C(0x01379274), UINT32_C(0x0C33C417), UINT32_C(0x0477B0F1), ++ UINT32_C(0x016AD676), UINT32_C(0x0DC575B0), UINT32_C(0x02DD4CF8), ++ UINT32_C(0x0B9DD85C), UINT32_C(0x0563F46A), UINT32_C(0x0C5F4BE2), ++ UINT32_C(0x020AA740), UINT32_C(0x078AABFD), UINT32_C(0x0AB814F2), ++ UINT32_C(0x01F86C6C), UINT32_C(0x05BBB32F), UINT32_C(0x072FBF4C), ++ UINT32_C(0x04FA6C0E) } }, ++ { { UINT32_C(0x0C8F3078), UINT32_C(0x02B5096E), UINT32_C(0x062E71AB), ++ UINT32_C(0x043CDB12), UINT32_C(0x068CA75F), UINT32_C(0x03C4DF9E), ++ UINT32_C(0x038897F5), UINT32_C(0x0E301423), UINT32_C(0x03C0C6D5), ++ UINT32_C(0x0F59C870), UINT32_C(0x03571E2E), UINT32_C(0x04933C0F), ++ UINT32_C(0x076D4FC3), UINT32_C(0x03D2CB77), UINT32_C(0x004EB0BF), ++ UINT32_C(0x03C3391C), UINT32_C(0x08658E7B), UINT32_C(0x00A524F4), ++ UINT32_C(0x0194AFCF) }, ++ { UINT32_C(0x0EB090CB), UINT32_C(0x03CC3E8D), UINT32_C(0x09EFF02E), ++ UINT32_C(0x00E4AE6A), UINT32_C(0x0DE747C0), UINT32_C(0x00473D7F), ++ UINT32_C(0x0188AA01), UINT32_C(0x072CF374), UINT32_C(0x06897C90), ++ UINT32_C(0x08E10F76), UINT32_C(0x02F93406), UINT32_C(0x0147B760), ++ UINT32_C(0x03A1CB80), UINT32_C(0x00E6C7F4), UINT32_C(0x0A811291), ++ UINT32_C(0x02B73114), UINT32_C(0x03ADD914), UINT32_C(0x037BACC0), ++ UINT32_C(0x056F9BBC) } }, ++ { { UINT32_C(0x0816ECD4), UINT32_C(0x04EAD882), UINT32_C(0x04C33403), ++ UINT32_C(0x07EA1FB8), UINT32_C(0x0F11BE54), UINT32_C(0x043738EE), ++ UINT32_C(0x064D36F9), UINT32_C(0x0FC698D8), UINT32_C(0x0308D0AB), ++ UINT32_C(0x0298BB18), UINT32_C(0x02585EE2), UINT32_C(0x08A3C063), ++ UINT32_C(0x023D520C), UINT32_C(0x02F91707), UINT32_C(0x0B073A0C), ++ UINT32_C(0x0365FDA0), UINT32_C(0x0EC68DDD), UINT32_C(0x0333AB6F), ++ UINT32_C(0x015B5747) }, ++ { UINT32_C(0x0525251B), UINT32_C(0x06B8BC90), UINT32_C(0x0DF8F6B8), ++ UINT32_C(0x06254BBB), UINT32_C(0x097E79D9), UINT32_C(0x01647386), ++ UINT32_C(0x04A91D1A), UINT32_C(0x0DEC9E2B), UINT32_C(0x050F293C), ++ UINT32_C(0x07BCAAD7), UINT32_C(0x033144D9), UINT32_C(0x0375C76F), ++ UINT32_C(0x040A093C), UINT32_C(0x05AE2C16), UINT32_C(0x09D68478), ++ UINT32_C(0x058317A3), UINT32_C(0x054221A3), UINT32_C(0x07B37554), ++ UINT32_C(0x00F4B46D) } }, ++ { { UINT32_C(0x07CBE207), UINT32_C(0x04562796), UINT32_C(0x0A50CC3E), ++ UINT32_C(0x0757B0B9), UINT32_C(0x063D3D42), UINT32_C(0x07DC968C), ++ UINT32_C(0x079E2AB6), UINT32_C(0x0134DA35), UINT32_C(0x029E1396), ++ UINT32_C(0x0D6CCAE8), UINT32_C(0x0628B718), UINT32_C(0x0A64B12A), ++ UINT32_C(0x06E621D1), UINT32_C(0x0769A2A0), UINT32_C(0x0156D488), ++ UINT32_C(0x075BF157), UINT32_C(0x04304D45), UINT32_C(0x046B3C3C), ++ UINT32_C(0x05614E27) }, ++ { UINT32_C(0x09AD2A4E), UINT32_C(0x020EA86B), UINT32_C(0x001E6875), ++ UINT32_C(0x055D2511), UINT32_C(0x01F5CDB0), UINT32_C(0x03D2AFF6), ++ UINT32_C(0x007FAB76), UINT32_C(0x0057AC84), UINT32_C(0x069E5756), ++ UINT32_C(0x0688DC1A), UINT32_C(0x0744C7BB), UINT32_C(0x0EDB2096), ++ UINT32_C(0x053B873A), UINT32_C(0x01844532), UINT32_C(0x07AE938E), ++ UINT32_C(0x055557A2), UINT32_C(0x0BE73E16), UINT32_C(0x0193515D), ++ UINT32_C(0x00A8B986) } }, ++ { { UINT32_C(0x0A0CDB9A), UINT32_C(0x040E02DD), UINT32_C(0x035205D9), ++ UINT32_C(0x0049F499), UINT32_C(0x02140570), UINT32_C(0x02F8C644), ++ UINT32_C(0x068CD8D7), UINT32_C(0x0663DA1B), UINT32_C(0x05BC5332), ++ UINT32_C(0x022CA5E7), UINT32_C(0x058A9E53), UINT32_C(0x02550FBC), ++ UINT32_C(0x035F05E1), UINT32_C(0x076AEE3F), UINT32_C(0x0B4315CF), ++ UINT32_C(0x01A39573), UINT32_C(0x0BFEA8DE), UINT32_C(0x024B3FBD), ++ UINT32_C(0x0229D610) }, ++ { UINT32_C(0x0E48C808), UINT32_C(0x0074F92C), UINT32_C(0x0336BAB1), ++ UINT32_C(0x001C7E90), UINT32_C(0x0CDB72B2), UINT32_C(0x06452A54), ++ UINT32_C(0x01C49198), UINT32_C(0x0B42A4AB), UINT32_C(0x048A90E8), ++ UINT32_C(0x03705637), UINT32_C(0x02BA9C17), UINT32_C(0x024FB4BA), ++ UINT32_C(0x00842F41), UINT32_C(0x01D6EAB3), UINT32_C(0x054FB229), ++ UINT32_C(0x00CA8770), UINT32_C(0x0253093A), UINT32_C(0x07F97744), ++ UINT32_C(0x025BECC0) } }, ++ { { UINT32_C(0x02FBCDA7), UINT32_C(0x007848D3), UINT32_C(0x01DFF031), ++ UINT32_C(0x07601567), UINT32_C(0x0BA52FB0), UINT32_C(0x01E6AE23), ++ UINT32_C(0x01AA852F), UINT32_C(0x003C996A), UINT32_C(0x0445908E), ++ UINT32_C(0x070CC265), UINT32_C(0x0257D5EB), UINT32_C(0x08E13BB7), ++ UINT32_C(0x03786D30), UINT32_C(0x049FB9B6), UINT32_C(0x0924861A), ++ UINT32_C(0x0065D2B4), UINT32_C(0x0D5B39AF), UINT32_C(0x07309872), ++ UINT32_C(0x01F8FA63) }, ++ { UINT32_C(0x022A71C9), UINT32_C(0x01A01FB0), UINT32_C(0x0FD3EE52), ++ UINT32_C(0x0555F222), UINT32_C(0x0F0D8667), UINT32_C(0x05472FEE), ++ UINT32_C(0x0136FEE9), UINT32_C(0x08BC763F), UINT32_C(0x03D5D583), ++ UINT32_C(0x0C425583), UINT32_C(0x04F5CB83), UINT32_C(0x071A71E9), ++ UINT32_C(0x061B5508), UINT32_C(0x0676A851), UINT32_C(0x03ED5A08), ++ UINT32_C(0x01926DAA), UINT32_C(0x0FDB5234), UINT32_C(0x056DAF03), ++ UINT32_C(0x0423B963) } }, ++ { { UINT32_C(0x0CB8DB55), UINT32_C(0x02FE337B), UINT32_C(0x0F257BD3), ++ UINT32_C(0x02D303C7), UINT32_C(0x0C766E36), UINT32_C(0x0723F00C), ++ UINT32_C(0x03C3ADE8), UINT32_C(0x0BD00FFE), UINT32_C(0x01CCE27D), ++ UINT32_C(0x051C2372), UINT32_C(0x06A65BE2), UINT32_C(0x014B5A5E), ++ UINT32_C(0x042D0282), UINT32_C(0x05C7DE61), UINT32_C(0x06D4300F), ++ UINT32_C(0x0558FC54), UINT32_C(0x08CBE082), UINT32_C(0x03579724), ++ UINT32_C(0x01ADAB62) }, ++ { UINT32_C(0x01475465), UINT32_C(0x0343480A), UINT32_C(0x057BB2AC), ++ UINT32_C(0x0219888D), UINT32_C(0x06491BF6), UINT32_C(0x00CB25B2), ++ UINT32_C(0x010A4711), UINT32_C(0x09470A80), UINT32_C(0x01062C89), ++ UINT32_C(0x00BDAAFD), UINT32_C(0x020D32E9), UINT32_C(0x02E92D88), ++ UINT32_C(0x026EB483), UINT32_C(0x06F824B5), UINT32_C(0x03EDBF63), ++ UINT32_C(0x0664D233), UINT32_C(0x023AD4F9), UINT32_C(0x04E2AE27), ++ UINT32_C(0x06D1A368) } }, ++ { { UINT32_C(0x03110AE0), UINT32_C(0x07817A85), UINT32_C(0x034820ED), ++ UINT32_C(0x00855E1A), UINT32_C(0x003FE30C), UINT32_C(0x06D5A04E), ++ UINT32_C(0x06FA73CC), UINT32_C(0x04FE0287), UINT32_C(0x00A69E67), ++ UINT32_C(0x0A10B0EC), UINT32_C(0x049E4D24), UINT32_C(0x0ED35994), ++ UINT32_C(0x01A7E8AC), UINT32_C(0x04CF74F1), UINT32_C(0x0923906A), ++ UINT32_C(0x03874645), UINT32_C(0x0DB42741), UINT32_C(0x060FE261), ++ UINT32_C(0x06C0376D) }, ++ { UINT32_C(0x00E64647), UINT32_C(0x039CB7C7), UINT32_C(0x0EABEA6B), ++ UINT32_C(0x02B29856), UINT32_C(0x00839A41), UINT32_C(0x07C5AB7D), ++ UINT32_C(0x0697B3AB), UINT32_C(0x06DD0BF0), UINT32_C(0x05A564EF), ++ UINT32_C(0x02647BF3), UINT32_C(0x05856454), UINT32_C(0x02A635A2), ++ UINT32_C(0x033DA644), UINT32_C(0x05BCCA9A), UINT32_C(0x0EDDD106), ++ UINT32_C(0x011D4E4A), UINT32_C(0x0AEDB782), UINT32_C(0x03AFB62C), ++ UINT32_C(0x0215A0FC) } }, ++ { { UINT32_C(0x08D6A19B), UINT32_C(0x07F0B241), UINT32_C(0x077BC8F1), ++ UINT32_C(0x0063CE4B), UINT32_C(0x0C37FB3D), UINT32_C(0x075E9165), ++ UINT32_C(0x049192AB), UINT32_C(0x06266967), UINT32_C(0x03B30963), ++ UINT32_C(0x01CFE3F4), UINT32_C(0x059B66F2), UINT32_C(0x01FBFFC2), ++ UINT32_C(0x01D577D5), UINT32_C(0x022DBBF0), UINT32_C(0x05A1A072), ++ UINT32_C(0x07948C2D), UINT32_C(0x08690F81), UINT32_C(0x0490C833), ++ UINT32_C(0x02663733) }, ++ { UINT32_C(0x0BFD0575), UINT32_C(0x0091A695), UINT32_C(0x07FC8952), ++ UINT32_C(0x0313D53F), UINT32_C(0x0DDFD693), UINT32_C(0x06458C70), ++ UINT32_C(0x058761CC), UINT32_C(0x02EB8CF9), UINT32_C(0x02D963FF), ++ UINT32_C(0x0AEE4EE7), UINT32_C(0x05DC6CA8), UINT32_C(0x0D2B3143), ++ UINT32_C(0x038ADEF3), UINT32_C(0x033E9457), UINT32_C(0x035B245D), ++ UINT32_C(0x01424975), UINT32_C(0x03DAB987), UINT32_C(0x00C4D404), ++ UINT32_C(0x04DF5768) } }, ++ { { UINT32_C(0x03C8C9ED), UINT32_C(0x06F39969), UINT32_C(0x08DA5A85), ++ UINT32_C(0x02407274), UINT32_C(0x0D6CDEB2), UINT32_C(0x03B609F5), ++ UINT32_C(0x06CA4BF5), UINT32_C(0x0D62A309), UINT32_C(0x0257EAE4), ++ UINT32_C(0x0CFF528C), UINT32_C(0x07CEB388), UINT32_C(0x0A606548), ++ UINT32_C(0x030BB457), UINT32_C(0x01345DCC), UINT32_C(0x09ED3B10), ++ UINT32_C(0x04855085), UINT32_C(0x07A5F679), UINT32_C(0x00234E85), ++ UINT32_C(0x06872ECB) }, ++ { UINT32_C(0x0CBA4DF5), UINT32_C(0x00BC43C9), UINT32_C(0x0996C3CC), ++ UINT32_C(0x01E2EC93), UINT32_C(0x0B15F26C), UINT32_C(0x05CB18FB), ++ UINT32_C(0x05F5A1D1), UINT32_C(0x0A483295), UINT32_C(0x0741A53D), ++ UINT32_C(0x0F4FEFBE), UINT32_C(0x052DED75), UINT32_C(0x09B06028), ++ UINT32_C(0x0671464F), UINT32_C(0x0741E002), UINT32_C(0x0E40CE62), ++ UINT32_C(0x012DA7C5), UINT32_C(0x067A9058), UINT32_C(0x07A9F1DD), ++ UINT32_C(0x04688275) } }, ++ { { UINT32_C(0x02AF535C), UINT32_C(0x046A5ECE), UINT32_C(0x0CB00D43), ++ UINT32_C(0x063584D5), UINT32_C(0x0F881F87), UINT32_C(0x02697B14), ++ UINT32_C(0x074F1FC7), UINT32_C(0x0AF5B0AF), UINT32_C(0x06F83FC9), ++ UINT32_C(0x0A8A203E), UINT32_C(0x0469A19B), UINT32_C(0x0A092434), ++ UINT32_C(0x069E17EC), UINT32_C(0x0773D1CD), UINT32_C(0x0F547B8E), ++ UINT32_C(0x01CACEC5), UINT32_C(0x0B26EDB6), UINT32_C(0x03AE5202), ++ UINT32_C(0x06B82C9D) }, ++ { UINT32_C(0x0FA0D000), UINT32_C(0x015C3536), UINT32_C(0x0470ADB0), ++ UINT32_C(0x008A151A), UINT32_C(0x030884ED), UINT32_C(0x06EC1F74), ++ UINT32_C(0x01E13D93), UINT32_C(0x0E97FCF4), UINT32_C(0x0043361E), ++ UINT32_C(0x05B81C21), UINT32_C(0x048F0898), UINT32_C(0x00CAD0C5), ++ UINT32_C(0x06243416), UINT32_C(0x03EBACFF), UINT32_C(0x0068471C), ++ UINT32_C(0x022858FC), UINT32_C(0x0A700CD1), UINT32_C(0x004BCA70), ++ UINT32_C(0x03CB25EA) } }, ++ { { UINT32_C(0x0F70ACE0), UINT32_C(0x00C2460B), UINT32_C(0x0A7F627F), ++ UINT32_C(0x01D6384B), UINT32_C(0x0C9F9078), UINT32_C(0x02A9923F), ++ UINT32_C(0x02B743F1), UINT32_C(0x0C36EE4D), UINT32_C(0x01856917), ++ UINT32_C(0x03329552), UINT32_C(0x05918A93), UINT32_C(0x0EC471DC), ++ UINT32_C(0x01946C41), UINT32_C(0x00039881), UINT32_C(0x05DFF9D2), ++ UINT32_C(0x05874A6F), UINT32_C(0x04306946), UINT32_C(0x05AB8B53), ++ UINT32_C(0x0553A131) }, ++ { UINT32_C(0x04C78230), UINT32_C(0x025BCE40), UINT32_C(0x0CD6DA86), ++ UINT32_C(0x054A8CE5), UINT32_C(0x0BD7BB78), UINT32_C(0x029A965C), ++ UINT32_C(0x068F11B8), UINT32_C(0x02FBC1A0), UINT32_C(0x06354357), ++ UINT32_C(0x0CCD4DBD), UINT32_C(0x051102A2), UINT32_C(0x031FD9B0), ++ UINT32_C(0x02C008A8), UINT32_C(0x00AD491F), UINT32_C(0x0BB60D3F), ++ UINT32_C(0x02A28F80), UINT32_C(0x008E75C4), UINT32_C(0x0522E322), ++ UINT32_C(0x03343F73) } }, ++ { { UINT32_C(0x0002D68B), UINT32_C(0x07643017), UINT32_C(0x088AD06A), ++ UINT32_C(0x0408925D), UINT32_C(0x08F2C855), UINT32_C(0x036834C5), ++ UINT32_C(0x0289A9D7), UINT32_C(0x0719D483), UINT32_C(0x032123DA), ++ UINT32_C(0x0B0A9B01), UINT32_C(0x0230FC26), UINT32_C(0x08B0CFCD), ++ UINT32_C(0x074393E1), UINT32_C(0x0439CA9A), UINT32_C(0x089E646F), ++ UINT32_C(0x024D4EB8), UINT32_C(0x036D4EC5), UINT32_C(0x03F0431F), ++ UINT32_C(0x0580DCFB) }, ++ { UINT32_C(0x0D90B740), UINT32_C(0x066AECA5), UINT32_C(0x0B5967E7), ++ UINT32_C(0x07CE13A8), UINT32_C(0x0CB918FF), UINT32_C(0x052A2ED5), ++ UINT32_C(0x009DC3A7), UINT32_C(0x092EBC54), UINT32_C(0x07A491ED), ++ UINT32_C(0x0644023D), UINT32_C(0x06F1C343), UINT32_C(0x0EED295B), ++ UINT32_C(0x0173D4B0), UINT32_C(0x04FE8C9E), UINT32_C(0x0C06A3FA), ++ UINT32_C(0x0028401A), UINT32_C(0x0FC38BCB), UINT32_C(0x020029B9), ++ UINT32_C(0x03C565C1) } }, ++ { { UINT32_C(0x0EDA25DC), UINT32_C(0x03927618), UINT32_C(0x0EDB2C58), ++ UINT32_C(0x00B2BAA3), UINT32_C(0x0E7BCCF6), UINT32_C(0x03A11FFE), ++ UINT32_C(0x02001D5C), UINT32_C(0x076D7291), UINT32_C(0x029BC068), ++ UINT32_C(0x094260B9), UINT32_C(0x0671EECC), UINT32_C(0x07B0A2FB), ++ UINT32_C(0x047A1899), UINT32_C(0x07CFA289), UINT32_C(0x065A085F), ++ UINT32_C(0x041FBFCB), UINT32_C(0x0050FB67), UINT32_C(0x02D9296D), ++ UINT32_C(0x05D31913) }, ++ { UINT32_C(0x021A0C30), UINT32_C(0x07BBBC48), UINT32_C(0x077F7A30), ++ UINT32_C(0x024F84DD), UINT32_C(0x00FC19E6), UINT32_C(0x035C1B4C), ++ UINT32_C(0x02861399), UINT32_C(0x0CE0D90B), UINT32_C(0x00E21952), ++ UINT32_C(0x0A696F7C), UINT32_C(0x03D6F2B5), UINT32_C(0x07F2D73D), ++ UINT32_C(0x03F2D910), UINT32_C(0x00119F7C), UINT32_C(0x01B7B782), ++ UINT32_C(0x02CC95B4), UINT32_C(0x033CD00B), UINT32_C(0x005F0FE8), ++ UINT32_C(0x046BCE9F) } }, ++ { { UINT32_C(0x016A8803), UINT32_C(0x057D0E0C), UINT32_C(0x04902444), ++ UINT32_C(0x06BC911C), UINT32_C(0x0C88373E), UINT32_C(0x0302735A), ++ UINT32_C(0x07E0A60D), UINT32_C(0x04C9D429), UINT32_C(0x05543A90), ++ UINT32_C(0x0EE4D9AC), UINT32_C(0x050794BC), UINT32_C(0x0985C982), ++ UINT32_C(0x0595F0A9), UINT32_C(0x05ABA2C4), UINT32_C(0x07307B7D), ++ UINT32_C(0x06A58CDB), UINT32_C(0x08CC2A00), UINT32_C(0x019E61E1), ++ UINT32_C(0x0363A648) }, ++ { UINT32_C(0x09792D19), UINT32_C(0x04677C73), UINT32_C(0x08631594), ++ UINT32_C(0x032F8F6A), UINT32_C(0x098EA86F), UINT32_C(0x032B9330), ++ UINT32_C(0x009CD434), UINT32_C(0x04D14790), UINT32_C(0x06B8C324), ++ UINT32_C(0x035461EE), UINT32_C(0x06E597DA), UINT32_C(0x00182BBE), ++ UINT32_C(0x04A3C432), UINT32_C(0x045AA031), UINT32_C(0x014A30EC), ++ UINT32_C(0x009C13A2), UINT32_C(0x0C730FBE), UINT32_C(0x06A8A94C), ++ UINT32_C(0x049EC08E) } }, ++ }, ++ { ++ { { UINT32_C(0x043C6A8B), UINT32_C(0x069E114E), UINT32_C(0x02D17119), ++ UINT32_C(0x07161008), UINT32_C(0x04253BA7), UINT32_C(0x06D7E9D1), ++ UINT32_C(0x07AFFFEA), UINT32_C(0x0C20088E), UINT32_C(0x009D84CD), ++ UINT32_C(0x094B5A8B), UINT32_C(0x070C9B19), UINT32_C(0x0A140336), ++ UINT32_C(0x059D32DC), UINT32_C(0x07D5C770), UINT32_C(0x0B702098), ++ UINT32_C(0x0646FC6A), UINT32_C(0x06312DAB), UINT32_C(0x05DEF39B), ++ UINT32_C(0x07B32BAC) }, ++ { UINT32_C(0x06B04438), UINT32_C(0x0086BBC2), UINT32_C(0x0CE331EB), ++ UINT32_C(0x07A1DB2A), UINT32_C(0x04798584), UINT32_C(0x0632A66E), ++ UINT32_C(0x03A4F5AE), UINT32_C(0x03B41996), UINT32_C(0x061944D5), ++ UINT32_C(0x0E8ECAB0), UINT32_C(0x00E38A9B), UINT32_C(0x0BBF7088), ++ UINT32_C(0x022E1052), UINT32_C(0x00FB1445), UINT32_C(0x0FF1C5EA), ++ UINT32_C(0x034DB2F7), UINT32_C(0x04C560D6), UINT32_C(0x050E7FEA), ++ UINT32_C(0x00B97B7C) } }, ++ { { UINT32_C(0x004ED5E3), UINT32_C(0x012DA268), UINT32_C(0x08C92EF3), ++ UINT32_C(0x06F60BF9), UINT32_C(0x0656B119), UINT32_C(0x014823AF), ++ UINT32_C(0x058D04AC), UINT32_C(0x099D3419), UINT32_C(0x00CFAE71), ++ UINT32_C(0x0B423A38), UINT32_C(0x05EA80E2), UINT32_C(0x06C1F218), ++ UINT32_C(0x03E72AD5), UINT32_C(0x0691F49A), UINT32_C(0x04310FAB), ++ UINT32_C(0x05D250AD), UINT32_C(0x084D7BFA), UINT32_C(0x070595DE), ++ UINT32_C(0x017825D9) }, ++ { UINT32_C(0x0A7D5B37), UINT32_C(0x00B0A7A2), UINT32_C(0x0ED3BDEF), ++ UINT32_C(0x02B29FDB), UINT32_C(0x085BCC71), UINT32_C(0x0455FDD9), ++ UINT32_C(0x0595CF1F), UINT32_C(0x0040CCA6), UINT32_C(0x04FA2F23), ++ UINT32_C(0x04A05DD3), UINT32_C(0x07E18B4E), UINT32_C(0x045A2A46), ++ UINT32_C(0x058F2043), UINT32_C(0x038FC52D), UINT32_C(0x0A7666DC), ++ UINT32_C(0x0701CE42), UINT32_C(0x04B38B92), UINT32_C(0x01AD842D), ++ UINT32_C(0x07A0B6A0) } }, ++ { { UINT32_C(0x029D2024), UINT32_C(0x0728395A), UINT32_C(0x04DB516D), ++ UINT32_C(0x0504C2CE), UINT32_C(0x03C5DEB1), UINT32_C(0x041CFF48), ++ UINT32_C(0x014AE223), UINT32_C(0x0856531F), UINT32_C(0x02EC3F65), ++ UINT32_C(0x0A46F536), UINT32_C(0x04ECB2AA), UINT32_C(0x0FB7289E), ++ UINT32_C(0x03DE9EFF), UINT32_C(0x0724BAA3), UINT32_C(0x0508D541), ++ UINT32_C(0x051B73BA), UINT32_C(0x0B38749E), UINT32_C(0x044097DF), ++ UINT32_C(0x00E5AC8E) }, ++ { UINT32_C(0x0DDD93A9), UINT32_C(0x04295052), UINT32_C(0x0E03B84C), ++ UINT32_C(0x00B38799), UINT32_C(0x037F6A48), UINT32_C(0x07614753), ++ UINT32_C(0x05765258), UINT32_C(0x0E0CA450), UINT32_C(0x07CFB537), ++ UINT32_C(0x07342BEF), UINT32_C(0x05C319BB), UINT32_C(0x04F3A1F5), ++ UINT32_C(0x04762545), UINT32_C(0x0589360C), UINT32_C(0x0E5A46C8), ++ UINT32_C(0x02744137), UINT32_C(0x05E9E991), UINT32_C(0x01523BC2), ++ UINT32_C(0x062CDAB6) } }, ++ { { UINT32_C(0x090E92D6), UINT32_C(0x00FA75A5), UINT32_C(0x040D6969), ++ UINT32_C(0x011D7DDB), UINT32_C(0x0B02AC62), UINT32_C(0x07679C7F), ++ UINT32_C(0x07FD8A06), UINT32_C(0x0A623D2A), UINT32_C(0x034C8ED2), ++ UINT32_C(0x07FB351F), UINT32_C(0x008857BA), UINT32_C(0x09AD9171), ++ UINT32_C(0x03CB7A5B), UINT32_C(0x01A56DB4), UINT32_C(0x09225D29), ++ UINT32_C(0x07819EC5), UINT32_C(0x0645D37A), UINT32_C(0x0618AED1), ++ UINT32_C(0x053A82A2) }, ++ { UINT32_C(0x0662F537), UINT32_C(0x00AB8407), UINT32_C(0x0FF98DF8), ++ UINT32_C(0x03C0F116), UINT32_C(0x0C87DD6F), UINT32_C(0x00995A87), ++ UINT32_C(0x036E7BF1), UINT32_C(0x0318B15E), UINT32_C(0x01116415), ++ UINT32_C(0x00A53CD8), UINT32_C(0x0237AEF5), UINT32_C(0x065DCC5D), ++ UINT32_C(0x048F2118), UINT32_C(0x011F3E13), UINT32_C(0x0AD27061), ++ UINT32_C(0x02B7B666), UINT32_C(0x01CB618D), UINT32_C(0x02EC555A), ++ UINT32_C(0x058DF8C5) } }, ++ { { UINT32_C(0x0B9839DA), UINT32_C(0x0047D336), UINT32_C(0x09E93377), ++ UINT32_C(0x00074C09), UINT32_C(0x08B5F722), UINT32_C(0x06A0986D), ++ UINT32_C(0x03ABD41C), UINT32_C(0x057C1CAA), UINT32_C(0x02B2ACCA), ++ UINT32_C(0x0FC9B996), UINT32_C(0x05488187), UINT32_C(0x07861011), ++ UINT32_C(0x0163907B), UINT32_C(0x07F6DAF7), UINT32_C(0x0363BC0E), ++ UINT32_C(0x058EF00F), UINT32_C(0x05446B66), UINT32_C(0x0514AA79), ++ UINT32_C(0x04A03953) }, ++ { UINT32_C(0x0C1962CE), UINT32_C(0x06493BB1), UINT32_C(0x086D6126), ++ UINT32_C(0x00FCE569), UINT32_C(0x0DC92336), UINT32_C(0x015B8163), ++ UINT32_C(0x0432A31C), UINT32_C(0x0133A6EE), UINT32_C(0x0578D7AF), ++ UINT32_C(0x0840A2D3), UINT32_C(0x064C1FC2), UINT32_C(0x085837C8), ++ UINT32_C(0x0641237D), UINT32_C(0x054AF205), UINT32_C(0x0657C4E2), ++ UINT32_C(0x04B8B1E0), UINT32_C(0x00272237), UINT32_C(0x05B53E59), ++ UINT32_C(0x001FEA03) } }, ++ { { UINT32_C(0x0D2BF9A7), UINT32_C(0x01A65815), UINT32_C(0x06FC3341), ++ UINT32_C(0x065823F4), UINT32_C(0x01599DE7), UINT32_C(0x070CA981), ++ UINT32_C(0x067E13C8), UINT32_C(0x009A9A6A), UINT32_C(0x0229B72F), ++ UINT32_C(0x09B1BC4A), UINT32_C(0x06BCE69A), UINT32_C(0x0FA69B0D), ++ UINT32_C(0x078B83C0), UINT32_C(0x06E62A5C), UINT32_C(0x021D206C), ++ UINT32_C(0x04E0CE16), UINT32_C(0x0F728EF3), UINT32_C(0x0453D52E), ++ UINT32_C(0x01844B54) }, ++ { UINT32_C(0x020C30CB), UINT32_C(0x04E85BEE), UINT32_C(0x095E4EAF), ++ UINT32_C(0x075E0168), UINT32_C(0x039C14AF), UINT32_C(0x0370EA5A), ++ UINT32_C(0x05B0F157), UINT32_C(0x02E11B96), UINT32_C(0x042E3824), ++ UINT32_C(0x0D5DC5BB), UINT32_C(0x00451C96), UINT32_C(0x0E911392), ++ UINT32_C(0x0724269B), UINT32_C(0x04003692), UINT32_C(0x076FEA68), ++ UINT32_C(0x033CBDE1), UINT32_C(0x0417AF7D), UINT32_C(0x00B9592D), ++ UINT32_C(0x027FA0B4) } }, ++ { { UINT32_C(0x0B2E6D92), UINT32_C(0x06E8F69A), UINT32_C(0x0DCD1AA5), ++ UINT32_C(0x01FB27B9), UINT32_C(0x04974F21), UINT32_C(0x027768BA), ++ UINT32_C(0x02769E05), UINT32_C(0x08C4A5CC), UINT32_C(0x047AF64B), ++ UINT32_C(0x08B89BB2), UINT32_C(0x02ED5662), UINT32_C(0x03939461), ++ UINT32_C(0x01F7401B), UINT32_C(0x06FDF357), UINT32_C(0x019C98D9), ++ UINT32_C(0x07B1E9DD), UINT32_C(0x075DC034), UINT32_C(0x01E0054F), ++ UINT32_C(0x02A2F727) }, ++ { UINT32_C(0x0EB71C5F), UINT32_C(0x023BF702), UINT32_C(0x02236711), ++ UINT32_C(0x012F6D73), UINT32_C(0x0CA22E0A), UINT32_C(0x02359757), ++ UINT32_C(0x0157DA08), UINT32_C(0x05CB0525), UINT32_C(0x0102CBFE), ++ UINT32_C(0x0854B694), UINT32_C(0x07F9F306), UINT32_C(0x0A6E3855), ++ UINT32_C(0x024CCD83), UINT32_C(0x0220CC0E), UINT32_C(0x0AAD6848), ++ UINT32_C(0x0783A366), UINT32_C(0x0B9AD104), UINT32_C(0x02844B14), ++ UINT32_C(0x07B5BC13) } }, ++ { { UINT32_C(0x01490429), UINT32_C(0x07C3B47C), UINT32_C(0x0DB7A58B), ++ UINT32_C(0x04D10D93), UINT32_C(0x08CA405B), UINT32_C(0x07FD087B), ++ UINT32_C(0x07C88AC9), UINT32_C(0x07D54451), UINT32_C(0x07010F32), ++ UINT32_C(0x06D62976), UINT32_C(0x03752EE7), UINT32_C(0x0A2326FD), ++ UINT32_C(0x00445040), UINT32_C(0x03605DB9), UINT32_C(0x03194920), ++ UINT32_C(0x01F8F0DF), UINT32_C(0x0F321EF5), UINT32_C(0x0297EC47), ++ UINT32_C(0x05C97D9A) }, ++ { UINT32_C(0x087CA374), UINT32_C(0x04D9BD85), UINT32_C(0x09E4C1E2), ++ UINT32_C(0x05C6B60F), UINT32_C(0x03338BE0), UINT32_C(0x06C38E9F), ++ UINT32_C(0x030527CA), UINT32_C(0x0F28850A), UINT32_C(0x039421C7), ++ UINT32_C(0x02DE48C5), UINT32_C(0x0652719F), UINT32_C(0x097E2E6B), ++ UINT32_C(0x0758DD1C), UINT32_C(0x06788A64), UINT32_C(0x01CDEC4A), ++ UINT32_C(0x0314A216), UINT32_C(0x022EE734), UINT32_C(0x023BD455), ++ UINT32_C(0x05EC7716) } }, ++ { { UINT32_C(0x03ACF0F9), UINT32_C(0x0203D95A), UINT32_C(0x0286435B), ++ UINT32_C(0x01818DC4), UINT32_C(0x02821B92), UINT32_C(0x06AE5102), ++ UINT32_C(0x07066934), UINT32_C(0x07BC9150), UINT32_C(0x07BA5607), ++ UINT32_C(0x0EC5981C), UINT32_C(0x04C69569), UINT32_C(0x03CC0C2A), ++ UINT32_C(0x07DA94A0), UINT32_C(0x07E65511), UINT32_C(0x086234FB), ++ UINT32_C(0x05407465), UINT32_C(0x0F825CD7), UINT32_C(0x03F370CC), ++ UINT32_C(0x00DC963A) }, ++ { UINT32_C(0x09436D81), UINT32_C(0x04465793), UINT32_C(0x041DBE76), ++ UINT32_C(0x0384C090), UINT32_C(0x005C5350), UINT32_C(0x07296D6A), ++ UINT32_C(0x04712C6D), UINT32_C(0x0B8974CF), UINT32_C(0x07A230E5), ++ UINT32_C(0x0CBF52A8), UINT32_C(0x016C1814), UINT32_C(0x06EDC3F7), ++ UINT32_C(0x0627F679), UINT32_C(0x0750029A), UINT32_C(0x06E2AA55), ++ UINT32_C(0x0245FF68), UINT32_C(0x0F8F41C6), UINT32_C(0x00A2BB27), ++ UINT32_C(0x052BDC1F) } }, ++ { { UINT32_C(0x06C8D427), UINT32_C(0x0648C043), UINT32_C(0x045E9C01), ++ UINT32_C(0x042CC909), UINT32_C(0x089A90AA), UINT32_C(0x007114E3), ++ UINT32_C(0x0085B7C3), UINT32_C(0x0B9DE134), UINT32_C(0x06B0A9E9), ++ UINT32_C(0x0AAAEBCC), UINT32_C(0x0092A52A), UINT32_C(0x0D6E2713), ++ UINT32_C(0x05857362), UINT32_C(0x0118376C), UINT32_C(0x000A08F8), ++ UINT32_C(0x003DE32F), UINT32_C(0x0E3FE6ED), UINT32_C(0x06CFB412), ++ UINT32_C(0x043D1662) }, ++ { UINT32_C(0x0D400463), UINT32_C(0x0448C05A), UINT32_C(0x0AE67E6E), ++ UINT32_C(0x059369CB), UINT32_C(0x0A23C77C), UINT32_C(0x06E7F666), ++ UINT32_C(0x05BB8233), UINT32_C(0x095E95B6), UINT32_C(0x0284C07C), ++ UINT32_C(0x0F6C7097), UINT32_C(0x0443F5D5), UINT32_C(0x0301FE7F), ++ UINT32_C(0x023010C9), UINT32_C(0x009D2363), UINT32_C(0x07BD65C2), ++ UINT32_C(0x07E297A0), UINT32_C(0x034DDA50), UINT32_C(0x07ADC7E7), ++ UINT32_C(0x03060E2B) } }, ++ { { UINT32_C(0x0924C15F), UINT32_C(0x04E07505), UINT32_C(0x08D0DCCF), ++ UINT32_C(0x01D04769), UINT32_C(0x02E2E204), UINT32_C(0x0713097A), ++ UINT32_C(0x07E9B59C), UINT32_C(0x07FDCF7A), UINT32_C(0x03E60E03), ++ UINT32_C(0x0423C6CD), UINT32_C(0x06A163F7), UINT32_C(0x07C0FA8B), ++ UINT32_C(0x01341D2B), UINT32_C(0x06745C51), UINT32_C(0x03C9DE3A), ++ UINT32_C(0x06D6D6F5), UINT32_C(0x0F5AF83F), UINT32_C(0x02698DEF), ++ UINT32_C(0x06091F29) }, ++ { UINT32_C(0x0DBEEE78), UINT32_C(0x060A02B3), UINT32_C(0x0558AE6B), ++ UINT32_C(0x07100333), UINT32_C(0x0A312381), UINT32_C(0x02FA9A13), ++ UINT32_C(0x06D1C0C3), UINT32_C(0x0C625336), UINT32_C(0x03B853CF), ++ UINT32_C(0x08B3BE37), UINT32_C(0x0104E5D9), UINT32_C(0x053B9B53), ++ UINT32_C(0x02A2D06C), UINT32_C(0x01CDC864), UINT32_C(0x0F04A867), ++ UINT32_C(0x07663226), UINT32_C(0x0FD6C54B), UINT32_C(0x040943C5), ++ UINT32_C(0x03C04D10) } }, ++ { { UINT32_C(0x090F8C80), UINT32_C(0x0582A686), UINT32_C(0x0BA42ED6), ++ UINT32_C(0x070A8F1E), UINT32_C(0x0AB02D12), UINT32_C(0x01EB5C3D), ++ UINT32_C(0x07479B29), UINT32_C(0x04D72C41), UINT32_C(0x0362562E), ++ UINT32_C(0x06FAF4FC), UINT32_C(0x033FED54), UINT32_C(0x0229578C), ++ UINT32_C(0x005B4CFB), UINT32_C(0x03BA05BF), UINT32_C(0x0B4A3FBC), ++ UINT32_C(0x07DBD5D5), UINT32_C(0x05E8639D), UINT32_C(0x07D5867F), ++ UINT32_C(0x027FE947) }, ++ { UINT32_C(0x01982847), UINT32_C(0x008A8D79), UINT32_C(0x0B215B64), ++ UINT32_C(0x06EDECCB), UINT32_C(0x045309BE), UINT32_C(0x055465DE), ++ UINT32_C(0x0426ED2E), UINT32_C(0x0D49D672), UINT32_C(0x01000B74), ++ UINT32_C(0x01206E3C), UINT32_C(0x061A0CA8), UINT32_C(0x020BEC03), ++ UINT32_C(0x02104AC7), UINT32_C(0x03FB64AC), UINT32_C(0x097C06BE), ++ UINT32_C(0x05DF7C1D), UINT32_C(0x0EFD23AB), UINT32_C(0x042BC8D8), ++ UINT32_C(0x02A649D7) } }, ++ { { UINT32_C(0x0643409F), UINT32_C(0x06A50E0A), UINT32_C(0x00C269C2), ++ UINT32_C(0x0130B8C0), UINT32_C(0x0B25EAD2), UINT32_C(0x07A4A516), ++ UINT32_C(0x0375B082), UINT32_C(0x0E197F8C), UINT32_C(0x0546B686), ++ UINT32_C(0x0B8287C5), UINT32_C(0x04A367C1), UINT32_C(0x07DF58A1), ++ UINT32_C(0x05B7DD15), UINT32_C(0x061763FD), UINT32_C(0x0E2DF8E8), ++ UINT32_C(0x05ABFC51), UINT32_C(0x087018C8), UINT32_C(0x05935143), ++ UINT32_C(0x05E9EFA4) }, ++ { UINT32_C(0x0AF2F29D), UINT32_C(0x0063F9B1), UINT32_C(0x0FB11A34), ++ UINT32_C(0x02D7C22E), UINT32_C(0x08AF67E7), UINT32_C(0x005AC16C), ++ UINT32_C(0x047EE080), UINT32_C(0x0B7677A2), UINT32_C(0x04500DDC), ++ UINT32_C(0x0137CD80), UINT32_C(0x01CF2369), UINT32_C(0x0DE177B8), ++ UINT32_C(0x018122DE), UINT32_C(0x00EDFC0C), UINT32_C(0x0048B9ED), ++ UINT32_C(0x043633B7), UINT32_C(0x0666D33E), UINT32_C(0x00317E10), ++ UINT32_C(0x066100C3) } }, ++ { { UINT32_C(0x037B93A2), UINT32_C(0x07917621), UINT32_C(0x048F411C), ++ UINT32_C(0x04EF1E2A), UINT32_C(0x0FC8F91F), UINT32_C(0x04090E1D), ++ UINT32_C(0x066F78F2), UINT32_C(0x0C2C0207), UINT32_C(0x065E2513), ++ UINT32_C(0x0F03BADB), UINT32_C(0x03689AF4), UINT32_C(0x0FE959E2), ++ UINT32_C(0x028B6A5E), UINT32_C(0x0101C577), UINT32_C(0x0C3A5192), ++ UINT32_C(0x03042F53), UINT32_C(0x0E2A6A29), UINT32_C(0x0231095D), ++ UINT32_C(0x06E29445) }, ++ { UINT32_C(0x07A00331), UINT32_C(0x041D85F7), UINT32_C(0x0D189E24), ++ UINT32_C(0x0294578C), UINT32_C(0x04A9E7A3), UINT32_C(0x037F260A), ++ UINT32_C(0x060D62BB), UINT32_C(0x07AED3DE), UINT32_C(0x0727FEAB), ++ UINT32_C(0x0283C99C), UINT32_C(0x05A11B56), UINT32_C(0x08953348), ++ UINT32_C(0x01A388E1), UINT32_C(0x028932F2), UINT32_C(0x0AFFD5A7), ++ UINT32_C(0x042CF6C6), UINT32_C(0x072339BA), UINT32_C(0x06344724), ++ UINT32_C(0x0395F757) } }, ++ { { UINT32_C(0x01328CE4), UINT32_C(0x01D69A89), UINT32_C(0x03D3B2E3), ++ UINT32_C(0x0780829F), UINT32_C(0x0848A488), UINT32_C(0x057B85BD), ++ UINT32_C(0x02051385), UINT32_C(0x06706AD6), UINT32_C(0x02D6482A), ++ UINT32_C(0x0A8717D0), UINT32_C(0x05383AC5), UINT32_C(0x03250B87), ++ UINT32_C(0x05C77D8D), UINT32_C(0x05198B6D), UINT32_C(0x03FACF90), ++ UINT32_C(0x062058A1), UINT32_C(0x008F96B1), UINT32_C(0x01F29CAF), ++ UINT32_C(0x00358EC7) }, ++ { UINT32_C(0x0B620A88), UINT32_C(0x06288694), UINT32_C(0x05B21FAC), ++ UINT32_C(0x03F64B44), UINT32_C(0x0DBD251D), UINT32_C(0x06B0D130), ++ UINT32_C(0x04314394), UINT32_C(0x02479C97), UINT32_C(0x003417DF), ++ UINT32_C(0x0318B1D4), UINT32_C(0x0762DFD7), UINT32_C(0x0DDA6BF1), ++ UINT32_C(0x0214A508), UINT32_C(0x0231DEBD), UINT32_C(0x0D8733B2), ++ UINT32_C(0x02ACA66C), UINT32_C(0x05C275E4), UINT32_C(0x07A8A625), ++ UINT32_C(0x001D2426) } }, ++ { { UINT32_C(0x0C95FF29), UINT32_C(0x0608C2C5), UINT32_C(0x0404108F), ++ UINT32_C(0x03383226), UINT32_C(0x07F8CE0C), UINT32_C(0x0600859C), ++ UINT32_C(0x04899A96), UINT32_C(0x00CCD8EA), UINT32_C(0x02796E7C), ++ UINT32_C(0x0FB706CC), UINT32_C(0x0111E6FC), UINT32_C(0x027E2706), ++ UINT32_C(0x03EBDDF3), UINT32_C(0x02838065), UINT32_C(0x0585FBC0), ++ UINT32_C(0x07572ED5), UINT32_C(0x0907E1E4), UINT32_C(0x017E67B8), ++ UINT32_C(0x041786F0) }, ++ { UINT32_C(0x04519732), UINT32_C(0x073D0689), UINT32_C(0x0DF32FF7), ++ UINT32_C(0x01246800), UINT32_C(0x068478E9), UINT32_C(0x031DEA3C), ++ UINT32_C(0x03E71E8F), UINT32_C(0x08C6C89E), UINT32_C(0x012CDD96), ++ UINT32_C(0x0AEEE8F4), UINT32_C(0x0121A9C4), UINT32_C(0x01F73DAA), ++ UINT32_C(0x033160E0), UINT32_C(0x062B3F6E), UINT32_C(0x081E3B9C), ++ UINT32_C(0x029ED0A5), UINT32_C(0x05F0DBFB), UINT32_C(0x0765E7EB), ++ UINT32_C(0x06026E18) } }, ++ }, ++ { ++ { { UINT32_C(0x0ED2EB86), UINT32_C(0x073B24CD), UINT32_C(0x01308B7E), ++ UINT32_C(0x001667D5), UINT32_C(0x06D840A4), UINT32_C(0x01CE15F3), ++ UINT32_C(0x00EC4628), UINT32_C(0x0BE255D7), UINT32_C(0x039A76B9), ++ UINT32_C(0x0CA76752), UINT32_C(0x02EA45FE), UINT32_C(0x0CB0A354), ++ UINT32_C(0x019D90B7), UINT32_C(0x036C0B82), UINT32_C(0x07E353B2), ++ UINT32_C(0x00B45E15), UINT32_C(0x0E1E3229), UINT32_C(0x06EED669), ++ UINT32_C(0x07975597) }, ++ { UINT32_C(0x04B5DE1E), UINT32_C(0x05185A2C), UINT32_C(0x0F1C1594), ++ UINT32_C(0x01D7FD5B), UINT32_C(0x0CD949EB), UINT32_C(0x02E191E5), ++ UINT32_C(0x03295CCA), UINT32_C(0x02F97A05), UINT32_C(0x052209AD), ++ UINT32_C(0x0C0AF1C4), UINT32_C(0x07F93AD2), UINT32_C(0x060F26C1), ++ UINT32_C(0x0274993E), UINT32_C(0x023CDD4A), UINT32_C(0x08D9B938), ++ UINT32_C(0x00D32B5E), UINT32_C(0x04FE5190), UINT32_C(0x01AB014D), ++ UINT32_C(0x05DD64A0) } }, ++ { { UINT32_C(0x0C2CA70B), UINT32_C(0x0346AE90), UINT32_C(0x0F8387AC), ++ UINT32_C(0x03ABE62A), UINT32_C(0x029DA053), UINT32_C(0x0041F61B), ++ UINT32_C(0x02CBC0BF), UINT32_C(0x05243AE9), UINT32_C(0x0360C16B), ++ UINT32_C(0x0C28A299), UINT32_C(0x0795D938), UINT32_C(0x02AC475A), ++ UINT32_C(0x0113BEAF), UINT32_C(0x05A671E6), UINT32_C(0x05C8C591), ++ UINT32_C(0x06924739), UINT32_C(0x02A54EEF), UINT32_C(0x02F274E3), ++ UINT32_C(0x0049A1CD) }, ++ { UINT32_C(0x0426994D), UINT32_C(0x07F97B31), UINT32_C(0x0DA0C788), ++ UINT32_C(0x04B6F8C8), UINT32_C(0x05463D1A), UINT32_C(0x07C155D5), ++ UINT32_C(0x00BA793E), UINT32_C(0x0AB08953), UINT32_C(0x042C3976), ++ UINT32_C(0x069C681F), UINT32_C(0x02ABCC5A), UINT32_C(0x024C8F72), ++ UINT32_C(0x067DF148), UINT32_C(0x0180DD65), UINT32_C(0x042A4819), ++ UINT32_C(0x01AFAAD4), UINT32_C(0x0334701F), UINT32_C(0x031ADC33), ++ UINT32_C(0x03AA0140) } }, ++ { { UINT32_C(0x0BEE1F7B), UINT32_C(0x07EA5E6A), UINT32_C(0x06C716A1), ++ UINT32_C(0x01C6DCD9), UINT32_C(0x00C62805), UINT32_C(0x06E99086), ++ UINT32_C(0x047E4182), UINT32_C(0x04E699EA), UINT32_C(0x017F98AF), ++ UINT32_C(0x0C64E476), UINT32_C(0x0464A2AE), UINT32_C(0x0AF646E7), ++ UINT32_C(0x0734C8DA), UINT32_C(0x069B3D13), UINT32_C(0x0BD58EFB), ++ UINT32_C(0x0572D3C4), UINT32_C(0x0889BAF4), UINT32_C(0x049A880A), ++ UINT32_C(0x01790356) }, ++ { UINT32_C(0x0D71A4FA), UINT32_C(0x017475C1), UINT32_C(0x0B53C845), ++ UINT32_C(0x00ED5EC3), UINT32_C(0x072B9DBC), UINT32_C(0x032C8366), ++ UINT32_C(0x02B3D21C), UINT32_C(0x0E8E8016), UINT32_C(0x04B6FF58), ++ UINT32_C(0x017276EC), UINT32_C(0x069855EF), UINT32_C(0x0342CFC2), ++ UINT32_C(0x00D109A0), UINT32_C(0x07614A72), UINT32_C(0x09DC301B), ++ UINT32_C(0x036B57F5), UINT32_C(0x06CB91C2), UINT32_C(0x03E8DF1A), ++ UINT32_C(0x070FD727) } }, ++ { { UINT32_C(0x032574BE), UINT32_C(0x04115A04), UINT32_C(0x0F98172F), ++ UINT32_C(0x04AEDED0), UINT32_C(0x02519CD4), UINT32_C(0x05A01A73), ++ UINT32_C(0x06EEA282), UINT32_C(0x0BBAAC38), UINT32_C(0x02CC4028), ++ UINT32_C(0x03AACD20), UINT32_C(0x01A067DD), UINT32_C(0x0AFED584), ++ UINT32_C(0x06846B34), UINT32_C(0x01F4D8B2), UINT32_C(0x00AB5080), ++ UINT32_C(0x02EFB0FB), UINT32_C(0x09F1C68E), UINT32_C(0x01829F05), ++ UINT32_C(0x008F3C67) }, ++ { UINT32_C(0x062EC0F0), UINT32_C(0x04CAAFE4), UINT32_C(0x08147733), ++ UINT32_C(0x038A422E), UINT32_C(0x0085656E), UINT32_C(0x02D1FFD4), ++ UINT32_C(0x0731016E), UINT32_C(0x022AA6C1), UINT32_C(0x04385C24), ++ UINT32_C(0x06B4D30A), UINT32_C(0x04FF86E3), UINT32_C(0x0540E9AE), ++ UINT32_C(0x039185FE), UINT32_C(0x0278D41E), UINT32_C(0x05EEE86F), ++ UINT32_C(0x05D399FD), UINT32_C(0x07D5B982), UINT32_C(0x0364A589), ++ UINT32_C(0x07E1654F) } }, ++ { { UINT32_C(0x0D8CB3CC), UINT32_C(0x06C254BF), UINT32_C(0x0FBC2C5D), ++ UINT32_C(0x07F746F2), UINT32_C(0x07E4259D), UINT32_C(0x022B49C4), ++ UINT32_C(0x04CE0ECE), UINT32_C(0x095F3130), UINT32_C(0x064022C7), ++ UINT32_C(0x076A7307), UINT32_C(0x074FEA23), UINT32_C(0x09CDD626), ++ UINT32_C(0x0612A401), UINT32_C(0x0562E226), UINT32_C(0x027BA2E0), ++ UINT32_C(0x01D98EB5), UINT32_C(0x0A54B2FF), UINT32_C(0x0345BAFC), ++ UINT32_C(0x05CE5083) }, ++ { UINT32_C(0x082FB619), UINT32_C(0x01E59C7B), UINT32_C(0x07C56C18), ++ UINT32_C(0x0594E677), UINT32_C(0x0EBA4C47), UINT32_C(0x01F1C6FF), ++ UINT32_C(0x016B9F48), UINT32_C(0x0443B057), UINT32_C(0x017930FC), ++ UINT32_C(0x0D94B0A6), UINT32_C(0x0501D4ED), UINT32_C(0x0EB5EA2F), ++ UINT32_C(0x03F2D8D0), UINT32_C(0x04A1DA92), UINT32_C(0x0A702231), ++ UINT32_C(0x063C2830), UINT32_C(0x06F5E127), UINT32_C(0x06BE79CE), ++ UINT32_C(0x06600B2F) } }, ++ { { UINT32_C(0x0F26ECDA), UINT32_C(0x0052168B), UINT32_C(0x0CBDB9E3), ++ UINT32_C(0x052FFD0A), UINT32_C(0x02FDCD7B), UINT32_C(0x05791EA2), ++ UINT32_C(0x03DF5472), UINT32_C(0x0544715D), UINT32_C(0x032F4FBD), ++ UINT32_C(0x05DA4E99), UINT32_C(0x000977D5), UINT32_C(0x0AEE5E82), ++ UINT32_C(0x07B5A2B7), UINT32_C(0x02494676), UINT32_C(0x0B416152), ++ UINT32_C(0x03AC76C7), UINT32_C(0x0B21FDC6), UINT32_C(0x04ECC50E), ++ UINT32_C(0x02A4E6AB) }, ++ { UINT32_C(0x031E0BB4), UINT32_C(0x05FC9964), UINT32_C(0x014AC466), ++ UINT32_C(0x038F82D0), UINT32_C(0x0C0B56B8), UINT32_C(0x0217513C), ++ UINT32_C(0x0498C923), UINT32_C(0x076EEC28), UINT32_C(0x03824F59), ++ UINT32_C(0x0B7B1382), UINT32_C(0x056FE399), UINT32_C(0x00794841), ++ UINT32_C(0x076FEEC8), UINT32_C(0x0219F413), UINT32_C(0x04ABDD19), ++ UINT32_C(0x04CE2F28), UINT32_C(0x0F2E86F7), UINT32_C(0x02F472AF), ++ UINT32_C(0x06774781) } }, ++ { { UINT32_C(0x0CEBC7BE), UINT32_C(0x00221686), UINT32_C(0x04E2E2B5), ++ UINT32_C(0x02865641), UINT32_C(0x0400F945), UINT32_C(0x01CF69C4), ++ UINT32_C(0x002D7B22), UINT32_C(0x04D5A98C), UINT32_C(0x075AA74B), ++ UINT32_C(0x0926F727), UINT32_C(0x0318AD6B), UINT32_C(0x009AE911), ++ UINT32_C(0x00216BA5), UINT32_C(0x0794C1D5), UINT32_C(0x047BB387), ++ UINT32_C(0x05890517), UINT32_C(0x0C438287), UINT32_C(0x04D6AF1C), ++ UINT32_C(0x010C34E7) }, ++ { UINT32_C(0x02E3859D), UINT32_C(0x06690EFE), UINT32_C(0x0F063DCD), ++ UINT32_C(0x068C490B), UINT32_C(0x06DE5321), UINT32_C(0x0225E5EC), ++ UINT32_C(0x0573AFDE), UINT32_C(0x0C5AD59A), UINT32_C(0x064D175A), ++ UINT32_C(0x09D71327), UINT32_C(0x03D7526B), UINT32_C(0x04C7D696), ++ UINT32_C(0x05C7C0BF), UINT32_C(0x04314949), UINT32_C(0x064EA7B0), ++ UINT32_C(0x008652D7), UINT32_C(0x0EA31279), UINT32_C(0x0668F188), ++ UINT32_C(0x035A0886) } }, ++ { { UINT32_C(0x02EB8133), UINT32_C(0x03EC558C), UINT32_C(0x088B2CEF), ++ UINT32_C(0x008352FC), UINT32_C(0x0ECF2FB1), UINT32_C(0x01F0E6BB), ++ UINT32_C(0x023E4A68), UINT32_C(0x0B9CC299), UINT32_C(0x02937BC1), ++ UINT32_C(0x0A4FE033), UINT32_C(0x03BAB078), UINT32_C(0x078C8608), ++ UINT32_C(0x000D53E7), UINT32_C(0x06DA1D39), UINT32_C(0x05E14C61), ++ UINT32_C(0x035624BE), UINT32_C(0x06669427), UINT32_C(0x079FAB65), ++ UINT32_C(0x0663AC20) }, ++ { UINT32_C(0x06835A15), UINT32_C(0x013B136D), UINT32_C(0x08DB323F), ++ UINT32_C(0x068809A4), UINT32_C(0x02A3957E), UINT32_C(0x0081A010), ++ UINT32_C(0x06B7C838), UINT32_C(0x074F156F), UINT32_C(0x00F3A4DB), ++ UINT32_C(0x07ADF165), UINT32_C(0x05A07A0A), UINT32_C(0x0585D310), ++ UINT32_C(0x02A4FAF9), UINT32_C(0x03A5C451), UINT32_C(0x00426908), ++ UINT32_C(0x03C76306), UINT32_C(0x0D3289C2), UINT32_C(0x04FD8A7B), ++ UINT32_C(0x03974EFE) } }, ++ { { UINT32_C(0x01D85118), UINT32_C(0x03F039A9), UINT32_C(0x0A744F66), ++ UINT32_C(0x00B874D3), UINT32_C(0x0AD31A3A), UINT32_C(0x07A3C5F8), ++ UINT32_C(0x045FFFF5), UINT32_C(0x023754A5), UINT32_C(0x02E38CB8), ++ UINT32_C(0x05910E6C), UINT32_C(0x01773ED0), UINT32_C(0x0835A72A), ++ UINT32_C(0x01BE848A), UINT32_C(0x07BD444B), UINT32_C(0x0B4AFA36), ++ UINT32_C(0x03B51CEC), UINT32_C(0x076A82F4), UINT32_C(0x049B5424), ++ UINT32_C(0x01EDBBC3) }, ++ { UINT32_C(0x0D472029), UINT32_C(0x07322E8C), UINT32_C(0x0891E31F), ++ UINT32_C(0x0598F9A4), UINT32_C(0x0B8A6C89), UINT32_C(0x065A918E), ++ UINT32_C(0x01B36F21), UINT32_C(0x05650472), UINT32_C(0x053A7D69), ++ UINT32_C(0x05F09FDE), UINT32_C(0x03CE6055), UINT32_C(0x017487DC), ++ UINT32_C(0x01B03227), UINT32_C(0x013D4913), UINT32_C(0x096CA6AE), ++ UINT32_C(0x000E46D4), UINT32_C(0x07F35B2C), UINT32_C(0x06FDC86A), ++ UINT32_C(0x0191F319) } }, ++ { { UINT32_C(0x0CE12393), UINT32_C(0x015F4FB3), UINT32_C(0x0C3E8E50), ++ UINT32_C(0x06CE6B2D), UINT32_C(0x0B3C1693), UINT32_C(0x045162F6), ++ UINT32_C(0x0407EFF6), UINT32_C(0x00A9135E), UINT32_C(0x047CF46F), ++ UINT32_C(0x04E91DC4), UINT32_C(0x036B9A3C), UINT32_C(0x0134193D), ++ UINT32_C(0x003E5C05), UINT32_C(0x00082BD9), UINT32_C(0x067D8D47), ++ UINT32_C(0x02764530), UINT32_C(0x01E6C320), UINT32_C(0x04A28C2A), ++ UINT32_C(0x048FBA5C) }, ++ { UINT32_C(0x0CE5DBF5), UINT32_C(0x0385772C), UINT32_C(0x019E313F), ++ UINT32_C(0x073071A7), UINT32_C(0x0F5FC824), UINT32_C(0x02D63EF3), ++ UINT32_C(0x02B70267), UINT32_C(0x0A6BE174), UINT32_C(0x076EA84E), ++ UINT32_C(0x0FA0EBFC), UINT32_C(0x06D310F3), UINT32_C(0x01962AC7), ++ UINT32_C(0x0209883D), UINT32_C(0x03B86C97), UINT32_C(0x00441CDD), ++ UINT32_C(0x0066501C), UINT32_C(0x03267C1F), UINT32_C(0x03EAC5C9), ++ UINT32_C(0x00069F5A) } }, ++ { { UINT32_C(0x01D1EEDB), UINT32_C(0x0706D366), UINT32_C(0x04DB59F7), ++ UINT32_C(0x03130058), UINT32_C(0x0FBF1E90), UINT32_C(0x02990341), ++ UINT32_C(0x052D42D0), UINT32_C(0x0D9F883C), UINT32_C(0x01C3CC5F), ++ UINT32_C(0x0602F8E0), UINT32_C(0x0719E908), UINT32_C(0x0152A103), ++ UINT32_C(0x05A33891), UINT32_C(0x0095E49C), UINT32_C(0x07DC00AE), ++ UINT32_C(0x00D04AA8), UINT32_C(0x034051A0), UINT32_C(0x01C589DC), ++ UINT32_C(0x044769AA) }, ++ { UINT32_C(0x05A4238D), UINT32_C(0x038BBADC), UINT32_C(0x024C6D7A), ++ UINT32_C(0x058D2A82), UINT32_C(0x0BE67DEB), UINT32_C(0x057F5E80), ++ UINT32_C(0x055D31EA), UINT32_C(0x0DB49C5A), UINT32_C(0x070BEC2C), ++ UINT32_C(0x0F3322C2), UINT32_C(0x06C3108C), UINT32_C(0x0A1130EB), ++ UINT32_C(0x01DE1843), UINT32_C(0x002476B9), UINT32_C(0x0C1602A0), ++ UINT32_C(0x020FD705), UINT32_C(0x0E87B144), UINT32_C(0x00271FD2), ++ UINT32_C(0x02A1E7C8) } }, ++ { { UINT32_C(0x0BB71E17), UINT32_C(0x00B697E6), UINT32_C(0x027C50D2), ++ UINT32_C(0x02FF8F72), UINT32_C(0x052B77CA), UINT32_C(0x02997C16), ++ UINT32_C(0x013C0178), UINT32_C(0x0F7FCEE6), UINT32_C(0x040B66E5), ++ UINT32_C(0x03A69C37), UINT32_C(0x02E55D76), UINT32_C(0x00F908D4), ++ UINT32_C(0x052718AB), UINT32_C(0x0076528F), UINT32_C(0x0306D84E), ++ UINT32_C(0x07EBCA7C), UINT32_C(0x01165F7E), UINT32_C(0x01DB45A9), ++ UINT32_C(0x067FCC94) }, ++ { UINT32_C(0x0791633D), UINT32_C(0x047BD9A1), UINT32_C(0x0A26D9CC), ++ UINT32_C(0x000BE536), UINT32_C(0x0F022B81), UINT32_C(0x064B6F3C), ++ UINT32_C(0x03B7DA09), UINT32_C(0x0F632491), UINT32_C(0x02A9B2EF), ++ UINT32_C(0x029A6C74), UINT32_C(0x039178C1), UINT32_C(0x06C1B980), ++ UINT32_C(0x025426C4), UINT32_C(0x00AC18E2), UINT32_C(0x0854C009), ++ UINT32_C(0x07A990A9), UINT32_C(0x0BA40528), UINT32_C(0x05C4D8A8), ++ UINT32_C(0x0628B343) } }, ++ { { UINT32_C(0x07812A25), UINT32_C(0x0179F4F9), UINT32_C(0x09DE2C08), ++ UINT32_C(0x02F4F1F9), UINT32_C(0x04F48E6A), UINT32_C(0x07549212), ++ UINT32_C(0x016DCA05), UINT32_C(0x07A3A534), UINT32_C(0x0359AADF), ++ UINT32_C(0x0E969384), UINT32_C(0x061DBB0C), UINT32_C(0x0E368BE3), ++ UINT32_C(0x07060163), UINT32_C(0x07CA82E3), UINT32_C(0x07332717), ++ UINT32_C(0x0002DFB2), UINT32_C(0x03AD0A18), UINT32_C(0x0417995E), ++ UINT32_C(0x0326668F) }, ++ { UINT32_C(0x09EF75E3), UINT32_C(0x07B04772), UINT32_C(0x0852DCD8), ++ UINT32_C(0x06097708), UINT32_C(0x0B957C2C), UINT32_C(0x038B98A1), ++ UINT32_C(0x02B82598), UINT32_C(0x0F132C73), UINT32_C(0x04CE431B), ++ UINT32_C(0x07D4CBE1), UINT32_C(0x049BA972), UINT32_C(0x00D3788D), ++ UINT32_C(0x07EDE5A2), UINT32_C(0x0635F8BD), UINT32_C(0x0EB9AB1A), ++ UINT32_C(0x02C621B4), UINT32_C(0x0BCBFF41), UINT32_C(0x0439D1F9), ++ UINT32_C(0x003044A8) } }, ++ { { UINT32_C(0x0CF8D334), UINT32_C(0x037C1C48), UINT32_C(0x05CD52D5), ++ UINT32_C(0x047578F0), UINT32_C(0x0BE7BC07), UINT32_C(0x06E68827), ++ UINT32_C(0x076445CB), UINT32_C(0x0FEBF611), UINT32_C(0x00142073), ++ UINT32_C(0x029F031E), UINT32_C(0x076C6434), UINT32_C(0x0F98F9D0), ++ UINT32_C(0x034E14D3), UINT32_C(0x038E0268), UINT32_C(0x0191305B), ++ UINT32_C(0x032A0200), UINT32_C(0x05EF4C75), UINT32_C(0x02826331), ++ UINT32_C(0x04D82A88) }, ++ { UINT32_C(0x0D51E170), UINT32_C(0x00D3F07F), UINT32_C(0x08365D15), ++ UINT32_C(0x0781A3A1), UINT32_C(0x0D4BE663), UINT32_C(0x00175259), ++ UINT32_C(0x000C1FA1), UINT32_C(0x0F00FCE0), UINT32_C(0x00299B52), ++ UINT32_C(0x0C7D7E01), UINT32_C(0x052A3C59), UINT32_C(0x07C9CF44), ++ UINT32_C(0x05E7EE2B), UINT32_C(0x035E7031), UINT32_C(0x0FE2CB7C), ++ UINT32_C(0x0403D2B4), UINT32_C(0x0FC9A748), UINT32_C(0x07D461AF), ++ UINT32_C(0x006E35B5) } }, ++ { { UINT32_C(0x0594D02E), UINT32_C(0x075E6F14), UINT32_C(0x03360822), ++ UINT32_C(0x03E7DDDB), UINT32_C(0x0F1C6110), UINT32_C(0x072483CF), ++ UINT32_C(0x03ECF221), UINT32_C(0x0D658C87), UINT32_C(0x060AC74F), ++ UINT32_C(0x0F51CC4C), UINT32_C(0x03EB69F7), UINT32_C(0x07B2F64B), ++ UINT32_C(0x0242F07B), UINT32_C(0x058E5984), UINT32_C(0x03A0B7A4), ++ UINT32_C(0x03CE806B), UINT32_C(0x06139B85), UINT32_C(0x01DAAFE3), ++ UINT32_C(0x0130F7E5) }, ++ { UINT32_C(0x020891BB), UINT32_C(0x077E28D4), UINT32_C(0x0AAEAA8D), ++ UINT32_C(0x00B2D799), UINT32_C(0x0E10388A), UINT32_C(0x001DFD31), ++ UINT32_C(0x059F85F1), UINT32_C(0x00BC7E55), UINT32_C(0x05309429), ++ UINT32_C(0x0FEDF8A8), UINT32_C(0x06B52B0D), UINT32_C(0x0E3F8A44), ++ UINT32_C(0x07A8E2A2), UINT32_C(0x07D5866C), UINT32_C(0x02DBCD7C), ++ UINT32_C(0x02895FBE), UINT32_C(0x0F66BDAD), UINT32_C(0x048C3CAD), ++ UINT32_C(0x078587AD) } }, ++ { { UINT32_C(0x0B1B7656), UINT32_C(0x02A1E440), UINT32_C(0x04EF5EA7), ++ UINT32_C(0x059FA6A2), UINT32_C(0x0C68CD6D), UINT32_C(0x005E8043), ++ UINT32_C(0x01AE592B), UINT32_C(0x00DD5F88), UINT32_C(0x0559B430), ++ UINT32_C(0x0BF3DF59), UINT32_C(0x011CBD52), UINT32_C(0x0DDDE17B), ++ UINT32_C(0x031D26D8), UINT32_C(0x0148FB57), UINT32_C(0x04EDBF2D), ++ UINT32_C(0x07220D0D), UINT32_C(0x0F7B0807), UINT32_C(0x076B1F6E), ++ UINT32_C(0x0306320E) }, ++ { UINT32_C(0x07EEE80E), UINT32_C(0x0754C15A), UINT32_C(0x093487F6), ++ UINT32_C(0x023D5CA0), UINT32_C(0x00BD77C2), UINT32_C(0x0271EF5D), ++ UINT32_C(0x04FAEAB7), UINT32_C(0x07EBA560), UINT32_C(0x015A18D8), ++ UINT32_C(0x039861D4), UINT32_C(0x041FD3C8), UINT32_C(0x0D5863CB), ++ UINT32_C(0x066C5F53), UINT32_C(0x06380D15), UINT32_C(0x0E825C9F), ++ UINT32_C(0x00BA76BE), UINT32_C(0x0BC4E3B8), UINT32_C(0x06216B12), ++ UINT32_C(0x03B4F0D4) } }, ++ }, ++ { ++ { { UINT32_C(0x0201C48B), UINT32_C(0x073C85A8), UINT32_C(0x095DC61E), ++ UINT32_C(0x05F14993), UINT32_C(0x0123BD40), UINT32_C(0x05907610), ++ UINT32_C(0x046FBB4C), UINT32_C(0x0A0F3B82), UINT32_C(0x078A34BB), ++ UINT32_C(0x003DB127), UINT32_C(0x052D9AD5), UINT32_C(0x05103EE9), ++ UINT32_C(0x0465988A), UINT32_C(0x005F3641), UINT32_C(0x085495F9), ++ UINT32_C(0x069A8F20), UINT32_C(0x064AA21B), UINT32_C(0x007CCB01), ++ UINT32_C(0x04384B61) }, ++ { UINT32_C(0x051DE678), UINT32_C(0x07820FBE), UINT32_C(0x063426A0), ++ UINT32_C(0x01B262F0), UINT32_C(0x0B0B9013), UINT32_C(0x045C8465), ++ UINT32_C(0x0240C64E), UINT32_C(0x0DDA697F), UINT32_C(0x0201A64C), ++ UINT32_C(0x016B17DF), UINT32_C(0x065E1757), UINT32_C(0x0F6B7334), ++ UINT32_C(0x07ED2866), UINT32_C(0x028D6370), UINT32_C(0x0E25340A), ++ UINT32_C(0x002693F4), UINT32_C(0x07D889A8), UINT32_C(0x06B215F7), ++ UINT32_C(0x062B5959) } }, ++ { { UINT32_C(0x0D9C3B89), UINT32_C(0x077CC1DC), UINT32_C(0x013DDAA7), ++ UINT32_C(0x0111C6F8), UINT32_C(0x0577407F), UINT32_C(0x01FF52EA), ++ UINT32_C(0x06D56CA6), UINT32_C(0x06331227), UINT32_C(0x03AB576F), ++ UINT32_C(0x0CD7FD4F), UINT32_C(0x06AF74C0), UINT32_C(0x0AD52465), ++ UINT32_C(0x041865E8), UINT32_C(0x0546A928), UINT32_C(0x00FE8F9D), ++ UINT32_C(0x07C2CDD8), UINT32_C(0x0C0D3434), UINT32_C(0x030F8525), ++ UINT32_C(0x05B51E81) }, ++ { UINT32_C(0x08A5170B), UINT32_C(0x074FC061), UINT32_C(0x0060E606), ++ UINT32_C(0x017D8D1E), UINT32_C(0x0A8E0395), UINT32_C(0x0428DCF1), ++ UINT32_C(0x046F46B8), UINT32_C(0x05E254D7), UINT32_C(0x05D05211), ++ UINT32_C(0x0B46AD84), UINT32_C(0x03446BA1), UINT32_C(0x00CA5FED), ++ UINT32_C(0x02A8C267), UINT32_C(0x0570EC98), UINT32_C(0x0750367D), ++ UINT32_C(0x0362D78B), UINT32_C(0x0C84DA94), UINT32_C(0x07AF8D8F), ++ UINT32_C(0x0583AA8B) } }, ++ { { UINT32_C(0x09126FAC), UINT32_C(0x06B05898), UINT32_C(0x0872DF85), ++ UINT32_C(0x048C3352), UINT32_C(0x0331E5B3), UINT32_C(0x076671FB), ++ UINT32_C(0x02076524), UINT32_C(0x0492A4A3), UINT32_C(0x06D57C7C), ++ UINT32_C(0x052A5C41), UINT32_C(0x052CA0DF), UINT32_C(0x0E7D0224), ++ UINT32_C(0x07241BC6), UINT32_C(0x0234848A), UINT32_C(0x048CE05E), ++ UINT32_C(0x01B286B5), UINT32_C(0x0B054813), UINT32_C(0x02F6EDFC), ++ UINT32_C(0x0250A4D8) }, ++ { UINT32_C(0x0831CD9D), UINT32_C(0x04B04313), UINT32_C(0x0F484946), ++ UINT32_C(0x03B996C8), UINT32_C(0x00F547BB), UINT32_C(0x007A0AA7), ++ UINT32_C(0x065BBAA5), UINT32_C(0x014C49BC), UINT32_C(0x03D6CABB), ++ UINT32_C(0x01EF46B3), UINT32_C(0x05A5D159), UINT32_C(0x0EDE3DB4), ++ UINT32_C(0x00D1B3A0), UINT32_C(0x02F97DFA), UINT32_C(0x0D68EB87), ++ UINT32_C(0x06CE81C0), UINT32_C(0x00D73B27), UINT32_C(0x0342609A), ++ UINT32_C(0x019C049C) } }, ++ { { UINT32_C(0x08BC45E5), UINT32_C(0x015B0C25), UINT32_C(0x0B2A43B0), ++ UINT32_C(0x00067BBC), UINT32_C(0x07B24685), UINT32_C(0x0046140C), ++ UINT32_C(0x0157806B), UINT32_C(0x049AE2AD), UINT32_C(0x0113F8DF), ++ UINT32_C(0x06BBA162), UINT32_C(0x0534E07B), UINT32_C(0x086988E1), ++ UINT32_C(0x00E2C213), UINT32_C(0x0513FA95), UINT32_C(0x0EC2A78F), ++ UINT32_C(0x02E28447), UINT32_C(0x011B9FFF), UINT32_C(0x01506FAF), ++ UINT32_C(0x07B4C5A9) }, ++ { UINT32_C(0x0AE71753), UINT32_C(0x0151FA30), UINT32_C(0x091691B4), ++ UINT32_C(0x02ACCC22), UINT32_C(0x0BA74B18), UINT32_C(0x0073B635), ++ UINT32_C(0x02F0EB55), UINT32_C(0x0CC9DF51), UINT32_C(0x0784FCDA), ++ UINT32_C(0x0BFAD098), UINT32_C(0x03F5BFD6), UINT32_C(0x006AD5C5), ++ UINT32_C(0x014F12F5), UINT32_C(0x0745527A), UINT32_C(0x03A6506B), ++ UINT32_C(0x015CF2C8), UINT32_C(0x039A3185), UINT32_C(0x077CD12B), ++ UINT32_C(0x02A9BAF3) } }, ++ { { UINT32_C(0x00D9229F), UINT32_C(0x039D37CD), UINT32_C(0x0948ECC6), ++ UINT32_C(0x0072BCB0), UINT32_C(0x0A458017), UINT32_C(0x038A159B), ++ UINT32_C(0x0368034D), UINT32_C(0x0B0315FA), UINT32_C(0x01756900), ++ UINT32_C(0x04149285), UINT32_C(0x03FFBD8A), UINT32_C(0x0079E774), ++ UINT32_C(0x0702A2CF), UINT32_C(0x0641C3A8), UINT32_C(0x0F3751BA), ++ UINT32_C(0x028EDF14), UINT32_C(0x090F681A), UINT32_C(0x012CF177), ++ UINT32_C(0x04614034) }, ++ { UINT32_C(0x04E4C072), UINT32_C(0x07E207E1), UINT32_C(0x02D8F8F8), ++ UINT32_C(0x013BFA68), UINT32_C(0x0CC798F9), UINT32_C(0x014BAAD6), ++ UINT32_C(0x023BD550), UINT32_C(0x0919F8D1), UINT32_C(0x03C00ADA), ++ UINT32_C(0x0758236E), UINT32_C(0x058602C2), UINT32_C(0x0FA0FE24), ++ UINT32_C(0x01A8C5A6), UINT32_C(0x0026B4C4), UINT32_C(0x0534F014), ++ UINT32_C(0x02CF2A7F), UINT32_C(0x00192714), UINT32_C(0x04B51417), ++ UINT32_C(0x0168C607) } }, ++ { { UINT32_C(0x019403A6), UINT32_C(0x04E6BA92), UINT32_C(0x0065202D), ++ UINT32_C(0x06FDAE5F), UINT32_C(0x0AD1C130), UINT32_C(0x05C03BED), ++ UINT32_C(0x00D7CFCE), UINT32_C(0x02B63E74), UINT32_C(0x06CD8D97), ++ UINT32_C(0x00E7608A), UINT32_C(0x05009FCD), UINT32_C(0x01026095), ++ UINT32_C(0x058890EC), UINT32_C(0x0662F635), UINT32_C(0x0F16F3A2), ++ UINT32_C(0x06B88A1B), UINT32_C(0x000D681A), UINT32_C(0x05689B12), ++ UINT32_C(0x0620658C) }, ++ { UINT32_C(0x0B48EFBA), UINT32_C(0x01574FA6), UINT32_C(0x0FC77D17), ++ UINT32_C(0x06CDF2A2), UINT32_C(0x0DCEA8A9), UINT32_C(0x00B1DE26), ++ UINT32_C(0x009A7C7A), UINT32_C(0x0435CC54), UINT32_C(0x06E8AF2E), ++ UINT32_C(0x09AFC5BC), UINT32_C(0x05124055), UINT32_C(0x045BF6E2), ++ UINT32_C(0x0536C8AD), UINT32_C(0x073FE4CD), UINT32_C(0x0A467A40), ++ UINT32_C(0x03EB6B38), UINT32_C(0x05F039C6), UINT32_C(0x00622055), ++ UINT32_C(0x045DF262) } }, ++ { { UINT32_C(0x0C5E165D), UINT32_C(0x00A8610A), UINT32_C(0x062AF616), ++ UINT32_C(0x055190B9), UINT32_C(0x0F988454), UINT32_C(0x0395472A), ++ UINT32_C(0x036DCD3E), UINT32_C(0x0FDA6187), UINT32_C(0x036EC91D), ++ UINT32_C(0x0E66FCFC), UINT32_C(0x077BBD1F), UINT32_C(0x0DF3E1C9), ++ UINT32_C(0x040454AC), UINT32_C(0x03004F37), UINT32_C(0x0CBDED62), ++ UINT32_C(0x03DD5570), UINT32_C(0x05724DFF), UINT32_C(0x07B6002A), ++ UINT32_C(0x00B93C70) }, ++ { UINT32_C(0x06C8A9BC), UINT32_C(0x032D8B60), UINT32_C(0x0C0850D6), ++ UINT32_C(0x06C94F36), UINT32_C(0x0649CD3A), UINT32_C(0x000C0E51), ++ UINT32_C(0x07B40760), UINT32_C(0x0BFA6092), UINT32_C(0x019FB910), ++ UINT32_C(0x092A27FF), UINT32_C(0x02D6F975), UINT32_C(0x0E910EDA), ++ UINT32_C(0x01FFB3D4), UINT32_C(0x01814FFF), UINT32_C(0x0985A6F8), ++ UINT32_C(0x06787CA6), UINT32_C(0x0B7B7FC6), UINT32_C(0x01532265), ++ UINT32_C(0x06228702) } }, ++ { { UINT32_C(0x0391B195), UINT32_C(0x01F1A68F), UINT32_C(0x0AB9DD28), ++ UINT32_C(0x000B690E), UINT32_C(0x0C4FD58F), UINT32_C(0x05292C46), ++ UINT32_C(0x0017D075), UINT32_C(0x010E0044), UINT32_C(0x0709FE41), ++ UINT32_C(0x02F0CD13), UINT32_C(0x003D99BE), UINT32_C(0x0E6F68D8), ++ UINT32_C(0x04608708), UINT32_C(0x05B1F159), UINT32_C(0x0A4CFC70), ++ UINT32_C(0x02FB2946), UINT32_C(0x076D32E5), UINT32_C(0x0482F0ED), ++ UINT32_C(0x06ED3305) }, ++ { UINT32_C(0x05C4416F), UINT32_C(0x02270E15), UINT32_C(0x073143E0), ++ UINT32_C(0x02F4151F), UINT32_C(0x099069A7), UINT32_C(0x05437AEB), ++ UINT32_C(0x027A90CA), UINT32_C(0x0A75E48C), UINT32_C(0x013FC627), ++ UINT32_C(0x0300361B), UINT32_C(0x072745C2), UINT32_C(0x0C9DD555), ++ UINT32_C(0x05D86308), UINT32_C(0x03713AF4), UINT32_C(0x01AF9EBC), ++ UINT32_C(0x0157F18F), UINT32_C(0x0E008EAF), UINT32_C(0x0409010B), ++ UINT32_C(0x074F85AA) } }, ++ { { UINT32_C(0x045C5FF5), UINT32_C(0x046845EE), UINT32_C(0x074B8893), ++ UINT32_C(0x036C56E2), UINT32_C(0x0CC7B43B), UINT32_C(0x030C1789), ++ UINT32_C(0x05916A34), UINT32_C(0x0F2AFB7C), UINT32_C(0x0154EDEB), ++ UINT32_C(0x0407BF3E), UINT32_C(0x05362D80), UINT32_C(0x0CCA97B1), ++ UINT32_C(0x041BFF6D), UINT32_C(0x05DAE466), UINT32_C(0x07D9D691), ++ UINT32_C(0x023DBF89), UINT32_C(0x05162F52), UINT32_C(0x000CBF57), ++ UINT32_C(0x0154EDFD) }, ++ { UINT32_C(0x08BF712A), UINT32_C(0x06009B91), UINT32_C(0x0AFFBD38), ++ UINT32_C(0x03FD6332), UINT32_C(0x06CD1DC8), UINT32_C(0x06C678BF), ++ UINT32_C(0x0040E5CE), UINT32_C(0x02743457), UINT32_C(0x060DF50E), ++ UINT32_C(0x0691C947), UINT32_C(0x0746D675), UINT32_C(0x0D68B325), ++ UINT32_C(0x0290D55C), UINT32_C(0x015B144C), UINT32_C(0x05A0332F), ++ UINT32_C(0x0563DB53), UINT32_C(0x04CED890), UINT32_C(0x04AC67C8), ++ UINT32_C(0x04387D35) } }, ++ { { UINT32_C(0x0A66FBB8), UINT32_C(0x05FDBF97), UINT32_C(0x0A47124E), ++ UINT32_C(0x03FED0AF), UINT32_C(0x082B44B9), UINT32_C(0x0244ADCE), ++ UINT32_C(0x05980D8A), UINT32_C(0x0687D615), UINT32_C(0x07E4662D), ++ UINT32_C(0x03F2180A), UINT32_C(0x04BA4DB6), UINT32_C(0x03FE8141), ++ UINT32_C(0x04B2BC20), UINT32_C(0x006DF40A), UINT32_C(0x0AB2698D), ++ UINT32_C(0x0365D173), UINT32_C(0x08DE4017), UINT32_C(0x079E6BA2), ++ UINT32_C(0x02C7A033) }, ++ { UINT32_C(0x075570A1), UINT32_C(0x06A48901), UINT32_C(0x0492AC74), ++ UINT32_C(0x077D2844), UINT32_C(0x0DB87BFD), UINT32_C(0x01D218B2), ++ UINT32_C(0x0522DA69), UINT32_C(0x0B4F7CF4), UINT32_C(0x00841BC4), ++ UINT32_C(0x0E420155), UINT32_C(0x00BDBB35), UINT32_C(0x0BB5E945), ++ UINT32_C(0x06FE4123), UINT32_C(0x0435B025), UINT32_C(0x0ACCEA16), ++ UINT32_C(0x00BE381C), UINT32_C(0x0C3F4D0D), UINT32_C(0x03862E1B), ++ UINT32_C(0x04A46652) } }, ++ { { UINT32_C(0x009B3F23), UINT32_C(0x00CFBD75), UINT32_C(0x069BE715), ++ UINT32_C(0x009C9678), UINT32_C(0x013F2EB4), UINT32_C(0x04EE1278), ++ UINT32_C(0x06387FDD), UINT32_C(0x0329F9F1), UINT32_C(0x048E212F), ++ UINT32_C(0x0F24F073), UINT32_C(0x008F0FD5), UINT32_C(0x02F3DAFE), ++ UINT32_C(0x039C6160), UINT32_C(0x018F4D1D), UINT32_C(0x0E9D0F18), ++ UINT32_C(0x066F0916), UINT32_C(0x09931852), UINT32_C(0x040EEBEA), ++ UINT32_C(0x032448BB) }, ++ { UINT32_C(0x0C226E2C), UINT32_C(0x07706840), UINT32_C(0x0D3C1C34), ++ UINT32_C(0x07E4BA61), UINT32_C(0x0A51E4A1), UINT32_C(0x038E00FB), ++ UINT32_C(0x06E25F2A), UINT32_C(0x0C263EC1), UINT32_C(0x078D29D8), ++ UINT32_C(0x07C7272D), UINT32_C(0x0572E10B), UINT32_C(0x0B83C0DC), ++ UINT32_C(0x02179CDB), UINT32_C(0x066C84E3), UINT32_C(0x07675170), ++ UINT32_C(0x00BDF2F6), UINT32_C(0x0F52477D), UINT32_C(0x00FE3151), ++ UINT32_C(0x05460029) } }, ++ { { UINT32_C(0x0DA35EBF), UINT32_C(0x066B421E), UINT32_C(0x07116B3C), ++ UINT32_C(0x077330D7), UINT32_C(0x0CE4D316), UINT32_C(0x027318E8), ++ UINT32_C(0x04CA0B0C), UINT32_C(0x06EFBBCB), UINT32_C(0x027FF80D), ++ UINT32_C(0x07B56250), UINT32_C(0x03FBF443), UINT32_C(0x0E5E86E3), ++ UINT32_C(0x01050837), UINT32_C(0x027F8C63), UINT32_C(0x0040889F), ++ UINT32_C(0x0233D7DC), UINT32_C(0x085C1EB3), UINT32_C(0x0190948B), ++ UINT32_C(0x02A42839) }, ++ { UINT32_C(0x046020F0), UINT32_C(0x04A9DB75), UINT32_C(0x0C1F003A), ++ UINT32_C(0x05C091F8), UINT32_C(0x069D2F26), UINT32_C(0x05CBE28A), ++ UINT32_C(0x00B98CA0), UINT32_C(0x0C44F77C), UINT32_C(0x06591FB2), ++ UINT32_C(0x0336AA95), UINT32_C(0x05A28AC0), UINT32_C(0x0A8AC670), ++ UINT32_C(0x0735C3E5), UINT32_C(0x049911B7), UINT32_C(0x04F28112), ++ UINT32_C(0x0532B634), UINT32_C(0x00A3E84F), UINT32_C(0x06EA385D), ++ UINT32_C(0x01F2A03A) } }, ++ { { UINT32_C(0x06A09384), UINT32_C(0x0260C3CA), UINT32_C(0x092529A6), ++ UINT32_C(0x016D77CF), UINT32_C(0x0B8E2D9A), UINT32_C(0x01055E02), ++ UINT32_C(0x055BC4FD), UINT32_C(0x0CA2C0AF), UINT32_C(0x03A4ABF9), ++ UINT32_C(0x0290D54C), UINT32_C(0x07B6E3EE), UINT32_C(0x07074346), ++ UINT32_C(0x047E1F90), UINT32_C(0x06D2B228), UINT32_C(0x064225A4), ++ UINT32_C(0x06F125F2), UINT32_C(0x0D66264B), UINT32_C(0x01B0F052), ++ UINT32_C(0x070B7573) }, ++ { UINT32_C(0x0B2264B8), UINT32_C(0x04D4A619), UINT32_C(0x0AC1F517), ++ UINT32_C(0x049FE3F8), UINT32_C(0x08BEDBF0), UINT32_C(0x01EB5F66), ++ UINT32_C(0x0145535A), UINT32_C(0x042D102F), UINT32_C(0x04447303), ++ UINT32_C(0x067B60A3), UINT32_C(0x043A9645), UINT32_C(0x0D502303), ++ UINT32_C(0x0669CEC4), UINT32_C(0x052699E3), UINT32_C(0x0E740F66), ++ UINT32_C(0x011DF90D), UINT32_C(0x006017A2), UINT32_C(0x03C99A89), ++ UINT32_C(0x069500E3) } }, ++ { { UINT32_C(0x0184B415), UINT32_C(0x06F26FDD), UINT32_C(0x01E5007E), ++ UINT32_C(0x038A2542), UINT32_C(0x0DA8A807), UINT32_C(0x078F5424), ++ UINT32_C(0x04D3FA96), UINT32_C(0x0A456FBD), UINT32_C(0x062853C6), ++ UINT32_C(0x017211A6), UINT32_C(0x049854E5), UINT32_C(0x0A8F3585), ++ UINT32_C(0x079A3009), UINT32_C(0x07AFB481), UINT32_C(0x081AFE37), ++ UINT32_C(0x031A410E), UINT32_C(0x0EADF215), UINT32_C(0x02649FCC), ++ UINT32_C(0x00A68E58) }, ++ { UINT32_C(0x0A87B468), UINT32_C(0x0744629E), UINT32_C(0x010788AE), ++ UINT32_C(0x00DA10EC), UINT32_C(0x07BD591B), UINT32_C(0x07BC474E), ++ UINT32_C(0x02AE7E4E), UINT32_C(0x074ED106), UINT32_C(0x059550A8), ++ UINT32_C(0x0C2FBDF7), UINT32_C(0x078A0AB0), UINT32_C(0x019D9F46), ++ UINT32_C(0x030FE4BE), UINT32_C(0x00DF9F6A), UINT32_C(0x04D2A38F), ++ UINT32_C(0x052B1469), UINT32_C(0x005AE2E6), UINT32_C(0x07E6C02D), ++ UINT32_C(0x0283843A) } }, ++ { { UINT32_C(0x0784F95B), UINT32_C(0x01616DEF), UINT32_C(0x056C696A), ++ UINT32_C(0x03B98963), UINT32_C(0x085F2426), UINT32_C(0x07BDAC89), ++ UINT32_C(0x05EAFBF9), UINT32_C(0x09A4C8CC), UINT32_C(0x0558AA78), ++ UINT32_C(0x0D041BCD), UINT32_C(0x04BDD0B5), UINT32_C(0x037216D5), ++ UINT32_C(0x06BD4C93), UINT32_C(0x0042A72A), UINT32_C(0x0B4A6F17), ++ UINT32_C(0x0177EE47), UINT32_C(0x028752B7), UINT32_C(0x0750D182), ++ UINT32_C(0x04BE36EA) }, ++ { UINT32_C(0x01DCCF70), UINT32_C(0x05249FC9), UINT32_C(0x063EE812), ++ UINT32_C(0x0362E5A3), UINT32_C(0x017DB2F0), UINT32_C(0x05508041), ++ UINT32_C(0x078C050C), UINT32_C(0x0C161A22), UINT32_C(0x078E338A), ++ UINT32_C(0x0BB9EF36), UINT32_C(0x001185AB), UINT32_C(0x09058EAD), ++ UINT32_C(0x00D3AF42), UINT32_C(0x02FBEDA9), UINT32_C(0x0996A3FA), ++ UINT32_C(0x02E0B934), UINT32_C(0x08F57F1A), UINT32_C(0x025EB5CE), ++ UINT32_C(0x0254456F) } }, ++ { { UINT32_C(0x08F9B528), UINT32_C(0x04174130), UINT32_C(0x013E12B3), ++ UINT32_C(0x022B697D), UINT32_C(0x0B0CEF11), UINT32_C(0x03A2E8E2), ++ UINT32_C(0x00D96F4F), UINT32_C(0x0B4B7DF9), UINT32_C(0x0056458A), ++ UINT32_C(0x083BA433), UINT32_C(0x068A2473), UINT32_C(0x0D586B52), ++ UINT32_C(0x00ACD634), UINT32_C(0x01D1EAD7), UINT32_C(0x03036203), ++ UINT32_C(0x000C0094), UINT32_C(0x047A01B9), UINT32_C(0x0212F1A6), ++ UINT32_C(0x04D19921) }, ++ { UINT32_C(0x0837554E), UINT32_C(0x02ECC2C4), UINT32_C(0x0B80FBFE), ++ UINT32_C(0x07A5E03B), UINT32_C(0x041C1C48), UINT32_C(0x043DD0D4), ++ UINT32_C(0x04C36416), UINT32_C(0x0869B643), UINT32_C(0x028DC568), ++ UINT32_C(0x0F15A5D2), UINT32_C(0x00D7FC36), UINT32_C(0x04D7306E), ++ UINT32_C(0x0306A221), UINT32_C(0x04950B4A), UINT32_C(0x06DC4FCA), ++ UINT32_C(0x048D5878), UINT32_C(0x0032B7DE), UINT32_C(0x000E5973), ++ UINT32_C(0x04FFCD15) } }, ++ }, ++ { ++ { { UINT32_C(0x051368EE), UINT32_C(0x03C182D8), UINT32_C(0x0233E580), ++ UINT32_C(0x0467AAF9), UINT32_C(0x038EEE52), UINT32_C(0x01F8CCEB), ++ UINT32_C(0x04E7863B), UINT32_C(0x0974DE7F), UINT32_C(0x07C7D47D), ++ UINT32_C(0x01F4B806), UINT32_C(0x0059F163), UINT32_C(0x07DFA5B8), ++ UINT32_C(0x0449B3CD), UINT32_C(0x0378D1F4), UINT32_C(0x03486C59), ++ UINT32_C(0x02FFDC03), UINT32_C(0x0854568F), UINT32_C(0x017FDD91), ++ UINT32_C(0x0384B0DC) }, ++ { UINT32_C(0x08A3F84B), UINT32_C(0x065DE2C1), UINT32_C(0x085945B9), ++ UINT32_C(0x04E5C55A), UINT32_C(0x06CB12ED), UINT32_C(0x07B741CC), ++ UINT32_C(0x05B2C0EB), UINT32_C(0x0809AC7E), UINT32_C(0x04A46CA2), ++ UINT32_C(0x061FF16D), UINT32_C(0x03744313), UINT32_C(0x0C777A3B), ++ UINT32_C(0x0207FD18), UINT32_C(0x0539771F), UINT32_C(0x01004BCB), ++ UINT32_C(0x04A8FC6F), UINT32_C(0x0F0A63E8), UINT32_C(0x02373910), ++ UINT32_C(0x072840F7) } }, ++ { { UINT32_C(0x0E024391), UINT32_C(0x02781D5D), UINT32_C(0x05026331), ++ UINT32_C(0x025635CD), UINT32_C(0x0492939D), UINT32_C(0x00222466), ++ UINT32_C(0x0456BF4C), UINT32_C(0x07C8DEE7), UINT32_C(0x000178A5), ++ UINT32_C(0x051D50AE), UINT32_C(0x02CE451F), UINT32_C(0x01814C6B), ++ UINT32_C(0x0265AE7F), UINT32_C(0x0312E044), UINT32_C(0x0848FF64), ++ UINT32_C(0x013BB3DA), UINT32_C(0x0C153136), UINT32_C(0x019DF825), ++ UINT32_C(0x0462A6B6) }, ++ { UINT32_C(0x0E9AB68C), UINT32_C(0x04B05DA9), UINT32_C(0x04C2481A), ++ UINT32_C(0x076E7298), UINT32_C(0x09F0C636), UINT32_C(0x01F7D7D4), ++ UINT32_C(0x00F9BB8A), UINT32_C(0x0F077B4D), UINT32_C(0x0259165A), ++ UINT32_C(0x0592DC29), UINT32_C(0x02303769), UINT32_C(0x0EDF23B9), ++ UINT32_C(0x06E3C4F3), UINT32_C(0x026481C0), UINT32_C(0x033547D1), ++ UINT32_C(0x04349C82), UINT32_C(0x0FB49FD0), UINT32_C(0x03D48B1E), ++ UINT32_C(0x00EDD6A9) } }, ++ { { UINT32_C(0x09496A3E), UINT32_C(0x0779CC41), UINT32_C(0x0F31204C), ++ UINT32_C(0x01DD9727), UINT32_C(0x0B88711D), UINT32_C(0x0531C3F2), ++ UINT32_C(0x04294797), UINT32_C(0x043683B3), UINT32_C(0x05DBB4CC), ++ UINT32_C(0x06B27F93), UINT32_C(0x04CEFE76), UINT32_C(0x02EF8CFB), ++ UINT32_C(0x065C5182), UINT32_C(0x051D70E4), UINT32_C(0x0B92D89E), ++ UINT32_C(0x015A48BA), UINT32_C(0x00689714), UINT32_C(0x02F0F899), ++ UINT32_C(0x03A05527) }, ++ { UINT32_C(0x04B88B67), UINT32_C(0x0337896D), UINT32_C(0x0AC27DF4), ++ UINT32_C(0x02CFE168), UINT32_C(0x003AC24A), UINT32_C(0x0287B4A1), ++ UINT32_C(0x04C9337D), UINT32_C(0x0480FCAA), UINT32_C(0x0385E818), ++ UINT32_C(0x0698332E), UINT32_C(0x00B177F0), UINT32_C(0x088F3F24), ++ UINT32_C(0x056A2745), UINT32_C(0x06A53116), UINT32_C(0x0101CC1F), ++ UINT32_C(0x013E9DBA), UINT32_C(0x06227F55), UINT32_C(0x03D027B4), ++ UINT32_C(0x02CD8668) } }, ++ { { UINT32_C(0x0076683D), UINT32_C(0x076BEE0D), UINT32_C(0x0D7D7B4C), ++ UINT32_C(0x0108643A), UINT32_C(0x0F993C30), UINT32_C(0x07B71D95), ++ UINT32_C(0x029E4008), UINT32_C(0x034C59B6), UINT32_C(0x00E01922), ++ UINT32_C(0x062750BC), UINT32_C(0x00DA23D4), UINT32_C(0x0BF7FFAF), ++ UINT32_C(0x016F2E12), UINT32_C(0x0546677C), UINT32_C(0x038327C5), ++ UINT32_C(0x07930C31), UINT32_C(0x03297791), UINT32_C(0x06E93707), ++ UINT32_C(0x0731AA7A) }, ++ { UINT32_C(0x0B99594F), UINT32_C(0x0300795B), UINT32_C(0x0C5F3D55), ++ UINT32_C(0x01C1DE37), UINT32_C(0x02FD7C9F), UINT32_C(0x001493C6), ++ UINT32_C(0x07BB523B), UINT32_C(0x08D81CF9), UINT32_C(0x000974EA), ++ UINT32_C(0x04B4CFBC), UINT32_C(0x04354B41), UINT32_C(0x0644AB94), ++ UINT32_C(0x0251A61B), UINT32_C(0x0555FAF5), UINT32_C(0x03713B98), ++ UINT32_C(0x0597947C), UINT32_C(0x061DDC4D), UINT32_C(0x01C1E655), ++ UINT32_C(0x05DDAC10) } }, ++ { { UINT32_C(0x02662A6A), UINT32_C(0x0721BA5B), UINT32_C(0x08BFB362), ++ UINT32_C(0x02A23D78), UINT32_C(0x04F666A1), UINT32_C(0x060FB317), ++ UINT32_C(0x0729C7ED), UINT32_C(0x09B1B389), UINT32_C(0x031F8856), ++ UINT32_C(0x06913D9E), UINT32_C(0x0779217C), UINT32_C(0x0A3634CD), ++ UINT32_C(0x06292B3F), UINT32_C(0x01E6FDE6), UINT32_C(0x0F97C1F0), ++ UINT32_C(0x0698999D), UINT32_C(0x0D773548), UINT32_C(0x01ED7CE9), ++ UINT32_C(0x00FFC55A) }, ++ { UINT32_C(0x0D76A58E), UINT32_C(0x0195519C), UINT32_C(0x02C2F7AB), ++ UINT32_C(0x061D1820), UINT32_C(0x09A1252D), UINT32_C(0x07772B8E), ++ UINT32_C(0x05554A30), UINT32_C(0x0687BCF0), UINT32_C(0x06CE8978), ++ UINT32_C(0x0961AAB6), UINT32_C(0x0611194A), UINT32_C(0x097F9E4C), ++ UINT32_C(0x07E8543A), UINT32_C(0x076F7FC5), UINT32_C(0x039F7F09), ++ UINT32_C(0x074DF751), UINT32_C(0x000B4239), UINT32_C(0x010D59A8), ++ UINT32_C(0x03F90438) } }, ++ { { UINT32_C(0x0DA09D54), UINT32_C(0x06AF7630), UINT32_C(0x02BF95A8), ++ UINT32_C(0x055D4226), UINT32_C(0x059FD1D0), UINT32_C(0x06B060C9), ++ UINT32_C(0x07D177E4), UINT32_C(0x03F4F180), UINT32_C(0x021C92CF), ++ UINT32_C(0x02D3DD59), UINT32_C(0x048EB409), UINT32_C(0x07E17E45), ++ UINT32_C(0x05EEE57B), UINT32_C(0x01B0CED0), UINT32_C(0x0E7E68AB), ++ UINT32_C(0x043C0C09), UINT32_C(0x0A766549), UINT32_C(0x0006D7E3), ++ UINT32_C(0x06CB262D) }, ++ { UINT32_C(0x045007F6), UINT32_C(0x077C78B0), UINT32_C(0x006040A8), ++ UINT32_C(0x06713C8D), UINT32_C(0x09341EBC), UINT32_C(0x0236E27C), ++ UINT32_C(0x055A82B4), UINT32_C(0x06F7750F), UINT32_C(0x0669305F), ++ UINT32_C(0x017EE81A), UINT32_C(0x01216750), UINT32_C(0x0ED65974), ++ UINT32_C(0x03FEF768), UINT32_C(0x01F1588F), UINT32_C(0x0E26B74A), ++ UINT32_C(0x078B116C), UINT32_C(0x0B1F0885), UINT32_C(0x05EF5659), ++ UINT32_C(0x02E63355) } }, ++ { { UINT32_C(0x0FB0D3ED), UINT32_C(0x003E5A50), UINT32_C(0x0C55AAAF), ++ UINT32_C(0x0289AC3D), UINT32_C(0x05EF5174), UINT32_C(0x0719E0EE), ++ UINT32_C(0x01A9C3D8), UINT32_C(0x0DE06CD1), UINT32_C(0x07ED918A), ++ UINT32_C(0x0BF6A107), UINT32_C(0x06149FAB), UINT32_C(0x0880197B), ++ UINT32_C(0x060CCF4B), UINT32_C(0x015F00A0), UINT32_C(0x026084C4), ++ UINT32_C(0x06C15B05), UINT32_C(0x04E4098B), UINT32_C(0x063ED2C8), ++ UINT32_C(0x058C6384) }, ++ { UINT32_C(0x040FA002), UINT32_C(0x01B4B412), UINT32_C(0x08A0A8F3), ++ UINT32_C(0x015D5274), UINT32_C(0x0B3D6C31), UINT32_C(0x0241F67E), ++ UINT32_C(0x0383A0C0), UINT32_C(0x0D2CCE25), UINT32_C(0x07A721DD), ++ UINT32_C(0x0FD7994F), UINT32_C(0x04852FC2), UINT32_C(0x0EEB0BC8), ++ UINT32_C(0x05CF0812), UINT32_C(0x06594895), UINT32_C(0x0F6294B1), ++ UINT32_C(0x047E9685), UINT32_C(0x03C1ADBF), UINT32_C(0x00B567D9), ++ UINT32_C(0x005C4AB1) } }, ++ { { UINT32_C(0x0696BA83), UINT32_C(0x06603D4F), UINT32_C(0x0885A978), ++ UINT32_C(0x011657F3), UINT32_C(0x0774554D), UINT32_C(0x01806495), ++ UINT32_C(0x01B33254), UINT32_C(0x0A1BB9D6), UINT32_C(0x03A6DF67), ++ UINT32_C(0x03AB9C8C), UINT32_C(0x0737480A), UINT32_C(0x00203D86), ++ UINT32_C(0x04CE906D), UINT32_C(0x0751DBBB), UINT32_C(0x01AB53E1), ++ UINT32_C(0x01405C83), UINT32_C(0x0894C75D), UINT32_C(0x02ACD3EC), ++ UINT32_C(0x02926ACF) }, ++ { UINT32_C(0x0E8C01EF), UINT32_C(0x043477F5), UINT32_C(0x068FA361), ++ UINT32_C(0x07FC59F7), UINT32_C(0x04967BAC), UINT32_C(0x0236FCA8), ++ UINT32_C(0x053E4F2C), UINT32_C(0x02BA3E65), UINT32_C(0x05F9F6F0), ++ UINT32_C(0x064247B4), UINT32_C(0x021B5084), UINT32_C(0x0894325C), ++ UINT32_C(0x04EFE79C), UINT32_C(0x0188ED3F), UINT32_C(0x0D4FE809), ++ UINT32_C(0x044BAE94), UINT32_C(0x0C8112AE), UINT32_C(0x05C68229), ++ UINT32_C(0x07D43896) } }, ++ { { UINT32_C(0x046C1FB6), UINT32_C(0x077D8036), UINT32_C(0x0295DD8C), ++ UINT32_C(0x04452F28), UINT32_C(0x0B23C464), UINT32_C(0x0644D5BA), ++ UINT32_C(0x05069E01), UINT32_C(0x090DF002), UINT32_C(0x03B40591), ++ UINT32_C(0x01F28172), UINT32_C(0x06905D57), UINT32_C(0x0DF1C74E), ++ UINT32_C(0x05CE4958), UINT32_C(0x079BDE8E), UINT32_C(0x0D3F2F1A), ++ UINT32_C(0x04E07C5F), UINT32_C(0x088FF1FA), UINT32_C(0x05C72030), ++ UINT32_C(0x03BE09B6) }, ++ { UINT32_C(0x0A78B572), UINT32_C(0x052D6B4B), UINT32_C(0x091101F1), ++ UINT32_C(0x01EB64B1), UINT32_C(0x0AA87947), UINT32_C(0x01ECBA5D), ++ UINT32_C(0x03E02CC6), UINT32_C(0x0FDA4839), UINT32_C(0x02FF59B8), ++ UINT32_C(0x0CA6ED0F), UINT32_C(0x06C0BD08), UINT32_C(0x0948203F), ++ UINT32_C(0x00417563), UINT32_C(0x03ED5E44), UINT32_C(0x09D9F1D1), ++ UINT32_C(0x043138E9), UINT32_C(0x087C76A9), UINT32_C(0x0436C464), ++ UINT32_C(0x065BC41C) } }, ++ { { UINT32_C(0x0878503F), UINT32_C(0x02F87D12), UINT32_C(0x02476646), ++ UINT32_C(0x0245CC6E), UINT32_C(0x0D4C90B6), UINT32_C(0x03F5323B), ++ UINT32_C(0x05B608C2), UINT32_C(0x0E11AA7B), UINT32_C(0x03BBF4CC), ++ UINT32_C(0x0E62F0E5), UINT32_C(0x03FDD83B), UINT32_C(0x01FAF12E), ++ UINT32_C(0x00E02D6E), UINT32_C(0x0404666D), UINT32_C(0x0A39480C), ++ UINT32_C(0x05904EE4), UINT32_C(0x0D422EC7), UINT32_C(0x009272AF), ++ UINT32_C(0x065E518B) }, ++ { UINT32_C(0x0947A480), UINT32_C(0x0638CCA2), UINT32_C(0x0B86EFCD), ++ UINT32_C(0x04C5912B), UINT32_C(0x0416F142), UINT32_C(0x066CD9A8), ++ UINT32_C(0x0062F342), UINT32_C(0x030CBA20), UINT32_C(0x0675D320), ++ UINT32_C(0x02C4F492), UINT32_C(0x04263BD8), UINT32_C(0x0B10ED23), ++ UINT32_C(0x00458FD7), UINT32_C(0x064D3804), UINT32_C(0x030CE729), ++ UINT32_C(0x055F1902), UINT32_C(0x005C9288), UINT32_C(0x05B65212), ++ UINT32_C(0x03463ED7) } }, ++ { { UINT32_C(0x0002FA40), UINT32_C(0x019C27F1), UINT32_C(0x00CBB750), ++ UINT32_C(0x03DB3435), UINT32_C(0x07286E98), UINT32_C(0x0279AAFF), ++ UINT32_C(0x06D46384), UINT32_C(0x0A49DB6A), UINT32_C(0x0137478E), ++ UINT32_C(0x07036ADC), UINT32_C(0x0156A020), UINT32_C(0x03444CA2), ++ UINT32_C(0x014A059C), UINT32_C(0x062920C4), UINT32_C(0x05340D48), ++ UINT32_C(0x07AB2B40), UINT32_C(0x060E1CBF), UINT32_C(0x06DBC3C7), ++ UINT32_C(0x02A6E451) }, ++ { UINT32_C(0x02203C97), UINT32_C(0x0318811D), UINT32_C(0x02528A1B), ++ UINT32_C(0x04016192), UINT32_C(0x002C3086), UINT32_C(0x031D212C), ++ UINT32_C(0x03FC1DA6), UINT32_C(0x0E3A234E), UINT32_C(0x048A2B44), ++ UINT32_C(0x046AB91A), UINT32_C(0x03F8806B), UINT32_C(0x073943DE), ++ UINT32_C(0x02B12570), UINT32_C(0x024DEAC9), UINT32_C(0x08C3B2AA), ++ UINT32_C(0x06910619), UINT32_C(0x01EBE0ED), UINT32_C(0x04FB5E82), ++ UINT32_C(0x068938E9) } }, ++ { { UINT32_C(0x06A8409F), UINT32_C(0x03819FA0), UINT32_C(0x04EBCC7D), ++ UINT32_C(0x05295667), UINT32_C(0x00BD47C4), UINT32_C(0x02F397A5), ++ UINT32_C(0x00B133A1), UINT32_C(0x073E4AFA), UINT32_C(0x0760D526), ++ UINT32_C(0x0D372CAA), UINT32_C(0x0068759A), UINT32_C(0x09A7813F), ++ UINT32_C(0x000A0F4E), UINT32_C(0x01EAF02F), UINT32_C(0x09F88085), ++ UINT32_C(0x0117D84A), UINT32_C(0x0B583330), UINT32_C(0x07FFDDE3), ++ UINT32_C(0x00C0B54F) }, ++ { UINT32_C(0x0593BC03), UINT32_C(0x05294489), UINT32_C(0x0C95575C), ++ UINT32_C(0x06A16930), UINT32_C(0x07E57953), UINT32_C(0x04258C35), ++ UINT32_C(0x027EF886), UINT32_C(0x09A129B5), UINT32_C(0x034A8854), ++ UINT32_C(0x0BB5AF8F), UINT32_C(0x0469C5BA), UINT32_C(0x000C4849), ++ UINT32_C(0x00CE9665), UINT32_C(0x02759E17), UINT32_C(0x087D763E), ++ UINT32_C(0x03FB717D), UINT32_C(0x0F3FD635), UINT32_C(0x007CA5FC), ++ UINT32_C(0x01D3A8B2) } }, ++ { { UINT32_C(0x068172DA), UINT32_C(0x05B9F788), UINT32_C(0x0612E973), ++ UINT32_C(0x0052E050), UINT32_C(0x099B39D0), UINT32_C(0x061F5F0F), ++ UINT32_C(0x0799AF1A), UINT32_C(0x0466C10B), UINT32_C(0x0680E8D3), ++ UINT32_C(0x04361EC0), UINT32_C(0x05210B2E), UINT32_C(0x0DF23AB3), ++ UINT32_C(0x02B3A0B2), UINT32_C(0x0380194E), UINT32_C(0x09D77AFB), ++ UINT32_C(0x06BCE4AB), UINT32_C(0x05EAD2E7), UINT32_C(0x02DD9B74), ++ UINT32_C(0x033D66F2) }, ++ { UINT32_C(0x0BF1C993), UINT32_C(0x04E38933), UINT32_C(0x02FC4FAF), ++ UINT32_C(0x0461AE62), UINT32_C(0x0F6D1B38), UINT32_C(0x021B47B4), ++ UINT32_C(0x01F061C9), UINT32_C(0x051CC234), UINT32_C(0x01C8E186), ++ UINT32_C(0x001C7EF9), UINT32_C(0x0664E0E2), UINT32_C(0x048E8CC7), ++ UINT32_C(0x015C9670), UINT32_C(0x0481B87A), UINT32_C(0x05BCAD05), ++ UINT32_C(0x003B38E6), UINT32_C(0x00886CA1), UINT32_C(0x00B0D706), ++ UINT32_C(0x026557A5) } }, ++ { { UINT32_C(0x05F0E5DA), UINT32_C(0x03682274), UINT32_C(0x0F4E352F), ++ UINT32_C(0x0105AE83), UINT32_C(0x0A820E71), UINT32_C(0x022C5CEC), ++ UINT32_C(0x03DD2CFC), UINT32_C(0x0298E61A), UINT32_C(0x00120917), ++ UINT32_C(0x0B0B64DF), UINT32_C(0x03C1333E), UINT32_C(0x03C5D41B), ++ UINT32_C(0x04B5D215), UINT32_C(0x0187971D), UINT32_C(0x0389EAD7), ++ UINT32_C(0x03CFCCE2), UINT32_C(0x063F13FF), UINT32_C(0x0652C165), ++ UINT32_C(0x07742EFC) }, ++ { UINT32_C(0x0931C0F0), UINT32_C(0x018F45E5), UINT32_C(0x0C4C756D), ++ UINT32_C(0x0537A469), UINT32_C(0x0433FB52), UINT32_C(0x0754DECC), ++ UINT32_C(0x04D896F7), UINT32_C(0x04335219), UINT32_C(0x073BBC0E), ++ UINT32_C(0x083BA2C0), UINT32_C(0x012D3B9E), UINT32_C(0x023EABD5), ++ UINT32_C(0x04475CF9), UINT32_C(0x07A0DA39), UINT32_C(0x088DDF48), ++ UINT32_C(0x002FFFDF), UINT32_C(0x0D8B7000), UINT32_C(0x06504250), ++ UINT32_C(0x00F1A818) } }, ++ { { UINT32_C(0x052228CC), UINT32_C(0x06FA4348), UINT32_C(0x0F049E30), ++ UINT32_C(0x0713CA99), UINT32_C(0x0E5D39FE), UINT32_C(0x0057B8DA), ++ UINT32_C(0x003125E1), UINT32_C(0x0CC15492), UINT32_C(0x07700BE8), ++ UINT32_C(0x08CFE785), UINT32_C(0x00CEB57F), UINT32_C(0x0F478327), ++ UINT32_C(0x05A00945), UINT32_C(0x0490F14E), UINT32_C(0x025BA378), ++ UINT32_C(0x060ED998), UINT32_C(0x01B249B5), UINT32_C(0x0023BC4C), ++ UINT32_C(0x04DEDEC8) }, ++ { UINT32_C(0x0BA1E090), UINT32_C(0x027EBAC8), UINT32_C(0x0DD6FE71), ++ UINT32_C(0x01F0ADDC), UINT32_C(0x0549F634), UINT32_C(0x06BE8416), ++ UINT32_C(0x02F156E2), UINT32_C(0x0A531A53), UINT32_C(0x00AFBE73), ++ UINT32_C(0x0FFF18EB), UINT32_C(0x0020C1DC), UINT32_C(0x0F409F61), ++ UINT32_C(0x04E3859C), UINT32_C(0x015D5ECF), UINT32_C(0x03B3F268), ++ UINT32_C(0x0288B503), UINT32_C(0x03A276BD), UINT32_C(0x0286EE9C), ++ UINT32_C(0x03166F91) } }, ++ { { UINT32_C(0x0F1CAC2C), UINT32_C(0x035777A8), UINT32_C(0x0AF34113), ++ UINT32_C(0x050DD855), UINT32_C(0x0B6BC9C1), UINT32_C(0x07010D91), ++ UINT32_C(0x0452008D), UINT32_C(0x0471A3DA), UINT32_C(0x05830FDC), ++ UINT32_C(0x0F222BBE), UINT32_C(0x04848384), UINT32_C(0x049CFD4D), ++ UINT32_C(0x01817D66), UINT32_C(0x0724627E), UINT32_C(0x082270B8), ++ UINT32_C(0x07ED5A0F), UINT32_C(0x0EEA015A), UINT32_C(0x0700F77E), ++ UINT32_C(0x007E36E1) }, ++ { UINT32_C(0x09244F78), UINT32_C(0x049DAC0A), UINT32_C(0x0573D581), ++ UINT32_C(0x001D1B4C), UINT32_C(0x0F0116EB), UINT32_C(0x03CFFD42), ++ UINT32_C(0x043FFF66), UINT32_C(0x048523A0), UINT32_C(0x0671CEF3), ++ UINT32_C(0x0EC2D7AF), UINT32_C(0x0049EBD0), UINT32_C(0x0F4034B6), ++ UINT32_C(0x05C34B54), UINT32_C(0x025E680B), UINT32_C(0x0D2C5BEA), ++ UINT32_C(0x06F544F6), UINT32_C(0x0B0CFA5A), UINT32_C(0x018276AE), ++ UINT32_C(0x077D6B16) } }, ++ }, ++ { ++ { { UINT32_C(0x00E10587), UINT32_C(0x01885D11), UINT32_C(0x00A74863), ++ UINT32_C(0x02F34C13), UINT32_C(0x0BD4B6A2), UINT32_C(0x00E26C23), ++ UINT32_C(0x07F483FF), UINT32_C(0x0A97D9DC), UINT32_C(0x02338A61), ++ UINT32_C(0x07F72547), UINT32_C(0x03535AFC), UINT32_C(0x0B8E96B4), ++ UINT32_C(0x001E804D), UINT32_C(0x03BD1DFE), UINT32_C(0x0A6ED29A), ++ UINT32_C(0x0634588A), UINT32_C(0x0F0F6D32), UINT32_C(0x0117DDE8), ++ UINT32_C(0x037107C5) }, ++ { UINT32_C(0x0BF698BD), UINT32_C(0x0671195E), UINT32_C(0x0E9DC570), ++ UINT32_C(0x052CBC52), UINT32_C(0x0C08C8ED), UINT32_C(0x04213081), ++ UINT32_C(0x00A08E33), UINT32_C(0x0A4BC1ED), UINT32_C(0x00B396EB), ++ UINT32_C(0x0FF34D08), UINT32_C(0x04A4BDD9), UINT32_C(0x0A6F615E), ++ UINT32_C(0x0534B5A0), UINT32_C(0x0057D6A7), UINT32_C(0x0F6CE02C), ++ UINT32_C(0x06F6315B), UINT32_C(0x0D666709), UINT32_C(0x050AF998), ++ UINT32_C(0x006F0E3F) } }, ++ { { UINT32_C(0x06965640), UINT32_C(0x0081356B), UINT32_C(0x0F41E038), ++ UINT32_C(0x06713218), UINT32_C(0x0FB9E806), UINT32_C(0x0121D001), ++ UINT32_C(0x07B97EDD), UINT32_C(0x0CDDEFA2), UINT32_C(0x0585D94D), ++ UINT32_C(0x065F4CD7), UINT32_C(0x03CFC91B), UINT32_C(0x06B603EF), ++ UINT32_C(0x07128C67), UINT32_C(0x030595F0), UINT32_C(0x0E51FB71), ++ UINT32_C(0x06217FBE), UINT32_C(0x0B730732), UINT32_C(0x06277C1D), ++ UINT32_C(0x04AE17C6) }, ++ { UINT32_C(0x0CFB1D0D), UINT32_C(0x053AA14E), UINT32_C(0x0442F9BE), ++ UINT32_C(0x0786EEC1), UINT32_C(0x0EF775DF), UINT32_C(0x07A66D5B), ++ UINT32_C(0x032CDF98), UINT32_C(0x0CA3E106), UINT32_C(0x07042EBA), ++ UINT32_C(0x00FD51A1), UINT32_C(0x02B743F2), UINT32_C(0x0D214308), ++ UINT32_C(0x03293BD7), UINT32_C(0x0635DC49), UINT32_C(0x0EB86870), ++ UINT32_C(0x03EB73BF), UINT32_C(0x07F02587), UINT32_C(0x0017A824), ++ UINT32_C(0x01F012DD) } }, ++ { { UINT32_C(0x0E0BF039), UINT32_C(0x003B2CD3), UINT32_C(0x0C2C0F48), ++ UINT32_C(0x039AED35), UINT32_C(0x044C7CCC), UINT32_C(0x0364D078), ++ UINT32_C(0x02C04409), UINT32_C(0x0CAEF9C4), UINT32_C(0x05C37F4A), ++ UINT32_C(0x0D99EE77), UINT32_C(0x0200140A), UINT32_C(0x0A3BBBDE), ++ UINT32_C(0x041E7C9A), UINT32_C(0x0371B744), UINT32_C(0x05A165FF), ++ UINT32_C(0x05A7216A), UINT32_C(0x0A9CE444), UINT32_C(0x03DD4951), ++ UINT32_C(0x031EC3D2) }, ++ { UINT32_C(0x08EAF6EB), UINT32_C(0x0703CD67), UINT32_C(0x0DEBC6FB), ++ UINT32_C(0x079F8F47), UINT32_C(0x090D3A5B), UINT32_C(0x05FF4EFE), ++ UINT32_C(0x05A2BC42), UINT32_C(0x006C3961), UINT32_C(0x00795219), ++ UINT32_C(0x0FF8315E), UINT32_C(0x05BD4244), UINT32_C(0x02EEA381), ++ UINT32_C(0x02022F89), UINT32_C(0x07878373), UINT32_C(0x084B3FA1), ++ UINT32_C(0x0715713B), UINT32_C(0x0EF55815), UINT32_C(0x0748BA61), ++ UINT32_C(0x0445AEE6) } }, ++ { { UINT32_C(0x0DCBF5E2), UINT32_C(0x03557A9E), UINT32_C(0x063D2A67), ++ UINT32_C(0x00EFE9F6), UINT32_C(0x09FA350B), UINT32_C(0x03896396), ++ UINT32_C(0x01F8036E), UINT32_C(0x0DC0F10D), UINT32_C(0x02B56329), ++ UINT32_C(0x02504A0F), UINT32_C(0x063A7100), UINT32_C(0x0FA5A9E7), ++ UINT32_C(0x07665FD9), UINT32_C(0x05DE4FB8), UINT32_C(0x00484D0C), ++ UINT32_C(0x03AEE4FB), UINT32_C(0x046B10E6), UINT32_C(0x04D5E0D6), ++ UINT32_C(0x01F835F4) }, ++ { UINT32_C(0x047D2B4B), UINT32_C(0x05847634), UINT32_C(0x0C0A675C), ++ UINT32_C(0x00120157), UINT32_C(0x07AF8F0E), UINT32_C(0x0251A99B), ++ UINT32_C(0x00CEE4D0), UINT32_C(0x07351889), UINT32_C(0x0621596F), ++ UINT32_C(0x00C5618B), UINT32_C(0x066E65D2), UINT32_C(0x049D9FBE), ++ UINT32_C(0x01E37BCF), UINT32_C(0x01C629C9), UINT32_C(0x0EC1F561), ++ UINT32_C(0x02AFE546), UINT32_C(0x0005751E), UINT32_C(0x018C42B2), ++ UINT32_C(0x01EAA03C) } }, ++ { { UINT32_C(0x0D959BD9), UINT32_C(0x038EEBBB), UINT32_C(0x08419A01), ++ UINT32_C(0x05F1CCBE), UINT32_C(0x03171501), UINT32_C(0x07C18C55), ++ UINT32_C(0x035306D9), UINT32_C(0x011DBDEA), UINT32_C(0x036E5963), ++ UINT32_C(0x090BCEBA), UINT32_C(0x01350854), UINT32_C(0x0BB28AF5), ++ UINT32_C(0x04F74928), UINT32_C(0x0330FF01), UINT32_C(0x095BA009), ++ UINT32_C(0x0578BFB6), UINT32_C(0x0FCF0801), UINT32_C(0x03302535), ++ UINT32_C(0x06BFF304) }, ++ { UINT32_C(0x0384E611), UINT32_C(0x00AD5348), UINT32_C(0x0E493BE6), ++ UINT32_C(0x03CA4CDB), UINT32_C(0x0C4D1BD5), UINT32_C(0x027B8CE4), ++ UINT32_C(0x02E5B4CB), UINT32_C(0x0707AF6D), UINT32_C(0x06A39971), ++ UINT32_C(0x0BA42E4C), UINT32_C(0x0755E74C), UINT32_C(0x04AD6360), ++ UINT32_C(0x068A6F0D), UINT32_C(0x023144DE), UINT32_C(0x07375993), ++ UINT32_C(0x02780B3A), UINT32_C(0x0E492027), UINT32_C(0x05808694), ++ UINT32_C(0x07431A53) } }, ++ { { UINT32_C(0x010FBD04), UINT32_C(0x019723AA), UINT32_C(0x025CF109), ++ UINT32_C(0x03F3A3A7), UINT32_C(0x0D9D8E3F), UINT32_C(0x02F7C4B0), ++ UINT32_C(0x03DF7DF6), UINT32_C(0x0B60F06D), UINT32_C(0x02A5D26D), ++ UINT32_C(0x0C5F86A4), UINT32_C(0x06E7FCD9), UINT32_C(0x0DEF388F), ++ UINT32_C(0x05AC83A6), UINT32_C(0x0217A751), UINT32_C(0x00401D85), ++ UINT32_C(0x075A320E), UINT32_C(0x01AE8195), UINT32_C(0x06F4F327), ++ UINT32_C(0x04C77D2F) }, ++ { UINT32_C(0x09493BE8), UINT32_C(0x00A14C7B), UINT32_C(0x091C8FF9), ++ UINT32_C(0x01DEAA22), UINT32_C(0x0AB4BA27), UINT32_C(0x0562E012), ++ UINT32_C(0x07519BAB), UINT32_C(0x062D9AAA), UINT32_C(0x058B7863), ++ UINT32_C(0x08A2419C), UINT32_C(0x035D8277), UINT32_C(0x0F5C3CF3), ++ UINT32_C(0x03527C6B), UINT32_C(0x00F3B9E0), UINT32_C(0x0EF25B4A), ++ UINT32_C(0x0127A8B4), UINT32_C(0x0CE17BD2), UINT32_C(0x0195E53E), ++ UINT32_C(0x071B9B4C) } }, ++ { { UINT32_C(0x0DAA2FB7), UINT32_C(0x021B0EB2), UINT32_C(0x0B55E936), ++ UINT32_C(0x057A20CC), UINT32_C(0x01398941), UINT32_C(0x06E0BA5C), ++ UINT32_C(0x07DEDA3A), UINT32_C(0x00B1377E), UINT32_C(0x008093F5), ++ UINT32_C(0x00F8C281), UINT32_C(0x05D4332E), UINT32_C(0x0CF54E5F), ++ UINT32_C(0x039D7F62), UINT32_C(0x0699AB5B), UINT32_C(0x05FE8914), ++ UINT32_C(0x01C38070), UINT32_C(0x0685A0AC), UINT32_C(0x0104BEEE), ++ UINT32_C(0x06E340C1) }, ++ { UINT32_C(0x0FDAA949), UINT32_C(0x02A92433), UINT32_C(0x04E882FB), ++ UINT32_C(0x0435EA3D), UINT32_C(0x0CFC4BD1), UINT32_C(0x065698D5), ++ UINT32_C(0x02B61BEC), UINT32_C(0x0A7025E9), UINT32_C(0x06C77C84), ++ UINT32_C(0x066340BA), UINT32_C(0x07C0B02F), UINT32_C(0x0F9B4BCA), ++ UINT32_C(0x0207D1CA), UINT32_C(0x061D80D9), UINT32_C(0x061524CC), ++ UINT32_C(0x03F6A9F8), UINT32_C(0x094B6D53), UINT32_C(0x017C53E1), ++ UINT32_C(0x00BC771D) } }, ++ { { UINT32_C(0x0C8D6167), UINT32_C(0x0171F9BD), UINT32_C(0x05943DEC), ++ UINT32_C(0x01837B9B), UINT32_C(0x06E46FBD), UINT32_C(0x050C893D), ++ UINT32_C(0x0034F50C), UINT32_C(0x0E98EEDA), UINT32_C(0x06603ADA), ++ UINT32_C(0x0FF3362D), UINT32_C(0x023406A4), UINT32_C(0x03DC7095), ++ UINT32_C(0x03BCCC93), UINT32_C(0x033BDFE7), UINT32_C(0x0AA65D81), ++ UINT32_C(0x0739E2AF), UINT32_C(0x03455112), UINT32_C(0x06643DC0), ++ UINT32_C(0x020DF18F) }, ++ { UINT32_C(0x084BF04E), UINT32_C(0x024B7756), UINT32_C(0x059E51F9), ++ UINT32_C(0x05998215), UINT32_C(0x03684ACA), UINT32_C(0x065BD6DC), ++ UINT32_C(0x03075ACB), UINT32_C(0x01AD9C9A), UINT32_C(0x07375334), ++ UINT32_C(0x01731A12), UINT32_C(0x000384D3), UINT32_C(0x02632FF6), ++ UINT32_C(0x0023BB3A), UINT32_C(0x0348AF93), UINT32_C(0x088B02BB), ++ UINT32_C(0x02C7DE6E), UINT32_C(0x0933F326), UINT32_C(0x00B1B61E), ++ UINT32_C(0x076AC60E) } }, ++ { { UINT32_C(0x0757C756), UINT32_C(0x05545A21), UINT32_C(0x018FFA93), ++ UINT32_C(0x06C9A78F), UINT32_C(0x02C61841), UINT32_C(0x040A1739), ++ UINT32_C(0x04441B1D), UINT32_C(0x052E0E81), UINT32_C(0x07E14C4D), ++ UINT32_C(0x0FFFC0D5), UINT32_C(0x03072E2E), UINT32_C(0x007584A9), ++ UINT32_C(0x01259E6D), UINT32_C(0x002D25F5), UINT32_C(0x0C519B94), ++ UINT32_C(0x01BB1C14), UINT32_C(0x02CEB824), UINT32_C(0x02BBBEA4), ++ UINT32_C(0x035E112A) }, ++ { UINT32_C(0x0288CF7B), UINT32_C(0x0045C5C7), UINT32_C(0x002D8D8C), ++ UINT32_C(0x03BE5B42), UINT32_C(0x0A81E4C6), UINT32_C(0x0141578F), ++ UINT32_C(0x033F7AC2), UINT32_C(0x0EE71541), UINT32_C(0x067EAD7B), ++ UINT32_C(0x07E75F23), UINT32_C(0x011AF108), UINT32_C(0x047CA170), ++ UINT32_C(0x05308227), UINT32_C(0x054879D4), UINT32_C(0x0A37B132), ++ UINT32_C(0x00E6D1CA), UINT32_C(0x0629367A), UINT32_C(0x03276C5F), ++ UINT32_C(0x004CBC63) } }, ++ { { UINT32_C(0x00CF69E7), UINT32_C(0x0584FC9D), UINT32_C(0x06952F73), ++ UINT32_C(0x0281D51C), UINT32_C(0x037663C6), UINT32_C(0x0537F046), ++ UINT32_C(0x0725FFD4), UINT32_C(0x0C66B9FC), UINT32_C(0x049A3EDF), ++ UINT32_C(0x0F4FB830), UINT32_C(0x06728E50), UINT32_C(0x07B188F6), ++ UINT32_C(0x021C067A), UINT32_C(0x06F06BE8), UINT32_C(0x00AA347B), ++ UINT32_C(0x031AABF8), UINT32_C(0x03347446), UINT32_C(0x04B62373), ++ UINT32_C(0x043D128D) }, ++ { UINT32_C(0x02AE7427), UINT32_C(0x00F73AC9), UINT32_C(0x0095D833), ++ UINT32_C(0x00E6005C), UINT32_C(0x007FD8B7), UINT32_C(0x074C2204), ++ UINT32_C(0x00283649), UINT32_C(0x084EDD51), UINT32_C(0x05AC7321), ++ UINT32_C(0x08C40328), UINT32_C(0x04BFB5EF), UINT32_C(0x0A555FE0), ++ UINT32_C(0x04C70C7C), UINT32_C(0x076D0055), UINT32_C(0x0425B2E6), ++ UINT32_C(0x029D910F), UINT32_C(0x0B0A51DB), UINT32_C(0x04B38F9B), ++ UINT32_C(0x01028D80) } }, ++ { { UINT32_C(0x0F3DE4D2), UINT32_C(0x06047E27), UINT32_C(0x03505298), ++ UINT32_C(0x062523ED), UINT32_C(0x0F0D4A9F), UINT32_C(0x0150EF42), ++ UINT32_C(0x056CBCAD), UINT32_C(0x0B36A628), UINT32_C(0x071A352A), ++ UINT32_C(0x0D7A2CB8), UINT32_C(0x050FEDFC), UINT32_C(0x02BAC823), ++ UINT32_C(0x010EDF77), UINT32_C(0x0459668A), UINT32_C(0x04041659), ++ UINT32_C(0x07432BB7), UINT32_C(0x0F9651D8), UINT32_C(0x01999DE2), ++ UINT32_C(0x00CBECA1) }, ++ { UINT32_C(0x06A2607F), UINT32_C(0x06DC83E9), UINT32_C(0x005B1A08), ++ UINT32_C(0x05B9405C), UINT32_C(0x091E04D3), UINT32_C(0x0546E232), ++ UINT32_C(0x0566FE22), UINT32_C(0x0695BB9A), UINT32_C(0x0074A612), ++ UINT32_C(0x0E9787A0), UINT32_C(0x077B1860), UINT32_C(0x05404661), ++ UINT32_C(0x00184991), UINT32_C(0x02A1C038), UINT32_C(0x0A57F0B8), ++ UINT32_C(0x0382A987), UINT32_C(0x0691AC01), UINT32_C(0x02D8A8A9), ++ UINT32_C(0x05A19B11) } }, ++ { { UINT32_C(0x081DC2A6), UINT32_C(0x017A4663), UINT32_C(0x0209D21F), ++ UINT32_C(0x06A6AA7F), UINT32_C(0x051CC44C), UINT32_C(0x000D763F), ++ UINT32_C(0x034EFD90), UINT32_C(0x0DEE4042), UINT32_C(0x07CBAFFB), ++ UINT32_C(0x082C34D9), UINT32_C(0x02EB3FE5), UINT32_C(0x0BF15295), ++ UINT32_C(0x027D4089), UINT32_C(0x056DBCC8), UINT32_C(0x024595A7), ++ UINT32_C(0x03EC08BE), UINT32_C(0x057085E2), UINT32_C(0x017E7356), ++ UINT32_C(0x049CE745) }, ++ { UINT32_C(0x0123BA29), UINT32_C(0x0045804E), UINT32_C(0x08DEDF0E), ++ UINT32_C(0x00CB57D1), UINT32_C(0x0F61E577), UINT32_C(0x06EB6B79), ++ UINT32_C(0x05E3EED1), UINT32_C(0x09CB4DCD), UINT32_C(0x05DAE17F), ++ UINT32_C(0x034F393E), UINT32_C(0x03F5164C), UINT32_C(0x05F3C4A2), ++ UINT32_C(0x0708CC05), UINT32_C(0x04F2CAC7), UINT32_C(0x0798DD7C), ++ UINT32_C(0x0513331D), UINT32_C(0x004B3A41), UINT32_C(0x00801443), ++ UINT32_C(0x0196B762) } }, ++ { { UINT32_C(0x0356B52C), UINT32_C(0x03557744), UINT32_C(0x050104FE), ++ UINT32_C(0x069B4687), UINT32_C(0x0337937D), UINT32_C(0x018C3F4F), ++ UINT32_C(0x00568175), UINT32_C(0x01EE408E), UINT32_C(0x04092DE8), ++ UINT32_C(0x05E59E83), UINT32_C(0x0299816F), UINT32_C(0x05556DCC), ++ UINT32_C(0x038621D8), UINT32_C(0x0278A753), UINT32_C(0x05BC9211), ++ UINT32_C(0x009E162C), UINT32_C(0x0A3409DC), UINT32_C(0x04076EA9), ++ UINT32_C(0x0464CEC0) }, ++ { UINT32_C(0x0A659158), UINT32_C(0x022396D5), UINT32_C(0x08424377), ++ UINT32_C(0x0054703B), UINT32_C(0x0D2722F5), UINT32_C(0x03BAEB8A), ++ UINT32_C(0x04B65383), UINT32_C(0x07997DDA), UINT32_C(0x07F6A3B2), ++ UINT32_C(0x0BAFF348), UINT32_C(0x0299F9D9), UINT32_C(0x0B97AA04), ++ UINT32_C(0x02BA4DB8), UINT32_C(0x0696475F), UINT32_C(0x0B68D089), ++ UINT32_C(0x0472CB9F), UINT32_C(0x08CACFAE), UINT32_C(0x028807A6), ++ UINT32_C(0x009288EF) } }, ++ { { UINT32_C(0x0ED9CDF5), UINT32_C(0x00B31C4E), UINT32_C(0x0C549857), ++ UINT32_C(0x02D7F964), UINT32_C(0x074F9F98), UINT32_C(0x0792DF5F), ++ UINT32_C(0x020ED722), UINT32_C(0x0AA8C982), UINT32_C(0x02A2408C), ++ UINT32_C(0x053CDF30), UINT32_C(0x01CF47E5), UINT32_C(0x08E3FF2F), ++ UINT32_C(0x0333087A), UINT32_C(0x028090D6), UINT32_C(0x032F6CA0), ++ UINT32_C(0x02CF642E), UINT32_C(0x0DAB4498), UINT32_C(0x04A66B66), ++ UINT32_C(0x07248BCE) }, ++ { UINT32_C(0x092B1FE6), UINT32_C(0x02AD6EEE), UINT32_C(0x0EB5963E), ++ UINT32_C(0x0621B6BD), UINT32_C(0x04A1A8EF), UINT32_C(0x0374D40D), ++ UINT32_C(0x0573791F), UINT32_C(0x0DED8513), UINT32_C(0x03AEE0F5), ++ UINT32_C(0x03420B85), UINT32_C(0x04366099), UINT32_C(0x087C7CA7), ++ UINT32_C(0x00B9ADB9), UINT32_C(0x056E8EBA), UINT32_C(0x0E532676), ++ UINT32_C(0x05D27A22), UINT32_C(0x0554F4E5), UINT32_C(0x0474B581), ++ UINT32_C(0x02A6694F) } }, ++ { { UINT32_C(0x080DE633), UINT32_C(0x0639306E), UINT32_C(0x0CA4F76E), ++ UINT32_C(0x05BB3DCB), UINT32_C(0x06DA081A), UINT32_C(0x052EA9E2), ++ UINT32_C(0x017AF437), UINT32_C(0x07D25D54), UINT32_C(0x0772DE75), ++ UINT32_C(0x05670178), UINT32_C(0x06E81696), UINT32_C(0x0D28F3A1), ++ UINT32_C(0x07AF022A), UINT32_C(0x07B0D67B), UINT32_C(0x04C17950), ++ UINT32_C(0x001B706E), UINT32_C(0x04CE5637), UINT32_C(0x04CE1F2F), ++ UINT32_C(0x0211C385) }, ++ { UINT32_C(0x0E5D0D74), UINT32_C(0x0411D39E), UINT32_C(0x06137F67), ++ UINT32_C(0x00487846), UINT32_C(0x01B15D1C), UINT32_C(0x02B65C31), ++ UINT32_C(0x06027C03), UINT32_C(0x01F15577), UINT32_C(0x011F0564), ++ UINT32_C(0x066BA415), UINT32_C(0x00520E15), UINT32_C(0x01F82222), ++ UINT32_C(0x07F8C048), UINT32_C(0x05A09F41), UINT32_C(0x0BBA92E8), ++ UINT32_C(0x017E3648), UINT32_C(0x0861CC16), UINT32_C(0x07A9DAF6), ++ UINT32_C(0x05F2C6E5) } }, ++ { { UINT32_C(0x04DA7708), UINT32_C(0x057D4066), UINT32_C(0x01F6A8A0), ++ UINT32_C(0x00EE18FE), UINT32_C(0x05BB3FCD), UINT32_C(0x071CB79F), ++ UINT32_C(0x038BBCE0), UINT32_C(0x0AAFE87E), UINT32_C(0x0245536B), ++ UINT32_C(0x0D0401C6), UINT32_C(0x027984FD), UINT32_C(0x0064D51F), ++ UINT32_C(0x04DCF2A2), UINT32_C(0x037E99AD), UINT32_C(0x03487C33), ++ UINT32_C(0x068353F1), UINT32_C(0x0BA863FC), UINT32_C(0x00721339), ++ UINT32_C(0x0754D195) }, ++ { UINT32_C(0x09031706), UINT32_C(0x0327DD4E), UINT32_C(0x05DDA163), ++ UINT32_C(0x03F893AE), UINT32_C(0x0F1F3959), UINT32_C(0x02EC658A), ++ UINT32_C(0x05A438AD), UINT32_C(0x0AE93F30), UINT32_C(0x01D8B56B), ++ UINT32_C(0x09592309), UINT32_C(0x0189BB66), UINT32_C(0x050E8D52), ++ UINT32_C(0x0526168D), UINT32_C(0x07FD307D), UINT32_C(0x08A4C7BC), ++ UINT32_C(0x03B12944), UINT32_C(0x08329BC8), UINT32_C(0x02A4A1CE), ++ UINT32_C(0x0087B284) } }, ++ }, ++ { ++ { { UINT32_C(0x01C86157), UINT32_C(0x0017ED5F), UINT32_C(0x079948D2), ++ UINT32_C(0x02FD6755), UINT32_C(0x0A5E2B5C), UINT32_C(0x00395EB0), ++ UINT32_C(0x070A6ECC), UINT32_C(0x031E307B), UINT32_C(0x070DA4B9), ++ UINT32_C(0x0166FB85), UINT32_C(0x02AF3210), UINT32_C(0x079379FF), ++ UINT32_C(0x010504D3), UINT32_C(0x022DFB7B), UINT32_C(0x0C019CF3), ++ UINT32_C(0x05E0727A), UINT32_C(0x0CE73CB9), UINT32_C(0x005CF0C7), ++ UINT32_C(0x039AD397) }, ++ { UINT32_C(0x08E15F36), UINT32_C(0x04E08562), UINT32_C(0x0EC12012), ++ UINT32_C(0x009F68C4), UINT32_C(0x0733E4B1), UINT32_C(0x014872C8), ++ UINT32_C(0x0490CCCC), UINT32_C(0x0E53957D), UINT32_C(0x05CD4F2D), ++ UINT32_C(0x082FD79D), UINT32_C(0x05F2B6D8), UINT32_C(0x0C7600B1), ++ UINT32_C(0x02D81D79), UINT32_C(0x007520D1), UINT32_C(0x09EEC681), ++ UINT32_C(0x04D6FB1B), UINT32_C(0x0641B032), UINT32_C(0x0283E5C0), ++ UINT32_C(0x072A39F3) } }, ++ { { UINT32_C(0x01C9C2EC), UINT32_C(0x03A87BAF), UINT32_C(0x056E06F3), ++ UINT32_C(0x02AA4CD5), UINT32_C(0x0D64394D), UINT32_C(0x044B2642), ++ UINT32_C(0x018E8ECB), UINT32_C(0x02C6B29E), UINT32_C(0x00B5D0E1), ++ UINT32_C(0x0795603C), UINT32_C(0x027FEAC7), UINT32_C(0x07400535), ++ UINT32_C(0x04BD90C2), UINT32_C(0x0212CC37), UINT32_C(0x018B9D6C), ++ UINT32_C(0x05FC9D53), UINT32_C(0x03C7248E), UINT32_C(0x038A1FEB), ++ UINT32_C(0x06C809CE) }, ++ { UINT32_C(0x06F1CACC), UINT32_C(0x0758DFC1), UINT32_C(0x019C0D17), ++ UINT32_C(0x0749CD61), UINT32_C(0x00C0724E), UINT32_C(0x0667F861), ++ UINT32_C(0x03CDAF01), UINT32_C(0x0DE66325), UINT32_C(0x0767BD47), ++ UINT32_C(0x0A1FDF93), UINT32_C(0x04E66E27), UINT32_C(0x004977BC), ++ UINT32_C(0x05EE6515), UINT32_C(0x018DEC59), UINT32_C(0x03B99628), ++ UINT32_C(0x02B69F3F), UINT32_C(0x019CC516), UINT32_C(0x07CB4623), ++ UINT32_C(0x0353C229) } }, ++ { { UINT32_C(0x05A2D6F0), UINT32_C(0x04982642), UINT32_C(0x088CE54F), ++ UINT32_C(0x06602A66), UINT32_C(0x0A17C84E), UINT32_C(0x02BE4DCE), ++ UINT32_C(0x0718C264), UINT32_C(0x0FDCB2D1), UINT32_C(0x01F7AC59), ++ UINT32_C(0x0E4C2C6C), UINT32_C(0x01B5B9D3), UINT32_C(0x0CCEB9E5), ++ UINT32_C(0x04C7FB08), UINT32_C(0x04600748), UINT32_C(0x09F19FD9), ++ UINT32_C(0x011C0141), UINT32_C(0x0A08392D), UINT32_C(0x07099321), ++ UINT32_C(0x075F26A3) }, ++ { UINT32_C(0x0AF35FA1), UINT32_C(0x01CA261B), UINT32_C(0x0FF7838D), ++ UINT32_C(0x00432E0D), UINT32_C(0x08296922), UINT32_C(0x077D0499), ++ UINT32_C(0x06A4988A), UINT32_C(0x0D91BD7B), UINT32_C(0x007D4895), ++ UINT32_C(0x01A77EB2), UINT32_C(0x0491B2C9), UINT32_C(0x07D6BB4E), ++ UINT32_C(0x065BB828), UINT32_C(0x05D28C77), UINT32_C(0x034C1831), ++ UINT32_C(0x03111000), UINT32_C(0x048A3F8F), UINT32_C(0x007D19EE), ++ UINT32_C(0x006FAC9D) } }, ++ { { UINT32_C(0x0719C87C), UINT32_C(0x07385BC9), UINT32_C(0x01F42502), ++ UINT32_C(0x074D4561), UINT32_C(0x02CA79B8), UINT32_C(0x01BE905A), ++ UINT32_C(0x044E03DC), UINT32_C(0x05034A1A), UINT32_C(0x012B4964), ++ UINT32_C(0x0BF284CE), UINT32_C(0x0080C91A), UINT32_C(0x0B4EE205), ++ UINT32_C(0x0121E876), UINT32_C(0x04C7D981), UINT32_C(0x09D6F0D5), ++ UINT32_C(0x011438CC), UINT32_C(0x0906A777), UINT32_C(0x05FD89D1), ++ UINT32_C(0x01D7C3AC) }, ++ { UINT32_C(0x0392D834), UINT32_C(0x0199066B), UINT32_C(0x0E53AECD), ++ UINT32_C(0x0279A7E5), UINT32_C(0x0E8B313A), UINT32_C(0x04F8A2AF), ++ UINT32_C(0x062A274F), UINT32_C(0x0869ED62), UINT32_C(0x01C4081F), ++ UINT32_C(0x0DD27618), UINT32_C(0x0093ED89), UINT32_C(0x053869B6), ++ UINT32_C(0x07CB8D0C), UINT32_C(0x00D79FE6), UINT32_C(0x04A20332), ++ UINT32_C(0x03366324), UINT32_C(0x0C0B74C3), UINT32_C(0x070C316E), ++ UINT32_C(0x066AD76F) } }, ++ { { UINT32_C(0x011FA55B), UINT32_C(0x0775F5E8), UINT32_C(0x0C7BF6F4), ++ UINT32_C(0x07FCBE6F), UINT32_C(0x021BE3C2), UINT32_C(0x0017D919), ++ UINT32_C(0x01644455), UINT32_C(0x0AEE3FD7), UINT32_C(0x0259DD5E), ++ UINT32_C(0x002EC22F), UINT32_C(0x00D308F5), UINT32_C(0x038F6CBC), ++ UINT32_C(0x04FDED85), UINT32_C(0x001A53FA), UINT32_C(0x03E09FE9), ++ UINT32_C(0x0312E74F), UINT32_C(0x09B20907), UINT32_C(0x078CC1DB), ++ UINT32_C(0x066D9E8D) }, ++ { UINT32_C(0x08C7A5B7), UINT32_C(0x038B0D82), UINT32_C(0x063E4030), ++ UINT32_C(0x06CE3A75), UINT32_C(0x0488AD55), UINT32_C(0x0054AAAA), ++ UINT32_C(0x044F068C), UINT32_C(0x0CCE69AA), UINT32_C(0x014EF6E0), ++ UINT32_C(0x068C0346), UINT32_C(0x01443327), UINT32_C(0x0A416B3D), ++ UINT32_C(0x04EB25A7), UINT32_C(0x00B6E80F), UINT32_C(0x0819D7FD), ++ UINT32_C(0x061AFFF1), UINT32_C(0x070E8C81), UINT32_C(0x061C5530), ++ UINT32_C(0x0473CB02) } }, ++ { { UINT32_C(0x08D8BE36), UINT32_C(0x057DE7D1), UINT32_C(0x06025FA9), ++ UINT32_C(0x0039A5D5), UINT32_C(0x00FD02EF), UINT32_C(0x02EE7913), ++ UINT32_C(0x04E5E224), UINT32_C(0x052DC251), UINT32_C(0x04138D66), ++ UINT32_C(0x09FAF17A), UINT32_C(0x030D57A1), UINT32_C(0x08B8F06A), ++ UINT32_C(0x01D015A2), UINT32_C(0x0153FCA9), UINT32_C(0x0C54D5DF), ++ UINT32_C(0x00BAAE4A), UINT32_C(0x0940A0FA), UINT32_C(0x038292EA), ++ UINT32_C(0x02C97BC9) }, ++ { UINT32_C(0x024BFA00), UINT32_C(0x057378C3), UINT32_C(0x0A92C578), ++ UINT32_C(0x07A6310B), UINT32_C(0x0F28F901), UINT32_C(0x04ED3F57), ++ UINT32_C(0x037C7D8A), UINT32_C(0x00B71701), UINT32_C(0x0173A01A), ++ UINT32_C(0x0A9B43A3), UINT32_C(0x0196E612), UINT32_C(0x07111189), ++ UINT32_C(0x03F5BC1D), UINT32_C(0x05154B49), UINT32_C(0x0DD68D97), ++ UINT32_C(0x0220CC1D), UINT32_C(0x0895DF59), UINT32_C(0x0014717C), ++ UINT32_C(0x0384CEF8) } }, ++ { { UINT32_C(0x05F8022D), UINT32_C(0x07431A94), UINT32_C(0x0A7A9097), ++ UINT32_C(0x06FC555D), UINT32_C(0x0578029C), UINT32_C(0x00758DC8), ++ UINT32_C(0x00FDAF66), UINT32_C(0x0AE902D1), UINT32_C(0x06FDDF4D), ++ UINT32_C(0x056FCD2A), UINT32_C(0x0393CA27), UINT32_C(0x083EDDB9), ++ UINT32_C(0x071C8D5E), UINT32_C(0x02DA7EE1), UINT32_C(0x091B7578), ++ UINT32_C(0x022CF2B8), UINT32_C(0x08F559AF), UINT32_C(0x00F551D9), ++ UINT32_C(0x04CE7872) }, ++ { UINT32_C(0x0450FD39), UINT32_C(0x05325A33), UINT32_C(0x06D04EAD), ++ UINT32_C(0x0111017F), UINT32_C(0x04B7D043), UINT32_C(0x009CD030), ++ UINT32_C(0x02760D24), UINT32_C(0x0B333C83), UINT32_C(0x0178F799), ++ UINT32_C(0x06E56E99), UINT32_C(0x06AC4002), UINT32_C(0x06C6F55C), ++ UINT32_C(0x04212C69), UINT32_C(0x0776C549), UINT32_C(0x05AD10F2), ++ UINT32_C(0x07D4C443), UINT32_C(0x093443A3), UINT32_C(0x01E4DAC4), ++ UINT32_C(0x062304F4) } }, ++ { { UINT32_C(0x09FFF942), UINT32_C(0x039E7FBF), UINT32_C(0x0E4E0544), ++ UINT32_C(0x01C8EF03), UINT32_C(0x015953E4), UINT32_C(0x0641511A), ++ UINT32_C(0x0340D7DD), UINT32_C(0x04FBA207), UINT32_C(0x04DCD411), ++ UINT32_C(0x0CE5C435), UINT32_C(0x06C85A54), UINT32_C(0x0596F209), ++ UINT32_C(0x006C47CF), UINT32_C(0x039823F7), UINT32_C(0x01721D4C), ++ UINT32_C(0x03FE86B7), UINT32_C(0x044008FA), UINT32_C(0x05E107EC), ++ UINT32_C(0x0146DF75) }, ++ { UINT32_C(0x03BF30CF), UINT32_C(0x034E0D17), UINT32_C(0x0C6EB8E1), ++ UINT32_C(0x016786DE), UINT32_C(0x0B4F8D94), UINT32_C(0x01E54C18), ++ UINT32_C(0x0409537F), UINT32_C(0x0AD69F59), UINT32_C(0x04423A96), ++ UINT32_C(0x01427559), UINT32_C(0x0517F981), UINT32_C(0x0C655FF1), ++ UINT32_C(0x072A4662), UINT32_C(0x014DB58F), UINT32_C(0x09979D6E), ++ UINT32_C(0x05396DDB), UINT32_C(0x03E46CF7), UINT32_C(0x062B9D62), ++ UINT32_C(0x0334D070) } }, ++ { { UINT32_C(0x0C8B2AF6), UINT32_C(0x04C4030A), UINT32_C(0x03F4EA61), ++ UINT32_C(0x06B51CFD), UINT32_C(0x08530E96), UINT32_C(0x035106EB), ++ UINT32_C(0x07ACB7C9), UINT32_C(0x003FAA6D), UINT32_C(0x005AFE21), ++ UINT32_C(0x09C9266C), UINT32_C(0x02684731), UINT32_C(0x0745AC29), ++ UINT32_C(0x06162CD8), UINT32_C(0x069A0B95), UINT32_C(0x090B8391), ++ UINT32_C(0x0570D83A), UINT32_C(0x09AE0D06), UINT32_C(0x054A95B8), ++ UINT32_C(0x02CB380B) }, ++ { UINT32_C(0x02779E4D), UINT32_C(0x04B32E43), UINT32_C(0x0C0582B0), ++ UINT32_C(0x03521F35), UINT32_C(0x089A8F39), UINT32_C(0x03BF1933), ++ UINT32_C(0x027659AD), UINT32_C(0x0607CE4F), UINT32_C(0x072A97A4), ++ UINT32_C(0x0F6C2DAD), UINT32_C(0x0648C496), UINT32_C(0x02D0AF23), ++ UINT32_C(0x036927AF), UINT32_C(0x032E9075), UINT32_C(0x01C0AD79), ++ UINT32_C(0x02044936), UINT32_C(0x0DBCFEA2), UINT32_C(0x07DADFF1), ++ UINT32_C(0x06EDBCF7) } }, ++ { { UINT32_C(0x0209B80C), UINT32_C(0x01E54056), UINT32_C(0x0E397930), ++ UINT32_C(0x01AD9D0C), UINT32_C(0x0908F895), UINT32_C(0x02A9A26E), ++ UINT32_C(0x00744EB0), UINT32_C(0x0B2D7673), UINT32_C(0x00736623), ++ UINT32_C(0x0F9EEB98), UINT32_C(0x07E8C693), UINT32_C(0x05615D70), ++ UINT32_C(0x077E9858), UINT32_C(0x045C88B2), UINT32_C(0x06BA3291), ++ UINT32_C(0x02089363), UINT32_C(0x0D1148CA), UINT32_C(0x026B1CE4), ++ UINT32_C(0x0267E39A) }, ++ { UINT32_C(0x0E9F76E1), UINT32_C(0x0700247A), UINT32_C(0x02F5C013), ++ UINT32_C(0x045D6B0B), UINT32_C(0x02398752), UINT32_C(0x011414B8), ++ UINT32_C(0x0189B0D8), UINT32_C(0x065621BE), UINT32_C(0x07214CB5), ++ UINT32_C(0x0C72745E), UINT32_C(0x026E830D), UINT32_C(0x0BB5064F), ++ UINT32_C(0x03BD6991), UINT32_C(0x067AABA6), UINT32_C(0x03AAD9C4), ++ UINT32_C(0x01C748B3), UINT32_C(0x0F2AD6A8), UINT32_C(0x07B1AAD0), ++ UINT32_C(0x0515A45B) } }, ++ { { UINT32_C(0x0D45283F), UINT32_C(0x033F0C2B), UINT32_C(0x0EF7ECBA), ++ UINT32_C(0x03F31217), UINT32_C(0x0BF2BDDB), UINT32_C(0x05AE5F1D), ++ UINT32_C(0x015A33AE), UINT32_C(0x0B1D94AB), UINT32_C(0x00BB377A), ++ UINT32_C(0x077D4679), UINT32_C(0x056AF89C), UINT32_C(0x07165F99), ++ UINT32_C(0x046A17A3), UINT32_C(0x04CF6178), UINT32_C(0x00269B9B), ++ UINT32_C(0x03F1B9F6), UINT32_C(0x07453C34), UINT32_C(0x07253011), ++ UINT32_C(0x074559A2) }, ++ { UINT32_C(0x08D82B0E), UINT32_C(0x00D12F5F), UINT32_C(0x01FD52F5), ++ UINT32_C(0x03C4069B), UINT32_C(0x0B01B2FE), UINT32_C(0x05E81250), ++ UINT32_C(0x035DC621), UINT32_C(0x034EA726), UINT32_C(0x04613127), ++ UINT32_C(0x0B36D680), UINT32_C(0x06F52BC5), UINT32_C(0x04B16171), ++ UINT32_C(0x02156292), UINT32_C(0x0180583E), UINT32_C(0x0C8D5B19), ++ UINT32_C(0x043B9BE2), UINT32_C(0x097EF032), UINT32_C(0x0307A273), ++ UINT32_C(0x02ECC50D) } }, ++ { { UINT32_C(0x0613AC50), UINT32_C(0x01BBB9CD), UINT32_C(0x032CF181), ++ UINT32_C(0x04565F80), UINT32_C(0x09B00E52), UINT32_C(0x011EC5E2), ++ UINT32_C(0x05E7561C), UINT32_C(0x05B6572C), UINT32_C(0x072FBF3A), ++ UINT32_C(0x04311E38), UINT32_C(0x0350633E), UINT32_C(0x0C27E7E9), ++ UINT32_C(0x02DC82FC), UINT32_C(0x01DE746D), UINT32_C(0x078E3236), ++ UINT32_C(0x0712B6B0), UINT32_C(0x000A7E83), UINT32_C(0x0115CB1B), ++ UINT32_C(0x04C1103F) }, ++ { UINT32_C(0x0359ED2E), UINT32_C(0x065ADF64), UINT32_C(0x025E3238), ++ UINT32_C(0x076BEAFD), UINT32_C(0x072427F7), UINT32_C(0x05DBCD55), ++ UINT32_C(0x07AB37FF), UINT32_C(0x0865BFD5), UINT32_C(0x04382D44), ++ UINT32_C(0x0F1D5580), UINT32_C(0x06D00533), UINT32_C(0x08D6A784), ++ UINT32_C(0x05BB29BF), UINT32_C(0x005CEC3F), UINT32_C(0x06575E68), ++ UINT32_C(0x053585D5), UINT32_C(0x0403BCB0), UINT32_C(0x02F77540), ++ UINT32_C(0x02470C7F) } }, ++ { { UINT32_C(0x02C087ED), UINT32_C(0x07961B4B), UINT32_C(0x0F657FC0), ++ UINT32_C(0x00B16431), UINT32_C(0x01885C19), UINT32_C(0x029A3FB7), ++ UINT32_C(0x0721535D), UINT32_C(0x02FAD79C), UINT32_C(0x0596E385), ++ UINT32_C(0x02412161), UINT32_C(0x0289A97A), UINT32_C(0x01B54107), ++ UINT32_C(0x0271E7BB), UINT32_C(0x02E3D256), UINT32_C(0x07E3B820), ++ UINT32_C(0x07F5A8EE), UINT32_C(0x0C3BD541), UINT32_C(0x01BBC84D), ++ UINT32_C(0x02D55A46) }, ++ { UINT32_C(0x006E7D53), UINT32_C(0x07982C04), UINT32_C(0x09C948A0), ++ UINT32_C(0x00A62A93), UINT32_C(0x047CD945), UINT32_C(0x060F1A2B), ++ UINT32_C(0x05764587), UINT32_C(0x02111992), UINT32_C(0x03CD3492), ++ UINT32_C(0x0E5873CA), UINT32_C(0x04871D26), UINT32_C(0x0EBDD263), ++ UINT32_C(0x07899288), UINT32_C(0x00105962), UINT32_C(0x07975B25), ++ UINT32_C(0x00D6A34D), UINT32_C(0x02DF3799), UINT32_C(0x02807307), ++ UINT32_C(0x06FCAC54) } }, ++ { { UINT32_C(0x0302E505), UINT32_C(0x02CAC37A), UINT32_C(0x01A79721), ++ UINT32_C(0x03B2E74F), UINT32_C(0x0BE5B627), UINT32_C(0x019F58EA), ++ UINT32_C(0x03B18976), UINT32_C(0x0663CE37), UINT32_C(0x04C1003E), ++ UINT32_C(0x086DCC91), UINT32_C(0x0566BE13), UINT32_C(0x0A0C94D1), ++ UINT32_C(0x04A0F522), UINT32_C(0x01CBC165), UINT32_C(0x03D621C1), ++ UINT32_C(0x03F68C3D), UINT32_C(0x04156E0A), UINT32_C(0x04C1C807), ++ UINT32_C(0x002BF853) }, ++ { UINT32_C(0x073938D8), UINT32_C(0x076E66F8), UINT32_C(0x0251205F), ++ UINT32_C(0x01B82A4E), UINT32_C(0x0C9EAC88), UINT32_C(0x0736DBEE), ++ UINT32_C(0x028732CD), UINT32_C(0x03522855), UINT32_C(0x0343EE5A), ++ UINT32_C(0x053E49A4), UINT32_C(0x025D55C0), UINT32_C(0x0D4096DF), ++ UINT32_C(0x01108518), UINT32_C(0x02AE724F), UINT32_C(0x07514106), ++ UINT32_C(0x0301EB15), UINT32_C(0x0D82C2DE), UINT32_C(0x05E3A585), ++ UINT32_C(0x036F14AF) } }, ++ { { UINT32_C(0x07452267), UINT32_C(0x01E0D6D7), UINT32_C(0x04A4A896), ++ UINT32_C(0x06D1C7B5), UINT32_C(0x03C983EF), UINT32_C(0x017B4C4A), ++ UINT32_C(0x07C8F2FB), UINT32_C(0x078C2CCC), UINT32_C(0x0676C9A3), ++ UINT32_C(0x09CD585C), UINT32_C(0x0529FFB0), UINT32_C(0x020720BD), ++ UINT32_C(0x07B793B3), UINT32_C(0x07E65DA3), UINT32_C(0x0C89EDD5), ++ UINT32_C(0x04009C8D), UINT32_C(0x0EDC15A4), UINT32_C(0x077C8AC3), ++ UINT32_C(0x074868C1) }, ++ { UINT32_C(0x0DBC2674), UINT32_C(0x07B6C41F), UINT32_C(0x0B10636B), ++ UINT32_C(0x0607B000), UINT32_C(0x01B2C3EF), UINT32_C(0x014283CF), ++ UINT32_C(0x07BD944A), UINT32_C(0x016DA691), UINT32_C(0x0147454E), ++ UINT32_C(0x052DE117), UINT32_C(0x06E5CDC4), UINT32_C(0x0C7BE891), ++ UINT32_C(0x03BD94DE), UINT32_C(0x00362FA3), UINT32_C(0x0608B5DA), ++ UINT32_C(0x000C28A8), UINT32_C(0x06CFAD2C), UINT32_C(0x0502E5EB), ++ UINT32_C(0x0081DDC6) } }, ++ { { UINT32_C(0x0A2FCC67), UINT32_C(0x050EED2A), UINT32_C(0x0EAC3925), ++ UINT32_C(0x03CCFE3E), UINT32_C(0x0DC1F4E8), UINT32_C(0x012FD64C), ++ UINT32_C(0x02CFA2B3), UINT32_C(0x07921E80), UINT32_C(0x04F76E6D), ++ UINT32_C(0x090CBEA8), UINT32_C(0x00304ECF), UINT32_C(0x0933B9C8), ++ UINT32_C(0x01E92879), UINT32_C(0x062A922A), UINT32_C(0x03BEBB40), ++ UINT32_C(0x0475B5A4), UINT32_C(0x0AB9D3C2), UINT32_C(0x02845E4B), ++ UINT32_C(0x073D2AD6) }, ++ { UINT32_C(0x026C197B), UINT32_C(0x060C44B9), UINT32_C(0x07D6B2DD), ++ UINT32_C(0x06E7D188), UINT32_C(0x03B672A1), UINT32_C(0x0277F32F), ++ UINT32_C(0x011D4198), UINT32_C(0x07C178F6), UINT32_C(0x02E95A84), ++ UINT32_C(0x005619C7), UINT32_C(0x029B73FC), UINT32_C(0x03CAC5E3), ++ UINT32_C(0x068A3B5E), UINT32_C(0x07C2DFA8), UINT32_C(0x00EC9903), ++ UINT32_C(0x07AEED34), UINT32_C(0x08C0A0D0), UINT32_C(0x02A2FF79), ++ UINT32_C(0x06DBE6B8) } }, ++ }, ++ { ++ { { UINT32_C(0x0C3D1383), UINT32_C(0x04E126EE), UINT32_C(0x0B631DA3), ++ UINT32_C(0x03014900), UINT32_C(0x0D3831FE), UINT32_C(0x01BF06C7), ++ UINT32_C(0x032CA284), UINT32_C(0x092E0CA0), UINT32_C(0x01703AE0), ++ UINT32_C(0x0DCB8158), UINT32_C(0x06FF316B), UINT32_C(0x0ED60D31), ++ UINT32_C(0x05DB467E), UINT32_C(0x01F3917A), UINT32_C(0x06770BD1), ++ UINT32_C(0x00A944AF), UINT32_C(0x08E2035D), UINT32_C(0x020A054F), ++ UINT32_C(0x035F8744) }, ++ { UINT32_C(0x0A303000), UINT32_C(0x0029FD2C), UINT32_C(0x0A5D9AC4), ++ UINT32_C(0x06593596), UINT32_C(0x0288D9B1), UINT32_C(0x02B32376), ++ UINT32_C(0x067C4E0D), UINT32_C(0x0D1B984D), UINT32_C(0x04235BF5), ++ UINT32_C(0x001AA52B), UINT32_C(0x0221BA35), UINT32_C(0x0B74D0D3), ++ UINT32_C(0x03DDFA56), UINT32_C(0x004A6854), UINT32_C(0x01203660), ++ UINT32_C(0x0090027D), UINT32_C(0x02356607), UINT32_C(0x064E652F), ++ UINT32_C(0x01D4CBEB) } }, ++ { { UINT32_C(0x05CFE5E0), UINT32_C(0x04C8937C), UINT32_C(0x084C1BC9), ++ UINT32_C(0x0651FCA6), UINT32_C(0x0BDAC076), UINT32_C(0x079DB07C), ++ UINT32_C(0x01988893), UINT32_C(0x0D8E1644), UINT32_C(0x04F7CFCD), ++ UINT32_C(0x05727E1E), UINT32_C(0x073F0B5C), UINT32_C(0x0D975E23), ++ UINT32_C(0x06001F51), UINT32_C(0x07B2218F), UINT32_C(0x07159FF4), ++ UINT32_C(0x02D8AF28), UINT32_C(0x0F0AFF67), UINT32_C(0x0464C014), ++ UINT32_C(0x005A1007) }, ++ { UINT32_C(0x078A8DB5), UINT32_C(0x035A301E), UINT32_C(0x0E9F9693), ++ UINT32_C(0x07A8969A), UINT32_C(0x096A5ECF), UINT32_C(0x03467DDF), ++ UINT32_C(0x07AF13AA), UINT32_C(0x0BF17A6B), UINT32_C(0x00FBC9C7), ++ UINT32_C(0x002F3F21), UINT32_C(0x01610D30), UINT32_C(0x0A6FEF92), ++ UINT32_C(0x00334A31), UINT32_C(0x0619D424), UINT32_C(0x011832DC), ++ UINT32_C(0x04A2EBED), UINT32_C(0x092C4F4E), UINT32_C(0x03E72AFA), ++ UINT32_C(0x04555CAD) } }, ++ { { UINT32_C(0x0E8401D3), UINT32_C(0x031A9337), UINT32_C(0x0A68B915), ++ UINT32_C(0x006E6E9B), UINT32_C(0x0B1B6E29), UINT32_C(0x01B7F14B), ++ UINT32_C(0x047E0BD8), UINT32_C(0x0A8CBD43), UINT32_C(0x024528C3), ++ UINT32_C(0x08CA88A7), UINT32_C(0x000A1FEE), UINT32_C(0x0F21E47C), ++ UINT32_C(0x07D1A248), UINT32_C(0x04BE0AD5), UINT32_C(0x071E2CED), ++ UINT32_C(0x025521CD), UINT32_C(0x0F41E897), UINT32_C(0x0398886C), ++ UINT32_C(0x04779FFD) }, ++ { UINT32_C(0x0A828FA8), UINT32_C(0x017C8B2C), UINT32_C(0x0910B047), ++ UINT32_C(0x06160B77), UINT32_C(0x0B98B463), UINT32_C(0x07DF3373), ++ UINT32_C(0x0455763C), UINT32_C(0x0F1284BE), UINT32_C(0x00906AAE), ++ UINT32_C(0x01A75E0B), UINT32_C(0x07A6DA7C), UINT32_C(0x0FFCAFF1), ++ UINT32_C(0x050D6EE5), UINT32_C(0x024BD0BA), UINT32_C(0x08383A01), ++ UINT32_C(0x070AE8EA), UINT32_C(0x0CAA2B64), UINT32_C(0x06171B63), ++ UINT32_C(0x020CE9FD) } }, ++ { { UINT32_C(0x0147F509), UINT32_C(0x0074A121), UINT32_C(0x0B1C1B8D), ++ UINT32_C(0x00A39076), UINT32_C(0x0E542208), UINT32_C(0x01A08FA4), ++ UINT32_C(0x012AA998), UINT32_C(0x0954BE0E), UINT32_C(0x05751A97), ++ UINT32_C(0x09EFE174), UINT32_C(0x05C09E0D), UINT32_C(0x0DEE1815), ++ UINT32_C(0x000B0415), UINT32_C(0x06D82BE5), UINT32_C(0x000E24A9), ++ UINT32_C(0x042F7FD4), UINT32_C(0x0698791D), UINT32_C(0x05A5F79E), ++ UINT32_C(0x0334C8D5) }, ++ { UINT32_C(0x0BB690A0), UINT32_C(0x01835514), UINT32_C(0x031B4F26), ++ UINT32_C(0x023AC44F), UINT32_C(0x012CDCD1), UINT32_C(0x059AE369), ++ UINT32_C(0x0123A551), UINT32_C(0x0AEBA693), UINT32_C(0x07D984CD), ++ UINT32_C(0x0DAD9128), UINT32_C(0x0765643E), UINT32_C(0x0910F0F8), ++ UINT32_C(0x03FB31E2), UINT32_C(0x01BD811A), UINT32_C(0x059F6B39), ++ UINT32_C(0x049E6619), UINT32_C(0x06B63C96), UINT32_C(0x075166F7), ++ UINT32_C(0x025CA72B) } }, ++ { { UINT32_C(0x055F34E4), UINT32_C(0x00BF08BF), UINT32_C(0x03730236), ++ UINT32_C(0x039543BD), UINT32_C(0x05C17F94), UINT32_C(0x00A5C65D), ++ UINT32_C(0x06121DA8), UINT32_C(0x099AC777), UINT32_C(0x02DCC3D6), ++ UINT32_C(0x09002059), UINT32_C(0x0460BBB3), UINT32_C(0x07A202D8), ++ UINT32_C(0x04C44EB5), UINT32_C(0x049D001E), UINT32_C(0x0E783DED), ++ UINT32_C(0x0120D789), UINT32_C(0x086FA177), UINT32_C(0x065D19BF), ++ UINT32_C(0x042CA8B7) }, ++ { UINT32_C(0x02860379), UINT32_C(0x06375711), UINT32_C(0x078E9829), ++ UINT32_C(0x04F20A43), UINT32_C(0x0ADA67C4), UINT32_C(0x054101F4), ++ UINT32_C(0x0602943F), UINT32_C(0x03FD9150), UINT32_C(0x06B8D61B), ++ UINT32_C(0x06F5ADD6), UINT32_C(0x06EB2BAC), UINT32_C(0x0A07906A), ++ UINT32_C(0x0147EDC1), UINT32_C(0x0477D372), UINT32_C(0x0025B1CE), ++ UINT32_C(0x071B32CF), UINT32_C(0x0F40C9C6), UINT32_C(0x02483D0B), ++ UINT32_C(0x07A56FCD) } }, ++ { { UINT32_C(0x0B1B724E), UINT32_C(0x0100B5C8), UINT32_C(0x081380B3), ++ UINT32_C(0x048D8711), UINT32_C(0x0E363740), UINT32_C(0x029ED59F), ++ UINT32_C(0x05E7819F), UINT32_C(0x02898DC3), UINT32_C(0x03621527), ++ UINT32_C(0x0F99DD5D), UINT32_C(0x01DF449E), UINT32_C(0x022C0763), ++ UINT32_C(0x04490568), UINT32_C(0x051A6A61), UINT32_C(0x0EE682C8), ++ UINT32_C(0x0315AB2B), UINT32_C(0x08BF8EC0), UINT32_C(0x0221F0BD), ++ UINT32_C(0x0034A2F5) }, ++ { UINT32_C(0x0505A0E7), UINT32_C(0x031C759D), UINT32_C(0x006AE380), ++ UINT32_C(0x04AD9B4F), UINT32_C(0x0F850346), UINT32_C(0x0053B140), ++ UINT32_C(0x060AB23A), UINT32_C(0x021E3C52), UINT32_C(0x002B9A66), ++ UINT32_C(0x01646B7A), UINT32_C(0x03977D69), UINT32_C(0x02418634), ++ UINT32_C(0x05E2030C), UINT32_C(0x06F8DED9), UINT32_C(0x064302A0), ++ UINT32_C(0x0553D4B6), UINT32_C(0x0956D92B), UINT32_C(0x0537BD35), ++ UINT32_C(0x07AFABE7) } }, ++ { { UINT32_C(0x04CB8040), UINT32_C(0x016D2E6C), UINT32_C(0x0DDE4688), ++ UINT32_C(0x00DF2559), UINT32_C(0x0A980125), UINT32_C(0x066A1AC7), ++ UINT32_C(0x07DF5C4B), UINT32_C(0x0FD3C659), UINT32_C(0x00481C65), ++ UINT32_C(0x0AE5A70F), UINT32_C(0x029F751C), UINT32_C(0x00B4A3D4), ++ UINT32_C(0x075575BC), UINT32_C(0x045CF25E), UINT32_C(0x06867A07), ++ UINT32_C(0x076D7354), UINT32_C(0x0861487C), UINT32_C(0x017CEA2E), ++ UINT32_C(0x03228414) }, ++ { UINT32_C(0x026AE111), UINT32_C(0x038FA015), UINT32_C(0x060716CA), ++ UINT32_C(0x04976285), UINT32_C(0x059BC9DE), UINT32_C(0x043BF937), ++ UINT32_C(0x035F13A1), UINT32_C(0x0F8D8888), UINT32_C(0x06D5E9F8), ++ UINT32_C(0x08616DB1), UINT32_C(0x032C0CBB), UINT32_C(0x0AA3299C), ++ UINT32_C(0x03F194B4), UINT32_C(0x00D0F72D), UINT32_C(0x0B3FCCBD), ++ UINT32_C(0x02803044), UINT32_C(0x0A08E3C3), UINT32_C(0x037A0997), ++ UINT32_C(0x05DC3B19) } }, ++ { { UINT32_C(0x085193F0), UINT32_C(0x019978F4), UINT32_C(0x0BF0C234), ++ UINT32_C(0x04F7BBC1), UINT32_C(0x0722B6D6), UINT32_C(0x013DCEE7), ++ UINT32_C(0x05D575CD), UINT32_C(0x0779F809), UINT32_C(0x06335183), ++ UINT32_C(0x0DCC718C), UINT32_C(0x02D1E7DB), UINT32_C(0x0F6A6D57), ++ UINT32_C(0x065A96BF), UINT32_C(0x065930E7), UINT32_C(0x039B793F), ++ UINT32_C(0x06A9BA2E), UINT32_C(0x0C033596), UINT32_C(0x01BE1126), ++ UINT32_C(0x03EA93B8) }, ++ { UINT32_C(0x03161177), UINT32_C(0x002665D5), UINT32_C(0x017B69C9), ++ UINT32_C(0x07892DD4), UINT32_C(0x0F6F8ECB), UINT32_C(0x0576AF37), ++ UINT32_C(0x03C1E515), UINT32_C(0x05A60E50), UINT32_C(0x02549873), ++ UINT32_C(0x09B3D920), UINT32_C(0x029DA082), UINT32_C(0x009DAE44), ++ UINT32_C(0x0197C8E7), UINT32_C(0x0154A33B), UINT32_C(0x097B3971), ++ UINT32_C(0x023C0423), UINT32_C(0x02B8C68C), UINT32_C(0x04DCA653), ++ UINT32_C(0x00079A0F) } }, ++ { { UINT32_C(0x063E2975), UINT32_C(0x06BEC9ED), UINT32_C(0x0B38790C), ++ UINT32_C(0x022D87D1), UINT32_C(0x0EA228A4), UINT32_C(0x010DBA9F), ++ UINT32_C(0x015868D8), UINT32_C(0x080C5E0D), UINT32_C(0x075196CF), ++ UINT32_C(0x0A3AFD7E), UINT32_C(0x031A6E14), UINT32_C(0x0E7A5374), ++ UINT32_C(0x067A8FE5), UINT32_C(0x06ECEB0D), UINT32_C(0x0B84F9C7), ++ UINT32_C(0x0680604D), UINT32_C(0x072314F9), UINT32_C(0x03A2F4B2), ++ UINT32_C(0x06C5081F) }, ++ { UINT32_C(0x0B981980), UINT32_C(0x0349CBF0), UINT32_C(0x072972B5), ++ UINT32_C(0x02885527), UINT32_C(0x0150CDBD), UINT32_C(0x07F178E3), ++ UINT32_C(0x032B4111), UINT32_C(0x0B2B4EF6), UINT32_C(0x000F21B3), ++ UINT32_C(0x039D39FF), UINT32_C(0x07E2383D), UINT32_C(0x0F91A9DF), ++ UINT32_C(0x000BF2A4), UINT32_C(0x003EA686), UINT32_C(0x06E3C109), ++ UINT32_C(0x05D771D7), UINT32_C(0x03336F2A), UINT32_C(0x00A9A15C), ++ UINT32_C(0x0310BC8B) } }, ++ { { UINT32_C(0x082B5AA4), UINT32_C(0x04A7240C), UINT32_C(0x00ABF375), ++ UINT32_C(0x07E33DEB), UINT32_C(0x01BD8789), UINT32_C(0x06BA83A6), ++ UINT32_C(0x05A6491B), UINT32_C(0x04DB69BD), UINT32_C(0x010D6A55), ++ UINT32_C(0x0D5DAFA1), UINT32_C(0x06C7F999), UINT32_C(0x0185AD3E), ++ UINT32_C(0x027EAEB5), UINT32_C(0x006644C8), UINT32_C(0x0B9709E1), ++ UINT32_C(0x07676CF0), UINT32_C(0x0508273E), UINT32_C(0x054D3FBB), ++ UINT32_C(0x063EFA4A) }, ++ { UINT32_C(0x010AA767), UINT32_C(0x01CC5A04), UINT32_C(0x0BE5B1B3), ++ UINT32_C(0x06950FCE), UINT32_C(0x0E94E6DB), UINT32_C(0x0497BB17), ++ UINT32_C(0x00CC06B4), UINT32_C(0x08846F32), UINT32_C(0x0314DC3B), ++ UINT32_C(0x0BA27736), UINT32_C(0x0432450D), UINT32_C(0x04925C53), ++ UINT32_C(0x03119EE1), UINT32_C(0x04A66669), UINT32_C(0x05FBA305), ++ UINT32_C(0x033D4900), UINT32_C(0x0FE789AF), UINT32_C(0x0671EF4B), ++ UINT32_C(0x0259D6DF) } }, ++ { { UINT32_C(0x05C529C4), UINT32_C(0x04097FDD), UINT32_C(0x0296486E), ++ UINT32_C(0x05D5E29C), UINT32_C(0x0B3FABA2), UINT32_C(0x0695126C), ++ UINT32_C(0x0312362F), UINT32_C(0x08DC4B4B), UINT32_C(0x0413884F), ++ UINT32_C(0x067DDD33), UINT32_C(0x055DBD8F), UINT32_C(0x07D0B9CB), ++ UINT32_C(0x01BE7C35), UINT32_C(0x043BC43D), UINT32_C(0x00E5A19E), ++ UINT32_C(0x017725FC), UINT32_C(0x006A669F), UINT32_C(0x063FD379), ++ UINT32_C(0x0682F5E5) }, ++ { UINT32_C(0x0035FA1B), UINT32_C(0x0302079C), UINT32_C(0x0A397CF2), ++ UINT32_C(0x02A9E0EB), UINT32_C(0x0183E8FA), UINT32_C(0x00950C41), ++ UINT32_C(0x05ACFED2), UINT32_C(0x0B8DC827), UINT32_C(0x0004B05C), ++ UINT32_C(0x0ECD486A), UINT32_C(0x04FBAB30), UINT32_C(0x0A2FE908), ++ UINT32_C(0x05C95F6D), UINT32_C(0x06B30876), UINT32_C(0x0F3D7A8A), ++ UINT32_C(0x0734E57D), UINT32_C(0x0410C523), UINT32_C(0x057AD388), ++ UINT32_C(0x073AF161) } }, ++ { { UINT32_C(0x033E8718), UINT32_C(0x05E156C6), UINT32_C(0x0188F2D0), ++ UINT32_C(0x07B490F4), UINT32_C(0x0D1D9936), UINT32_C(0x045ACF91), ++ UINT32_C(0x05EADE92), UINT32_C(0x09204996), UINT32_C(0x03FB05AD), ++ UINT32_C(0x0952B30E), UINT32_C(0x066E8B73), UINT32_C(0x02E38706), ++ UINT32_C(0x06AD215A), UINT32_C(0x05770FF2), UINT32_C(0x0CCC64AA), ++ UINT32_C(0x00A77560), UINT32_C(0x084A4A57), UINT32_C(0x07428950), ++ UINT32_C(0x007783FF) }, ++ { UINT32_C(0x07864A53), UINT32_C(0x02B0B04D), UINT32_C(0x0CE9B903), ++ UINT32_C(0x032C4DB9), UINT32_C(0x0ED34B7B), UINT32_C(0x02B9BB80), ++ UINT32_C(0x0107A7A1), UINT32_C(0x0133502C), UINT32_C(0x06939D9B), ++ UINT32_C(0x07AE6A42), UINT32_C(0x01C55CB0), UINT32_C(0x0A087059), ++ UINT32_C(0x011E8069), UINT32_C(0x02AC5D81), UINT32_C(0x0FF470E4), ++ UINT32_C(0x068D4B88), UINT32_C(0x03B934D1), UINT32_C(0x01E86F4D), ++ UINT32_C(0x00286D40) } }, ++ { { UINT32_C(0x0A097CC4), UINT32_C(0x07C93D92), UINT32_C(0x03638A82), ++ UINT32_C(0x05D44662), UINT32_C(0x034F8801), UINT32_C(0x01E1B0E9), ++ UINT32_C(0x03132ED7), UINT32_C(0x0D61A771), UINT32_C(0x0777FA2F), ++ UINT32_C(0x0E4D4244), UINT32_C(0x02CDDCA4), UINT32_C(0x01988721), ++ UINT32_C(0x0694972F), UINT32_C(0x02AA2585), UINT32_C(0x06A552DD), ++ UINT32_C(0x02719251), UINT32_C(0x0C4FD604), UINT32_C(0x033FC4DD), ++ UINT32_C(0x02A49BC5) }, ++ { UINT32_C(0x0ECC32F4), UINT32_C(0x03998CBA), UINT32_C(0x0E555140), ++ UINT32_C(0x06BE70C6), UINT32_C(0x02ECE0DB), UINT32_C(0x07D7EE62), ++ UINT32_C(0x006B8450), UINT32_C(0x0C677BF6), UINT32_C(0x0065EEBA), ++ UINT32_C(0x0C8F791B), UINT32_C(0x05880489), UINT32_C(0x07724E1B), ++ UINT32_C(0x00C43815), UINT32_C(0x079C7129), UINT32_C(0x0AC7BD8B), ++ UINT32_C(0x00B35A76), UINT32_C(0x0E62F127), UINT32_C(0x06892912), ++ UINT32_C(0x069DE730) } }, ++ { { UINT32_C(0x0D176E2E), UINT32_C(0x04BD43B7), UINT32_C(0x0843A348), ++ UINT32_C(0x0749D5C1), UINT32_C(0x0ED9CC05), UINT32_C(0x00305C32), ++ UINT32_C(0x037CC7F4), UINT32_C(0x03DF22FB), UINT32_C(0x05799B29), ++ UINT32_C(0x0BAA8556), UINT32_C(0x01B9550B), UINT32_C(0x0B71D97D), ++ UINT32_C(0x071866D2), UINT32_C(0x042A76ED), UINT32_C(0x0CF558E6), ++ UINT32_C(0x05C52446), UINT32_C(0x0E80A5C3), UINT32_C(0x0732DC8B), ++ UINT32_C(0x05430293) }, ++ { UINT32_C(0x08A05AA1), UINT32_C(0x060E94EA), UINT32_C(0x0495DB83), ++ UINT32_C(0x07F23E7E), UINT32_C(0x09BABC6A), UINT32_C(0x07B134F3), ++ UINT32_C(0x02C60301), UINT32_C(0x0C76C75A), UINT32_C(0x0496E91D), ++ UINT32_C(0x0354A538), UINT32_C(0x03F832DB), UINT32_C(0x03139812), ++ UINT32_C(0x028BB56E), UINT32_C(0x06BC315A), UINT32_C(0x08F87E08), ++ UINT32_C(0x04EB9933), UINT32_C(0x0D94A083), UINT32_C(0x00F1E782), ++ UINT32_C(0x00039DA7) } }, ++ { { UINT32_C(0x0F46E9D5), UINT32_C(0x04AFDE7F), UINT32_C(0x02DD9156), ++ UINT32_C(0x03A43A4A), UINT32_C(0x0334CF91), UINT32_C(0x06B820D5), ++ UINT32_C(0x02AB098A), UINT32_C(0x010407F3), UINT32_C(0x06E15825), ++ UINT32_C(0x0DE19BBC), UINT32_C(0x05C155A7), UINT32_C(0x098AB480), ++ UINT32_C(0x027F0A26), UINT32_C(0x001E493A), UINT32_C(0x0D3BF154), ++ UINT32_C(0x0022BB7B), UINT32_C(0x092F7F8A), UINT32_C(0x025E06B0), ++ UINT32_C(0x0214EC84) }, ++ { UINT32_C(0x0E367447), UINT32_C(0x07A76C60), UINT32_C(0x0E7F25B2), ++ UINT32_C(0x061DC274), UINT32_C(0x08037471), UINT32_C(0x0601CC83), ++ UINT32_C(0x077C01C1), UINT32_C(0x0BD797B8), UINT32_C(0x07A2D854), ++ UINT32_C(0x0F539925), UINT32_C(0x00056A50), UINT32_C(0x0F52ABBB), ++ UINT32_C(0x01C407C4), UINT32_C(0x046E3EC8), UINT32_C(0x08C6B255), ++ UINT32_C(0x06BB4D5F), UINT32_C(0x09336DFF), UINT32_C(0x00D914F1), ++ UINT32_C(0x01F9DBAA) } }, ++ { { UINT32_C(0x0D831A04), UINT32_C(0x05A97D33), UINT32_C(0x0906D401), ++ UINT32_C(0x01E543D5), UINT32_C(0x063B64A7), UINT32_C(0x01DF1F04), ++ UINT32_C(0x07BEAE26), UINT32_C(0x0C4C51CE), UINT32_C(0x071253E1), ++ UINT32_C(0x07C5C1BC), UINT32_C(0x0686EDD8), UINT32_C(0x0EADB491), ++ UINT32_C(0x06FCC7E8), UINT32_C(0x04DC895B), UINT32_C(0x0DA99CB1), ++ UINT32_C(0x07538043), UINT32_C(0x0DCCD221), UINT32_C(0x05338542), ++ UINT32_C(0x0263F3E2) }, ++ { UINT32_C(0x049B2FC3), UINT32_C(0x00D9571D), UINT32_C(0x09A6B74E), ++ UINT32_C(0x013E9069), UINT32_C(0x0C142061), UINT32_C(0x0661D5AE), ++ UINT32_C(0x078F1467), UINT32_C(0x0568D3A9), UINT32_C(0x02729AA5), ++ UINT32_C(0x0749905F), UINT32_C(0x02491337), UINT32_C(0x0A8EED74), ++ UINT32_C(0x070FB80C), UINT32_C(0x066BA15B), UINT32_C(0x087A7668), ++ UINT32_C(0x03342CBD), UINT32_C(0x0FCD50D2), UINT32_C(0x017CF7F9), ++ UINT32_C(0x05DA6EDD) } }, ++ }, ++ { ++ { { UINT32_C(0x08ECE594), UINT32_C(0x02E6D7AF), UINT32_C(0x0160833B), ++ UINT32_C(0x05E9199C), UINT32_C(0x05C1EB44), UINT32_C(0x01F9CDD2), ++ UINT32_C(0x04ECBF7E), UINT32_C(0x011F5E2E), UINT32_C(0x00B16683), ++ UINT32_C(0x082C80F7), UINT32_C(0x04F6D76E), UINT32_C(0x0A9035A2), ++ UINT32_C(0x02A6F996), UINT32_C(0x07CF51EF), UINT32_C(0x011C78A5), ++ UINT32_C(0x03E6811A), UINT32_C(0x0DCCBD54), UINT32_C(0x029CA158), ++ UINT32_C(0x0188556B) }, ++ { UINT32_C(0x0EBBFAD7), UINT32_C(0x036D4FEF), UINT32_C(0x0DAD8CB2), ++ UINT32_C(0x024C5461), UINT32_C(0x09F7253C), UINT32_C(0x052C8206), ++ UINT32_C(0x03009FD7), UINT32_C(0x05A4E883), UINT32_C(0x04FFDBF8), ++ UINT32_C(0x07B5A2D0), UINT32_C(0x0487033B), UINT32_C(0x003EABFC), ++ UINT32_C(0x0107E479), UINT32_C(0x0479A422), UINT32_C(0x0ECEA707), ++ UINT32_C(0x05D06F61), UINT32_C(0x05BD0428), UINT32_C(0x01301D97), ++ UINT32_C(0x0137ADE9) } }, ++ { { UINT32_C(0x008164D4), UINT32_C(0x02998A00), UINT32_C(0x0E9FE1D5), ++ UINT32_C(0x05B9A827), UINT32_C(0x0AA45754), UINT32_C(0x06793FDD), ++ UINT32_C(0x01D8C060), UINT32_C(0x030ECBF4), UINT32_C(0x01FDC34C), ++ UINT32_C(0x0FA8650F), UINT32_C(0x0739AA31), UINT32_C(0x0905FB0D), ++ UINT32_C(0x04B98585), UINT32_C(0x04528DD9), UINT32_C(0x0582E0E8), ++ UINT32_C(0x0685885D), UINT32_C(0x008F4125), UINT32_C(0x02A15C01), ++ UINT32_C(0x023D540D) }, ++ { UINT32_C(0x039B003C), UINT32_C(0x074C5CC0), UINT32_C(0x029B2FBB), ++ UINT32_C(0x07F27890), UINT32_C(0x0C083234), UINT32_C(0x054081D7), ++ UINT32_C(0x0109E54D), UINT32_C(0x08920F8E), UINT32_C(0x07D87B98), ++ UINT32_C(0x07E36E68), UINT32_C(0x023912DB), UINT32_C(0x071A5BBC), ++ UINT32_C(0x0733E49F), UINT32_C(0x058495D0), UINT32_C(0x0068F694), ++ UINT32_C(0x012DCC7D), UINT32_C(0x0DC88ED4), UINT32_C(0x06D1A2D4), ++ UINT32_C(0x02BBA636) } }, ++ { { UINT32_C(0x0B78796F), UINT32_C(0x0335FA8E), UINT32_C(0x0243FD16), ++ UINT32_C(0x03C6B319), UINT32_C(0x01CD8CA8), UINT32_C(0x0704FAEE), ++ UINT32_C(0x04540F1E), UINT32_C(0x092AC9A2), UINT32_C(0x020A1CA3), ++ UINT32_C(0x023FC6DD), UINT32_C(0x01EFAF42), UINT32_C(0x00BC4AB2), ++ UINT32_C(0x0206DD26), UINT32_C(0x07400CF2), UINT32_C(0x072BD012), ++ UINT32_C(0x00840AB3), UINT32_C(0x016D752E), UINT32_C(0x00CEF006), ++ UINT32_C(0x0647C23D) }, ++ { UINT32_C(0x0F6CA70B), UINT32_C(0x05AFF85F), UINT32_C(0x031691E3), ++ UINT32_C(0x01063899), UINT32_C(0x02420E8C), UINT32_C(0x03D2D13C), ++ UINT32_C(0x059E8A01), UINT32_C(0x0FC5FC43), UINT32_C(0x042A852F), ++ UINT32_C(0x06446FD4), UINT32_C(0x0341CB5B), UINT32_C(0x044193ED), ++ UINT32_C(0x073BE475), UINT32_C(0x051FCBEA), UINT32_C(0x00D6D405), ++ UINT32_C(0x00A0026F), UINT32_C(0x09A09555), UINT32_C(0x0037DFDB), ++ UINT32_C(0x0186A76D) } }, ++ { { UINT32_C(0x06762E69), UINT32_C(0x05E586F2), UINT32_C(0x08A5D295), ++ UINT32_C(0x021AEB8A), UINT32_C(0x0D8E9356), UINT32_C(0x05E8F45E), ++ UINT32_C(0x04336CB6), UINT32_C(0x04373909), UINT32_C(0x020299B5), ++ UINT32_C(0x013EB290), UINT32_C(0x061E0E31), UINT32_C(0x07167125), ++ UINT32_C(0x01291CE5), UINT32_C(0x05F204F5), UINT32_C(0x060A0EA2), ++ UINT32_C(0x0414B179), UINT32_C(0x064F6F43), UINT32_C(0x0114060E), ++ UINT32_C(0x040928CF) }, ++ { UINT32_C(0x0B54A6C6), UINT32_C(0x010FE7C2), UINT32_C(0x0FDA19CB), ++ UINT32_C(0x056B791E), UINT32_C(0x049ED286), UINT32_C(0x02401472), ++ UINT32_C(0x048F8CD1), UINT32_C(0x0EAC2400), UINT32_C(0x075D6078), ++ UINT32_C(0x0EAAD7B3), UINT32_C(0x051EDE19), UINT32_C(0x0D7E6F09), ++ UINT32_C(0x001044A9), UINT32_C(0x0411E3BA), UINT32_C(0x0D3647C4), ++ UINT32_C(0x00168497), UINT32_C(0x08BA1235), UINT32_C(0x01C93676), ++ UINT32_C(0x01411BDC) } }, ++ { { UINT32_C(0x07F5FEA0), UINT32_C(0x068F1494), UINT32_C(0x0CF3659A), ++ UINT32_C(0x034F4CD5), UINT32_C(0x08840E07), UINT32_C(0x01463227), ++ UINT32_C(0x02CE4099), UINT32_C(0x00306A1A), UINT32_C(0x043276DA), ++ UINT32_C(0x0C0A79A8), UINT32_C(0x045485DA), UINT32_C(0x0D43B7E5), ++ UINT32_C(0x0245D30D), UINT32_C(0x07040ECA), UINT32_C(0x0F0944E2), ++ UINT32_C(0x02FAB448), UINT32_C(0x0A3418D6), UINT32_C(0x00AEEE32), ++ UINT32_C(0x054B0477) }, ++ { UINT32_C(0x002E1A49), UINT32_C(0x02417738), UINT32_C(0x003FC230), ++ UINT32_C(0x057B81BC), UINT32_C(0x09252F9B), UINT32_C(0x071E923E), ++ UINT32_C(0x07556FE9), UINT32_C(0x0405C043), UINT32_C(0x05F4A479), ++ UINT32_C(0x00AE6EBC), UINT32_C(0x0470CEA9), UINT32_C(0x043EFE7F), ++ UINT32_C(0x032F779B), UINT32_C(0x05D5E4C1), UINT32_C(0x0F412FF3), ++ UINT32_C(0x029E0A95), UINT32_C(0x027FF900), UINT32_C(0x0639C4FE), ++ UINT32_C(0x05496FF2) } }, ++ { { UINT32_C(0x093A81E5), UINT32_C(0x06552EA0), UINT32_C(0x076C940F), ++ UINT32_C(0x04D9EBF4), UINT32_C(0x07435E68), UINT32_C(0x00026B20), ++ UINT32_C(0x022F07A1), UINT32_C(0x0D1152A6), UINT32_C(0x01605EB4), ++ UINT32_C(0x021ED2B3), UINT32_C(0x0416BC52), UINT32_C(0x0F03BB25), ++ UINT32_C(0x032FD879), UINT32_C(0x0224E24D), UINT32_C(0x0227BC06), ++ UINT32_C(0x07E18BB7), UINT32_C(0x0846E10C), UINT32_C(0x025383D2), ++ UINT32_C(0x0716FE98) }, ++ { UINT32_C(0x048353E7), UINT32_C(0x06A51D17), UINT32_C(0x0602B7B4), ++ UINT32_C(0x00A3A912), UINT32_C(0x00D41798), UINT32_C(0x009BAAA2), ++ UINT32_C(0x014F6863), UINT32_C(0x0B8C9E0C), UINT32_C(0x004E89E7), ++ UINT32_C(0x01EA2B4D), UINT32_C(0x069FE41B), UINT32_C(0x0E23CD44), ++ UINT32_C(0x0284C3F8), UINT32_C(0x0709633E), UINT32_C(0x00EC122E), ++ UINT32_C(0x054C3546), UINT32_C(0x0274CE48), UINT32_C(0x0562858C), ++ UINT32_C(0x00845131) } }, ++ { { UINT32_C(0x093C77DA), UINT32_C(0x01D351AD), UINT32_C(0x023A3C02), ++ UINT32_C(0x050A84F5), UINT32_C(0x0D2278BA), UINT32_C(0x0166F47B), ++ UINT32_C(0x010E24C3), UINT32_C(0x0171F355), UINT32_C(0x070D70CC), ++ UINT32_C(0x0F04C14A), UINT32_C(0x0675CE80), UINT32_C(0x03C92277), ++ UINT32_C(0x027C5314), UINT32_C(0x0475432E), UINT32_C(0x0A42C984), ++ UINT32_C(0x021A86BA), UINT32_C(0x09667047), UINT32_C(0x0162D620), ++ UINT32_C(0x05CE1F5E) }, ++ { UINT32_C(0x0541016D), UINT32_C(0x04AA27AD), UINT32_C(0x024272A0), ++ UINT32_C(0x0124A937), UINT32_C(0x04022798), UINT32_C(0x04C4908F), ++ UINT32_C(0x078D2755), UINT32_C(0x05FC4690), UINT32_C(0x03D49867), ++ UINT32_C(0x0D0542ED), UINT32_C(0x014AC0C6), UINT32_C(0x0444F4AA), ++ UINT32_C(0x0527B53A), UINT32_C(0x04E463E4), UINT32_C(0x084795B9), ++ UINT32_C(0x06190D53), UINT32_C(0x01F0982A), UINT32_C(0x06C19AFA), ++ UINT32_C(0x02B40A43) } }, ++ { { UINT32_C(0x0D526DD9), UINT32_C(0x02D2A436), UINT32_C(0x06CBC632), ++ UINT32_C(0x06A016EB), UINT32_C(0x0229215C), UINT32_C(0x063A186E), ++ UINT32_C(0x056A2652), UINT32_C(0x0982D8F0), UINT32_C(0x04950B55), ++ UINT32_C(0x0C34A068), UINT32_C(0x036F958C), UINT32_C(0x0EC7C304), ++ UINT32_C(0x00685912), UINT32_C(0x00521605), UINT32_C(0x074386C5), ++ UINT32_C(0x06C5C880), UINT32_C(0x01D5C0E0), UINT32_C(0x0321B5FC), ++ UINT32_C(0x031F89D8) }, ++ { UINT32_C(0x0E4F4EFB), UINT32_C(0x042EF02C), UINT32_C(0x0747294D), ++ UINT32_C(0x06315147), UINT32_C(0x09826B36), UINT32_C(0x044F7A99), ++ UINT32_C(0x00DA6A3B), UINT32_C(0x0B192C6C), UINT32_C(0x017D9CD6), ++ UINT32_C(0x07D0FC8D), UINT32_C(0x00306186), UINT32_C(0x0DA5FD2C), ++ UINT32_C(0x048EA8B6), UINT32_C(0x041BED38), UINT32_C(0x028A7681), ++ UINT32_C(0x0444E09E), UINT32_C(0x07A1C182), UINT32_C(0x06CEB6B8), ++ UINT32_C(0x0402E972) } }, ++ { { UINT32_C(0x0A37CD61), UINT32_C(0x07A90498), UINT32_C(0x03236B70), ++ UINT32_C(0x010D1CA8), UINT32_C(0x0C8EE94C), UINT32_C(0x01332402), ++ UINT32_C(0x00D01671), UINT32_C(0x0D20BD0A), UINT32_C(0x04F8905D), ++ UINT32_C(0x0CB75503), UINT32_C(0x07C71184), UINT32_C(0x04D224FF), ++ UINT32_C(0x05EF5D3B), UINT32_C(0x02D2D84B), UINT32_C(0x0776D6B8), ++ UINT32_C(0x01B04C47), UINT32_C(0x0C6883AD), UINT32_C(0x041BC984), ++ UINT32_C(0x0738830F) }, ++ { UINT32_C(0x008A7408), UINT32_C(0x01833053), UINT32_C(0x0DCDED77), ++ UINT32_C(0x0660E3CD), UINT32_C(0x003541F4), UINT32_C(0x06650324), ++ UINT32_C(0x056D1103), UINT32_C(0x012DDC16), UINT32_C(0x04858446), ++ UINT32_C(0x031BD98F), UINT32_C(0x07EA97C0), UINT32_C(0x033EA10E), ++ UINT32_C(0x07E40598), UINT32_C(0x03935067), UINT32_C(0x06BD3C58), ++ UINT32_C(0x0709A382), UINT32_C(0x0FFD62B5), UINT32_C(0x03ACA64E), ++ UINT32_C(0x02BDB05C) } }, ++ { { UINT32_C(0x019DDB66), UINT32_C(0x0151276D), UINT32_C(0x0D169D42), ++ UINT32_C(0x07424F74), UINT32_C(0x0073574B), UINT32_C(0x029D6033), ++ UINT32_C(0x04805B63), UINT32_C(0x0FF3CCB8), UINT32_C(0x0657BEB9), ++ UINT32_C(0x06710C8D), UINT32_C(0x076A0EFE), UINT32_C(0x05FFC38A), ++ UINT32_C(0x039B2127), UINT32_C(0x04A7D60B), UINT32_C(0x0D352201), ++ UINT32_C(0x0459932F), UINT32_C(0x0A56306E), UINT32_C(0x05D63C8E), ++ UINT32_C(0x01727D3E) }, ++ { UINT32_C(0x0A228C02), UINT32_C(0x0454E2FD), UINT32_C(0x0C5CF406), ++ UINT32_C(0x072A6748), UINT32_C(0x09478B3C), UINT32_C(0x01C032C4), ++ UINT32_C(0x024B1CF3), UINT32_C(0x07BCB89A), UINT32_C(0x017F8136), ++ UINT32_C(0x03BFA207), UINT32_C(0x0032CE35), UINT32_C(0x01301C08), ++ UINT32_C(0x01F1D68E), UINT32_C(0x024447E0), UINT32_C(0x00655D3F), ++ UINT32_C(0x04B5B6DB), UINT32_C(0x08F50A61), UINT32_C(0x07FE19DA), ++ UINT32_C(0x01906979) } }, ++ { { UINT32_C(0x04E80EB1), UINT32_C(0x052DB749), UINT32_C(0x0FA876FF), ++ UINT32_C(0x014D563E), UINT32_C(0x0DD8DCB4), UINT32_C(0x06D08CF5), ++ UINT32_C(0x0088B6C9), UINT32_C(0x099DAF2C), UINT32_C(0x06ADE3E9), ++ UINT32_C(0x05F27F40), UINT32_C(0x076292C5), UINT32_C(0x02149C44), ++ UINT32_C(0x04ECED26), UINT32_C(0x04016166), UINT32_C(0x0E8DD0F0), ++ UINT32_C(0x02703366), UINT32_C(0x09A4D3F8), UINT32_C(0x000C4924), ++ UINT32_C(0x066F3B89) }, ++ { UINT32_C(0x00F92986), UINT32_C(0x001B8CB3), UINT32_C(0x0C27E556), ++ UINT32_C(0x05EAB0C7), UINT32_C(0x0A95BBEF), UINT32_C(0x011331B7), ++ UINT32_C(0x03245504), UINT32_C(0x0B108EBA), UINT32_C(0x0704FE66), ++ UINT32_C(0x0AEECF39), UINT32_C(0x0485E096), UINT32_C(0x0D5B3E1E), ++ UINT32_C(0x02DB3A00), UINT32_C(0x06FBA80E), UINT32_C(0x0AEE0EA5), ++ UINT32_C(0x064273CE), UINT32_C(0x0CD775D3), UINT32_C(0x00232462), ++ UINT32_C(0x0347DCE7) } }, ++ { { UINT32_C(0x029AE558), UINT32_C(0x07BED198), UINT32_C(0x073802BF), ++ UINT32_C(0x0528429C), UINT32_C(0x02A79F18), UINT32_C(0x045BFA11), ++ UINT32_C(0x07B77865), UINT32_C(0x065D4D35), UINT32_C(0x03701A97), ++ UINT32_C(0x03C87FB5), UINT32_C(0x07338AED), UINT32_C(0x0260F0C6), ++ UINT32_C(0x032E371B), UINT32_C(0x048EAB15), UINT32_C(0x06488CED), ++ UINT32_C(0x04349BDC), UINT32_C(0x09FF872F), UINT32_C(0x01EBC954), ++ UINT32_C(0x02644425) }, ++ { UINT32_C(0x0AAD22D1), UINT32_C(0x04DA634D), UINT32_C(0x0931B0A2), ++ UINT32_C(0x0366BA6D), UINT32_C(0x0A03F852), UINT32_C(0x003C4DA2), ++ UINT32_C(0x07BDDE59), UINT32_C(0x00543C06), UINT32_C(0x05EA4710), ++ UINT32_C(0x0622BACC), UINT32_C(0x03C86D6F), UINT32_C(0x0810EAB1), ++ UINT32_C(0x0128E64D), UINT32_C(0x02C5B6EF), UINT32_C(0x0F37432C), ++ UINT32_C(0x0391A4CD), UINT32_C(0x09344B8B), UINT32_C(0x007DDA34), ++ UINT32_C(0x02408EDC) } }, ++ { { UINT32_C(0x0EB8B398), UINT32_C(0x068DF986), UINT32_C(0x0BCADF8A), ++ UINT32_C(0x01829A9B), UINT32_C(0x017C9B77), UINT32_C(0x0446621A), ++ UINT32_C(0x026EE0C4), UINT32_C(0x0E0FE9B2), UINT32_C(0x0528FE1C), ++ UINT32_C(0x08E6DD5A), UINT32_C(0x018FB2E0), UINT32_C(0x0FD2A7AB), ++ UINT32_C(0x002E71A2), UINT32_C(0x069C2EFB), UINT32_C(0x0156F759), ++ UINT32_C(0x04F3A78E), UINT32_C(0x022C4533), UINT32_C(0x069A2816), ++ UINT32_C(0x03C034B1) }, ++ { UINT32_C(0x0D05FF6A), UINT32_C(0x07761186), UINT32_C(0x0D73ABC6), ++ UINT32_C(0x06AC086B), UINT32_C(0x0BF965A1), UINT32_C(0x05F6546D), ++ UINT32_C(0x07767397), UINT32_C(0x005C4608), UINT32_C(0x005803C4), ++ UINT32_C(0x024EE133), UINT32_C(0x05FC51BD), UINT32_C(0x099F0D97), ++ UINT32_C(0x00437C0C), UINT32_C(0x0553A827), UINT32_C(0x0FB0EB60), ++ UINT32_C(0x06A7AEC5), UINT32_C(0x07C31264), UINT32_C(0x020D4B32), ++ UINT32_C(0x045F6381) } }, ++ { { UINT32_C(0x04D9F1F8), UINT32_C(0x05315A15), UINT32_C(0x01990B25), ++ UINT32_C(0x01A6DE98), UINT32_C(0x036D854A), UINT32_C(0x03D25F0D), ++ UINT32_C(0x06673F83), UINT32_C(0x04C56936), UINT32_C(0x019ACD66), ++ UINT32_C(0x0C1F1C47), UINT32_C(0x04AD0FD3), UINT32_C(0x0148F4FA), ++ UINT32_C(0x07BC3A93), UINT32_C(0x02F86E22), UINT32_C(0x0291F62B), ++ UINT32_C(0x01F87233), UINT32_C(0x0F616501), UINT32_C(0x06C1B9E5), ++ UINT32_C(0x05FB6CAA) }, ++ { UINT32_C(0x0DAF0C41), UINT32_C(0x050BE47B), UINT32_C(0x0DD799BF), ++ UINT32_C(0x00BB8754), UINT32_C(0x07221726), UINT32_C(0x00F26A35), ++ UINT32_C(0x0474A809), UINT32_C(0x0250B288), UINT32_C(0x0680A8C1), ++ UINT32_C(0x09FDC598), UINT32_C(0x00424EA2), UINT32_C(0x09CADE7E), ++ UINT32_C(0x0092845D), UINT32_C(0x0301B24F), UINT32_C(0x0CF7BF3E), ++ UINT32_C(0x0747B26E), UINT32_C(0x04110EBF), UINT32_C(0x002FC650), ++ UINT32_C(0x066AF8B8) } }, ++ { { UINT32_C(0x06DBC74A), UINT32_C(0x02C31098), UINT32_C(0x069497D4), ++ UINT32_C(0x048864EC), UINT32_C(0x01E12C96), UINT32_C(0x03EE9F03), ++ UINT32_C(0x05400CB4), UINT32_C(0x00B9E174), UINT32_C(0x04923BC3), ++ UINT32_C(0x0B5B54EA), UINT32_C(0x04A635C8), UINT32_C(0x0039A770), ++ UINT32_C(0x079340D3), UINT32_C(0x02B053A6), UINT32_C(0x0AA8C800), ++ UINT32_C(0x073E66A4), UINT32_C(0x0304ED5B), UINT32_C(0x007ACB50), ++ UINT32_C(0x069EBA57) }, ++ { UINT32_C(0x04FA3D53), UINT32_C(0x050EF28C), UINT32_C(0x09A3C2CF), ++ UINT32_C(0x03DE9C58), UINT32_C(0x085E0F9C), UINT32_C(0x069D187C), ++ UINT32_C(0x04624402), UINT32_C(0x0C81F8BF), UINT32_C(0x02E444D9), ++ UINT32_C(0x0D776F3C), UINT32_C(0x02B966E8), UINT32_C(0x017A5803), ++ UINT32_C(0x005E79FE), UINT32_C(0x017FF63B), UINT32_C(0x05B01559), ++ UINT32_C(0x03097D34), UINT32_C(0x0F3A10BA), UINT32_C(0x0712D05A), ++ UINT32_C(0x03904282) } }, ++ { { UINT32_C(0x0727DDB2), UINT32_C(0x0322FBEE), UINT32_C(0x006E2FCD), ++ UINT32_C(0x07EA06FF), UINT32_C(0x0BA09E24), UINT32_C(0x00F733F8), ++ UINT32_C(0x03D6DCAE), UINT32_C(0x049125D5), UINT32_C(0x077E1A66), ++ UINT32_C(0x0D68AE84), UINT32_C(0x04F77FA6), UINT32_C(0x0964F229), ++ UINT32_C(0x011AD49C), UINT32_C(0x05CC02E9), UINT32_C(0x03E1CD67), ++ UINT32_C(0x06E9B6EE), UINT32_C(0x02ABE8BE), UINT32_C(0x056C7601), ++ UINT32_C(0x050C554C) }, ++ { UINT32_C(0x01B068CF), UINT32_C(0x012F41C1), UINT32_C(0x0CD31293), ++ UINT32_C(0x056F1C35), UINT32_C(0x0716CA13), UINT32_C(0x0544293E), ++ UINT32_C(0x06007211), UINT32_C(0x04F726E6), UINT32_C(0x007D49EF), ++ UINT32_C(0x0E336972), UINT32_C(0x031C46EF), UINT32_C(0x025A6106), ++ UINT32_C(0x05AA92B9), UINT32_C(0x011700B0), UINT32_C(0x011058CF), ++ UINT32_C(0x00395DAC), UINT32_C(0x02BBCCE0), UINT32_C(0x029EAC52), ++ UINT32_C(0x028A26A5) } }, ++ }, ++ { ++ { { UINT32_C(0x0FFE4858), UINT32_C(0x044AC143), UINT32_C(0x06252D69), ++ UINT32_C(0x03691755), UINT32_C(0x0DE0F670), UINT32_C(0x0295E478), ++ UINT32_C(0x05945AF8), UINT32_C(0x0A5D32CA), UINT32_C(0x0234DE82), ++ UINT32_C(0x0F67E075), UINT32_C(0x06115CED), UINT32_C(0x00AE3A40), ++ UINT32_C(0x04F21740), UINT32_C(0x05BA53F6), UINT32_C(0x05840CD3), ++ UINT32_C(0x02246AB6), UINT32_C(0x0A7E5891), UINT32_C(0x00E30EE3), ++ UINT32_C(0x06E32125) }, ++ { UINT32_C(0x028DA023), UINT32_C(0x0757D14A), UINT32_C(0x0F1F2367), ++ UINT32_C(0x071B23A0), UINT32_C(0x09FF6F22), UINT32_C(0x06AE99FC), ++ UINT32_C(0x07D2FAD3), UINT32_C(0x0C60DF70), UINT32_C(0x008ADC3F), ++ UINT32_C(0x090D9E92), UINT32_C(0x027C0C30), UINT32_C(0x01553F37), ++ UINT32_C(0x047ACF16), UINT32_C(0x017392AB), UINT32_C(0x05D9DD01), ++ UINT32_C(0x07D1EF5C), UINT32_C(0x039F6FB5), UINT32_C(0x029DC337), ++ UINT32_C(0x04960195) } }, ++ { { UINT32_C(0x0994A7B1), UINT32_C(0x00E9A7BA), UINT32_C(0x03544C1B), ++ UINT32_C(0x0606BDF6), UINT32_C(0x01F3406A), UINT32_C(0x0635C178), ++ UINT32_C(0x04CA0BE9), UINT32_C(0x09B74F10), UINT32_C(0x046E4155), ++ UINT32_C(0x0655718B), UINT32_C(0x06B58CFD), UINT32_C(0x00E2656C), ++ UINT32_C(0x0426833D), UINT32_C(0x063C550C), UINT32_C(0x049DDCA9), ++ UINT32_C(0x04F6A9FC), UINT32_C(0x0676F8FD), UINT32_C(0x07BCA38C), ++ UINT32_C(0x059BDCBC) }, ++ { UINT32_C(0x096F6D73), UINT32_C(0x0378FAEB), UINT32_C(0x0AA2949D), ++ UINT32_C(0x02979AD2), UINT32_C(0x0FD54FA0), UINT32_C(0x0358AB66), ++ UINT32_C(0x012D1C2E), UINT32_C(0x0A3E9433), UINT32_C(0x012502DC), ++ UINT32_C(0x0BF42C60), UINT32_C(0x02403252), UINT32_C(0x0B59A13D), ++ UINT32_C(0x07CE87D8), UINT32_C(0x06EFA510), UINT32_C(0x0F316813), ++ UINT32_C(0x048C6131), UINT32_C(0x0ABB4F2B), UINT32_C(0x00135CF6), ++ UINT32_C(0x019B839C) } }, ++ { { UINT32_C(0x0CDE12CD), UINT32_C(0x01F2EE46), UINT32_C(0x096668FC), ++ UINT32_C(0x06800020), UINT32_C(0x0D8D4DC3), UINT32_C(0x01F9D872), ++ UINT32_C(0x0074B363), UINT32_C(0x08E353D0), UINT32_C(0x06B87B06), ++ UINT32_C(0x05F1A3E4), UINT32_C(0x03D67702), UINT32_C(0x0AD5ACE9), ++ UINT32_C(0x024E9994), UINT32_C(0x03C2A440), UINT32_C(0x05A6C55C), ++ UINT32_C(0x045CAA47), UINT32_C(0x0AC34E77), UINT32_C(0x068E05E3), ++ UINT32_C(0x0598564E) }, ++ { UINT32_C(0x0366B021), UINT32_C(0x017935A2), UINT32_C(0x04F773DB), ++ UINT32_C(0x04629F66), UINT32_C(0x096AE2DC), UINT32_C(0x00DB3EE0), ++ UINT32_C(0x05684F63), UINT32_C(0x00391BA5), UINT32_C(0x07270BBB), ++ UINT32_C(0x0E28A705), UINT32_C(0x02BB0A4B), UINT32_C(0x097DCA61), ++ UINT32_C(0x04E133F5), UINT32_C(0x04899B3E), UINT32_C(0x00637ACF), ++ UINT32_C(0x02D4E63D), UINT32_C(0x09635CB7), UINT32_C(0x02DEDDE2), ++ UINT32_C(0x02229A95) } }, ++ { { UINT32_C(0x0CD34315), UINT32_C(0x02E1C8DC), UINT32_C(0x067A6FB7), ++ UINT32_C(0x03DB6FAE), UINT32_C(0x07281C55), UINT32_C(0x046AC647), ++ UINT32_C(0x002E790C), UINT32_C(0x0F3D1BC4), UINT32_C(0x0533A625), ++ UINT32_C(0x06417AC2), UINT32_C(0x018ACECE), UINT32_C(0x0B7019D6), ++ UINT32_C(0x06EDA9DA), UINT32_C(0x01938AF8), UINT32_C(0x029911BB), ++ UINT32_C(0x03E2995B), UINT32_C(0x0C0E3FBA), UINT32_C(0x011596D1), ++ UINT32_C(0x00271C3C) }, ++ { UINT32_C(0x0356A25A), UINT32_C(0x072A1ED9), UINT32_C(0x0EAF77B0), ++ UINT32_C(0x02B4B853), UINT32_C(0x0C759255), UINT32_C(0x02FB6C3D), ++ UINT32_C(0x0704DFA8), UINT32_C(0x0D59777F), UINT32_C(0x078F4FA8), ++ UINT32_C(0x03C11635), UINT32_C(0x02E52765), UINT32_C(0x02ACB74C), ++ UINT32_C(0x007731B9), UINT32_C(0x0137AD56), UINT32_C(0x063A4E6E), ++ UINT32_C(0x06744404), UINT32_C(0x09B78353), UINT32_C(0x04631A57), ++ UINT32_C(0x018C7F7E) } }, ++ { { UINT32_C(0x0EAD4FF9), UINT32_C(0x05871450), UINT32_C(0x07F9BF26), ++ UINT32_C(0x02BC1D4E), UINT32_C(0x00CD4484), UINT32_C(0x04EBA4AB), ++ UINT32_C(0x01DEDBB8), UINT32_C(0x0E25B38D), UINT32_C(0x049D1268), ++ UINT32_C(0x0D04AABB), UINT32_C(0x01AEF51D), UINT32_C(0x00829E43), ++ UINT32_C(0x05402C62), UINT32_C(0x0368D70D), UINT32_C(0x03775E01), ++ UINT32_C(0x04503803), UINT32_C(0x02B6C48D), UINT32_C(0x01FD101D), ++ UINT32_C(0x0025FF9E) }, ++ { UINT32_C(0x0B8B195A), UINT32_C(0x02323FFC), UINT32_C(0x00557FA3), ++ UINT32_C(0x073ED365), UINT32_C(0x0A376D54), UINT32_C(0x023A3994), ++ UINT32_C(0x00F1CC64), UINT32_C(0x080DCBBA), UINT32_C(0x01BB869C), ++ UINT32_C(0x084DE7DF), UINT32_C(0x03102B44), UINT32_C(0x0559CF4A), ++ UINT32_C(0x0385604A), UINT32_C(0x05CB3A44), UINT32_C(0x022C8F10), ++ UINT32_C(0x00AC8251), UINT32_C(0x0D40C893), UINT32_C(0x00107891), ++ UINT32_C(0x06795987) } }, ++ { { UINT32_C(0x06920A2A), UINT32_C(0x051ED07D), UINT32_C(0x0D40A6DB), ++ UINT32_C(0x004D5082), UINT32_C(0x0BB2B0B9), UINT32_C(0x046EEDFC), ++ UINT32_C(0x077C4F4D), UINT32_C(0x0025B307), UINT32_C(0x00CCCEED), ++ UINT32_C(0x05AD182A), UINT32_C(0x0734F059), UINT32_C(0x0B480EE5), ++ UINT32_C(0x0170F1CB), UINT32_C(0x0417A672), UINT32_C(0x05B933B3), ++ UINT32_C(0x0279BB07), UINT32_C(0x0341E8CB), UINT32_C(0x071F7EBF), ++ UINT32_C(0x0231AF93) }, ++ { UINT32_C(0x01CA3CCC), UINT32_C(0x042A30AF), UINT32_C(0x0E1E55F1), ++ UINT32_C(0x07A6A1AC), UINT32_C(0x0D95EC2F), UINT32_C(0x029E2CCD), ++ UINT32_C(0x00847505), UINT32_C(0x0184F443), UINT32_C(0x04B6D717), ++ UINT32_C(0x03764831), UINT32_C(0x043E0649), UINT32_C(0x0378A536), ++ UINT32_C(0x0430CAB4), UINT32_C(0x05B08C42), UINT32_C(0x0B147E31), ++ UINT32_C(0x0270B565), UINT32_C(0x056846E1), UINT32_C(0x0393806E), ++ UINT32_C(0x0102687E) } }, ++ { { UINT32_C(0x0EB5DCD3), UINT32_C(0x0185FC5D), UINT32_C(0x03181617), ++ UINT32_C(0x01479862), UINT32_C(0x0D1E00A3), UINT32_C(0x000E2351), ++ UINT32_C(0x041EA413), UINT32_C(0x0EC09039), UINT32_C(0x00213EFE), ++ UINT32_C(0x02085A51), UINT32_C(0x027B7641), UINT32_C(0x0EE239C0), ++ UINT32_C(0x06D0F7BB), UINT32_C(0x0267C803), UINT32_C(0x0B79A7EE), ++ UINT32_C(0x0681FFDF), UINT32_C(0x08DFF64B), UINT32_C(0x0688C37C), ++ UINT32_C(0x03D1AE9F) }, ++ { UINT32_C(0x03B68E6C), UINT32_C(0x07F04BE5), UINT32_C(0x060E4D0D), ++ UINT32_C(0x0534899D), UINT32_C(0x0FA52B9C), UINT32_C(0x001C4752), ++ UINT32_C(0x00BCA60E), UINT32_C(0x041ED165), UINT32_C(0x01DBEB9D), ++ UINT32_C(0x04BEFD90), UINT32_C(0x05B1A36F), UINT32_C(0x0C6DA7CD), ++ UINT32_C(0x025F29BF), UINT32_C(0x0143D052), UINT32_C(0x099FCD3B), ++ UINT32_C(0x04934EE0), UINT32_C(0x00F9287C), UINT32_C(0x06BF2174), ++ UINT32_C(0x05D3AAEB) } }, ++ { { UINT32_C(0x0B07B1BF), UINT32_C(0x008B8614), UINT32_C(0x00E21485), ++ UINT32_C(0x07064A8F), UINT32_C(0x04328BCA), UINT32_C(0x0126ADF3), ++ UINT32_C(0x07D9CEFE), UINT32_C(0x0B5FE8D9), UINT32_C(0x03B144E7), ++ UINT32_C(0x0FF1E126), UINT32_C(0x06AF8F59), UINT32_C(0x07A6CE02), ++ UINT32_C(0x07F9BE52), UINT32_C(0x003588EF), UINT32_C(0x0EFF3D3A), ++ UINT32_C(0x052C77D2), UINT32_C(0x010CACE8), UINT32_C(0x05B1B51F), ++ UINT32_C(0x06F19D06) }, ++ { UINT32_C(0x042166D8), UINT32_C(0x04CD028C), UINT32_C(0x039C24AE), ++ UINT32_C(0x02C03F19), UINT32_C(0x067F4B98), UINT32_C(0x020FC733), ++ UINT32_C(0x01DAB42C), UINT32_C(0x02FF3B82), UINT32_C(0x048BCF28), ++ UINT32_C(0x019BFE25), UINT32_C(0x05777D5F), UINT32_C(0x06871AF8), ++ UINT32_C(0x04139F9E), UINT32_C(0x07211D99), UINT32_C(0x0AD09893), ++ UINT32_C(0x01E0FD46), UINT32_C(0x02906E37), UINT32_C(0x028275DB), ++ UINT32_C(0x046A1575) } }, ++ { { UINT32_C(0x08AA3834), UINT32_C(0x06C07864), UINT32_C(0x0E044947), ++ UINT32_C(0x03335EFD), UINT32_C(0x067B5E62), UINT32_C(0x034C6315), ++ UINT32_C(0x07572306), UINT32_C(0x07CFC444), UINT32_C(0x01B85C68), ++ UINT32_C(0x04AE9317), UINT32_C(0x004244BB), UINT32_C(0x02B9387A), ++ UINT32_C(0x07EC501D), UINT32_C(0x030A85A4), UINT32_C(0x035462ED), ++ UINT32_C(0x0713AD0C), UINT32_C(0x053851AC), UINT32_C(0x02FE3E5B), ++ UINT32_C(0x06B40EB3) }, ++ { UINT32_C(0x053E08C6), UINT32_C(0x05772205), UINT32_C(0x030BB610), ++ UINT32_C(0x008EE615), UINT32_C(0x0B7E6CE7), UINT32_C(0x00783E50), ++ UINT32_C(0x0096806A), UINT32_C(0x066126FD), UINT32_C(0x051C1C80), ++ UINT32_C(0x0ECBCD5E), UINT32_C(0x03A28DED), UINT32_C(0x08FD6395), ++ UINT32_C(0x022A192F), UINT32_C(0x0736A4A0), UINT32_C(0x01369C64), ++ UINT32_C(0x02AB6ECE), UINT32_C(0x06E0E541), UINT32_C(0x03248146), ++ UINT32_C(0x00948603) } }, ++ { { UINT32_C(0x069B34EA), UINT32_C(0x0336603F), UINT32_C(0x06DBFFB7), ++ UINT32_C(0x0300F54C), UINT32_C(0x03402123), UINT32_C(0x04E1356D), ++ UINT32_C(0x04422E8C), UINT32_C(0x0C555F86), UINT32_C(0x065AB272), ++ UINT32_C(0x053F830F), UINT32_C(0x0579A41E), UINT32_C(0x0FEFEF91), ++ UINT32_C(0x004E0795), UINT32_C(0x016107F9), UINT32_C(0x08D654BD), ++ UINT32_C(0x04ABFECE), UINT32_C(0x06C9D84D), UINT32_C(0x03813525), ++ UINT32_C(0x07CB6F50) }, ++ { UINT32_C(0x09047156), UINT32_C(0x010B8EB7), UINT32_C(0x0CC6FC83), ++ UINT32_C(0x0431B14F), UINT32_C(0x03572502), UINT32_C(0x076096FF), ++ UINT32_C(0x0028C298), UINT32_C(0x066F3BBA), UINT32_C(0x00B06491), ++ UINT32_C(0x0665164A), UINT32_C(0x04A5A55D), UINT32_C(0x02DAC096), ++ UINT32_C(0x03E71E1C), UINT32_C(0x0256A93B), UINT32_C(0x04C0530A), ++ UINT32_C(0x062EDF21), UINT32_C(0x0F59E8F8), UINT32_C(0x019409ED), ++ UINT32_C(0x07A2F4BF) } }, ++ { { UINT32_C(0x0665B1CF), UINT32_C(0x0034F110), UINT32_C(0x0E6E0C55), ++ UINT32_C(0x05548084), UINT32_C(0x0CB9C817), UINT32_C(0x010A8F87), ++ UINT32_C(0x012A9C49), UINT32_C(0x0982F57E), UINT32_C(0x00D5BB56), ++ UINT32_C(0x0649D707), UINT32_C(0x00C86A10), UINT32_C(0x0C3ED33B), ++ UINT32_C(0x065AEDD0), UINT32_C(0x061D08CC), UINT32_C(0x010AAD5D), ++ UINT32_C(0x015E11C5), UINT32_C(0x0CE68252), UINT32_C(0x03DCA282), ++ UINT32_C(0x023E7D61) }, ++ { UINT32_C(0x094CC511), UINT32_C(0x053544CA), UINT32_C(0x067DDC2E), ++ UINT32_C(0x022C5BA7), UINT32_C(0x0E503DBC), UINT32_C(0x06CD2E73), ++ UINT32_C(0x058CE06F), UINT32_C(0x072AA3E8), UINT32_C(0x06DB1977), ++ UINT32_C(0x04494EBF), UINT32_C(0x00968BBC), UINT32_C(0x02E8F607), ++ UINT32_C(0x06F93369), UINT32_C(0x00836553), UINT32_C(0x05A73753), ++ UINT32_C(0x03A8B586), UINT32_C(0x00A046AC), UINT32_C(0x0211F089), ++ UINT32_C(0x0389954D) } }, ++ { { UINT32_C(0x0BB13D25), UINT32_C(0x023A4F60), UINT32_C(0x05B894C3), ++ UINT32_C(0x01F6CF6C), UINT32_C(0x0F316A82), UINT32_C(0x07269483), ++ UINT32_C(0x0724D1FF), UINT32_C(0x081060C2), UINT32_C(0x07213116), ++ UINT32_C(0x0B65307F), UINT32_C(0x06CB9993), UINT32_C(0x04580D3B), ++ UINT32_C(0x064521E7), UINT32_C(0x07FA9810), UINT32_C(0x00B180DF), ++ UINT32_C(0x058701A7), UINT32_C(0x08BFB845), UINT32_C(0x0175BF68), ++ UINT32_C(0x02BF1464) }, ++ { UINT32_C(0x04B66F01), UINT32_C(0x059EAFDA), UINT32_C(0x02EB7B38), ++ UINT32_C(0x0382ED4B), UINT32_C(0x0D3E8A47), UINT32_C(0x061E1C44), ++ UINT32_C(0x06369F05), UINT32_C(0x0221CD6C), UINT32_C(0x033836B4), ++ UINT32_C(0x0580C2E2), UINT32_C(0x071C3002), UINT32_C(0x0C51E97D), ++ UINT32_C(0x06D684C3), UINT32_C(0x074D62F1), UINT32_C(0x0851439A), ++ UINT32_C(0x038AB710), UINT32_C(0x0300D39E), UINT32_C(0x0390C464), ++ UINT32_C(0x04D98E09) } }, ++ { { UINT32_C(0x0140A004), UINT32_C(0x00D68C0B), UINT32_C(0x080890B3), ++ UINT32_C(0x07D532CC), UINT32_C(0x05EC2C5B), UINT32_C(0x065415DB), ++ UINT32_C(0x021CBEF3), UINT32_C(0x0C92C4C7), UINT32_C(0x002C11E2), ++ UINT32_C(0x087FFDBE), UINT32_C(0x00BBD5AB), UINT32_C(0x0D3147C6), ++ UINT32_C(0x027322CF), UINT32_C(0x048AE30E), UINT32_C(0x0A78BD27), ++ UINT32_C(0x06E52637), UINT32_C(0x0F79BB43), UINT32_C(0x05C2CDD9), ++ UINT32_C(0x03AEDAB1) }, ++ { UINT32_C(0x01F8F797), UINT32_C(0x05E078E8), UINT32_C(0x0A430953), ++ UINT32_C(0x079FE860), UINT32_C(0x098B3236), UINT32_C(0x00A0033B), ++ UINT32_C(0x0311C26A), UINT32_C(0x02325326), UINT32_C(0x021CEBBC), ++ UINT32_C(0x01C498E4), UINT32_C(0x02365440), UINT32_C(0x091FBA94), ++ UINT32_C(0x017487BB), UINT32_C(0x0321A8D5), UINT32_C(0x071AEF9F), ++ UINT32_C(0x047D457D), UINT32_C(0x01BCFB0E), UINT32_C(0x0071F7BC), ++ UINT32_C(0x075AEFAA) } }, ++ { { UINT32_C(0x0C98DFAE), UINT32_C(0x01C5257A), UINT32_C(0x06506435), ++ UINT32_C(0x00916D1A), UINT32_C(0x0D65B633), UINT32_C(0x06BAC13A), ++ UINT32_C(0x013D2F72), UINT32_C(0x0B8C7FD1), UINT32_C(0x0068E619), ++ UINT32_C(0x0C30A25B), UINT32_C(0x016EBDF8), UINT32_C(0x0D8A2E42), ++ UINT32_C(0x01E2AB8D), UINT32_C(0x07855AFB), UINT32_C(0x01F15FBB), ++ UINT32_C(0x01DA4917), UINT32_C(0x074DB277), UINT32_C(0x030BAC3C), ++ UINT32_C(0x01B1B048) }, ++ { UINT32_C(0x00C92FB5), UINT32_C(0x00781A5F), UINT32_C(0x0B53EE11), ++ UINT32_C(0x04366DE3), UINT32_C(0x0D7AFCA1), UINT32_C(0x04C3CAB8), ++ UINT32_C(0x031EB35F), UINT32_C(0x00CDDA16), UINT32_C(0x05DB2AA4), ++ UINT32_C(0x0EEC79C5), UINT32_C(0x0123CDB1), UINT32_C(0x0A41DC06), ++ UINT32_C(0x06880096), UINT32_C(0x069843C8), UINT32_C(0x0CF78DBD), ++ UINT32_C(0x0751C797), UINT32_C(0x0381D873), UINT32_C(0x055DD420), ++ UINT32_C(0x011ED33F) } }, ++ { { UINT32_C(0x0629DD22), UINT32_C(0x0329136A), UINT32_C(0x0F4C3A86), ++ UINT32_C(0x02DF1D68), UINT32_C(0x0629460E), UINT32_C(0x04615D04), ++ UINT32_C(0x06370A73), UINT32_C(0x0FF4CD28), UINT32_C(0x031AD006), ++ UINT32_C(0x08F7AAC2), UINT32_C(0x05792159), UINT32_C(0x0680FF31), ++ UINT32_C(0x04E1BAE8), UINT32_C(0x02E9B2B2), UINT32_C(0x0033BF36), ++ UINT32_C(0x07DA8F9E), UINT32_C(0x0C93AB40), UINT32_C(0x01D743F3), ++ UINT32_C(0x07644D30) }, ++ { UINT32_C(0x075200EB), UINT32_C(0x07C0784F), UINT32_C(0x0BE5A2EF), ++ UINT32_C(0x002C4071), UINT32_C(0x0BB7DD65), UINT32_C(0x004ADBD2), ++ UINT32_C(0x040D6568), UINT32_C(0x0F9A3BB6), UINT32_C(0x003E18E7), ++ UINT32_C(0x0B2FA6B5), UINT32_C(0x04ED429F), UINT32_C(0x06091338), ++ UINT32_C(0x01D161FD), UINT32_C(0x00454AAD), UINT32_C(0x0CAE06AA), ++ UINT32_C(0x04E95021), UINT32_C(0x04523C5D), UINT32_C(0x041594F0), ++ UINT32_C(0x065084CD) } }, ++ { { UINT32_C(0x002145D7), UINT32_C(0x047D8374), UINT32_C(0x0467ABA3), ++ UINT32_C(0x051CC3F5), UINT32_C(0x0483BB69), UINT32_C(0x05CC8B8E), ++ UINT32_C(0x00E452BD), UINT32_C(0x04333A28), UINT32_C(0x04F1A76A), ++ UINT32_C(0x0CC64EC5), UINT32_C(0x05D9332C), UINT32_C(0x0E975BFD), ++ UINT32_C(0x036AEA82), UINT32_C(0x03B66BE1), UINT32_C(0x0C8D0897), ++ UINT32_C(0x00F4E2EA), UINT32_C(0x0E84A7FD), UINT32_C(0x04F8C351), ++ UINT32_C(0x03B65097) }, ++ { UINT32_C(0x0DDB406F), UINT32_C(0x00890ADF), UINT32_C(0x03BBC60E), ++ UINT32_C(0x01C0CA21), UINT32_C(0x0A76C2EF), UINT32_C(0x01695DF8), ++ UINT32_C(0x07073F32), UINT32_C(0x0EED6813), UINT32_C(0x014D6ADC), ++ UINT32_C(0x0AD30E57), UINT32_C(0x0080597C), UINT32_C(0x051E8314), ++ UINT32_C(0x02334D30), UINT32_C(0x01C9AC19), UINT32_C(0x0D628FAA), ++ UINT32_C(0x03467107), UINT32_C(0x027B5A2C), UINT32_C(0x07FE2414), ++ UINT32_C(0x06D835AF) } }, ++ }, ++ { ++ { { UINT32_C(0x0EF34144), UINT32_C(0x030D91DC), UINT32_C(0x05517757), ++ UINT32_C(0x007F4856), UINT32_C(0x07EAF164), UINT32_C(0x058E3931), ++ UINT32_C(0x0713CF7A), UINT32_C(0x0D5B04EB), UINT32_C(0x0416E9E6), ++ UINT32_C(0x02479D66), UINT32_C(0x03230F77), UINT32_C(0x0E9111E0), ++ UINT32_C(0x004A4528), UINT32_C(0x02C7F7D1), UINT32_C(0x02C19F36), ++ UINT32_C(0x0456B2EE), UINT32_C(0x083CA160), UINT32_C(0x04377D25), ++ UINT32_C(0x02CC5D8D) }, ++ { UINT32_C(0x024FDE34), UINT32_C(0x056A1AF8), UINT32_C(0x04A1F978), ++ UINT32_C(0x07F66131), UINT32_C(0x09CCCEFE), UINT32_C(0x056AE73E), ++ UINT32_C(0x0373907A), UINT32_C(0x08E4DFA2), UINT32_C(0x06104B90), ++ UINT32_C(0x0CB65FE3), UINT32_C(0x0157AEF0), UINT32_C(0x0346E5AE), ++ UINT32_C(0x06A8D9D0), UINT32_C(0x034F592B), UINT32_C(0x06A50F43), ++ UINT32_C(0x03B946D2), UINT32_C(0x0B23CFAE), UINT32_C(0x01428E19), ++ UINT32_C(0x01E96239) } }, ++ { { UINT32_C(0x0FF5FDD9), UINT32_C(0x06FD0B27), UINT32_C(0x0E5375B8), ++ UINT32_C(0x02903F56), UINT32_C(0x0A0998F1), UINT32_C(0x04C7F7A7), ++ UINT32_C(0x07B849C2), UINT32_C(0x01F684C1), UINT32_C(0x03D27FA7), ++ UINT32_C(0x0ECDF852), UINT32_C(0x067A0FF9), UINT32_C(0x01170172), ++ UINT32_C(0x06847341), UINT32_C(0x0384EC35), UINT32_C(0x097FA0B1), ++ UINT32_C(0x056D5954), UINT32_C(0x0811FE39), UINT32_C(0x03141A8E), ++ UINT32_C(0x03197AAF) }, ++ { UINT32_C(0x06B64713), UINT32_C(0x01EA477B), UINT32_C(0x0401B800), ++ UINT32_C(0x056A093F), UINT32_C(0x0B18523C), UINT32_C(0x05FBF38B), ++ UINT32_C(0x0000837C), UINT32_C(0x0205CC9C), UINT32_C(0x0211586E), ++ UINT32_C(0x00E95959), UINT32_C(0x011034DB), UINT32_C(0x0705835C), ++ UINT32_C(0x0534A7CA), UINT32_C(0x01BEEAE0), UINT32_C(0x011191B1), ++ UINT32_C(0x06AC6C8E), UINT32_C(0x0F65A0B0), UINT32_C(0x01E452CE), ++ UINT32_C(0x07AA591C) } }, ++ { { UINT32_C(0x04BE78BD), UINT32_C(0x06F41AA4), UINT32_C(0x09895DC2), ++ UINT32_C(0x05E43C02), UINT32_C(0x0F5ED50D), UINT32_C(0x0055BA85), ++ UINT32_C(0x04B88B8C), UINT32_C(0x07C05237), UINT32_C(0x06B089B3), ++ UINT32_C(0x09D41AEF), UINT32_C(0x07A77F2E), UINT32_C(0x0B03794F), ++ UINT32_C(0x0272136B), UINT32_C(0x013E2617), UINT32_C(0x039B53A2), ++ UINT32_C(0x04704526), UINT32_C(0x0958114F), UINT32_C(0x01DF2245), ++ UINT32_C(0x0736ACD3) }, ++ { UINT32_C(0x020FED74), UINT32_C(0x0142B2B5), UINT32_C(0x00BC648B), ++ UINT32_C(0x045D8303), UINT32_C(0x01238CE7), UINT32_C(0x041E6696), ++ UINT32_C(0x07794FE3), UINT32_C(0x02BC0623), UINT32_C(0x04D21409), ++ UINT32_C(0x05FABD03), UINT32_C(0x074FAEA0), UINT32_C(0x08FD5BE6), ++ UINT32_C(0x041F41AC), UINT32_C(0x046062AA), UINT32_C(0x06780730), ++ UINT32_C(0x035F4E6F), UINT32_C(0x016D4890), UINT32_C(0x05B93E77), ++ UINT32_C(0x01E38302) } }, ++ { { UINT32_C(0x0736B7A8), UINT32_C(0x049E4056), UINT32_C(0x01935194), ++ UINT32_C(0x056AFE87), UINT32_C(0x0526EB80), UINT32_C(0x0763756F), ++ UINT32_C(0x0438F678), UINT32_C(0x074903F5), UINT32_C(0x0305EF19), ++ UINT32_C(0x0434448D), UINT32_C(0x05186915), UINT32_C(0x00E55244), ++ UINT32_C(0x017BD6D1), UINT32_C(0x0747C684), UINT32_C(0x0FEE9906), ++ UINT32_C(0x07BEA2FE), UINT32_C(0x04C3FEC5), UINT32_C(0x05EAB892), ++ UINT32_C(0x03E3B341) }, ++ { UINT32_C(0x0DEF19D6), UINT32_C(0x03A56FE1), UINT32_C(0x09F33CC0), ++ UINT32_C(0x03E3A7C9), UINT32_C(0x04712359), UINT32_C(0x02515669), ++ UINT32_C(0x035C962B), UINT32_C(0x08C45240), UINT32_C(0x033CCA10), ++ UINT32_C(0x06965FA2), UINT32_C(0x04F88D82), UINT32_C(0x0FDE595A), ++ UINT32_C(0x0241F5B1), UINT32_C(0x03F203E1), UINT32_C(0x0BB7CDF8), ++ UINT32_C(0x046409AD), UINT32_C(0x08E4A186), UINT32_C(0x01723DD8), ++ UINT32_C(0x02B93AF0) } }, ++ { { UINT32_C(0x0FACC519), UINT32_C(0x027F5A2C), UINT32_C(0x0CA8C450), ++ UINT32_C(0x03EC651F), UINT32_C(0x0B47E880), UINT32_C(0x01B9DB47), ++ UINT32_C(0x06895D1C), UINT32_C(0x0F1857B2), UINT32_C(0x06CC04B3), ++ UINT32_C(0x01C2D89D), UINT32_C(0x04525759), UINT32_C(0x0B6EACB4), ++ UINT32_C(0x07770FC8), UINT32_C(0x04A7FC79), UINT32_C(0x03B56F1C), ++ UINT32_C(0x0248A360), UINT32_C(0x0A73C4C6), UINT32_C(0x04BA5188), ++ UINT32_C(0x0400E477) }, ++ { UINT32_C(0x0AEA3E6E), UINT32_C(0x05DA167B), UINT32_C(0x02C8D4B1), ++ UINT32_C(0x074DB11C), UINT32_C(0x05DB2724), UINT32_C(0x04492C83), ++ UINT32_C(0x00B62A05), UINT32_C(0x03A036B6), UINT32_C(0x07BC9211), ++ UINT32_C(0x05739939), UINT32_C(0x00FD8C64), UINT32_C(0x0E68B0EC), ++ UINT32_C(0x050FC3F3), UINT32_C(0x0446466F), UINT32_C(0x0A598C89), ++ UINT32_C(0x062CB99D), UINT32_C(0x0C97B1FA), UINT32_C(0x077F1F42), ++ UINT32_C(0x051B5A92) } }, ++ { { UINT32_C(0x09C36058), UINT32_C(0x05929A37), UINT32_C(0x079147E4), ++ UINT32_C(0x0546B4E8), UINT32_C(0x0C41B43A), UINT32_C(0x05F16140), ++ UINT32_C(0x0124A189), UINT32_C(0x0D01EFB0), UINT32_C(0x00FCDC74), ++ UINT32_C(0x0D3E796F), UINT32_C(0x0597A54B), UINT32_C(0x097F7DE8), ++ UINT32_C(0x0677C89A), UINT32_C(0x036C6165), UINT32_C(0x0DFFFA33), ++ UINT32_C(0x0782CAAE), UINT32_C(0x07E6FE65), UINT32_C(0x04887038), ++ UINT32_C(0x0636D482) }, ++ { UINT32_C(0x071EFA02), UINT32_C(0x07F91B7E), UINT32_C(0x0950028E), ++ UINT32_C(0x069527C7), UINT32_C(0x09CE6F6C), UINT32_C(0x01FEEAA0), ++ UINT32_C(0x014DED92), UINT32_C(0x0D94B717), UINT32_C(0x014B513D), ++ UINT32_C(0x0A97F421), UINT32_C(0x075448FA), UINT32_C(0x041A5F24), ++ UINT32_C(0x0721201F), UINT32_C(0x0444C83A), UINT32_C(0x07F6AE04), ++ UINT32_C(0x030824B5), UINT32_C(0x0246F2D9), UINT32_C(0x05F21CD9), ++ UINT32_C(0x06817477) } }, ++ { { UINT32_C(0x0DDEF055), UINT32_C(0x01C63F00), UINT32_C(0x0570BDE9), ++ UINT32_C(0x07433A8A), UINT32_C(0x099522A9), UINT32_C(0x051DEDFE), ++ UINT32_C(0x01712838), UINT32_C(0x0C8ECC33), UINT32_C(0x04846773), ++ UINT32_C(0x0D5E2042), UINT32_C(0x017373E7), UINT32_C(0x04742EE4), ++ UINT32_C(0x01053131), UINT32_C(0x01BD8B10), UINT32_C(0x01A5A425), ++ UINT32_C(0x072BB78A), UINT32_C(0x01A26990), UINT32_C(0x02CD45F0), ++ UINT32_C(0x03124D19) }, ++ { UINT32_C(0x01A2F1BD), UINT32_C(0x02C1057A), UINT32_C(0x07B6C2D1), ++ UINT32_C(0x00B79FA6), UINT32_C(0x09B44B1B), UINT32_C(0x0428D7E8), ++ UINT32_C(0x04C94C23), UINT32_C(0x0DFB15C5), UINT32_C(0x02F5DBF7), ++ UINT32_C(0x0BC452A9), UINT32_C(0x044F06AF), UINT32_C(0x06C3295D), ++ UINT32_C(0x0661CB9B), UINT32_C(0x0001E990), UINT32_C(0x022A6D5E), ++ UINT32_C(0x03420E57), UINT32_C(0x0D5E7F7E), UINT32_C(0x0593D853), ++ UINT32_C(0x00938C95) } }, ++ { { UINT32_C(0x0899A80A), UINT32_C(0x063E3726), UINT32_C(0x08972EC5), ++ UINT32_C(0x037C93BE), UINT32_C(0x031E1342), UINT32_C(0x07C51EDF), ++ UINT32_C(0x03702DD4), UINT32_C(0x086F89E1), UINT32_C(0x047EBB47), ++ UINT32_C(0x06A291B7), UINT32_C(0x0685EBFA), UINT32_C(0x0EF566F4), ++ UINT32_C(0x02FC8735), UINT32_C(0x03A7F885), UINT32_C(0x0963A567), ++ UINT32_C(0x02DEC9A4), UINT32_C(0x033285D3), UINT32_C(0x0049779E), ++ UINT32_C(0x05AB7D24) }, ++ { UINT32_C(0x04E67976), UINT32_C(0x03AD342E), UINT32_C(0x006D58B0), ++ UINT32_C(0x0490C968), UINT32_C(0x0428E13C), UINT32_C(0x0183F7B5), ++ UINT32_C(0x0168EF02), UINT32_C(0x031E9F33), UINT32_C(0x079C2D32), ++ UINT32_C(0x0EC6C4B2), UINT32_C(0x06334DE3), UINT32_C(0x04E10D5F), ++ UINT32_C(0x0431C81B), UINT32_C(0x001EE024), UINT32_C(0x01F6A3D0), ++ UINT32_C(0x0009B04D), UINT32_C(0x0A95C815), UINT32_C(0x06C721B5), ++ UINT32_C(0x07DEE1A8) } }, ++ { { UINT32_C(0x0C112CB8), UINT32_C(0x00691E2E), UINT32_C(0x01DBEB00), ++ UINT32_C(0x077CCE8A), UINT32_C(0x03E91FE4), UINT32_C(0x0690BBBF), ++ UINT32_C(0x0577CA8A), UINT32_C(0x00B5C974), UINT32_C(0x029377A0), ++ UINT32_C(0x06FDF488), UINT32_C(0x00872436), UINT32_C(0x0506D32E), ++ UINT32_C(0x055C17BB), UINT32_C(0x03B00666), UINT32_C(0x0D26AAA8), ++ UINT32_C(0x03829C3F), UINT32_C(0x08B67A64), UINT32_C(0x0475D296), ++ UINT32_C(0x027FEFC5) }, ++ { UINT32_C(0x06814D18), UINT32_C(0x01588692), UINT32_C(0x0D4F0EDD), ++ UINT32_C(0x007DFA60), UINT32_C(0x042E603A), UINT32_C(0x00885394), ++ UINT32_C(0x05F797E2), UINT32_C(0x041238B4), UINT32_C(0x052305E5), ++ UINT32_C(0x0D9515E8), UINT32_C(0x05B10FCD), UINT32_C(0x08F6C6F8), ++ UINT32_C(0x043FB734), UINT32_C(0x014BE940), UINT32_C(0x0E882EEE), ++ UINT32_C(0x0077B050), UINT32_C(0x02093150), UINT32_C(0x05A0B712), ++ UINT32_C(0x06E640E8) } }, ++ { { UINT32_C(0x0BE77EA4), UINT32_C(0x03634A86), UINT32_C(0x01F8DFF4), ++ UINT32_C(0x005A0F6B), UINT32_C(0x0D30990A), UINT32_C(0x0712090D), ++ UINT32_C(0x048C153A), UINT32_C(0x029E8CA3), UINT32_C(0x052B7982), ++ UINT32_C(0x01355D1B), UINT32_C(0x00109FDB), UINT32_C(0x029EF3CE), ++ UINT32_C(0x02FA1090), UINT32_C(0x033F025F), UINT32_C(0x03D1969F), ++ UINT32_C(0x052EDB5F), UINT32_C(0x04D2BEF3), UINT32_C(0x06BF5DE5), ++ UINT32_C(0x00C8983F) }, ++ { UINT32_C(0x04B8EB93), UINT32_C(0x0058C176), UINT32_C(0x00A13CB4), ++ UINT32_C(0x053DF577), UINT32_C(0x0156AEB4), UINT32_C(0x005E3851), ++ UINT32_C(0x069CEAE2), UINT32_C(0x0030FF4F), UINT32_C(0x001DA227), ++ UINT32_C(0x05AF81D3), UINT32_C(0x03D80D8D), UINT32_C(0x0A3E8600), ++ UINT32_C(0x03D228FC), UINT32_C(0x0665245C), UINT32_C(0x09E5CE2E), ++ UINT32_C(0x03843A9B), UINT32_C(0x02F2D31B), UINT32_C(0x041832DC), ++ UINT32_C(0x02E66351) } }, ++ { { UINT32_C(0x05730C8D), UINT32_C(0x06092618), UINT32_C(0x079F5AFA), ++ UINT32_C(0x06F3E0CF), UINT32_C(0x092BC672), UINT32_C(0x0276DE36), ++ UINT32_C(0x02D07EDC), UINT32_C(0x0FC6A29F), UINT32_C(0x0486EFA2), ++ UINT32_C(0x0909E264), UINT32_C(0x056F98E8), UINT32_C(0x08A33777), ++ UINT32_C(0x007820C7), UINT32_C(0x07E651CF), UINT32_C(0x0928B418), ++ UINT32_C(0x05EF7EA1), UINT32_C(0x0BE35987), UINT32_C(0x023FE702), ++ UINT32_C(0x04B874D9) }, ++ { UINT32_C(0x001A8D36), UINT32_C(0x03FC40DA), UINT32_C(0x00561AB4), ++ UINT32_C(0x036E4547), UINT32_C(0x0D462FB9), UINT32_C(0x07B2E89D), ++ UINT32_C(0x0616BF2B), UINT32_C(0x02FA3373), UINT32_C(0x067EE578), ++ UINT32_C(0x02B81792), UINT32_C(0x03A32F95), UINT32_C(0x019591EC), ++ UINT32_C(0x047F05AA), UINT32_C(0x058E2F29), UINT32_C(0x04CECEE9), ++ UINT32_C(0x07DF3632), UINT32_C(0x02BFB16E), UINT32_C(0x03AB1AD0), ++ UINT32_C(0x0610FCE9) } }, ++ { { UINT32_C(0x0CE87EAC), UINT32_C(0x00235BF1), UINT32_C(0x0EAE0AF1), ++ UINT32_C(0x03D89DD3), UINT32_C(0x0B789073), UINT32_C(0x01AC0815), ++ UINT32_C(0x055721C2), UINT32_C(0x0B2BAD77), UINT32_C(0x05787CF1), ++ UINT32_C(0x00C70041), UINT32_C(0x00EEE049), UINT32_C(0x0D01B922), ++ UINT32_C(0x022A24F8), UINT32_C(0x0317FAC7), UINT32_C(0x0D5F402C), ++ UINT32_C(0x0439541B), UINT32_C(0x07D56CC2), UINT32_C(0x00EB80BF), ++ UINT32_C(0x00E40AA6) }, ++ { UINT32_C(0x0A01F6F0), UINT32_C(0x020DA18A), UINT32_C(0x073C68C0), ++ UINT32_C(0x05338AFA), UINT32_C(0x0DDC8CB0), UINT32_C(0x001C0CED), ++ UINT32_C(0x07A82BBC), UINT32_C(0x081BF5E1), UINT32_C(0x00B876DD), ++ UINT32_C(0x09864ED3), UINT32_C(0x07F89153), UINT32_C(0x0A066C82), ++ UINT32_C(0x042461BC), UINT32_C(0x07592D13), UINT32_C(0x02DBFA28), ++ UINT32_C(0x0371D64F), UINT32_C(0x0326B139), UINT32_C(0x0545030E), ++ UINT32_C(0x03B02EDD) } }, ++ { { UINT32_C(0x0C8AA41D), UINT32_C(0x02999435), UINT32_C(0x011470BE), ++ UINT32_C(0x02448ABD), UINT32_C(0x0C3A559A), UINT32_C(0x03DE4EDA), ++ UINT32_C(0x0267ACAB), UINT32_C(0x05B64BAF), UINT32_C(0x06167A36), ++ UINT32_C(0x080925DF), UINT32_C(0x0748EB2E), UINT32_C(0x0262E572), ++ UINT32_C(0x06655A71), UINT32_C(0x02DC7E31), UINT32_C(0x009FA448), ++ UINT32_C(0x05991E95), UINT32_C(0x0FA3D04A), UINT32_C(0x0484BE25), ++ UINT32_C(0x0438E396) }, ++ { UINT32_C(0x044C41BB), UINT32_C(0x02EFDFC2), UINT32_C(0x0F459DA9), ++ UINT32_C(0x04A94A2D), UINT32_C(0x03F47C03), UINT32_C(0x07FA71AF), ++ UINT32_C(0x03DC178C), UINT32_C(0x0129963B), UINT32_C(0x021E1FD4), ++ UINT32_C(0x0E7487EB), UINT32_C(0x00C3DDB0), UINT32_C(0x06EE0434), ++ UINT32_C(0x06D2712F), UINT32_C(0x07842656), UINT32_C(0x013F8F26), ++ UINT32_C(0x01F9766F), UINT32_C(0x061BD12C), UINT32_C(0x02B96EB7), ++ UINT32_C(0x01F8FA20) } }, ++ { { UINT32_C(0x0FB80E07), UINT32_C(0x050B08F2), UINT32_C(0x064554C9), ++ UINT32_C(0x078E1F81), UINT32_C(0x09ED8841), UINT32_C(0x0596ADC2), ++ UINT32_C(0x034DF164), UINT32_C(0x020E6E12), UINT32_C(0x018EDA4D), ++ UINT32_C(0x0174E31B), UINT32_C(0x03B107F1), UINT32_C(0x010EC155), ++ UINT32_C(0x07FA899A), UINT32_C(0x0717505D), UINT32_C(0x05819825), ++ UINT32_C(0x0542EC55), UINT32_C(0x038DD6D7), UINT32_C(0x0497E5A0), ++ UINT32_C(0x03081495) }, ++ { UINT32_C(0x064986F4), UINT32_C(0x03BD600B), UINT32_C(0x04B78E0D), ++ UINT32_C(0x0098465F), UINT32_C(0x0E7E78C0), UINT32_C(0x0127CC0E), ++ UINT32_C(0x07A3BC64), UINT32_C(0x001DBF18), UINT32_C(0x06A78B45), ++ UINT32_C(0x0D3A5A6B), UINT32_C(0x0682C6C2), UINT32_C(0x0B8EE95B), ++ UINT32_C(0x066E64B3), UINT32_C(0x04178CB0), UINT32_C(0x0FC2F66E), ++ UINT32_C(0x04EABB3C), UINT32_C(0x084AF2DE), UINT32_C(0x04C297C1), ++ UINT32_C(0x0136B06E) } }, ++ { { UINT32_C(0x07DF6D6E), UINT32_C(0x01F00ED6), UINT32_C(0x02705D3E), ++ UINT32_C(0x038023D6), UINT32_C(0x0A85D53D), UINT32_C(0x01C4664A), ++ UINT32_C(0x0610B36C), UINT32_C(0x02BAE274), UINT32_C(0x03566DBB), ++ UINT32_C(0x0854659C), UINT32_C(0x00F106D4), UINT32_C(0x09D0A630), ++ UINT32_C(0x01B5D98A), UINT32_C(0x01B27CA8), UINT32_C(0x0F254343), ++ UINT32_C(0x075491B9), UINT32_C(0x025D2274), UINT32_C(0x04F17B63), ++ UINT32_C(0x06865DA3) }, ++ { UINT32_C(0x0D4C1CFE), UINT32_C(0x0612B559), UINT32_C(0x0D29CCC2), ++ UINT32_C(0x06835607), UINT32_C(0x0E442A4F), UINT32_C(0x003F2EA3), ++ UINT32_C(0x04DA7E80), UINT32_C(0x079ABF17), UINT32_C(0x062A7A50), ++ UINT32_C(0x0FE31E03), UINT32_C(0x044D195D), UINT32_C(0x01A9DC51), ++ UINT32_C(0x05B8C361), UINT32_C(0x06390D3D), UINT32_C(0x0544BD42), ++ UINT32_C(0x02DB7A09), UINT32_C(0x0367E705), UINT32_C(0x01B34C53), ++ UINT32_C(0x055F8181) } }, ++ { { UINT32_C(0x0F3F00C1), UINT32_C(0x04C36A17), UINT32_C(0x0CB05A60), ++ UINT32_C(0x05742C4B), UINT32_C(0x029DC7BA), UINT32_C(0x00946765), ++ UINT32_C(0x01F6280B), UINT32_C(0x0A250657), UINT32_C(0x057853BE), ++ UINT32_C(0x027C17D4), UINT32_C(0x061E6EE7), UINT32_C(0x068934C0), ++ UINT32_C(0x0225275D), UINT32_C(0x004E706A), UINT32_C(0x08A0E33D), ++ UINT32_C(0x02EFB382), UINT32_C(0x0231B332), UINT32_C(0x045E20A6), ++ UINT32_C(0x076538EE) }, ++ { UINT32_C(0x072461C9), UINT32_C(0x071D932B), UINT32_C(0x099D4C01), ++ UINT32_C(0x0401E666), UINT32_C(0x07DB6FB0), UINT32_C(0x049F43E4), ++ UINT32_C(0x056167EA), UINT32_C(0x0D49C41D), UINT32_C(0x05F10CA9), ++ UINT32_C(0x080EC5BB), UINT32_C(0x05C98C31), UINT32_C(0x01E1F452), ++ UINT32_C(0x07E42338), UINT32_C(0x04049AA9), UINT32_C(0x032E5588), ++ UINT32_C(0x01E28C9C), UINT32_C(0x04BCDC8D), UINT32_C(0x04309C54), ++ UINT32_C(0x02042514) } }, ++ }, ++ { ++ { { UINT32_C(0x02648196), UINT32_C(0x01BF352B), UINT32_C(0x0FCEC15F), ++ UINT32_C(0x02D3A085), UINT32_C(0x011002A5), UINT32_C(0x026E7651), ++ UINT32_C(0x021C2A73), UINT32_C(0x0E3392B7), UINT32_C(0x01A26456), ++ UINT32_C(0x00E05940), UINT32_C(0x05C6D0D8), UINT32_C(0x085D0F62), ++ UINT32_C(0x03B743E5), UINT32_C(0x05B2C76F), UINT32_C(0x0B270AB3), ++ UINT32_C(0x076B0EF8), UINT32_C(0x0E5EF80C), UINT32_C(0x0751E040), ++ UINT32_C(0x0769C73A) }, ++ { UINT32_C(0x0D9BC7BB), UINT32_C(0x01B398D4), UINT32_C(0x094E3D5E), ++ UINT32_C(0x0679261C), UINT32_C(0x0F579BC0), UINT32_C(0x0087234F), ++ UINT32_C(0x01C48CDA), UINT32_C(0x01065BB9), UINT32_C(0x04A8A1F3), ++ UINT32_C(0x097D469B), UINT32_C(0x046FC17A), UINT32_C(0x00CAE969), ++ UINT32_C(0x02E690B5), UINT32_C(0x0187C437), UINT32_C(0x000FCD13), ++ UINT32_C(0x07C0FA30), UINT32_C(0x02F0D63C), UINT32_C(0x0583AE53), ++ UINT32_C(0x036A77FE) } }, ++ { { UINT32_C(0x01DE62A2), UINT32_C(0x03B6F417), UINT32_C(0x08D8470C), ++ UINT32_C(0x041AB290), UINT32_C(0x0D3155E4), UINT32_C(0x043123A7), ++ UINT32_C(0x06EC3DAC), UINT32_C(0x09575F29), UINT32_C(0x05CC8C01), ++ UINT32_C(0x028CF2E0), UINT32_C(0x00BB01F9), UINT32_C(0x01E4C554), ++ UINT32_C(0x07B3F1F5), UINT32_C(0x00E4DC2E), UINT32_C(0x0F6F4AA9), ++ UINT32_C(0x03F7C702), UINT32_C(0x0EC18583), UINT32_C(0x02949031), ++ UINT32_C(0x05C16F04) }, ++ { UINT32_C(0x03BFC242), UINT32_C(0x06AF3468), UINT32_C(0x0509C734), ++ UINT32_C(0x002581C3), UINT32_C(0x0CD6F167), UINT32_C(0x068B6408), ++ UINT32_C(0x07D05F00), UINT32_C(0x0D520CDF), UINT32_C(0x02C463E5), ++ UINT32_C(0x003D2B75), UINT32_C(0x02640D09), UINT32_C(0x0C38D324), ++ UINT32_C(0x016E198B), UINT32_C(0x01BF3B79), UINT32_C(0x08EFB3AE), ++ UINT32_C(0x01B11ADD), UINT32_C(0x0428FEBD), UINT32_C(0x0288A4BC), ++ UINT32_C(0x02ED3D8D) } }, ++ { { UINT32_C(0x0FE3927A), UINT32_C(0x004463DC), UINT32_C(0x0A23634B), ++ UINT32_C(0x02C96252), UINT32_C(0x088ACC38), UINT32_C(0x003687F2), ++ UINT32_C(0x07070A41), UINT32_C(0x0A3D6F58), UINT32_C(0x02ACC6F9), ++ UINT32_C(0x07A117B7), UINT32_C(0x04BF3041), UINT32_C(0x006C3D57), ++ UINT32_C(0x05E2A443), UINT32_C(0x00D534BB), UINT32_C(0x01838CCA), ++ UINT32_C(0x07E9698D), UINT32_C(0x0463E2DC), UINT32_C(0x05A8243F), ++ UINT32_C(0x02BC2618) }, ++ { UINT32_C(0x0EBC6638), UINT32_C(0x04B3F3FB), UINT32_C(0x0A7F699B), ++ UINT32_C(0x070541A8), UINT32_C(0x00275BF7), UINT32_C(0x0335548D), ++ UINT32_C(0x00C681F5), UINT32_C(0x0AE9575E), UINT32_C(0x02032835), ++ UINT32_C(0x027F35BF), UINT32_C(0x00A83998), UINT32_C(0x04869978), ++ UINT32_C(0x04F819CA), UINT32_C(0x075D1DAF), UINT32_C(0x0B79E387), ++ UINT32_C(0x033A57AB), UINT32_C(0x057298F2), UINT32_C(0x0583C4E3), ++ UINT32_C(0x067E752D) } }, ++ { { UINT32_C(0x06B4D0F2), UINT32_C(0x059C637E), UINT32_C(0x0515A54F), ++ UINT32_C(0x01CB93DA), UINT32_C(0x0AF87FEF), UINT32_C(0x07247119), ++ UINT32_C(0x0368E1D8), UINT32_C(0x0287508B), UINT32_C(0x04E3B00B), ++ UINT32_C(0x03EDF00C), UINT32_C(0x0060EB2B), UINT32_C(0x009B64B7), ++ UINT32_C(0x0059A064), UINT32_C(0x02C48CC2), UINT32_C(0x0D938166), ++ UINT32_C(0x039A77EF), UINT32_C(0x04F26973), UINT32_C(0x015B1DA7), ++ UINT32_C(0x048D6DB3) }, ++ { UINT32_C(0x011EBBDB), UINT32_C(0x06BC0045), UINT32_C(0x0275B56E), ++ UINT32_C(0x03B89420), UINT32_C(0x013420FC), UINT32_C(0x076F18E5), ++ UINT32_C(0x00A74F63), UINT32_C(0x0E0F64B7), UINT32_C(0x00503282), ++ UINT32_C(0x094735D1), UINT32_C(0x013CC6D6), UINT32_C(0x0E5C0E1C), ++ UINT32_C(0x015BA8D6), UINT32_C(0x07D45F0A), UINT32_C(0x0A29FE38), ++ UINT32_C(0x0029F319), UINT32_C(0x03AC2D85), UINT32_C(0x027ECAF3), ++ UINT32_C(0x029D9051) } }, ++ { { UINT32_C(0x0EA400A9), UINT32_C(0x0158306B), UINT32_C(0x015222F8), ++ UINT32_C(0x07A029A5), UINT32_C(0x01BD2907), UINT32_C(0x0570C0F6), ++ UINT32_C(0x0751FAE1), UINT32_C(0x07964BF7), UINT32_C(0x009AA3B7), ++ UINT32_C(0x03DF8285), UINT32_C(0x005D2075), UINT32_C(0x0DDBE6E5), ++ UINT32_C(0x04FB407B), UINT32_C(0x05ABE7D8), UINT32_C(0x0C49401A), ++ UINT32_C(0x04BA9696), UINT32_C(0x03CCE450), UINT32_C(0x04636480), ++ UINT32_C(0x03F1ABE9) }, ++ { UINT32_C(0x03EA1F68), UINT32_C(0x0676F7FA), UINT32_C(0x078995D6), ++ UINT32_C(0x01690C80), UINT32_C(0x0DDD1529), UINT32_C(0x007F78C9), ++ UINT32_C(0x0408771E), UINT32_C(0x0513A792), UINT32_C(0x003B85AB), ++ UINT32_C(0x016D7EB5), UINT32_C(0x05E5699C), UINT32_C(0x0BECEE12), ++ UINT32_C(0x00107C5D), UINT32_C(0x00E4EB89), UINT32_C(0x02F4C652), ++ UINT32_C(0x04E39F7A), UINT32_C(0x034AED07), UINT32_C(0x0212550E), ++ UINT32_C(0x0188E07E) } }, ++ { { UINT32_C(0x0FBBA24C), UINT32_C(0x01E20A63), UINT32_C(0x0FA95AAC), ++ UINT32_C(0x01C44416), UINT32_C(0x0F08DC76), UINT32_C(0x043CBDF1), ++ UINT32_C(0x012ABC29), UINT32_C(0x0F6C4233), UINT32_C(0x06107D90), ++ UINT32_C(0x002CBE36), UINT32_C(0x05234963), UINT32_C(0x059E8B8F), ++ UINT32_C(0x06167695), UINT32_C(0x04B21ABA), UINT32_C(0x094ABDA3), ++ UINT32_C(0x01B5AF79), UINT32_C(0x00351EF1), UINT32_C(0x03FE1EFE), ++ UINT32_C(0x03E83BD1) }, ++ { UINT32_C(0x04ADEFE3), UINT32_C(0x028AF72F), UINT32_C(0x09E0C0D6), ++ UINT32_C(0x0104ED8F), UINT32_C(0x0AE0148F), UINT32_C(0x02B05ACD), ++ UINT32_C(0x066B1ED0), UINT32_C(0x0A3C6BFA), UINT32_C(0x032BBFF9), ++ UINT32_C(0x0F66AD88), UINT32_C(0x04A9A376), UINT32_C(0x0AF0D447), ++ UINT32_C(0x047BD087), UINT32_C(0x005F677C), UINT32_C(0x014088B0), ++ UINT32_C(0x00EDD8EE), UINT32_C(0x0598516D), UINT32_C(0x03FE1205), ++ UINT32_C(0x073098DE) } }, ++ { { UINT32_C(0x02841A85), UINT32_C(0x0451A0F7), UINT32_C(0x076BCBFC), ++ UINT32_C(0x027E002B), UINT32_C(0x04ACD1B5), UINT32_C(0x03AADBAC), ++ UINT32_C(0x011F71FA), UINT32_C(0x0E1089CF), UINT32_C(0x058740CA), ++ UINT32_C(0x06DB26BB), UINT32_C(0x02494970), UINT32_C(0x07CCD9E0), ++ UINT32_C(0x05749062), UINT32_C(0x061E24EF), UINT32_C(0x0BA44927), ++ UINT32_C(0x01396A99), UINT32_C(0x0C2129A5), UINT32_C(0x06C4E538), ++ UINT32_C(0x02D308F2) }, ++ { UINT32_C(0x0E7B0D82), UINT32_C(0x0295DE15), UINT32_C(0x059C10B0), ++ UINT32_C(0x0240D76A), UINT32_C(0x0AA33AC3), UINT32_C(0x02D5D368), ++ UINT32_C(0x05DF8706), UINT32_C(0x0A4B7001), UINT32_C(0x031DBF6C), ++ UINT32_C(0x0BC72CD8), UINT32_C(0x046962A7), UINT32_C(0x0D13BB53), ++ UINT32_C(0x039B98C0), UINT32_C(0x05AA84ED), UINT32_C(0x058D2735), ++ UINT32_C(0x0508AB59), UINT32_C(0x085DF0E3), UINT32_C(0x06AA60D9), ++ UINT32_C(0x0192578B) } }, ++ { { UINT32_C(0x052517BF), UINT32_C(0x07C0E587), UINT32_C(0x038A5531), ++ UINT32_C(0x03EE1FF1), UINT32_C(0x062AB6E8), UINT32_C(0x06EF4CCB), ++ UINT32_C(0x00A09F25), UINT32_C(0x0DBE8342), UINT32_C(0x01D7E02F), ++ UINT32_C(0x094C49AE), UINT32_C(0x01445CE4), UINT32_C(0x0F435B7F), ++ UINT32_C(0x07CDF16E), UINT32_C(0x009B8491), UINT32_C(0x0B24E6F7), ++ UINT32_C(0x01648959), UINT32_C(0x00615CA9), UINT32_C(0x014879FC), ++ UINT32_C(0x015CCCCE) }, ++ { UINT32_C(0x0BB6E5C0), UINT32_C(0x072270A8), UINT32_C(0x02BC713E), ++ UINT32_C(0x0194AF0E), UINT32_C(0x0745C682), UINT32_C(0x00066C6F), ++ UINT32_C(0x03D36CF5), UINT32_C(0x0593CBB1), UINT32_C(0x05AE790D), ++ UINT32_C(0x06B1FF53), UINT32_C(0x0620A507), UINT32_C(0x0CB462BF), ++ UINT32_C(0x068C215C), UINT32_C(0x06AB108C), UINT32_C(0x0B7E3900), ++ UINT32_C(0x03D88910), UINT32_C(0x0539E087), UINT32_C(0x04AE3141), ++ UINT32_C(0x035ED7D6) } }, ++ { { UINT32_C(0x0254F3D7), UINT32_C(0x06792204), UINT32_C(0x0230569F), ++ UINT32_C(0x03D3FDA9), UINT32_C(0x0B84DD99), UINT32_C(0x07725C4C), ++ UINT32_C(0x06B0E7C3), UINT32_C(0x0B78D3DF), UINT32_C(0x078AC360), ++ UINT32_C(0x06CAB919), UINT32_C(0x02F4F70A), UINT32_C(0x013A8BD5), ++ UINT32_C(0x021D73E0), UINT32_C(0x044B1B4D), UINT32_C(0x0E88A7D4), ++ UINT32_C(0x05BAA6EC), UINT32_C(0x0526DE60), UINT32_C(0x01D8806A), ++ UINT32_C(0x04244303) }, ++ { UINT32_C(0x0108C612), UINT32_C(0x0395A34F), UINT32_C(0x0339198F), ++ UINT32_C(0x01F179EC), UINT32_C(0x0708D6F3), UINT32_C(0x01DF5235), ++ UINT32_C(0x0232C546), UINT32_C(0x030C41B0), UINT32_C(0x015FE8CF), ++ UINT32_C(0x0F21BBB4), UINT32_C(0x0323FD77), UINT32_C(0x06DD81ED), ++ UINT32_C(0x04136906), UINT32_C(0x054B66A1), UINT32_C(0x0CBBD05A), ++ UINT32_C(0x0336CEE8), UINT32_C(0x0FCF1FFD), UINT32_C(0x041BBD8F), ++ UINT32_C(0x07AB12C9) } }, ++ { { UINT32_C(0x0BBE227D), UINT32_C(0x05858F23), UINT32_C(0x04BF491E), ++ UINT32_C(0x05728183), UINT32_C(0x079C714E), UINT32_C(0x022A1FCF), ++ UINT32_C(0x01EF871B), UINT32_C(0x09EDB7B8), UINT32_C(0x01D525A3), ++ UINT32_C(0x0A87DA27), UINT32_C(0x043F0A4E), UINT32_C(0x09B1CDD1), ++ UINT32_C(0x00B92721), UINT32_C(0x00B6CCD6), UINT32_C(0x0D63DB15), ++ UINT32_C(0x023CE576), UINT32_C(0x0C4080E4), UINT32_C(0x033F2061), ++ UINT32_C(0x031AA1D9) }, ++ { UINT32_C(0x07EC3A20), UINT32_C(0x01C69A3A), UINT32_C(0x001C25C7), ++ UINT32_C(0x0210B9C8), UINT32_C(0x08BDFFA8), UINT32_C(0x02E8214B), ++ UINT32_C(0x017C3E9B), UINT32_C(0x084D91D9), UINT32_C(0x038B3D24), ++ UINT32_C(0x0EC9081E), UINT32_C(0x026E58E8), UINT32_C(0x032908AE), ++ UINT32_C(0x02B2F37D), UINT32_C(0x058B11CB), UINT32_C(0x07538C24), ++ UINT32_C(0x06945091), UINT32_C(0x0F538568), UINT32_C(0x064897F5), ++ UINT32_C(0x03110AAF) } }, ++ { { UINT32_C(0x093E7BB1), UINT32_C(0x026B09F0), UINT32_C(0x0763D63D), ++ UINT32_C(0x01CAD134), UINT32_C(0x053290E7), UINT32_C(0x03190F55), ++ UINT32_C(0x05929346), UINT32_C(0x090E1278), UINT32_C(0x01D360D4), ++ UINT32_C(0x0AE8B6AE), UINT32_C(0x036A79E4), UINT32_C(0x08B891A0), ++ UINT32_C(0x0448F896), UINT32_C(0x02316FA4), UINT32_C(0x0B3F9158), ++ UINT32_C(0x045DAD8C), UINT32_C(0x073BD91F), UINT32_C(0x0407FC71), ++ UINT32_C(0x0403F724) }, ++ { UINT32_C(0x0C0213B3), UINT32_C(0x04667E35), UINT32_C(0x0E2CEB9C), ++ UINT32_C(0x064EC72A), UINT32_C(0x0A339F01), UINT32_C(0x01E44700), ++ UINT32_C(0x029951E3), UINT32_C(0x0F9E1903), UINT32_C(0x0760075A), ++ UINT32_C(0x0B3FB167), UINT32_C(0x015349C6), UINT32_C(0x04915326), ++ UINT32_C(0x06972404), UINT32_C(0x03D0B541), UINT32_C(0x0FFB253E), ++ UINT32_C(0x0670C067), UINT32_C(0x017EDCC3), UINT32_C(0x06348A30), ++ UINT32_C(0x0755DC54) } }, ++ { { UINT32_C(0x0D72BA02), UINT32_C(0x07FF1EEA), UINT32_C(0x0066BDAD), ++ UINT32_C(0x039D956A), UINT32_C(0x04E892D7), UINT32_C(0x052419F2), ++ UINT32_C(0x034B725A), UINT32_C(0x095A35DA), UINT32_C(0x05559103), ++ UINT32_C(0x018A8F9F), UINT32_C(0x04FC3975), UINT32_C(0x0D1740D2), ++ UINT32_C(0x0375B900), UINT32_C(0x0761403F), UINT32_C(0x0B953A5F), ++ UINT32_C(0x04F2FF71), UINT32_C(0x0E1B0B58), UINT32_C(0x07D8573F), ++ UINT32_C(0x053E8C3E) }, ++ { UINT32_C(0x055A3B73), UINT32_C(0x04EBD845), UINT32_C(0x0D3A5D27), ++ UINT32_C(0x03216043), UINT32_C(0x0A2D5A11), UINT32_C(0x03D32430), ++ UINT32_C(0x063F87FD), UINT32_C(0x0DBF84E0), UINT32_C(0x04C9934A), ++ UINT32_C(0x08BE9480), UINT32_C(0x02F6DE30), UINT32_C(0x052DB294), ++ UINT32_C(0x03230313), UINT32_C(0x04592516), UINT32_C(0x0B992B10), ++ UINT32_C(0x03125EE2), UINT32_C(0x0445BCF9), UINT32_C(0x07349143), ++ UINT32_C(0x05A112C7) } }, ++ { { UINT32_C(0x0EA0B318), UINT32_C(0x03F1B159), UINT32_C(0x0487E52E), ++ UINT32_C(0x05D27B9C), UINT32_C(0x0EBAD615), UINT32_C(0x0459C5D9), ++ UINT32_C(0x073079D5), UINT32_C(0x078FD2D4), UINT32_C(0x006B7643), ++ UINT32_C(0x0A73DC2C), UINT32_C(0x041938CF), UINT32_C(0x098897E0), ++ UINT32_C(0x07660928), UINT32_C(0x058BF110), UINT32_C(0x0696BC61), ++ UINT32_C(0x07DE18FC), UINT32_C(0x0B815951), UINT32_C(0x04662BC8), ++ UINT32_C(0x054FF046) }, ++ { UINT32_C(0x052466CC), UINT32_C(0x02C9E253), UINT32_C(0x07D1C495), ++ UINT32_C(0x024A0473), UINT32_C(0x0E5AEABA), UINT32_C(0x06DFF20F), ++ UINT32_C(0x03CCEFD9), UINT32_C(0x0F806D4B), UINT32_C(0x0192D911), ++ UINT32_C(0x06A7E064), UINT32_C(0x0136BD6C), UINT32_C(0x03CF3E59), ++ UINT32_C(0x036C910C), UINT32_C(0x02852F51), UINT32_C(0x0D2261F6), ++ UINT32_C(0x07B11789), UINT32_C(0x05D5440C), UINT32_C(0x068EB2BF), ++ UINT32_C(0x07C9D3D2) } }, ++ { { UINT32_C(0x03F78C83), UINT32_C(0x026282EB), UINT32_C(0x0E7E58C8), ++ UINT32_C(0x01460384), UINT32_C(0x07F8288C), UINT32_C(0x004DDB38), ++ UINT32_C(0x068A22C1), UINT32_C(0x03B4E4B7), UINT32_C(0x046EC7F7), ++ UINT32_C(0x0F499BF8), UINT32_C(0x00E98F9D), UINT32_C(0x0201835A), ++ UINT32_C(0x06CDC18D), UINT32_C(0x054E87E0), UINT32_C(0x09E1190B), ++ UINT32_C(0x07C8570C), UINT32_C(0x0EE788C0), UINT32_C(0x003B8466), ++ UINT32_C(0x0513D8F7) }, ++ { UINT32_C(0x082AE76F), UINT32_C(0x0467154F), UINT32_C(0x090D360C), ++ UINT32_C(0x04725E35), UINT32_C(0x077F0A4A), UINT32_C(0x01658344), ++ UINT32_C(0x07BFD41E), UINT32_C(0x0816DFE5), UINT32_C(0x01A64B33), ++ UINT32_C(0x07DEC344), UINT32_C(0x0404AABD), UINT32_C(0x0DD22DB3), ++ UINT32_C(0x0372E5A1), UINT32_C(0x01DD7525), UINT32_C(0x01C8CACD), ++ UINT32_C(0x06A4B923), UINT32_C(0x0CD78815), UINT32_C(0x03B62E43), ++ UINT32_C(0x0182DCE0) } }, ++ { { UINT32_C(0x04B1FB35), UINT32_C(0x0061A026), UINT32_C(0x099D37D7), ++ UINT32_C(0x046459E6), UINT32_C(0x0E8A57EF), UINT32_C(0x001BD06E), ++ UINT32_C(0x04A92B84), UINT32_C(0x06098C4C), UINT32_C(0x0358B593), ++ UINT32_C(0x0D4DFE1C), UINT32_C(0x063599D3), UINT32_C(0x02DD18DC), ++ UINT32_C(0x03007901), UINT32_C(0x01E9DD8D), UINT32_C(0x0400CC35), ++ UINT32_C(0x0778E5F5), UINT32_C(0x05D5B6A3), UINT32_C(0x02FD411C), ++ UINT32_C(0x02B425A2) }, ++ { UINT32_C(0x03812C10), UINT32_C(0x03B78EFC), UINT32_C(0x09532CE4), ++ UINT32_C(0x04F7D4A9), UINT32_C(0x0F7C04C8), UINT32_C(0x0683AE68), ++ UINT32_C(0x011B6140), UINT32_C(0x0156737D), UINT32_C(0x035A4EB9), ++ UINT32_C(0x0A0B7443), UINT32_C(0x064319EB), UINT32_C(0x0B315217), ++ UINT32_C(0x049C0FB2), UINT32_C(0x004E46BC), UINT32_C(0x0318D072), ++ UINT32_C(0x052D3EA9), UINT32_C(0x06A15FA8), UINT32_C(0x02E0D5AB), ++ UINT32_C(0x008DD356) } }, ++ { { UINT32_C(0x0D00894F), UINT32_C(0x0415F67D), UINT32_C(0x0C243D11), ++ UINT32_C(0x02B8C573), UINT32_C(0x05C886B6), UINT32_C(0x073E2A37), ++ UINT32_C(0x01B4E4FA), UINT32_C(0x09A09251), UINT32_C(0x020282E5), ++ UINT32_C(0x0BCA7D2D), UINT32_C(0x066FF292), UINT32_C(0x09926C99), ++ UINT32_C(0x03617A48), UINT32_C(0x01530215), UINT32_C(0x063E7DBA), ++ UINT32_C(0x078B1DFB), UINT32_C(0x0C3844B7), UINT32_C(0x03201272), ++ UINT32_C(0x0778B4FA) }, ++ { UINT32_C(0x09305F18), UINT32_C(0x04DACE51), UINT32_C(0x0D07FE4D), ++ UINT32_C(0x04990FE7), UINT32_C(0x07120719), UINT32_C(0x07AE031B), ++ UINT32_C(0x003430FE), UINT32_C(0x00C1FBD4), UINT32_C(0x036A0A51), ++ UINT32_C(0x0A6A12BB), UINT32_C(0x072B00FE), UINT32_C(0x0F112F16), ++ UINT32_C(0x002D898C), UINT32_C(0x00D7F3F0), UINT32_C(0x02CCB574), ++ UINT32_C(0x076345FF), UINT32_C(0x02C9358F), UINT32_C(0x017BCB4B), ++ UINT32_C(0x0579734A) } }, ++ }, ++ { ++ { { UINT32_C(0x0F0DB502), UINT32_C(0x007283D0), UINT32_C(0x08EF623D), ++ UINT32_C(0x03EA8C5E), UINT32_C(0x0A209E1F), UINT32_C(0x03A40740), ++ UINT32_C(0x02F81888), UINT32_C(0x0722A969), UINT32_C(0x03DCF02A), ++ UINT32_C(0x0B8BF42D), UINT32_C(0x046BF6EC), UINT32_C(0x04E7DE79), ++ UINT32_C(0x032FE5DF), UINT32_C(0x01C17AC3), UINT32_C(0x088F43CD), ++ UINT32_C(0x06D316FF), UINT32_C(0x00B6FB94), UINT32_C(0x03A7A692), ++ UINT32_C(0x03E132AC) }, ++ { UINT32_C(0x045CE248), UINT32_C(0x0462F43F), UINT32_C(0x09F103B7), ++ UINT32_C(0x03CE6503), UINT32_C(0x02C55CD7), UINT32_C(0x01FAC8B9), ++ UINT32_C(0x07F7D41F), UINT32_C(0x049B3922), UINT32_C(0x0538164A), ++ UINT32_C(0x0C32168B), UINT32_C(0x021D15D5), UINT32_C(0x0FBE7AB4), ++ UINT32_C(0x049ABD36), UINT32_C(0x06689278), UINT32_C(0x090906E0), ++ UINT32_C(0x02853127), UINT32_C(0x032C40D9), UINT32_C(0x0284E722), ++ UINT32_C(0x05B9DA3D) } }, ++ { { UINT32_C(0x08B06389), UINT32_C(0x039D7B29), UINT32_C(0x026E0D8E), ++ UINT32_C(0x038E31F2), UINT32_C(0x0F482001), UINT32_C(0x046C5627), ++ UINT32_C(0x0153F461), UINT32_C(0x0FC4C626), UINT32_C(0x035A22C9), ++ UINT32_C(0x0CB5BCED), UINT32_C(0x032AE85F), UINT32_C(0x097105A2), ++ UINT32_C(0x0661090D), UINT32_C(0x02190C38), UINT32_C(0x05F88BB1), ++ UINT32_C(0x020AFD4B), UINT32_C(0x07693E86), UINT32_C(0x036234B0), ++ UINT32_C(0x0201EE7C) }, ++ { UINT32_C(0x05177EBC), UINT32_C(0x07334497), UINT32_C(0x021FB6DB), ++ UINT32_C(0x00E242A1), UINT32_C(0x06ACC48D), UINT32_C(0x0617860E), ++ UINT32_C(0x04002467), UINT32_C(0x006684B4), UINT32_C(0x005E7367), ++ UINT32_C(0x02210321), UINT32_C(0x06AE2E12), UINT32_C(0x0A170483), ++ UINT32_C(0x06811FED), UINT32_C(0x02AF7598), UINT32_C(0x099B28F0), ++ UINT32_C(0x04B2EAC3), UINT32_C(0x03144E87), UINT32_C(0x052C741C), ++ UINT32_C(0x00219EE8) } }, ++ { { UINT32_C(0x00581DC0), UINT32_C(0x076911B9), UINT32_C(0x03F907DF), ++ UINT32_C(0x00FD8CCC), UINT32_C(0x0BD0DFDF), UINT32_C(0x0388BBE8), ++ UINT32_C(0x0549C09A), UINT32_C(0x0387AC55), UINT32_C(0x07AF40E6), ++ UINT32_C(0x0981B7A5), UINT32_C(0x05ADE4BE), UINT32_C(0x052D5C55), ++ UINT32_C(0x076A04D2), UINT32_C(0x032751B9), UINT32_C(0x0BCE279F), ++ UINT32_C(0x034D2A39), UINT32_C(0x0AEDCDAE), UINT32_C(0x00365DC7), ++ UINT32_C(0x03453CBF) }, ++ { UINT32_C(0x0FAB453E), UINT32_C(0x011CF084), UINT32_C(0x09E21C47), ++ UINT32_C(0x06CF3197), UINT32_C(0x00831296), UINT32_C(0x057F4CE5), ++ UINT32_C(0x020F8EE8), UINT32_C(0x05B31872), UINT32_C(0x0779598D), ++ UINT32_C(0x07C7AC32), UINT32_C(0x05B64DC4), UINT32_C(0x0E058DB2), ++ UINT32_C(0x060142F5), UINT32_C(0x0757FAC8), UINT32_C(0x0320EFE8), ++ UINT32_C(0x03D158EA), UINT32_C(0x025240D2), UINT32_C(0x0116989D), ++ UINT32_C(0x04BFB887) } }, ++ { { UINT32_C(0x0DB8A57B), UINT32_C(0x0056DCD3), UINT32_C(0x0355B904), ++ UINT32_C(0x03D5725A), UINT32_C(0x007C7371), UINT32_C(0x00CF4193), ++ UINT32_C(0x020AD78C), UINT32_C(0x0305EFAF), UINT32_C(0x03715E8F), ++ UINT32_C(0x04E06800), UINT32_C(0x0464FE0B), UINT32_C(0x041671C5), ++ UINT32_C(0x07289FAC), UINT32_C(0x045EC338), UINT32_C(0x049BEE4D), ++ UINT32_C(0x06F62A0E), UINT32_C(0x04025E36), UINT32_C(0x05D25CE9), ++ UINT32_C(0x07C568B5) }, ++ { UINT32_C(0x0D4BD6B6), UINT32_C(0x00933993), UINT32_C(0x0B7EEBBA), ++ UINT32_C(0x0281309E), UINT32_C(0x065E8268), UINT32_C(0x035579CF), ++ UINT32_C(0x05550C9A), UINT32_C(0x0D7980B4), UINT32_C(0x0531F076), ++ UINT32_C(0x0CD2F37E), UINT32_C(0x03059FC3), UINT32_C(0x00281179), ++ UINT32_C(0x019AAC99), UINT32_C(0x017555A7), UINT32_C(0x0FF849A4), ++ UINT32_C(0x04EE5361), UINT32_C(0x08C87DDE), UINT32_C(0x004920CB), ++ UINT32_C(0x0472AE6B) } }, ++ { { UINT32_C(0x05AD0B4E), UINT32_C(0x0000D01D), UINT32_C(0x0A1C822E), ++ UINT32_C(0x004A7A0A), UINT32_C(0x0AA08F1E), UINT32_C(0x05917BCC), ++ UINT32_C(0x073D4A38), UINT32_C(0x06389FF3), UINT32_C(0x047A94F0), ++ UINT32_C(0x06710D9B), UINT32_C(0x0752964E), UINT32_C(0x030EF732), ++ UINT32_C(0x01AE9023), UINT32_C(0x0752E2B4), UINT32_C(0x0343C25C), ++ UINT32_C(0x04C0A3C3), UINT32_C(0x0B4EFABB), UINT32_C(0x079ACB07), ++ UINT32_C(0x05BEE507) }, ++ { UINT32_C(0x03494AD9), UINT32_C(0x05EA99AF), UINT32_C(0x0389480B), ++ UINT32_C(0x05160DCE), UINT32_C(0x010C3CBB), UINT32_C(0x04B92C2A), ++ UINT32_C(0x05F2D771), UINT32_C(0x0A57A2FD), UINT32_C(0x007C232D), ++ UINT32_C(0x0ECF6652), UINT32_C(0x06762C3E), UINT32_C(0x0531B5E7), ++ UINT32_C(0x03E82FC8), UINT32_C(0x01820A9D), UINT32_C(0x010298C1), ++ UINT32_C(0x040BB915), UINT32_C(0x06C4DE5F), UINT32_C(0x00F95873), ++ UINT32_C(0x00D564BB) } }, ++ { { UINT32_C(0x06647B76), UINT32_C(0x05951386), UINT32_C(0x01C3CEEE), ++ UINT32_C(0x05B4A2A9), UINT32_C(0x00C0D10D), UINT32_C(0x07198ABC), ++ UINT32_C(0x0344EBA4), UINT32_C(0x01102AAD), UINT32_C(0x00A6BD8E), ++ UINT32_C(0x041FD3B9), UINT32_C(0x072FD40E), UINT32_C(0x04DF271A), ++ UINT32_C(0x07951CEE), UINT32_C(0x0434A805), UINT32_C(0x03CBC676), ++ UINT32_C(0x07E6DD9D), UINT32_C(0x037A89AF), UINT32_C(0x01076ABD), ++ UINT32_C(0x00509445) }, ++ { UINT32_C(0x0D8A2C33), UINT32_C(0x05E083E6), UINT32_C(0x05C0317D), ++ UINT32_C(0x0602A2EA), UINT32_C(0x00A16254), UINT32_C(0x065050EB), ++ UINT32_C(0x014C68D6), UINT32_C(0x0EA8DF00), UINT32_C(0x002096BA), ++ UINT32_C(0x00D2E7B4), UINT32_C(0x03580F1C), UINT32_C(0x0237FA0E), ++ UINT32_C(0x01C7F56A), UINT32_C(0x054A6A4F), UINT32_C(0x03E879F4), ++ UINT32_C(0x008B47F5), UINT32_C(0x0EDF35FC), UINT32_C(0x01F3F7F0), ++ UINT32_C(0x03E78806) } }, ++ { { UINT32_C(0x038F6A40), UINT32_C(0x05B8DCB9), UINT32_C(0x07D27CDC), ++ UINT32_C(0x03392DA1), UINT32_C(0x066611C2), UINT32_C(0x066344AA), ++ UINT32_C(0x05F431C8), UINT32_C(0x07255E87), UINT32_C(0x0135642A), ++ UINT32_C(0x051CFCBA), UINT32_C(0x045D25F5), UINT32_C(0x08BB7E3A), ++ UINT32_C(0x022605AB), UINT32_C(0x00C874AA), UINT32_C(0x0195652F), ++ UINT32_C(0x00E16A23), UINT32_C(0x0D18A297), UINT32_C(0x024B6188), ++ UINT32_C(0x025A9403) }, ++ { UINT32_C(0x04F1EAD3), UINT32_C(0x03669651), UINT32_C(0x0E87093B), ++ UINT32_C(0x05F1CF35), UINT32_C(0x019B74E6), UINT32_C(0x0177BF8B), ++ UINT32_C(0x036B76B9), UINT32_C(0x0B817B29), UINT32_C(0x009C77FA), ++ UINT32_C(0x0202860C), UINT32_C(0x01D1AB54), UINT32_C(0x0B180712), ++ UINT32_C(0x06B274AA), UINT32_C(0x0121DBED), UINT32_C(0x0AEA446B), ++ UINT32_C(0x044661E9), UINT32_C(0x0C3EE1D4), UINT32_C(0x045027EE), ++ UINT32_C(0x014C275F) } }, ++ { { UINT32_C(0x004023FD), UINT32_C(0x01669241), UINT32_C(0x0693C19B), ++ UINT32_C(0x0058FB3D), UINT32_C(0x0756B182), UINT32_C(0x075D0BEC), ++ UINT32_C(0x07A393EF), UINT32_C(0x0B75B610), UINT32_C(0x07D0B5FD), ++ UINT32_C(0x060DEE19), UINT32_C(0x02373BD5), UINT32_C(0x0A1D84BA), ++ UINT32_C(0x07E8F3AA), UINT32_C(0x01D80791), UINT32_C(0x09D535D0), ++ UINT32_C(0x01AB79C2), UINT32_C(0x0D7911BC), UINT32_C(0x03496555), ++ UINT32_C(0x0370FC52) }, ++ { UINT32_C(0x0CA626DD), UINT32_C(0x018A8079), UINT32_C(0x02E35F36), ++ UINT32_C(0x00EF1C67), UINT32_C(0x0942648A), UINT32_C(0x05578B93), ++ UINT32_C(0x07DDB397), UINT32_C(0x095E9BED), UINT32_C(0x07DEB648), ++ UINT32_C(0x020D82EB), UINT32_C(0x02384172), UINT32_C(0x0988C739), ++ UINT32_C(0x035C1ACA), UINT32_C(0x053C61ED), UINT32_C(0x036A12D0), ++ UINT32_C(0x070600B9), UINT32_C(0x05505FED), UINT32_C(0x04D77717), ++ UINT32_C(0x04E32DD7) } }, ++ { { UINT32_C(0x0F32AB3F), UINT32_C(0x03271637), UINT32_C(0x01E6E3C1), ++ UINT32_C(0x04B433DF), UINT32_C(0x0313D761), UINT32_C(0x01F05C43), ++ UINT32_C(0x01B6E232), UINT32_C(0x0B782E36), UINT32_C(0x0142A283), ++ UINT32_C(0x06A37377), UINT32_C(0x063B9255), UINT32_C(0x05FF47C8), ++ UINT32_C(0x02270CEE), UINT32_C(0x04B3AC67), UINT32_C(0x07D72B62), ++ UINT32_C(0x006133F9), UINT32_C(0x0BFDFB85), UINT32_C(0x04FE3C0B), ++ UINT32_C(0x0406E239) }, ++ { UINT32_C(0x0737D38E), UINT32_C(0x07FBCD12), UINT32_C(0x00F51FBD), ++ UINT32_C(0x02A182A2), UINT32_C(0x062DA827), UINT32_C(0x01D9AB6A), ++ UINT32_C(0x0539AEBA), UINT32_C(0x0AB608B0), UINT32_C(0x0226B3BB), ++ UINT32_C(0x0ED7323F), UINT32_C(0x04ADDB11), UINT32_C(0x05B1E5DF), ++ UINT32_C(0x013ECB65), UINT32_C(0x0282983F), UINT32_C(0x02BDD0BD), ++ UINT32_C(0x07F0D675), UINT32_C(0x0C80C17E), UINT32_C(0x06B40353), ++ UINT32_C(0x01D570D9) } }, ++ { { UINT32_C(0x0D4D4113), UINT32_C(0x0371ACBF), UINT32_C(0x076D0600), ++ UINT32_C(0x06867748), UINT32_C(0x0267DC5C), UINT32_C(0x04199EE8), ++ UINT32_C(0x015FF11F), UINT32_C(0x01DBB00A), UINT32_C(0x03C8E489), ++ UINT32_C(0x0218373A), UINT32_C(0x00180AE9), UINT32_C(0x0A2CAFBC), ++ UINT32_C(0x016437D1), UINT32_C(0x058A25D0), UINT32_C(0x0AB57613), ++ UINT32_C(0x07DF8B7E), UINT32_C(0x0985AF6A), UINT32_C(0x04CCAE37), ++ UINT32_C(0x0300D01F) }, ++ { UINT32_C(0x092A3113), UINT32_C(0x05B20515), UINT32_C(0x0F0E530A), ++ UINT32_C(0x0605CBBF), UINT32_C(0x05FD19B3), UINT32_C(0x01593B38), ++ UINT32_C(0x003D988A), UINT32_C(0x03D76657), UINT32_C(0x017E79DC), ++ UINT32_C(0x02EC918C), UINT32_C(0x069A3B0F), UINT32_C(0x06FB78CA), ++ UINT32_C(0x07B0B30F), UINT32_C(0x0224A884), UINT32_C(0x0FF6CD50), ++ UINT32_C(0x07D9D639), UINT32_C(0x0D753C54), UINT32_C(0x04ED3D38), ++ UINT32_C(0x01E9C727) } }, ++ { { UINT32_C(0x0201CD59), UINT32_C(0x01D5BE35), UINT32_C(0x0B2E0772), ++ UINT32_C(0x04E8E2C3), UINT32_C(0x06C76E20), UINT32_C(0x01464A0E), ++ UINT32_C(0x056C1CE9), UINT32_C(0x04E3B528), UINT32_C(0x037AAFAB), ++ UINT32_C(0x06CE134F), UINT32_C(0x06158AF6), UINT32_C(0x02AF338B), ++ UINT32_C(0x025085B6), UINT32_C(0x07AABBFC), UINT32_C(0x0670F3BE), ++ UINT32_C(0x0108503F), UINT32_C(0x0DC85D51), UINT32_C(0x07F4439A), ++ UINT32_C(0x046E6FC9) }, ++ { UINT32_C(0x08FFB263), UINT32_C(0x01FF6045), UINT32_C(0x0C4E1676), ++ UINT32_C(0x038E4F62), UINT32_C(0x06DD24CD), UINT32_C(0x0142D912), ++ UINT32_C(0x015AAC36), UINT32_C(0x0DF58E09), UINT32_C(0x038F3D3B), ++ UINT32_C(0x014D0412), UINT32_C(0x0123F0AF), UINT32_C(0x0021ED27), ++ UINT32_C(0x0004843B), UINT32_C(0x05BF4326), UINT32_C(0x05A672B0), ++ UINT32_C(0x02B6453D), UINT32_C(0x0C7F1450), UINT32_C(0x04A895A4), ++ UINT32_C(0x061C3DF9) } }, ++ { { UINT32_C(0x0E593E49), UINT32_C(0x07ABFF21), UINT32_C(0x076E69C7), ++ UINT32_C(0x05C81656), UINT32_C(0x0858D39E), UINT32_C(0x041FC1FA), ++ UINT32_C(0x03599A84), UINT32_C(0x0ECF483C), UINT32_C(0x0190C4E8), ++ UINT32_C(0x08EA24D2), UINT32_C(0x03536BE7), UINT32_C(0x0E3746C4), ++ UINT32_C(0x0632F6BA), UINT32_C(0x05CFBDCC), UINT32_C(0x060097CB), ++ UINT32_C(0x04B0546F), UINT32_C(0x0AB5C45F), UINT32_C(0x04F8975E), ++ UINT32_C(0x04C5D61F) }, ++ { UINT32_C(0x062B46F6), UINT32_C(0x07516E20), UINT32_C(0x0C1F955C), ++ UINT32_C(0x001F66A2), UINT32_C(0x0ED0D917), UINT32_C(0x0406AF99), ++ UINT32_C(0x069CF83E), UINT32_C(0x0D4D8A00), UINT32_C(0x03D763C5), ++ UINT32_C(0x0E1FD9A7), UINT32_C(0x0056211F), UINT32_C(0x07531A2F), ++ UINT32_C(0x00973B69), UINT32_C(0x021DCD32), UINT32_C(0x09D0AC99), ++ UINT32_C(0x0549BFEA), UINT32_C(0x0305E319), UINT32_C(0x01342656), ++ UINT32_C(0x001B80FB) } }, ++ { { UINT32_C(0x031FFCBB), UINT32_C(0x06BC2475), UINT32_C(0x090EA8B2), ++ UINT32_C(0x0716EDFB), UINT32_C(0x0418E2AE), UINT32_C(0x0381C978), ++ UINT32_C(0x05591029), UINT32_C(0x09BD26C6), UINT32_C(0x0460D4D5), ++ UINT32_C(0x07DAA20D), UINT32_C(0x01560E68), UINT32_C(0x04AAAB23), ++ UINT32_C(0x01EA985C), UINT32_C(0x0631896F), UINT32_C(0x0FD13830), ++ UINT32_C(0x0416257F), UINT32_C(0x069B78E7), UINT32_C(0x0016004F), ++ UINT32_C(0x07B5E05F) }, ++ { UINT32_C(0x0749B010), UINT32_C(0x0716A42F), UINT32_C(0x0DEDE224), ++ UINT32_C(0x06E403DB), UINT32_C(0x01FC6739), UINT32_C(0x07F5928B), ++ UINT32_C(0x04FF09AE), UINT32_C(0x096D2235), UINT32_C(0x032412BF), ++ UINT32_C(0x0635ABB1), UINT32_C(0x0480F063), UINT32_C(0x0BA557CC), ++ UINT32_C(0x05C0FEF3), UINT32_C(0x01C7CB5C), UINT32_C(0x09482C2A), ++ UINT32_C(0x003CF65B), UINT32_C(0x0F39C07C), UINT32_C(0x00902580), ++ UINT32_C(0x053F7D95) } }, ++ { { UINT32_C(0x00C6A752), UINT32_C(0x0600187B), UINT32_C(0x031FD29E), ++ UINT32_C(0x07202D01), UINT32_C(0x08706FD9), UINT32_C(0x003A8DA7), ++ UINT32_C(0x02BC4807), UINT32_C(0x0108B8E2), UINT32_C(0x03DCB4C3), ++ UINT32_C(0x00E5D109), UINT32_C(0x0133EBE8), UINT32_C(0x0DBC9FDB), ++ UINT32_C(0x037A84B4), UINT32_C(0x000D902A), UINT32_C(0x0B159D44), ++ UINT32_C(0x0385B949), UINT32_C(0x0BB24FD6), UINT32_C(0x05FFC44B), ++ UINT32_C(0x0402B0EA) }, ++ { UINT32_C(0x0AFA8C2B), UINT32_C(0x03A224AC), UINT32_C(0x08FD7C67), ++ UINT32_C(0x072E1371), UINT32_C(0x01FA5FB1), UINT32_C(0x060D59B5), ++ UINT32_C(0x004D1058), UINT32_C(0x0193E727), UINT32_C(0x0093B083), ++ UINT32_C(0x0ABA0999), UINT32_C(0x07F25ECC), UINT32_C(0x0E8D4648), ++ UINT32_C(0x045B908B), UINT32_C(0x02C916E0), UINT32_C(0x052F14F8), ++ UINT32_C(0x00430404), UINT32_C(0x0B8E9A2B), UINT32_C(0x00F4BF45), ++ UINT32_C(0x03F0A1D1) } }, ++ { { UINT32_C(0x0CEE5802), UINT32_C(0x00880798), UINT32_C(0x01C63FFC), ++ UINT32_C(0x071B8526), UINT32_C(0x0C1068FB), UINT32_C(0x052F9DB3), ++ UINT32_C(0x01DDC849), UINT32_C(0x0E84AF14), UINT32_C(0x06CD446D), ++ UINT32_C(0x0A9F92C6), UINT32_C(0x01676037), UINT32_C(0x02A0264C), ++ UINT32_C(0x0467C53C), UINT32_C(0x051C4EE1), UINT32_C(0x01F47FF0), ++ UINT32_C(0x022246B4), UINT32_C(0x07D42402), UINT32_C(0x0287119F), ++ UINT32_C(0x04434D4E) }, ++ { UINT32_C(0x018DA0C0), UINT32_C(0x042E86EE), UINT32_C(0x08509770), ++ UINT32_C(0x04EDAEB9), UINT32_C(0x0A4009B5), UINT32_C(0x0335CB55), ++ UINT32_C(0x064D21EC), UINT32_C(0x0647F463), UINT32_C(0x07A167F4), ++ UINT32_C(0x023FB0E4), UINT32_C(0x062A970D), UINT32_C(0x00205267), ++ UINT32_C(0x036D3513), UINT32_C(0x07ABD182), UINT32_C(0x0B51FDBA), ++ UINT32_C(0x077B5CD0), UINT32_C(0x0896BFE4), UINT32_C(0x0300338E), ++ UINT32_C(0x06FF9581) } }, ++ { { UINT32_C(0x054184BF), UINT32_C(0x02DCF217), UINT32_C(0x0880D0D9), ++ UINT32_C(0x019760C7), UINT32_C(0x0662BD25), UINT32_C(0x06A962DD), ++ UINT32_C(0x04C69173), UINT32_C(0x019D4A19), UINT32_C(0x05AD5A5F), ++ UINT32_C(0x0E23BF0B), UINT32_C(0x07D3C575), UINT32_C(0x0BCDA9CF), ++ UINT32_C(0x019497F7), UINT32_C(0x01914517), UINT32_C(0x027F0C56), ++ UINT32_C(0x048ED5F5), UINT32_C(0x078B0933), UINT32_C(0x01A7EB30), ++ UINT32_C(0x066D17B3) }, ++ { UINT32_C(0x00A95EDC), UINT32_C(0x0386D25E), UINT32_C(0x039DE915), ++ UINT32_C(0x076A16CE), UINT32_C(0x05DCE4A7), UINT32_C(0x07C40607), ++ UINT32_C(0x06F1B7C2), UINT32_C(0x0A817858), UINT32_C(0x0147CB22), ++ UINT32_C(0x0D109609), UINT32_C(0x0454D2C5), UINT32_C(0x0D788CF4), ++ UINT32_C(0x03DCA054), UINT32_C(0x02A7B716), UINT32_C(0x05C66166), ++ UINT32_C(0x01AC2B32), UINT32_C(0x0D0C246B), UINT32_C(0x02E38AD2), ++ UINT32_C(0x039CDC10) } }, ++ } ++}; ++ ++/*- ++ * Q := 2P, both projective, Q and P same pointers OK ++ * Autogenerated: op3/dbl_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 6 ++ * ASSERT: a = -3 ++ */ ++static void ++point_double(pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X = P->X; ++ const limb_t *Y = P->Y; ++ const limb_t *Z = P->Z; ++ limb_t *X3 = Q->X; ++ limb_t *Y3 = Q->Y; ++ limb_t *Z3 = Q->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp521r1_carry_square(t0, X); ++ fiat_secp521r1_carry_square(t1, Y); ++ fiat_secp521r1_carry_square(t2, Z); ++ fiat_secp521r1_carry_mul(t3, X, Y); ++ fiat_secp521r1_carry_add(t3, t3, t3); ++ fiat_secp521r1_carry_mul(t4, Y, Z); ++ fiat_secp521r1_carry_mul(Z3, X, Z); ++ fiat_secp521r1_carry_add(Z3, Z3, Z3); ++ fiat_secp521r1_carry_mul(Y3, b, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, Z3); ++ fiat_secp521r1_carry_add(X3, Y3, Y3); ++ fiat_secp521r1_carry_add(Y3, X3, Y3); ++ fiat_secp521r1_carry_sub(X3, t1, Y3); ++ fiat_secp521r1_carry_add(Y3, t1, Y3); ++ fiat_secp521r1_carry_mul(Y3, X3, Y3); ++ fiat_secp521r1_carry_mul(X3, X3, t3); ++ fiat_secp521r1_carry_add(t3, t2, t2); ++ fiat_secp521r1_carry_add(t2, t2, t3); ++ fiat_secp521r1_carry_mul(Z3, b, Z3); ++ fiat_secp521r1_carry_sub(Z3, Z3, t2); ++ fiat_secp521r1_carry_sub(Z3, Z3, t0); ++ fiat_secp521r1_carry_add(t3, Z3, Z3); ++ fiat_secp521r1_carry_add(Z3, Z3, t3); ++ fiat_secp521r1_carry_add(t3, t0, t0); ++ fiat_secp521r1_carry_add(t0, t3, t0); ++ fiat_secp521r1_carry_sub(t0, t0, t2); ++ fiat_secp521r1_carry_mul(t0, t0, Z3); ++ fiat_secp521r1_carry_add(Y3, Y3, t0); ++ fiat_secp521r1_carry_add(t0, t4, t4); ++ fiat_secp521r1_carry_mul(Z3, t0, Z3); ++ fiat_secp521r1_carry_sub(X3, X3, Z3); ++ fiat_secp521r1_carry_mul(Z3, t0, t1); ++ fiat_secp521r1_carry_add(Z3, Z3, Z3); ++ fiat_secp521r1_carry_add(Z3, Z3, Z3); ++} ++ ++/*- ++ * out1 = (arg1 == 0) ? 0 : nz ++ * NB: this is not a "mod p equiv" 0, but literal 0 ++ * NB: this is not a real Fiat function, just named that way for consistency. ++ */ ++static void ++fiat_secp521r1_nonzero(limb_t *out1, const fe_t arg1) ++{ ++ limb_t x1 = 0; ++ int i; ++ ++ for (i = 0; i < LIMB_CNT; i++) ++ x1 |= arg1[i]; ++ *out1 = x1; ++} ++ ++/*- ++ * R := Q + P where R and Q are projective, P affine. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_mixed.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 5 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_mixed(pt_prj_t *R, const pt_prj_t *Q, const pt_aff_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ fe_t X3; ++ fe_t Y3; ++ fe_t Z3; ++ limb_t nz; ++ ++ /* check P for affine inf */ ++ fiat_secp521r1_nonzero(&nz, P->Y); ++ ++ /* the curve arith formula */ ++ fiat_secp521r1_carry_mul(t0, X1, X2); ++ fiat_secp521r1_carry_mul(t1, Y1, Y2); ++ fiat_secp521r1_carry_add(t3, X2, Y2); ++ fiat_secp521r1_carry_add(t4, X1, Y1); ++ fiat_secp521r1_carry_mul(t3, t3, t4); ++ fiat_secp521r1_carry_add(t4, t0, t1); ++ fiat_secp521r1_carry_sub(t3, t3, t4); ++ fiat_secp521r1_carry_mul(t4, Y2, Z1); ++ fiat_secp521r1_carry_add(t4, t4, Y1); ++ fiat_secp521r1_carry_mul(Y3, X2, Z1); ++ fiat_secp521r1_carry_add(Y3, Y3, X1); ++ fiat_secp521r1_carry_mul(Z3, b, Z1); ++ fiat_secp521r1_carry_sub(X3, Y3, Z3); ++ fiat_secp521r1_carry_add(Z3, X3, X3); ++ fiat_secp521r1_carry_add(X3, X3, Z3); ++ fiat_secp521r1_carry_sub(Z3, t1, X3); ++ fiat_secp521r1_carry_add(X3, t1, X3); ++ fiat_secp521r1_carry_mul(Y3, b, Y3); ++ fiat_secp521r1_carry_add(t1, Z1, Z1); ++ fiat_secp521r1_carry_add(t2, t1, Z1); ++ fiat_secp521r1_carry_sub(Y3, Y3, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, t0); ++ fiat_secp521r1_carry_add(t1, Y3, Y3); ++ fiat_secp521r1_carry_add(Y3, t1, Y3); ++ fiat_secp521r1_carry_add(t1, t0, t0); ++ fiat_secp521r1_carry_add(t0, t1, t0); ++ fiat_secp521r1_carry_sub(t0, t0, t2); ++ fiat_secp521r1_carry_mul(t1, t4, Y3); ++ fiat_secp521r1_carry_mul(t2, t0, Y3); ++ fiat_secp521r1_carry_mul(Y3, X3, Z3); ++ fiat_secp521r1_carry_add(Y3, Y3, t2); ++ fiat_secp521r1_carry_mul(X3, t3, X3); ++ fiat_secp521r1_carry_sub(X3, X3, t1); ++ fiat_secp521r1_carry_mul(Z3, t4, Z3); ++ fiat_secp521r1_carry_mul(t1, t3, t0); ++ fiat_secp521r1_carry_add(Z3, Z3, t1); ++ ++ /* if P is inf, throw all that away and take Q */ ++ fiat_secp521r1_selectznz(R->X, nz, Q->X, X3); ++ fiat_secp521r1_selectznz(R->Y, nz, Q->Y, Y3); ++ fiat_secp521r1_selectznz(R->Z, nz, Q->Z, Z3); ++} ++ ++/*- ++ * R := Q + P all projective. ++ * R and Q same pointers OK ++ * R and P same pointers not OK ++ * Autogenerated: op3/add_proj.op3 ++ * https://eprint.iacr.org/2015/1060 Alg 4 ++ * ASSERT: a = -3 ++ */ ++static void ++point_add_proj(pt_prj_t *R, const pt_prj_t *Q, const pt_prj_t *P) ++{ ++ /* temporary variables */ ++ fe_t t0, t1, t2, t3, t4, t5; ++ /* constants */ ++ const limb_t *b = const_b; ++ /* set pointers for legacy curve arith */ ++ const limb_t *X1 = Q->X; ++ const limb_t *Y1 = Q->Y; ++ const limb_t *Z1 = Q->Z; ++ const limb_t *X2 = P->X; ++ const limb_t *Y2 = P->Y; ++ const limb_t *Z2 = P->Z; ++ limb_t *X3 = R->X; ++ limb_t *Y3 = R->Y; ++ limb_t *Z3 = R->Z; ++ ++ /* the curve arith formula */ ++ fiat_secp521r1_carry_mul(t0, X1, X2); ++ fiat_secp521r1_carry_mul(t1, Y1, Y2); ++ fiat_secp521r1_carry_mul(t2, Z1, Z2); ++ fiat_secp521r1_carry_add(t3, X1, Y1); ++ fiat_secp521r1_carry_add(t4, X2, Y2); ++ fiat_secp521r1_carry_mul(t3, t3, t4); ++ fiat_secp521r1_carry_add(t4, t0, t1); ++ fiat_secp521r1_carry_sub(t3, t3, t4); ++ fiat_secp521r1_carry_add(t4, Y1, Z1); ++ fiat_secp521r1_carry_add(t5, Y2, Z2); ++ fiat_secp521r1_carry_mul(t4, t4, t5); ++ fiat_secp521r1_carry_add(t5, t1, t2); ++ fiat_secp521r1_carry_sub(t4, t4, t5); ++ fiat_secp521r1_carry_add(X3, X1, Z1); ++ fiat_secp521r1_carry_add(Y3, X2, Z2); ++ fiat_secp521r1_carry_mul(X3, X3, Y3); ++ fiat_secp521r1_carry_add(Y3, t0, t2); ++ fiat_secp521r1_carry_sub(Y3, X3, Y3); ++ fiat_secp521r1_carry_mul(Z3, b, t2); ++ fiat_secp521r1_carry_sub(X3, Y3, Z3); ++ fiat_secp521r1_carry_add(Z3, X3, X3); ++ fiat_secp521r1_carry_add(X3, X3, Z3); ++ fiat_secp521r1_carry_sub(Z3, t1, X3); ++ fiat_secp521r1_carry_add(X3, t1, X3); ++ fiat_secp521r1_carry_mul(Y3, b, Y3); ++ fiat_secp521r1_carry_add(t1, t2, t2); ++ fiat_secp521r1_carry_add(t2, t1, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, t2); ++ fiat_secp521r1_carry_sub(Y3, Y3, t0); ++ fiat_secp521r1_carry_add(t1, Y3, Y3); ++ fiat_secp521r1_carry_add(Y3, t1, Y3); ++ fiat_secp521r1_carry_add(t1, t0, t0); ++ fiat_secp521r1_carry_add(t0, t1, t0); ++ fiat_secp521r1_carry_sub(t0, t0, t2); ++ fiat_secp521r1_carry_mul(t1, t4, Y3); ++ fiat_secp521r1_carry_mul(t2, t0, Y3); ++ fiat_secp521r1_carry_mul(Y3, X3, Z3); ++ fiat_secp521r1_carry_add(Y3, Y3, t2); ++ fiat_secp521r1_carry_mul(X3, t3, X3); ++ fiat_secp521r1_carry_sub(X3, X3, t1); ++ fiat_secp521r1_carry_mul(Z3, t4, Z3); ++ fiat_secp521r1_carry_mul(t1, t3, t0); ++ fiat_secp521r1_carry_add(Z3, Z3, t1); ++} ++ ++/* constants */ ++#define RADIX 5 ++#define DRADIX (1 << RADIX) ++#define DRADIX_WNAF ((DRADIX) << 1) ++ ++/*- ++ * precomp for wnaf scalar multiplication: ++ * precomp[0] = 1P ++ * precomp[1] = 3P ++ * precomp[2] = 5P ++ * precomp[3] = 7P ++ * precomp[4] = 9P ++ * ... ++ */ ++static void ++precomp_wnaf(pt_prj_t precomp[DRADIX / 2], const pt_aff_t *P) ++{ ++ int i; ++ ++ fe_copy(precomp[0].X, P->X); ++ fe_copy(precomp[0].Y, P->Y); ++ fe_copy(precomp[0].Z, const_one); ++ point_double(&precomp[DRADIX / 2 - 1], &precomp[0]); ++ ++ for (i = 1; i < DRADIX / 2; i++) ++ point_add_proj(&precomp[i], &precomp[DRADIX / 2 - 1], &precomp[i - 1]); ++} ++ ++/* fetch a scalar bit */ ++static int ++scalar_get_bit(const unsigned char in[66], int idx) ++{ ++ int widx, rshift; ++ ++ widx = idx >> 3; ++ rshift = idx & 0x7; ++ ++ if (idx < 0 || widx >= 66) ++ return 0; ++ ++ return (in[widx] >> rshift) & 0x1; ++} ++ ++/*- ++ * Compute "regular" wnaf representation of a scalar. ++ * See "Exponent Recoding and Regular Exponentiation Algorithms", ++ * Tunstall et al., AfricaCrypt 2009, Alg 6. ++ * It forces an odd scalar and outputs digits in ++ * {\pm 1, \pm 3, \pm 5, \pm 7, \pm 9, ...} ++ * i.e. signed odd digits with _no zeroes_ -- that makes it "regular". ++ */ ++static void ++scalar_rwnaf(int8_t out[106], const unsigned char in[66]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = (in[0] & (DRADIX_WNAF - 1)) | 1; ++ for (i = 0; i < 105; i++) { ++ d = (window & (DRADIX_WNAF - 1)) - DRADIX; ++ out[i] = d; ++ window = (window - d) >> RADIX; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 1) << 1; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 2) << 2; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 3) << 3; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 4) << 4; ++ window += scalar_get_bit(in, (i + 1) * RADIX + 5) << 5; ++ } ++ out[i] = window; ++} ++ ++/*- ++ * Compute "textbook" wnaf representation of a scalar. ++ * NB: not constant time ++ */ ++static void ++scalar_wnaf(int8_t out[529], const unsigned char in[66]) ++{ ++ int i; ++ int8_t window, d; ++ ++ window = in[0] & (DRADIX_WNAF - 1); ++ for (i = 0; i < 529; i++) { ++ d = 0; ++ if ((window & 1) && ((d = window & (DRADIX_WNAF - 1)) & DRADIX)) ++ d -= DRADIX_WNAF; ++ out[i] = d; ++ window = (window - d) >> 1; ++ window += scalar_get_bit(in, i + 1 + RADIX) << RADIX; ++ } ++} ++ ++/*- ++ * Simulateous scalar multiplication: interleaved "textbook" wnaf. ++ * NB: not constant time ++ */ ++static void ++var_smul_wnaf_two(pt_aff_t *out, const unsigned char a[66], ++ const unsigned char b[66], const pt_aff_t *P) ++{ ++ int i, d, is_neg, is_inf = 1, flipped = 0; ++ int8_t anaf[529] = { 0 }; ++ int8_t bnaf[529] = { 0 }; ++ pt_prj_t Q; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_wnaf(anaf, a); ++ scalar_wnaf(bnaf, b); ++ ++ for (i = 528; i >= 0; i--) { ++ if (!is_inf) ++ point_double(&Q, &Q); ++ if ((d = bnaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp521r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &precomp[d].X); ++ fe_copy(Q.Y, &precomp[d].Y); ++ fe_copy(Q.Z, &precomp[d].Z); ++ is_inf = 0; ++ } else ++ point_add_proj(&Q, &Q, &precomp[d]); ++ } ++ if ((d = anaf[i])) { ++ if ((is_neg = d < 0) != flipped) { ++ fiat_secp521r1_opp(Q.Y, Q.Y); ++ flipped ^= 1; ++ } ++ d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; ++ if (is_inf) { ++ /* initialize accumulator */ ++ fe_copy(Q.X, &lut_cmb[0][d].X); ++ fe_copy(Q.Y, &lut_cmb[0][d].Y); ++ fe_copy(Q.Z, const_one); ++ is_inf = 0; ++ } else ++ point_add_mixed(&Q, &Q, &lut_cmb[0][d]); ++ } ++ } ++ ++ if (is_inf) { ++ /* initialize accumulator to inf: all-zero scalars */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ } ++ ++ if (flipped) { ++ /* correct sign */ ++ fiat_secp521r1_opp(Q.Y, Q.Y); ++ } ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp521r1_inv(Q.Z, Q.Z); ++ fiat_secp521r1_carry_mul(out->X, Q.X, Q.Z); ++ fiat_secp521r1_carry_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Variable point scalar multiplication with "regular" wnaf. ++ */ ++static void ++var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[66], ++ const pt_aff_t *P) ++{ ++ int i, j, d, diff, is_neg; ++ int8_t rnaf[106] = { 0 }; ++ pt_prj_t Q, lut; ++ pt_prj_t precomp[DRADIX / 2]; ++ ++ precomp_wnaf(precomp, P); ++ scalar_rwnaf(rnaf, scalar); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ /* initialize accumulator to high digit */ ++ d = (rnaf[105] - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp521r1_selectznz(Q.X, diff, Q.X, precomp[j].X); ++ fiat_secp521r1_selectznz(Q.Y, diff, Q.Y, precomp[j].Y); ++ fiat_secp521r1_selectznz(Q.Z, diff, Q.Z, precomp[j].Z); ++ } ++ ++ for (i = 104; i >= 0; i--) { ++ for (j = 0; j < RADIX; j++) ++ point_double(&Q, &Q); ++ d = rnaf[i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (j = 0; j < DRADIX / 2; j++) { ++ diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp521r1_selectznz(lut.X, diff, lut.X, precomp[j].X); ++ fiat_secp521r1_selectznz(lut.Y, diff, lut.Y, precomp[j].Y); ++ fiat_secp521r1_selectznz(lut.Z, diff, lut.Z, precomp[j].Z); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp521r1_opp(out->Y, lut.Y); ++ fiat_secp521r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_proj(&Q, &Q, &lut); ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, precomp[0].X); ++ fiat_secp521r1_opp(lut.Y, precomp[0].Y); ++ fe_copy(lut.Z, precomp[0].Z); ++ point_add_proj(&lut, &lut, &Q); ++ fiat_secp521r1_selectznz(Q.X, scalar[0] & 1, lut.X, Q.X); ++ fiat_secp521r1_selectznz(Q.Y, scalar[0] & 1, lut.Y, Q.Y); ++ fiat_secp521r1_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp521r1_inv(Q.Z, Q.Z); ++ fiat_secp521r1_carry_mul(out->X, Q.X, Q.Z); ++ fiat_secp521r1_carry_mul(out->Y, Q.Y, Q.Z); ++} ++ ++/*- ++ * Fixed scalar multiplication: comb with interleaving. ++ */ ++static void ++fixed_smul_cmb(pt_aff_t *out, const unsigned char scalar[66]) ++{ ++ int i, j, k, d, diff, is_neg = 0; ++ int8_t rnaf[106] = { 0 }; ++ pt_prj_t Q, R; ++ pt_aff_t lut; ++ ++ scalar_rwnaf(rnaf, scalar); ++ ++ /* initalize accumulator to inf */ ++ fe_set_zero(Q.X); ++ fe_copy(Q.Y, const_one); ++ fe_set_zero(Q.Z); ++ ++#if defined(_MSC_VER) ++/* result still unsigned: yes we know */ ++#pragma warning(push) ++#pragma warning(disable : 4146) ++#endif ++ ++ for (i = 8; i >= 0; i--) { ++ for (j = 0; i != 8 && j < RADIX; j++) ++ point_double(&Q, &Q); ++ for (j = 0; j < 13; j++) { ++ if (j * 9 + i > 105) ++ continue; ++ d = rnaf[j * 9 + i]; ++ /* is_neg = (d < 0) ? 1 : 0 */ ++ is_neg = (d >> (8 * sizeof(int) - 1)) & 1; ++ /* d = abs(d) */ ++ d = (d ^ -is_neg) + is_neg; ++ d = (d - 1) >> 1; ++ for (k = 0; k < DRADIX / 2; k++) { ++ diff = (1 - (-(d ^ k) >> (8 * sizeof(int) - 1))) & 1; ++ fiat_secp521r1_selectznz(lut.X, diff, lut.X, lut_cmb[j][k].X); ++ fiat_secp521r1_selectznz(lut.Y, diff, lut.Y, lut_cmb[j][k].Y); ++ } ++ /* negate lut point if digit is negative */ ++ fiat_secp521r1_opp(out->Y, lut.Y); ++ fiat_secp521r1_selectznz(lut.Y, is_neg, lut.Y, out->Y); ++ point_add_mixed(&Q, &Q, &lut); ++ } ++ } ++ ++#if defined(_MSC_VER) ++#pragma warning(pop) ++#endif ++ ++ /* conditionally subtract P if the scalar was even */ ++ fe_copy(lut.X, lut_cmb[0][0].X); ++ fiat_secp521r1_opp(lut.Y, lut_cmb[0][0].Y); ++ point_add_mixed(&R, &Q, &lut); ++ fiat_secp521r1_selectznz(Q.X, scalar[0] & 1, R.X, Q.X); ++ fiat_secp521r1_selectznz(Q.Y, scalar[0] & 1, R.Y, Q.Y); ++ fiat_secp521r1_selectznz(Q.Z, scalar[0] & 1, R.Z, Q.Z); ++ ++ /* convert to affine -- NB depends on coordinate system */ ++ fiat_secp521r1_inv(Q.Z, Q.Z); ++ fiat_secp521r1_carry_mul(out->X, Q.X, Q.Z); ++ fiat_secp521r1_carry_mul(out->Y, Q.Y, Q.Z); ++} ++ ++static void ++point_mul_two(unsigned char outx[66], unsigned char outy[66], ++ const unsigned char a[66], const unsigned char b[66], ++ const unsigned char inx[66], ++ const unsigned char iny[66]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp521r1_from_bytes(P.X, inx); ++ fiat_secp521r1_from_bytes(P.Y, iny); ++ /* simultaneous scalar multiplication */ ++ var_smul_wnaf_two(&P, a, b, &P); ++ ++ fiat_secp521r1_to_bytes(outx, P.X); ++ fiat_secp521r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul_g(unsigned char outx[66], unsigned char outy[66], ++ const unsigned char scalar[66]) ++{ ++ pt_aff_t P; ++ ++ /* fixed scmul function */ ++ fixed_smul_cmb(&P, scalar); ++ fiat_secp521r1_to_bytes(outx, P.X); ++ fiat_secp521r1_to_bytes(outy, P.Y); ++} ++ ++static void ++point_mul(unsigned char outx[66], unsigned char outy[66], ++ const unsigned char scalar[66], ++ const unsigned char inx[66], ++ const unsigned char iny[66]) ++{ ++ pt_aff_t P; ++ ++ fiat_secp521r1_from_bytes(P.X, inx); ++ fiat_secp521r1_from_bytes(P.Y, iny); ++ /* var scmul function */ ++ var_smul_rwnaf(&P, scalar, &P); ++ fiat_secp521r1_to_bytes(outx, P.X); ++ fiat_secp521r1_to_bytes(outy, P.Y); ++} ++ ++#undef RADIX ++#include "ecp.h" ++#include "mplogic.h" ++ ++/*- ++ * reverse bytes -- total hack ++ */ ++#define MP_BE2LE(a) \ ++ do { \ ++ unsigned char z_bswap; \ ++ z_bswap = a[0]; \ ++ a[0] = a[65]; \ ++ a[65] = z_bswap; \ ++ z_bswap = a[1]; \ ++ a[1] = a[64]; \ ++ a[64] = z_bswap; \ ++ z_bswap = a[2]; \ ++ a[2] = a[63]; \ ++ a[63] = z_bswap; \ ++ z_bswap = a[3]; \ ++ a[3] = a[62]; \ ++ a[62] = z_bswap; \ ++ z_bswap = a[4]; \ ++ a[4] = a[61]; \ ++ a[61] = z_bswap; \ ++ z_bswap = a[5]; \ ++ a[5] = a[60]; \ ++ a[60] = z_bswap; \ ++ z_bswap = a[6]; \ ++ a[6] = a[59]; \ ++ a[59] = z_bswap; \ ++ z_bswap = a[7]; \ ++ a[7] = a[58]; \ ++ a[58] = z_bswap; \ ++ z_bswap = a[8]; \ ++ a[8] = a[57]; \ ++ a[57] = z_bswap; \ ++ z_bswap = a[9]; \ ++ a[9] = a[56]; \ ++ a[56] = z_bswap; \ ++ z_bswap = a[10]; \ ++ a[10] = a[55]; \ ++ a[55] = z_bswap; \ ++ z_bswap = a[11]; \ ++ a[11] = a[54]; \ ++ a[54] = z_bswap; \ ++ z_bswap = a[12]; \ ++ a[12] = a[53]; \ ++ a[53] = z_bswap; \ ++ z_bswap = a[13]; \ ++ a[13] = a[52]; \ ++ a[52] = z_bswap; \ ++ z_bswap = a[14]; \ ++ a[14] = a[51]; \ ++ a[51] = z_bswap; \ ++ z_bswap = a[15]; \ ++ a[15] = a[50]; \ ++ a[50] = z_bswap; \ ++ z_bswap = a[16]; \ ++ a[16] = a[49]; \ ++ a[49] = z_bswap; \ ++ z_bswap = a[17]; \ ++ a[17] = a[48]; \ ++ a[48] = z_bswap; \ ++ z_bswap = a[18]; \ ++ a[18] = a[47]; \ ++ a[47] = z_bswap; \ ++ z_bswap = a[19]; \ ++ a[19] = a[46]; \ ++ a[46] = z_bswap; \ ++ z_bswap = a[20]; \ ++ a[20] = a[45]; \ ++ a[45] = z_bswap; \ ++ z_bswap = a[21]; \ ++ a[21] = a[44]; \ ++ a[44] = z_bswap; \ ++ z_bswap = a[22]; \ ++ a[22] = a[43]; \ ++ a[43] = z_bswap; \ ++ z_bswap = a[23]; \ ++ a[23] = a[42]; \ ++ a[42] = z_bswap; \ ++ z_bswap = a[24]; \ ++ a[24] = a[41]; \ ++ a[41] = z_bswap; \ ++ z_bswap = a[25]; \ ++ a[25] = a[40]; \ ++ a[40] = z_bswap; \ ++ z_bswap = a[26]; \ ++ a[26] = a[39]; \ ++ a[39] = z_bswap; \ ++ z_bswap = a[27]; \ ++ a[27] = a[38]; \ ++ a[38] = z_bswap; \ ++ z_bswap = a[28]; \ ++ a[28] = a[37]; \ ++ a[37] = z_bswap; \ ++ z_bswap = a[29]; \ ++ a[29] = a[36]; \ ++ a[36] = z_bswap; \ ++ z_bswap = a[30]; \ ++ a[30] = a[35]; \ ++ a[35] = z_bswap; \ ++ z_bswap = a[31]; \ ++ a[31] = a[34]; \ ++ a[34] = z_bswap; \ ++ z_bswap = a[32]; \ ++ a[32] = a[33]; \ ++ a[33] = z_bswap; \ ++ } while (0) ++ ++static mp_err ++point_mul_g_secp521r1(const mp_int *n, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[66]; ++ unsigned char b_y[66]; ++ unsigned char b_n[66]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && out_x != NULL && out_y != NULL, MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 521 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 66)); ++ MP_BE2LE(b_n); ++ point_mul_g(b_x, b_y, b_n); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 66)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 66)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_secp521r1(const mp_int *n, const mp_int *in_x, ++ const mp_int *in_y, mp_int *out_x, ++ mp_int *out_y, const ECGroup *group) ++{ ++ unsigned char b_x[66]; ++ unsigned char b_y[66]; ++ unsigned char b_n[66]; ++ mp_err res; ++ ++ ARGCHK(n != NULL && in_x != NULL && in_y != NULL && out_x != NULL && ++ out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n) > 521 || mp_cmp_z(n) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n, b_n, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 66)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n); ++ point_mul(b_x, b_y, b_n, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 66)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 66)); ++ ++CLEANUP: ++ return res; ++} ++ ++static mp_err ++point_mul_two_secp521r1(const mp_int *n1, const mp_int *n2, ++ const mp_int *in_x, const mp_int *in_y, ++ mp_int *out_x, mp_int *out_y, ++ const ECGroup *group) ++{ ++ unsigned char b_x[66]; ++ unsigned char b_y[66]; ++ unsigned char b_n1[66]; ++ unsigned char b_n2[66]; ++ mp_err res; ++ ++ /* If n2 == NULL, this is just a base-point multiplication. */ ++ if (n2 == NULL) ++ return point_mul_g_secp521r1(n1, out_x, out_y, group); ++ ++ /* If n1 == NULL, this is just an arbitary-point multiplication. */ ++ if (n1 == NULL) ++ return point_mul_secp521r1(n2, in_x, in_y, out_x, out_y, group); ++ ++ ARGCHK(in_x != NULL && in_y != NULL && out_x != NULL && out_y != NULL, ++ MP_BADARG); ++ ++ /* fail on out of range scalars */ ++ if (mpl_significant_bits(n1) > 521 || mp_cmp_z(n1) != 1 || ++ mpl_significant_bits(n2) > 521 || mp_cmp_z(n2) != 1) ++ return MP_RANGE; ++ ++ MP_CHECKOK(mp_to_fixlen_octets(n1, b_n1, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(n2, b_n2, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_x, b_x, 66)); ++ MP_CHECKOK(mp_to_fixlen_octets(in_y, b_y, 66)); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_BE2LE(b_n1); ++ MP_BE2LE(b_n2); ++ point_mul_two(b_x, b_y, b_n1, b_n2, b_x, b_y); ++ MP_BE2LE(b_x); ++ MP_BE2LE(b_y); ++ MP_CHECKOK(mp_read_unsigned_octets(out_x, b_x, 66)); ++ MP_CHECKOK(mp_read_unsigned_octets(out_y, b_y, 66)); ++ ++CLEANUP: ++ return res; ++} ++ ++mp_err ++ec_group_set_secp521r1(ECGroup *group, ECCurveName name) ++{ ++ if (name == ECCurve_NIST_P521) { ++ group->base_point_mul = &point_mul_g_secp521r1; ++ group->point_mul = &point_mul_secp521r1; ++ group->points_mul = &point_mul_two_secp521r1; ++ } ++ return MP_OKAY; ++} ++ ++#endif /* __SIZEOF_INT128__ */ +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi +@@ -31,16 +31,17 @@ + 'ecl/ecp_256_32.c', + 'ecl/ecp_384.c', + 'ecl/ecp_521.c', + 'ecl/ecp_aff.c', + 'ecl/ecp_jac.c', + 'ecl/ecp_jm.c', + 'ecl/ecp_mont.c', + 'ecl/ecp_secp384r1.c', ++ 'ecl/ecp_secp521r1.c', + 'fipsfreebl.c', + 'blinit.c', + 'freeblver.c', + 'gcm.c', + 'hmacct.c', + 'jpake.c', + 'ldvector.c', + 'md2.c', +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn +@@ -102,17 +102,17 @@ PRIVATE_EXPORTS = \ + MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h + MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c + + + ECL_HDRS = ecl-exp.h ecl.h ecp.h ecl-priv.h + ECL_SRCS = ecl.c ecl_mult.c ecl_gf.c \ + ecp_aff.c ecp_jac.c ecp_mont.c \ + ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ +- ecp_256_32.c ecp_25519.c ecp_secp384r1.c ++ ecp_256_32.c ecp_25519.c ecp_secp384r1.c ecp_secp521r1.c + SHA_SRCS = sha_fast.c + MPCPU_SRCS = mpcpucache.c + VERIFIED_SRCS = $(NULL) + + CSRCS = \ + freeblver.c \ + ldvector.c \ + sysrand.c \ + diff --git a/SOURCES/nss-softokn-3.44-handle-malformed-ecdh.patch b/SOURCES/nss-softokn-3.44-handle-malformed-ecdh.patch deleted file mode 100644 index 6902529..0000000 --- a/SOURCES/nss-softokn-3.44-handle-malformed-ecdh.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c ---- a/lib/freebl/ec.c -+++ b/lib/freebl/ec.c -@@ -202,8 +202,8 @@ - #endif - MP_DIGITS(&k) = 0; - -- if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0) || -- !ecParams->name) { -+ if (!ecParams || ecParams->name == ECCurve_noName || -+ !privKey || !privKeyBytes || privKeyLen <= 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -@@ -391,7 +391,7 @@ - int len; - unsigned char *privKeyBytes = NULL; - -- if (!ecParams) { -+ if (!ecParams || ecParams->name == ECCurve_noName || !privKey) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -@@ -430,7 +430,8 @@ - mp_err err = MP_OKAY; - int len; - -- if (!ecParams || !publicValue || !ecParams->name) { -+ if (!ecParams || ecParams->name == ECCurve_noName || -+ !publicValue || !publicValue->len) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -@@ -536,8 +537,9 @@ - int i; - #endif - -- if (!publicValue || !ecParams || !privateValue || !derivedSecret || -- !ecParams->name) { -+ if (!publicValue || !publicValue->len || -+ !ecParams || ecParams->name == ECCurve_noName || -+ !privateValue || !privateValue->len || !derivedSecret) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } diff --git a/SOURCES/nss-softokn-3.44-kbkdf-coverity.patch b/SOURCES/nss-softokn-3.44-kbkdf-coverity.patch new file mode 100644 index 0000000..1ef1d8d --- /dev/null +++ b/SOURCES/nss-softokn-3.44-kbkdf-coverity.patch @@ -0,0 +1,39 @@ +diff -up ./lib/softoken/kbkdf.c.coverity ./lib/softoken/kbkdf.c +--- ./lib/softoken/kbkdf.c.coverity 2019-12-03 15:33:43.047732312 -0800 ++++ ./lib/softoken/kbkdf.c 2019-12-03 15:39:40.982578357 -0800 +@@ -534,6 +534,10 @@ CK_RV kbkdf_CreateKey(CK_SESSION_HANDLE + PR_ASSERT(derived_key != NULL); + PR_ASSERT(derived_key->phKey != NULL); + ++ if (slot == NULL) { ++ return CKR_SESSION_HANDLE_INVALID; ++ } ++ + /* Create the new key object for this additional derived key. */ + key = sftk_NewObject(slot); + if (key == NULL) { +@@ -589,7 +593,9 @@ done: + sftk_FreeObject(key); + + /* Doesn't do anything. */ +- sftk_FreeSession(session); ++ if (session) { ++ sftk_FreeSession(session); ++ } + + return ret; + } +diff -up ./lib/softoken/sftkhmac.c.coverity ./lib/softoken/sftkhmac.c +--- ./lib/softoken/sftkhmac.c.coverity 2019-12-03 15:40:06.108848341 -0800 ++++ ./lib/softoken/sftkhmac.c 2019-12-03 15:41:04.919480267 -0800 +@@ -232,7 +232,9 @@ sftk_MAC_Init(sftk_MACCtx *ctx, CK_MECHA + keyval->attrib.ulValueLen, isFIPS); + + done: +- sftk_FreeAttribute(keyval); ++ if (keyval) { ++ sftk_FreeAttribute(keyval); ++ } + return ret; + } + diff --git a/SOURCES/nss-softokn-3.44-missing-softokn-kdf.patch b/SOURCES/nss-softokn-3.44-missing-softokn-kdf.patch new file mode 100644 index 0000000..7d132ec --- /dev/null +++ b/SOURCES/nss-softokn-3.44-missing-softokn-kdf.patch @@ -0,0 +1,539 @@ +Index: nss/gtests/pk11_gtest/manifest.mn +=================================================================== +--- nss.orig/gtests/pk11_gtest/manifest.mn ++++ nss/gtests/pk11_gtest/manifest.mn +@@ -23,6 +23,7 @@ CPPSRCS = \ + pk11_find_certs_unittest.cc \ + pk11_hkdf_unittest.cc \ + pk11_import_unittest.cc \ ++ pk11_kdf_unittest.cc \ + pk11_kbkdf.cc \ + pk11_keygen.cc \ + pk11_key_unittest.cc \ +Index: nss/gtests/pk11_gtest/pk11_kdf_unittest.cc +=================================================================== +--- /dev/null ++++ nss/gtests/pk11_gtest/pk11_kdf_unittest.cc +@@ -0,0 +1,509 @@ ++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* vim: set ts=2 et sw=2 tw=80: */ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this file, ++ * You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#include ++#include "nss.h" ++#include "pk11pub.h" ++ ++#include "cpputil.h" ++ ++#include "gtest/gtest.h" ++ ++namespace nss_test { ++ ++const size_t kGxySize = 256; ++const size_t kSeedSize = 8; ++const size_t kKeySize = 64; ++const size_t kLongKeySize = 1056; ++const size_t kAesXcbcLen = 16; ++const size_t kSha1Len = 20; ++const size_t kSha224Len = 28; ++const size_t kSha256Len = 32; ++const size_t kSha384Len = 48; ++const size_t kSha512Len = 64; ++ ++// This is not the right size for anything ++const size_t kIncorrectSize = 17; ++ ++const uint8_t kGxyData[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, ++ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, ++ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, ++ 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, ++ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, ++ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, ++ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, ++ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, ++ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x21, 0x22, 0x23, ++ 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, ++ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, ++ 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, ++ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, ++ 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, ++ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, ++ 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, ++ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, ++ 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, ++ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, ++ 0xfc, 0xfd, 0xfe, 0xff}; ++ ++const uint8_t kKeyData[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, ++ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, ++ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, ++ 0x3c, 0x3d, 0x3e, 0x3f}; ++ ++const uint8_t kSeed[] = { ++ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, ++ 0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, ++ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3}; ++ ++const uint8_t kExpectedOutputIkeSha256[] = { ++ 0xd3, 0x9d, 0xb2, 0x77, 0x4b, 0x7f, 0xea, 0x81, 0xfc, 0xe5, 0x22, 0xb7, ++ 0xdf, 0xa5, 0x65, 0x15, 0xc9, 0x8f, 0x89, 0x45, 0xda, 0xd9, 0x5d, 0x12, ++ 0xbb, 0x52, 0xb6, 0x3b, 0xf4, 0x4d, 0xaf, 0x16}; ++ ++const uint8_t kExpectedOutputIke1Sha256[] = { ++ 0x25, 0x45, 0x68, 0xd2, 0x98, 0x96, 0xa3, 0xda, 0x89, 0x76, 0x06, 0x01, ++ 0xd0, 0xce, 0xf8, 0x05, 0x26, 0x3f, 0xaf, 0x95, 0x92, 0x48, 0x02, 0x0e, ++ 0x39, 0x75, 0x94, 0x00, 0x22, 0xd8, 0x5a, 0x50}; ++ ++const uint8_t kExpectedOutputIkePlusSha256[] = { ++ 0x03, 0x1e, 0xe7, 0x13, 0x6e, 0x58, 0x11, 0xc4, 0x81, 0x56, 0x42, 0x3c, ++ 0x3c, 0xaa, 0xdb, 0xad, 0x8a, 0x84, 0xdc, 0xa3, 0x0f, 0xe7, 0x67, 0x55, ++ 0x9c, 0x9f, 0xb8, 0x57, 0xa9, 0x5b, 0x41, 0x53, 0x86, 0xe0, 0xb3, 0x21, ++ 0x08, 0x1b, 0x38, 0x24, 0xce, 0xef, 0x7c, 0x89, 0x0d, 0xa7, 0xae, 0x14, ++ 0x58, 0xbd, 0x79, 0x9c, 0x32, 0x25, 0x7f, 0x3e, 0xbd, 0xe1, 0xfb, 0x3a, ++ 0x38, 0x51, 0x05, 0xaa, 0xc8, 0x37, 0x3e, 0x4e, 0x9b, 0x70, 0xb8, 0xe2, ++ 0x21, 0xe7, 0x12, 0xb3, 0xf7, 0x64, 0x21, 0x9d, 0x52, 0x38, 0x41, 0xfb, ++ 0x54, 0xaf, 0x59, 0xc3, 0xab, 0xf3, 0x7f, 0x64, 0xee, 0x17, 0xf5, 0xa8, ++ 0x2b, 0xdf, 0x2d, 0xd3, 0x29, 0x0e, 0x4f, 0x31, 0x54, 0x25, 0x4e, 0x65, ++ 0x52, 0xdf, 0x66, 0xfd, 0x49, 0x85, 0x1f, 0x87, 0x71, 0xa1, 0x5c, 0xfa, ++ 0x99, 0xf5, 0x21, 0x9a, 0xbc, 0x55, 0x5b, 0x1c, 0x19, 0xd9, 0x4b, 0x42, ++ 0xc5, 0xa0, 0xed, 0x1a, 0x1e, 0xf0, 0x04, 0x52, 0xb3, 0xd0, 0x0f, 0x48, ++ 0x45, 0x00, 0xdc, 0x94, 0xae, 0xd8, 0x70, 0x2e, 0xdd, 0x12, 0xe1, 0x66, ++ 0x72, 0xc2, 0x39, 0xd2, 0xc6, 0xfa, 0xdd, 0x8c, 0x11, 0x9c, 0x9d, 0x60, ++ 0xd1, 0x08, 0x79, 0x62, 0xbb, 0x97, 0x45, 0x38, 0x2d, 0x83, 0x9c, 0x2e, ++ 0x8f, 0x88, 0xa3, 0xad, 0x5b, 0x8e, 0x4e, 0x0e, 0xdb, 0xee, 0xaf, 0x1d, ++ 0xf6, 0xe7, 0x7e, 0x28, 0xc5, 0xcf, 0x0c, 0xd9, 0xee, 0xde, 0xc8, 0x87, ++ 0x00, 0xfe, 0x02, 0xd8, 0x30, 0xa6, 0x68, 0xec, 0x51, 0x22, 0xac, 0x4c, ++ 0x38, 0x0f, 0xbb, 0x5c, 0xcb, 0xd5, 0x93, 0xda, 0xea, 0xd0, 0x1b, 0x41, ++ 0x85, 0x8d, 0x12, 0x56, 0xbb, 0x90, 0x62, 0xc9, 0x91, 0x62, 0xf8, 0x29, ++ 0x9a, 0x4f, 0xd8, 0x5e, 0x7d, 0x1f, 0x69, 0xe8, 0x23, 0x53, 0x26, 0x98, ++ 0x98, 0x88, 0xfa, 0x14, 0xdc, 0xa3, 0x0f, 0xc7, 0x58, 0xb2, 0x6d, 0xa5, ++ 0x34, 0x53, 0xb5, 0xc3, 0xcc, 0xbb, 0xd7, 0xd4, 0x80, 0xf3, 0x8c, 0x79, ++ 0xd2, 0xac, 0x12, 0xa5, 0xf9, 0x99, 0xe7, 0x1b, 0x46, 0x16, 0x02, 0x6a, ++ 0xa3, 0xc5, 0x20, 0xb5, 0x5a, 0x55, 0xbd, 0xac, 0x70, 0xf1, 0x5b, 0xe4, ++ 0x45, 0x12, 0x7e, 0xcf, 0x12, 0xbf, 0x53, 0x7e, 0x3d, 0xbe, 0x53, 0x77, ++ 0xc4, 0x2c, 0x17, 0x5f, 0xe5, 0xb9, 0x73, 0x01, 0x5d, 0x9b, 0x34, 0x3c, ++ 0x45, 0xf0, 0xa4, 0x91, 0xaf, 0x34, 0xa2, 0xd6, 0x0a, 0x14, 0x98, 0x2c, ++ 0x91, 0xd5, 0x8f, 0x12, 0xde, 0x7c, 0x61, 0xd8, 0x42, 0x07, 0x42, 0x1a, ++ 0x01, 0x2b, 0xf6, 0x54, 0xd1, 0xde, 0x6d, 0x9c, 0x8b, 0x51, 0x81, 0x3e, ++ 0x01, 0xd1, 0xfb, 0x5a, 0xcd, 0xf0, 0xeb, 0xcc, 0x03, 0xe2, 0xc1, 0x31, ++ 0x92, 0x11, 0x88, 0x1f, 0xec, 0x81, 0x07, 0x78, 0x89, 0x89, 0x29, 0x19, ++ 0x3f, 0x75, 0x01, 0x0e, 0x73, 0xbc, 0x1e, 0x76, 0x23, 0x80, 0x36, 0xaa, ++ 0x2a, 0xd0, 0x77, 0x57, 0x6a, 0xea, 0xe2, 0xdb, 0xed, 0x17, 0x79, 0x3d, ++ 0x8b, 0x8a, 0xbe, 0x32, 0x90, 0x2e, 0x1c, 0x00, 0xc2, 0x27, 0xb5, 0x64, ++ 0x7c, 0xc3, 0xca, 0xb8, 0xaf, 0xcb, 0x17, 0x29, 0xec, 0x00, 0x5b, 0x83, ++ 0x9f, 0xfe, 0x8b, 0xb6, 0x6f, 0x01, 0x23, 0x6b, 0xb3, 0xaa, 0x34, 0x3f, ++ 0x5c, 0x66, 0x7c, 0xec, 0x15, 0x5a, 0xa9, 0x3c, 0xe2, 0xef, 0xcb, 0xe5, ++ 0x79, 0xfa, 0xf2, 0x7c, 0x4e, 0x0f, 0x70, 0x41, 0xa4, 0x09, 0x07, 0x30, ++ 0xbd, 0x28, 0x3f, 0x30, 0xd3, 0xc2, 0xbd, 0x06, 0x5e, 0x21, 0xbd, 0x20, ++ 0xae, 0xa4, 0xa9, 0x7d, 0x91, 0xe8, 0x9d, 0x0a, 0x81, 0x02, 0xf7, 0xd6, ++ 0x7c, 0x1f, 0xb6, 0xa5, 0x40, 0xb6, 0x25, 0xac, 0xce, 0x77, 0x20, 0xfa, ++ 0x71, 0x79, 0x21, 0x94, 0xcd, 0x63, 0xcf, 0x62, 0xd4, 0xda, 0xc6, 0xe8, ++ 0x3c, 0xdb, 0x86, 0x1e, 0x8d, 0x2d, 0x12, 0xf6, 0xea, 0xb0, 0xed, 0xf8, ++ 0xfa, 0xc6, 0x37, 0xee, 0xca, 0x11, 0x1a, 0xac, 0x95, 0xf6, 0xe3, 0x02, ++ 0x97, 0xba, 0xb2, 0xb2, 0x02, 0x82, 0xbe, 0x32, 0xa3, 0xe8, 0xf4, 0xae, ++ 0x4e, 0xaf, 0x47, 0xb9, 0xe7, 0x91, 0x18, 0x90, 0xd8, 0xcb, 0x59, 0xed, ++ 0xc2, 0x47, 0x6d, 0xe1, 0x9d, 0x74, 0xe6, 0xc7, 0xc0, 0xdc, 0x82, 0x5b, ++ 0x6a, 0x7d, 0x1c, 0x58, 0xc8, 0x3d, 0x7d, 0xed, 0xdd, 0x60, 0x91, 0x9e, ++ 0x68, 0x6e, 0x56, 0x33, 0x8b, 0xca, 0x35, 0xf8, 0x96, 0x67, 0x22, 0x3a, ++ 0xb9, 0x02, 0xe9, 0x7c, 0xb1, 0xca, 0x25, 0xc2, 0xc8, 0xc7, 0xd8, 0x71, ++ 0xfa, 0xfa, 0x76, 0xeb, 0x1d, 0x52, 0x75, 0xc6, 0x56, 0xf3, 0x1a, 0xd3, ++ 0xda, 0xe4, 0x49, 0x7b, 0xd0, 0x77, 0x72, 0x06, 0xe7, 0xb9, 0xd9, 0x06, ++ 0x87, 0x43, 0x6a, 0x52, 0xee, 0x3a, 0x71, 0x6e, 0x51, 0x8d, 0x55, 0x7a, ++ 0xb1, 0x62, 0x75, 0xac, 0xa9, 0x89, 0x77, 0x93, 0x40, 0xef, 0x66, 0x44, ++ 0x08, 0x49, 0xbb, 0xdb, 0x85, 0x0b, 0xd3, 0xfa, 0x37, 0x27, 0x41, 0xd1, ++ 0x57, 0xc3, 0x95, 0xaa, 0x85, 0x5a, 0x43, 0x74, 0x39, 0x72, 0x08, 0xdf, ++ 0x58, 0xe1, 0xf7, 0x95, 0x6c, 0xc1, 0xb1, 0x9b, 0x21, 0x53, 0xc1, 0xf9, ++ 0xcc, 0x74, 0xf9, 0x62, 0xa4, 0xa0, 0x34, 0x22, 0xaa, 0x84, 0x78, 0x49, ++ 0x50, 0xa9, 0x8e, 0x7b, 0xfa, 0xaa, 0xc2, 0xe8, 0xae, 0x34, 0x3d, 0xa7, ++ 0xe1, 0x5a, 0x14, 0xa6, 0xd7, 0x6c, 0x67, 0xc7, 0x5e, 0xda, 0x79, 0x36, ++ 0x57, 0x85, 0x5e, 0x09, 0xa2, 0x1f, 0x96, 0x5a, 0x71, 0xc2, 0xfe, 0x57, ++ 0x5c, 0x4c, 0xe8, 0xbf, 0x9b, 0x5c, 0xd7, 0x06, 0x09, 0xb5, 0x63, 0x93, ++ 0x7e, 0xee, 0x65, 0xef, 0x88, 0xe1, 0x60, 0x3e, 0x50, 0x84, 0x39, 0xb9, ++ 0xae, 0xab, 0xad, 0xee, 0x31, 0x04, 0x7f, 0xed, 0x78, 0x35, 0xc0, 0x14, ++ 0xa6, 0xc3, 0xeb, 0x3c, 0xd7, 0xc3, 0xb3, 0x6b, 0x58, 0x63, 0x7e, 0xa8, ++ 0xc9, 0xb9, 0x23, 0xd3, 0xe5, 0xe7, 0xcc, 0x84, 0x63, 0xc8, 0xbd, 0x31, ++ 0x9f, 0x02, 0x4e, 0x74, 0x98, 0xba, 0x8a, 0x0c, 0x80, 0xab, 0x10, 0xc4, ++ 0xb2, 0x61, 0xad, 0x3d, 0x93, 0x9d, 0xdc, 0x76, 0xe5, 0x0e, 0x2e, 0x4b, ++ 0x81, 0x3b, 0x1f, 0xd3, 0x54, 0xc0, 0x2a, 0xde, 0x0e, 0x1d, 0x59, 0x31, ++ 0x5c, 0x28, 0xf8, 0x75, 0xfc, 0x71, 0x2e, 0xc1, 0x85, 0x90, 0x23, 0xfd, ++ 0x2e, 0x8b, 0xb9, 0x52, 0x1a, 0xdf, 0x61, 0x54, 0x9b, 0x43, 0xa6, 0x8d, ++ 0x5f, 0xd0, 0x52, 0x0b, 0x66, 0xbc, 0xf5, 0x1a, 0xce, 0x58, 0xef, 0xb3, ++ 0x1d, 0x8d, 0x4b, 0x1b, 0xf3, 0x8e, 0xe6, 0x68, 0xc3, 0xd5, 0x95, 0x42, ++ 0xf5, 0xb0, 0x73, 0x2c, 0x31, 0x71, 0x20, 0xf5, 0xdc, 0xbf, 0x56, 0x72, ++ 0x53, 0xf9, 0xfe, 0xfa, 0x19, 0xdc, 0x46, 0xd1, 0x2b, 0xe3, 0xdb, 0x50, ++ 0xec, 0x14, 0xee, 0x70, 0xcc, 0xe6, 0x11, 0x75, 0xb4, 0x63, 0xfc, 0xd1, ++ 0x8f, 0x54, 0xfa, 0xcc, 0x99, 0xcc, 0xb8, 0x61, 0xa7, 0x33, 0x18, 0xa2, ++ 0x17, 0xee, 0xb1, 0x82, 0x3d, 0x6a, 0x8d, 0x63, 0xe0, 0x15, 0x1b, 0x5c, ++ 0x20, 0x53, 0x33, 0xa7, 0x85, 0x17, 0x81, 0xba, 0x18, 0x2a, 0x73, 0x00, ++ 0x1e, 0x3e, 0x2c, 0xb5, 0x5f, 0x4e, 0x82, 0xa8, 0x09, 0xa0, 0x22, 0xdc, ++ 0xc4, 0x76, 0x7c, 0x66, 0xf4, 0x78, 0xa1, 0x0a, 0xf7, 0x39, 0x06, 0x0a, ++ 0xd7, 0x43, 0x72, 0x12, 0x3b, 0x8e, 0x7e, 0x62, 0x4f, 0x5a, 0x03, 0xe5, ++ 0x22, 0x97, 0xdc, 0xbb, 0xaa, 0xa2, 0xc0, 0x03, 0x8e, 0x60, 0xd1, 0x61, ++ 0xc7, 0xef, 0x0f, 0x54, 0x43, 0x4e, 0x38, 0xda, 0xb6, 0xe2, 0x5b, 0x0e, ++ 0x45, 0xae, 0x39, 0x86, 0x85, 0x25, 0x30, 0xb1, 0x9d, 0xda, 0xdb, 0x70, ++ 0xa7, 0xe5, 0x77, 0xb8, 0x47, 0xaa, 0xe7, 0x3e, 0xe8, 0x5a, 0x96, 0xc6, ++ 0x0a, 0x0b, 0x07, 0x8d, 0x6d, 0xeb, 0x80, 0x0c, 0xd9, 0x80, 0x2d, 0x4d}; ++ ++const uint8_t kExpectedOutputIkeAppBSha256[] = { ++ 0xe7, 0x11, 0x54, 0x6e, 0x3f, 0xaa, 0xd4, 0xc7, 0xc4, 0xaa, 0x75, 0x6b, ++ 0xc2, 0x6c, 0xad, 0x6a, 0xbe, 0xa8, 0x24, 0x19, 0x84, 0xa0, 0xf6, 0xb0, ++ 0x83, 0x9c, 0x70, 0xca, 0x61, 0xc4, 0xef, 0x88, 0xd7, 0xd5, 0xb7, 0x2e, ++ 0x45, 0x32, 0xe1, 0x1d, 0x12, 0x38, 0xfb, 0xcb, 0x08, 0x54, 0xc7, 0xdb, ++ 0xc4, 0x80, 0x2d, 0xd4, 0xf3, 0xbf, 0x51, 0x80, 0xf3, 0xa6, 0xdf, 0x77, ++ 0x51, 0x61, 0xd8, 0xdb, 0x98, 0x2c, 0xc2, 0xe6, 0x72, 0x36, 0x90, 0xf9, ++ 0xd2, 0x2a, 0x6d, 0x6c, 0xeb, 0x10, 0x3f, 0xa0, 0xa3, 0xff, 0xe4, 0x8b, ++ 0x5a, 0x4a, 0x1b, 0xec, 0xb0, 0x48, 0xb0, 0xed, 0x16, 0x8a, 0x89, 0x31, ++ 0x96, 0x5e, 0xa9, 0x11, 0x1f, 0x28, 0x68, 0x07, 0xf1, 0xa3, 0x2b, 0x01, ++ 0x4f, 0x0b, 0x73, 0x78, 0x3b, 0xca, 0x4f, 0x8f, 0x34, 0xc0, 0x21, 0x14, ++ 0xe3, 0xdf, 0xa1, 0xf7, 0x05, 0x63, 0xcb, 0x74, 0x7a, 0x90, 0x59, 0x19, ++ 0xc9, 0xa9, 0x47, 0xcf, 0xe7, 0xbe, 0x04, 0xa7, 0x0c, 0x32, 0xdd, 0x34, ++ 0x07, 0x8f, 0x4f, 0xb5, 0x75, 0xfb, 0xb9, 0x06, 0xd2, 0x55, 0x08, 0xce, ++ 0x0a, 0x47, 0xc2, 0x64, 0x5f, 0xd5, 0xab, 0x55, 0x2a, 0x1a, 0x7e, 0xbd, ++ 0xd5, 0x6d, 0x43, 0x89, 0x3c, 0x53, 0xde, 0x01, 0xfe, 0x19, 0x19, 0xc3, ++ 0xaf, 0xa0, 0x64, 0x2d, 0x7e, 0xe1, 0x7e, 0x31, 0x61, 0xf9, 0xe6, 0x4f, ++ 0x56, 0xc3, 0xc9, 0x7e, 0x92, 0xd7, 0x88, 0x58, 0x1a, 0x7f, 0x3c, 0x3e, ++ 0xae, 0x3f, 0x86, 0xec, 0xb2, 0xaa, 0x8b, 0xaf, 0x22, 0x49, 0xa5, 0x3d, ++ 0xc2, 0xb1, 0x94, 0x0f, 0x5b, 0x08, 0x49, 0xac, 0x23, 0xa4, 0x79, 0x33, ++ 0xde, 0xfb, 0x8b, 0xd3, 0xe6, 0x6c, 0x83, 0xce, 0x01, 0xc7, 0xb4, 0x23, ++ 0x5c, 0x6d, 0x81, 0xda, 0x70, 0x71, 0x43, 0x9c, 0x94, 0x6a, 0x9e, 0x03, ++ 0x6d, 0xc3, 0x71, 0x69, 0x53, 0x83, 0x89, 0x08, 0x1b, 0x2b, 0x4b, 0xa8, ++ 0x4a, 0x2a, 0xdf, 0x26, 0xaf, 0xc3, 0x8e, 0x59, 0x15, 0xa7, 0x24, 0x8f, ++ 0x3c, 0xad, 0x08, 0xf2, 0x12, 0xe1, 0x42, 0x41, 0x0c, 0xcb, 0x3e, 0xf4, ++ 0x71, 0xab, 0xb1, 0x16, 0x2c, 0xb7, 0xe1, 0x3f, 0x94, 0x03, 0x01, 0x78, ++ 0xd7, 0x84, 0x1d, 0x63, 0x03, 0xfe, 0x4b, 0x3f, 0x40, 0xce, 0x30, 0x75, ++ 0x10, 0xd1, 0xa4, 0xd3, 0x3c, 0x68, 0x9b, 0xc0, 0x6b, 0xdc, 0xe1, 0xda, ++ 0x06, 0x41, 0x71, 0x20, 0x88, 0x82, 0x60, 0x2e, 0x48, 0x93, 0x78, 0x30, ++ 0xb4, 0xb9, 0xe3, 0x88, 0x79, 0xf7, 0x0d, 0x0b, 0xa4, 0xae, 0x2e, 0x7b, ++ 0x00, 0x82, 0x49, 0xbf, 0xe8, 0x07, 0xb4, 0x51, 0xd9, 0xa0, 0xf7, 0x8f, ++ 0xe6, 0x24, 0x17, 0xd0, 0xa5, 0x58, 0xcc, 0x37, 0xf2, 0x86, 0x6e, 0xc2, ++ 0xf0, 0xf0, 0x87, 0x64, 0xfa, 0x6e, 0x94, 0x99, 0x1a, 0xbc, 0xd9, 0xea, ++ 0x48, 0x07, 0x38, 0x2e, 0x79, 0x61, 0x82, 0x69, 0x09, 0x6f, 0xbc, 0x8e, ++ 0x44, 0x38, 0x0e, 0xc9, 0x6f, 0xcd, 0xb7, 0x39, 0x92, 0x02, 0x27, 0x23, ++ 0x35, 0xcf, 0x4f, 0xf7, 0x52, 0x7b, 0x33, 0x93, 0xbd, 0x6c, 0x7c, 0xef, ++ 0x39, 0x4b, 0x1a, 0x9f, 0xdf, 0x8f, 0x5c, 0x5b, 0x7b, 0xdb, 0x6b, 0xfd, ++ 0x72, 0xe0, 0xb0, 0xc5, 0x97, 0x5b, 0x08, 0x6b, 0x17, 0x2f, 0x38, 0xd7, ++ 0xbe, 0xf8, 0xd7, 0x20, 0xf5, 0x33, 0x68, 0x69, 0x16, 0xe5, 0x08, 0x05, ++ 0x6c, 0x1b, 0xfa, 0xa8, 0x63, 0x55, 0xb4, 0x03, 0xb9, 0x89, 0xd7, 0x61, ++ 0xf3, 0x9a, 0xf6, 0x45, 0xb4, 0xb2, 0x16, 0x5d, 0xf3, 0x09, 0x7b, 0x09, ++ 0x09, 0x75, 0x0a, 0xbd, 0xdf, 0x7d, 0xe6, 0x1e, 0x07, 0xec, 0x7c, 0x14, ++ 0xac, 0x4b, 0x68, 0xa8, 0x44, 0x5f, 0x77, 0x36, 0xb8, 0x1d, 0x7c, 0x73, ++ 0x82, 0x80, 0xc2, 0x52, 0x55, 0x2c, 0x5d, 0xba, 0x53, 0x79, 0x45, 0xad, ++ 0x51, 0x98, 0xbb, 0x8a, 0xea, 0x4f, 0x19, 0x22, 0x22, 0x69, 0xd3, 0x3a, ++ 0x72, 0xd8, 0xe3, 0x37, 0xf4, 0x3b, 0xf3, 0xf1, 0x52, 0x48, 0x4d, 0xbf, ++ 0xa5, 0x7a, 0xef, 0x44, 0x53, 0x7b, 0x6e, 0x6c, 0xb7, 0x1a, 0xa8, 0x75, ++ 0xaf, 0xdb, 0x15, 0x05, 0x53, 0xc8, 0xb9, 0x9c, 0xea, 0x1a, 0xf7, 0x9d, ++ 0x9b, 0xb6, 0xa6, 0x5e, 0x0f, 0xf7, 0x49, 0x7e, 0xc9, 0x12, 0x38, 0x3d, ++ 0x78, 0xaf, 0x80, 0x3d, 0x76, 0x6d, 0x96, 0x4f, 0x06, 0xff, 0xdf, 0xc5, ++ 0x9c, 0x47, 0xbe, 0x3e, 0x3d, 0xc2, 0x2a, 0x41, 0x15, 0x7e, 0xbd, 0xab, ++ 0x12, 0x02, 0xfe, 0xa5, 0x4f, 0xb4, 0x1a, 0xf5, 0x6a, 0xed, 0xff, 0x50, ++ 0x5a, 0x56, 0x7b, 0x2f, 0xff, 0xff, 0x29, 0xb5, 0x77, 0xf4, 0x38, 0xb3, ++ 0x40, 0xd9, 0x17, 0x89, 0x43, 0x3f, 0x86, 0x29, 0x50, 0xce, 0x72, 0xde, ++ 0x55, 0x63, 0x06, 0x14, 0x50, 0xae, 0xc1, 0x49, 0x10, 0x55, 0x21, 0xeb, ++ 0x68, 0xe7, 0xfc, 0xc7, 0xf5, 0x92, 0xc5, 0xf2, 0xe2, 0xc9, 0xdb, 0x42, ++ 0x59, 0x44, 0x0e, 0xda, 0x23, 0x50, 0x62, 0xef, 0x6e, 0xae, 0x1c, 0x0e, ++ 0x93, 0x74, 0xa6, 0xdb, 0x4c, 0xc7, 0x4b, 0xa6, 0xe2, 0x3a, 0xe3, 0x03, ++ 0x22, 0xd1, 0xe4, 0x21, 0x13, 0x98, 0x6a, 0xeb, 0x43, 0xbf, 0xe6, 0x8a, ++ 0xfb, 0x28, 0x15, 0x47, 0x7e, 0xaa, 0x12, 0x60, 0x08, 0x23, 0xc6, 0x59, ++ 0xeb, 0xc1, 0x71, 0x18, 0x03, 0x16, 0x7f, 0x75, 0x5f, 0x65, 0x8a, 0x7f, ++ 0x1d, 0xae, 0x98, 0x94, 0xa4, 0xb1, 0xf5, 0xcc, 0x0a, 0x6f, 0x62, 0x79, ++ 0x27, 0x38, 0x32, 0x73, 0x90, 0xc8, 0x3f, 0x70, 0xf7, 0x44, 0xcf, 0xfd, ++ 0xc8, 0xfa, 0xcb, 0x3e, 0x73, 0x5f, 0x1d, 0xde, 0xb5, 0x73, 0x4d, 0x00, ++ 0x2a, 0xce, 0x77, 0x92, 0x17, 0x0f, 0xcf, 0xbf, 0x87, 0x78, 0xdc, 0xbc, ++ 0x83, 0xb3, 0x86, 0xd5, 0x32, 0xf5, 0x17, 0x73, 0xba, 0x90, 0xae, 0xc4, ++ 0x40, 0x25, 0x26, 0xde, 0x8c, 0x5e, 0xbb, 0x83, 0x0e, 0x27, 0xd5, 0x0a, ++ 0x4d, 0x89, 0xf0, 0xf3, 0x0f, 0xb5, 0x7d, 0xe3, 0x04, 0x6b, 0x5a, 0x59, ++ 0xf4, 0x0a, 0x23, 0xc9, 0xe9, 0xe5, 0x1c, 0x20, 0x43, 0xac, 0xe2, 0x61, ++ 0x10, 0x8d, 0x20, 0x83, 0xe7, 0x60, 0x28, 0x32, 0xd0, 0x15, 0x67, 0xf1, ++ 0xaf, 0xd4, 0xcb, 0x2a, 0xec, 0xc5, 0xe2, 0xe7, 0xa2, 0x57, 0x18, 0x3d, ++ 0x5e, 0xdd, 0x14, 0x88, 0x39, 0x59, 0x10, 0x9c, 0xa9, 0xf9, 0xd9, 0xb9, ++ 0xdd, 0x09, 0xb0, 0x2f, 0x5a, 0x30, 0x0f, 0xbf, 0x34, 0x8a, 0xf1, 0x62, ++ 0x40, 0x15, 0x4e, 0xe9, 0x69, 0x2f, 0x94, 0x87, 0x07, 0xf0, 0x01, 0xa2, ++ 0x8f, 0x11, 0xb9, 0x31, 0x4c, 0x2b, 0x7d, 0x7f, 0x6c, 0x04, 0xd6, 0x91, ++ 0x4d, 0x71, 0x6b, 0x8c, 0xa7, 0x47, 0xb1, 0x34, 0x34, 0x08, 0xda, 0x5b, ++ 0xcb, 0x82, 0xbb, 0x5b, 0x14, 0x27, 0x2a, 0x20, 0x25, 0xda, 0xbe, 0x1d, ++ 0x21, 0xa8, 0x68, 0x77, 0xf4, 0x17, 0xaf, 0x7f, 0x22, 0xda, 0xd4, 0xc6, ++ 0x38, 0x0c, 0xbe, 0xf1, 0xa5, 0x0b, 0x17, 0x83, 0x22, 0xb3, 0x5b, 0x12, ++ 0x1f, 0x0a, 0x18, 0x14, 0x46, 0xbf, 0x9b, 0xc0, 0x53, 0x7a, 0x83, 0x40, ++ 0xde, 0x1a, 0x9d, 0xf0, 0x3b, 0x66, 0x74, 0x01, 0xa1, 0xfc, 0x29, 0xde, ++ 0x08, 0x66, 0x85, 0x56, 0x2c, 0xc8, 0x30, 0xb7, 0x42, 0x1f, 0xa2, 0x32, ++ 0x28, 0xc4, 0xc5, 0xfe, 0xea, 0xb0, 0x4e, 0x81, 0x59, 0x74, 0x90, 0x93, ++ 0xb1, 0x1c, 0x5c, 0x4f, 0x54, 0x5e, 0xcc, 0xd7, 0x1d, 0x75, 0xd2, 0x3d, ++ 0x77, 0xff, 0x72, 0xa8, 0x74, 0x31, 0xec, 0x74, 0xe8, 0xcc, 0x69, 0xce, ++ 0xde, 0xe5, 0x05, 0x1e, 0xc2, 0x99, 0x90, 0x22, 0xe5, 0x10, 0xd4, 0xaf, ++ 0x52, 0xe3, 0x47, 0xf4, 0x38, 0xeb, 0xa3, 0xd2, 0x72, 0x64, 0xb2, 0xd3, ++ 0x0c, 0x0c, 0xaa, 0xae, 0x29, 0xb5, 0x38, 0xd4, 0x52, 0xfa, 0x96, 0x17, ++ 0x7a, 0x18, 0xe8, 0x89, 0xd2, 0xd5, 0xd9, 0xae, 0x5a, 0x0e, 0x25, 0x8d}; ++ ++class IkeKdfTest : public ::testing::Test { ++ public: ++ IkeKdfTest() ++ : params_({siBuffer, nullptr, 0}), ++ gxy_item_({siBuffer, toUcharPtr(kGxyData), kGxySize}), ++ skey_item_({siBuffer, toUcharPtr(kKeyData), kKeySize}), ++ key_mech_(0), ++ slot_(nullptr), ++ gxy_(nullptr), ++ skey_(nullptr), ++ okey_(nullptr) {} ++ ++ ~IkeKdfTest() { ++ if (slot_) { ++ PK11_FreeSlot(slot_); ++ } ++ if (gxy_) { ++ PK11_FreeSymKey(gxy_); ++ } ++ ClearTempVars(); ++ } ++ ++ void ClearTempVars() { ++ if (skey_) { ++ PK11_FreeSymKey(skey_); ++ skey_ = nullptr; ++ } ++ if (okey_) { ++ PK11_FreeSymKey(okey_); ++ okey_ = nullptr; ++ } ++ } ++ ++ void Init() { ++ params_.type = siBuffer; ++ ++ gxy_item_.type = siBuffer; ++ gxy_item_.data = ++ const_cast(static_cast(kGxyData)); ++ gxy_item_.len = sizeof(kGxyData); ++ skey_item_.type = siBuffer; ++ skey_item_.data = ++ const_cast(static_cast(kKeyData)); ++ ++ slot_ = PK11_GetInternalSlot(); ++ ASSERT_NE(nullptr, slot_); ++ gxy_ = PK11_ImportSymKey(slot_, CKM_NSS_IKE_PRF_DERIVE, PK11_OriginUnwrap, ++ CKA_DERIVE, &gxy_item_, NULL); ++ ASSERT_NE(nullptr, gxy_); ++ } ++ ++ void ComputeAndVerifyKey(CK_MECHANISM_TYPE derive_mech, ++ CK_MECHANISM_TYPE hash_mech, const uint8_t* expected) { ++ // Infer prf length from mechanism ++ int prf_len = 0; ++ std::string mac = "unknown"; ++ ++ switch (hash_mech) { ++ case CKM_AES_XCBC_MAC: ++ prf_len = kAesXcbcLen; ++ mac = "CKM_AES_XCBC_MAC"; ++ break; ++ case CKM_SHA_1_HMAC: ++ prf_len = kSha1Len; ++ mac = "CKM_SHA_1_HMAC"; ++ break; ++ case CKM_SHA224_HMAC: ++ prf_len = kSha224Len; ++ mac = "CKM_SHA224_HMAC"; ++ break; ++ case CKM_SHA256_HMAC: ++ prf_len = kSha256Len; ++ mac = "CKM_SHA256_HMAC"; ++ break; ++ case CKM_SHA384_HMAC: ++ prf_len = kSha384Len; ++ mac = "CKM_SHA384_HMAC"; ++ break; ++ case CKM_SHA512_HMAC: ++ prf_len = kSha512Len; ++ mac = "CKM_SHA512_HMAC"; ++ break; ++ default: ++ ASSERT_TRUE(false) << "Invalid PRF Mechanism"; ++ } ++ ++ Inner(derive_mech, hash_mech, mac, prf_len, expected); ++ } ++ ++ // Set output == nullptr to test when errors occur ++ void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech, ++ std::string mac, size_t prf_len, const uint8_t* expected) { ++ PRBool use_skey = PR_FALSE; ++ size_t output_len = 0; ++ PK11SymKey *derive_key = nullptr; ++ std::stringstream s; ++ s << "Derive:"; ++ std::string msg; ++ ++ ClearTempVars(); ++ ++ // Import the params ++ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf; ++ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf; ++ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS ikep_prf; ++ CK_MECHANISM_TYPE ike1_app_b; ++ ++ switch (derive_mech) { ++ case CKM_NSS_IKE_PRF_DERIVE: ++ ike_prf.prfMechanism = hash_mech; ++ ike_prf.bDataAsKey = PR_TRUE; ++ ike_prf.bRekey = PR_FALSE; ++ ike_prf.pNi = toUcharPtr(kSeed); ++ ike_prf.ulNiLen = kSeedSize; ++ ike_prf.pNr = toUcharPtr(kSeed); ++ ike_prf.ulNrLen = kSeedSize; ++ ike_prf.hNewKey = CK_INVALID_HANDLE; ++ output_len = 0; ++ use_skey = PR_FALSE; ++ params_.data = reinterpret_cast(&ike_prf); ++ params_.len = sizeof(ike_prf); ++ s << "CKM_NSS_IKE_PRF_DERIVE"; ++ break; ++ case CKM_NSS_IKE_PRF_PLUS_DERIVE: ++ ikep_prf.prfMechanism = hash_mech; ++ ikep_prf.bHasSeedKey = PR_FALSE; ++ ikep_prf.pSeedData= toUcharPtr(kSeed); ++ ikep_prf.ulSeedDataLen = kSeedSize*4; ++ output_len = kLongKeySize; ++ use_skey = PR_TRUE; ++ params_.data = reinterpret_cast(&ikep_prf); ++ params_.len = sizeof(ikep_prf); ++ s << "CKM_NSS_IKE_PRF_PLUS_DERIVE"; ++ break; ++ case CKM_NSS_IKE1_PRF_DERIVE: ++ ike1_prf.prfMechanism = hash_mech; ++ ike1_prf.bHasPrevKey = PR_FALSE; ++ ike1_prf.hKeygxy = PK11_GetSymKeyHandle(gxy_); ++ ike1_prf.hPrevKey = CK_INVALID_HANDLE; ++ ike1_prf.pCKYi = toUcharPtr(kSeed); ++ ike1_prf.ulCKYiLen = kSeedSize; ++ ike1_prf.pCKYr = toUcharPtr(kSeed); ++ ike1_prf.ulCKYrLen = kSeedSize; ++ ike1_prf.keyNumber = 0; ++ output_len = prf_len; ++ use_skey = PR_TRUE; ++ params_.data = reinterpret_cast(&ike1_prf); ++ params_.len = sizeof(ike1_prf); ++ s << "CKM_NSS_IKE1_PRF_DERIVE"; ++ break; ++ case CKM_NSS_IKE1_APP_B_PRF_DERIVE: ++ ike1_app_b = hash_mech; ++ output_len = kLongKeySize; ++ use_skey = PR_TRUE; ++ params_.data = reinterpret_cast(&ike1_app_b); ++ params_.len = sizeof(ike1_app_b); ++ s << "CKM_NSS_IKE1_APP_B_DERIVE"; ++ break; ++ default: ++ ASSERT_TRUE(false) << "Invalid IKE DERIVE mechanism"; ++ } ++ ++ s << " Mac/Prf:" << mac; ++ msg = s.str(); ++ ++ ++ // Import the PMS ++ derive_key = gxy_; ++ if (use_skey) { ++ skey_item_.len = prf_len; ++ skey_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, ++ CKA_DERIVE, &skey_item_, NULL); ++ ASSERT_NE(nullptr, skey_) << msg; ++ derive_key = skey_; ++ } ++ ++ // Compute the result key ++ okey_ = PK11_DeriveWithFlags(derive_key, derive_mech, ¶ms_, key_mech_, ++ CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY); ++ ++ // Verify the result has the expected value (null or otherwise) ++ int error = PORT_GetError(); ++ s << " Error=" << error; ++ msg = s.str(); ++ if (!expected) { ++ EXPECT_EQ(nullptr, okey_) << msg; ++ } else { ++ ASSERT_NE(nullptr, okey_) << msg; ++ ++ SECStatus rv = PK11_ExtractKeyValue(okey_); ++ ASSERT_EQ(SECSuccess, rv) << "PK11_ExtractKeyValue"; ++ ++ SECItem* oData = PK11_GetKeyData(okey_); ++ ASSERT_NE(nullptr, oData) << "PK11_GetKeyData"; ++ ++ if (output_len == 0) { ++ output_len = prf_len; ++ } ++ s << "\n" << "output_len=" << output_len << " oData->len=" << oData->len << ".\n"; ++ for (unsigned int i=0; i < oData->len; i++) { ++ if (i % 12 == 0) s << "\n "; ++ s << " 0x" << std::setfill('0') ++ << std::setw(2) << std::hex << (int) oData->data[i] << ","; ++ } ++ s << "};\n"; ++ msg = s.str(); ++ ASSERT_EQ(output_len, oData->len) << msg ; ++ ++ EXPECT_EQ(0, memcmp(oData->data, expected, output_len)) << msg; ++ } ++ } ++ ++ protected: ++ SECItem params_; ++ SECItem gxy_item_; ++ SECItem skey_item_; ++ CK_MECHANISM_TYPE key_mech_; ++ PK11SlotInfo* slot_; ++ PK11SymKey* gxy_; ++ PK11SymKey* skey_; ++ PK11SymKey* okey_; ++}; ++ ++// ++// The full range is tested with the FIPS vectors in the cavs tests. ++// just make sure the NSS Derive iterfaces are working for everything. ++// ++TEST_F(IkeKdfTest, IkePrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE_PRF_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIkeSha256); ++} ++ ++TEST_F(IkeKdfTest, Ike1PrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE1_PRF_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIke1Sha256); ++} ++ ++TEST_F(IkeKdfTest, IkePlusPrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE_PRF_PLUS_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIkePlusSha256); ++} ++ ++TEST_F(IkeKdfTest, Ike1AppBPrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE1_APP_B_PRF_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIkeAppBSha256); ++} ++ ++} // namespace nss_test +Index: nss/lib/softoken/sftkike.c +=================================================================== +--- nss.orig/lib/softoken/sftkike.c ++++ nss/lib/softoken/sftkike.c +@@ -774,7 +774,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND + * key is inKey + */ + thisKey = outKeyData; +- for (genKeySize = 0; genKeySize <= keySize; genKeySize += macSize) { ++ for (genKeySize = 0; genKeySize < keySize; genKeySize += macSize) { + PRBool hashedData = PR_FALSE; + crv = prf_init(&context, inKey->attrib.pValue, inKey->attrib.ulValueLen); + if (crv != CKR_OK) { diff --git a/SOURCES/nss-softokn-3.53.1-diffie_hellman_checks.patch b/SOURCES/nss-softokn-3.53.1-diffie_hellman_checks.patch new file mode 100644 index 0000000..20a6dd2 --- /dev/null +++ b/SOURCES/nss-softokn-3.53.1-diffie_hellman_checks.patch @@ -0,0 +1,5798 @@ +diff --git a/gtests/softoken_gtest/manifest.mn b/gtests/softoken_gtest/manifest.mn +--- a/gtests/softoken_gtest/manifest.mn ++++ b/gtests/softoken_gtest/manifest.mn +@@ -20,16 +20,17 @@ CPPSRCS = \ + $(NULL) + + INCLUDES += \ + -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ + -I$(CORE_DEPTH)/gtests/common \ + -I$(CORE_DEPTH)/cpputil \ + $(NULL) + +-REQUIRES = nspr gtest ++REQUIRES = nspr gtest cpputil + + PROGRAM = softoken_gtest + + EXTRA_LIBS = \ + $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ ++ $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \ + $(NULL) +diff --git a/gtests/softoken_gtest/softoken_dh_vectors.h b/gtests/softoken_gtest/softoken_dh_vectors.h +new file mode 100644 +--- /dev/null ++++ b/gtests/softoken_gtest/softoken_dh_vectors.h +@@ -0,0 +1,3399 @@ ++ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++namespace nss_test { ++/* first list the primes we want to test */ ++ ++/* known primes */ ++/* IKE 1536 prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } */ ++static const unsigned char prime_ike_1536[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* IKE 2048 prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } */ ++static const unsigned char prime_ike_2048[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* TLS 2048 prime is: 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 */ ++static const unsigned char prime_tls_2048[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* IKE 3072 prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } */ ++static const unsigned char prime_ike_3072[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* TLS 3072 prime is: 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 */ ++static const unsigned char prime_tls_3072[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* IKE 4096 prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } */ ++static const unsigned char prime_ike_4096[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, ++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, ++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, ++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, ++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* TLS 4096 prime is: 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 */ ++static const unsigned char prime_tls_4096[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* IKE 6144 prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } */ ++static const unsigned char prime_ike_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, ++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, ++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, ++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, ++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, ++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, ++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, ++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, ++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, ++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, ++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, ++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, ++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, ++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, ++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, ++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, ++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, ++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, ++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, ++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, ++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, ++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, ++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, ++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, ++ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* TLS 6144 prime is: 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 */ ++static const unsigned char prime_tls_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, ++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, ++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, ++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, ++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, ++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, ++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, ++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, ++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, ++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, ++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, ++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, ++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, ++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, ++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, ++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, ++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, ++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, ++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, ++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, ++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, ++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, ++ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* IKE 8192 prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } */ ++static const unsigned char prime_ike_8192[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, ++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, ++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, ++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, ++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, ++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, ++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, ++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, ++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, ++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, ++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, ++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, ++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, ++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, ++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, ++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, ++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, ++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, ++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, ++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, ++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, ++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, ++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, ++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, ++ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, ++ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, ++ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, ++ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, ++ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, ++ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, ++ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, ++ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8, ++ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, ++ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, ++ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, ++ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8, ++ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, ++ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, ++ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, ++ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3, ++ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, ++ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, ++ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, ++ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2, ++ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, ++ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* TLS 8192 prime is: 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 */ ++static const unsigned char prime_tls_8192[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, ++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, ++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, ++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, ++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, ++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, ++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, ++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, ++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, ++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, ++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, ++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, ++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, ++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, ++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, ++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, ++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, ++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, ++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, ++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, ++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, ++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, ++ 0xCF, 0xF4, 0x6A, 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, ++ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE, ++ 0xC9, 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, ++ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, 0x42, ++ 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, ++ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, 0x38, 0x88, 0x39, ++ 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, ++ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, 0x59, 0x16, 0x0C, 0xC0, ++ 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, ++ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31, ++ 0x09, 0x70, 0x3F, 0xEE, 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, ++ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16, ++ 0x50, 0xC1, 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, ++ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75, ++ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, ++ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, 0x5D, 0xFE, ++ 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, ++ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, 0x2F, 0x74, 0x1E, 0xF8, ++ 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, ++ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06, ++ 0xA9, 0xF4, 0x61, 0x4E, 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, ++ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF}; ++ ++/* safe primes that aren't already known. These primes should pass, but ++ * take more processing in FIPS mode */ ++static const unsigned char prime_safe_1536[] = { ++ 0xf7, 0x67, 0x31, 0xc8, 0x45, 0x6a, 0xd9, 0xea, 0x53, 0x0b, 0x21, 0xc7, ++ 0x4a, 0xfa, 0x81, 0x66, 0x76, 0x5c, 0xea, 0xb7, 0xf5, 0x11, 0x32, 0x6d, ++ 0xd3, 0x4c, 0x7a, 0xac, 0x39, 0x17, 0x1a, 0x87, 0xb8, 0x00, 0xd7, 0x11, ++ 0xc5, 0xfd, 0xe1, 0xe3, 0x65, 0x4c, 0x1f, 0x42, 0x24, 0x41, 0x1e, 0x92, ++ 0x42, 0xbf, 0xb6, 0x65, 0x0e, 0x72, 0x83, 0x8a, 0xb8, 0x82, 0xa6, 0x4f, ++ 0x9e, 0xca, 0x4f, 0xd1, 0xb1, 0x13, 0xc2, 0xfa, 0x67, 0xa1, 0x6a, 0x06, ++ 0x4f, 0xaf, 0x6e, 0x16, 0xd9, 0x94, 0xd8, 0xda, 0xe3, 0x66, 0x62, 0x01, ++ 0x1f, 0x82, 0x8f, 0x10, 0xe0, 0x2f, 0x3c, 0xa3, 0x42, 0xa8, 0xbb, 0x94, ++ 0x32, 0x79, 0x79, 0x7f, 0x97, 0xf8, 0x3a, 0x31, 0xaa, 0x14, 0xc7, 0xfe, ++ 0x13, 0x96, 0x77, 0x15, 0xbf, 0x47, 0x20, 0x57, 0x11, 0xe0, 0x4f, 0xda, ++ 0x7e, 0xa9, 0x19, 0x49, 0xa1, 0x8d, 0x29, 0x76, 0x8a, 0xd3, 0x9b, 0xb0, ++ 0xbe, 0x50, 0xc3, 0x25, 0x82, 0xf9, 0xe3, 0x21, 0x8c, 0xfd, 0xa6, 0x51, ++ 0xe5, 0x36, 0x7e, 0x82, 0xb6, 0x90, 0x45, 0xe1, 0xd5, 0x72, 0x56, 0xbe, ++ 0xc5, 0x67, 0x3d, 0x13, 0x1a, 0x39, 0x7f, 0x98, 0x33, 0xfc, 0xb4, 0x7b, ++ 0xa4, 0x38, 0x71, 0x87, 0x96, 0x6e, 0xe6, 0x7b, 0x77, 0xb2, 0x65, 0xfd, ++ 0xdf, 0x27, 0x93, 0x0c, 0x3c, 0x60, 0xdf, 0xe5, 0x33, 0xfe, 0xd7, 0x4b}; ++ ++static const unsigned char prime_safe_2048[] = { ++ 0xe1, 0xa3, 0x6e, 0x49, 0x69, 0x07, 0x1c, 0x5f, 0xb4, 0x15, 0x35, 0x46, ++ 0x99, 0x52, 0xd0, 0x4e, 0xff, 0x4e, 0x4c, 0xb1, 0xe1, 0x59, 0xed, 0x2e, ++ 0x71, 0xf3, 0x80, 0x14, 0x54, 0xd0, 0xfc, 0x83, 0x20, 0x29, 0x15, 0x21, ++ 0xa6, 0x5f, 0x10, 0x81, 0x57, 0xf4, 0x2e, 0x49, 0xb2, 0xd1, 0x37, 0xe8, ++ 0x6a, 0xbf, 0x72, 0xf9, 0x55, 0x4e, 0x9e, 0xae, 0x20, 0xc5, 0xb6, 0xc5, ++ 0x91, 0x79, 0x0d, 0xa2, 0xdd, 0xb4, 0xbb, 0x50, 0x4e, 0x20, 0xca, 0x8a, ++ 0x8f, 0x82, 0x34, 0xb9, 0x6a, 0x3e, 0x9a, 0x67, 0xc2, 0x7e, 0x83, 0xf6, ++ 0xc0, 0xad, 0xe3, 0xca, 0x00, 0xd6, 0x11, 0x88, 0x9c, 0xc7, 0x9f, 0xb4, ++ 0x3d, 0x53, 0xa5, 0x5a, 0x97, 0x44, 0x4d, 0xe7, 0x5c, 0xd5, 0x76, 0x80, ++ 0xf8, 0x0c, 0xcd, 0xa6, 0x55, 0xe2, 0x5f, 0xcf, 0xf4, 0x46, 0xa4, 0xc7, ++ 0x0f, 0xc1, 0x80, 0x84, 0x65, 0x46, 0x8c, 0x87, 0xd2, 0x99, 0x82, 0xdf, ++ 0x8e, 0x00, 0x89, 0xf3, 0x0d, 0xd5, 0xc0, 0x54, 0x94, 0xc6, 0xa3, 0x92, ++ 0x0f, 0x91, 0x10, 0xee, 0xa3, 0x65, 0x44, 0xb7, 0x6d, 0xe8, 0x23, 0xf9, ++ 0x7f, 0x91, 0x62, 0x65, 0x09, 0x8e, 0xa1, 0x33, 0xd4, 0xd6, 0x55, 0x0a, ++ 0xc0, 0xe8, 0x66, 0x70, 0x05, 0xd0, 0x12, 0x34, 0xc1, 0xfd, 0xce, 0x75, ++ 0xa4, 0x75, 0xe1, 0x46, 0xa1, 0x08, 0xb4, 0x52, 0xfe, 0x25, 0xa4, 0xc5, ++ 0x4f, 0x23, 0x04, 0x7e, 0xa1, 0x2c, 0xf3, 0x56, 0xcb, 0xfa, 0x7a, 0xbc, ++ 0x45, 0xcc, 0x78, 0xb3, 0x28, 0xf3, 0xe5, 0xd5, 0x26, 0x56, 0x27, 0x86, ++ 0x6a, 0x56, 0x6b, 0x87, 0x56, 0x0e, 0xc4, 0x3c, 0xed, 0xff, 0xcb, 0x96, ++ 0xb4, 0x13, 0x1d, 0x4d, 0x38, 0x4e, 0x69, 0x34, 0x51, 0x7a, 0x85, 0x31, ++ 0xb4, 0x80, 0xda, 0x41, 0xe3, 0xdc, 0x2e, 0x53, 0xd8, 0x71, 0x3e, 0xcc, ++ 0x37, 0x8a, 0x80, 0x33}; ++ ++static const unsigned char prime_safe_3072[] = { ++ 0x87, 0x66, 0xdf, 0xf7, 0xec, 0x49, 0x6a, 0x9a, 0x7c, 0x96, 0x28, 0xae, ++ 0x67, 0x38, 0xab, 0xfa, 0xfe, 0x5c, 0x46, 0x7b, 0xef, 0xe9, 0x18, 0xa6, ++ 0x76, 0xb2, 0xe5, 0x0e, 0xbe, 0xb8, 0xf2, 0x80, 0x36, 0x09, 0x82, 0x44, ++ 0x7b, 0xe8, 0xe8, 0xcc, 0x89, 0x27, 0x68, 0x05, 0xe0, 0xe1, 0x37, 0xd7, ++ 0xbf, 0xdb, 0x0c, 0xf6, 0x48, 0x52, 0x17, 0x3f, 0x75, 0xc5, 0x4e, 0xb4, ++ 0x3d, 0xf8, 0x4c, 0xea, 0xb4, 0x0b, 0x06, 0x04, 0x15, 0x89, 0x7c, 0xba, ++ 0xf3, 0xf5, 0xde, 0x66, 0x6e, 0x7d, 0x30, 0xc4, 0x20, 0x05, 0xda, 0x32, ++ 0x0f, 0xff, 0x79, 0x71, 0x44, 0x9b, 0x10, 0x0f, 0xf1, 0xbb, 0x31, 0xde, ++ 0x67, 0x90, 0xea, 0x77, 0xad, 0x65, 0xd7, 0x05, 0x75, 0xab, 0x66, 0xf2, ++ 0xe6, 0x52, 0xac, 0xf2, 0xaa, 0xa7, 0xd2, 0x45, 0xd9, 0xc6, 0x42, 0x39, ++ 0x27, 0x1f, 0x46, 0x84, 0xad, 0x78, 0xb4, 0xfa, 0x84, 0xf8, 0x9b, 0x3e, ++ 0xcb, 0xc1, 0x99, 0xe5, 0x35, 0x42, 0x26, 0x05, 0xea, 0xac, 0x51, 0x04, ++ 0x4f, 0x8a, 0x98, 0x25, 0xa7, 0x46, 0xab, 0x7b, 0xed, 0xb8, 0xa9, 0x0b, ++ 0x24, 0x23, 0x83, 0x23, 0x16, 0x87, 0x64, 0x91, 0x0c, 0xbf, 0x1f, 0xbc, ++ 0xec, 0x4a, 0xdd, 0x12, 0x2b, 0x0c, 0xa9, 0x39, 0x96, 0xc4, 0xc3, 0xcf, ++ 0xa5, 0x38, 0x40, 0x0d, 0x6e, 0xd0, 0xfa, 0x0a, 0x0c, 0x3e, 0xe9, 0x75, ++ 0x0b, 0x70, 0x28, 0x68, 0xbc, 0xfd, 0xf6, 0xc2, 0x9a, 0x59, 0x91, 0x20, ++ 0x5c, 0x70, 0xfe, 0x31, 0xa6, 0x50, 0x87, 0x9a, 0x6a, 0x61, 0x20, 0x2c, ++ 0x77, 0x84, 0x81, 0xa8, 0x3e, 0xc9, 0xa8, 0x72, 0xb0, 0x53, 0x43, 0x85, ++ 0x1c, 0x9b, 0x3a, 0xdd, 0xef, 0x09, 0x7d, 0xc7, 0x68, 0xc6, 0xef, 0x08, ++ 0xce, 0x47, 0xa0, 0xdc, 0x5b, 0xdb, 0x2f, 0x2d, 0x34, 0xe3, 0xde, 0x95, ++ 0xf6, 0x6b, 0x6d, 0x5d, 0x91, 0xbe, 0x45, 0xee, 0x2d, 0x04, 0x93, 0x78, ++ 0xc7, 0xa4, 0x49, 0xcc, 0x71, 0xa8, 0x5d, 0xd8, 0x8a, 0x7e, 0x9e, 0x4f, ++ 0x10, 0xc9, 0x41, 0xd1, 0x62, 0xc1, 0x70, 0x48, 0xb5, 0x12, 0x11, 0x23, ++ 0xa6, 0xe4, 0xdf, 0x64, 0xac, 0xd9, 0xe4, 0x37, 0xc2, 0xb9, 0x23, 0xa7, ++ 0x40, 0xea, 0x7f, 0x54, 0xe3, 0xef, 0x71, 0x81, 0xb4, 0xe7, 0x05, 0x10, ++ 0xd6, 0x2b, 0xd5, 0x11, 0x84, 0x5a, 0x69, 0xa5, 0xac, 0x52, 0x6d, 0xa8, ++ 0x79, 0x27, 0xff, 0x1c, 0x02, 0xd1, 0x62, 0x36, 0x03, 0xa2, 0xa9, 0x46, ++ 0x6c, 0x4f, 0xca, 0x58, 0xf2, 0xb2, 0xed, 0x91, 0xb4, 0x9e, 0x5b, 0xdd, ++ 0xf9, 0x99, 0xb6, 0x8d, 0x70, 0x34, 0x0a, 0xc5, 0x4d, 0xd7, 0xce, 0x8b, ++ 0xf1, 0x50, 0x25, 0x89, 0xff, 0xe7, 0xf2, 0x1e, 0xb9, 0x21, 0xb3, 0x8b, ++ 0xc8, 0x42, 0x7c, 0x26, 0xef, 0x4c, 0x30, 0x8d, 0x60, 0xb7, 0x25, 0xfb}; ++ ++static const unsigned char prime_safe_4096[] = { ++ 0x8b, 0xdf, 0xc1, 0xa3, 0xe4, 0xbd, 0x1c, 0xb1, 0xf4, 0xb1, 0x51, 0xd3, ++ 0x8a, 0xce, 0x3d, 0x33, 0x58, 0x80, 0xa3, 0x1c, 0x7c, 0x0d, 0xbd, 0x8e, ++ 0xbd, 0xb3, 0xe7, 0x9e, 0xd4, 0xde, 0x06, 0xfc, 0x98, 0xaf, 0x01, 0x43, ++ 0x93, 0x2c, 0xfc, 0xfb, 0x92, 0x80, 0xe0, 0x6e, 0xf9, 0xf6, 0xab, 0x73, ++ 0x96, 0x8d, 0x7e, 0xc0, 0xeb, 0x26, 0x6c, 0x0c, 0x53, 0x06, 0x9f, 0x32, ++ 0x4b, 0xad, 0x53, 0xd5, 0xbf, 0x91, 0x35, 0x16, 0xfd, 0x7f, 0xba, 0x30, ++ 0xb6, 0xb4, 0x88, 0x10, 0x1f, 0x5a, 0xc0, 0x62, 0xf9, 0x7f, 0x71, 0x9b, ++ 0xb5, 0x10, 0x4b, 0x99, 0xd0, 0xf0, 0xe9, 0xc2, 0xee, 0x35, 0x24, 0xeb, ++ 0xcc, 0xee, 0x06, 0xbf, 0xa0, 0x05, 0xe4, 0x61, 0xa4, 0xa6, 0x98, 0x23, ++ 0xd0, 0xe4, 0x8a, 0x61, 0xca, 0x05, 0x8a, 0x6c, 0x98, 0xfa, 0x83, 0xc3, ++ 0x50, 0x7d, 0x55, 0x3b, 0x2e, 0xd5, 0xac, 0x14, 0x61, 0x86, 0xd1, 0xb5, ++ 0xcf, 0xc0, 0xdc, 0x69, 0x4b, 0x6c, 0x4a, 0xc5, 0xd7, 0xfe, 0xe0, 0xe8, ++ 0x1a, 0x64, 0x11, 0xdb, 0x56, 0xf0, 0x1c, 0x95, 0x5c, 0xd1, 0x6a, 0xb9, ++ 0xf6, 0xe2, 0x00, 0xf4, 0x22, 0x03, 0x03, 0x2a, 0xbc, 0x9c, 0x82, 0xeb, ++ 0x89, 0x1a, 0xdd, 0x94, 0x65, 0x02, 0x44, 0x61, 0x76, 0xc1, 0xae, 0xd8, ++ 0xca, 0xfd, 0x66, 0xf4, 0x96, 0xe7, 0x79, 0xfe, 0x3a, 0x98, 0xf1, 0x80, ++ 0x02, 0xfa, 0x42, 0xb7, 0xae, 0xeb, 0x39, 0x28, 0xc3, 0xb9, 0xce, 0x8c, ++ 0x71, 0xea, 0x14, 0x74, 0x86, 0x6c, 0x26, 0xd5, 0x15, 0x21, 0x97, 0x0c, ++ 0x82, 0x8d, 0x81, 0x84, 0xc5, 0x47, 0x10, 0x06, 0x67, 0xa8, 0x5f, 0xb1, ++ 0xc5, 0x32, 0xdc, 0x7f, 0xe6, 0x61, 0xe5, 0xeb, 0x9e, 0xa9, 0x61, 0x99, ++ 0x43, 0xa9, 0x8b, 0xed, 0xaf, 0xe4, 0x21, 0xef, 0x8e, 0x78, 0x5a, 0x61, ++ 0x55, 0x9d, 0x43, 0xdb, 0x77, 0xaa, 0xbb, 0x19, 0xea, 0x4f, 0x49, 0x53, ++ 0x80, 0xce, 0x7c, 0x9a, 0xea, 0xa6, 0x93, 0x58, 0xd4, 0xab, 0xf4, 0xe9, ++ 0x60, 0x7d, 0xca, 0xb2, 0x97, 0xa5, 0xe0, 0x92, 0xce, 0xec, 0x57, 0xbc, ++ 0xc5, 0x05, 0x76, 0x11, 0x79, 0x03, 0xe1, 0xb2, 0x99, 0xc1, 0x21, 0xd4, ++ 0x85, 0xe7, 0x6f, 0xc9, 0x58, 0xe8, 0x1c, 0x0d, 0xc8, 0x90, 0x44, 0x4c, ++ 0x58, 0x55, 0x9a, 0xee, 0xde, 0x62, 0x0e, 0xb2, 0xe3, 0xbc, 0xeb, 0x51, ++ 0x40, 0x05, 0x71, 0xfe, 0xb4, 0xe9, 0xe6, 0xf6, 0x0e, 0xd7, 0xbb, 0x1b, ++ 0xb8, 0x99, 0xe8, 0xc9, 0xda, 0x9f, 0xde, 0x3c, 0x13, 0xd9, 0x16, 0x45, ++ 0x3d, 0xac, 0xe2, 0x09, 0xc3, 0x87, 0xbb, 0x39, 0x8c, 0x6f, 0x11, 0x60, ++ 0x87, 0x1f, 0xaf, 0xa7, 0xdc, 0x12, 0x8f, 0x7d, 0x4c, 0x5e, 0x56, 0xc3, ++ 0x62, 0xdd, 0xdd, 0x03, 0x55, 0x9e, 0x24, 0x6c, 0xc5, 0x6c, 0xb8, 0x0e, ++ 0xaf, 0x11, 0xd5, 0x1e, 0x6a, 0x36, 0x9c, 0xca, 0x46, 0x34, 0x13, 0x2b, ++ 0xd1, 0xa3, 0x34, 0x2c, 0x83, 0x1b, 0x25, 0xcc, 0x17, 0x01, 0x9c, 0x68, ++ 0x53, 0xb7, 0x87, 0xed, 0x0e, 0x48, 0xd7, 0x69, 0xf9, 0xc8, 0x1d, 0x8b, ++ 0x71, 0xf4, 0x6f, 0xd1, 0xb1, 0xd5, 0x70, 0xa0, 0xd7, 0x71, 0x3d, 0x9f, ++ 0xfc, 0xfa, 0x35, 0x69, 0x25, 0xf3, 0x39, 0x79, 0xad, 0x7b, 0x01, 0xc5, ++ 0x66, 0xa5, 0xf0, 0xc7, 0x1c, 0xb6, 0x51, 0xe5, 0x02, 0x2b, 0xcf, 0xc1, ++ 0x2a, 0x91, 0x9d, 0xa5, 0xbf, 0x37, 0x37, 0xdd, 0x2e, 0x30, 0x40, 0xdb, ++ 0xbf, 0xec, 0xfe, 0x6c, 0x2c, 0xe9, 0x20, 0xee, 0x89, 0xac, 0x55, 0xaf, ++ 0x03, 0x5a, 0xba, 0x5a, 0x52, 0xfb, 0xbf, 0xb5, 0xae, 0x38, 0x20, 0xa5, ++ 0x68, 0x92, 0x5f, 0xec, 0x17, 0xa9, 0x80, 0x53, 0xf2, 0x3b, 0x0c, 0x09, ++ 0xf3, 0xeb, 0x15, 0x62, 0x8e, 0x39, 0x7b, 0x6b}; ++ ++static const unsigned char prime_safe_6144[] = { ++ 0xb9, 0x0f, 0xc1, 0x41, 0x4a, 0xde, 0x1a, 0x1c, 0x80, 0xa0, 0xd6, 0x39, ++ 0x81, 0x10, 0xf3, 0x09, 0xca, 0xc0, 0x60, 0x8c, 0x5e, 0x8c, 0x17, 0x21, ++ 0xa0, 0x18, 0x50, 0xd6, 0x60, 0x13, 0xfc, 0x38, 0x00, 0x26, 0xd9, 0x71, ++ 0xd2, 0x73, 0xfc, 0x5d, 0x0c, 0xf1, 0x20, 0xce, 0x76, 0x44, 0xbb, 0x8b, ++ 0x5c, 0xc8, 0x5a, 0x59, 0x0c, 0xcd, 0x48, 0xba, 0xbf, 0x86, 0x72, 0xda, ++ 0xf5, 0xbd, 0x7c, 0x1d, 0x41, 0xba, 0xe8, 0x9f, 0x8c, 0xc2, 0x18, 0x27, ++ 0xfa, 0xbc, 0xc6, 0xcf, 0xd8, 0x47, 0xf5, 0xe9, 0x71, 0xcc, 0x37, 0x34, ++ 0xc3, 0x9b, 0x5a, 0xff, 0xc3, 0x0c, 0xab, 0x1d, 0x97, 0x8c, 0x26, 0x95, ++ 0x8c, 0xf1, 0x0a, 0x5d, 0x22, 0x84, 0x5a, 0x7c, 0xf2, 0xd1, 0x8b, 0x7c, ++ 0x6f, 0x17, 0x09, 0x13, 0x00, 0xc9, 0xdf, 0x79, 0xe1, 0x6e, 0xc8, 0xf8, ++ 0xd3, 0xc1, 0xdd, 0xb2, 0xf4, 0x24, 0x2a, 0xfa, 0x5c, 0x66, 0x25, 0x2b, ++ 0x39, 0xd1, 0x39, 0x48, 0xfa, 0x76, 0x4f, 0x57, 0xa3, 0x20, 0xc3, 0x38, ++ 0x2e, 0x85, 0x67, 0x31, 0x92, 0x85, 0x3c, 0x70, 0x23, 0x14, 0xec, 0x6c, ++ 0x85, 0x28, 0xe0, 0x4f, 0xcc, 0xc6, 0x3b, 0xcf, 0x19, 0x30, 0x3b, 0x01, ++ 0xfe, 0x9e, 0x16, 0x65, 0x1c, 0xf4, 0x31, 0x0c, 0x9d, 0x23, 0x40, 0x85, ++ 0x6c, 0xdd, 0xe5, 0xf7, 0x90, 0x25, 0x69, 0x7a, 0x3c, 0xd6, 0xe4, 0x42, ++ 0x6c, 0x87, 0x04, 0x06, 0xa7, 0x82, 0x1d, 0xfc, 0x5e, 0xd9, 0x03, 0x60, ++ 0x20, 0x9a, 0x5c, 0x6a, 0xfe, 0x53, 0x0d, 0x05, 0x92, 0x1b, 0xa1, 0xdb, ++ 0xfa, 0x01, 0x2f, 0x84, 0x89, 0xe0, 0x56, 0x66, 0x7e, 0xe3, 0xe6, 0x99, ++ 0x4d, 0xb3, 0xd2, 0xf0, 0xce, 0xf3, 0xdf, 0x05, 0x0d, 0x57, 0x42, 0xcd, ++ 0xfc, 0x06, 0x3c, 0xe7, 0x11, 0x34, 0x7f, 0x51, 0x8e, 0xb7, 0x24, 0x01, ++ 0xe3, 0x26, 0x47, 0xe7, 0xd1, 0x57, 0x0e, 0x0e, 0xf1, 0x12, 0xc5, 0x79, ++ 0x2d, 0x87, 0x0f, 0xb1, 0x19, 0x6a, 0xd7, 0x44, 0x33, 0x46, 0x4c, 0xbc, ++ 0xc5, 0xc6, 0x24, 0xf8, 0x7c, 0x7a, 0x61, 0xfe, 0x72, 0x95, 0x21, 0xcd, ++ 0xd1, 0x3a, 0xd3, 0x5d, 0x77, 0x76, 0xbd, 0x86, 0xd8, 0xbd, 0x8e, 0x5e, ++ 0xf2, 0xe5, 0x20, 0x01, 0xd9, 0xb4, 0x47, 0xf7, 0x1c, 0x51, 0x70, 0x39, ++ 0x6a, 0xc7, 0xea, 0xed, 0x90, 0xd7, 0xc4, 0xd3, 0xcd, 0x8e, 0x4b, 0xd8, ++ 0x11, 0xf0, 0xd3, 0x66, 0x36, 0x77, 0xe2, 0x16, 0x13, 0xbd, 0xd2, 0x54, ++ 0x4a, 0x1c, 0x61, 0x54, 0x88, 0x1a, 0x69, 0x85, 0x9f, 0x5d, 0xc5, 0xb7, ++ 0x62, 0x7e, 0x72, 0x0a, 0x89, 0x90, 0x24, 0x8f, 0x39, 0xb2, 0xf2, 0xb6, ++ 0x12, 0x8e, 0x50, 0xb4, 0xd3, 0xea, 0xc3, 0xac, 0xea, 0x8d, 0x27, 0x17, ++ 0xbd, 0x07, 0xd2, 0x15, 0x80, 0x49, 0xe0, 0x97, 0x41, 0x16, 0xd6, 0x3b, ++ 0x24, 0xe8, 0x8b, 0xfd, 0xa3, 0x18, 0xbd, 0x52, 0x5d, 0xe2, 0x21, 0xce, ++ 0x7c, 0x6f, 0x10, 0x38, 0x70, 0x64, 0xc4, 0x15, 0xf3, 0x28, 0xc6, 0x66, ++ 0xfc, 0xd1, 0x22, 0x04, 0x80, 0x80, 0xc6, 0xc5, 0x75, 0xf5, 0xdc, 0xb0, ++ 0x40, 0x4b, 0x12, 0xfa, 0xdb, 0xd5, 0x36, 0xcd, 0x31, 0xab, 0xd7, 0x1d, ++ 0x18, 0x07, 0x9d, 0x09, 0x9b, 0x16, 0xa0, 0xfe, 0x1e, 0x6f, 0x3f, 0x34, ++ 0x5a, 0xe6, 0x70, 0x85, 0x98, 0x30, 0xd4, 0x94, 0xc5, 0xf0, 0x36, 0x35, ++ 0xa1, 0xed, 0x46, 0x63, 0x3c, 0x0f, 0xcf, 0xc5, 0x9e, 0x7c, 0x68, 0x25, ++ 0x64, 0x93, 0x30, 0x36, 0x38, 0xb1, 0x99, 0x6c, 0x37, 0xf5, 0xcf, 0x64, ++ 0x4b, 0xef, 0xa6, 0xff, 0x6a, 0xaa, 0xaa, 0xb6, 0x29, 0xed, 0x38, 0x80, ++ 0x1f, 0x58, 0x35, 0x88, 0x3f, 0x01, 0x1c, 0xc8, 0x23, 0x48, 0x37, 0xa7, ++ 0xd2, 0xb1, 0xb1, 0xee, 0x44, 0x59, 0x0a, 0xfb, 0x05, 0xd9, 0xe1, 0x5b, ++ 0x53, 0x34, 0x9d, 0x99, 0x30, 0x28, 0xa9, 0x3b, 0x8e, 0x1b, 0xac, 0x8a, ++ 0x90, 0x91, 0xc9, 0x71, 0x8a, 0xea, 0xb9, 0x11, 0xd5, 0x67, 0x87, 0x4f, ++ 0xdb, 0x27, 0x4f, 0x7f, 0xb8, 0x54, 0x7f, 0x5e, 0x18, 0x08, 0xf7, 0xf3, ++ 0x1c, 0x02, 0x3a, 0x04, 0xde, 0xcc, 0x10, 0x06, 0x7e, 0x15, 0xc3, 0x24, ++ 0x0c, 0xdf, 0x0d, 0xf8, 0x86, 0xc0, 0x4c, 0xab, 0x0f, 0x75, 0x04, 0xbe, ++ 0xf3, 0x90, 0x28, 0xd1, 0x22, 0x17, 0x96, 0xcc, 0x29, 0x11, 0x09, 0xa7, ++ 0x53, 0x42, 0xea, 0x91, 0x51, 0xaf, 0x55, 0xa1, 0x03, 0x67, 0x78, 0x63, ++ 0xb3, 0xb0, 0x0f, 0x59, 0x5d, 0x37, 0xe7, 0x30, 0x8b, 0xca, 0xa0, 0x45, ++ 0x12, 0x7a, 0xa5, 0x09, 0xfb, 0xa6, 0x99, 0xdd, 0xf7, 0xe9, 0x30, 0x5a, ++ 0xc2, 0x9d, 0x0d, 0xdf, 0x39, 0x99, 0x25, 0x0d, 0xb2, 0x57, 0xb6, 0x78, ++ 0x02, 0x30, 0xf8, 0x86, 0xde, 0x79, 0xb4, 0xbe, 0x3e, 0x53, 0xff, 0x74, ++ 0x0f, 0x4d, 0x30, 0x2d, 0xe6, 0x57, 0x4a, 0x57, 0x53, 0x3a, 0x0b, 0x19, ++ 0x86, 0xab, 0x90, 0xe5, 0x33, 0x84, 0x53, 0x7a, 0x17, 0xc5, 0xf1, 0x8c, ++ 0xc3, 0xe4, 0x11, 0x53, 0x2b, 0xb5, 0xb4, 0x8e, 0xe6, 0xd2, 0x04, 0x43, ++ 0x5b, 0x6a, 0x30, 0xc7, 0xca, 0xaf, 0x91, 0xc0, 0x76, 0x43, 0x86, 0x65, ++ 0xee, 0xcd, 0x82, 0xbe, 0xa2, 0xd8, 0x2d, 0xad, 0xeb, 0xb5, 0x1a, 0xb5, ++ 0xbf, 0xa1, 0xe7, 0x93, 0x50, 0x15, 0x08, 0x27, 0x27, 0x3c, 0xcc, 0x53, ++ 0x82, 0x67, 0xd4, 0xf2, 0x0d, 0x26, 0x60, 0x87, 0x05, 0x2e, 0xaa, 0x62, ++ 0x55, 0xcc, 0x9a, 0xee, 0x2c, 0x20, 0x23, 0x14, 0xfa, 0x5c, 0x29, 0x41, ++ 0xe1, 0x89, 0x83, 0x19, 0xc1, 0x36, 0x8c, 0xa4, 0x91, 0xf6, 0x40, 0x37, ++ 0x70, 0x2a, 0x0d, 0x82, 0xbb, 0x56, 0x6e, 0x23, 0x34, 0xb9, 0x6e, 0x33}; ++ ++static const unsigned char prime_safe_8192[] = { ++ 0x9b, 0xa7, 0x9b, 0xa2, 0x86, 0x54, 0xe7, 0x99, 0x11, 0x5b, 0x35, 0x81, ++ 0xd5, 0x7a, 0x8a, 0x6e, 0x4d, 0x4d, 0x61, 0x5d, 0xd3, 0xcf, 0x0c, 0x65, ++ 0x7e, 0xda, 0xd8, 0xce, 0x28, 0xac, 0xa0, 0x38, 0x81, 0xee, 0xa1, 0x14, ++ 0x25, 0x21, 0x67, 0x66, 0x3a, 0x6c, 0x0f, 0x80, 0x3d, 0x89, 0x79, 0xfe, ++ 0x71, 0x43, 0x57, 0xc3, 0xa9, 0x54, 0x1e, 0x20, 0x8a, 0xee, 0x0f, 0xa6, ++ 0x8b, 0x88, 0x81, 0x3d, 0xe8, 0x5c, 0x40, 0x47, 0x05, 0xdf, 0xd8, 0x6d, ++ 0x98, 0x65, 0x16, 0xa9, 0xf9, 0xc4, 0x8c, 0x02, 0xba, 0xae, 0x6b, 0x36, ++ 0x76, 0xc9, 0xfa, 0x8e, 0xd0, 0xd7, 0x9a, 0x3c, 0xcb, 0xd1, 0x44, 0x09, ++ 0xd7, 0x4f, 0x28, 0x51, 0x94, 0x92, 0x5b, 0x02, 0xb2, 0xbd, 0x78, 0xd3, ++ 0xc2, 0x76, 0x03, 0x15, 0x17, 0x0b, 0x55, 0x08, 0x02, 0x42, 0x9e, 0x26, ++ 0x56, 0x33, 0x72, 0xe6, 0xbd, 0x0e, 0xf9, 0x3d, 0x2c, 0xb3, 0x8a, 0x4c, ++ 0x67, 0x17, 0xfd, 0xe9, 0x03, 0xad, 0x8c, 0x34, 0x84, 0xe5, 0x83, 0xdf, ++ 0x9c, 0x04, 0x93, 0x03, 0x26, 0x19, 0xc1, 0xf1, 0x24, 0x68, 0xf6, 0x54, ++ 0x96, 0xce, 0x38, 0x51, 0xbd, 0x6c, 0x3d, 0x9c, 0x0c, 0xd8, 0x6e, 0x13, ++ 0x4c, 0x8b, 0xf6, 0x34, 0xae, 0xd8, 0x85, 0x1d, 0x1d, 0x8e, 0xc2, 0xad, ++ 0xab, 0xa2, 0xc5, 0x40, 0x76, 0x7f, 0x2f, 0x2e, 0x38, 0xf4, 0x6a, 0x39, ++ 0x33, 0x3d, 0x17, 0xce, 0x1f, 0xe9, 0xc3, 0x8d, 0x9e, 0xe5, 0xbe, 0xd6, ++ 0xad, 0x9a, 0x23, 0xd8, 0x06, 0xf3, 0x7c, 0x39, 0xd5, 0xae, 0x57, 0xb6, ++ 0xe5, 0xc3, 0x9a, 0x8a, 0x8c, 0x6e, 0xd3, 0xc1, 0x1a, 0x64, 0x12, 0x00, ++ 0x18, 0x53, 0xca, 0x32, 0x88, 0x8e, 0xc0, 0x5f, 0x2d, 0xb2, 0x3d, 0x14, ++ 0x1b, 0x58, 0x5c, 0x20, 0xe8, 0x52, 0xe5, 0x28, 0x41, 0xbc, 0x9e, 0x08, ++ 0x29, 0xab, 0xa5, 0x43, 0x99, 0x0e, 0xd7, 0x2a, 0xb9, 0xb8, 0x64, 0x9d, ++ 0x83, 0xe3, 0x1a, 0x26, 0x59, 0x65, 0xf2, 0x0c, 0xc9, 0xc5, 0x8f, 0x0d, ++ 0xcf, 0xa1, 0x18, 0xfc, 0x8b, 0x77, 0xe9, 0xe1, 0x19, 0x7b, 0x03, 0xd4, ++ 0x37, 0x8d, 0x5d, 0x37, 0x2b, 0xad, 0x58, 0x5e, 0x73, 0x72, 0xce, 0x84, ++ 0xe5, 0xc9, 0x75, 0x1d, 0xf3, 0x58, 0x42, 0x77, 0xfe, 0x53, 0xa0, 0xc2, ++ 0x66, 0x21, 0xaf, 0xe2, 0x61, 0xd2, 0x84, 0xb3, 0x03, 0x4d, 0xd8, 0x7d, ++ 0x85, 0xe1, 0xa8, 0xa0, 0x48, 0x5d, 0x1a, 0xa9, 0xac, 0xc1, 0x69, 0x24, ++ 0xc6, 0xfa, 0xb5, 0x22, 0x3e, 0xa3, 0x8d, 0x35, 0x29, 0xcf, 0x9a, 0xe5, ++ 0x84, 0x3b, 0x0b, 0x27, 0x36, 0x7e, 0x9d, 0xa6, 0xb0, 0x45, 0x60, 0x42, ++ 0x1e, 0x4b, 0x24, 0xd1, 0x36, 0x8b, 0x70, 0xd1, 0x95, 0x54, 0x14, 0xb9, ++ 0x47, 0x3d, 0x8d, 0xe4, 0x5f, 0x81, 0x1a, 0x21, 0x17, 0x17, 0xbf, 0x92, ++ 0x22, 0x4c, 0x77, 0x30, 0xdc, 0x9c, 0x84, 0xe6, 0x68, 0xcc, 0xd6, 0x11, ++ 0x04, 0xff, 0x71, 0x86, 0xb3, 0xa9, 0x9b, 0x13, 0x95, 0x35, 0xfd, 0x68, ++ 0x28, 0x9b, 0x6f, 0x5c, 0xf7, 0x66, 0xa8, 0x6f, 0x89, 0x0f, 0x92, 0xdf, ++ 0x52, 0x24, 0x3f, 0xdb, 0x2f, 0x40, 0x12, 0x32, 0xa4, 0xff, 0x2e, 0x4b, ++ 0xb8, 0xa0, 0xe7, 0xc9, 0xcb, 0x98, 0x13, 0xf9, 0xd2, 0xfa, 0x82, 0x68, ++ 0xb2, 0x8f, 0xd3, 0x17, 0x8c, 0x93, 0xf5, 0x80, 0xe4, 0x5a, 0x33, 0x1b, ++ 0x6a, 0xd8, 0xbf, 0x37, 0xa7, 0xe1, 0x63, 0x1d, 0x6a, 0xc3, 0xfa, 0xa1, ++ 0x2f, 0xc1, 0x72, 0x55, 0xd5, 0xe2, 0x67, 0x3b, 0x6b, 0x3a, 0xa8, 0xb0, ++ 0x54, 0x04, 0x1d, 0xbb, 0xc1, 0xe5, 0x3a, 0x52, 0xb1, 0x67, 0x0b, 0x12, ++ 0x3e, 0xcd, 0xa9, 0x9a, 0x0e, 0xbb, 0xa3, 0x75, 0x6d, 0x6f, 0x77, 0x74, ++ 0x64, 0xe3, 0x16, 0x8c, 0xa5, 0xba, 0xec, 0x51, 0x73, 0xce, 0x4b, 0xe6, ++ 0x6f, 0x3d, 0x15, 0x56, 0x43, 0xe1, 0x17, 0x77, 0x66, 0xab, 0xdc, 0x9d, ++ 0x9b, 0x10, 0x5d, 0xc4, 0xe9, 0x1e, 0xaa, 0x2d, 0x15, 0xbb, 0xc4, 0x09, ++ 0x46, 0x30, 0xe1, 0xb8, 0x92, 0x94, 0x5f, 0xb7, 0xe7, 0x7e, 0x97, 0x43, ++ 0xc0, 0x48, 0x5b, 0xaf, 0xea, 0x74, 0xae, 0x8c, 0x79, 0x6b, 0x66, 0x83, ++ 0x62, 0x88, 0x17, 0xa4, 0x56, 0x5d, 0x58, 0xfb, 0x6c, 0x38, 0x57, 0x4d, ++ 0xef, 0xd7, 0x36, 0x44, 0x39, 0x5b, 0xab, 0x94, 0xe4, 0x08, 0x30, 0xd3, ++ 0x2c, 0x59, 0xa0, 0x32, 0xe2, 0x71, 0x99, 0xec, 0x66, 0x5e, 0xf7, 0xe2, ++ 0x9c, 0x19, 0x69, 0x72, 0x6f, 0xdb, 0x3e, 0xcc, 0x19, 0x5a, 0xfd, 0xad, ++ 0xd6, 0x6e, 0x9d, 0x07, 0xc0, 0x65, 0x01, 0x75, 0xdd, 0x37, 0x1b, 0x9c, ++ 0x5e, 0x93, 0x32, 0xf8, 0x7e, 0x65, 0xd5, 0xb5, 0x15, 0x35, 0xad, 0x05, ++ 0xb5, 0xd2, 0x25, 0xc7, 0x71, 0x5a, 0xe4, 0xb7, 0x58, 0x6a, 0xc3, 0x5a, ++ 0xd9, 0xd4, 0xee, 0x32, 0xb5, 0x0b, 0x5b, 0x2a, 0xcd, 0x80, 0xce, 0xd4, ++ 0x2d, 0xc9, 0x09, 0x94, 0xf5, 0xf2, 0x7c, 0xaf, 0xba, 0x5a, 0xd3, 0xdc, ++ 0xcd, 0xd7, 0xf7, 0xea, 0x42, 0xe2, 0xc2, 0x34, 0x21, 0xb9, 0x15, 0x24, ++ 0xe8, 0x32, 0x6b, 0x6f, 0xb0, 0xed, 0x76, 0x5e, 0x45, 0xbf, 0x02, 0xa2, ++ 0xb8, 0x3c, 0xa5, 0xf5, 0x74, 0xe3, 0x18, 0x89, 0x21, 0x4e, 0xa6, 0x08, ++ 0xa3, 0xa5, 0x93, 0x69, 0x48, 0x96, 0xbd, 0x47, 0xd3, 0xeb, 0x67, 0x29, ++ 0xa8, 0xbb, 0xbe, 0x78, 0x05, 0xfa, 0x46, 0x89, 0x4e, 0x0c, 0xe2, 0x6c, ++ 0xbb, 0xe5, 0xf8, 0xba, 0xe5, 0x5d, 0x29, 0xe7, 0xdd, 0x71, 0x7e, 0x94, ++ 0xd7, 0x56, 0x0c, 0x3c, 0xde, 0x5f, 0xbc, 0xdc, 0x0f, 0x8e, 0xd6, 0x6f, ++ 0x0a, 0x07, 0xb8, 0x07, 0x24, 0x62, 0x4c, 0xed, 0x45, 0x4f, 0x0d, 0x9f, ++ 0x2e, 0x83, 0x6a, 0xeb, 0xbc, 0xff, 0xa9, 0xf2, 0x73, 0xb3, 0x5b, 0xaa, ++ 0xac, 0xed, 0xac, 0x88, 0xa2, 0x0d, 0x8d, 0x8f, 0xb4, 0xf7, 0x73, 0x1e, ++ 0xc0, 0x2e, 0xd3, 0x45, 0x15, 0x4b, 0x4a, 0xe7, 0xd4, 0xef, 0xb1, 0xc6, ++ 0xd3, 0x8f, 0xf8, 0x24, 0x12, 0x33, 0x3e, 0x8e, 0x95, 0xbc, 0x81, 0xb4, ++ 0xd4, 0xd1, 0x13, 0xbc, 0x7e, 0x25, 0xb4, 0x5b, 0xff, 0x15, 0xba, 0xf8, ++ 0x9a, 0xec, 0x78, 0xe4, 0x63, 0xc7, 0x26, 0xd5, 0x89, 0x3d, 0x63, 0x5b, ++ 0x7c, 0x86, 0x63, 0x34, 0x06, 0x28, 0x23, 0x08, 0xff, 0x6d, 0xbd, 0xe0, ++ 0x75, 0xb3, 0x71, 0x12, 0x26, 0x63, 0xca, 0x93, 0x36, 0x86, 0xeb, 0xf7, ++ 0x48, 0xd1, 0x96, 0xf4, 0x02, 0x3e, 0x5d, 0x69, 0x75, 0x5e, 0x95, 0xee, ++ 0x32, 0xb9, 0xba, 0x55, 0xc5, 0x42, 0x74, 0x00, 0xe1, 0x0f, 0x16, 0x05, ++ 0x62, 0x3c, 0x58, 0xcb, 0xe0, 0xd4, 0xa9, 0xe5, 0x1a, 0x3b, 0x84, 0x7e, ++ 0x19, 0x87, 0xad, 0x67, 0xcd, 0x9b, 0x97, 0xb0, 0x32, 0xd7, 0xb8, 0x1e, ++ 0x96, 0x69, 0x75, 0x0f, 0x61, 0x69, 0xb3, 0xc9, 0xce, 0x73, 0x7c, 0x5f, ++ 0xd5, 0x08, 0xdf, 0xd4, 0x07, 0x75, 0x60, 0xd7, 0x50, 0x52, 0xe7, 0x5c, ++ 0x6f, 0x04, 0x59, 0x65, 0xbd, 0x70, 0x99, 0x15, 0xf9, 0xbc, 0x34, 0x78, ++ 0x6a, 0x64, 0xac, 0x5f, 0x07, 0xc2, 0x89, 0x88, 0xfe, 0x11, 0x7a, 0xf7, ++ 0x3d, 0xbe, 0x83, 0xff, 0xeb, 0x1d, 0x52, 0xbe, 0xd4, 0x09, 0x71, 0x0f, ++ 0x7c, 0x95, 0x19, 0xf2, 0x4b, 0xf5, 0x44, 0x63, 0xf2, 0xec, 0x3f, 0xf9, ++ 0xe4, 0xfb, 0xbe, 0x24, 0xb2, 0x18, 0x53, 0xce, 0x16, 0x40, 0x1e, 0x27, ++ 0x62, 0x99, 0x93, 0xc9, 0x49, 0x8f, 0x98, 0x0d, 0xd8, 0x73, 0x65, 0x99, ++ 0xac, 0xff, 0xfe, 0x22, 0x6a, 0xd1, 0xfb, 0xa1, 0xe4, 0xe7, 0xab, 0x3c, ++ 0x72, 0x10, 0xac, 0x73}; ++ ++/* Weak primes with value subprimes. Accepted, but takes more processing ++ * in both modes. */ ++static const unsigned char prime_weak_1024[] = { ++ 0xe4, 0x82, 0x09, 0x4a, 0x6b, 0xbe, 0x9b, 0x51, 0x11, 0xa0, 0x74, 0x25, ++ 0xff, 0x50, 0x1c, 0x0a, 0xd6, 0xd0, 0xbc, 0xd3, 0x24, 0x89, 0x75, 0x74, ++ 0xb3, 0xd6, 0x6b, 0xf4, 0xc7, 0x5f, 0x6a, 0xec, 0x1e, 0x3a, 0x20, 0x02, ++ 0x16, 0x75, 0xcc, 0x44, 0x4a, 0xbf, 0x5b, 0x58, 0xad, 0xfe, 0xb0, 0x18, ++ 0x6a, 0x38, 0x8b, 0xcb, 0xdb, 0xd1, 0x77, 0x42, 0xe3, 0xa3, 0x87, 0x8a, ++ 0x99, 0x2e, 0x11, 0xd8, 0xc9, 0x02, 0x84, 0x1d, 0xd2, 0x67, 0x28, 0xbd, ++ 0x8f, 0xfb, 0x56, 0xf2, 0x63, 0x8a, 0x2c, 0x7c, 0x38, 0xef, 0xa2, 0x0c, ++ 0x6a, 0x36, 0xd0, 0x99, 0x13, 0x47, 0x48, 0x40, 0xe5, 0xcd, 0xdb, 0x04, ++ 0x4c, 0xa2, 0x12, 0x3f, 0x1a, 0x9b, 0x9a, 0x0e, 0xb8, 0x68, 0x7d, 0x01, ++ 0xbc, 0x16, 0x6f, 0x51, 0x64, 0x1d, 0xab, 0x21, 0x75, 0x49, 0x12, 0x36, ++ 0xac, 0x65, 0x8b, 0xf8, 0x87, 0xd9, 0xaf, 0xd1}; ++ ++static const unsigned char subprime_weak_1024[] = { ++ 0xef, 0x0c, 0x17, 0x60, 0xd1, 0x91, 0x8f, 0xea, 0x4d, 0xbe, ++ 0x0a, 0xb2, 0x37, 0xcc, 0x6b, 0xba, 0x97, 0x98, 0x2d, 0x4b}; ++ ++static const unsigned char base_weak_1024[] = { ++ 0x5a, 0x70, 0x8b, 0xe1, 0x1d, 0xed, 0x69, 0x04, 0xd0, 0xdc, 0xda, 0x84, ++ 0x9e, 0x79, 0x56, 0x11, 0x44, 0xdc, 0xf7, 0xb8, 0x84, 0x88, 0x75, 0x67, ++ 0xba, 0x80, 0x5b, 0x7e, 0x50, 0xc1, 0x5c, 0x80, 0x59, 0xaa, 0x55, 0x24, ++ 0x44, 0x6a, 0x8a, 0x31, 0x20, 0x1a, 0xd4, 0xba, 0x5f, 0x32, 0xc6, 0x5d, ++ 0x9d, 0x0e, 0x58, 0xfc, 0xd0, 0x6c, 0x74, 0xea, 0xd9, 0xc6, 0x86, 0x9f, ++ 0x3f, 0x83, 0x0e, 0x73, 0xae, 0x28, 0x40, 0x19, 0x9f, 0x5d, 0x64, 0xc4, ++ 0xae, 0xda, 0x11, 0x3e, 0x3f, 0x44, 0x87, 0xac, 0x41, 0x1e, 0xfa, 0xdb, ++ 0x1f, 0xde, 0x09, 0x7c, 0x54, 0x7c, 0x8a, 0xe0, 0x82, 0xd7, 0x8c, 0xb9, ++ 0x61, 0xa0, 0x10, 0xab, 0xff, 0xe1, 0x1f, 0x8b, 0x9d, 0x51, 0x71, 0xc7, ++ 0xfb, 0xd9, 0xe0, 0x10, 0xc3, 0x7d, 0x88, 0xe9, 0xd2, 0x42, 0xaf, 0xda, ++ 0x77, 0x55, 0x28, 0x07, 0x03, 0x26, 0xb3, 0x77}; ++ ++static const unsigned char prime_weak_2048[] = { ++ 0xb5, 0x08, 0x83, 0x6a, 0x22, 0x39, 0xdf, 0x02, 0xfe, 0x73, 0x6b, 0xfb, ++ 0x0d, 0x4e, 0xad, 0x4b, 0x0f, 0xfd, 0xb2, 0x27, 0xe7, 0xd2, 0x35, 0xd4, ++ 0x83, 0xf2, 0xbc, 0x29, 0xff, 0x50, 0xf7, 0x6b, 0xb7, 0x94, 0x38, 0xff, ++ 0xdc, 0x79, 0x67, 0x9a, 0x80, 0x8b, 0xc2, 0x20, 0x4e, 0x53, 0x02, 0x2a, ++ 0x07, 0xec, 0xa9, 0xbd, 0x22, 0xd1, 0xba, 0x35, 0x31, 0x10, 0x21, 0xb6, ++ 0x4f, 0xe1, 0x94, 0x0b, 0xb0, 0xb3, 0x37, 0x20, 0x0d, 0x6a, 0xd4, 0x91, ++ 0x5c, 0x85, 0xe9, 0xae, 0x8a, 0xf2, 0x94, 0xe7, 0x44, 0xf5, 0xcc, 0x04, ++ 0x82, 0x57, 0x81, 0x21, 0x83, 0x18, 0x48, 0x2d, 0xe3, 0x1c, 0xa1, 0x7f, ++ 0xee, 0x10, 0xb9, 0xe8, 0x40, 0xfc, 0xda, 0x43, 0x7d, 0x18, 0xe4, 0x68, ++ 0x9f, 0xed, 0x5e, 0xc3, 0x1f, 0x80, 0xef, 0x5c, 0x24, 0x5e, 0x68, 0xac, ++ 0x99, 0x9c, 0x74, 0x96, 0x5b, 0xb3, 0xe7, 0xb2, 0x65, 0x78, 0xfb, 0x3c, ++ 0x11, 0x00, 0x04, 0x4b, 0x98, 0x0e, 0x8a, 0x7b, 0x38, 0x08, 0x34, 0xb9, ++ 0x6d, 0x08, 0x65, 0x17, 0x91, 0x49, 0x62, 0x47, 0x64, 0xab, 0xc6, 0xd0, ++ 0xf2, 0xcf, 0x89, 0x07, 0xeb, 0xa3, 0x5d, 0xf3, 0xa2, 0xfb, 0xdd, 0x7b, ++ 0x3e, 0x7e, 0xa2, 0xd7, 0x1a, 0x42, 0xad, 0x74, 0xbd, 0xbb, 0xcf, 0x21, ++ 0x91, 0xd2, 0x6b, 0x1d, 0x9d, 0xa8, 0x05, 0x88, 0x4f, 0xb1, 0x45, 0xa2, ++ 0x86, 0x90, 0x12, 0xfd, 0xcb, 0x25, 0xe1, 0x12, 0x08, 0x47, 0x1d, 0x83, ++ 0x2d, 0x14, 0x42, 0x20, 0x08, 0x31, 0x54, 0x2c, 0x9b, 0x49, 0xf6, 0xb6, ++ 0x2d, 0x25, 0xea, 0x28, 0xbf, 0x13, 0x2b, 0xd3, 0x45, 0x8d, 0x02, 0x9f, ++ 0xa5, 0xaa, 0xeb, 0xc0, 0x48, 0xd1, 0x06, 0xe6, 0x1e, 0xa0, 0x3e, 0x04, ++ 0x20, 0x79, 0x7c, 0xd1, 0xd0, 0xac, 0x61, 0x89, 0x6c, 0x3b, 0x88, 0xa3, ++ 0x54, 0x6c, 0x80, 0x59}; ++ ++static const unsigned char subprime_weak_2048[] = { ++ 0xcd, 0x9d, 0xbf, 0x88, 0xe5, 0xc0, 0x03, 0x16, 0xec, 0x9c, 0xb4, ++ 0x6e, 0x54, 0xd2, 0xbf, 0xdc, 0x05, 0x92, 0xcd, 0x05, 0x87, 0xc9, ++ 0x9c, 0x91, 0x19, 0x54, 0xb6, 0xd7, 0x1e, 0xe1, 0x0a, 0x93}; ++ ++static const unsigned char base_weak_2048[] = { ++ 0x36, 0xc6, 0x6e, 0x3e, 0xe8, 0x44, 0xa0, 0x57, 0x1d, 0x8e, 0x71, 0xb6, ++ 0x6c, 0x24, 0xf6, 0x1d, 0xb6, 0xa5, 0xfd, 0xe3, 0xd6, 0xc5, 0x6b, 0xe8, ++ 0x94, 0x5a, 0x8c, 0x5a, 0xdf, 0x41, 0x51, 0xe6, 0xfb, 0x76, 0x4b, 0x06, ++ 0x4b, 0x03, 0x33, 0x98, 0x15, 0xb5, 0x60, 0x43, 0xc7, 0xc5, 0xb3, 0x4d, ++ 0x58, 0x90, 0xe8, 0x63, 0xc5, 0xad, 0x5f, 0x57, 0xcf, 0x42, 0x26, 0x99, ++ 0xa0, 0x71, 0xc6, 0x73, 0x03, 0xa0, 0x45, 0xd0, 0x87, 0xf0, 0xd8, 0x9a, ++ 0xb2, 0x7d, 0xd7, 0x2d, 0x10, 0x52, 0x04, 0x36, 0x37, 0x4f, 0x9d, 0xb7, ++ 0x66, 0xdc, 0xf5, 0x76, 0xac, 0x87, 0xfe, 0x5a, 0x9d, 0xca, 0x1e, 0xfb, ++ 0x6f, 0x7f, 0xfd, 0x9a, 0xaa, 0x12, 0xcf, 0x7a, 0xdb, 0x15, 0xf3, 0xb2, ++ 0x7b, 0x17, 0xb9, 0xaf, 0x5f, 0xdf, 0x9c, 0x66, 0x29, 0x83, 0x89, 0xf9, ++ 0xf9, 0xf7, 0x4a, 0x04, 0x1d, 0x00, 0xf7, 0x11, 0x98, 0x18, 0x0a, 0xab, ++ 0x47, 0xcc, 0x3e, 0x11, 0xf4, 0xe0, 0x7e, 0xad, 0xa5, 0x67, 0xf8, 0x4b, ++ 0x1b, 0x81, 0x72, 0x8e, 0x5b, 0x49, 0x90, 0x0e, 0x01, 0xc1, 0x7e, 0x8d, ++ 0xfb, 0xa2, 0xe7, 0x92, 0xd0, 0x23, 0xf5, 0x4a, 0xe8, 0xd4, 0x51, 0xc4, ++ 0x89, 0xe8, 0x4a, 0x9f, 0xf6, 0xa2, 0xdc, 0xe2, 0x32, 0x88, 0x56, 0x2c, ++ 0x97, 0x38, 0xdf, 0xd6, 0x4f, 0xfb, 0xf8, 0xbb, 0xee, 0x7a, 0x3a, 0x05, ++ 0xa2, 0x7f, 0xbb, 0x6d, 0xf6, 0xd6, 0x48, 0xf4, 0x6d, 0x23, 0xb3, 0x93, ++ 0x7c, 0xfb, 0xd4, 0x8c, 0xa0, 0x58, 0xbc, 0xdf, 0x1b, 0x35, 0x2a, 0x56, ++ 0x80, 0x7c, 0xc6, 0x28, 0x35, 0xb6, 0x17, 0x5d, 0xa5, 0x15, 0x79, 0x7d, ++ 0x2c, 0x6a, 0xcf, 0xb1, 0xb1, 0x6e, 0xea, 0xd0, 0x4b, 0xfb, 0xa5, 0xbb, ++ 0xb7, 0x9f, 0x74, 0x42, 0xd5, 0xf3, 0x4b, 0x54, 0x40, 0xf0, 0x4c, 0x6b, ++ 0x0f, 0xaf, 0x89, 0x10}; ++ ++static const unsigned char prime_weak_3072[] = { ++ 0x94, 0x32, 0xc7, 0x47, 0x51, 0xa3, 0x03, 0x9b, 0xf2, 0x51, 0x5c, 0x69, ++ 0xaf, 0x05, 0x3c, 0x76, 0x62, 0xa2, 0xec, 0x5a, 0xcc, 0xdf, 0x80, 0xf3, ++ 0x2d, 0xce, 0xa5, 0xa5, 0x9e, 0x2d, 0xab, 0x5f, 0x91, 0xbd, 0x93, 0x61, ++ 0xd7, 0x7b, 0x71, 0x6f, 0xf3, 0x92, 0xbf, 0xa8, 0xfc, 0xcd, 0x00, 0xf5, ++ 0x49, 0x08, 0x00, 0x8c, 0xd2, 0xfe, 0x4a, 0xd8, 0x2b, 0x6e, 0x42, 0xc0, ++ 0xd8, 0xa2, 0x8b, 0x2b, 0x18, 0x02, 0xad, 0xe8, 0x4e, 0x44, 0x09, 0x26, ++ 0xa1, 0xa1, 0xca, 0x99, 0xe3, 0xd9, 0x9a, 0x87, 0x3c, 0x83, 0x6a, 0x1a, ++ 0x7b, 0x60, 0xba, 0x78, 0x0c, 0x79, 0x50, 0x1f, 0xde, 0x40, 0x14, 0x58, ++ 0x18, 0xa9, 0x2b, 0x74, 0x11, 0xb4, 0x65, 0xfe, 0x9d, 0x03, 0xa4, 0xef, ++ 0xdf, 0x74, 0x8e, 0xcd, 0x7b, 0xd4, 0xf3, 0x28, 0x75, 0xb2, 0x31, 0xef, ++ 0x99, 0x65, 0xcb, 0x5a, 0x77, 0xca, 0xa2, 0x25, 0x28, 0xae, 0xfa, 0x9f, ++ 0xeb, 0xda, 0xcc, 0x34, 0x7b, 0x21, 0xd7, 0xdb, 0x54, 0x40, 0xe6, 0x2f, ++ 0xdb, 0xc0, 0xce, 0xdc, 0xe5, 0xc9, 0x27, 0x97, 0x99, 0x9c, 0x02, 0x4f, ++ 0x24, 0x88, 0x93, 0xdf, 0xa9, 0xc7, 0x3e, 0x10, 0xc8, 0xaa, 0x6a, 0xce, ++ 0xda, 0x46, 0x94, 0x8c, 0xad, 0x1e, 0xf1, 0xcb, 0xd3, 0xcd, 0x43, 0x44, ++ 0xb4, 0x20, 0x91, 0x9e, 0xf6, 0xd1, 0x03, 0xef, 0xc2, 0x04, 0xf7, 0x07, ++ 0xdb, 0xac, 0xa2, 0x28, 0x8c, 0x7d, 0x1d, 0x5d, 0x2c, 0x5a, 0xfc, 0x26, ++ 0x5b, 0x0b, 0x58, 0xb9, 0x9a, 0x47, 0xe9, 0xa0, 0xdf, 0xa5, 0x5a, 0xf3, ++ 0xe5, 0xd6, 0xeb, 0x69, 0xb5, 0x4e, 0xbc, 0x71, 0xc0, 0xd6, 0x9b, 0xb8, ++ 0x40, 0x3b, 0xc5, 0x72, 0x5d, 0x4d, 0x1b, 0x17, 0x3d, 0x36, 0xa4, 0xb1, ++ 0x15, 0xa7, 0x9a, 0x72, 0xeb, 0xf2, 0x9e, 0x40, 0xd1, 0xbc, 0x35, 0xc7, ++ 0xd1, 0x1a, 0x8f, 0x1c, 0x2b, 0x5e, 0xd8, 0xb3, 0x3b, 0x44, 0xae, 0xf5, ++ 0x81, 0xd0, 0x8a, 0x37, 0xab, 0xba, 0x22, 0xbc, 0x2d, 0x88, 0x2f, 0x24, ++ 0xbb, 0xb0, 0x1a, 0xa9, 0x5f, 0x07, 0x10, 0x6d, 0xc6, 0xbb, 0x3c, 0xa2, ++ 0x66, 0xf9, 0xb9, 0x95, 0xd6, 0x5e, 0x8c, 0xce, 0x04, 0xdc, 0xb3, 0x4c, ++ 0xbc, 0xe9, 0xc5, 0xcb, 0x19, 0x97, 0xe2, 0xa1, 0x09, 0x38, 0xd7, 0x82, ++ 0xa6, 0xbf, 0xc9, 0x15, 0x25, 0xf1, 0x2c, 0x77, 0xfc, 0xbd, 0xfa, 0x7f, ++ 0x92, 0xfe, 0xd6, 0x31, 0x03, 0x23, 0x2d, 0x17, 0x2f, 0x51, 0x9e, 0x5c, ++ 0xb1, 0x68, 0xc0, 0x3f, 0x42, 0x99, 0x00, 0x55, 0x33, 0x68, 0xd7, 0xee, ++ 0x51, 0x7d, 0x3e, 0x03, 0x4f, 0x02, 0x5f, 0x27, 0xdd, 0x17, 0x18, 0x6c, ++ 0x1e, 0x9d, 0x91, 0x65, 0xf8, 0xd7, 0xa6, 0x9f, 0xa1, 0xba, 0xa8, 0x76, ++ 0xe4, 0xd8, 0xf4, 0x59, 0x90, 0x16, 0x67, 0x88, 0xc2, 0xa9, 0xe4, 0x2d}; ++ ++static const unsigned char subprime_weak_3072[] = { ++ 0xd6, 0xf6, 0xeb, 0x1e, 0x65, 0x44, 0xe1, 0x1a, 0x37, 0x69, 0x8c, ++ 0x60, 0x45, 0xcb, 0xcb, 0x52, 0xe4, 0x88, 0xcb, 0xad, 0xb2, 0x27, ++ 0x18, 0xfa, 0x3a, 0xcf, 0xc6, 0xf9, 0xc3, 0x03, 0xa8, 0xb9}; ++ ++static const unsigned char base_weak_3072[] = { ++ 0x6e, 0x65, 0xcd, 0xd8, 0xbf, 0x8a, 0x5a, 0xa1, 0x05, 0x62, 0xa2, 0x64, ++ 0x88, 0x4a, 0x49, 0x1b, 0x57, 0xa8, 0x0e, 0x2e, 0x28, 0x4a, 0xe3, 0xaa, ++ 0xa7, 0x4e, 0xc7, 0x06, 0xe2, 0xf8, 0x9c, 0xd7, 0x05, 0x05, 0x6e, 0x5b, ++ 0x89, 0xd5, 0xa1, 0x16, 0xda, 0x2a, 0x2f, 0xe6, 0x86, 0xf0, 0x6e, 0xdc, ++ 0xd0, 0xbc, 0x0b, 0x39, 0x90, 0xe3, 0x74, 0x2c, 0x02, 0x6f, 0x7e, 0x32, ++ 0x2d, 0xf6, 0xd7, 0xa2, 0xfb, 0xe9, 0xaf, 0x8b, 0xb3, 0x1c, 0xd0, 0x78, ++ 0x4a, 0x76, 0xf8, 0xbd, 0x03, 0x5b, 0x0c, 0x68, 0x65, 0x23, 0x8a, 0x45, ++ 0xf3, 0x51, 0xe0, 0xe1, 0x96, 0x57, 0x7e, 0x05, 0x6c, 0xae, 0xaf, 0xa6, ++ 0x45, 0xdc, 0xa8, 0x36, 0x69, 0xa5, 0x13, 0x37, 0x4a, 0x16, 0x43, 0x11, ++ 0xab, 0x5b, 0xb6, 0xcf, 0x86, 0xb6, 0xf8, 0x44, 0xb9, 0x76, 0xe7, 0x1e, ++ 0x88, 0x99, 0x6f, 0xfe, 0xfb, 0x5c, 0xdb, 0x59, 0x4c, 0x26, 0xdb, 0x20, ++ 0x20, 0x97, 0x47, 0xda, 0x7b, 0x1d, 0xe9, 0x18, 0x1a, 0x89, 0x07, 0x3b, ++ 0xd1, 0xc8, 0x4c, 0xfd, 0xae, 0x35, 0x4c, 0xa0, 0x42, 0x94, 0x89, 0xc0, ++ 0xae, 0x2f, 0x94, 0x49, 0xd9, 0x7d, 0xb2, 0x4c, 0x50, 0x29, 0x46, 0x14, ++ 0x9a, 0x56, 0x49, 0x7a, 0x09, 0xa8, 0x95, 0x3a, 0x94, 0x06, 0x7c, 0xf0, ++ 0xea, 0x39, 0xcb, 0x33, 0xad, 0x28, 0xd1, 0x55, 0x02, 0xf5, 0x46, 0x0c, ++ 0x92, 0x12, 0x17, 0x05, 0x60, 0x97, 0xcd, 0x2f, 0x18, 0x5e, 0xe3, 0x41, ++ 0xe6, 0x46, 0x69, 0x27, 0x7d, 0x61, 0x00, 0x1e, 0x8d, 0x74, 0xa5, 0xc5, ++ 0xcb, 0xb9, 0xbc, 0x3f, 0x7a, 0x21, 0x23, 0x22, 0x1b, 0x15, 0x50, 0xb9, ++ 0x4b, 0x3b, 0x9f, 0xd5, 0xc0, 0x8c, 0xb9, 0x9d, 0x7e, 0xf4, 0x13, 0xc9, ++ 0x64, 0xe3, 0x7b, 0x44, 0xa7, 0x10, 0xad, 0x3c, 0xaf, 0xf0, 0x07, 0x8d, ++ 0x04, 0xc9, 0xa9, 0x36, 0x10, 0xb9, 0x8d, 0x7d, 0x43, 0x24, 0x7d, 0x8d, ++ 0x3c, 0x74, 0x58, 0x02, 0xb9, 0x4b, 0xe6, 0x6c, 0xa9, 0x9f, 0xdc, 0x50, ++ 0x5f, 0x62, 0x68, 0xc7, 0x14, 0xe7, 0x88, 0x33, 0x3e, 0x41, 0xad, 0x92, ++ 0x9d, 0x15, 0xd4, 0x77, 0xb9, 0xfb, 0x18, 0xd2, 0x8b, 0xb3, 0xc4, 0x0f, ++ 0x26, 0x04, 0xa4, 0xb1, 0xc1, 0x83, 0x96, 0x17, 0x67, 0x52, 0xa5, 0xfb, ++ 0x1b, 0x70, 0x20, 0x1c, 0x8c, 0x24, 0xc4, 0x5c, 0xd7, 0xe2, 0x12, 0xe3, ++ 0x31, 0x10, 0x4e, 0x85, 0xc2, 0xd2, 0x63, 0x3a, 0x75, 0xe0, 0x9e, 0x6f, ++ 0x78, 0x19, 0xb0, 0x40, 0x03, 0x32, 0x75, 0x6f, 0xea, 0x2f, 0x90, 0xb2, ++ 0x48, 0x79, 0xa1, 0xa0, 0x61, 0xf6, 0x13, 0xf3, 0x50, 0xa9, 0xec, 0x90, ++ 0x5d, 0xae, 0x45, 0x4f, 0x1b, 0x80, 0xd3, 0x96, 0x62, 0x05, 0x5b, 0x53, ++ 0x63, 0x99, 0xe5, 0xf2, 0x1b, 0xeb, 0x3e, 0x25, 0x2e, 0x72, 0xdb, 0x1f}; ++ ++static const unsigned char prime_weak_4096[] = { ++ 0xff, 0x50, 0xd3, 0xcc, 0x89, 0x17, 0x5e, 0xb6, 0xf8, 0xa3, 0xb0, 0xe2, ++ 0xf9, 0x9f, 0x17, 0xa1, 0x92, 0x56, 0x15, 0x13, 0x12, 0x9f, 0x18, 0xdc, ++ 0x07, 0x00, 0xc2, 0x49, 0xc9, 0xd9, 0xd4, 0x0a, 0xe3, 0xd7, 0xf6, 0x60, ++ 0x21, 0xa9, 0x7b, 0xc0, 0x0f, 0x0e, 0xae, 0x3e, 0x77, 0x77, 0x48, 0xd8, ++ 0xfd, 0x42, 0xec, 0xb5, 0xae, 0x00, 0xab, 0xce, 0xd1, 0x11, 0xca, 0xd2, ++ 0x64, 0x5a, 0xa3, 0x6b, 0xba, 0xd1, 0x93, 0xea, 0xda, 0xd2, 0xa0, 0x60, ++ 0x39, 0x0b, 0x34, 0x4f, 0x0c, 0xf1, 0xb0, 0x52, 0x75, 0x51, 0x3d, 0x28, ++ 0x02, 0xb5, 0xbd, 0x42, 0x98, 0x20, 0xa7, 0x42, 0xb9, 0x21, 0x9a, 0xae, ++ 0xb6, 0x41, 0x7b, 0x70, 0xe3, 0xd9, 0xaf, 0x81, 0x1a, 0xc1, 0x39, 0x9c, ++ 0x52, 0x56, 0xcb, 0x0d, 0x6a, 0x67, 0x6f, 0x3d, 0x12, 0x76, 0x73, 0x53, ++ 0x95, 0x2d, 0xc1, 0x04, 0xdb, 0x83, 0xe4, 0xd0, 0xbe, 0x2d, 0xa6, 0x7a, ++ 0x0f, 0x80, 0x1b, 0xd0, 0x16, 0x14, 0x3a, 0xe0, 0x48, 0xfa, 0xf5, 0x44, ++ 0xa8, 0xe0, 0xbf, 0x98, 0xe1, 0x56, 0xea, 0x76, 0xb6, 0xe2, 0xa3, 0x5b, ++ 0x15, 0x79, 0x10, 0xb0, 0x41, 0xdc, 0x29, 0x0f, 0x1e, 0x37, 0x69, 0xcd, ++ 0x13, 0xbe, 0x2d, 0xe0, 0x73, 0x38, 0x68, 0xed, 0x50, 0x6a, 0xd0, 0xfb, ++ 0xcb, 0x17, 0x3a, 0x59, 0xfb, 0xec, 0xba, 0x75, 0xb6, 0x4e, 0x2f, 0x6e, ++ 0x97, 0x98, 0x0e, 0x79, 0x25, 0xdd, 0xd8, 0xf5, 0x34, 0xb4, 0xa0, 0x7e, ++ 0xba, 0x68, 0x7c, 0x4f, 0xfb, 0xe0, 0x97, 0x46, 0x50, 0x1e, 0x4a, 0x59, ++ 0x9c, 0xdc, 0x34, 0xe2, 0x2a, 0xb5, 0xc8, 0x58, 0x94, 0x48, 0x9f, 0xb8, ++ 0x36, 0xcb, 0xce, 0x36, 0xb1, 0x7c, 0xe5, 0x8d, 0x5b, 0x43, 0xd7, 0x88, ++ 0xdf, 0xae, 0xd0, 0xc9, 0x42, 0x5f, 0x0a, 0xe3, 0x63, 0x11, 0xc5, 0x0c, ++ 0x80, 0x55, 0x58, 0xd7, 0xf2, 0x51, 0x6e, 0xb3, 0x7e, 0x9d, 0x1c, 0xc3, ++ 0x61, 0x59, 0x5c, 0x47, 0xd4, 0x99, 0xc0, 0x67, 0xfb, 0xb2, 0xd6, 0x11, ++ 0xda, 0x92, 0x5b, 0x6b, 0xd2, 0x70, 0xb7, 0x69, 0x72, 0xe7, 0x06, 0xdd, ++ 0x40, 0xac, 0x81, 0x51, 0x1d, 0x52, 0x7a, 0x45, 0x38, 0x89, 0x27, 0x2c, ++ 0xc4, 0x4b, 0x7e, 0x5e, 0x79, 0xef, 0x84, 0x6a, 0x24, 0x4d, 0x9c, 0x9e, ++ 0xca, 0x75, 0x5c, 0x06, 0x6d, 0xd0, 0x52, 0xe9, 0xda, 0x9f, 0x46, 0xb6, ++ 0x62, 0x1d, 0xb3, 0xd9, 0xf2, 0x7d, 0xd6, 0xc2, 0x7a, 0x49, 0x7c, 0xdd, ++ 0x9b, 0xaa, 0xc3, 0x84, 0x0b, 0x08, 0x33, 0xb8, 0x80, 0xc3, 0x12, 0x8f, ++ 0xad, 0xac, 0x0f, 0x7f, 0xaf, 0x59, 0x61, 0x0d, 0x98, 0xc1, 0xf9, 0x68, ++ 0xc3, 0x1b, 0x10, 0x08, 0xc4, 0x33, 0x3c, 0xa4, 0xe2, 0xd5, 0xeb, 0x71, ++ 0x5d, 0x19, 0x7e, 0x05, 0xca, 0x9a, 0xf5, 0xbb, 0x71, 0x55, 0x83, 0x9c, ++ 0x25, 0x50, 0x35, 0x7f, 0x2d, 0xeb, 0xf2, 0x0d, 0xed, 0x3c, 0xb8, 0x71, ++ 0xbd, 0x08, 0xf5, 0x89, 0x7e, 0x5e, 0x38, 0x40, 0xd7, 0xed, 0x77, 0x8d, ++ 0x7a, 0xed, 0x2a, 0x9f, 0xfc, 0x01, 0xf4, 0xe2, 0xcf, 0xda, 0x8c, 0xa3, ++ 0x57, 0xdc, 0x14, 0xd6, 0xa1, 0xd9, 0x97, 0xb9, 0xe6, 0xfc, 0x48, 0x75, ++ 0x43, 0xbd, 0x3b, 0x91, 0x17, 0x3c, 0x33, 0xca, 0xce, 0x29, 0x09, 0x1b, ++ 0xe8, 0x9d, 0xb6, 0x74, 0x05, 0x5e, 0x2e, 0xa5, 0x1d, 0x7f, 0x3a, 0xa9, ++ 0x2c, 0xf6, 0x4d, 0x41, 0x90, 0xbc, 0x56, 0x18, 0x52, 0x02, 0x90, 0xef, ++ 0x71, 0xff, 0x3e, 0x0c, 0xf8, 0x00, 0x04, 0x07, 0xd5, 0x20, 0x26, 0xdd, ++ 0x5c, 0xb1, 0x37, 0x03, 0x20, 0x0c, 0xb4, 0xb6, 0x39, 0x49, 0x49, 0xaa, ++ 0xe7, 0x98, 0x01, 0xa2, 0x2e, 0x0a, 0x33, 0x82, 0x9e, 0xb9, 0x24, 0xb7, ++ 0x80, 0xdf, 0xd3, 0xdf, 0x04, 0xe4, 0x50, 0x9d}; ++ ++static const unsigned char subprime_weak_4096[] = { ++ 0xcf, 0xd9, 0x38, 0x6d, 0x5b, 0x8d, 0x82, 0x9d, 0xa8, 0xe7, 0x9f, ++ 0x21, 0x46, 0xcc, 0x15, 0xea, 0x61, 0x31, 0x13, 0x5d, 0x50, 0xcd, ++ 0x99, 0x26, 0xf9, 0x44, 0x28, 0x44, 0xc8, 0xae, 0xb7, 0x8f}; ++ ++static const unsigned char base_weak_4096[] = { ++ 0x55, 0xa1, 0x9d, 0x92, 0x16, 0x3d, 0x9c, 0xfa, 0xd7, 0x7c, 0x71, 0xea, ++ 0x29, 0x53, 0x9b, 0xdc, 0x8e, 0xa6, 0xbb, 0x06, 0xd5, 0x00, 0x5d, 0x6c, ++ 0x8e, 0x5d, 0x44, 0xb9, 0x13, 0x4b, 0x20, 0x92, 0x6d, 0x39, 0x9d, 0x34, ++ 0xaf, 0x9b, 0x12, 0x1d, 0xc5, 0xea, 0xb2, 0x89, 0x05, 0xa6, 0x49, 0x9f, ++ 0xd8, 0xf4, 0xba, 0x33, 0xab, 0x28, 0xf2, 0x2f, 0xf6, 0x49, 0x37, 0x0e, ++ 0xb2, 0xc6, 0x41, 0x8c, 0x91, 0x97, 0x07, 0xf8, 0xa3, 0x88, 0x12, 0x6b, ++ 0xe8, 0x85, 0x0e, 0x26, 0x0a, 0x79, 0xe2, 0x48, 0x1c, 0x5c, 0xee, 0x99, ++ 0x4b, 0xd1, 0xf7, 0xe8, 0xff, 0xae, 0x5b, 0xd1, 0xf4, 0x5e, 0x6a, 0x09, ++ 0xc2, 0xa0, 0xc3, 0x14, 0xe3, 0xc6, 0x25, 0x3e, 0xe4, 0xff, 0xd7, 0x38, ++ 0xb4, 0xf4, 0xda, 0xab, 0xde, 0x84, 0x08, 0xd3, 0x53, 0xce, 0xb9, 0x5f, ++ 0x41, 0x4a, 0x02, 0x9f, 0xe1, 0x90, 0x3a, 0x80, 0x2f, 0xc5, 0xbb, 0xcc, ++ 0x92, 0xa8, 0x76, 0xa4, 0x78, 0x32, 0x70, 0x50, 0x21, 0x54, 0x4a, 0x97, ++ 0x4b, 0x8f, 0x2f, 0x61, 0x66, 0x65, 0x57, 0x2e, 0xf3, 0x64, 0x0e, 0x7e, ++ 0xa0, 0xf7, 0xf7, 0x5a, 0x32, 0xd9, 0x88, 0xf7, 0x4c, 0x4b, 0xd6, 0x5a, ++ 0xe1, 0x82, 0xd7, 0x6e, 0x4d, 0xee, 0xa2, 0xf0, 0x4e, 0x3f, 0x26, 0xba, ++ 0xfa, 0xfb, 0xe2, 0x1d, 0x64, 0x19, 0x10, 0x77, 0x99, 0xf4, 0x02, 0x46, ++ 0x30, 0xb0, 0xb1, 0x4b, 0xb2, 0xbd, 0x2c, 0xd4, 0xf8, 0xf2, 0x7f, 0xaf, ++ 0xd6, 0x80, 0xa4, 0x16, 0x72, 0x39, 0x0b, 0x83, 0x7d, 0x1a, 0x03, 0xcf, ++ 0x0c, 0xdc, 0xaa, 0x9c, 0x21, 0x61, 0xef, 0x12, 0x92, 0xc5, 0x71, 0x50, ++ 0x7f, 0x66, 0xda, 0x28, 0x50, 0xfa, 0x18, 0x33, 0xb8, 0x86, 0x50, 0x1a, ++ 0x8e, 0x6b, 0x6f, 0xd3, 0xe2, 0x7d, 0x6e, 0x3f, 0x6d, 0x9b, 0x26, 0x33, ++ 0x98, 0x82, 0x95, 0x2a, 0xdf, 0x11, 0xf8, 0xb6, 0x05, 0x10, 0x3d, 0x39, ++ 0x23, 0x28, 0x4a, 0x35, 0x72, 0xc4, 0x7f, 0x47, 0x5a, 0x0b, 0xcb, 0xed, ++ 0x54, 0xd3, 0x81, 0xdf, 0xd7, 0x0c, 0xf6, 0xbe, 0xca, 0x8e, 0xac, 0x22, ++ 0x67, 0xd4, 0xf9, 0xcb, 0xaf, 0xe6, 0x42, 0x58, 0x97, 0x0f, 0x24, 0xdf, ++ 0xb8, 0x85, 0xbe, 0x34, 0xd7, 0x68, 0xfa, 0xbf, 0xc5, 0xcb, 0x61, 0x8b, ++ 0xbf, 0xa8, 0xf7, 0x64, 0xee, 0xf3, 0x8d, 0xf7, 0x5b, 0x6e, 0xe8, 0x07, ++ 0xa0, 0x6d, 0xb5, 0x75, 0xa2, 0x33, 0x1f, 0xe0, 0x3e, 0x82, 0xc0, 0xef, ++ 0xeb, 0x6a, 0x8a, 0xba, 0x87, 0xb4, 0x44, 0x66, 0xb2, 0xe7, 0x06, 0xa5, ++ 0x5a, 0x02, 0x26, 0xa7, 0x8d, 0x57, 0xa7, 0x28, 0x62, 0x20, 0x0e, 0x3b, ++ 0xff, 0x90, 0xca, 0x9e, 0x95, 0xdf, 0xf3, 0x63, 0x8c, 0xc0, 0xd6, 0x1b, ++ 0xaa, 0x5e, 0x66, 0x54, 0xb2, 0x77, 0x4d, 0xd4, 0xd3, 0x99, 0xeb, 0xba, ++ 0xc1, 0x3c, 0xe3, 0xf7, 0x48, 0x65, 0x9f, 0xb3, 0x0c, 0x96, 0x3f, 0x3b, ++ 0x2f, 0x10, 0x80, 0x8f, 0x59, 0x49, 0xa0, 0x26, 0x68, 0xf9, 0x8e, 0x0b, ++ 0x66, 0x6e, 0xc1, 0x57, 0x77, 0x5d, 0xc7, 0x4b, 0x3b, 0x73, 0xa7, 0x75, ++ 0x80, 0x0d, 0x93, 0x36, 0x62, 0xf5, 0x5f, 0xa0, 0x71, 0x72, 0x54, 0x33, ++ 0x3b, 0xc8, 0xee, 0x68, 0x70, 0xdc, 0x1e, 0x39, 0x04, 0x1e, 0x98, 0xd4, ++ 0x7f, 0x57, 0x0e, 0x5d, 0x6e, 0x3f, 0x27, 0xc1, 0x7d, 0x50, 0x13, 0x5b, ++ 0x31, 0xfe, 0x7b, 0x12, 0xd5, 0x42, 0xda, 0x8d, 0x0e, 0x69, 0xcc, 0xa1, ++ 0xc4, 0x90, 0xf5, 0x37, 0x13, 0x20, 0x42, 0x74, 0xea, 0x79, 0xde, 0x84, ++ 0x6d, 0x8e, 0xcf, 0x57, 0x0b, 0x9f, 0xa6, 0x1d, 0xbe, 0x42, 0xb2, 0x47, ++ 0xf8, 0x7e, 0x51, 0x2e, 0x8b, 0x5e, 0x7d, 0x3d, 0x98, 0x1e, 0x43, 0x2b, ++ 0x32, 0x2f, 0xcb, 0x64, 0xd9, 0x43, 0x2b, 0xae}; ++ ++static const unsigned char prime_weak_6144[] = { ++ 0xa2, 0x24, 0x96, 0xb6, 0x21, 0x68, 0xd5, 0x7e, 0x2c, 0x60, 0x4d, 0xc8, ++ 0x81, 0x59, 0x9c, 0x1c, 0x70, 0xec, 0x24, 0x28, 0xb6, 0x52, 0x36, 0x09, ++ 0x87, 0xaa, 0xc1, 0x5b, 0xe5, 0xa6, 0x3e, 0x88, 0x54, 0x05, 0xe3, 0x09, ++ 0x09, 0xca, 0x6d, 0x9b, 0xc4, 0x8d, 0x26, 0xaf, 0xd7, 0xee, 0x9f, 0x0d, ++ 0xbd, 0x44, 0x8e, 0xfe, 0xcd, 0xf2, 0xe6, 0xde, 0xac, 0xf2, 0x02, 0x37, ++ 0xdc, 0x35, 0xc2, 0xce, 0xcd, 0x5f, 0xc5, 0x87, 0x0f, 0x99, 0xa7, 0xdb, ++ 0x0f, 0x1a, 0xcd, 0x76, 0xaa, 0x4a, 0xa5, 0x09, 0x60, 0x60, 0xe3, 0x58, ++ 0xe4, 0x52, 0x07, 0x1b, 0x42, 0x17, 0x11, 0x50, 0x2b, 0x40, 0x95, 0x8d, ++ 0x48, 0xa0, 0x34, 0x95, 0x25, 0x38, 0xcf, 0x09, 0x94, 0xe6, 0x55, 0x06, ++ 0x8a, 0xde, 0xdc, 0x41, 0x4a, 0xd9, 0x1f, 0x80, 0x82, 0x1d, 0xb8, 0x1e, ++ 0x84, 0x60, 0xde, 0xed, 0x4f, 0xc0, 0xd8, 0x1d, 0x54, 0xda, 0xb3, 0xf3, ++ 0x0e, 0x54, 0x3f, 0x18, 0x88, 0xff, 0x25, 0x31, 0xc6, 0x16, 0xe6, 0x70, ++ 0xfa, 0xc4, 0x08, 0xfc, 0x00, 0x8b, 0xf6, 0x9d, 0x29, 0x8a, 0x59, 0x49, ++ 0xed, 0x5c, 0x34, 0x7a, 0x84, 0x79, 0x40, 0xc1, 0x7e, 0x82, 0x17, 0x36, ++ 0xc8, 0x96, 0xb5, 0xd2, 0xf9, 0xdb, 0xc0, 0x10, 0x9f, 0xf8, 0x95, 0x35, ++ 0x6f, 0xb0, 0xb9, 0x48, 0x88, 0xdc, 0xf0, 0x4d, 0x30, 0xcd, 0x15, 0xfd, ++ 0x2f, 0xba, 0x18, 0xcc, 0x94, 0x50, 0x3f, 0xfe, 0x60, 0x3d, 0x7a, 0x46, ++ 0xef, 0xc4, 0xcd, 0x14, 0xe0, 0xef, 0x97, 0x81, 0xa1, 0x95, 0xe3, 0xa5, ++ 0x91, 0x9a, 0xf7, 0x9f, 0x7c, 0xfa, 0x0c, 0x69, 0xb6, 0xdf, 0xdb, 0xaf, ++ 0x31, 0xd8, 0xa8, 0x77, 0x6a, 0xba, 0xba, 0x80, 0xff, 0x3f, 0x5f, 0x86, ++ 0x9f, 0x80, 0x03, 0x1e, 0xd0, 0x5f, 0x37, 0x50, 0x61, 0xfc, 0x03, 0xd8, ++ 0x93, 0xa1, 0x79, 0x62, 0xfa, 0x92, 0xb8, 0x4a, 0x66, 0x99, 0xd7, 0x85, ++ 0x8d, 0x0f, 0x07, 0x02, 0x03, 0x83, 0x8c, 0x20, 0xa5, 0x9c, 0x2f, 0xfd, ++ 0x22, 0x5a, 0xf0, 0x95, 0x1e, 0xbf, 0x17, 0xf1, 0x3a, 0x40, 0x7f, 0xce, ++ 0x94, 0x62, 0x5f, 0x58, 0xe5, 0xf3, 0x99, 0x8c, 0x38, 0x8f, 0x05, 0x10, ++ 0x68, 0xea, 0x41, 0xb5, 0xc0, 0x6f, 0x4f, 0x63, 0x87, 0x1d, 0x98, 0xc3, ++ 0x31, 0x66, 0x1e, 0x9f, 0x2d, 0x3c, 0x6e, 0x9f, 0xb3, 0xcf, 0x8e, 0x77, ++ 0xf5, 0x3c, 0x51, 0x5a, 0xee, 0x82, 0xa1, 0xc5, 0x53, 0x20, 0x75, 0xd1, ++ 0xa8, 0x02, 0x37, 0x43, 0x08, 0x16, 0x05, 0x01, 0xed, 0xea, 0xf1, 0x52, ++ 0x58, 0x20, 0x94, 0x85, 0x05, 0x2e, 0x48, 0x3f, 0x47, 0x49, 0x4f, 0x01, ++ 0x44, 0xbd, 0x1e, 0x42, 0xea, 0x90, 0x90, 0x23, 0x99, 0x05, 0xfd, 0x37, ++ 0x41, 0x0c, 0x2f, 0xc4, 0x20, 0x04, 0x99, 0xee, 0x0f, 0xbb, 0xc2, 0x6d, ++ 0x0a, 0x7f, 0x24, 0x5a, 0x17, 0xa4, 0xeb, 0x9c, 0x67, 0xfe, 0x64, 0x0d, ++ 0xea, 0xb7, 0x20, 0x48, 0x40, 0x3b, 0x25, 0xed, 0x51, 0x5c, 0xfc, 0x20, ++ 0x18, 0xb6, 0xfc, 0x3e, 0xdb, 0xd9, 0xa1, 0xbd, 0x9e, 0xee, 0xcb, 0x5d, ++ 0x02, 0xfe, 0x7f, 0x42, 0x9d, 0xc9, 0xce, 0xfa, 0xe1, 0xd8, 0xf2, 0x05, ++ 0x67, 0x35, 0x88, 0x4e, 0xd7, 0x70, 0x97, 0x63, 0xb5, 0x0c, 0x60, 0x89, ++ 0xc0, 0xfe, 0x32, 0xd7, 0xae, 0x4b, 0xf1, 0x0a, 0xae, 0x3c, 0xde, 0x18, ++ 0x9c, 0x1d, 0xd2, 0xda, 0xf2, 0x02, 0x8d, 0xf1, 0x07, 0xd6, 0x5e, 0xb7, ++ 0xba, 0xaf, 0x81, 0x97, 0xee, 0xe0, 0x9d, 0x51, 0xf3, 0x1d, 0xc1, 0x5d, ++ 0x43, 0xe2, 0x0b, 0x0c, 0x9c, 0x0d, 0x74, 0x91, 0x20, 0x6f, 0x65, 0xf1, ++ 0xf2, 0x84, 0x02, 0x38, 0xb5, 0xe5, 0x10, 0x21, 0xfc, 0xe6, 0xc3, 0x4b, ++ 0x60, 0x49, 0x6a, 0xf1, 0xd5, 0x50, 0x0f, 0x6f, 0x8b, 0x1e, 0x80, 0xf3, ++ 0x5d, 0x29, 0xee, 0x60, 0xab, 0x26, 0xa5, 0x8c, 0xc4, 0x4c, 0xcb, 0xa6, ++ 0xaa, 0xe3, 0xfe, 0xd1, 0x67, 0x48, 0xb4, 0xfa, 0xbf, 0x57, 0xfe, 0x62, ++ 0x85, 0xa0, 0xac, 0xdc, 0x4e, 0x71, 0x01, 0xcc, 0x12, 0xec, 0x80, 0x95, ++ 0x54, 0xdc, 0x14, 0x9e, 0x20, 0xda, 0x5a, 0xbd, 0xee, 0x76, 0xbe, 0x39, ++ 0xcf, 0xbd, 0x8a, 0xe3, 0x0e, 0x71, 0x85, 0xe4, 0x3c, 0x62, 0x3b, 0xf8, ++ 0x6e, 0x70, 0xd4, 0xd6, 0x2e, 0xe0, 0x5e, 0x11, 0x9d, 0x33, 0xd9, 0x30, ++ 0xff, 0x3b, 0xcc, 0x2a, 0x39, 0xc4, 0x6f, 0xfd, 0xca, 0x88, 0xad, 0x28, ++ 0xa2, 0xe8, 0xa8, 0xd7, 0xe6, 0x08, 0x0d, 0xaf, 0x9d, 0xd8, 0xc8, 0x41, ++ 0x66, 0x84, 0x66, 0x86, 0x2b, 0x81, 0x3b, 0x6c, 0xc6, 0x76, 0x27, 0x6a, ++ 0x0d, 0x96, 0x0e, 0x65, 0x3e, 0xdf, 0xf5, 0x68, 0x04, 0x9d, 0x2d, 0x26, ++ 0x8b, 0xca, 0x0a, 0x79, 0x2a, 0xb4, 0xa0, 0xb3, 0x18, 0x4a, 0xea, 0x6a, ++ 0xd2, 0x14, 0xcd, 0x47, 0x85, 0x9f, 0x86, 0xd7, 0xde, 0xaa, 0x1e, 0x0e, ++ 0x71, 0x13, 0xec, 0xfe, 0x7c, 0x69, 0xbf, 0x22, 0xf0, 0x61, 0x50, 0x97, ++ 0x77, 0xc2, 0x2b, 0x31, 0x89, 0x11, 0xd6, 0x08, 0xb1, 0xd4, 0xce, 0xba, ++ 0xa0, 0x16, 0x9c, 0x2b, 0x8b, 0x3e, 0x17, 0xd8, 0xea, 0xe1, 0xf1, 0x20, ++ 0x7f, 0x3e, 0x76, 0x9f, 0x2f, 0x46, 0xc3, 0xaf, 0xc4, 0xba, 0xc9, 0x63, ++ 0xf7, 0xbb, 0x98, 0x6d, 0x60, 0x16, 0x04, 0x14, 0xc2, 0xed, 0x2e, 0xc3, ++ 0x00, 0x4f, 0x8f, 0x9d, 0xc6, 0xd9, 0xcd, 0xc1, 0xab, 0x4e, 0x67, 0xed, ++ 0xf8, 0xd2, 0x62, 0x13, 0xfa, 0x11, 0x31, 0xbb, 0x08, 0xdd, 0x4e, 0x89, ++ 0x4a, 0xff, 0x07, 0x89, 0xb5, 0x6c, 0xc3, 0xfe, 0x76, 0x6d, 0x10, 0x4c, ++ 0x1e, 0x10, 0x55, 0x22, 0x95, 0xfe, 0x09, 0xa5, 0x6e, 0x73, 0x0c, 0x2b}; ++ ++static const unsigned char subprime_weak_6144[] = { ++ 0xa8, 0x61, 0x65, 0x91, 0xb2, 0x43, 0xe3, 0x04, 0x25, 0x77, 0xb0, ++ 0x5a, 0xc5, 0xb1, 0x50, 0x19, 0x31, 0x2a, 0xd4, 0x79, 0x93, 0xc4, ++ 0x90, 0x9b, 0x27, 0xf1, 0x1e, 0xbb, 0x6e, 0x08, 0x98, 0xb1}; ++ ++static const unsigned char base_weak_6144[] = { ++ 0x34, 0xc2, 0xb2, 0x1f, 0xd9, 0x4e, 0xb6, 0xfd, 0x6c, 0x01, 0x47, 0xb9, ++ 0x50, 0xf1, 0xbe, 0x07, 0x1c, 0xdd, 0x67, 0xa2, 0xf1, 0x7c, 0x0d, 0xe5, ++ 0x9b, 0x7c, 0x9e, 0x0e, 0xd9, 0xf8, 0x81, 0xa1, 0xcf, 0x12, 0x28, 0x69, ++ 0xcd, 0xdf, 0x8a, 0x91, 0xad, 0x53, 0x0e, 0x31, 0x0c, 0xff, 0x4f, 0xaa, ++ 0x4f, 0x24, 0xa3, 0xd8, 0xc5, 0x56, 0xef, 0x21, 0xd6, 0x03, 0xcc, 0x87, ++ 0xab, 0xde, 0x7b, 0xbb, 0xbc, 0x1c, 0x91, 0xd4, 0x1d, 0x08, 0xe8, 0x26, ++ 0xba, 0x6e, 0x0c, 0x17, 0x1f, 0xb1, 0x29, 0x17, 0x04, 0x6c, 0x84, 0xd5, ++ 0x43, 0xc1, 0x35, 0xfd, 0x5a, 0x03, 0xd2, 0x9f, 0x30, 0xf7, 0xa5, 0xd5, ++ 0xb3, 0xc7, 0x5e, 0x00, 0x51, 0x31, 0x49, 0xec, 0x9b, 0xdd, 0x51, 0xee, ++ 0x84, 0xf4, 0x5f, 0xbe, 0x81, 0x23, 0x1e, 0xae, 0x99, 0x08, 0xdb, 0x26, ++ 0x41, 0xea, 0xcb, 0x7f, 0x40, 0xf6, 0x7b, 0x7f, 0xf7, 0x45, 0xcc, 0x7c, ++ 0x05, 0x35, 0xa8, 0x9f, 0x5a, 0x61, 0xf2, 0x71, 0xd4, 0x9b, 0x36, 0x19, ++ 0x69, 0xcd, 0x15, 0x06, 0x7a, 0xd7, 0x65, 0x04, 0x23, 0xa1, 0xf0, 0x18, ++ 0x16, 0xb1, 0x33, 0x45, 0x22, 0x14, 0xce, 0xc2, 0xfa, 0x6f, 0x5e, 0x4e, ++ 0x80, 0xc0, 0x99, 0x82, 0x6c, 0x2e, 0x6e, 0xaa, 0x0f, 0x5d, 0x60, 0xdc, ++ 0xc0, 0x91, 0x8f, 0x8b, 0xdd, 0x6c, 0xd2, 0xc2, 0x2e, 0x7a, 0xb6, 0x97, ++ 0x0a, 0x9c, 0x3c, 0x98, 0xe2, 0xd1, 0x5f, 0x6e, 0x1c, 0xbd, 0xb5, 0xdc, ++ 0x59, 0x3e, 0xb8, 0x94, 0x22, 0x89, 0x80, 0x0f, 0x75, 0x87, 0x18, 0x58, ++ 0x14, 0xb8, 0xa0, 0x80, 0x04, 0x33, 0x31, 0x34, 0x96, 0xd8, 0x0c, 0xc6, ++ 0xfd, 0xd0, 0x2b, 0xee, 0x52, 0xbf, 0x1f, 0x77, 0xfd, 0x18, 0xba, 0x77, ++ 0xb4, 0xf7, 0xcc, 0xc6, 0x5d, 0x50, 0x10, 0x94, 0xd8, 0x99, 0xce, 0x8d, ++ 0x2c, 0xc0, 0xa1, 0xd1, 0x44, 0xde, 0x90, 0x77, 0x45, 0x6a, 0x52, 0xbe, ++ 0x02, 0x8d, 0x21, 0x98, 0x76, 0xc9, 0x78, 0x31, 0x84, 0x21, 0xc6, 0x7d, ++ 0xb5, 0xcd, 0x65, 0x1e, 0x33, 0xea, 0x26, 0xe1, 0x5c, 0x1b, 0x4d, 0x66, ++ 0xc7, 0x08, 0xc9, 0xd5, 0x83, 0x8a, 0x2e, 0x80, 0x1c, 0xb8, 0x4d, 0x5f, ++ 0xf0, 0x28, 0x10, 0x02, 0x08, 0xd4, 0xe9, 0x87, 0xff, 0x5e, 0xe6, 0x39, ++ 0x4a, 0x40, 0xe6, 0x96, 0x64, 0xe5, 0x99, 0xbd, 0x69, 0xd3, 0x9a, 0xc6, ++ 0x0f, 0xea, 0x99, 0x34, 0x16, 0x06, 0x8d, 0xc4, 0xe9, 0x1e, 0x30, 0x31, ++ 0xa3, 0x23, 0xf2, 0xf6, 0x34, 0x65, 0x28, 0xe4, 0x6e, 0xfc, 0x85, 0x27, ++ 0xa2, 0x59, 0xb0, 0x19, 0x32, 0x7b, 0x07, 0x7b, 0x71, 0xa8, 0xb2, 0x9d, ++ 0x49, 0x14, 0xcd, 0xe5, 0x4e, 0x58, 0x34, 0xa8, 0x33, 0x7d, 0x99, 0xb8, ++ 0x48, 0x54, 0x1a, 0xc0, 0xd4, 0xb1, 0xaa, 0x15, 0x00, 0xe8, 0x7e, 0x9e, ++ 0x02, 0xcc, 0xde, 0x93, 0xe8, 0x73, 0x92, 0xf3, 0x3d, 0x99, 0x04, 0x21, ++ 0xc2, 0xa9, 0xb8, 0x1c, 0xfd, 0x9a, 0xfd, 0x30, 0xb4, 0x85, 0x5b, 0xbb, ++ 0x48, 0x0a, 0x7d, 0xfe, 0xc9, 0x49, 0x72, 0xdd, 0xbe, 0x6c, 0x3a, 0x2b, ++ 0x64, 0xc5, 0x85, 0xa8, 0xb4, 0x7c, 0x3a, 0xcb, 0x5f, 0x59, 0x62, 0xd6, ++ 0x2b, 0x62, 0x2d, 0xdb, 0x77, 0x96, 0x29, 0x9b, 0x75, 0x21, 0x4a, 0xaa, ++ 0xff, 0x19, 0xe4, 0x95, 0x2b, 0x7f, 0xec, 0xcb, 0x49, 0xd9, 0xa0, 0x70, ++ 0xc8, 0x5f, 0x0a, 0x5f, 0x27, 0x05, 0xf2, 0xff, 0xaa, 0x94, 0x47, 0x75, ++ 0x22, 0xf0, 0xe9, 0x29, 0x05, 0x45, 0x08, 0xb8, 0x24, 0xa5, 0x89, 0x0a, ++ 0xd4, 0x94, 0xfc, 0xe8, 0x55, 0x67, 0x1f, 0x16, 0x0e, 0x0f, 0xdb, 0xdf, ++ 0xcf, 0x4a, 0xba, 0x8f, 0x57, 0x4a, 0xf2, 0xe7, 0x8c, 0xe1, 0xe9, 0x5c, ++ 0x4a, 0xae, 0x2e, 0x85, 0x47, 0x93, 0x57, 0x6f, 0xb1, 0xea, 0xad, 0xaa, ++ 0x38, 0x52, 0x81, 0xe0, 0x14, 0xed, 0x16, 0xc5, 0xd3, 0xef, 0x70, 0x28, ++ 0x7e, 0x64, 0x52, 0xe2, 0x4a, 0x84, 0xdb, 0x44, 0x77, 0x87, 0x4e, 0x39, ++ 0x89, 0x73, 0x96, 0x3f, 0x5a, 0xfa, 0xb3, 0xa2, 0x88, 0x3d, 0x66, 0x41, ++ 0xbf, 0xdb, 0xa9, 0xb0, 0xbf, 0xec, 0x6f, 0x86, 0x25, 0x7f, 0x58, 0xce, ++ 0xc9, 0xa0, 0x1c, 0x3d, 0xf0, 0x0e, 0x08, 0xa7, 0x6e, 0x85, 0x15, 0x7f, ++ 0x0f, 0x5c, 0x1d, 0xfd, 0xfa, 0x86, 0x02, 0x73, 0x75, 0x21, 0xe4, 0xb4, ++ 0x98, 0x57, 0x87, 0x16, 0xbf, 0xd4, 0xdf, 0xd3, 0x5e, 0x62, 0x3b, 0x52, ++ 0xc4, 0xd6, 0xee, 0xed, 0x07, 0x51, 0x3f, 0x31, 0x50, 0x04, 0xc6, 0x8b, ++ 0xea, 0xfa, 0x04, 0x10, 0x54, 0xa9, 0x1a, 0xf1, 0x5c, 0x5e, 0xb0, 0x3a, ++ 0xf3, 0xcc, 0x65, 0xb1, 0x01, 0x98, 0x8e, 0x96, 0x6d, 0x55, 0x5f, 0x5b, ++ 0xfb, 0x09, 0xfa, 0x1f, 0x4c, 0x03, 0x11, 0x6f, 0xb9, 0x69, 0xfd, 0x8c, ++ 0x7a, 0xf6, 0x16, 0x51, 0x9f, 0xc0, 0xdf, 0x42, 0x91, 0xc8, 0xd5, 0x7c, ++ 0x58, 0xd3, 0xac, 0xdc, 0x53, 0xb4, 0x38, 0xe9, 0xbc, 0x76, 0x1e, 0x9b, ++ 0xf8, 0x53, 0x5c, 0xd2, 0xea, 0x11, 0xa0, 0x7e, 0x24, 0x36, 0x12, 0xff, ++ 0xac, 0x4f, 0x9d, 0x2d, 0xdc, 0x2a, 0x2b, 0xf7, 0xb6, 0x79, 0x1a, 0xa3, ++ 0x59, 0x09, 0x34, 0x56, 0x04, 0x8f, 0xfe, 0x1b, 0x3d, 0xf9, 0x73, 0xd1, ++ 0xc7, 0x30, 0x3d, 0x97, 0xc5, 0x2f, 0x4b, 0x0b, 0x66, 0xad, 0x4b, 0x4a, ++ 0xcd, 0xc9, 0x2d, 0xaa, 0xdd, 0x3a, 0x9a, 0x22, 0x89, 0x4c, 0x8c, 0xc6, ++ 0x1e, 0xbd, 0xa4, 0xbd, 0x43, 0x0b, 0x52, 0xfb, 0xcd, 0x07, 0x04, 0x43, ++ 0x77, 0xf7, 0x11, 0x7a, 0x70, 0x4f, 0x4a, 0xae, 0xb3, 0x7b, 0x99, 0x7e, ++ 0x90, 0x17, 0x8b, 0xca, 0x77, 0xfc, 0x15, 0x4b, 0xda, 0xc1, 0x7c, 0x56}; ++ ++static const unsigned char prime_weak_8192[] = { ++ 0x93, 0xdf, 0x6d, 0x37, 0xdc, 0x2a, 0xa4, 0xab, 0x5d, 0xdc, 0x73, 0x42, ++ 0x12, 0x18, 0x8f, 0x39, 0x47, 0x73, 0xf5, 0x3e, 0xbc, 0x6e, 0x0d, 0x2a, ++ 0x68, 0x5d, 0x53, 0x4f, 0x22, 0x8c, 0xa8, 0xa8, 0x4a, 0xac, 0x6a, 0x60, ++ 0x54, 0xca, 0x1a, 0x75, 0xda, 0x85, 0x02, 0x5e, 0x80, 0xbb, 0x9b, 0x5a, ++ 0x74, 0x96, 0x69, 0xc2, 0x7c, 0x84, 0x1f, 0x76, 0x0d, 0x53, 0xe4, 0x0b, ++ 0x32, 0xf3, 0x4b, 0xf6, 0x92, 0x5b, 0x2c, 0x98, 0x5d, 0xa9, 0x60, 0xdc, ++ 0x17, 0x5b, 0xfb, 0xb5, 0x0e, 0x38, 0xae, 0x63, 0x16, 0x79, 0xa4, 0xc5, ++ 0x76, 0x74, 0x20, 0x97, 0x5b, 0xdc, 0xa9, 0x88, 0xd1, 0x14, 0x46, 0x3e, ++ 0x1d, 0xe6, 0xca, 0xb5, 0x38, 0x57, 0xfd, 0xeb, 0x66, 0x2a, 0xfa, 0x8c, ++ 0x30, 0x07, 0xea, 0xb4, 0xbc, 0x79, 0x33, 0x14, 0xdf, 0x8f, 0x1d, 0x60, ++ 0x47, 0xc7, 0x23, 0xd9, 0x7f, 0xe3, 0x1c, 0x94, 0xa9, 0xbb, 0x2d, 0x1b, ++ 0x37, 0x64, 0x20, 0xcf, 0x68, 0x52, 0x39, 0xd9, 0x6f, 0x23, 0x50, 0xb2, ++ 0x67, 0xc8, 0x47, 0xaa, 0x39, 0x96, 0xd2, 0xfd, 0x9b, 0x9c, 0x86, 0x71, ++ 0xd8, 0x7c, 0x67, 0xb5, 0x7a, 0x9d, 0x4f, 0xf8, 0x8f, 0x34, 0x64, 0xcb, ++ 0xdb, 0x85, 0x11, 0x97, 0x86, 0xf7, 0xa1, 0x19, 0x2a, 0x10, 0x7a, 0xf2, ++ 0x15, 0x1b, 0x0c, 0x6e, 0x64, 0xf1, 0x18, 0x53, 0xf9, 0x9a, 0xdd, 0x7c, ++ 0x0d, 0x7c, 0x3d, 0x39, 0x9c, 0xa3, 0xc5, 0xf8, 0x68, 0x6f, 0xb4, 0x35, ++ 0xf8, 0x1d, 0xb8, 0xc8, 0xab, 0xea, 0x58, 0xf3, 0xbb, 0x78, 0xf3, 0xe2, ++ 0xa6, 0x16, 0xb3, 0x4a, 0x0a, 0x56, 0x5b, 0x44, 0xac, 0xcb, 0x66, 0x5d, ++ 0xa3, 0x62, 0x71, 0x91, 0x05, 0xd4, 0x97, 0x72, 0x33, 0x77, 0x43, 0x31, ++ 0x35, 0x9c, 0x43, 0xb8, 0xd5, 0x85, 0xdb, 0x8e, 0x28, 0xcb, 0x29, 0x98, ++ 0xb7, 0xfe, 0x6a, 0xf6, 0x08, 0x89, 0x82, 0xfc, 0xe6, 0x5d, 0x62, 0x68, ++ 0x55, 0xac, 0x3b, 0x9d, 0x82, 0xcd, 0x06, 0x10, 0x53, 0x93, 0x1d, 0x66, ++ 0x6a, 0xce, 0x63, 0x2c, 0x49, 0x36, 0xf3, 0x0d, 0x1c, 0x3f, 0x24, 0xd0, ++ 0x7f, 0xb2, 0xa0, 0xcf, 0x76, 0x2a, 0x16, 0xa2, 0x6f, 0x6b, 0xf4, 0xfe, ++ 0xb5, 0xca, 0x99, 0x44, 0x7c, 0xfc, 0x3b, 0xc1, 0xe4, 0x09, 0xf5, 0x7b, ++ 0x6d, 0x6c, 0xa1, 0x15, 0x10, 0x00, 0x4c, 0x75, 0x4d, 0x2a, 0x80, 0x95, ++ 0x90, 0x9a, 0x15, 0x5e, 0x77, 0x28, 0x8e, 0x83, 0x40, 0x85, 0x1f, 0x2d, ++ 0x70, 0x17, 0xa0, 0xb0, 0x7d, 0xe5, 0xfa, 0x81, 0x51, 0xbe, 0xb4, 0x16, ++ 0xf6, 0x54, 0x9f, 0x0e, 0xa3, 0xe2, 0x1e, 0x5e, 0x9b, 0x1c, 0xda, 0x0e, ++ 0x9f, 0x93, 0x5c, 0xf4, 0x43, 0xbd, 0x9c, 0x1e, 0x16, 0x67, 0xb5, 0x42, ++ 0x94, 0x70, 0xf8, 0x79, 0x0c, 0x2d, 0x48, 0xc1, 0x24, 0xc5, 0xc6, 0xa9, ++ 0x64, 0x0c, 0x44, 0xec, 0x99, 0xae, 0xb5, 0xe7, 0xc1, 0x24, 0x8a, 0x6c, ++ 0xd1, 0xa2, 0xbf, 0x4c, 0x6b, 0x0b, 0xe9, 0xf0, 0x98, 0x3d, 0xc7, 0x9c, ++ 0xe1, 0x8d, 0x1a, 0xde, 0xc4, 0x44, 0x43, 0xc6, 0xbf, 0x38, 0x62, 0x25, ++ 0x91, 0x42, 0x84, 0x01, 0x28, 0xcb, 0x80, 0xbc, 0x39, 0x4c, 0xc3, 0x3f, ++ 0xf6, 0xdf, 0xe1, 0xe6, 0xc9, 0x77, 0x35, 0x57, 0x2f, 0x89, 0x9d, 0xfa, ++ 0xaf, 0x37, 0xd6, 0x33, 0x71, 0x34, 0xff, 0x52, 0x28, 0xb3, 0x3c, 0x96, ++ 0x68, 0x10, 0x12, 0xc9, 0xbe, 0x18, 0x03, 0xcd, 0xef, 0x27, 0x0a, 0xd1, ++ 0xc9, 0x0e, 0x49, 0x01, 0x22, 0x73, 0xdb, 0x5f, 0x11, 0x75, 0x6d, 0xea, ++ 0x16, 0xda, 0x26, 0x7f, 0x3e, 0x7c, 0xcb, 0x62, 0xcf, 0xcc, 0x8d, 0xd6, ++ 0xea, 0xce, 0x26, 0x44, 0xa4, 0x74, 0x54, 0x4e, 0x2b, 0x15, 0xba, 0x9d, ++ 0xa1, 0x39, 0xe8, 0xfd, 0xe0, 0x29, 0xf0, 0xd7, 0xaa, 0x30, 0x6b, 0xd7, ++ 0x14, 0x3c, 0xa0, 0x04, 0xbc, 0xed, 0x82, 0xcb, 0xc9, 0xdb, 0x4f, 0x20, ++ 0x05, 0x6e, 0x45, 0x79, 0xdd, 0x5b, 0x3d, 0x5e, 0xee, 0xf1, 0xc3, 0xaa, ++ 0xb3, 0xd3, 0x3a, 0x47, 0xac, 0xe3, 0x12, 0xa1, 0xd5, 0xf4, 0x24, 0xe5, ++ 0x6c, 0xe4, 0x9f, 0xb4, 0xca, 0x96, 0x49, 0x51, 0x36, 0x3b, 0xa4, 0xa2, ++ 0xd6, 0x2e, 0x42, 0x23, 0x32, 0x8c, 0xc8, 0x83, 0xea, 0x14, 0xd1, 0x08, ++ 0x09, 0x8f, 0xdb, 0x4c, 0xc2, 0x00, 0x44, 0x06, 0x81, 0xd4, 0x11, 0x5d, ++ 0x2b, 0x1e, 0x37, 0x80, 0xaa, 0xb9, 0x88, 0xfa, 0xab, 0xd2, 0x76, 0x2e, ++ 0x03, 0xb8, 0x3b, 0x0b, 0xfc, 0x01, 0x96, 0xe3, 0x62, 0x00, 0x71, 0x13, ++ 0xe8, 0xfb, 0x78, 0xce, 0x39, 0x06, 0xa1, 0x44, 0xdd, 0x61, 0x6a, 0x56, ++ 0xb2, 0xcd, 0xcb, 0xec, 0x67, 0x24, 0x28, 0x7d, 0x39, 0x80, 0x37, 0xcb, ++ 0x95, 0x49, 0x96, 0xe9, 0x3f, 0xb7, 0x89, 0xeb, 0x11, 0x7c, 0x34, 0x49, ++ 0x36, 0x2c, 0xec, 0x82, 0xb6, 0x3c, 0xa9, 0x9a, 0xd3, 0xb8, 0xab, 0xb9, ++ 0x28, 0x2f, 0x97, 0x71, 0x04, 0xa8, 0x86, 0x2b, 0x43, 0xb6, 0x27, 0x51, ++ 0x8a, 0xe0, 0xa3, 0x98, 0xe7, 0x33, 0x32, 0xfe, 0x18, 0xb9, 0x38, 0x95, ++ 0x78, 0x17, 0xbe, 0x43, 0xa0, 0x08, 0x8b, 0x05, 0x8d, 0x56, 0xd7, 0x4e, ++ 0x61, 0x01, 0x00, 0x05, 0x12, 0x6d, 0x13, 0x95, 0xea, 0xce, 0xdc, 0xbf, ++ 0xc4, 0x74, 0x20, 0x89, 0x28, 0x05, 0xd2, 0x97, 0xc3, 0x35, 0x24, 0x6d, ++ 0x43, 0xdd, 0xe2, 0x9f, 0x15, 0x80, 0xee, 0xdd, 0xcd, 0x8a, 0x88, 0xc5, ++ 0x92, 0xda, 0x1d, 0xd9, 0xd0, 0xb8, 0xfd, 0x18, 0xcc, 0x58, 0x1b, 0xca, ++ 0x3b, 0xcc, 0x9e, 0xcd, 0x53, 0x61, 0x68, 0xf5, 0xbb, 0x2d, 0x02, 0x55, ++ 0x2b, 0x93, 0x9f, 0x18, 0x17, 0x20, 0xb1, 0x54, 0xe0, 0xfe, 0x3e, 0x6a, ++ 0x10, 0x7f, 0xee, 0x60, 0x7c, 0xcb, 0x14, 0x82, 0x68, 0xed, 0x08, 0x07, ++ 0xe7, 0x34, 0xad, 0x27, 0x6f, 0xda, 0x57, 0xe2, 0xa7, 0x4b, 0x7e, 0x7a, ++ 0x2e, 0x95, 0x88, 0x58, 0x3d, 0xe7, 0xdc, 0xa3, 0xf2, 0xe9, 0xf5, 0x95, ++ 0xfd, 0x1c, 0x5f, 0x9e, 0x5c, 0x0c, 0xe8, 0x36, 0xd5, 0x09, 0x35, 0x66, ++ 0x27, 0xb9, 0x13, 0x8a, 0x0e, 0xfa, 0xeb, 0xa6, 0x5b, 0xd6, 0x07, 0x4d, ++ 0xcf, 0x0d, 0x90, 0x71, 0xa1, 0xe5, 0x58, 0x1e, 0x27, 0x69, 0x64, 0x18, ++ 0x22, 0x07, 0x8a, 0x2a, 0xe9, 0x08, 0x00, 0x02, 0x8a, 0x58, 0x38, 0x81, ++ 0x05, 0xd8, 0xe7, 0x5d, 0x3d, 0xe8, 0x2b, 0x17, 0xfa, 0x29, 0x5c, 0xeb, ++ 0x93, 0x0c, 0x0f, 0x29, 0x68, 0x21, 0x93, 0x62, 0xf2, 0xe1, 0x44, 0x38, ++ 0x69, 0x21, 0x57, 0x86, 0x71, 0x6b, 0x3d, 0x12, 0x4e, 0x28, 0xdb, 0x0b, ++ 0xd4, 0x2c, 0xc5, 0xe8, 0x5f, 0x9b, 0xd2, 0x26, 0x08, 0x45, 0xa4, 0xb2, ++ 0xb1, 0x5e, 0xd1, 0x18, 0x3e, 0x62, 0x8d, 0x77, 0xa0, 0x62, 0x07, 0x75, ++ 0x0c, 0x68, 0x7f, 0xab, 0xd2, 0x2c, 0xec, 0x8e, 0xa9, 0x6e, 0x37, 0x3d, ++ 0xdb, 0x33, 0x7a, 0x4a, 0xba, 0x86, 0x25, 0x50, 0x6a, 0x37, 0x1b, 0x9b, ++ 0x91, 0x1a, 0x5f, 0x93, 0x21, 0xea, 0x91, 0xdc, 0x64, 0xb6, 0x07, 0x44, ++ 0x34, 0x79, 0x6a, 0x6a, 0x42, 0x4e, 0xf3, 0xe2, 0xa2, 0x6b, 0xff, 0xcd, ++ 0xd7, 0xc5, 0x69, 0xb9, 0x81, 0x7d, 0x34, 0xb4, 0x5b, 0xb6, 0x83, 0xc3, ++ 0x6b, 0x9a, 0xe1, 0x2e, 0x5e, 0x34, 0x01, 0x21, 0xeb, 0x37, 0xcc, 0xc5, ++ 0x5f, 0x7f, 0xa0, 0xde, 0x0f, 0x79, 0xb7, 0xc3, 0x3b, 0x84, 0x7d, 0xe8, ++ 0x96, 0xfd, 0x32, 0x47, 0x78, 0x3e, 0x22, 0xc8, 0x98, 0xce, 0x7a, 0xef, ++ 0x1d, 0xa6, 0x09, 0x3a, 0xff, 0xf7, 0x68, 0xd9, 0xb8, 0xe9, 0x7e, 0x8a, ++ 0xec, 0x23, 0x01, 0x97}; ++ ++static const unsigned char subprime_weak_8192[] = { ++ 0xe2, 0x48, 0x2e, 0xe9, 0x45, 0x85, 0xe1, 0x01, 0x91, 0x3b, 0xd1, ++ 0x15, 0x16, 0xb4, 0xf5, 0x5b, 0x2c, 0xb4, 0xae, 0x42, 0x61, 0x7a, ++ 0xd9, 0x26, 0x39, 0x12, 0xd2, 0x46, 0xb3, 0x46, 0x9b, 0x5f}; ++ ++static const unsigned char base_weak_8192[] = { ++ 0x78, 0x4d, 0x5d, 0xa1, 0xce, 0x9d, 0x68, 0xae, 0x47, 0x31, 0x81, 0x08, ++ 0x8c, 0x24, 0x38, 0x6a, 0xc8, 0xc7, 0xf4, 0x1c, 0xa1, 0xcb, 0x5d, 0x65, ++ 0x04, 0x6e, 0x0d, 0xbe, 0x55, 0x1d, 0x25, 0xc2, 0xca, 0x74, 0x99, 0x66, ++ 0x67, 0x75, 0x00, 0xd6, 0x12, 0x90, 0x7f, 0x44, 0x56, 0x40, 0x98, 0x23, ++ 0x30, 0x87, 0x7b, 0x02, 0x86, 0xc1, 0xb3, 0x1b, 0x83, 0x82, 0xdb, 0x5b, ++ 0xa6, 0x72, 0x90, 0x77, 0xf9, 0x63, 0x9d, 0xb4, 0xe0, 0x83, 0x5e, 0x04, ++ 0x1d, 0x7b, 0x25, 0x68, 0x67, 0xa4, 0xb2, 0x4e, 0x5a, 0xde, 0x1f, 0x48, ++ 0x01, 0x10, 0xde, 0xde, 0xa9, 0xc3, 0x14, 0xc5, 0x9c, 0xda, 0xbe, 0xd9, ++ 0x19, 0x91, 0x43, 0x4a, 0xaa, 0x77, 0xcc, 0xbb, 0xe0, 0xe7, 0x71, 0xa9, ++ 0xa2, 0x73, 0x4f, 0xf6, 0x88, 0xe0, 0xc6, 0x5d, 0x1a, 0xc9, 0x80, 0x6b, ++ 0x47, 0x98, 0x76, 0xb4, 0x6c, 0xfe, 0xc8, 0xdf, 0x65, 0x42, 0x3d, 0x11, ++ 0x60, 0x09, 0x32, 0xb3, 0x35, 0xc4, 0x97, 0x4c, 0xae, 0xd3, 0x3a, 0x0c, ++ 0x2b, 0x44, 0xe6, 0x21, 0x01, 0xf3, 0xbf, 0x3d, 0xb7, 0x18, 0x31, 0x28, ++ 0x88, 0x9e, 0xad, 0x06, 0xc4, 0xb8, 0x0a, 0x26, 0x09, 0xff, 0xe7, 0xf4, ++ 0xab, 0xd9, 0x28, 0x94, 0x02, 0xe6, 0x58, 0x65, 0xf4, 0x47, 0x3f, 0x4c, ++ 0x9e, 0xd8, 0x68, 0xed, 0x65, 0x39, 0x5b, 0x04, 0x6a, 0x1d, 0x21, 0xba, ++ 0xef, 0xbd, 0xdc, 0x15, 0x69, 0xb2, 0x24, 0x6c, 0x23, 0x98, 0xdd, 0x22, ++ 0xa0, 0x90, 0x48, 0xc1, 0xcc, 0xc6, 0xb4, 0xc9, 0x19, 0x8c, 0x23, 0x89, ++ 0x0b, 0x3b, 0x66, 0x0f, 0xfb, 0x45, 0xe6, 0x05, 0x7d, 0x57, 0xd3, 0x58, ++ 0x6c, 0xe5, 0x36, 0xaa, 0x05, 0xcf, 0xa6, 0x2d, 0x5a, 0x40, 0x96, 0x12, ++ 0x1e, 0xea, 0x34, 0x11, 0x94, 0x76, 0x47, 0xc8, 0x87, 0x3d, 0xb9, 0xe8, ++ 0x83, 0x6b, 0xfe, 0x83, 0xc6, 0xa3, 0x38, 0xe1, 0x06, 0xc3, 0xb0, 0xeb, ++ 0x53, 0x07, 0x75, 0x20, 0x60, 0xc2, 0xee, 0x1e, 0x95, 0xb4, 0xc1, 0xc5, ++ 0xe0, 0x1b, 0x47, 0xbb, 0xf9, 0x48, 0x6a, 0x68, 0x09, 0xab, 0xd2, 0x6e, ++ 0x29, 0x74, 0xed, 0x61, 0x0e, 0x12, 0xe2, 0x89, 0x15, 0x4f, 0xe2, 0xa1, ++ 0x50, 0xbd, 0x81, 0x49, 0xf0, 0xc4, 0x17, 0xe5, 0xb3, 0x35, 0x0b, 0xfa, ++ 0x59, 0x9f, 0x18, 0x84, 0xba, 0x74, 0xf2, 0xb8, 0x8f, 0xdf, 0x7c, 0x3e, ++ 0x36, 0x67, 0x84, 0xb7, 0x85, 0x50, 0x51, 0x64, 0x2a, 0xca, 0x8f, 0x6b, ++ 0xc8, 0xd1, 0x88, 0x0f, 0x64, 0x9a, 0x4a, 0xbd, 0x9b, 0x5f, 0x11, 0xd0, ++ 0x80, 0xba, 0x5d, 0x2e, 0x63, 0xc1, 0xe3, 0x58, 0xc1, 0xf3, 0xe3, 0x88, ++ 0xa7, 0xe6, 0xb2, 0x3c, 0xdf, 0x9d, 0xfa, 0xed, 0x5c, 0x6f, 0x86, 0x3b, ++ 0x25, 0x0f, 0x0e, 0xff, 0x0b, 0x88, 0x1c, 0xe9, 0xeb, 0xe5, 0x75, 0xee, ++ 0x50, 0xdf, 0x7c, 0xb0, 0xf2, 0x09, 0x78, 0x47, 0x60, 0x76, 0x3b, 0x44, ++ 0x5a, 0x9d, 0xf2, 0x5c, 0x68, 0xf9, 0x03, 0x88, 0x6a, 0x9f, 0x6a, 0x73, ++ 0x85, 0xc9, 0xe7, 0x5e, 0xbf, 0xac, 0x9e, 0x7a, 0x13, 0x53, 0x40, 0x65, ++ 0x65, 0x41, 0x02, 0x38, 0x5e, 0x05, 0xac, 0xbc, 0xc5, 0xff, 0xc5, 0x35, ++ 0x6c, 0x2b, 0x76, 0xac, 0xc5, 0xcc, 0x1e, 0x28, 0x53, 0x88, 0xab, 0x58, ++ 0x36, 0x7a, 0x99, 0xeb, 0x68, 0x7a, 0xdc, 0xd5, 0xc5, 0xaf, 0x84, 0xad, ++ 0x43, 0x0b, 0x3f, 0x3c, 0xbf, 0x87, 0x33, 0x45, 0xc6, 0x62, 0xf3, 0xac, ++ 0xff, 0x58, 0x82, 0x86, 0x9a, 0x3d, 0x05, 0xa0, 0xd2, 0xbb, 0x6d, 0x19, ++ 0x09, 0x09, 0x01, 0xeb, 0x8f, 0xd6, 0xf8, 0x13, 0xf6, 0x2f, 0xce, 0x0c, ++ 0x01, 0xe1, 0xcd, 0x56, 0xad, 0xf7, 0xd6, 0xe3, 0xf3, 0xfe, 0x5b, 0x61, ++ 0x40, 0x3d, 0x6b, 0x9b, 0xca, 0x44, 0xda, 0xac, 0xf5, 0xc0, 0x9f, 0xb5, ++ 0x23, 0x77, 0x70, 0x72, 0x83, 0xf4, 0xb8, 0x15, 0x66, 0x59, 0xc6, 0x72, ++ 0xea, 0xba, 0xa7, 0x1f, 0xd8, 0x27, 0xd3, 0x52, 0xdf, 0xec, 0x7c, 0x1d, ++ 0x3e, 0x60, 0x98, 0xb1, 0x30, 0xb8, 0x00, 0x37, 0x1a, 0x2d, 0xe9, 0xdb, ++ 0x62, 0x7f, 0xa9, 0x37, 0x9d, 0xf9, 0x82, 0x10, 0x98, 0xed, 0xc5, 0xc7, ++ 0xc7, 0xe6, 0x6e, 0xe8, 0x0f, 0xa8, 0x7e, 0xac, 0x30, 0xf8, 0x75, 0x95, ++ 0xc8, 0x56, 0x3b, 0xbb, 0x6f, 0x69, 0x48, 0x84, 0xb5, 0x4e, 0x8d, 0x68, ++ 0xdf, 0x2a, 0x1d, 0xf5, 0xd6, 0xd8, 0x00, 0x6f, 0x29, 0xea, 0x66, 0xb1, ++ 0xcb, 0xf3, 0xdb, 0x5e, 0x55, 0x9f, 0x13, 0x67, 0x22, 0xc3, 0x02, 0x74, ++ 0xc8, 0x69, 0x6b, 0xe5, 0x23, 0x83, 0x27, 0x20, 0x91, 0xda, 0xb3, 0x4a, ++ 0xe4, 0x92, 0xc9, 0x25, 0x76, 0x16, 0xf9, 0xfc, 0x74, 0xec, 0x95, 0xd9, ++ 0x61, 0x5f, 0x03, 0xac, 0x94, 0x2f, 0x4d, 0x00, 0xce, 0x97, 0xb7, 0x18, ++ 0x60, 0x10, 0x44, 0x1a, 0x48, 0xb2, 0x86, 0x02, 0x18, 0xac, 0x68, 0x61, ++ 0x73, 0x5e, 0x13, 0xd1, 0xd4, 0x66, 0x71, 0x8b, 0x1d, 0xbc, 0x08, 0xa2, ++ 0x45, 0xac, 0xe2, 0x06, 0xea, 0xe7, 0xb2, 0x8a, 0x27, 0x25, 0xb8, 0xa2, ++ 0xaf, 0x03, 0xc0, 0x0d, 0x90, 0x34, 0x90, 0x60, 0x55, 0x5f, 0x71, 0x94, ++ 0x8d, 0xfa, 0x5d, 0x91, 0x96, 0x3e, 0x7a, 0x2a, 0x4f, 0x50, 0x3f, 0x48, ++ 0xc2, 0x31, 0xd2, 0xa9, 0x29, 0x8a, 0x0a, 0x41, 0x50, 0xf2, 0x7d, 0x9b, ++ 0x52, 0xc9, 0xdf, 0x69, 0xfb, 0x6a, 0x1e, 0xee, 0xf2, 0x44, 0x3e, 0xe5, ++ 0x48, 0xad, 0x24, 0x3b, 0xac, 0xad, 0x62, 0x4f, 0xc8, 0x30, 0x1d, 0x7e, ++ 0x42, 0x4b, 0x52, 0x53, 0xca, 0x16, 0x27, 0x37, 0x76, 0x8f, 0x95, 0x7c, ++ 0xd1, 0xcd, 0x39, 0xac, 0x30, 0xc0, 0x1d, 0x15, 0xe4, 0x80, 0xc2, 0x43, ++ 0x6d, 0x77, 0x5d, 0x27, 0x4a, 0xad, 0xf4, 0x64, 0x56, 0xfd, 0x0b, 0x3a, ++ 0xaf, 0xb7, 0x63, 0x03, 0x44, 0x86, 0x4d, 0x72, 0x03, 0xd9, 0x91, 0xb9, ++ 0x06, 0xc0, 0x3f, 0x7a, 0xd7, 0xb6, 0x17, 0xd5, 0xb3, 0x2a, 0x13, 0x93, ++ 0x9d, 0x45, 0xfa, 0x70, 0xe7, 0x3a, 0xcd, 0x5e, 0xad, 0x7c, 0x70, 0x96, ++ 0x84, 0x91, 0xfd, 0x1c, 0x2b, 0xa2, 0x68, 0x7c, 0xc4, 0x8f, 0xa0, 0x2f, ++ 0x02, 0x6e, 0x4f, 0xd5, 0xe9, 0xb8, 0xbf, 0x52, 0x85, 0xd3, 0xdd, 0xbb, ++ 0x43, 0x73, 0x58, 0xd9, 0xa4, 0xb0, 0x08, 0x25, 0x16, 0xe3, 0x13, 0xc9, ++ 0x98, 0x26, 0x79, 0x91, 0xf8, 0x67, 0x2f, 0x05, 0x10, 0x8f, 0x03, 0xe5, ++ 0x26, 0x5c, 0xcb, 0x99, 0x97, 0xb7, 0xc9, 0x19, 0x4d, 0x4c, 0x9f, 0xc6, ++ 0xcc, 0x24, 0xfb, 0xe2, 0x83, 0x59, 0xbb, 0x9f, 0x25, 0x14, 0xf0, 0x92, ++ 0x3a, 0xcc, 0xc7, 0xcf, 0x66, 0xea, 0x43, 0x48, 0x8a, 0x23, 0xcb, 0xec, ++ 0xf5, 0x60, 0x7e, 0x81, 0x72, 0x94, 0x44, 0xfd, 0x33, 0x38, 0xfc, 0xbd, ++ 0xcf, 0x91, 0xe7, 0x22, 0x19, 0x8f, 0x1e, 0x0a, 0x8c, 0x08, 0x8c, 0xf1, ++ 0x39, 0x7d, 0xd4, 0xf1, 0xb3, 0xa0, 0x9d, 0xae, 0x9e, 0x8e, 0x24, 0xd7, ++ 0x37, 0x39, 0x9b, 0x93, 0xd7, 0x89, 0x1c, 0x04, 0x1b, 0x3e, 0x84, 0x5d, ++ 0xc6, 0x75, 0x36, 0x64, 0x08, 0x06, 0x0d, 0xdd, 0x83, 0x8c, 0xf4, 0xc4, ++ 0xe1, 0x11, 0xe1, 0x14, 0x49, 0xb1, 0x32, 0xce, 0x6a, 0x6c, 0x39, 0x0d, ++ 0xf9, 0x35, 0x1b, 0x95, 0x4b, 0xe1, 0x65, 0x0c, 0xa6, 0xac, 0x69, 0x27, ++ 0x98, 0xfa, 0x34, 0xf1, 0x30, 0x35, 0xb6, 0xe4, 0xc4, 0x55, 0x2d, 0xa8, ++ 0x5c, 0xcb, 0x6c, 0xcd, 0x66, 0x65, 0xe2, 0x94, 0xb2, 0xb1, 0xf4, 0x52, ++ 0x75, 0xed, 0x32, 0x8c, 0x08, 0xa1, 0x86, 0x53, 0x01, 0x6f, 0x52, 0x78, ++ 0xda, 0x20, 0x6e, 0x6a}; ++/* Calculated subprimes to verify primes are safe primes */ ++ ++/* q=(p-1)/2 for prime prime_ike_1536 */ ++static const unsigned char sub2_prime_ike_1536[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x11, 0xb9, 0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_2048 */ ++static const unsigned char sub2_prime_ike_2048[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x56, 0x55, 0x34, 0x7f, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_2048 */ ++static const unsigned char sub2_prime_tls_2048[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_3072 */ ++static const unsigned char sub2_prime_ike_3072[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x9d, 0x69, 0x65, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_3072 */ ++static const unsigned char sub2_prime_tls_3072[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x63, 0x17, 0x1b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_4096 */ ++static const unsigned char sub2_prime_ike_4096[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, ++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, ++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, ++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, ++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, ++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, ++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, ++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, ++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, ++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, ++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x03, 0x18, 0xcc, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_4096 */ ++static const unsigned char sub2_prime_tls_4096[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, ++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, ++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, ++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, ++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, ++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, ++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, ++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, ++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, ++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, ++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x32, 0xaf, 0xb5, ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_6144 */ ++static const unsigned char sub2_prime_ike_6144[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, ++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, ++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, ++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, ++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, ++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, ++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, ++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, ++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, ++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, ++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, ++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, ++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, ++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, ++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, ++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, ++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, ++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, ++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, ++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, ++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, ++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, ++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, ++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, ++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, ++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, ++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, ++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, ++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, ++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, ++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, ++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, ++ 0x36, 0xe6, 0x20, 0x12, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_6144 */ ++static const unsigned char sub2_prime_tls_6144[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, ++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, ++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, ++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, ++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, ++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, ++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, ++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, ++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, ++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, ++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, ++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, ++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, ++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, ++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, ++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, ++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, ++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, ++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, ++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, ++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, ++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, ++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, ++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, ++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, ++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, ++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, ++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, ++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, ++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, ++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, ++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, ++ 0x68, 0x72, 0x07, 0x32, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_8192 */ ++static const unsigned char sub2_prime_ike_8192[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, ++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, ++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, ++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, ++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, ++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, ++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, ++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, ++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, ++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, ++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, ++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, ++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, ++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, ++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, ++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, ++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, ++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, ++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, ++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, ++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, ++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, ++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, ++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, ++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, ++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, ++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, ++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, ++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, ++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, ++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, ++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, ++ 0x36, 0xdf, 0x08, 0xac, 0xba, 0x51, 0xc9, 0x37, 0x89, 0x7f, 0x72, 0xf2, ++ 0x1c, 0x3b, 0xbe, 0x5b, 0x54, 0x99, 0x6f, 0xc6, 0x6c, 0x5f, 0x62, 0x68, ++ 0x39, 0xdc, 0x98, 0xdd, 0x1d, 0xe4, 0x19, 0x5b, 0x46, 0xce, 0xe9, 0x80, ++ 0x3a, 0x0f, 0xd3, 0xdf, 0xc5, 0x7e, 0x23, 0xf6, 0x92, 0xbb, 0x7b, 0x49, ++ 0xb5, 0xd2, 0x12, 0x33, 0x1d, 0x55, 0xb1, 0xce, 0x2d, 0x72, 0x7a, 0xb4, ++ 0x1a, 0x11, 0xda, 0x3a, 0x15, 0xf8, 0xe4, 0xbc, 0x11, 0xc7, 0x8b, 0x65, ++ 0xf1, 0xce, 0xb2, 0x96, 0xf1, 0xfe, 0xdc, 0x5f, 0x7e, 0x42, 0x45, 0x6c, ++ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xbe, 0x03, 0x89, 0xf5, 0xab, 0xd4, ++ 0x0d, 0x11, 0xf8, 0x63, 0x9a, 0x39, 0xfe, 0x32, 0x36, 0x75, 0x18, 0x35, ++ 0xa5, 0xe5, 0xe4, 0x43, 0x17, 0xc1, 0xc2, 0xee, 0xfd, 0x4e, 0xa5, 0xbf, ++ 0xd1, 0x60, 0x43, 0xf4, 0x3c, 0xb4, 0x19, 0x81, 0xf6, 0xad, 0xee, 0x9d, ++ 0x03, 0x15, 0x9e, 0x7a, 0xd9, 0xd1, 0x3c, 0x53, 0x36, 0x95, 0x09, 0xfc, ++ 0x1f, 0xa2, 0x7c, 0x16, 0xef, 0x98, 0x87, 0x70, 0x3a, 0x55, 0xb5, 0x1b, ++ 0x22, 0xcb, 0xf4, 0x4c, 0xd0, 0x12, 0xae, 0xe0, 0xb2, 0x79, 0x8e, 0x62, ++ 0x84, 0x23, 0x42, 0x8e, 0xfc, 0xd5, 0xa4, 0x0c, 0xae, 0xf6, 0xbf, 0x50, ++ 0xd8, 0xea, 0x88, 0x5e, 0xbf, 0x73, 0xa6, 0xb9, 0xfd, 0x79, 0xb5, 0xe1, ++ 0x8f, 0x67, 0xd1, 0x34, 0x1a, 0xc8, 0x23, 0x7a, 0x75, 0xc3, 0xcf, 0xc9, ++ 0x20, 0x04, 0xa1, 0xc5, 0xa4, 0x0e, 0x36, 0x6b, 0xc4, 0x4d, 0x00, 0x17, ++ 0x6a, 0xf7, 0x1c, 0x15, 0xe4, 0x8c, 0x86, 0xd3, 0x7e, 0x01, 0x37, 0x23, ++ 0xca, 0xac, 0x72, 0x23, 0xab, 0x3b, 0xf4, 0xd5, 0x4f, 0x18, 0x28, 0x71, ++ 0x3b, 0x2b, 0x4a, 0x6f, 0xe4, 0x0f, 0xab, 0x74, 0x40, 0x5c, 0xb7, 0x38, ++ 0xb0, 0x64, 0xc0, 0x6e, 0xcc, 0x76, 0xe9, 0xef, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_8192 */ ++static const unsigned char sub2_prime_tls_8192[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, ++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, ++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, ++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, ++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, ++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, ++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, ++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, ++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, ++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, ++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, ++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, ++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, ++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, ++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, ++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, ++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, ++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, ++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, ++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, ++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, ++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, ++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, ++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, ++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, ++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, ++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, ++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, ++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, ++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, ++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, ++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, ++ 0x67, 0xfa, 0x35, 0x55, 0x1b, 0x56, 0x80, 0x26, 0x7b, 0x00, 0x64, 0x1c, ++ 0x0f, 0x21, 0x2d, 0x18, 0xec, 0xa8, 0xd7, 0x32, 0x7e, 0xd9, 0x1f, 0xe7, ++ 0x64, 0xa8, 0x4e, 0xa1, 0xb4, 0x3f, 0xf5, 0xb4, 0xf6, 0xe8, 0xe6, 0x2f, ++ 0x05, 0xc6, 0x61, 0xde, 0xfb, 0x25, 0x88, 0x77, 0xc3, 0x5b, 0x18, 0xa1, ++ 0x51, 0xd5, 0xc4, 0x14, 0xaa, 0xad, 0x97, 0xba, 0x3e, 0x49, 0x93, 0x32, ++ 0xe5, 0x96, 0x07, 0x8e, 0x60, 0x0d, 0xeb, 0x81, 0x14, 0x9c, 0x44, 0x1c, ++ 0xe9, 0x57, 0x82, 0xf2, 0x2a, 0x28, 0x25, 0x63, 0xc5, 0xba, 0xc1, 0x41, ++ 0x14, 0x23, 0x60, 0x5d, 0x1a, 0xe1, 0xaf, 0xae, 0x2c, 0x8b, 0x06, 0x60, ++ 0x23, 0x7e, 0xc1, 0x28, 0xaa, 0x0f, 0xe3, 0x46, 0x4e, 0x43, 0x58, 0x11, ++ 0x5d, 0xb8, 0x4c, 0xc3, 0xb5, 0x23, 0x07, 0x3a, 0x28, 0xd4, 0x54, 0x98, ++ 0x84, 0xb8, 0x1f, 0xf7, 0x0e, 0x10, 0xbf, 0x36, 0x1c, 0x13, 0x72, 0x96, ++ 0x28, 0xd5, 0x34, 0x8f, 0x07, 0x21, 0x1e, 0x7e, 0x4c, 0xf4, 0xf1, 0x8b, ++ 0x28, 0x60, 0x90, 0xbd, 0xb1, 0x24, 0x0b, 0x66, 0xd6, 0xcd, 0x4a, 0xfc, ++ 0xea, 0xdc, 0x00, 0xca, 0x44, 0x6c, 0xe0, 0x50, 0x50, 0xff, 0x18, 0x3a, ++ 0xd2, 0xbb, 0xf1, 0x18, 0xc1, 0xfc, 0x0e, 0xa5, 0x1f, 0x97, 0xd2, 0x2b, ++ 0x8f, 0x7e, 0x46, 0x70, 0x5d, 0x45, 0x27, 0xf4, 0x5b, 0x42, 0xae, 0xff, ++ 0x39, 0x58, 0x53, 0x37, 0x6f, 0x69, 0x7d, 0xd5, 0xfd, 0xf2, 0xc5, 0x18, ++ 0x7d, 0x7d, 0x5f, 0x0e, 0x2e, 0xb8, 0xd4, 0x3f, 0x17, 0xba, 0x0f, 0x7c, ++ 0x60, 0xff, 0x43, 0x7f, 0x53, 0x5d, 0xfe, 0xf2, 0x98, 0x33, 0xbf, 0x86, ++ 0xcb, 0xe8, 0x8e, 0xa4, 0xfb, 0xd4, 0x22, 0x1e, 0x84, 0x11, 0x72, 0x83, ++ 0x54, 0xfa, 0x30, 0xa7, 0x00, 0x8f, 0x15, 0x4a, 0x41, 0xc7, 0xfc, 0x46, ++ 0x6b, 0x46, 0x45, 0xdb, 0xe2, 0xe3, 0x21, 0x26, 0x7f, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_safe_1536 */ ++static const unsigned char sub2_prime_safe_1536[] = { ++ 0x7b, 0xb3, 0x98, 0xe4, 0x22, 0xb5, 0x6c, 0xf5, 0x29, 0x85, 0x90, 0xe3, ++ 0xa5, 0x7d, 0x40, 0xb3, 0x3b, 0x2e, 0x75, 0x5b, 0xfa, 0x88, 0x99, 0x36, ++ 0xe9, 0xa6, 0x3d, 0x56, 0x1c, 0x8b, 0x8d, 0x43, 0xdc, 0x00, 0x6b, 0x88, ++ 0xe2, 0xfe, 0xf0, 0xf1, 0xb2, 0xa6, 0x0f, 0xa1, 0x12, 0x20, 0x8f, 0x49, ++ 0x21, 0x5f, 0xdb, 0x32, 0x87, 0x39, 0x41, 0xc5, 0x5c, 0x41, 0x53, 0x27, ++ 0xcf, 0x65, 0x27, 0xe8, 0xd8, 0x89, 0xe1, 0x7d, 0x33, 0xd0, 0xb5, 0x03, ++ 0x27, 0xd7, 0xb7, 0x0b, 0x6c, 0xca, 0x6c, 0x6d, 0x71, 0xb3, 0x31, 0x00, ++ 0x8f, 0xc1, 0x47, 0x88, 0x70, 0x17, 0x9e, 0x51, 0xa1, 0x54, 0x5d, 0xca, ++ 0x19, 0x3c, 0xbc, 0xbf, 0xcb, 0xfc, 0x1d, 0x18, 0xd5, 0x0a, 0x63, 0xff, ++ 0x09, 0xcb, 0x3b, 0x8a, 0xdf, 0xa3, 0x90, 0x2b, 0x88, 0xf0, 0x27, 0xed, ++ 0x3f, 0x54, 0x8c, 0xa4, 0xd0, 0xc6, 0x94, 0xbb, 0x45, 0x69, 0xcd, 0xd8, ++ 0x5f, 0x28, 0x61, 0x92, 0xc1, 0x7c, 0xf1, 0x90, 0xc6, 0x7e, 0xd3, 0x28, ++ 0xf2, 0x9b, 0x3f, 0x41, 0x5b, 0x48, 0x22, 0xf0, 0xea, 0xb9, 0x2b, 0x5f, ++ 0x62, 0xb3, 0x9e, 0x89, 0x8d, 0x1c, 0xbf, 0xcc, 0x19, 0xfe, 0x5a, 0x3d, ++ 0xd2, 0x1c, 0x38, 0xc3, 0xcb, 0x37, 0x73, 0x3d, 0xbb, 0xd9, 0x32, 0xfe, ++ 0xef, 0x93, 0xc9, 0x86, 0x1e, 0x30, 0x6f, 0xf2, 0x99, 0xff, 0x6b, 0xa5, ++}; ++ ++/* q=(p-1)/2 for prime prime_safe_2048 */ ++static const unsigned char sub2_prime_safe_2048[] = { ++ 0x70, 0xd1, 0xb7, 0x24, 0xb4, 0x83, 0x8e, 0x2f, 0xda, 0x0a, 0x9a, 0xa3, ++ 0x4c, 0xa9, 0x68, 0x27, 0x7f, 0xa7, 0x26, 0x58, 0xf0, 0xac, 0xf6, 0x97, ++ 0x38, 0xf9, 0xc0, 0x0a, 0x2a, 0x68, 0x7e, 0x41, 0x90, 0x14, 0x8a, 0x90, ++ 0xd3, 0x2f, 0x88, 0x40, 0xab, 0xfa, 0x17, 0x24, 0xd9, 0x68, 0x9b, 0xf4, ++ 0x35, 0x5f, 0xb9, 0x7c, 0xaa, 0xa7, 0x4f, 0x57, 0x10, 0x62, 0xdb, 0x62, ++ 0xc8, 0xbc, 0x86, 0xd1, 0x6e, 0xda, 0x5d, 0xa8, 0x27, 0x10, 0x65, 0x45, ++ 0x47, 0xc1, 0x1a, 0x5c, 0xb5, 0x1f, 0x4d, 0x33, 0xe1, 0x3f, 0x41, 0xfb, ++ 0x60, 0x56, 0xf1, 0xe5, 0x00, 0x6b, 0x08, 0xc4, 0x4e, 0x63, 0xcf, 0xda, ++ 0x1e, 0xa9, 0xd2, 0xad, 0x4b, 0xa2, 0x26, 0xf3, 0xae, 0x6a, 0xbb, 0x40, ++ 0x7c, 0x06, 0x66, 0xd3, 0x2a, 0xf1, 0x2f, 0xe7, 0xfa, 0x23, 0x52, 0x63, ++ 0x87, 0xe0, 0xc0, 0x42, 0x32, 0xa3, 0x46, 0x43, 0xe9, 0x4c, 0xc1, 0x6f, ++ 0xc7, 0x00, 0x44, 0xf9, 0x86, 0xea, 0xe0, 0x2a, 0x4a, 0x63, 0x51, 0xc9, ++ 0x07, 0xc8, 0x88, 0x77, 0x51, 0xb2, 0xa2, 0x5b, 0xb6, 0xf4, 0x11, 0xfc, ++ 0xbf, 0xc8, 0xb1, 0x32, 0x84, 0xc7, 0x50, 0x99, 0xea, 0x6b, 0x2a, 0x85, ++ 0x60, 0x74, 0x33, 0x38, 0x02, 0xe8, 0x09, 0x1a, 0x60, 0xfe, 0xe7, 0x3a, ++ 0xd2, 0x3a, 0xf0, 0xa3, 0x50, 0x84, 0x5a, 0x29, 0x7f, 0x12, 0xd2, 0x62, ++ 0xa7, 0x91, 0x82, 0x3f, 0x50, 0x96, 0x79, 0xab, 0x65, 0xfd, 0x3d, 0x5e, ++ 0x22, 0xe6, 0x3c, 0x59, 0x94, 0x79, 0xf2, 0xea, 0x93, 0x2b, 0x13, 0xc3, ++ 0x35, 0x2b, 0x35, 0xc3, 0xab, 0x07, 0x62, 0x1e, 0x76, 0xff, 0xe5, 0xcb, ++ 0x5a, 0x09, 0x8e, 0xa6, 0x9c, 0x27, 0x34, 0x9a, 0x28, 0xbd, 0x42, 0x98, ++ 0xda, 0x40, 0x6d, 0x20, 0xf1, 0xee, 0x17, 0x29, 0xec, 0x38, 0x9f, 0x66, ++ 0x1b, 0xc5, 0x40, 0x19, ++}; ++ ++/* q=(p-1)/2 for prime prime_safe_3072 */ ++static const unsigned char sub2_prime_safe_3072[] = { ++ 0x43, 0xb3, 0x6f, 0xfb, 0xf6, 0x24, 0xb5, 0x4d, 0x3e, 0x4b, 0x14, 0x57, ++ 0x33, 0x9c, 0x55, 0xfd, 0x7f, 0x2e, 0x23, 0x3d, 0xf7, 0xf4, 0x8c, 0x53, ++ 0x3b, 0x59, 0x72, 0x87, 0x5f, 0x5c, 0x79, 0x40, 0x1b, 0x04, 0xc1, 0x22, ++ 0x3d, 0xf4, 0x74, 0x66, 0x44, 0x93, 0xb4, 0x02, 0xf0, 0x70, 0x9b, 0xeb, ++ 0xdf, 0xed, 0x86, 0x7b, 0x24, 0x29, 0x0b, 0x9f, 0xba, 0xe2, 0xa7, 0x5a, ++ 0x1e, 0xfc, 0x26, 0x75, 0x5a, 0x05, 0x83, 0x02, 0x0a, 0xc4, 0xbe, 0x5d, ++ 0x79, 0xfa, 0xef, 0x33, 0x37, 0x3e, 0x98, 0x62, 0x10, 0x02, 0xed, 0x19, ++ 0x07, 0xff, 0xbc, 0xb8, 0xa2, 0x4d, 0x88, 0x07, 0xf8, 0xdd, 0x98, 0xef, ++ 0x33, 0xc8, 0x75, 0x3b, 0xd6, 0xb2, 0xeb, 0x82, 0xba, 0xd5, 0xb3, 0x79, ++ 0x73, 0x29, 0x56, 0x79, 0x55, 0x53, 0xe9, 0x22, 0xec, 0xe3, 0x21, 0x1c, ++ 0x93, 0x8f, 0xa3, 0x42, 0x56, 0xbc, 0x5a, 0x7d, 0x42, 0x7c, 0x4d, 0x9f, ++ 0x65, 0xe0, 0xcc, 0xf2, 0x9a, 0xa1, 0x13, 0x02, 0xf5, 0x56, 0x28, 0x82, ++ 0x27, 0xc5, 0x4c, 0x12, 0xd3, 0xa3, 0x55, 0xbd, 0xf6, 0xdc, 0x54, 0x85, ++ 0x92, 0x11, 0xc1, 0x91, 0x8b, 0x43, 0xb2, 0x48, 0x86, 0x5f, 0x8f, 0xde, ++ 0x76, 0x25, 0x6e, 0x89, 0x15, 0x86, 0x54, 0x9c, 0xcb, 0x62, 0x61, 0xe7, ++ 0xd2, 0x9c, 0x20, 0x06, 0xb7, 0x68, 0x7d, 0x05, 0x06, 0x1f, 0x74, 0xba, ++ 0x85, 0xb8, 0x14, 0x34, 0x5e, 0x7e, 0xfb, 0x61, 0x4d, 0x2c, 0xc8, 0x90, ++ 0x2e, 0x38, 0x7f, 0x18, 0xd3, 0x28, 0x43, 0xcd, 0x35, 0x30, 0x90, 0x16, ++ 0x3b, 0xc2, 0x40, 0xd4, 0x1f, 0x64, 0xd4, 0x39, 0x58, 0x29, 0xa1, 0xc2, ++ 0x8e, 0x4d, 0x9d, 0x6e, 0xf7, 0x84, 0xbe, 0xe3, 0xb4, 0x63, 0x77, 0x84, ++ 0x67, 0x23, 0xd0, 0x6e, 0x2d, 0xed, 0x97, 0x96, 0x9a, 0x71, 0xef, 0x4a, ++ 0xfb, 0x35, 0xb6, 0xae, 0xc8, 0xdf, 0x22, 0xf7, 0x16, 0x82, 0x49, 0xbc, ++ 0x63, 0xd2, 0x24, 0xe6, 0x38, 0xd4, 0x2e, 0xec, 0x45, 0x3f, 0x4f, 0x27, ++ 0x88, 0x64, 0xa0, 0xe8, 0xb1, 0x60, 0xb8, 0x24, 0x5a, 0x89, 0x08, 0x91, ++ 0xd3, 0x72, 0x6f, 0xb2, 0x56, 0x6c, 0xf2, 0x1b, 0xe1, 0x5c, 0x91, 0xd3, ++ 0xa0, 0x75, 0x3f, 0xaa, 0x71, 0xf7, 0xb8, 0xc0, 0xda, 0x73, 0x82, 0x88, ++ 0x6b, 0x15, 0xea, 0x88, 0xc2, 0x2d, 0x34, 0xd2, 0xd6, 0x29, 0x36, 0xd4, ++ 0x3c, 0x93, 0xff, 0x8e, 0x01, 0x68, 0xb1, 0x1b, 0x01, 0xd1, 0x54, 0xa3, ++ 0x36, 0x27, 0xe5, 0x2c, 0x79, 0x59, 0x76, 0xc8, 0xda, 0x4f, 0x2d, 0xee, ++ 0xfc, 0xcc, 0xdb, 0x46, 0xb8, 0x1a, 0x05, 0x62, 0xa6, 0xeb, 0xe7, 0x45, ++ 0xf8, 0xa8, 0x12, 0xc4, 0xff, 0xf3, 0xf9, 0x0f, 0x5c, 0x90, 0xd9, 0xc5, ++ 0xe4, 0x21, 0x3e, 0x13, 0x77, 0xa6, 0x18, 0x46, 0xb0, 0x5b, 0x92, 0xfd, ++}; ++ ++/* q=(p-1)/2 for prime prime_safe_4096 */ ++static const unsigned char sub2_prime_safe_4096[] = { ++ 0x45, 0xef, 0xe0, 0xd1, 0xf2, 0x5e, 0x8e, 0x58, 0xfa, 0x58, 0xa8, 0xe9, ++ 0xc5, 0x67, 0x1e, 0x99, 0xac, 0x40, 0x51, 0x8e, 0x3e, 0x06, 0xde, 0xc7, ++ 0x5e, 0xd9, 0xf3, 0xcf, 0x6a, 0x6f, 0x03, 0x7e, 0x4c, 0x57, 0x80, 0xa1, ++ 0xc9, 0x96, 0x7e, 0x7d, 0xc9, 0x40, 0x70, 0x37, 0x7c, 0xfb, 0x55, 0xb9, ++ 0xcb, 0x46, 0xbf, 0x60, 0x75, 0x93, 0x36, 0x06, 0x29, 0x83, 0x4f, 0x99, ++ 0x25, 0xd6, 0xa9, 0xea, 0xdf, 0xc8, 0x9a, 0x8b, 0x7e, 0xbf, 0xdd, 0x18, ++ 0x5b, 0x5a, 0x44, 0x08, 0x0f, 0xad, 0x60, 0x31, 0x7c, 0xbf, 0xb8, 0xcd, ++ 0xda, 0x88, 0x25, 0xcc, 0xe8, 0x78, 0x74, 0xe1, 0x77, 0x1a, 0x92, 0x75, ++ 0xe6, 0x77, 0x03, 0x5f, 0xd0, 0x02, 0xf2, 0x30, 0xd2, 0x53, 0x4c, 0x11, ++ 0xe8, 0x72, 0x45, 0x30, 0xe5, 0x02, 0xc5, 0x36, 0x4c, 0x7d, 0x41, 0xe1, ++ 0xa8, 0x3e, 0xaa, 0x9d, 0x97, 0x6a, 0xd6, 0x0a, 0x30, 0xc3, 0x68, 0xda, ++ 0xe7, 0xe0, 0x6e, 0x34, 0xa5, 0xb6, 0x25, 0x62, 0xeb, 0xff, 0x70, 0x74, ++ 0x0d, 0x32, 0x08, 0xed, 0xab, 0x78, 0x0e, 0x4a, 0xae, 0x68, 0xb5, 0x5c, ++ 0xfb, 0x71, 0x00, 0x7a, 0x11, 0x01, 0x81, 0x95, 0x5e, 0x4e, 0x41, 0x75, ++ 0xc4, 0x8d, 0x6e, 0xca, 0x32, 0x81, 0x22, 0x30, 0xbb, 0x60, 0xd7, 0x6c, ++ 0x65, 0x7e, 0xb3, 0x7a, 0x4b, 0x73, 0xbc, 0xff, 0x1d, 0x4c, 0x78, 0xc0, ++ 0x01, 0x7d, 0x21, 0x5b, 0xd7, 0x75, 0x9c, 0x94, 0x61, 0xdc, 0xe7, 0x46, ++ 0x38, 0xf5, 0x0a, 0x3a, 0x43, 0x36, 0x13, 0x6a, 0x8a, 0x90, 0xcb, 0x86, ++ 0x41, 0x46, 0xc0, 0xc2, 0x62, 0xa3, 0x88, 0x03, 0x33, 0xd4, 0x2f, 0xd8, ++ 0xe2, 0x99, 0x6e, 0x3f, 0xf3, 0x30, 0xf2, 0xf5, 0xcf, 0x54, 0xb0, 0xcc, ++ 0xa1, 0xd4, 0xc5, 0xf6, 0xd7, 0xf2, 0x10, 0xf7, 0xc7, 0x3c, 0x2d, 0x30, ++ 0xaa, 0xce, 0xa1, 0xed, 0xbb, 0xd5, 0x5d, 0x8c, 0xf5, 0x27, 0xa4, 0xa9, ++ 0xc0, 0x67, 0x3e, 0x4d, 0x75, 0x53, 0x49, 0xac, 0x6a, 0x55, 0xfa, 0x74, ++ 0xb0, 0x3e, 0xe5, 0x59, 0x4b, 0xd2, 0xf0, 0x49, 0x67, 0x76, 0x2b, 0xde, ++ 0x62, 0x82, 0xbb, 0x08, 0xbc, 0x81, 0xf0, 0xd9, 0x4c, 0xe0, 0x90, 0xea, ++ 0x42, 0xf3, 0xb7, 0xe4, 0xac, 0x74, 0x0e, 0x06, 0xe4, 0x48, 0x22, 0x26, ++ 0x2c, 0x2a, 0xcd, 0x77, 0x6f, 0x31, 0x07, 0x59, 0x71, 0xde, 0x75, 0xa8, ++ 0xa0, 0x02, 0xb8, 0xff, 0x5a, 0x74, 0xf3, 0x7b, 0x07, 0x6b, 0xdd, 0x8d, ++ 0xdc, 0x4c, 0xf4, 0x64, 0xed, 0x4f, 0xef, 0x1e, 0x09, 0xec, 0x8b, 0x22, ++ 0x9e, 0xd6, 0x71, 0x04, 0xe1, 0xc3, 0xdd, 0x9c, 0xc6, 0x37, 0x88, 0xb0, ++ 0x43, 0x8f, 0xd7, 0xd3, 0xee, 0x09, 0x47, 0xbe, 0xa6, 0x2f, 0x2b, 0x61, ++ 0xb1, 0x6e, 0xee, 0x81, 0xaa, 0xcf, 0x12, 0x36, 0x62, 0xb6, 0x5c, 0x07, ++ 0x57, 0x88, 0xea, 0x8f, 0x35, 0x1b, 0x4e, 0x65, 0x23, 0x1a, 0x09, 0x95, ++ 0xe8, 0xd1, 0x9a, 0x16, 0x41, 0x8d, 0x92, 0xe6, 0x0b, 0x80, 0xce, 0x34, ++ 0x29, 0xdb, 0xc3, 0xf6, 0x87, 0x24, 0x6b, 0xb4, 0xfc, 0xe4, 0x0e, 0xc5, ++ 0xb8, 0xfa, 0x37, 0xe8, 0xd8, 0xea, 0xb8, 0x50, 0x6b, 0xb8, 0x9e, 0xcf, ++ 0xfe, 0x7d, 0x1a, 0xb4, 0x92, 0xf9, 0x9c, 0xbc, 0xd6, 0xbd, 0x80, 0xe2, ++ 0xb3, 0x52, 0xf8, 0x63, 0x8e, 0x5b, 0x28, 0xf2, 0x81, 0x15, 0xe7, 0xe0, ++ 0x95, 0x48, 0xce, 0xd2, 0xdf, 0x9b, 0x9b, 0xee, 0x97, 0x18, 0x20, 0x6d, ++ 0xdf, 0xf6, 0x7f, 0x36, 0x16, 0x74, 0x90, 0x77, 0x44, 0xd6, 0x2a, 0xd7, ++ 0x81, 0xad, 0x5d, 0x2d, 0x29, 0x7d, 0xdf, 0xda, 0xd7, 0x1c, 0x10, 0x52, ++ 0xb4, 0x49, 0x2f, 0xf6, 0x0b, 0xd4, 0xc0, 0x29, 0xf9, 0x1d, 0x86, 0x04, ++ 0xf9, 0xf5, 0x8a, 0xb1, 0x47, 0x1c, 0xbd, 0xb5, ++}; ++ ++/* q=(p-1)/2 for prime prime_safe_6144 */ ++static const unsigned char sub2_prime_safe_6144[] = { ++ 0x5c, 0x87, 0xe0, 0xa0, 0xa5, 0x6f, 0x0d, 0x0e, 0x40, 0x50, 0x6b, 0x1c, ++ 0xc0, 0x88, 0x79, 0x84, 0xe5, 0x60, 0x30, 0x46, 0x2f, 0x46, 0x0b, 0x90, ++ 0xd0, 0x0c, 0x28, 0x6b, 0x30, 0x09, 0xfe, 0x1c, 0x00, 0x13, 0x6c, 0xb8, ++ 0xe9, 0x39, 0xfe, 0x2e, 0x86, 0x78, 0x90, 0x67, 0x3b, 0x22, 0x5d, 0xc5, ++ 0xae, 0x64, 0x2d, 0x2c, 0x86, 0x66, 0xa4, 0x5d, 0x5f, 0xc3, 0x39, 0x6d, ++ 0x7a, 0xde, 0xbe, 0x0e, 0xa0, 0xdd, 0x74, 0x4f, 0xc6, 0x61, 0x0c, 0x13, ++ 0xfd, 0x5e, 0x63, 0x67, 0xec, 0x23, 0xfa, 0xf4, 0xb8, 0xe6, 0x1b, 0x9a, ++ 0x61, 0xcd, 0xad, 0x7f, 0xe1, 0x86, 0x55, 0x8e, 0xcb, 0xc6, 0x13, 0x4a, ++ 0xc6, 0x78, 0x85, 0x2e, 0x91, 0x42, 0x2d, 0x3e, 0x79, 0x68, 0xc5, 0xbe, ++ 0x37, 0x8b, 0x84, 0x89, 0x80, 0x64, 0xef, 0xbc, 0xf0, 0xb7, 0x64, 0x7c, ++ 0x69, 0xe0, 0xee, 0xd9, 0x7a, 0x12, 0x15, 0x7d, 0x2e, 0x33, 0x12, 0x95, ++ 0x9c, 0xe8, 0x9c, 0xa4, 0x7d, 0x3b, 0x27, 0xab, 0xd1, 0x90, 0x61, 0x9c, ++ 0x17, 0x42, 0xb3, 0x98, 0xc9, 0x42, 0x9e, 0x38, 0x11, 0x8a, 0x76, 0x36, ++ 0x42, 0x94, 0x70, 0x27, 0xe6, 0x63, 0x1d, 0xe7, 0x8c, 0x98, 0x1d, 0x80, ++ 0xff, 0x4f, 0x0b, 0x32, 0x8e, 0x7a, 0x18, 0x86, 0x4e, 0x91, 0xa0, 0x42, ++ 0xb6, 0x6e, 0xf2, 0xfb, 0xc8, 0x12, 0xb4, 0xbd, 0x1e, 0x6b, 0x72, 0x21, ++ 0x36, 0x43, 0x82, 0x03, 0x53, 0xc1, 0x0e, 0xfe, 0x2f, 0x6c, 0x81, 0xb0, ++ 0x10, 0x4d, 0x2e, 0x35, 0x7f, 0x29, 0x86, 0x82, 0xc9, 0x0d, 0xd0, 0xed, ++ 0xfd, 0x00, 0x97, 0xc2, 0x44, 0xf0, 0x2b, 0x33, 0x3f, 0x71, 0xf3, 0x4c, ++ 0xa6, 0xd9, 0xe9, 0x78, 0x67, 0x79, 0xef, 0x82, 0x86, 0xab, 0xa1, 0x66, ++ 0xfe, 0x03, 0x1e, 0x73, 0x88, 0x9a, 0x3f, 0xa8, 0xc7, 0x5b, 0x92, 0x00, ++ 0xf1, 0x93, 0x23, 0xf3, 0xe8, 0xab, 0x87, 0x07, 0x78, 0x89, 0x62, 0xbc, ++ 0x96, 0xc3, 0x87, 0xd8, 0x8c, 0xb5, 0x6b, 0xa2, 0x19, 0xa3, 0x26, 0x5e, ++ 0x62, 0xe3, 0x12, 0x7c, 0x3e, 0x3d, 0x30, 0xff, 0x39, 0x4a, 0x90, 0xe6, ++ 0xe8, 0x9d, 0x69, 0xae, 0xbb, 0xbb, 0x5e, 0xc3, 0x6c, 0x5e, 0xc7, 0x2f, ++ 0x79, 0x72, 0x90, 0x00, 0xec, 0xda, 0x23, 0xfb, 0x8e, 0x28, 0xb8, 0x1c, ++ 0xb5, 0x63, 0xf5, 0x76, 0xc8, 0x6b, 0xe2, 0x69, 0xe6, 0xc7, 0x25, 0xec, ++ 0x08, 0xf8, 0x69, 0xb3, 0x1b, 0x3b, 0xf1, 0x0b, 0x09, 0xde, 0xe9, 0x2a, ++ 0x25, 0x0e, 0x30, 0xaa, 0x44, 0x0d, 0x34, 0xc2, 0xcf, 0xae, 0xe2, 0xdb, ++ 0xb1, 0x3f, 0x39, 0x05, 0x44, 0xc8, 0x12, 0x47, 0x9c, 0xd9, 0x79, 0x5b, ++ 0x09, 0x47, 0x28, 0x5a, 0x69, 0xf5, 0x61, 0xd6, 0x75, 0x46, 0x93, 0x8b, ++ 0xde, 0x83, 0xe9, 0x0a, 0xc0, 0x24, 0xf0, 0x4b, 0xa0, 0x8b, 0x6b, 0x1d, ++ 0x92, 0x74, 0x45, 0xfe, 0xd1, 0x8c, 0x5e, 0xa9, 0x2e, 0xf1, 0x10, 0xe7, ++ 0x3e, 0x37, 0x88, 0x1c, 0x38, 0x32, 0x62, 0x0a, 0xf9, 0x94, 0x63, 0x33, ++ 0x7e, 0x68, 0x91, 0x02, 0x40, 0x40, 0x63, 0x62, 0xba, 0xfa, 0xee, 0x58, ++ 0x20, 0x25, 0x89, 0x7d, 0x6d, 0xea, 0x9b, 0x66, 0x98, 0xd5, 0xeb, 0x8e, ++ 0x8c, 0x03, 0xce, 0x84, 0xcd, 0x8b, 0x50, 0x7f, 0x0f, 0x37, 0x9f, 0x9a, ++ 0x2d, 0x73, 0x38, 0x42, 0xcc, 0x18, 0x6a, 0x4a, 0x62, 0xf8, 0x1b, 0x1a, ++ 0xd0, 0xf6, 0xa3, 0x31, 0x9e, 0x07, 0xe7, 0xe2, 0xcf, 0x3e, 0x34, 0x12, ++ 0xb2, 0x49, 0x98, 0x1b, 0x1c, 0x58, 0xcc, 0xb6, 0x1b, 0xfa, 0xe7, 0xb2, ++ 0x25, 0xf7, 0xd3, 0x7f, 0xb5, 0x55, 0x55, 0x5b, 0x14, 0xf6, 0x9c, 0x40, ++ 0x0f, 0xac, 0x1a, 0xc4, 0x1f, 0x80, 0x8e, 0x64, 0x11, 0xa4, 0x1b, 0xd3, ++ 0xe9, 0x58, 0xd8, 0xf7, 0x22, 0x2c, 0x85, 0x7d, 0x82, 0xec, 0xf0, 0xad, ++ 0xa9, 0x9a, 0x4e, 0xcc, 0x98, 0x14, 0x54, 0x9d, 0xc7, 0x0d, 0xd6, 0x45, ++ 0x48, 0x48, 0xe4, 0xb8, 0xc5, 0x75, 0x5c, 0x88, 0xea, 0xb3, 0xc3, 0xa7, ++ 0xed, 0x93, 0xa7, 0xbf, 0xdc, 0x2a, 0x3f, 0xaf, 0x0c, 0x04, 0x7b, 0xf9, ++ 0x8e, 0x01, 0x1d, 0x02, 0x6f, 0x66, 0x08, 0x03, 0x3f, 0x0a, 0xe1, 0x92, ++ 0x06, 0x6f, 0x86, 0xfc, 0x43, 0x60, 0x26, 0x55, 0x87, 0xba, 0x82, 0x5f, ++ 0x79, 0xc8, 0x14, 0x68, 0x91, 0x0b, 0xcb, 0x66, 0x14, 0x88, 0x84, 0xd3, ++ 0xa9, 0xa1, 0x75, 0x48, 0xa8, 0xd7, 0xaa, 0xd0, 0x81, 0xb3, 0xbc, 0x31, ++ 0xd9, 0xd8, 0x07, 0xac, 0xae, 0x9b, 0xf3, 0x98, 0x45, 0xe5, 0x50, 0x22, ++ 0x89, 0x3d, 0x52, 0x84, 0xfd, 0xd3, 0x4c, 0xee, 0xfb, 0xf4, 0x98, 0x2d, ++ 0x61, 0x4e, 0x86, 0xef, 0x9c, 0xcc, 0x92, 0x86, 0xd9, 0x2b, 0xdb, 0x3c, ++ 0x01, 0x18, 0x7c, 0x43, 0x6f, 0x3c, 0xda, 0x5f, 0x1f, 0x29, 0xff, 0xba, ++ 0x07, 0xa6, 0x98, 0x16, 0xf3, 0x2b, 0xa5, 0x2b, 0xa9, 0x9d, 0x05, 0x8c, ++ 0xc3, 0x55, 0xc8, 0x72, 0x99, 0xc2, 0x29, 0xbd, 0x0b, 0xe2, 0xf8, 0xc6, ++ 0x61, 0xf2, 0x08, 0xa9, 0x95, 0xda, 0xda, 0x47, 0x73, 0x69, 0x02, 0x21, ++ 0xad, 0xb5, 0x18, 0x63, 0xe5, 0x57, 0xc8, 0xe0, 0x3b, 0x21, 0xc3, 0x32, ++ 0xf7, 0x66, 0xc1, 0x5f, 0x51, 0x6c, 0x16, 0xd6, 0xf5, 0xda, 0x8d, 0x5a, ++ 0xdf, 0xd0, 0xf3, 0xc9, 0xa8, 0x0a, 0x84, 0x13, 0x93, 0x9e, 0x66, 0x29, ++ 0xc1, 0x33, 0xea, 0x79, 0x06, 0x93, 0x30, 0x43, 0x82, 0x97, 0x55, 0x31, ++ 0x2a, 0xe6, 0x4d, 0x77, 0x16, 0x10, 0x11, 0x8a, 0x7d, 0x2e, 0x14, 0xa0, ++ 0xf0, 0xc4, 0xc1, 0x8c, 0xe0, 0x9b, 0x46, 0x52, 0x48, 0xfb, 0x20, 0x1b, ++ 0xb8, 0x15, 0x06, 0xc1, 0x5d, 0xab, 0x37, 0x11, 0x9a, 0x5c, 0xb7, 0x19, ++}; ++ ++/* q=(p-1)/2 for prime prime_safe_8192 */ ++static const unsigned char sub2_prime_safe_8192[] = { ++ 0x4d, 0xd3, 0xcd, 0xd1, 0x43, 0x2a, 0x73, 0xcc, 0x88, 0xad, 0x9a, 0xc0, ++ 0xea, 0xbd, 0x45, 0x37, 0x26, 0xa6, 0xb0, 0xae, 0xe9, 0xe7, 0x86, 0x32, ++ 0xbf, 0x6d, 0x6c, 0x67, 0x14, 0x56, 0x50, 0x1c, 0x40, 0xf7, 0x50, 0x8a, ++ 0x12, 0x90, 0xb3, 0xb3, 0x1d, 0x36, 0x07, 0xc0, 0x1e, 0xc4, 0xbc, 0xff, ++ 0x38, 0xa1, 0xab, 0xe1, 0xd4, 0xaa, 0x0f, 0x10, 0x45, 0x77, 0x07, 0xd3, ++ 0x45, 0xc4, 0x40, 0x9e, 0xf4, 0x2e, 0x20, 0x23, 0x82, 0xef, 0xec, 0x36, ++ 0xcc, 0x32, 0x8b, 0x54, 0xfc, 0xe2, 0x46, 0x01, 0x5d, 0x57, 0x35, 0x9b, ++ 0x3b, 0x64, 0xfd, 0x47, 0x68, 0x6b, 0xcd, 0x1e, 0x65, 0xe8, 0xa2, 0x04, ++ 0xeb, 0xa7, 0x94, 0x28, 0xca, 0x49, 0x2d, 0x81, 0x59, 0x5e, 0xbc, 0x69, ++ 0xe1, 0x3b, 0x01, 0x8a, 0x8b, 0x85, 0xaa, 0x84, 0x01, 0x21, 0x4f, 0x13, ++ 0x2b, 0x19, 0xb9, 0x73, 0x5e, 0x87, 0x7c, 0x9e, 0x96, 0x59, 0xc5, 0x26, ++ 0x33, 0x8b, 0xfe, 0xf4, 0x81, 0xd6, 0xc6, 0x1a, 0x42, 0x72, 0xc1, 0xef, ++ 0xce, 0x02, 0x49, 0x81, 0x93, 0x0c, 0xe0, 0xf8, 0x92, 0x34, 0x7b, 0x2a, ++ 0x4b, 0x67, 0x1c, 0x28, 0xde, 0xb6, 0x1e, 0xce, 0x06, 0x6c, 0x37, 0x09, ++ 0xa6, 0x45, 0xfb, 0x1a, 0x57, 0x6c, 0x42, 0x8e, 0x8e, 0xc7, 0x61, 0x56, ++ 0xd5, 0xd1, 0x62, 0xa0, 0x3b, 0x3f, 0x97, 0x97, 0x1c, 0x7a, 0x35, 0x1c, ++ 0x99, 0x9e, 0x8b, 0xe7, 0x0f, 0xf4, 0xe1, 0xc6, 0xcf, 0x72, 0xdf, 0x6b, ++ 0x56, 0xcd, 0x11, 0xec, 0x03, 0x79, 0xbe, 0x1c, 0xea, 0xd7, 0x2b, 0xdb, ++ 0x72, 0xe1, 0xcd, 0x45, 0x46, 0x37, 0x69, 0xe0, 0x8d, 0x32, 0x09, 0x00, ++ 0x0c, 0x29, 0xe5, 0x19, 0x44, 0x47, 0x60, 0x2f, 0x96, 0xd9, 0x1e, 0x8a, ++ 0x0d, 0xac, 0x2e, 0x10, 0x74, 0x29, 0x72, 0x94, 0x20, 0xde, 0x4f, 0x04, ++ 0x14, 0xd5, 0xd2, 0xa1, 0xcc, 0x87, 0x6b, 0x95, 0x5c, 0xdc, 0x32, 0x4e, ++ 0xc1, 0xf1, 0x8d, 0x13, 0x2c, 0xb2, 0xf9, 0x06, 0x64, 0xe2, 0xc7, 0x86, ++ 0xe7, 0xd0, 0x8c, 0x7e, 0x45, 0xbb, 0xf4, 0xf0, 0x8c, 0xbd, 0x81, 0xea, ++ 0x1b, 0xc6, 0xae, 0x9b, 0x95, 0xd6, 0xac, 0x2f, 0x39, 0xb9, 0x67, 0x42, ++ 0x72, 0xe4, 0xba, 0x8e, 0xf9, 0xac, 0x21, 0x3b, 0xff, 0x29, 0xd0, 0x61, ++ 0x33, 0x10, 0xd7, 0xf1, 0x30, 0xe9, 0x42, 0x59, 0x81, 0xa6, 0xec, 0x3e, ++ 0xc2, 0xf0, 0xd4, 0x50, 0x24, 0x2e, 0x8d, 0x54, 0xd6, 0x60, 0xb4, 0x92, ++ 0x63, 0x7d, 0x5a, 0x91, 0x1f, 0x51, 0xc6, 0x9a, 0x94, 0xe7, 0xcd, 0x72, ++ 0xc2, 0x1d, 0x85, 0x93, 0x9b, 0x3f, 0x4e, 0xd3, 0x58, 0x22, 0xb0, 0x21, ++ 0x0f, 0x25, 0x92, 0x68, 0x9b, 0x45, 0xb8, 0x68, 0xca, 0xaa, 0x0a, 0x5c, ++ 0xa3, 0x9e, 0xc6, 0xf2, 0x2f, 0xc0, 0x8d, 0x10, 0x8b, 0x8b, 0xdf, 0xc9, ++ 0x11, 0x26, 0x3b, 0x98, 0x6e, 0x4e, 0x42, 0x73, 0x34, 0x66, 0x6b, 0x08, ++ 0x82, 0x7f, 0xb8, 0xc3, 0x59, 0xd4, 0xcd, 0x89, 0xca, 0x9a, 0xfe, 0xb4, ++ 0x14, 0x4d, 0xb7, 0xae, 0x7b, 0xb3, 0x54, 0x37, 0xc4, 0x87, 0xc9, 0x6f, ++ 0xa9, 0x12, 0x1f, 0xed, 0x97, 0xa0, 0x09, 0x19, 0x52, 0x7f, 0x97, 0x25, ++ 0xdc, 0x50, 0x73, 0xe4, 0xe5, 0xcc, 0x09, 0xfc, 0xe9, 0x7d, 0x41, 0x34, ++ 0x59, 0x47, 0xe9, 0x8b, 0xc6, 0x49, 0xfa, 0xc0, 0x72, 0x2d, 0x19, 0x8d, ++ 0xb5, 0x6c, 0x5f, 0x9b, 0xd3, 0xf0, 0xb1, 0x8e, 0xb5, 0x61, 0xfd, 0x50, ++ 0x97, 0xe0, 0xb9, 0x2a, 0xea, 0xf1, 0x33, 0x9d, 0xb5, 0x9d, 0x54, 0x58, ++ 0x2a, 0x02, 0x0e, 0xdd, 0xe0, 0xf2, 0x9d, 0x29, 0x58, 0xb3, 0x85, 0x89, ++ 0x1f, 0x66, 0xd4, 0xcd, 0x07, 0x5d, 0xd1, 0xba, 0xb6, 0xb7, 0xbb, 0xba, ++ 0x32, 0x71, 0x8b, 0x46, 0x52, 0xdd, 0x76, 0x28, 0xb9, 0xe7, 0x25, 0xf3, ++ 0x37, 0x9e, 0x8a, 0xab, 0x21, 0xf0, 0x8b, 0xbb, 0xb3, 0x55, 0xee, 0x4e, ++ 0xcd, 0x88, 0x2e, 0xe2, 0x74, 0x8f, 0x55, 0x16, 0x8a, 0xdd, 0xe2, 0x04, ++ 0xa3, 0x18, 0x70, 0xdc, 0x49, 0x4a, 0x2f, 0xdb, 0xf3, 0xbf, 0x4b, 0xa1, ++ 0xe0, 0x24, 0x2d, 0xd7, 0xf5, 0x3a, 0x57, 0x46, 0x3c, 0xb5, 0xb3, 0x41, ++ 0xb1, 0x44, 0x0b, 0xd2, 0x2b, 0x2e, 0xac, 0x7d, 0xb6, 0x1c, 0x2b, 0xa6, ++ 0xf7, 0xeb, 0x9b, 0x22, 0x1c, 0xad, 0xd5, 0xca, 0x72, 0x04, 0x18, 0x69, ++ 0x96, 0x2c, 0xd0, 0x19, 0x71, 0x38, 0xcc, 0xf6, 0x33, 0x2f, 0x7b, 0xf1, ++ 0x4e, 0x0c, 0xb4, 0xb9, 0x37, 0xed, 0x9f, 0x66, 0x0c, 0xad, 0x7e, 0xd6, ++ 0xeb, 0x37, 0x4e, 0x83, 0xe0, 0x32, 0x80, 0xba, 0xee, 0x9b, 0x8d, 0xce, ++ 0x2f, 0x49, 0x99, 0x7c, 0x3f, 0x32, 0xea, 0xda, 0x8a, 0x9a, 0xd6, 0x82, ++ 0xda, 0xe9, 0x12, 0xe3, 0xb8, 0xad, 0x72, 0x5b, 0xac, 0x35, 0x61, 0xad, ++ 0x6c, 0xea, 0x77, 0x19, 0x5a, 0x85, 0xad, 0x95, 0x66, 0xc0, 0x67, 0x6a, ++ 0x16, 0xe4, 0x84, 0xca, 0x7a, 0xf9, 0x3e, 0x57, 0xdd, 0x2d, 0x69, 0xee, ++ 0x66, 0xeb, 0xfb, 0xf5, 0x21, 0x71, 0x61, 0x1a, 0x10, 0xdc, 0x8a, 0x92, ++ 0x74, 0x19, 0x35, 0xb7, 0xd8, 0x76, 0xbb, 0x2f, 0x22, 0xdf, 0x81, 0x51, ++ 0x5c, 0x1e, 0x52, 0xfa, 0xba, 0x71, 0x8c, 0x44, 0x90, 0xa7, 0x53, 0x04, ++ 0x51, 0xd2, 0xc9, 0xb4, 0xa4, 0x4b, 0x5e, 0xa3, 0xe9, 0xf5, 0xb3, 0x94, ++ 0xd4, 0x5d, 0xdf, 0x3c, 0x02, 0xfd, 0x23, 0x44, 0xa7, 0x06, 0x71, 0x36, ++ 0x5d, 0xf2, 0xfc, 0x5d, 0x72, 0xae, 0x94, 0xf3, 0xee, 0xb8, 0xbf, 0x4a, ++ 0x6b, 0xab, 0x06, 0x1e, 0x6f, 0x2f, 0xde, 0x6e, 0x07, 0xc7, 0x6b, 0x37, ++ 0x85, 0x03, 0xdc, 0x03, 0x92, 0x31, 0x26, 0x76, 0xa2, 0xa7, 0x86, 0xcf, ++ 0x97, 0x41, 0xb5, 0x75, 0xde, 0x7f, 0xd4, 0xf9, 0x39, 0xd9, 0xad, 0xd5, ++ 0x56, 0x76, 0xd6, 0x44, 0x51, 0x06, 0xc6, 0xc7, 0xda, 0x7b, 0xb9, 0x8f, ++ 0x60, 0x17, 0x69, 0xa2, 0x8a, 0xa5, 0xa5, 0x73, 0xea, 0x77, 0xd8, 0xe3, ++ 0x69, 0xc7, 0xfc, 0x12, 0x09, 0x19, 0x9f, 0x47, 0x4a, 0xde, 0x40, 0xda, ++ 0x6a, 0x68, 0x89, 0xde, 0x3f, 0x12, 0xda, 0x2d, 0xff, 0x8a, 0xdd, 0x7c, ++ 0x4d, 0x76, 0x3c, 0x72, 0x31, 0xe3, 0x93, 0x6a, 0xc4, 0x9e, 0xb1, 0xad, ++ 0xbe, 0x43, 0x31, 0x9a, 0x03, 0x14, 0x11, 0x84, 0x7f, 0xb6, 0xde, 0xf0, ++ 0x3a, 0xd9, 0xb8, 0x89, 0x13, 0x31, 0xe5, 0x49, 0x9b, 0x43, 0x75, 0xfb, ++ 0xa4, 0x68, 0xcb, 0x7a, 0x01, 0x1f, 0x2e, 0xb4, 0xba, 0xaf, 0x4a, 0xf7, ++ 0x19, 0x5c, 0xdd, 0x2a, 0xe2, 0xa1, 0x3a, 0x00, 0x70, 0x87, 0x8b, 0x02, ++ 0xb1, 0x1e, 0x2c, 0x65, 0xf0, 0x6a, 0x54, 0xf2, 0x8d, 0x1d, 0xc2, 0x3f, ++ 0x0c, 0xc3, 0xd6, 0xb3, 0xe6, 0xcd, 0xcb, 0xd8, 0x19, 0x6b, 0xdc, 0x0f, ++ 0x4b, 0x34, 0xba, 0x87, 0xb0, 0xb4, 0xd9, 0xe4, 0xe7, 0x39, 0xbe, 0x2f, ++ 0xea, 0x84, 0x6f, 0xea, 0x03, 0xba, 0xb0, 0x6b, 0xa8, 0x29, 0x73, 0xae, ++ 0x37, 0x82, 0x2c, 0xb2, 0xde, 0xb8, 0x4c, 0x8a, 0xfc, 0xde, 0x1a, 0x3c, ++ 0x35, 0x32, 0x56, 0x2f, 0x83, 0xe1, 0x44, 0xc4, 0x7f, 0x08, 0xbd, 0x7b, ++ 0x9e, 0xdf, 0x41, 0xff, 0xf5, 0x8e, 0xa9, 0x5f, 0x6a, 0x04, 0xb8, 0x87, ++ 0xbe, 0x4a, 0x8c, 0xf9, 0x25, 0xfa, 0xa2, 0x31, 0xf9, 0x76, 0x1f, 0xfc, ++ 0xf2, 0x7d, 0xdf, 0x12, 0x59, 0x0c, 0x29, 0xe7, 0x0b, 0x20, 0x0f, 0x13, ++ 0xb1, 0x4c, 0xc9, 0xe4, 0xa4, 0xc7, 0xcc, 0x06, 0xec, 0x39, 0xb2, 0xcc, ++ 0xd6, 0x7f, 0xff, 0x11, 0x35, 0x68, 0xfd, 0xd0, 0xf2, 0x73, 0xd5, 0x9e, ++ 0x39, 0x08, 0x56, 0x39, ++}; ++ ++/* q=(p-1)/2 for prime prime_weak_1024 */ ++static const unsigned char sub2_prime_weak_1024[] = { ++ 0x72, 0x41, 0x04, 0xa5, 0x35, 0xdf, 0x4d, 0xa8, 0x88, 0xd0, 0x3a, 0x12, ++ 0xff, 0xa8, 0x0e, 0x05, 0x6b, 0x68, 0x5e, 0x69, 0x92, 0x44, 0xba, 0xba, ++ 0x59, 0xeb, 0x35, 0xfa, 0x63, 0xaf, 0xb5, 0x76, 0x0f, 0x1d, 0x10, 0x01, ++ 0x0b, 0x3a, 0xe6, 0x22, 0x25, 0x5f, 0xad, 0xac, 0x56, 0xff, 0x58, 0x0c, ++ 0x35, 0x1c, 0x45, 0xe5, 0xed, 0xe8, 0xbb, 0xa1, 0x71, 0xd1, 0xc3, 0xc5, ++ 0x4c, 0x97, 0x08, 0xec, 0x64, 0x81, 0x42, 0x0e, 0xe9, 0x33, 0x94, 0x5e, ++ 0xc7, 0xfd, 0xab, 0x79, 0x31, 0xc5, 0x16, 0x3e, 0x1c, 0x77, 0xd1, 0x06, ++ 0x35, 0x1b, 0x68, 0x4c, 0x89, 0xa3, 0xa4, 0x20, 0x72, 0xe6, 0xed, 0x82, ++ 0x26, 0x51, 0x09, 0x1f, 0x8d, 0x4d, 0xcd, 0x07, 0x5c, 0x34, 0x3e, 0x80, ++ 0xde, 0x0b, 0x37, 0xa8, 0xb2, 0x0e, 0xd5, 0x90, 0xba, 0xa4, 0x89, 0x1b, ++ 0x56, 0x32, 0xc5, 0xfc, 0x43, 0xec, 0xd7, 0xe8, ++}; ++ ++/* q=(p-1)/2 for prime prime_weak_2048 */ ++static const unsigned char sub2_prime_weak_2048[] = { ++ 0x5a, 0x84, 0x41, 0xb5, 0x11, 0x1c, 0xef, 0x81, 0x7f, 0x39, 0xb5, 0xfd, ++ 0x86, 0xa7, 0x56, 0xa5, 0x87, 0xfe, 0xd9, 0x13, 0xf3, 0xe9, 0x1a, 0xea, ++ 0x41, 0xf9, 0x5e, 0x14, 0xff, 0xa8, 0x7b, 0xb5, 0xdb, 0xca, 0x1c, 0x7f, ++ 0xee, 0x3c, 0xb3, 0xcd, 0x40, 0x45, 0xe1, 0x10, 0x27, 0x29, 0x81, 0x15, ++ 0x03, 0xf6, 0x54, 0xde, 0x91, 0x68, 0xdd, 0x1a, 0x98, 0x88, 0x10, 0xdb, ++ 0x27, 0xf0, 0xca, 0x05, 0xd8, 0x59, 0x9b, 0x90, 0x06, 0xb5, 0x6a, 0x48, ++ 0xae, 0x42, 0xf4, 0xd7, 0x45, 0x79, 0x4a, 0x73, 0xa2, 0x7a, 0xe6, 0x02, ++ 0x41, 0x2b, 0xc0, 0x90, 0xc1, 0x8c, 0x24, 0x16, 0xf1, 0x8e, 0x50, 0xbf, ++ 0xf7, 0x08, 0x5c, 0xf4, 0x20, 0x7e, 0x6d, 0x21, 0xbe, 0x8c, 0x72, 0x34, ++ 0x4f, 0xf6, 0xaf, 0x61, 0x8f, 0xc0, 0x77, 0xae, 0x12, 0x2f, 0x34, 0x56, ++ 0x4c, 0xce, 0x3a, 0x4b, 0x2d, 0xd9, 0xf3, 0xd9, 0x32, 0xbc, 0x7d, 0x9e, ++ 0x08, 0x80, 0x02, 0x25, 0xcc, 0x07, 0x45, 0x3d, 0x9c, 0x04, 0x1a, 0x5c, ++ 0xb6, 0x84, 0x32, 0x8b, 0xc8, 0xa4, 0xb1, 0x23, 0xb2, 0x55, 0xe3, 0x68, ++ 0x79, 0x67, 0xc4, 0x83, 0xf5, 0xd1, 0xae, 0xf9, 0xd1, 0x7d, 0xee, 0xbd, ++ 0x9f, 0x3f, 0x51, 0x6b, 0x8d, 0x21, 0x56, 0xba, 0x5e, 0xdd, 0xe7, 0x90, ++ 0xc8, 0xe9, 0x35, 0x8e, 0xce, 0xd4, 0x02, 0xc4, 0x27, 0xd8, 0xa2, 0xd1, ++ 0x43, 0x48, 0x09, 0x7e, 0xe5, 0x92, 0xf0, 0x89, 0x04, 0x23, 0x8e, 0xc1, ++ 0x96, 0x8a, 0x21, 0x10, 0x04, 0x18, 0xaa, 0x16, 0x4d, 0xa4, 0xfb, 0x5b, ++ 0x16, 0x92, 0xf5, 0x14, 0x5f, 0x89, 0x95, 0xe9, 0xa2, 0xc6, 0x81, 0x4f, ++ 0xd2, 0xd5, 0x75, 0xe0, 0x24, 0x68, 0x83, 0x73, 0x0f, 0x50, 0x1f, 0x02, ++ 0x10, 0x3c, 0xbe, 0x68, 0xe8, 0x56, 0x30, 0xc4, 0xb6, 0x1d, 0xc4, 0x51, ++ 0xaa, 0x36, 0x40, 0x2c, ++}; ++ ++/* q=(p-1)/2 for prime prime_weak_3072 */ ++static const unsigned char sub2_prime_weak_3072[] = { ++ 0x4a, 0x19, 0x63, 0xa3, 0xa8, 0xd1, 0x81, 0xcd, 0xf9, 0x28, 0xae, 0x34, ++ 0xd7, 0x82, 0x9e, 0x3b, 0x31, 0x51, 0x76, 0x2d, 0x66, 0x6f, 0xc0, 0x79, ++ 0x96, 0xe7, 0x52, 0xd2, 0xcf, 0x16, 0xd5, 0xaf, 0xc8, 0xde, 0xc9, 0xb0, ++ 0xeb, 0xbd, 0xb8, 0xb7, 0xf9, 0xc9, 0x5f, 0xd4, 0x7e, 0x66, 0x80, 0x7a, ++ 0xa4, 0x84, 0x00, 0x46, 0x69, 0x7f, 0x25, 0x6c, 0x15, 0xb7, 0x21, 0x60, ++ 0x6c, 0x51, 0x45, 0x95, 0x8c, 0x01, 0x56, 0xf4, 0x27, 0x22, 0x04, 0x93, ++ 0x50, 0xd0, 0xe5, 0x4c, 0xf1, 0xec, 0xcd, 0x43, 0x9e, 0x41, 0xb5, 0x0d, ++ 0x3d, 0xb0, 0x5d, 0x3c, 0x06, 0x3c, 0xa8, 0x0f, 0xef, 0x20, 0x0a, 0x2c, ++ 0x0c, 0x54, 0x95, 0xba, 0x08, 0xda, 0x32, 0xff, 0x4e, 0x81, 0xd2, 0x77, ++ 0xef, 0xba, 0x47, 0x66, 0xbd, 0xea, 0x79, 0x94, 0x3a, 0xd9, 0x18, 0xf7, ++ 0xcc, 0xb2, 0xe5, 0xad, 0x3b, 0xe5, 0x51, 0x12, 0x94, 0x57, 0x7d, 0x4f, ++ 0xf5, 0xed, 0x66, 0x1a, 0x3d, 0x90, 0xeb, 0xed, 0xaa, 0x20, 0x73, 0x17, ++ 0xed, 0xe0, 0x67, 0x6e, 0x72, 0xe4, 0x93, 0xcb, 0xcc, 0xce, 0x01, 0x27, ++ 0x92, 0x44, 0x49, 0xef, 0xd4, 0xe3, 0x9f, 0x08, 0x64, 0x55, 0x35, 0x67, ++ 0x6d, 0x23, 0x4a, 0x46, 0x56, 0x8f, 0x78, 0xe5, 0xe9, 0xe6, 0xa1, 0xa2, ++ 0x5a, 0x10, 0x48, 0xcf, 0x7b, 0x68, 0x81, 0xf7, 0xe1, 0x02, 0x7b, 0x83, ++ 0xed, 0xd6, 0x51, 0x14, 0x46, 0x3e, 0x8e, 0xae, 0x96, 0x2d, 0x7e, 0x13, ++ 0x2d, 0x85, 0xac, 0x5c, 0xcd, 0x23, 0xf4, 0xd0, 0x6f, 0xd2, 0xad, 0x79, ++ 0xf2, 0xeb, 0x75, 0xb4, 0xda, 0xa7, 0x5e, 0x38, 0xe0, 0x6b, 0x4d, 0xdc, ++ 0x20, 0x1d, 0xe2, 0xb9, 0x2e, 0xa6, 0x8d, 0x8b, 0x9e, 0x9b, 0x52, 0x58, ++ 0x8a, 0xd3, 0xcd, 0x39, 0x75, 0xf9, 0x4f, 0x20, 0x68, 0xde, 0x1a, 0xe3, ++ 0xe8, 0x8d, 0x47, 0x8e, 0x15, 0xaf, 0x6c, 0x59, 0x9d, 0xa2, 0x57, 0x7a, ++ 0xc0, 0xe8, 0x45, 0x1b, 0xd5, 0xdd, 0x11, 0x5e, 0x16, 0xc4, 0x17, 0x92, ++ 0x5d, 0xd8, 0x0d, 0x54, 0xaf, 0x83, 0x88, 0x36, 0xe3, 0x5d, 0x9e, 0x51, ++ 0x33, 0x7c, 0xdc, 0xca, 0xeb, 0x2f, 0x46, 0x67, 0x02, 0x6e, 0x59, 0xa6, ++ 0x5e, 0x74, 0xe2, 0xe5, 0x8c, 0xcb, 0xf1, 0x50, 0x84, 0x9c, 0x6b, 0xc1, ++ 0x53, 0x5f, 0xe4, 0x8a, 0x92, 0xf8, 0x96, 0x3b, 0xfe, 0x5e, 0xfd, 0x3f, ++ 0xc9, 0x7f, 0x6b, 0x18, 0x81, 0x91, 0x96, 0x8b, 0x97, 0xa8, 0xcf, 0x2e, ++ 0x58, 0xb4, 0x60, 0x1f, 0xa1, 0x4c, 0x80, 0x2a, 0x99, 0xb4, 0x6b, 0xf7, ++ 0x28, 0xbe, 0x9f, 0x01, 0xa7, 0x81, 0x2f, 0x93, 0xee, 0x8b, 0x8c, 0x36, ++ 0x0f, 0x4e, 0xc8, 0xb2, 0xfc, 0x6b, 0xd3, 0x4f, 0xd0, 0xdd, 0x54, 0x3b, ++ 0x72, 0x6c, 0x7a, 0x2c, 0xc8, 0x0b, 0x33, 0xc4, 0x61, 0x54, 0xf2, 0x16, ++}; ++ ++/* q=(p-1)/2 for prime prime_weak_4096 */ ++static const unsigned char sub2_prime_weak_4096[] = { ++ 0x7f, 0xa8, 0x69, 0xe6, 0x44, 0x8b, 0xaf, 0x5b, 0x7c, 0x51, 0xd8, 0x71, ++ 0x7c, 0xcf, 0x8b, 0xd0, 0xc9, 0x2b, 0x0a, 0x89, 0x89, 0x4f, 0x8c, 0x6e, ++ 0x03, 0x80, 0x61, 0x24, 0xe4, 0xec, 0xea, 0x05, 0x71, 0xeb, 0xfb, 0x30, ++ 0x10, 0xd4, 0xbd, 0xe0, 0x07, 0x87, 0x57, 0x1f, 0x3b, 0xbb, 0xa4, 0x6c, ++ 0x7e, 0xa1, 0x76, 0x5a, 0xd7, 0x00, 0x55, 0xe7, 0x68, 0x88, 0xe5, 0x69, ++ 0x32, 0x2d, 0x51, 0xb5, 0xdd, 0x68, 0xc9, 0xf5, 0x6d, 0x69, 0x50, 0x30, ++ 0x1c, 0x85, 0x9a, 0x27, 0x86, 0x78, 0xd8, 0x29, 0x3a, 0xa8, 0x9e, 0x94, ++ 0x01, 0x5a, 0xde, 0xa1, 0x4c, 0x10, 0x53, 0xa1, 0x5c, 0x90, 0xcd, 0x57, ++ 0x5b, 0x20, 0xbd, 0xb8, 0x71, 0xec, 0xd7, 0xc0, 0x8d, 0x60, 0x9c, 0xce, ++ 0x29, 0x2b, 0x65, 0x86, 0xb5, 0x33, 0xb7, 0x9e, 0x89, 0x3b, 0x39, 0xa9, ++ 0xca, 0x96, 0xe0, 0x82, 0x6d, 0xc1, 0xf2, 0x68, 0x5f, 0x16, 0xd3, 0x3d, ++ 0x07, 0xc0, 0x0d, 0xe8, 0x0b, 0x0a, 0x1d, 0x70, 0x24, 0x7d, 0x7a, 0xa2, ++ 0x54, 0x70, 0x5f, 0xcc, 0x70, 0xab, 0x75, 0x3b, 0x5b, 0x71, 0x51, 0xad, ++ 0x8a, 0xbc, 0x88, 0x58, 0x20, 0xee, 0x14, 0x87, 0x8f, 0x1b, 0xb4, 0xe6, ++ 0x89, 0xdf, 0x16, 0xf0, 0x39, 0x9c, 0x34, 0x76, 0xa8, 0x35, 0x68, 0x7d, ++ 0xe5, 0x8b, 0x9d, 0x2c, 0xfd, 0xf6, 0x5d, 0x3a, 0xdb, 0x27, 0x17, 0xb7, ++ 0x4b, 0xcc, 0x07, 0x3c, 0x92, 0xee, 0xec, 0x7a, 0x9a, 0x5a, 0x50, 0x3f, ++ 0x5d, 0x34, 0x3e, 0x27, 0xfd, 0xf0, 0x4b, 0xa3, 0x28, 0x0f, 0x25, 0x2c, ++ 0xce, 0x6e, 0x1a, 0x71, 0x15, 0x5a, 0xe4, 0x2c, 0x4a, 0x24, 0x4f, 0xdc, ++ 0x1b, 0x65, 0xe7, 0x1b, 0x58, 0xbe, 0x72, 0xc6, 0xad, 0xa1, 0xeb, 0xc4, ++ 0x6f, 0xd7, 0x68, 0x64, 0xa1, 0x2f, 0x85, 0x71, 0xb1, 0x88, 0xe2, 0x86, ++ 0x40, 0x2a, 0xac, 0x6b, 0xf9, 0x28, 0xb7, 0x59, 0xbf, 0x4e, 0x8e, 0x61, ++ 0xb0, 0xac, 0xae, 0x23, 0xea, 0x4c, 0xe0, 0x33, 0xfd, 0xd9, 0x6b, 0x08, ++ 0xed, 0x49, 0x2d, 0xb5, 0xe9, 0x38, 0x5b, 0xb4, 0xb9, 0x73, 0x83, 0x6e, ++ 0xa0, 0x56, 0x40, 0xa8, 0x8e, 0xa9, 0x3d, 0x22, 0x9c, 0x44, 0x93, 0x96, ++ 0x62, 0x25, 0xbf, 0x2f, 0x3c, 0xf7, 0xc2, 0x35, 0x12, 0x26, 0xce, 0x4f, ++ 0x65, 0x3a, 0xae, 0x03, 0x36, 0xe8, 0x29, 0x74, 0xed, 0x4f, 0xa3, 0x5b, ++ 0x31, 0x0e, 0xd9, 0xec, 0xf9, 0x3e, 0xeb, 0x61, 0x3d, 0x24, 0xbe, 0x6e, ++ 0xcd, 0xd5, 0x61, 0xc2, 0x05, 0x84, 0x19, 0xdc, 0x40, 0x61, 0x89, 0x47, ++ 0xd6, 0xd6, 0x07, 0xbf, 0xd7, 0xac, 0xb0, 0x86, 0xcc, 0x60, 0xfc, 0xb4, ++ 0x61, 0x8d, 0x88, 0x04, 0x62, 0x19, 0x9e, 0x52, 0x71, 0x6a, 0xf5, 0xb8, ++ 0xae, 0x8c, 0xbf, 0x02, 0xe5, 0x4d, 0x7a, 0xdd, 0xb8, 0xaa, 0xc1, 0xce, ++ 0x12, 0xa8, 0x1a, 0xbf, 0x96, 0xf5, 0xf9, 0x06, 0xf6, 0x9e, 0x5c, 0x38, ++ 0xde, 0x84, 0x7a, 0xc4, 0xbf, 0x2f, 0x1c, 0x20, 0x6b, 0xf6, 0xbb, 0xc6, ++ 0xbd, 0x76, 0x95, 0x4f, 0xfe, 0x00, 0xfa, 0x71, 0x67, 0xed, 0x46, 0x51, ++ 0xab, 0xee, 0x0a, 0x6b, 0x50, 0xec, 0xcb, 0xdc, 0xf3, 0x7e, 0x24, 0x3a, ++ 0xa1, 0xde, 0x9d, 0xc8, 0x8b, 0x9e, 0x19, 0xe5, 0x67, 0x14, 0x84, 0x8d, ++ 0xf4, 0x4e, 0xdb, 0x3a, 0x02, 0xaf, 0x17, 0x52, 0x8e, 0xbf, 0x9d, 0x54, ++ 0x96, 0x7b, 0x26, 0xa0, 0xc8, 0x5e, 0x2b, 0x0c, 0x29, 0x01, 0x48, 0x77, ++ 0xb8, 0xff, 0x9f, 0x06, 0x7c, 0x00, 0x02, 0x03, 0xea, 0x90, 0x13, 0x6e, ++ 0xae, 0x58, 0x9b, 0x81, 0x90, 0x06, 0x5a, 0x5b, 0x1c, 0xa4, 0xa4, 0xd5, ++ 0x73, 0xcc, 0x00, 0xd1, 0x17, 0x05, 0x19, 0xc1, 0x4f, 0x5c, 0x92, 0x5b, ++ 0xc0, 0x6f, 0xe9, 0xef, 0x82, 0x72, 0x28, 0x4e, ++}; ++ ++/* q=(p-1)/2 for prime prime_weak_6144 */ ++static const unsigned char sub2_prime_weak_6144[] = { ++ 0x51, 0x12, 0x4b, 0x5b, 0x10, 0xb4, 0x6a, 0xbf, 0x16, 0x30, 0x26, 0xe4, ++ 0x40, 0xac, 0xce, 0x0e, 0x38, 0x76, 0x12, 0x14, 0x5b, 0x29, 0x1b, 0x04, ++ 0xc3, 0xd5, 0x60, 0xad, 0xf2, 0xd3, 0x1f, 0x44, 0x2a, 0x02, 0xf1, 0x84, ++ 0x84, 0xe5, 0x36, 0xcd, 0xe2, 0x46, 0x93, 0x57, 0xeb, 0xf7, 0x4f, 0x86, ++ 0xde, 0xa2, 0x47, 0x7f, 0x66, 0xf9, 0x73, 0x6f, 0x56, 0x79, 0x01, 0x1b, ++ 0xee, 0x1a, 0xe1, 0x67, 0x66, 0xaf, 0xe2, 0xc3, 0x87, 0xcc, 0xd3, 0xed, ++ 0x87, 0x8d, 0x66, 0xbb, 0x55, 0x25, 0x52, 0x84, 0xb0, 0x30, 0x71, 0xac, ++ 0x72, 0x29, 0x03, 0x8d, 0xa1, 0x0b, 0x88, 0xa8, 0x15, 0xa0, 0x4a, 0xc6, ++ 0xa4, 0x50, 0x1a, 0x4a, 0x92, 0x9c, 0x67, 0x84, 0xca, 0x73, 0x2a, 0x83, ++ 0x45, 0x6f, 0x6e, 0x20, 0xa5, 0x6c, 0x8f, 0xc0, 0x41, 0x0e, 0xdc, 0x0f, ++ 0x42, 0x30, 0x6f, 0x76, 0xa7, 0xe0, 0x6c, 0x0e, 0xaa, 0x6d, 0x59, 0xf9, ++ 0x87, 0x2a, 0x1f, 0x8c, 0x44, 0x7f, 0x92, 0x98, 0xe3, 0x0b, 0x73, 0x38, ++ 0x7d, 0x62, 0x04, 0x7e, 0x00, 0x45, 0xfb, 0x4e, 0x94, 0xc5, 0x2c, 0xa4, ++ 0xf6, 0xae, 0x1a, 0x3d, 0x42, 0x3c, 0xa0, 0x60, 0xbf, 0x41, 0x0b, 0x9b, ++ 0x64, 0x4b, 0x5a, 0xe9, 0x7c, 0xed, 0xe0, 0x08, 0x4f, 0xfc, 0x4a, 0x9a, ++ 0xb7, 0xd8, 0x5c, 0xa4, 0x44, 0x6e, 0x78, 0x26, 0x98, 0x66, 0x8a, 0xfe, ++ 0x97, 0xdd, 0x0c, 0x66, 0x4a, 0x28, 0x1f, 0xff, 0x30, 0x1e, 0xbd, 0x23, ++ 0x77, 0xe2, 0x66, 0x8a, 0x70, 0x77, 0xcb, 0xc0, 0xd0, 0xca, 0xf1, 0xd2, ++ 0xc8, 0xcd, 0x7b, 0xcf, 0xbe, 0x7d, 0x06, 0x34, 0xdb, 0x6f, 0xed, 0xd7, ++ 0x98, 0xec, 0x54, 0x3b, 0xb5, 0x5d, 0x5d, 0x40, 0x7f, 0x9f, 0xaf, 0xc3, ++ 0x4f, 0xc0, 0x01, 0x8f, 0x68, 0x2f, 0x9b, 0xa8, 0x30, 0xfe, 0x01, 0xec, ++ 0x49, 0xd0, 0xbc, 0xb1, 0x7d, 0x49, 0x5c, 0x25, 0x33, 0x4c, 0xeb, 0xc2, ++ 0xc6, 0x87, 0x83, 0x81, 0x01, 0xc1, 0xc6, 0x10, 0x52, 0xce, 0x17, 0xfe, ++ 0x91, 0x2d, 0x78, 0x4a, 0x8f, 0x5f, 0x8b, 0xf8, 0x9d, 0x20, 0x3f, 0xe7, ++ 0x4a, 0x31, 0x2f, 0xac, 0x72, 0xf9, 0xcc, 0xc6, 0x1c, 0x47, 0x82, 0x88, ++ 0x34, 0x75, 0x20, 0xda, 0xe0, 0x37, 0xa7, 0xb1, 0xc3, 0x8e, 0xcc, 0x61, ++ 0x98, 0xb3, 0x0f, 0x4f, 0x96, 0x9e, 0x37, 0x4f, 0xd9, 0xe7, 0xc7, 0x3b, ++ 0xfa, 0x9e, 0x28, 0xad, 0x77, 0x41, 0x50, 0xe2, 0xa9, 0x90, 0x3a, 0xe8, ++ 0xd4, 0x01, 0x1b, 0xa1, 0x84, 0x0b, 0x02, 0x80, 0xf6, 0xf5, 0x78, 0xa9, ++ 0x2c, 0x10, 0x4a, 0x42, 0x82, 0x97, 0x24, 0x1f, 0xa3, 0xa4, 0xa7, 0x80, ++ 0xa2, 0x5e, 0x8f, 0x21, 0x75, 0x48, 0x48, 0x11, 0xcc, 0x82, 0xfe, 0x9b, ++ 0xa0, 0x86, 0x17, 0xe2, 0x10, 0x02, 0x4c, 0xf7, 0x07, 0xdd, 0xe1, 0x36, ++ 0x85, 0x3f, 0x92, 0x2d, 0x0b, 0xd2, 0x75, 0xce, 0x33, 0xff, 0x32, 0x06, ++ 0xf5, 0x5b, 0x90, 0x24, 0x20, 0x1d, 0x92, 0xf6, 0xa8, 0xae, 0x7e, 0x10, ++ 0x0c, 0x5b, 0x7e, 0x1f, 0x6d, 0xec, 0xd0, 0xde, 0xcf, 0x77, 0x65, 0xae, ++ 0x81, 0x7f, 0x3f, 0xa1, 0x4e, 0xe4, 0xe7, 0x7d, 0x70, 0xec, 0x79, 0x02, ++ 0xb3, 0x9a, 0xc4, 0x27, 0x6b, 0xb8, 0x4b, 0xb1, 0xda, 0x86, 0x30, 0x44, ++ 0xe0, 0x7f, 0x19, 0x6b, 0xd7, 0x25, 0xf8, 0x85, 0x57, 0x1e, 0x6f, 0x0c, ++ 0x4e, 0x0e, 0xe9, 0x6d, 0x79, 0x01, 0x46, 0xf8, 0x83, 0xeb, 0x2f, 0x5b, ++ 0xdd, 0x57, 0xc0, 0xcb, 0xf7, 0x70, 0x4e, 0xa8, 0xf9, 0x8e, 0xe0, 0xae, ++ 0xa1, 0xf1, 0x05, 0x86, 0x4e, 0x06, 0xba, 0x48, 0x90, 0x37, 0xb2, 0xf8, ++ 0xf9, 0x42, 0x01, 0x1c, 0x5a, 0xf2, 0x88, 0x10, 0xfe, 0x73, 0x61, 0xa5, ++ 0xb0, 0x24, 0xb5, 0x78, 0xea, 0xa8, 0x07, 0xb7, 0xc5, 0x8f, 0x40, 0x79, ++ 0xae, 0x94, 0xf7, 0x30, 0x55, 0x93, 0x52, 0xc6, 0x62, 0x26, 0x65, 0xd3, ++ 0x55, 0x71, 0xff, 0x68, 0xb3, 0xa4, 0x5a, 0x7d, 0x5f, 0xab, 0xff, 0x31, ++ 0x42, 0xd0, 0x56, 0x6e, 0x27, 0x38, 0x80, 0xe6, 0x09, 0x76, 0x40, 0x4a, ++ 0xaa, 0x6e, 0x0a, 0x4f, 0x10, 0x6d, 0x2d, 0x5e, 0xf7, 0x3b, 0x5f, 0x1c, ++ 0xe7, 0xde, 0xc5, 0x71, 0x87, 0x38, 0xc2, 0xf2, 0x1e, 0x31, 0x1d, 0xfc, ++ 0x37, 0x38, 0x6a, 0x6b, 0x17, 0x70, 0x2f, 0x08, 0xce, 0x99, 0xec, 0x98, ++ 0x7f, 0x9d, 0xe6, 0x15, 0x1c, 0xe2, 0x37, 0xfe, 0xe5, 0x44, 0x56, 0x94, ++ 0x51, 0x74, 0x54, 0x6b, 0xf3, 0x04, 0x06, 0xd7, 0xce, 0xec, 0x64, 0x20, ++ 0xb3, 0x42, 0x33, 0x43, 0x15, 0xc0, 0x9d, 0xb6, 0x63, 0x3b, 0x13, 0xb5, ++ 0x06, 0xcb, 0x07, 0x32, 0x9f, 0x6f, 0xfa, 0xb4, 0x02, 0x4e, 0x96, 0x93, ++ 0x45, 0xe5, 0x05, 0x3c, 0x95, 0x5a, 0x50, 0x59, 0x8c, 0x25, 0x75, 0x35, ++ 0x69, 0x0a, 0x66, 0xa3, 0xc2, 0xcf, 0xc3, 0x6b, 0xef, 0x55, 0x0f, 0x07, ++ 0x38, 0x89, 0xf6, 0x7f, 0x3e, 0x34, 0xdf, 0x91, 0x78, 0x30, 0xa8, 0x4b, ++ 0xbb, 0xe1, 0x15, 0x98, 0xc4, 0x88, 0xeb, 0x04, 0x58, 0xea, 0x67, 0x5d, ++ 0x50, 0x0b, 0x4e, 0x15, 0xc5, 0x9f, 0x0b, 0xec, 0x75, 0x70, 0xf8, 0x90, ++ 0x3f, 0x9f, 0x3b, 0x4f, 0x97, 0xa3, 0x61, 0xd7, 0xe2, 0x5d, 0x64, 0xb1, ++ 0xfb, 0xdd, 0xcc, 0x36, 0xb0, 0x0b, 0x02, 0x0a, 0x61, 0x76, 0x97, 0x61, ++ 0x80, 0x27, 0xc7, 0xce, 0xe3, 0x6c, 0xe6, 0xe0, 0xd5, 0xa7, 0x33, 0xf6, ++ 0xfc, 0x69, 0x31, 0x09, 0xfd, 0x08, 0x98, 0xdd, 0x84, 0x6e, 0xa7, 0x44, ++ 0xa5, 0x7f, 0x83, 0xc4, 0xda, 0xb6, 0x61, 0xff, 0x3b, 0x36, 0x88, 0x26, ++ 0x0f, 0x08, 0x2a, 0x91, 0x4a, 0xff, 0x04, 0xd2, 0xb7, 0x39, 0x86, 0x15, ++}; ++ ++/* q=(p-1)/2 for prime prime_weak_8192 */ ++static const unsigned char sub2_prime_weak_8192[] = { ++ 0x49, 0xef, 0xb6, 0x9b, 0xee, 0x15, 0x52, 0x55, 0xae, 0xee, 0x39, 0xa1, ++ 0x09, 0x0c, 0x47, 0x9c, 0xa3, 0xb9, 0xfa, 0x9f, 0x5e, 0x37, 0x06, 0x95, ++ 0x34, 0x2e, 0xa9, 0xa7, 0x91, 0x46, 0x54, 0x54, 0x25, 0x56, 0x35, 0x30, ++ 0x2a, 0x65, 0x0d, 0x3a, 0xed, 0x42, 0x81, 0x2f, 0x40, 0x5d, 0xcd, 0xad, ++ 0x3a, 0x4b, 0x34, 0xe1, 0x3e, 0x42, 0x0f, 0xbb, 0x06, 0xa9, 0xf2, 0x05, ++ 0x99, 0x79, 0xa5, 0xfb, 0x49, 0x2d, 0x96, 0x4c, 0x2e, 0xd4, 0xb0, 0x6e, ++ 0x0b, 0xad, 0xfd, 0xda, 0x87, 0x1c, 0x57, 0x31, 0x8b, 0x3c, 0xd2, 0x62, ++ 0xbb, 0x3a, 0x10, 0x4b, 0xad, 0xee, 0x54, 0xc4, 0x68, 0x8a, 0x23, 0x1f, ++ 0x0e, 0xf3, 0x65, 0x5a, 0x9c, 0x2b, 0xfe, 0xf5, 0xb3, 0x15, 0x7d, 0x46, ++ 0x18, 0x03, 0xf5, 0x5a, 0x5e, 0x3c, 0x99, 0x8a, 0x6f, 0xc7, 0x8e, 0xb0, ++ 0x23, 0xe3, 0x91, 0xec, 0xbf, 0xf1, 0x8e, 0x4a, 0x54, 0xdd, 0x96, 0x8d, ++ 0x9b, 0xb2, 0x10, 0x67, 0xb4, 0x29, 0x1c, 0xec, 0xb7, 0x91, 0xa8, 0x59, ++ 0x33, 0xe4, 0x23, 0xd5, 0x1c, 0xcb, 0x69, 0x7e, 0xcd, 0xce, 0x43, 0x38, ++ 0xec, 0x3e, 0x33, 0xda, 0xbd, 0x4e, 0xa7, 0xfc, 0x47, 0x9a, 0x32, 0x65, ++ 0xed, 0xc2, 0x88, 0xcb, 0xc3, 0x7b, 0xd0, 0x8c, 0x95, 0x08, 0x3d, 0x79, ++ 0x0a, 0x8d, 0x86, 0x37, 0x32, 0x78, 0x8c, 0x29, 0xfc, 0xcd, 0x6e, 0xbe, ++ 0x06, 0xbe, 0x1e, 0x9c, 0xce, 0x51, 0xe2, 0xfc, 0x34, 0x37, 0xda, 0x1a, ++ 0xfc, 0x0e, 0xdc, 0x64, 0x55, 0xf5, 0x2c, 0x79, 0xdd, 0xbc, 0x79, 0xf1, ++ 0x53, 0x0b, 0x59, 0xa5, 0x05, 0x2b, 0x2d, 0xa2, 0x56, 0x65, 0xb3, 0x2e, ++ 0xd1, 0xb1, 0x38, 0xc8, 0x82, 0xea, 0x4b, 0xb9, 0x19, 0xbb, 0xa1, 0x98, ++ 0x9a, 0xce, 0x21, 0xdc, 0x6a, 0xc2, 0xed, 0xc7, 0x14, 0x65, 0x94, 0xcc, ++ 0x5b, 0xff, 0x35, 0x7b, 0x04, 0x44, 0xc1, 0x7e, 0x73, 0x2e, 0xb1, 0x34, ++ 0x2a, 0xd6, 0x1d, 0xce, 0xc1, 0x66, 0x83, 0x08, 0x29, 0xc9, 0x8e, 0xb3, ++ 0x35, 0x67, 0x31, 0x96, 0x24, 0x9b, 0x79, 0x86, 0x8e, 0x1f, 0x92, 0x68, ++ 0x3f, 0xd9, 0x50, 0x67, 0xbb, 0x15, 0x0b, 0x51, 0x37, 0xb5, 0xfa, 0x7f, ++ 0x5a, 0xe5, 0x4c, 0xa2, 0x3e, 0x7e, 0x1d, 0xe0, 0xf2, 0x04, 0xfa, 0xbd, ++ 0xb6, 0xb6, 0x50, 0x8a, 0x88, 0x00, 0x26, 0x3a, 0xa6, 0x95, 0x40, 0x4a, ++ 0xc8, 0x4d, 0x0a, 0xaf, 0x3b, 0x94, 0x47, 0x41, 0xa0, 0x42, 0x8f, 0x96, ++ 0xb8, 0x0b, 0xd0, 0x58, 0x3e, 0xf2, 0xfd, 0x40, 0xa8, 0xdf, 0x5a, 0x0b, ++ 0x7b, 0x2a, 0x4f, 0x87, 0x51, 0xf1, 0x0f, 0x2f, 0x4d, 0x8e, 0x6d, 0x07, ++ 0x4f, 0xc9, 0xae, 0x7a, 0x21, 0xde, 0xce, 0x0f, 0x0b, 0x33, 0xda, 0xa1, ++ 0x4a, 0x38, 0x7c, 0x3c, 0x86, 0x16, 0xa4, 0x60, 0x92, 0x62, 0xe3, 0x54, ++ 0xb2, 0x06, 0x22, 0x76, 0x4c, 0xd7, 0x5a, 0xf3, 0xe0, 0x92, 0x45, 0x36, ++ 0x68, 0xd1, 0x5f, 0xa6, 0x35, 0x85, 0xf4, 0xf8, 0x4c, 0x1e, 0xe3, 0xce, ++ 0x70, 0xc6, 0x8d, 0x6f, 0x62, 0x22, 0x21, 0xe3, 0x5f, 0x9c, 0x31, 0x12, ++ 0xc8, 0xa1, 0x42, 0x00, 0x94, 0x65, 0xc0, 0x5e, 0x1c, 0xa6, 0x61, 0x9f, ++ 0xfb, 0x6f, 0xf0, 0xf3, 0x64, 0xbb, 0x9a, 0xab, 0x97, 0xc4, 0xce, 0xfd, ++ 0x57, 0x9b, 0xeb, 0x19, 0xb8, 0x9a, 0x7f, 0xa9, 0x14, 0x59, 0x9e, 0x4b, ++ 0x34, 0x08, 0x09, 0x64, 0xdf, 0x0c, 0x01, 0xe6, 0xf7, 0x93, 0x85, 0x68, ++ 0xe4, 0x87, 0x24, 0x80, 0x91, 0x39, 0xed, 0xaf, 0x88, 0xba, 0xb6, 0xf5, ++ 0x0b, 0x6d, 0x13, 0x3f, 0x9f, 0x3e, 0x65, 0xb1, 0x67, 0xe6, 0x46, 0xeb, ++ 0x75, 0x67, 0x13, 0x22, 0x52, 0x3a, 0x2a, 0x27, 0x15, 0x8a, 0xdd, 0x4e, ++ 0xd0, 0x9c, 0xf4, 0x7e, 0xf0, 0x14, 0xf8, 0x6b, 0xd5, 0x18, 0x35, 0xeb, ++ 0x8a, 0x1e, 0x50, 0x02, 0x5e, 0x76, 0xc1, 0x65, 0xe4, 0xed, 0xa7, 0x90, ++ 0x02, 0xb7, 0x22, 0xbc, 0xee, 0xad, 0x9e, 0xaf, 0x77, 0x78, 0xe1, 0xd5, ++ 0x59, 0xe9, 0x9d, 0x23, 0xd6, 0x71, 0x89, 0x50, 0xea, 0xfa, 0x12, 0x72, ++ 0xb6, 0x72, 0x4f, 0xda, 0x65, 0x4b, 0x24, 0xa8, 0x9b, 0x1d, 0xd2, 0x51, ++ 0x6b, 0x17, 0x21, 0x11, 0x99, 0x46, 0x64, 0x41, 0xf5, 0x0a, 0x68, 0x84, ++ 0x04, 0xc7, 0xed, 0xa6, 0x61, 0x00, 0x22, 0x03, 0x40, 0xea, 0x08, 0xae, ++ 0x95, 0x8f, 0x1b, 0xc0, 0x55, 0x5c, 0xc4, 0x7d, 0x55, 0xe9, 0x3b, 0x17, ++ 0x01, 0xdc, 0x1d, 0x85, 0xfe, 0x00, 0xcb, 0x71, 0xb1, 0x00, 0x38, 0x89, ++ 0xf4, 0x7d, 0xbc, 0x67, 0x1c, 0x83, 0x50, 0xa2, 0x6e, 0xb0, 0xb5, 0x2b, ++ 0x59, 0x66, 0xe5, 0xf6, 0x33, 0x92, 0x14, 0x3e, 0x9c, 0xc0, 0x1b, 0xe5, ++ 0xca, 0xa4, 0xcb, 0x74, 0x9f, 0xdb, 0xc4, 0xf5, 0x88, 0xbe, 0x1a, 0x24, ++ 0x9b, 0x16, 0x76, 0x41, 0x5b, 0x1e, 0x54, 0xcd, 0x69, 0xdc, 0x55, 0xdc, ++ 0x94, 0x17, 0xcb, 0xb8, 0x82, 0x54, 0x43, 0x15, 0xa1, 0xdb, 0x13, 0xa8, ++ 0xc5, 0x70, 0x51, 0xcc, 0x73, 0x99, 0x99, 0x7f, 0x0c, 0x5c, 0x9c, 0x4a, ++ 0xbc, 0x0b, 0xdf, 0x21, 0xd0, 0x04, 0x45, 0x82, 0xc6, 0xab, 0x6b, 0xa7, ++ 0x30, 0x80, 0x80, 0x02, 0x89, 0x36, 0x89, 0xca, 0xf5, 0x67, 0x6e, 0x5f, ++ 0xe2, 0x3a, 0x10, 0x44, 0x94, 0x02, 0xe9, 0x4b, 0xe1, 0x9a, 0x92, 0x36, ++ 0xa1, 0xee, 0xf1, 0x4f, 0x8a, 0xc0, 0x77, 0x6e, 0xe6, 0xc5, 0x44, 0x62, ++ 0xc9, 0x6d, 0x0e, 0xec, 0xe8, 0x5c, 0x7e, 0x8c, 0x66, 0x2c, 0x0d, 0xe5, ++ 0x1d, 0xe6, 0x4f, 0x66, 0xa9, 0xb0, 0xb4, 0x7a, 0xdd, 0x96, 0x81, 0x2a, ++ 0x95, 0xc9, 0xcf, 0x8c, 0x0b, 0x90, 0x58, 0xaa, 0x70, 0x7f, 0x1f, 0x35, ++ 0x08, 0x3f, 0xf7, 0x30, 0x3e, 0x65, 0x8a, 0x41, 0x34, 0x76, 0x84, 0x03, ++ 0xf3, 0x9a, 0x56, 0x93, 0xb7, 0xed, 0x2b, 0xf1, 0x53, 0xa5, 0xbf, 0x3d, ++ 0x17, 0x4a, 0xc4, 0x2c, 0x1e, 0xf3, 0xee, 0x51, 0xf9, 0x74, 0xfa, 0xca, ++ 0xfe, 0x8e, 0x2f, 0xcf, 0x2e, 0x06, 0x74, 0x1b, 0x6a, 0x84, 0x9a, 0xb3, ++ 0x13, 0xdc, 0x89, 0xc5, 0x07, 0x7d, 0x75, 0xd3, 0x2d, 0xeb, 0x03, 0xa6, ++ 0xe7, 0x86, 0xc8, 0x38, 0xd0, 0xf2, 0xac, 0x0f, 0x13, 0xb4, 0xb2, 0x0c, ++ 0x11, 0x03, 0xc5, 0x15, 0x74, 0x84, 0x00, 0x01, 0x45, 0x2c, 0x1c, 0x40, ++ 0x82, 0xec, 0x73, 0xae, 0x9e, 0xf4, 0x15, 0x8b, 0xfd, 0x14, 0xae, 0x75, ++ 0xc9, 0x86, 0x07, 0x94, 0xb4, 0x10, 0xc9, 0xb1, 0x79, 0x70, 0xa2, 0x1c, ++ 0x34, 0x90, 0xab, 0xc3, 0x38, 0xb5, 0x9e, 0x89, 0x27, 0x14, 0x6d, 0x85, ++ 0xea, 0x16, 0x62, 0xf4, 0x2f, 0xcd, 0xe9, 0x13, 0x04, 0x22, 0xd2, 0x59, ++ 0x58, 0xaf, 0x68, 0x8c, 0x1f, 0x31, 0x46, 0xbb, 0xd0, 0x31, 0x03, 0xba, ++ 0x86, 0x34, 0x3f, 0xd5, 0xe9, 0x16, 0x76, 0x47, 0x54, 0xb7, 0x1b, 0x9e, ++ 0xed, 0x99, 0xbd, 0x25, 0x5d, 0x43, 0x12, 0xa8, 0x35, 0x1b, 0x8d, 0xcd, ++ 0xc8, 0x8d, 0x2f, 0xc9, 0x90, 0xf5, 0x48, 0xee, 0x32, 0x5b, 0x03, 0xa2, ++ 0x1a, 0x3c, 0xb5, 0x35, 0x21, 0x27, 0x79, 0xf1, 0x51, 0x35, 0xff, 0xe6, ++ 0xeb, 0xe2, 0xb4, 0xdc, 0xc0, 0xbe, 0x9a, 0x5a, 0x2d, 0xdb, 0x41, 0xe1, ++ 0xb5, 0xcd, 0x70, 0x97, 0x2f, 0x1a, 0x00, 0x90, 0xf5, 0x9b, 0xe6, 0x62, ++ 0xaf, 0xbf, 0xd0, 0x6f, 0x07, 0xbc, 0xdb, 0xe1, 0x9d, 0xc2, 0x3e, 0xf4, ++ 0x4b, 0x7e, 0x99, 0x23, 0xbc, 0x1f, 0x11, 0x64, 0x4c, 0x67, 0x3d, 0x77, ++ 0x8e, 0xd3, 0x04, 0x9d, 0x7f, 0xfb, 0xb4, 0x6c, 0xdc, 0x74, 0xbf, 0x45, ++ 0x76, 0x11, 0x80, 0xcb, ++}; ++ ++/* Public keys in known small subgroups - fails in all modes */ ++static const unsigned char pub_key_zero[] = {0}; ++static const unsigned char pub_key_one[] = {1}; ++ ++static const unsigned char pub_key_minus_1_ike_1536[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE}; ++ ++static const unsigned char pub_key_minus_1_safe_2048[] = { ++ 0xe1, 0xa3, 0x6e, 0x49, 0x69, 0x07, 0x1c, 0x5f, 0xb4, 0x15, 0x35, 0x46, ++ 0x99, 0x52, 0xd0, 0x4e, 0xff, 0x4e, 0x4c, 0xb1, 0xe1, 0x59, 0xed, 0x2e, ++ 0x71, 0xf3, 0x80, 0x14, 0x54, 0xd0, 0xfc, 0x83, 0x20, 0x29, 0x15, 0x21, ++ 0xa6, 0x5f, 0x10, 0x81, 0x57, 0xf4, 0x2e, 0x49, 0xb2, 0xd1, 0x37, 0xe8, ++ 0x6a, 0xbf, 0x72, 0xf9, 0x55, 0x4e, 0x9e, 0xae, 0x20, 0xc5, 0xb6, 0xc5, ++ 0x91, 0x79, 0x0d, 0xa2, 0xdd, 0xb4, 0xbb, 0x50, 0x4e, 0x20, 0xca, 0x8a, ++ 0x8f, 0x82, 0x34, 0xb9, 0x6a, 0x3e, 0x9a, 0x67, 0xc2, 0x7e, 0x83, 0xf6, ++ 0xc0, 0xad, 0xe3, 0xca, 0x00, 0xd6, 0x11, 0x88, 0x9c, 0xc7, 0x9f, 0xb4, ++ 0x3d, 0x53, 0xa5, 0x5a, 0x97, 0x44, 0x4d, 0xe7, 0x5c, 0xd5, 0x76, 0x80, ++ 0xf8, 0x0c, 0xcd, 0xa6, 0x55, 0xe2, 0x5f, 0xcf, 0xf4, 0x46, 0xa4, 0xc7, ++ 0x0f, 0xc1, 0x80, 0x84, 0x65, 0x46, 0x8c, 0x87, 0xd2, 0x99, 0x82, 0xdf, ++ 0x8e, 0x00, 0x89, 0xf3, 0x0d, 0xd5, 0xc0, 0x54, 0x94, 0xc6, 0xa3, 0x92, ++ 0x0f, 0x91, 0x10, 0xee, 0xa3, 0x65, 0x44, 0xb7, 0x6d, 0xe8, 0x23, 0xf9, ++ 0x7f, 0x91, 0x62, 0x65, 0x09, 0x8e, 0xa1, 0x33, 0xd4, 0xd6, 0x55, 0x0a, ++ 0xc0, 0xe8, 0x66, 0x70, 0x05, 0xd0, 0x12, 0x34, 0xc1, 0xfd, 0xce, 0x75, ++ 0xa4, 0x75, 0xe1, 0x46, 0xa1, 0x08, 0xb4, 0x52, 0xfe, 0x25, 0xa4, 0xc5, ++ 0x4f, 0x23, 0x04, 0x7e, 0xa1, 0x2c, 0xf3, 0x56, 0xcb, 0xfa, 0x7a, 0xbc, ++ 0x45, 0xcc, 0x78, 0xb3, 0x28, 0xf3, 0xe5, 0xd5, 0x26, 0x56, 0x27, 0x86, ++ 0x6a, 0x56, 0x6b, 0x87, 0x56, 0x0e, 0xc4, 0x3c, 0xed, 0xff, 0xcb, 0x96, ++ 0xb4, 0x13, 0x1d, 0x4d, 0x38, 0x4e, 0x69, 0x34, 0x51, 0x7a, 0x85, 0x31, ++ 0xb4, 0x80, 0xda, 0x41, 0xe3, 0xdc, 0x2e, 0x53, 0xd8, 0x71, 0x3e, 0xcc, ++ 0x37, 0x8a, 0x80, 0x32}; ++ ++static const unsigned char pub_key_minus_1_weak_3072[] = { ++ 0x94, 0x32, 0xc7, 0x47, 0x51, 0xa3, 0x03, 0x9b, 0xf2, 0x51, 0x5c, 0x69, ++ 0xaf, 0x05, 0x3c, 0x76, 0x62, 0xa2, 0xec, 0x5a, 0xcc, 0xdf, 0x80, 0xf3, ++ 0x2d, 0xce, 0xa5, 0xa5, 0x9e, 0x2d, 0xab, 0x5f, 0x91, 0xbd, 0x93, 0x61, ++ 0xd7, 0x7b, 0x71, 0x6f, 0xf3, 0x92, 0xbf, 0xa8, 0xfc, 0xcd, 0x00, 0xf5, ++ 0x49, 0x08, 0x00, 0x8c, 0xd2, 0xfe, 0x4a, 0xd8, 0x2b, 0x6e, 0x42, 0xc0, ++ 0xd8, 0xa2, 0x8b, 0x2b, 0x18, 0x02, 0xad, 0xe8, 0x4e, 0x44, 0x09, 0x26, ++ 0xa1, 0xa1, 0xca, 0x99, 0xe3, 0xd9, 0x9a, 0x87, 0x3c, 0x83, 0x6a, 0x1a, ++ 0x7b, 0x60, 0xba, 0x78, 0x0c, 0x79, 0x50, 0x1f, 0xde, 0x40, 0x14, 0x58, ++ 0x18, 0xa9, 0x2b, 0x74, 0x11, 0xb4, 0x65, 0xfe, 0x9d, 0x03, 0xa4, 0xef, ++ 0xdf, 0x74, 0x8e, 0xcd, 0x7b, 0xd4, 0xf3, 0x28, 0x75, 0xb2, 0x31, 0xef, ++ 0x99, 0x65, 0xcb, 0x5a, 0x77, 0xca, 0xa2, 0x25, 0x28, 0xae, 0xfa, 0x9f, ++ 0xeb, 0xda, 0xcc, 0x34, 0x7b, 0x21, 0xd7, 0xdb, 0x54, 0x40, 0xe6, 0x2f, ++ 0xdb, 0xc0, 0xce, 0xdc, 0xe5, 0xc9, 0x27, 0x97, 0x99, 0x9c, 0x02, 0x4f, ++ 0x24, 0x88, 0x93, 0xdf, 0xa9, 0xc7, 0x3e, 0x10, 0xc8, 0xaa, 0x6a, 0xce, ++ 0xda, 0x46, 0x94, 0x8c, 0xad, 0x1e, 0xf1, 0xcb, 0xd3, 0xcd, 0x43, 0x44, ++ 0xb4, 0x20, 0x91, 0x9e, 0xf6, 0xd1, 0x03, 0xef, 0xc2, 0x04, 0xf7, 0x07, ++ 0xdb, 0xac, 0xa2, 0x28, 0x8c, 0x7d, 0x1d, 0x5d, 0x2c, 0x5a, 0xfc, 0x26, ++ 0x5b, 0x0b, 0x58, 0xb9, 0x9a, 0x47, 0xe9, 0xa0, 0xdf, 0xa5, 0x5a, 0xf3, ++ 0xe5, 0xd6, 0xeb, 0x69, 0xb5, 0x4e, 0xbc, 0x71, 0xc0, 0xd6, 0x9b, 0xb8, ++ 0x40, 0x3b, 0xc5, 0x72, 0x5d, 0x4d, 0x1b, 0x17, 0x3d, 0x36, 0xa4, 0xb1, ++ 0x15, 0xa7, 0x9a, 0x72, 0xeb, 0xf2, 0x9e, 0x40, 0xd1, 0xbc, 0x35, 0xc7, ++ 0xd1, 0x1a, 0x8f, 0x1c, 0x2b, 0x5e, 0xd8, 0xb3, 0x3b, 0x44, 0xae, 0xf5, ++ 0x81, 0xd0, 0x8a, 0x37, 0xab, 0xba, 0x22, 0xbc, 0x2d, 0x88, 0x2f, 0x24, ++ 0xbb, 0xb0, 0x1a, 0xa9, 0x5f, 0x07, 0x10, 0x6d, 0xc6, 0xbb, 0x3c, 0xa2, ++ 0x66, 0xf9, 0xb9, 0x95, 0xd6, 0x5e, 0x8c, 0xce, 0x04, 0xdc, 0xb3, 0x4c, ++ 0xbc, 0xe9, 0xc5, 0xcb, 0x19, 0x97, 0xe2, 0xa1, 0x09, 0x38, 0xd7, 0x82, ++ 0xa6, 0xbf, 0xc9, 0x15, 0x25, 0xf1, 0x2c, 0x77, 0xfc, 0xbd, 0xfa, 0x7f, ++ 0x92, 0xfe, 0xd6, 0x31, 0x03, 0x23, 0x2d, 0x17, 0x2f, 0x51, 0x9e, 0x5c, ++ 0xb1, 0x68, 0xc0, 0x3f, 0x42, 0x99, 0x00, 0x55, 0x33, 0x68, 0xd7, 0xee, ++ 0x51, 0x7d, 0x3e, 0x03, 0x4f, 0x02, 0x5f, 0x27, 0xdd, 0x17, 0x18, 0x6c, ++ 0x1e, 0x9d, 0x91, 0x65, 0xf8, 0xd7, 0xa6, 0x9f, 0xa1, 0xba, 0xa8, 0x76, ++ 0xe4, 0xd8, 0xf4, 0x59, 0x90, 0x16, 0x67, 0x88, 0xc2, 0xa9, 0xe4, 0x2c}; ++ ++static const unsigned char pub_key_minus_1_weak_4096[] = { ++ 0xff, 0x50, 0xd3, 0xcc, 0x89, 0x17, 0x5e, 0xb6, 0xf8, 0xa3, 0xb0, 0xe2, ++ 0xf9, 0x9f, 0x17, 0xa1, 0x92, 0x56, 0x15, 0x13, 0x12, 0x9f, 0x18, 0xdc, ++ 0x07, 0x00, 0xc2, 0x49, 0xc9, 0xd9, 0xd4, 0x0a, 0xe3, 0xd7, 0xf6, 0x60, ++ 0x21, 0xa9, 0x7b, 0xc0, 0x0f, 0x0e, 0xae, 0x3e, 0x77, 0x77, 0x48, 0xd8, ++ 0xfd, 0x42, 0xec, 0xb5, 0xae, 0x00, 0xab, 0xce, 0xd1, 0x11, 0xca, 0xd2, ++ 0x64, 0x5a, 0xa3, 0x6b, 0xba, 0xd1, 0x93, 0xea, 0xda, 0xd2, 0xa0, 0x60, ++ 0x39, 0x0b, 0x34, 0x4f, 0x0c, 0xf1, 0xb0, 0x52, 0x75, 0x51, 0x3d, 0x28, ++ 0x02, 0xb5, 0xbd, 0x42, 0x98, 0x20, 0xa7, 0x42, 0xb9, 0x21, 0x9a, 0xae, ++ 0xb6, 0x41, 0x7b, 0x70, 0xe3, 0xd9, 0xaf, 0x81, 0x1a, 0xc1, 0x39, 0x9c, ++ 0x52, 0x56, 0xcb, 0x0d, 0x6a, 0x67, 0x6f, 0x3d, 0x12, 0x76, 0x73, 0x53, ++ 0x95, 0x2d, 0xc1, 0x04, 0xdb, 0x83, 0xe4, 0xd0, 0xbe, 0x2d, 0xa6, 0x7a, ++ 0x0f, 0x80, 0x1b, 0xd0, 0x16, 0x14, 0x3a, 0xe0, 0x48, 0xfa, 0xf5, 0x44, ++ 0xa8, 0xe0, 0xbf, 0x98, 0xe1, 0x56, 0xea, 0x76, 0xb6, 0xe2, 0xa3, 0x5b, ++ 0x15, 0x79, 0x10, 0xb0, 0x41, 0xdc, 0x29, 0x0f, 0x1e, 0x37, 0x69, 0xcd, ++ 0x13, 0xbe, 0x2d, 0xe0, 0x73, 0x38, 0x68, 0xed, 0x50, 0x6a, 0xd0, 0xfb, ++ 0xcb, 0x17, 0x3a, 0x59, 0xfb, 0xec, 0xba, 0x75, 0xb6, 0x4e, 0x2f, 0x6e, ++ 0x97, 0x98, 0x0e, 0x79, 0x25, 0xdd, 0xd8, 0xf5, 0x34, 0xb4, 0xa0, 0x7e, ++ 0xba, 0x68, 0x7c, 0x4f, 0xfb, 0xe0, 0x97, 0x46, 0x50, 0x1e, 0x4a, 0x59, ++ 0x9c, 0xdc, 0x34, 0xe2, 0x2a, 0xb5, 0xc8, 0x58, 0x94, 0x48, 0x9f, 0xb8, ++ 0x36, 0xcb, 0xce, 0x36, 0xb1, 0x7c, 0xe5, 0x8d, 0x5b, 0x43, 0xd7, 0x88, ++ 0xdf, 0xae, 0xd0, 0xc9, 0x42, 0x5f, 0x0a, 0xe3, 0x63, 0x11, 0xc5, 0x0c, ++ 0x80, 0x55, 0x58, 0xd7, 0xf2, 0x51, 0x6e, 0xb3, 0x7e, 0x9d, 0x1c, 0xc3, ++ 0x61, 0x59, 0x5c, 0x47, 0xd4, 0x99, 0xc0, 0x67, 0xfb, 0xb2, 0xd6, 0x11, ++ 0xda, 0x92, 0x5b, 0x6b, 0xd2, 0x70, 0xb7, 0x69, 0x72, 0xe7, 0x06, 0xdd, ++ 0x40, 0xac, 0x81, 0x51, 0x1d, 0x52, 0x7a, 0x45, 0x38, 0x89, 0x27, 0x2c, ++ 0xc4, 0x4b, 0x7e, 0x5e, 0x79, 0xef, 0x84, 0x6a, 0x24, 0x4d, 0x9c, 0x9e, ++ 0xca, 0x75, 0x5c, 0x06, 0x6d, 0xd0, 0x52, 0xe9, 0xda, 0x9f, 0x46, 0xb6, ++ 0x62, 0x1d, 0xb3, 0xd9, 0xf2, 0x7d, 0xd6, 0xc2, 0x7a, 0x49, 0x7c, 0xdd, ++ 0x9b, 0xaa, 0xc3, 0x84, 0x0b, 0x08, 0x33, 0xb8, 0x80, 0xc3, 0x12, 0x8f, ++ 0xad, 0xac, 0x0f, 0x7f, 0xaf, 0x59, 0x61, 0x0d, 0x98, 0xc1, 0xf9, 0x68, ++ 0xc3, 0x1b, 0x10, 0x08, 0xc4, 0x33, 0x3c, 0xa4, 0xe2, 0xd5, 0xeb, 0x71, ++ 0x5d, 0x19, 0x7e, 0x05, 0xca, 0x9a, 0xf5, 0xbb, 0x71, 0x55, 0x83, 0x9c, ++ 0x25, 0x50, 0x35, 0x7f, 0x2d, 0xeb, 0xf2, 0x0d, 0xed, 0x3c, 0xb8, 0x71, ++ 0xbd, 0x08, 0xf5, 0x89, 0x7e, 0x5e, 0x38, 0x40, 0xd7, 0xed, 0x77, 0x8d, ++ 0x7a, 0xed, 0x2a, 0x9f, 0xfc, 0x01, 0xf4, 0xe2, 0xcf, 0xda, 0x8c, 0xa3, ++ 0x57, 0xdc, 0x14, 0xd6, 0xa1, 0xd9, 0x97, 0xb9, 0xe6, 0xfc, 0x48, 0x75, ++ 0x43, 0xbd, 0x3b, 0x91, 0x17, 0x3c, 0x33, 0xca, 0xce, 0x29, 0x09, 0x1b, ++ 0xe8, 0x9d, 0xb6, 0x74, 0x05, 0x5e, 0x2e, 0xa5, 0x1d, 0x7f, 0x3a, 0xa9, ++ 0x2c, 0xf6, 0x4d, 0x41, 0x90, 0xbc, 0x56, 0x18, 0x52, 0x02, 0x90, 0xef, ++ 0x71, 0xff, 0x3e, 0x0c, 0xf8, 0x00, 0x04, 0x07, 0xd5, 0x20, 0x26, 0xdd, ++ 0x5c, 0xb1, 0x37, 0x03, 0x20, 0x0c, 0xb4, 0xb6, 0x39, 0x49, 0x49, 0xaa, ++ 0xe7, 0x98, 0x01, 0xa2, 0x2e, 0x0a, 0x33, 0x82, 0x9e, 0xb9, 0x24, 0xb7, ++ 0x80, 0xdf, 0xd3, 0xdf, 0x04, 0xe4, 0x50, 0x9d}; ++ ++static const unsigned char pub_key_minus_1_tls_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, ++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, ++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, ++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, ++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, ++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, ++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, ++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, ++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, ++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, ++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, ++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, ++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, ++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, ++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, ++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, ++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, ++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, ++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, ++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, ++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, ++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, ++ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE}; ++ ++static const unsigned char pub_key_minus_1_safe_8192[] = { ++ 0x9b, 0xa7, 0x9b, 0xa2, 0x86, 0x54, 0xe7, 0x99, 0x11, 0x5b, 0x35, 0x81, ++ 0xd5, 0x7a, 0x8a, 0x6e, 0x4d, 0x4d, 0x61, 0x5d, 0xd3, 0xcf, 0x0c, 0x65, ++ 0x7e, 0xda, 0xd8, 0xce, 0x28, 0xac, 0xa0, 0x38, 0x81, 0xee, 0xa1, 0x14, ++ 0x25, 0x21, 0x67, 0x66, 0x3a, 0x6c, 0x0f, 0x80, 0x3d, 0x89, 0x79, 0xfe, ++ 0x71, 0x43, 0x57, 0xc3, 0xa9, 0x54, 0x1e, 0x20, 0x8a, 0xee, 0x0f, 0xa6, ++ 0x8b, 0x88, 0x81, 0x3d, 0xe8, 0x5c, 0x40, 0x47, 0x05, 0xdf, 0xd8, 0x6d, ++ 0x98, 0x65, 0x16, 0xa9, 0xf9, 0xc4, 0x8c, 0x02, 0xba, 0xae, 0x6b, 0x36, ++ 0x76, 0xc9, 0xfa, 0x8e, 0xd0, 0xd7, 0x9a, 0x3c, 0xcb, 0xd1, 0x44, 0x09, ++ 0xd7, 0x4f, 0x28, 0x51, 0x94, 0x92, 0x5b, 0x02, 0xb2, 0xbd, 0x78, 0xd3, ++ 0xc2, 0x76, 0x03, 0x15, 0x17, 0x0b, 0x55, 0x08, 0x02, 0x42, 0x9e, 0x26, ++ 0x56, 0x33, 0x72, 0xe6, 0xbd, 0x0e, 0xf9, 0x3d, 0x2c, 0xb3, 0x8a, 0x4c, ++ 0x67, 0x17, 0xfd, 0xe9, 0x03, 0xad, 0x8c, 0x34, 0x84, 0xe5, 0x83, 0xdf, ++ 0x9c, 0x04, 0x93, 0x03, 0x26, 0x19, 0xc1, 0xf1, 0x24, 0x68, 0xf6, 0x54, ++ 0x96, 0xce, 0x38, 0x51, 0xbd, 0x6c, 0x3d, 0x9c, 0x0c, 0xd8, 0x6e, 0x13, ++ 0x4c, 0x8b, 0xf6, 0x34, 0xae, 0xd8, 0x85, 0x1d, 0x1d, 0x8e, 0xc2, 0xad, ++ 0xab, 0xa2, 0xc5, 0x40, 0x76, 0x7f, 0x2f, 0x2e, 0x38, 0xf4, 0x6a, 0x39, ++ 0x33, 0x3d, 0x17, 0xce, 0x1f, 0xe9, 0xc3, 0x8d, 0x9e, 0xe5, 0xbe, 0xd6, ++ 0xad, 0x9a, 0x23, 0xd8, 0x06, 0xf3, 0x7c, 0x39, 0xd5, 0xae, 0x57, 0xb6, ++ 0xe5, 0xc3, 0x9a, 0x8a, 0x8c, 0x6e, 0xd3, 0xc1, 0x1a, 0x64, 0x12, 0x00, ++ 0x18, 0x53, 0xca, 0x32, 0x88, 0x8e, 0xc0, 0x5f, 0x2d, 0xb2, 0x3d, 0x14, ++ 0x1b, 0x58, 0x5c, 0x20, 0xe8, 0x52, 0xe5, 0x28, 0x41, 0xbc, 0x9e, 0x08, ++ 0x29, 0xab, 0xa5, 0x43, 0x99, 0x0e, 0xd7, 0x2a, 0xb9, 0xb8, 0x64, 0x9d, ++ 0x83, 0xe3, 0x1a, 0x26, 0x59, 0x65, 0xf2, 0x0c, 0xc9, 0xc5, 0x8f, 0x0d, ++ 0xcf, 0xa1, 0x18, 0xfc, 0x8b, 0x77, 0xe9, 0xe1, 0x19, 0x7b, 0x03, 0xd4, ++ 0x37, 0x8d, 0x5d, 0x37, 0x2b, 0xad, 0x58, 0x5e, 0x73, 0x72, 0xce, 0x84, ++ 0xe5, 0xc9, 0x75, 0x1d, 0xf3, 0x58, 0x42, 0x77, 0xfe, 0x53, 0xa0, 0xc2, ++ 0x66, 0x21, 0xaf, 0xe2, 0x61, 0xd2, 0x84, 0xb3, 0x03, 0x4d, 0xd8, 0x7d, ++ 0x85, 0xe1, 0xa8, 0xa0, 0x48, 0x5d, 0x1a, 0xa9, 0xac, 0xc1, 0x69, 0x24, ++ 0xc6, 0xfa, 0xb5, 0x22, 0x3e, 0xa3, 0x8d, 0x35, 0x29, 0xcf, 0x9a, 0xe5, ++ 0x84, 0x3b, 0x0b, 0x27, 0x36, 0x7e, 0x9d, 0xa6, 0xb0, 0x45, 0x60, 0x42, ++ 0x1e, 0x4b, 0x24, 0xd1, 0x36, 0x8b, 0x70, 0xd1, 0x95, 0x54, 0x14, 0xb9, ++ 0x47, 0x3d, 0x8d, 0xe4, 0x5f, 0x81, 0x1a, 0x21, 0x17, 0x17, 0xbf, 0x92, ++ 0x22, 0x4c, 0x77, 0x30, 0xdc, 0x9c, 0x84, 0xe6, 0x68, 0xcc, 0xd6, 0x11, ++ 0x04, 0xff, 0x71, 0x86, 0xb3, 0xa9, 0x9b, 0x13, 0x95, 0x35, 0xfd, 0x68, ++ 0x28, 0x9b, 0x6f, 0x5c, 0xf7, 0x66, 0xa8, 0x6f, 0x89, 0x0f, 0x92, 0xdf, ++ 0x52, 0x24, 0x3f, 0xdb, 0x2f, 0x40, 0x12, 0x32, 0xa4, 0xff, 0x2e, 0x4b, ++ 0xb8, 0xa0, 0xe7, 0xc9, 0xcb, 0x98, 0x13, 0xf9, 0xd2, 0xfa, 0x82, 0x68, ++ 0xb2, 0x8f, 0xd3, 0x17, 0x8c, 0x93, 0xf5, 0x80, 0xe4, 0x5a, 0x33, 0x1b, ++ 0x6a, 0xd8, 0xbf, 0x37, 0xa7, 0xe1, 0x63, 0x1d, 0x6a, 0xc3, 0xfa, 0xa1, ++ 0x2f, 0xc1, 0x72, 0x55, 0xd5, 0xe2, 0x67, 0x3b, 0x6b, 0x3a, 0xa8, 0xb0, ++ 0x54, 0x04, 0x1d, 0xbb, 0xc1, 0xe5, 0x3a, 0x52, 0xb1, 0x67, 0x0b, 0x12, ++ 0x3e, 0xcd, 0xa9, 0x9a, 0x0e, 0xbb, 0xa3, 0x75, 0x6d, 0x6f, 0x77, 0x74, ++ 0x64, 0xe3, 0x16, 0x8c, 0xa5, 0xba, 0xec, 0x51, 0x73, 0xce, 0x4b, 0xe6, ++ 0x6f, 0x3d, 0x15, 0x56, 0x43, 0xe1, 0x17, 0x77, 0x66, 0xab, 0xdc, 0x9d, ++ 0x9b, 0x10, 0x5d, 0xc4, 0xe9, 0x1e, 0xaa, 0x2d, 0x15, 0xbb, 0xc4, 0x09, ++ 0x46, 0x30, 0xe1, 0xb8, 0x92, 0x94, 0x5f, 0xb7, 0xe7, 0x7e, 0x97, 0x43, ++ 0xc0, 0x48, 0x5b, 0xaf, 0xea, 0x74, 0xae, 0x8c, 0x79, 0x6b, 0x66, 0x83, ++ 0x62, 0x88, 0x17, 0xa4, 0x56, 0x5d, 0x58, 0xfb, 0x6c, 0x38, 0x57, 0x4d, ++ 0xef, 0xd7, 0x36, 0x44, 0x39, 0x5b, 0xab, 0x94, 0xe4, 0x08, 0x30, 0xd3, ++ 0x2c, 0x59, 0xa0, 0x32, 0xe2, 0x71, 0x99, 0xec, 0x66, 0x5e, 0xf7, 0xe2, ++ 0x9c, 0x19, 0x69, 0x72, 0x6f, 0xdb, 0x3e, 0xcc, 0x19, 0x5a, 0xfd, 0xad, ++ 0xd6, 0x6e, 0x9d, 0x07, 0xc0, 0x65, 0x01, 0x75, 0xdd, 0x37, 0x1b, 0x9c, ++ 0x5e, 0x93, 0x32, 0xf8, 0x7e, 0x65, 0xd5, 0xb5, 0x15, 0x35, 0xad, 0x05, ++ 0xb5, 0xd2, 0x25, 0xc7, 0x71, 0x5a, 0xe4, 0xb7, 0x58, 0x6a, 0xc3, 0x5a, ++ 0xd9, 0xd4, 0xee, 0x32, 0xb5, 0x0b, 0x5b, 0x2a, 0xcd, 0x80, 0xce, 0xd4, ++ 0x2d, 0xc9, 0x09, 0x94, 0xf5, 0xf2, 0x7c, 0xaf, 0xba, 0x5a, 0xd3, 0xdc, ++ 0xcd, 0xd7, 0xf7, 0xea, 0x42, 0xe2, 0xc2, 0x34, 0x21, 0xb9, 0x15, 0x24, ++ 0xe8, 0x32, 0x6b, 0x6f, 0xb0, 0xed, 0x76, 0x5e, 0x45, 0xbf, 0x02, 0xa2, ++ 0xb8, 0x3c, 0xa5, 0xf5, 0x74, 0xe3, 0x18, 0x89, 0x21, 0x4e, 0xa6, 0x08, ++ 0xa3, 0xa5, 0x93, 0x69, 0x48, 0x96, 0xbd, 0x47, 0xd3, 0xeb, 0x67, 0x29, ++ 0xa8, 0xbb, 0xbe, 0x78, 0x05, 0xfa, 0x46, 0x89, 0x4e, 0x0c, 0xe2, 0x6c, ++ 0xbb, 0xe5, 0xf8, 0xba, 0xe5, 0x5d, 0x29, 0xe7, 0xdd, 0x71, 0x7e, 0x94, ++ 0xd7, 0x56, 0x0c, 0x3c, 0xde, 0x5f, 0xbc, 0xdc, 0x0f, 0x8e, 0xd6, 0x6f, ++ 0x0a, 0x07, 0xb8, 0x07, 0x24, 0x62, 0x4c, 0xed, 0x45, 0x4f, 0x0d, 0x9f, ++ 0x2e, 0x83, 0x6a, 0xeb, 0xbc, 0xff, 0xa9, 0xf2, 0x73, 0xb3, 0x5b, 0xaa, ++ 0xac, 0xed, 0xac, 0x88, 0xa2, 0x0d, 0x8d, 0x8f, 0xb4, 0xf7, 0x73, 0x1e, ++ 0xc0, 0x2e, 0xd3, 0x45, 0x15, 0x4b, 0x4a, 0xe7, 0xd4, 0xef, 0xb1, 0xc6, ++ 0xd3, 0x8f, 0xf8, 0x24, 0x12, 0x33, 0x3e, 0x8e, 0x95, 0xbc, 0x81, 0xb4, ++ 0xd4, 0xd1, 0x13, 0xbc, 0x7e, 0x25, 0xb4, 0x5b, 0xff, 0x15, 0xba, 0xf8, ++ 0x9a, 0xec, 0x78, 0xe4, 0x63, 0xc7, 0x26, 0xd5, 0x89, 0x3d, 0x63, 0x5b, ++ 0x7c, 0x86, 0x63, 0x34, 0x06, 0x28, 0x23, 0x08, 0xff, 0x6d, 0xbd, 0xe0, ++ 0x75, 0xb3, 0x71, 0x12, 0x26, 0x63, 0xca, 0x93, 0x36, 0x86, 0xeb, 0xf7, ++ 0x48, 0xd1, 0x96, 0xf4, 0x02, 0x3e, 0x5d, 0x69, 0x75, 0x5e, 0x95, 0xee, ++ 0x32, 0xb9, 0xba, 0x55, 0xc5, 0x42, 0x74, 0x00, 0xe1, 0x0f, 0x16, 0x05, ++ 0x62, 0x3c, 0x58, 0xcb, 0xe0, 0xd4, 0xa9, 0xe5, 0x1a, 0x3b, 0x84, 0x7e, ++ 0x19, 0x87, 0xad, 0x67, 0xcd, 0x9b, 0x97, 0xb0, 0x32, 0xd7, 0xb8, 0x1e, ++ 0x96, 0x69, 0x75, 0x0f, 0x61, 0x69, 0xb3, 0xc9, 0xce, 0x73, 0x7c, 0x5f, ++ 0xd5, 0x08, 0xdf, 0xd4, 0x07, 0x75, 0x60, 0xd7, 0x50, 0x52, 0xe7, 0x5c, ++ 0x6f, 0x04, 0x59, 0x65, 0xbd, 0x70, 0x99, 0x15, 0xf9, 0xbc, 0x34, 0x78, ++ 0x6a, 0x64, 0xac, 0x5f, 0x07, 0xc2, 0x89, 0x88, 0xfe, 0x11, 0x7a, 0xf7, ++ 0x3d, 0xbe, 0x83, 0xff, 0xeb, 0x1d, 0x52, 0xbe, 0xd4, 0x09, 0x71, 0x0f, ++ 0x7c, 0x95, 0x19, 0xf2, 0x4b, 0xf5, 0x44, 0x63, 0xf2, 0xec, 0x3f, 0xf9, ++ 0xe4, 0xfb, 0xbe, 0x24, 0xb2, 0x18, 0x53, 0xce, 0x16, 0x40, 0x1e, 0x27, ++ 0x62, 0x99, 0x93, 0xc9, 0x49, 0x8f, 0x98, 0x0d, 0xd8, 0x73, 0x65, 0x99, ++ 0xac, 0xff, 0xfe, 0x22, 0x6a, 0xd1, 0xfb, 0xa1, 0xe4, 0xe7, 0xab, 0x3c, ++ 0x72, 0x10, 0xac, 0x72}; ++ ++/* Public keys in small subgroups of weak primes - fails in all modes*/ ++static const unsigned char pub_key_bad_weak_1024[] = {3}; ++static const unsigned char pub_key_bad_weak_2048[] = {3}; ++static const unsigned char pub_key_bad_weak_3072[] = {3}; ++static const unsigned char pub_key_bad_weak_4096[] = {3}; ++static const unsigned char pub_key_bad_weak_6144[] = {3}; ++static const unsigned char pub_key_bad_weak_8192[] = {3}; ++ ++#ifdef notdef ++/* Public keys not in group g of safe primes. - fails in fips mode */ ++static const unsigned char pub_key_bad_safe_1536[] = {3}; ++static const unsigned char pub_key_bad_safe_2048[] = {3}; ++static const unsigned char pub_key_bad_safe_3072[] = {3}; ++static const unsigned char pub_key_bad_safe_4096[] = {3}; ++static const unsigned char pub_key_bad_safe_6144[] = {3}; ++static const unsigned char pub_key_bad_safe_8192[] = {3}; ++#endif ++ ++enum DhParamType { ++ TLS_APPROVED, ++ IKE_APPROVED, ++ SAFE_PRIME, ++ SAFE_PRIME_WITH_SUBPRIME, ++ KNOWN_SUBPRIME, ++ WRONG_SUBPRIME, ++ UNKNOWN_SUBPRIME, ++ BAD_PUB_KEY ++}; ++ ++enum DhKeyClass { ++ CLASS_1536 = 0, ++ CLASS_2048, ++ CLASS_3072, ++ CLASS_4096, ++ CLASS_6144, ++ CLASS_8192, ++ CLASS_LAST ++}; ++const DhKeyClass CLASS_FIRST = CLASS_1536; ++ ++const unsigned char *reference_prime[CLASS_LAST] = { ++ prime_ike_1536, prime_tls_2048, prime_tls_3072, ++ prime_ike_4096, prime_ike_6144, prime_tls_8192}; ++ ++const size_t reference_prime_len[CLASS_LAST] = { ++ sizeof(prime_ike_1536), sizeof(prime_tls_2048), sizeof(prime_tls_3072), ++ sizeof(prime_ike_4096), sizeof(prime_ike_6144), sizeof(prime_tls_8192)}; ++ ++struct DhTestVector { ++ const char *id; ++ SECItem p; ++ SECItem g; ++ SECItem q; ++ SECItem pub_key; ++ DhParamType param_type; ++ DhKeyClass key_class; ++}; ++ ++static const unsigned char g2[] = {2}; ++static const unsigned char g3[] = {3}; ++ ++static const DhTestVector DH_TEST_VECTORS[] = { ++ /* test our approved primes, the pass in all modes and configurations */ ++ {"IKE 1536", ++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_1536}, ++ {"IKE 2048", ++ {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_2048}, ++ {"TLS 3048", ++ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_2048}, ++ {"IKE 3072", ++ {siBuffer, (unsigned char *)prime_ike_3072, sizeof(prime_ike_3072)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_3072}, ++ {"TLS 3072", ++ {siBuffer, (unsigned char *)prime_tls_3072, sizeof(prime_tls_3072)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_3072}, ++ {"IKE 4096", ++ {siBuffer, (unsigned char *)prime_ike_4096, sizeof(prime_ike_4096)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_4096}, ++ {"TLS 4096", ++ {siBuffer, (unsigned char *)prime_tls_4096, sizeof(prime_tls_4096)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_4096}, ++ {"IKE 6144", ++ {siBuffer, (unsigned char *)prime_ike_6144, sizeof(prime_ike_6144)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_6144}, ++ {"TLS 6144", ++ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_6144}, ++ {"IKE 8192", ++ {siBuffer, (unsigned char *)prime_ike_8192, sizeof(prime_ike_8192)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_8192}, ++ {"TLS 8192", ++ {siBuffer, (unsigned char *)prime_tls_8192, sizeof(prime_tls_8192)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_8192}, ++ /* approved primes with explicit subprimes.These should pass without ++ * the need to verify the primes and subprimes for primality */ ++ {"IKE 1536 with subprime", ++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_ike_1536, ++ sizeof(sub2_prime_ike_1536)}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_1536}, ++ {"IKE 2048 with subprime", ++ {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_ike_2048, ++ sizeof(sub2_prime_ike_2048)}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_2048}, ++ {"TLS 2048 with subprime", ++ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_tls_2048, ++ sizeof(sub2_prime_tls_2048)}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_2048}, ++ {"IKE 3072 with subprime", ++ {siBuffer, (unsigned char *)prime_ike_3072, sizeof(prime_ike_3072)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_ike_3072, ++ sizeof(sub2_prime_ike_3072)}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_3072}, ++ {"TLS 3072 with subprime", ++ {siBuffer, (unsigned char *)prime_tls_3072, sizeof(prime_tls_3072)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_tls_3072, ++ sizeof(sub2_prime_tls_3072)}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_3072}, ++ {"IKE 4096 with subprime", ++ {siBuffer, (unsigned char *)prime_ike_4096, sizeof(prime_ike_4096)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_ike_4096, ++ sizeof(sub2_prime_ike_4096)}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_4096}, ++ {"TLS 4096 with subprime", ++ {siBuffer, (unsigned char *)prime_tls_4096, sizeof(prime_tls_4096)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_tls_4096, ++ sizeof(sub2_prime_tls_4096)}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_4096}, ++ {"IKE 6144 with subprime", ++ {siBuffer, (unsigned char *)prime_ike_6144, sizeof(prime_ike_6144)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_ike_6144, ++ sizeof(sub2_prime_ike_6144)}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_6144}, ++ {"TLS 6144 with subprime", ++ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_tls_6144, ++ sizeof(sub2_prime_tls_6144)}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_6144}, ++ {"IKE 8192 with subprime", ++ {siBuffer, (unsigned char *)prime_ike_8192, sizeof(prime_ike_8192)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_ike_8192, ++ sizeof(sub2_prime_ike_8192)}, ++ {siBuffer, NULL, 0}, ++ IKE_APPROVED, ++ CLASS_8192}, ++ {"TLS 8192 with subprime", ++ {siBuffer, (unsigned char *)prime_tls_8192, sizeof(prime_tls_8192)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_tls_8192, ++ sizeof(sub2_prime_tls_8192)}, ++ {siBuffer, NULL, 0}, ++ TLS_APPROVED, ++ CLASS_8192}, ++ /* test our non-approved safe primes. This primes should pass in ++ * non-FIPS and fail in FIPS. They should pass without checks */ ++ {"Safe Prime 1536", ++ {siBuffer, (unsigned char *)prime_safe_1536, sizeof(prime_safe_1536)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME, ++ CLASS_1536}, ++ {"Safe Prime 2048", ++ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)}, ++ {siBuffer, (unsigned char *)g3, sizeof(g3)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME, ++ CLASS_2048}, ++ {"Safe Prime 3072", ++ {siBuffer, (unsigned char *)prime_safe_3072, sizeof(prime_safe_3072)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME, ++ CLASS_3072}, ++ {"Safe Prime 4096", ++ {siBuffer, (unsigned char *)prime_safe_4096, sizeof(prime_safe_4096)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME, ++ CLASS_4096}, ++ {"Safe Prime 6144", ++ {siBuffer, (unsigned char *)prime_safe_6144, sizeof(prime_safe_6144)}, ++ {siBuffer, (unsigned char *)g3, sizeof(g3)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME, ++ CLASS_6144}, ++ {"Safe Prime 8192", ++ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)}, ++ {siBuffer, (unsigned char *)g3, sizeof(g3)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME, ++ CLASS_8192}, ++ /* test our non-approved safe primes. This primes should pass in ++ * non-FIPS and fail in FIPS. In non-FIPS, they need checks */ ++ {"Safe Prime 1536 with Subprime", ++ {siBuffer, (unsigned char *)prime_safe_1536, sizeof(prime_safe_1536)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_1536, ++ sizeof(sub2_prime_safe_1536)}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME_WITH_SUBPRIME, ++ CLASS_1536}, ++ {"Safe Prime 2048 with Subprime", ++ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_2048, ++ sizeof(sub2_prime_safe_2048)}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME_WITH_SUBPRIME, ++ CLASS_2048}, ++ {"Safe Prime 3072 with Subprime", ++ {siBuffer, (unsigned char *)prime_safe_3072, sizeof(prime_safe_3072)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_3072, ++ sizeof(sub2_prime_safe_3072)}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME_WITH_SUBPRIME, ++ CLASS_3072}, ++ {"Safe Prime 4096 with Subprime", ++ {siBuffer, (unsigned char *)prime_safe_4096, sizeof(prime_safe_4096)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_4096, ++ sizeof(sub2_prime_safe_4096)}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME_WITH_SUBPRIME, ++ CLASS_4096}, ++ {"Safe Prime 6144 with Subprime", ++ {siBuffer, (unsigned char *)prime_safe_6144, sizeof(prime_safe_6144)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_6144, ++ sizeof(sub2_prime_safe_6144)}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME_WITH_SUBPRIME, ++ CLASS_6144}, ++ {"Safe Prime 8192 with Subprime", ++ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_8192, ++ sizeof(sub2_prime_safe_8192)}, ++ {siBuffer, NULL, 0}, ++ SAFE_PRIME_WITH_SUBPRIME, ++ CLASS_8192}, ++ /* test "weak" primes with "unknown" subprimes. We use ++ * the same primes as the known subprimes, but we don't ++ * include the subprime in the test. These primes should ++ * pass in non-FIPS mode and fail in FIPS mode */ ++ {"Weak Prime 1024 Unknown Subprime", ++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, ++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ UNKNOWN_SUBPRIME, ++ CLASS_1536}, ++ {"Weak Prime 2048 Unknown Subprime", ++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, ++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ UNKNOWN_SUBPRIME, ++ CLASS_2048}, ++ {"Weak Prime 3072 Unknown Subprime", ++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, ++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ UNKNOWN_SUBPRIME, ++ CLASS_3072}, ++ {"Weak Prime 4096 Unknown Subprime", ++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, ++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ UNKNOWN_SUBPRIME, ++ CLASS_4096}, ++ {"Weak Prime 6144 Unknown Subprime", ++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, ++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ UNKNOWN_SUBPRIME, ++ CLASS_6144}, ++ {"Weak Prime 8192 Unknown Subprime", ++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, ++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, NULL, 0}, ++ UNKNOWN_SUBPRIME, ++ CLASS_8192}, ++ /* test "weak" primes with known subprimes. These primes should ++ * pass in non-FIPS and fail in FIPS. In non-FIPS they should have full ++ * checks. */ ++ {"Weak Prime 1024 Known Subprime", ++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, ++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, ++ {siBuffer, (unsigned char *)subprime_weak_1024, ++ sizeof(subprime_weak_1024)}, ++ {siBuffer, NULL, 0}, ++ KNOWN_SUBPRIME, ++ CLASS_1536}, ++ {"Weak Prime 2048 Known Subprime", ++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, ++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, ++ {siBuffer, (unsigned char *)subprime_weak_2048, ++ sizeof(subprime_weak_2048)}, ++ {siBuffer, NULL, 0}, ++ KNOWN_SUBPRIME, ++ CLASS_2048}, ++ {"Weak Prime 3072 Known Subprime", ++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, ++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, ++ {siBuffer, (unsigned char *)subprime_weak_3072, ++ sizeof(subprime_weak_3072)}, ++ {siBuffer, NULL, 0}, ++ KNOWN_SUBPRIME, ++ CLASS_3072}, ++ {"Weak Prime 4096 Known Subprime", ++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, ++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, ++ {siBuffer, (unsigned char *)subprime_weak_4096, ++ sizeof(subprime_weak_4096)}, ++ {siBuffer, NULL, 0}, ++ KNOWN_SUBPRIME, ++ CLASS_4096}, ++ {"Weak Prime 6144 Known Subprime", ++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, ++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, ++ {siBuffer, (unsigned char *)subprime_weak_6144, ++ sizeof(subprime_weak_6144)}, ++ {siBuffer, NULL, 0}, ++ KNOWN_SUBPRIME, ++ CLASS_6144}, ++ {"Weak Prime 8192 Known Subprime", ++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, ++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, ++ {siBuffer, (unsigned char *)subprime_weak_8192, ++ sizeof(subprime_weak_8192)}, ++ {siBuffer, NULL, 0}, ++ KNOWN_SUBPRIME, ++ CLASS_8192}, ++ /* test "weak" primes as if they were safe primes. These primes should ++ * faill in all modes. */ ++ {"Weak Prime 1024 Wrong Subprime", ++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, ++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, ++ {siBuffer, (unsigned char *)sub2_prime_weak_1024, ++ sizeof(sub2_prime_weak_1024)}, ++ {siBuffer, NULL, 0}, ++ WRONG_SUBPRIME, ++ CLASS_1536}, ++ {"Weak Prime 2048 Wrong Subprime", ++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, ++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, ++ {siBuffer, (unsigned char *)sub2_prime_weak_2048, ++ sizeof(sub2_prime_weak_2048)}, ++ {siBuffer, NULL, 0}, ++ WRONG_SUBPRIME, ++ CLASS_2048}, ++ {"Weak Prime 3072 Wrong Subprime", ++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, ++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, ++ {siBuffer, (unsigned char *)sub2_prime_weak_3072, ++ sizeof(sub2_prime_weak_3072)}, ++ {siBuffer, NULL, 0}, ++ WRONG_SUBPRIME, ++ CLASS_3072}, ++ {"Weak Prime 4096 Wrong Subprime", ++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, ++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, ++ {siBuffer, (unsigned char *)sub2_prime_weak_4096, ++ sizeof(sub2_prime_weak_4096)}, ++ {siBuffer, NULL, 0}, ++ WRONG_SUBPRIME, ++ CLASS_4096}, ++ {"Weak Prime 6144 Wrong Subprime", ++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, ++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, ++ {siBuffer, (unsigned char *)sub2_prime_weak_6144, ++ sizeof(sub2_prime_weak_6144)}, ++ {siBuffer, NULL, 0}, ++ WRONG_SUBPRIME, ++ CLASS_6144}, ++ {"Weak Prime 8192 Wrong Subprime", ++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, ++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, ++ {siBuffer, (unsigned char *)sub2_prime_weak_8192, ++ sizeof(sub2_prime_weak_8192)}, ++ {siBuffer, NULL, 0}, ++ WRONG_SUBPRIME, ++ CLASS_8192}, ++ /******** Now test various invalid public keys */ ++ /* first known small subgroups of safe primes. These test should ++ * fail in all modes with all primes */ ++ {"Pubkey = 0 IKE 1536", ++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, (unsigned char *)pub_key_zero, sizeof(pub_key_zero)}, ++ BAD_PUB_KEY, ++ CLASS_1536}, ++ {"PubKey = 1 TLS 2048", ++ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, (unsigned char *)pub_key_one, sizeof(pub_key_one)}, ++ BAD_PUB_KEY, ++ CLASS_2048}, ++ {"Pubkey == -1 IKE 1536", ++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, (unsigned char *)pub_key_minus_1_ike_1536, ++ sizeof(pub_key_minus_1_ike_1536)}, ++ BAD_PUB_KEY, ++ CLASS_1536}, ++ {"Pubkey = -1 SAFE 2048 WITH SUBPRIME", ++ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_safe_2048, ++ sizeof(sub2_prime_safe_2048)}, ++ {siBuffer, (unsigned char *)pub_key_minus_1_safe_2048, ++ sizeof(pub_key_minus_1_safe_2048)}, ++ BAD_PUB_KEY, ++ CLASS_2048}, ++ {"Pubkey = -1 WEAK 3072 KNOWN SUBPRIME", ++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, ++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, ++ {siBuffer, (unsigned char *)subprime_weak_3072, ++ sizeof(subprime_weak_3072)}, ++ {siBuffer, (unsigned char *)pub_key_minus_1_weak_3072, ++ sizeof(pub_key_minus_1_weak_3072)}, ++ BAD_PUB_KEY, ++ CLASS_3072}, ++ {"Pubkey = -1 WEAK 4096 UNKNOWN SUBPRIME", ++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, ++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, ++ {siBuffer, NULL, 0}, ++ {siBuffer, (unsigned char *)pub_key_minus_1_weak_4096, ++ sizeof(pub_key_minus_1_weak_4096)}, ++ BAD_PUB_KEY, ++ CLASS_4096}, ++ {"Pubkey = -1 TLS 6144 WITH SUBPRIME", ++ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, (unsigned char *)sub2_prime_tls_6144, ++ sizeof(sub2_prime_tls_6144)}, ++ {siBuffer, (unsigned char *)pub_key_minus_1_tls_6144, ++ sizeof(pub_key_minus_1_tls_6144)}, ++ BAD_PUB_KEY, ++ CLASS_6144}, ++ {"Pubkey = -1 SAFE 8192", ++ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)}, ++ {siBuffer, (unsigned char *)g2, sizeof(g2)}, ++ {siBuffer, NULL, 0 }, ++ {siBuffer, (unsigned char *)pub_key_minus_1_safe_8192, ++ sizeof(pub_key_minus_1_safe_8192)}, ++ BAD_PUB_KEY, ++ CLASS_8192}, ++ /* y is a known small subgroups of weak primes (which known subprimes). ++ * These test should fail in all modes with all primes */ ++ {"Pubkey small subgroup Weak 1024 prime", ++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, ++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, ++ {siBuffer, (unsigned char *)subprime_weak_1024, ++ sizeof(subprime_weak_1024)}, ++ {siBuffer, (unsigned char *)pub_key_bad_weak_1024, ++ sizeof(pub_key_bad_weak_1024)}, ++ BAD_PUB_KEY, ++ CLASS_1536}, ++ {"Pubkey small subgroup Weak 2048 prime", ++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, ++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, ++ {siBuffer, (unsigned char *)subprime_weak_2048, ++ sizeof(subprime_weak_2048)}, ++ {siBuffer, (unsigned char *)pub_key_bad_weak_2048, ++ sizeof(pub_key_bad_weak_2048)}, ++ BAD_PUB_KEY, ++ CLASS_2048}, ++ {"Pubkey small subgroup Weak 3072 prime", ++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, ++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, ++ {siBuffer, (unsigned char *)subprime_weak_3072, ++ sizeof(subprime_weak_3072)}, ++ {siBuffer, (unsigned char *)pub_key_bad_weak_3072, ++ sizeof(pub_key_bad_weak_3072)}, ++ BAD_PUB_KEY, ++ CLASS_3072}, ++ {"Pubkey small subgroup Weak 4096 prime", ++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, ++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, ++ {siBuffer, (unsigned char *)subprime_weak_4096, ++ sizeof(subprime_weak_4096)}, ++ {siBuffer, (unsigned char *)pub_key_bad_weak_4096, ++ sizeof(pub_key_bad_weak_4096)}, ++ BAD_PUB_KEY, ++ CLASS_4096}, ++ {"Pubkey small subgroup Weak 6144 prime", ++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, ++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, ++ {siBuffer, (unsigned char *)subprime_weak_6144, ++ sizeof(subprime_weak_6144)}, ++ {siBuffer, (unsigned char *)pub_key_bad_weak_6144, ++ sizeof(pub_key_bad_weak_6144)}, ++ BAD_PUB_KEY, ++ CLASS_6144}, ++ {"Pubkey small subgroup Weak 8192 prime", ++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, ++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, ++ {siBuffer, (unsigned char *)subprime_weak_8192, ++ sizeof(subprime_weak_8192)}, ++ {siBuffer, (unsigned char *)pub_key_bad_weak_8192, ++ sizeof(pub_key_bad_weak_8192)}, ++ BAD_PUB_KEY, ++ CLASS_8192}}; ++}; +diff --git a/gtests/softoken_gtest/softoken_gtest.cc b/gtests/softoken_gtest/softoken_gtest.cc +--- a/gtests/softoken_gtest/softoken_gtest.cc ++++ b/gtests/softoken_gtest/softoken_gtest.cc +@@ -6,20 +6,24 @@ + #include "secmod.h" + #include "secerr.h" + + #include "nss_scoped_ptrs.h" + #include "util.h" + + #define GTEST_HAS_RTTI 0 + #include "gtest/gtest.h" ++#include "databuffer.h" + #include ++#include ++using namespace std::chrono; ++ ++#include "softoken_dh_vectors.h" + + namespace nss_test { +- + class SoftokenTest : public ::testing::Test { + protected: + SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {} + SoftokenTest(const std::string &prefix) : mNSSDBDir(prefix) {} + + virtual void SetUp() { + std::string nssInitArg("sql:"); + nssInitArg.append(mNSSDBDir.GetUTF8Path()); +@@ -522,35 +526,260 @@ TEST_F(SoftokenNoDBTest, NeedUserInitNoD + ASSERT_TRUE(slot); + EXPECT_EQ(PR_FALSE, PK11_NeedUserInit(slot.get())); + + // When shutting down in here we have to release the slot first. + slot = nullptr; + ASSERT_EQ(SECSuccess, NSS_Shutdown()); + } + ++SECStatus test_dh_value(const PQGParams *params, const SECItem *pub_key_value, ++ PRBool genFailOK, time_t *time) { ++ SECKEYDHParams dh_params; ++ dh_params.base = params->base; ++ dh_params.prime = params->prime; ++ ++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); ++ EXPECT_TRUE(slot); ++ if (!slot) return SECFailure; ++ ++ /* create a private/public key pair in with the given params */ ++ SECKEYPublicKey *pub_tmp = nullptr; ++ ScopedSECKEYPrivateKey priv_key( ++ PK11_GenerateKeyPair(slot.get(), CKM_DH_PKCS_KEY_PAIR_GEN, &dh_params, ++ &pub_tmp, PR_FALSE, PR_TRUE, nullptr)); ++ if ((genFailOK) && ++ ((priv_key.get() == nullptr) || (pub_tmp == nullptr))) { ++ return SECFailure; ++ } ++ EXPECT_NE(nullptr, priv_key.get()) << "PK11_GenerateKeyPair failed: " ++ << PORT_ErrorToName(PORT_GetError()); ++ EXPECT_NE(nullptr, pub_tmp); ++ if ((priv_key.get() == nullptr) || (pub_tmp == nullptr)) return SECFailure; ++ ScopedSECKEYPublicKey pub_key(pub_tmp); ++ ScopedSECKEYPublicKey peer_pub_key_manager(nullptr); ++ SECKEYPublicKey *peer_pub_key = pub_key.get(); ++ ++ /* if a subprime has been given set it on the PKCS #11 key */ ++ if (params->subPrime.data != nullptr) { ++ SECStatus rv; ++ EXPECT_EQ(SECSuccess, rv = PK11_WriteRawAttribute( ++ PK11_TypePrivKey, priv_key.get(), CKA_SUBPRIME, ++ (SECItem *)¶ms->subPrime)) ++ << "PK11_WriteRawAttribute failed: " ++ << PORT_ErrorToString(PORT_GetError()); ++ if (rv != SECSuccess) { ++ return rv; ++ } ++ } ++ ++ /* find if we weren't passed a public value in, use the ++ * one we just generated */ ++ if (pub_key_value && pub_key_value->data) { ++ peer_pub_key = SECKEY_CopyPublicKey(pub_key.get()); ++ EXPECT_NE(nullptr, peer_pub_key); ++ if (peer_pub_key == nullptr) { ++ return SECFailure; ++ } ++ peer_pub_key->u.dh.publicValue = *pub_key_value; ++ peer_pub_key_manager.reset(peer_pub_key); ++ } ++ ++ /* now do the derive. time it and return the time if ++ * the caller requested it. */ ++ auto start = high_resolution_clock::now(); ++ ScopedPK11SymKey derivedKey(PK11_PubDerive( ++ priv_key.get(), peer_pub_key, PR_FALSE, nullptr, nullptr, ++ CKM_DH_PKCS_DERIVE, CKM_HKDF_DERIVE, CKA_DERIVE, 32, nullptr)); ++ auto stop = high_resolution_clock::now(); ++ if (!derivedKey) { ++ std::cerr << "PK11_PubDerive failed: " ++ << PORT_ErrorToString(PORT_GetError()) << std::endl; ++ } ++ ++ if (time) { ++ auto duration = duration_cast(stop - start); ++ *time = duration.count(); ++ } ++ return derivedKey ? SECSuccess : SECFailure; ++} ++ ++class SoftokenDhTest : public SoftokenTest { ++ protected: ++ SoftokenDhTest() : SoftokenTest("SoftokenDhTest.d-") {} ++ time_t reference_time[CLASS_LAST] = {0}; ++ ++ virtual void SetUp() { ++ SoftokenTest::SetUp(); ++ ++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); ++ ASSERT_TRUE(slot); ++ ++ time_t time; ++ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) { ++ PQGParams params; ++ params.prime.data = (unsigned char *)reference_prime[i]; ++ params.prime.len = reference_prime_len[i]; ++ params.base.data = (unsigned char *)g2; ++ params.base.len = sizeof(g2); ++ params.subPrime.data = nullptr; ++ params.subPrime.len = 0; ++ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time)); ++ reference_time[i] = time + 2 * time; ++ } ++ }; ++}; ++ ++const char *param_value(DhParamType param_type) { ++ switch (param_type) { ++ case TLS_APPROVED: ++ return "TLS_APPROVED"; ++ case IKE_APPROVED: ++ return "IKE_APPROVED"; ++ case SAFE_PRIME: ++ return "SAFE_PRIME"; ++ case SAFE_PRIME_WITH_SUBPRIME: ++ return "SAFE_PRIME_WITH_SUBPRIME"; ++ case KNOWN_SUBPRIME: ++ return "KNOWN_SUBPRIME"; ++ case UNKNOWN_SUBPRIME: ++ return "UNKNOWN_SUBPRIME"; ++ case WRONG_SUBPRIME: ++ return "WRONG_SUBPRIME"; ++ case BAD_PUB_KEY: ++ return "BAD_PUB_KEY"; ++ } ++ return "**Invalid**"; ++} ++ ++const char *key_value(DhKeyClass key_class) { ++ switch (key_class) { ++ case CLASS_1536: ++ return "CLASS_1536"; ++ case CLASS_2048: ++ return "CLASS_2048"; ++ case CLASS_3072: ++ return "CLASS_3072"; ++ case CLASS_4096: ++ return "CLASS_4096"; ++ case CLASS_6144: ++ return "CLASS_6144"; ++ case CLASS_8192: ++ return "CLASS_8192"; ++ case CLASS_LAST: ++ break; ++ } ++ return "**Invalid**"; ++} ++ ++class SoftokenDhValidate : public SoftokenDhTest, ++ public ::testing::WithParamInterface { ++}; ++ ++/* test the DH validation process. In non-fips mode, only BAD_PUB_KEY tests ++ * should fail */ ++TEST_P(SoftokenDhValidate, DhVectors) { ++ const DhTestVector dhTestValues = GetParam(); ++ std::string testId = (char *)(dhTestValues.id); ++ std::string err = "Test(" + testId + ") failed"; ++ SECStatus rv; ++ time_t time; ++ ++ PQGParams params; ++ params.prime = dhTestValues.p; ++ params.base = dhTestValues.g; ++ params.subPrime = dhTestValues.q; ++ ++ std::cerr << "Test: " + testId << std::endl ++ << "param_type: " << param_value(dhTestValues.param_type) ++ << ", key_class: " << key_value(dhTestValues.key_class) << std::endl ++ << "p: " << DataBuffer(dhTestValues.p.data, dhTestValues.p.len) ++ << std::endl ++ << "g: " << DataBuffer(dhTestValues.g.data, dhTestValues.g.len) ++ << std::endl ++ << "q: " << DataBuffer(dhTestValues.q.data, dhTestValues.q.len) ++ << std::endl ++ << "pub_key: " ++ << DataBuffer(dhTestValues.pub_key.data, dhTestValues.pub_key.len) ++ << std::endl; ++ rv = test_dh_value(¶ms, &dhTestValues.pub_key, PR_FALSE, &time); ++ ++ switch (dhTestValues.param_type) { ++ case TLS_APPROVED: ++ case IKE_APPROVED: ++ case SAFE_PRIME: ++ case UNKNOWN_SUBPRIME: ++ EXPECT_EQ(SECSuccess, rv) << err; ++ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err; ++ break; ++ case KNOWN_SUBPRIME: ++ case SAFE_PRIME_WITH_SUBPRIME: ++ EXPECT_EQ(SECSuccess, rv) << err; ++ EXPECT_GT(time, reference_time[dhTestValues.key_class]) << err; ++ break; ++ case WRONG_SUBPRIME: ++ case BAD_PUB_KEY: ++ EXPECT_EQ(SECFailure, rv) << err; ++ break; ++ } ++} ++ ++INSTANTIATE_TEST_CASE_P(DhValidateCases, SoftokenDhValidate, ++ ::testing::ValuesIn(DH_TEST_VECTORS)); ++ + #ifndef NSS_FIPS_DISABLED + + class SoftokenFipsTest : public SoftokenTest { + protected: + SoftokenFipsTest() : SoftokenTest("SoftokenFipsTest.d-") {} ++ SoftokenFipsTest(const std::string &prefix) : SoftokenTest(prefix) {} + + virtual void SetUp() { + SoftokenTest::SetUp(); + + // Turn on FIPS mode (code borrowed from FipsMode in modutil/pk11.c) + char *internal_name; + ASSERT_FALSE(PK11_IsFIPS()); + internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); +- ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name)); ++ ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name)) ++ << PORT_ErrorToName(PORT_GetError()); + PR_smprintf_free(internal_name); + ASSERT_TRUE(PK11_IsFIPS()); + } + }; + ++class SoftokenFipsDhTest : public SoftokenFipsTest { ++ protected: ++ SoftokenFipsDhTest() : SoftokenFipsTest("SoftokenFipsDhTest.d-") {} ++ time_t reference_time[CLASS_LAST] = {0}; ++ ++ virtual void SetUp() { ++ SoftokenFipsTest::SetUp(); ++ ++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); ++ ASSERT_TRUE(slot); ++ ++ ASSERT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "")); ++ ASSERT_EQ(SECSuccess, PK11_Authenticate(slot.get(), PR_FALSE, nullptr)); ++ ++ time_t time; ++ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) { ++ PQGParams params; ++ params.prime.data = (unsigned char *)reference_prime[i]; ++ params.prime.len = reference_prime_len[i]; ++ params.base.data = (unsigned char *)g2; ++ params.base.len = sizeof(g2); ++ params.subPrime.data = nullptr; ++ params.subPrime.len = 0; ++ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time)); ++ reference_time[i] = time + 2 * time; ++ } ++ }; ++}; ++ + const std::vector kFipsPasswordCases[] = { + // FIPS level1 -> level1 -> level1 + {"", "", ""}, + // FIPS level1 -> level1 -> level2 + {"", "", "strong-_123"}, + // FIXME: this should work: FIPS level1 -> level2 -> level2 + // {"", "strong-_123", "strong-_456"}, + // FIPS level2 -> level2 -> level2 +@@ -608,22 +837,78 @@ TEST_P(SoftokenFipsBadPasswordTest, SetB + rv = PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str()); + if (it + 1 == passwords.end()) + EXPECT_EQ(SECFailure, rv); + else + EXPECT_EQ(SECSuccess, rv); + } + } + ++class SoftokenFipsDhValidate ++ : public SoftokenFipsDhTest, ++ public ::testing::WithParamInterface {}; ++ ++/* test the DH validation process. In fips mode, primes with unknown ++ * subprimes, and all sorts of bad public keys should fail */ ++TEST_P(SoftokenFipsDhValidate, DhVectors) { ++ const DhTestVector dhTestValues = GetParam(); ++ std::string testId = (char *)(dhTestValues.id); ++ std::string err = "Test(" + testId + ") failed"; ++ time_t time; ++ PRBool genFailOK = PR_FALSE; ++ SECStatus rv; ++ ++ PQGParams params; ++ params.prime = dhTestValues.p; ++ params.base = dhTestValues.g; ++ params.subPrime = dhTestValues.q; ++ std::cerr << "Test:" + testId << std::endl ++ << "param_type: " << param_value(dhTestValues.param_type) ++ << ", key_class: " << key_value(dhTestValues.key_class) << std::endl ++ << "p: " << DataBuffer(dhTestValues.p.data, dhTestValues.p.len) ++ << std::endl ++ << "g: " << DataBuffer(dhTestValues.g.data, dhTestValues.g.len) ++ << std::endl ++ << "q: " << DataBuffer(dhTestValues.q.data, dhTestValues.q.len) ++ << std::endl ++ << "pub_key: " ++ << DataBuffer(dhTestValues.pub_key.data, dhTestValues.pub_key.len) ++ << std::endl; ++ ++ if ((dhTestValues.param_type != TLS_APPROVED) && ++ (dhTestValues.param_type != IKE_APPROVED)) { ++ genFailOK = PR_TRUE; ++ } ++ rv = test_dh_value(¶ms, &dhTestValues.pub_key, genFailOK, &time); ++ ++ switch (dhTestValues.param_type) { ++ case TLS_APPROVED: ++ case IKE_APPROVED: ++ EXPECT_EQ(SECSuccess, rv) << err; ++ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err; ++ break; ++ case SAFE_PRIME: ++ case SAFE_PRIME_WITH_SUBPRIME: ++ case KNOWN_SUBPRIME: ++ case UNKNOWN_SUBPRIME: ++ case WRONG_SUBPRIME: ++ case BAD_PUB_KEY: ++ EXPECT_EQ(SECFailure, rv) << err; ++ break; ++ } ++} ++ + INSTANTIATE_TEST_CASE_P(FipsPasswordCases, SoftokenFipsPasswordTest, + ::testing::ValuesIn(kFipsPasswordCases)); + + INSTANTIATE_TEST_CASE_P(BadFipsPasswordCases, SoftokenFipsBadPasswordTest, + ::testing::ValuesIn(kFipsPasswordBadCases)); + ++INSTANTIATE_TEST_CASE_P(FipsDhCases, SoftokenFipsDhValidate, ++ ::testing::ValuesIn(DH_TEST_VECTORS)); + #endif + + } // namespace nss_test + + int main(int argc, char **argv) { + ::testing::InitGoogleTest(&argc, argv); + + return RUN_ALL_TESTS(); +diff --git a/gtests/softoken_gtest/softoken_gtest.gyp b/gtests/softoken_gtest/softoken_gtest.gyp +--- a/gtests/softoken_gtest/softoken_gtest.gyp ++++ b/gtests/softoken_gtest/softoken_gtest.gyp +@@ -11,16 +11,17 @@ + 'target_name': 'softoken_gtest', + 'type': 'executable', + 'sources': [ + 'softoken_gtest.cc', + 'softoken_nssckbi_testlib_gtest.cc', + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', ++ '<(DEPTH)/cpputil/cpputil.gyp:cpputil', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + ], + 'conditions': [ + [ 'static_libs==1', { + 'dependencies': [ + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', +diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h +--- a/lib/freebl/blapi.h ++++ b/lib/freebl/blapi.h +@@ -375,16 +375,20 @@ extern SECStatus KEA_Derive(SECItem *pri + SECItem *derivedSecret); + + /* + * verify that a KEA or DSA public key is a valid key for this prime and + * subprime domain. + */ + extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); + ++/* verify a value is prime */ ++PRBool KEA_PrimeCheck(SECItem *prime); ++ ++ + /**************************************** + * J-PAKE key transport + */ + + /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x + * using the specified hash algorithm and signer ID. The signature is + * returned in the values gv and r. testRandom must be NULL for a PRNG + * generated random committment to be used in the sigature. When testRandom +diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c +--- a/lib/freebl/dh.c ++++ b/lib/freebl/dh.c +@@ -12,16 +12,17 @@ + + #include "prerr.h" + #include "secerr.h" + + #include "blapi.h" + #include "blapii.h" + #include "secitem.h" + #include "mpi.h" ++#include "mpprime.h" + #include "secmpi.h" + + #define KEA_DERIVED_SECRET_LEN 128 + + /* Lengths are in bytes. */ + static unsigned int + dh_GetSecretKeyLen(unsigned int primeLen) + { +@@ -73,17 +74,17 @@ DH_GenParam(int primeLen, DHParams **par + MP_DIGITS(&psub1) = 0; + MP_DIGITS(&test) = 0; + CHECK_MPI_OK(mp_init(&p)); + CHECK_MPI_OK(mp_init(&q)); + CHECK_MPI_OK(mp_init(&a)); + CHECK_MPI_OK(mp_init(&h)); + CHECK_MPI_OK(mp_init(&psub1)); + CHECK_MPI_OK(mp_init(&test)); +- /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */ ++ /* generate prime with MPI, uses Miller-Rabin to generate safe prime. */ + CHECK_SEC_OK(generate_prime(&p, primeLen)); + /* construct Sophie-Germain prime q = (p-1)/2. */ + CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1)); + CHECK_MPI_OK(mp_div_2(&psub1, &q)); + /* construct a generator from the prime. */ + ab = PORT_Alloc(primeLen); + if (!ab) { + PORT_SetError(SEC_ERROR_NO_MEMORY); +@@ -252,27 +253,27 @@ DH_Derive(SECItem *publicValue, + /* number of bytes in the derived secret */ + len = mp_unsigned_octet_size(&ZZ); + if (len <= 0) { + err = MP_BADARG; + goto cleanup; + } + + /* +- * We check to make sure that ZZ is not equal to 1 or -1 mod p. ++ * We check to make sure that ZZ is not equal to 0, 1 or -1 mod p. + * This helps guard against small subgroup attacks, since an attacker +- * using a subgroup of size N will produce 1 or -1 with probability 1/N. ++ * using a subgroup of size N will produce 0, 1 or -1 with probability 1/N. + * When the protocol is executed within a properly large subgroup, the + * probability of this result will be negligibly small. For example, +- * with a strong prime of the form 2p+1, the probability will be 1/p. ++ * with a safe prime of the form 2q+1, the probability will be 1/q. + * + * We return MP_BADARG because this is probably the result of a bad + * public value or a bad prime having been provided. + */ +- if (mp_cmp_d(&ZZ, 1) == 0 || ++ if (mp_cmp_d(&ZZ,0) == 0 || mp_cmp_d(&ZZ, 1) == 0 || + mp_cmp(&ZZ, &psub1) == 0) { + err = MP_BADARG; + goto cleanup; + } + + /* allocate a buffer which can hold the entire derived secret. */ + secret = PORT_Alloc(len); + if (secret == NULL) { +@@ -408,16 +409,44 @@ cleanup: + MP_TO_SEC_ERROR(err); + if (derivedSecret->data) + PORT_ZFree(derivedSecret->data, derivedSecret->len); + return SECFailure; + } + return SECSuccess; + } + ++/* Test counts based on the fact the prime and subprime ++ * were given to us */ ++static int ++dh_prime_testcount(int prime_length) ++{ ++ if (prime_length < 1024) { ++ return 50; ++ } else if (prime_length < 2048) { ++ return 40; ++ } else if (prime_length < 3072) { ++ return 56; ++ } ++ return 64; ++} ++ ++PRBool ++KEA_PrimeCheck(SECItem *prime) ++{ ++ mp_int p; ++ mp_err err=0; ++ MP_DIGITS(&p) = 0; ++ CHECK_MPI_OK(mp_init(&p)); ++ SECITEM_TO_MPINT(*prime, &p); ++ CHECK_MPI_OK(mpp_pprime(&p, dh_prime_testcount(prime->len))); ++cleanup: ++ return err ? PR_FALSE : PR_TRUE; ++} ++ + PRBool + KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) + { + mp_int p, q, y, r; + mp_err err; + int cmp = 1; /* default is false */ + if (!Y || !prime || !subPrime) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); +diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c +--- a/lib/freebl/ldvector.c ++++ b/lib/freebl/ldvector.c +@@ -348,19 +348,22 @@ static const struct FREEBLVectorStr vect + CMAC_Finish, + CMAC_Destroy, + + /* End of version 3.022 */ + ChaCha20Poly1305_Encrypt, + ChaCha20Poly1305_Decrypt, + AES_AEAD, + AESKeyWrap_EncryptKWP, +- AESKeyWrap_DecryptKWP ++ AESKeyWrap_DecryptKWP, + + /* End of version 3.023 */ ++ KEA_PrimeCheck ++ ++ /* End of version 3.024 */ + }; + + const FREEBLVector* + FREEBL_GetVector(void) + { + #ifdef FREEBL_NO_DEPEND + SECStatus rv; + #endif +diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c +--- a/lib/freebl/loader.c ++++ b/lib/freebl/loader.c +@@ -231,16 +231,24 @@ KEA_Derive(SECItem *prime, SECItem *publ + PRBool + KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) + { + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return PR_FALSE; + return (vector->p_KEA_Verify)(Y, prime, subPrime); + } + ++PRBool ++KEA_PrimeCheck(SECItem *prime) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return PR_FALSE; ++ return (vector->p_KEA_PrimeCheck)(prime); ++} ++ + RC4Context * + RC4_CreateContext(const unsigned char *key, int len) + { + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return NULL; + return (vector->p_RC4_CreateContext)(key, len); + } + +diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h +--- a/lib/freebl/loader.h ++++ b/lib/freebl/loader.h +@@ -5,17 +5,17 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + #ifndef _LOADER_H_ + #define _LOADER_H_ 1 + + #include "blapi.h" + +-#define FREEBL_VERSION 0x0323 ++#define FREEBL_VERSION 0x0324 + + struct FREEBLVectorStr { + + unsigned short length; /* of this struct in bytes */ + unsigned short version; /* of this struct. */ + + RSAPrivateKey *(*p_RSA_NewKey)(int keySizeInBits, + SECItem *publicExponent); +@@ -807,16 +807,20 @@ struct FREEBLVectorStr { + unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen); + + /* Version 3.023 came to here */ + ++ PRBool (*p_KEA_PrimeCheck)(SECItem *prime); ++ /* Version 3.024 came to here */ ++ ++ + /* Add new function pointers at the end of this struct and bump + * FREEBL_VERSION at the beginning of this file. */ + }; + + typedef struct FREEBLVectorStr FREEBLVector; + + #ifdef FREEBL_LOWHASH + #include "nsslowhash.h" +diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn +--- a/lib/softoken/manifest.mn ++++ b/lib/softoken/manifest.mn +@@ -39,16 +39,17 @@ CSRCS = \ + lowkey.c \ + lowpbe.c \ + padbuf.c \ + pkcs11.c \ + pkcs11c.c \ + pkcs11u.c \ + sdb.c \ + sftkdb.c \ ++ sftkdhverify.c \ + sftkhmac.c \ + sftkike.c \ + sftkmessage.c \ + sftkpars.c \ + sftkpwd.c \ + softkver.c \ + tlsprf.c \ + jpakesftk.c \ +diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c +--- a/lib/softoken/pkcs11.c ++++ b/lib/softoken/pkcs11.c +@@ -1191,16 +1191,21 @@ sftk_handlePrivateKeyObject(SFTKSession + return CKR_TEMPLATE_INCOMPLETE; + } + if (!sftk_hasAttribute(object, CKA_BASE)) { + return CKR_TEMPLATE_INCOMPLETE; + } + if (!sftk_hasAttribute(object, CKA_VALUE)) { + return CKR_TEMPLATE_INCOMPLETE; + } ++ /* allow subprime to be set after the fact */ ++ crv = sftk_defaultAttribute(object, CKA_SUBPRIME, NULL, 0); ++ if (crv != CKR_OK) { ++ return crv; ++ } + encrypt = CK_FALSE; + recover = CK_FALSE; + wrap = CK_FALSE; + break; + case CKK_EC: + if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) { + return CKR_TEMPLATE_INCOMPLETE; + } +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -4738,31 +4738,37 @@ loser: + * + * This function returns + * CKR_OK if pairwise consistency check passed + * CKR_GENERAL_ERROR if pairwise consistency check failed + * other error codes if paiswise consistency check could not be + * performed, for example, CKR_HOST_MEMORY. + */ + static CK_RV +-sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, ++sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, SFTKSlot *slot, + SFTKObject *publicKey, SFTKObject *privateKey, CK_KEY_TYPE keyType) + { + /* + * Key type Mechanism type + * -------------------------------- + * For encrypt/decrypt: CKK_RSA => CKM_RSA_PKCS + * others => CKM_INVALID_MECHANISM + * + * For sign/verify: CKK_RSA => CKM_RSA_PKCS + * CKK_DSA => CKM_DSA + * CKK_EC => CKM_ECDSA + * others => CKM_INVALID_MECHANISM + * + * None of these mechanisms has a parameter. ++ * ++ * For derive CKK_DH => CKM_DH_PKCS_DERIVE ++ * CKK_EC => CKM_ECDH1_DERIVE ++ * others => CKM_INVALID_MECHANISM ++ * ++ * The parameters for these mechanisms is the public key. + */ + CK_MECHANISM mech = { 0, NULL, 0 }; + + CK_ULONG modulusLen = 0; + CK_ULONG subPrimeLen = 0; + PRBool isEncryptable = PR_FALSE; + PRBool canSignVerify = PR_FALSE; + PRBool isDerivable = PR_FALSE; +@@ -5012,34 +5018,116 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + + /**********************************************/ + /* Pairwise Consistency Check for Derivation */ + /**********************************************/ + + isDerivable = sftk_isTrue(privateKey, CKA_DERIVE); + + if (isDerivable) { +- /* +- * We are not doing consistency check for Diffie-Hellman Key - +- * otherwise it would be here +- * This is also true for Elliptic Curve Diffie-Hellman keys +- * NOTE: EC keys are currently subjected to pairwise +- * consistency check for signing/verification. +- */ +- /* +- * FIPS 140-2 had the following pairwise consistency test for +- * public and private keys used for key agreement: +- * If the keys are used to perform key agreement, then the +- * cryptographic module shall create a second, compatible +- * key pair. The cryptographic module shall perform both +- * sides of the key agreement algorithm and shall compare +- * the resulting shared values. If the shared values are +- * not equal, the test shall fail. +- * This test was removed in Change Notice 3. +- */ ++ SFTKAttribute *pubAttribute = NULL; ++ CK_OBJECT_HANDLE newKey; ++ PRBool isFIPS = (slot->slotID == FIPS_SLOT_ID); ++ CK_RV crv2; ++ CK_OBJECT_CLASS secret = CKO_SECRET_KEY; ++ CK_KEY_TYPE generic = CKK_GENERIC_SECRET; ++ CK_ULONG keyLen = 128; ++ CK_BBOOL ckTrue = CK_TRUE; ++ CK_ATTRIBUTE template[] = { ++ { CKA_CLASS, &secret, sizeof(secret) }, ++ { CKA_KEY_TYPE, &generic, sizeof(generic) }, ++ { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, ++ { CKA_DERIVE, &ckTrue, sizeof(ckTrue) } ++ }; ++ CK_ULONG templateCount = PR_ARRAY_SIZE(template); ++ CK_ECDH1_DERIVE_PARAMS ecParams; ++ ++ crv = CKR_OK; /*paranoia, already get's set before we drop to the end */ ++ /* FIPS 140-2 requires we verify that the resulting key is a valid key. ++ * The easiest way to do this is to do a derive operation, which checks ++ * the validity of the key */ ++ ++ switch (keyType) { ++ case CKK_DH: ++ mech.mechanism = CKM_DH_PKCS_DERIVE; ++ pubAttribute = sftk_FindAttribute(publicKey, CKA_VALUE); ++ if (pubAttribute == NULL) { ++ return CKR_DEVICE_ERROR; ++ } ++ mech.pParameter = pubAttribute->attrib.pValue; ++ mech.ulParameterLen = pubAttribute->attrib.ulValueLen; ++ break; ++ case CKK_EC: ++ mech.mechanism = CKM_ECDH1_DERIVE; ++ pubAttribute = sftk_FindAttribute(publicKey, CKA_EC_POINT); ++ if (pubAttribute == NULL) { ++ return CKR_DEVICE_ERROR; ++ } ++ ecParams.kdf = CKD_NULL; ++ ecParams.ulSharedDataLen = 0; ++ ecParams.pSharedData = NULL; ++ ecParams.ulPublicDataLen = pubAttribute->attrib.ulValueLen; ++ ecParams.pPublicData = pubAttribute->attrib.pValue; ++ mech.pParameter = &ecParams; ++ mech.ulParameterLen = sizeof(ecParams); ++ break; ++ default: ++ return CKR_DEVICE_ERROR; ++ } ++ ++ crv = NSC_DeriveKey(hSession, &mech, privateKey->handle, template, templateCount, &newKey); ++ if (crv != CKR_OK) { ++ sftk_FreeAttribute(pubAttribute); ++ return crv; ++ } ++ /* FIPS requires full validation, but in fipx mode NSC_Derive ++ * only does partial validation with approved primes, now handle ++ * full validation */ ++ if (isFIPS && keyType == CKK_DH) { ++ SECItem pubKey; ++ SECItem prime; ++ SECItem subPrime; ++ const SECItem *subPrimePtr = &subPrime; ++ ++ pubKey.data = pubAttribute->attrib.pValue; ++ pubKey.len = pubAttribute->attrib.ulValueLen; ++ prime.data = subPrime.data = NULL; ++ prime.len = subPrime.len = 0; ++ crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); ++ if (crv != CKR_OK) { ++ goto done; ++ } ++ crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); ++ /* we ignore the return code an only look at the length */ ++ if (subPrime.len == 0) { ++ /* subprime not supplied, In this case look it up. ++ * This only works with approved primes, but in FIPS mode ++ * that's the only kine of prime that will get here */ ++ subPrimePtr = sftk_VerifyDH_Prime(&prime); ++ if (subPrimePtr == NULL) { ++ crv = CKR_GENERAL_ERROR; ++ goto done; ++ } ++ } ++ if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) { ++ crv = CKR_GENERAL_ERROR; ++ } ++done: ++ PORT_Free(subPrime.data); ++ PORT_Free(prime.data); ++ } ++ /* clean up before we return */ ++ sftk_FreeAttribute(pubAttribute); ++ crv2 = NSC_DestroyObject(hSession, newKey); ++ if (crv != CKR_OK) { ++ return crv; ++ } ++ if (crv2 != CKR_OK) { ++ return crv2; ++ } + } + + return CKR_OK; + } + + /* NSC_GenerateKeyPair generates a public-key/private-key pair, + * creating new key objects. */ + CK_RV +@@ -5573,17 +5661,17 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + } + if (crv == CKR_OK && !sftk_isTrue(publicKey, CKA_EXTRACTABLE)) { + crv = sftk_forceAttribute(publicKey, CKA_NEVER_EXTRACTABLE, + &cktrue, sizeof(CK_BBOOL)); + } + + if (crv == CKR_OK) { + /* Perform FIPS 140-2 pairwise consistency check. */ +- crv = sftk_PairwiseConsistencyCheck(hSession, ++ crv = sftk_PairwiseConsistencyCheck(hSession, slot, + publicKey, privateKey, key_type); + if (crv != CKR_OK) { + if (sftk_audit_enabled) { + char msg[128]; + PR_snprintf(msg, sizeof msg, + "C_GenerateKeyPair(hSession=0x%08lX, " + "pMechanism->mechanism=0x%08lX)=0x%08lX " + "self-test: pair-wise consistency test failed", +@@ -8176,50 +8264,110 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + SHA512_HashBuf(key_block, (const unsigned char *)att->attrib.pValue, + att->attrib.ulValueLen); + + crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize); + break; + + case CKM_DH_PKCS_DERIVE: { + SECItem derived, dhPublic; +- SECItem dhPrime, dhSubPrime, dhValue; ++ SECItem dhPrime, dhValue; ++ const SECItem *subPrime; + /* sourceKey - values for the local existing low key */ + /* get prime and value attributes */ + crv = sftk_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME); + if (crv != CKR_OK) + break; +- crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); +- if (crv != CKR_OK) { +- PORT_Free(dhPrime.data); +- break; +- } + + dhPublic.data = pMechanism->pParameter; + dhPublic.len = pMechanism->ulParameterLen; + +- /* If the caller bothered to provide Q, use Q to validate +- * the public key. */ +- crv = sftk_Attribute2SecItem(NULL, &dhSubPrime, sourceKey, CKA_SUBPRIME); +- if (crv == CKR_OK) { +- rv = KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime); +- PORT_Free(dhSubPrime.data); +- if (rv != SECSuccess) { ++ /* if the prime is an approved prime, we can skip all the other ++ * checks. */ ++ subPrime = sftk_VerifyDH_Prime(&dhPrime); ++ if (subPrime == NULL) { ++ SECItem dhSubPrime; ++ /* In FIPS mode we only accept approved primes */ ++ if (isFIPS) { + crv = CKR_ARGUMENTS_BAD; + PORT_Free(dhPrime.data); +- PORT_Free(dhValue.data); + break; + } ++ /* If the caller set the subprime value, it means that ++ * either the caller knows the subprime value and wants us ++ * to validate the key against the subprime, or that the ++ * caller wants us to verify that the prime is a safe prime ++ * by passing in subprime = (prime-1)/2 */ ++ dhSubPrime.data = NULL; ++ dhSubPrime.len = 0; ++ crv = sftk_Attribute2SecItem(NULL, &dhSubPrime, ++ sourceKey, CKA_SUBPRIME); ++ /* we ignore the value of crv here, We treat a valid ++ * return of len = 0 and a failure to find a subrime the same ++ * NOTE: we free the subprime in both cases depending on ++ * PORT_Free of NULL to be a noop */ ++ if (dhSubPrime.len != 0) { ++ PRBool isSafe = PR_FALSE; ++ ++ ++ /* Callers can set dhSubPrime to q=(p-1)/2 to force ++ * checks for safe primes. If so we only need to check ++ * q and p for primality and skip the group test. */ ++ rv = sftk_IsSafePrime(&dhPrime, &dhSubPrime, &isSafe); ++ if (rv != SECSuccess) { ++ /* either p or q was even and therefore not prime, ++ * we can stop processing here and fail now */ ++ crv = CKR_ARGUMENTS_BAD; ++ PORT_Free(dhPrime.data); ++ PORT_Free(dhSubPrime.data); ++ break; ++ } ++ ++ /* first make sure the primes are really prime */ ++ if (!KEA_PrimeCheck(&dhPrime)) { ++ crv = CKR_ARGUMENTS_BAD; ++ PORT_Free(dhPrime.data); ++ PORT_Free(dhSubPrime.data); ++ break; ++ } ++ if (!KEA_PrimeCheck(&dhSubPrime)) { ++ crv = CKR_ARGUMENTS_BAD; ++ PORT_Free(dhPrime.data); ++ PORT_Free(dhSubPrime.data); ++ break; ++ } ++ if (!isSafe) { ++ /* With safe primes, there is only one other small ++ * subgroup. As long as y isn't 0, 1, or -1 mod p, ++ * any other y is safe. Only do the full check for ++ * non-safe primes */ ++ if (!KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime)) { ++ crv = CKR_ARGUMENTS_BAD; ++ PORT_Free(dhPrime.data); ++ PORT_Free(dhSubPrime.data); ++ break; ++ } ++ } ++ } ++ /* checks are complete, no need for the subPrime any longer */ ++ PORT_Free(dhSubPrime.data); ++ } ++ ++ /* now that the prime is validated, get the private value */ ++ crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); ++ if (crv != CKR_OK) { ++ PORT_Free(dhPrime.data); ++ break; + } + + /* calculate private value - oct */ + rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize); + + PORT_Free(dhPrime.data); +- PORT_Free(dhValue.data); ++ PORT_ZFree(dhValue.data, dhValue.len); + + if (rv == SECSuccess) { + sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); + PORT_ZFree(derived.data, derived.len); + crv = CKR_OK; + } else + crv = CKR_HOST_MEMORY; + +diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h +--- a/lib/softoken/pkcs11i.h ++++ b/lib/softoken/pkcs11i.h +@@ -909,11 +909,18 @@ void sftk_MAC_Destroy(sftk_MACCtx *ctx, + unsigned int sftk_CKRVToMask(CK_RV rv); + CK_RV sftk_CheckCBCPadding(CK_BYTE_PTR pBuf, unsigned int bufLen, + unsigned int blockSize, unsigned int *outPadSize); + + /* NIST 800-108 (kbkdf.c) implementations */ + extern CK_RV kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *base_key, SFTKObject *ret_key, CK_ULONG keySize); + char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args); + ++/* dh verify functions */ ++/* verify that dhPrime matches one of our known primes, and if so return ++ * it's subprime value */ ++const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime); ++/* check if dhSubPrime claims dhPrime is a safe prime. */ ++SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); ++ + SEC_END_PROTOS + + #endif /* _PKCS11I_H_ */ +diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c +--- a/lib/softoken/pkcs11u.c ++++ b/lib/softoken/pkcs11u.c +@@ -711,17 +711,16 @@ sftk_modifyType(CK_ATTRIBUTE_TYPE type, + case CKA_CLASS: + case CKA_CERTIFICATE_TYPE: + case CKA_KEY_TYPE: + case CKA_MODULUS: + case CKA_MODULUS_BITS: + case CKA_PUBLIC_EXPONENT: + case CKA_PRIVATE_EXPONENT: + case CKA_PRIME: +- case CKA_SUBPRIME: + case CKA_BASE: + case CKA_PRIME_1: + case CKA_PRIME_2: + case CKA_EXPONENT_1: + case CKA_EXPONENT_2: + case CKA_COEFFICIENT: + case CKA_VALUE_LEN: + case CKA_ALWAYS_SENSITIVE: +@@ -762,16 +761,21 @@ sftk_modifyType(CK_ATTRIBUTE_TYPE type, + mtype = SFTK_ALWAYS; + break; + + /* DEPENDS ON CLASS */ + case CKA_VALUE: + mtype = (inClass == CKO_DATA) ? SFTK_ALWAYS : SFTK_NEVER; + break; + ++ case CKA_SUBPRIME: ++ /* allow the CKA_SUBPRIME to be added to dh private keys */ ++ mtype = (inClass == CKO_PRIVATE_KEY) ? SFTK_ALWAYS : SFTK_NEVER; ++ break; ++ + case CKA_SUBJECT: + mtype = (inClass == CKO_CERTIFICATE) ? SFTK_NEVER : SFTK_ALWAYS; + break; + default: + break; + } + return mtype; + } +diff --git a/lib/softoken/sftkdhverify.c b/lib/softoken/sftkdhverify.c +new file mode 100644 +--- /dev/null ++++ b/lib/softoken/sftkdhverify.c +@@ -0,0 +1,1283 @@ ++ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++/* ++ * This file makes sure a prime given to us matches one of the known ++ * approved primes for diffie-helman. ++ * ++ * It also checks if a prime is a safe prime for the case ++ * where we don't match an approved prime. ++ */ ++#include "seccomon.h" ++#include "secitem.h" ++#include "secerr.h" ++#include "blapi.h" ++ ++/* IKE 1536 prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } */ ++static const unsigned char prime_ike_1536[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* IKE 2048 prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 */ ++static const unsigned char prime_ike_2048[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* TLS 2048 prime is: 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 */ ++static const unsigned char prime_tls_2048[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* IKE 3072 prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } */ ++static const unsigned char prime_ike_3072[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* TLS 3072 prime is: 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 */ ++static const unsigned char prime_tls_3072[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* IKE 4096 prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } */ ++static const unsigned char prime_ike_4096[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, ++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, ++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, ++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, ++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* TLS 4096 prime is: 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 */ ++static const unsigned char prime_tls_4096[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* IKE 6144 prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } */ ++static const unsigned char prime_ike_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, ++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, ++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, ++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, ++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, ++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, ++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, ++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, ++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, ++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, ++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, ++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, ++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, ++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, ++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, ++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, ++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, ++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, ++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, ++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, ++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, ++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, ++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, ++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, ++ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* TLS 6144 prime is: 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 */ ++static const unsigned char prime_tls_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, ++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, ++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, ++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, ++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, ++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, ++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, ++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, ++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, ++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, ++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, ++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, ++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, ++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, ++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, ++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, ++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, ++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, ++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, ++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, ++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, ++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, ++ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* IKE 8192 prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } */ ++static const unsigned char prime_ike_8192[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, ++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, ++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, ++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, ++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, ++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, ++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, ++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, ++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, ++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, ++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, ++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, ++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, ++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, ++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, ++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, ++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, ++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, ++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, ++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, ++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, ++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, ++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, ++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, ++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, ++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, ++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, ++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, ++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, ++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, ++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, ++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, ++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, ++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, ++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, ++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, ++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, ++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, ++ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, ++ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, ++ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, ++ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, ++ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, ++ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, ++ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, ++ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8, ++ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, ++ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, ++ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, ++ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8, ++ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, ++ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, ++ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, ++ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3, ++ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, ++ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, ++ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, ++ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2, ++ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, ++ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* TLS 8192 prime is: 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 */ ++static const unsigned char prime_tls_8192[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, ++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, ++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, ++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, ++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, ++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, ++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, ++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, ++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, ++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, ++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, ++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, ++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, ++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, ++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, ++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, ++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, ++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, ++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, ++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, ++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, ++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, ++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, ++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, ++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, ++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, ++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, ++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, ++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, ++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, ++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, ++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, ++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, ++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, ++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, ++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, ++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, ++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, ++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, ++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, ++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, ++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, ++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, ++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, ++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, ++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, ++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, ++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, ++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, ++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, ++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, ++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, ++ 0xCF, 0xF4, 0x6A, 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, ++ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE, ++ 0xC9, 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, ++ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, 0x42, ++ 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, ++ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, 0x38, 0x88, 0x39, ++ 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, ++ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, 0x59, 0x16, 0x0C, 0xC0, ++ 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, ++ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31, ++ 0x09, 0x70, 0x3F, 0xEE, 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, ++ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16, ++ 0x50, 0xC1, 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, ++ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75, ++ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, ++ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, 0x5D, 0xFE, ++ 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, ++ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, 0x2F, 0x74, 0x1E, 0xF8, ++ 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, ++ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06, ++ 0xA9, 0xF4, 0x61, 0x4E, 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, ++ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_1536 */ ++static const unsigned char subprime_ike_1536_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x11, 0xb9, 0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_2048 */ ++static const unsigned char subprime_ike_2048_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x56, 0x55, 0x34, 0x7f, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_2048 */ ++static const unsigned char subprime_tls_2048_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_3072 */ ++static const unsigned char subprime_ike_3072_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x9d, 0x69, 0x65, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_3072 */ ++static const unsigned char subprime_tls_3072_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x63, 0x17, 0x1b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_4096 */ ++static const unsigned char subprime_ike_4096_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, ++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, ++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, ++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, ++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, ++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, ++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, ++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, ++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, ++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, ++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x03, 0x18, 0xcc, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_4096 */ ++static const unsigned char subprime_tls_4096_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, ++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, ++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, ++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, ++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, ++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, ++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, ++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, ++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, ++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, ++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x32, 0xaf, 0xb5, ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_6144 */ ++static const unsigned char subprime_ike_6144_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, ++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, ++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, ++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, ++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, ++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, ++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, ++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, ++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, ++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, ++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, ++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, ++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, ++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, ++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, ++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, ++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, ++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, ++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, ++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, ++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, ++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, ++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, ++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, ++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, ++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, ++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, ++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, ++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, ++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, ++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, ++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, ++ 0x36, 0xe6, 0x20, 0x12, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_6144 */ ++static const unsigned char subprime_tls_6144_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, ++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, ++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, ++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, ++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, ++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, ++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, ++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, ++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, ++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, ++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, ++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, ++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, ++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, ++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, ++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, ++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, ++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, ++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, ++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, ++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, ++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, ++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, ++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, ++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, ++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, ++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, ++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, ++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, ++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, ++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, ++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, ++ 0x68, 0x72, 0x07, 0x32, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_ike_8192 */ ++static const unsigned char subprime_ike_8192_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, ++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, ++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, ++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, ++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, ++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, ++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, ++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, ++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, ++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, ++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, ++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, ++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, ++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, ++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, ++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, ++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, ++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, ++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, ++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, ++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, ++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, ++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, ++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, ++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, ++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, ++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, ++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, ++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, ++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, ++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, ++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, ++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, ++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, ++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, ++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, ++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, ++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, ++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, ++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, ++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, ++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, ++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, ++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, ++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, ++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, ++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, ++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, ++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, ++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, ++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, ++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, ++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, ++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, ++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, ++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, ++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, ++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, ++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, ++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, ++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, ++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, ++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, ++ 0x36, 0xdf, 0x08, 0xac, 0xba, 0x51, 0xc9, 0x37, 0x89, 0x7f, 0x72, 0xf2, ++ 0x1c, 0x3b, 0xbe, 0x5b, 0x54, 0x99, 0x6f, 0xc6, 0x6c, 0x5f, 0x62, 0x68, ++ 0x39, 0xdc, 0x98, 0xdd, 0x1d, 0xe4, 0x19, 0x5b, 0x46, 0xce, 0xe9, 0x80, ++ 0x3a, 0x0f, 0xd3, 0xdf, 0xc5, 0x7e, 0x23, 0xf6, 0x92, 0xbb, 0x7b, 0x49, ++ 0xb5, 0xd2, 0x12, 0x33, 0x1d, 0x55, 0xb1, 0xce, 0x2d, 0x72, 0x7a, 0xb4, ++ 0x1a, 0x11, 0xda, 0x3a, 0x15, 0xf8, 0xe4, 0xbc, 0x11, 0xc7, 0x8b, 0x65, ++ 0xf1, 0xce, 0xb2, 0x96, 0xf1, 0xfe, 0xdc, 0x5f, 0x7e, 0x42, 0x45, 0x6c, ++ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xbe, 0x03, 0x89, 0xf5, 0xab, 0xd4, ++ 0x0d, 0x11, 0xf8, 0x63, 0x9a, 0x39, 0xfe, 0x32, 0x36, 0x75, 0x18, 0x35, ++ 0xa5, 0xe5, 0xe4, 0x43, 0x17, 0xc1, 0xc2, 0xee, 0xfd, 0x4e, 0xa5, 0xbf, ++ 0xd1, 0x60, 0x43, 0xf4, 0x3c, 0xb4, 0x19, 0x81, 0xf6, 0xad, 0xee, 0x9d, ++ 0x03, 0x15, 0x9e, 0x7a, 0xd9, 0xd1, 0x3c, 0x53, 0x36, 0x95, 0x09, 0xfc, ++ 0x1f, 0xa2, 0x7c, 0x16, 0xef, 0x98, 0x87, 0x70, 0x3a, 0x55, 0xb5, 0x1b, ++ 0x22, 0xcb, 0xf4, 0x4c, 0xd0, 0x12, 0xae, 0xe0, 0xb2, 0x79, 0x8e, 0x62, ++ 0x84, 0x23, 0x42, 0x8e, 0xfc, 0xd5, 0xa4, 0x0c, 0xae, 0xf6, 0xbf, 0x50, ++ 0xd8, 0xea, 0x88, 0x5e, 0xbf, 0x73, 0xa6, 0xb9, 0xfd, 0x79, 0xb5, 0xe1, ++ 0x8f, 0x67, 0xd1, 0x34, 0x1a, 0xc8, 0x23, 0x7a, 0x75, 0xc3, 0xcf, 0xc9, ++ 0x20, 0x04, 0xa1, 0xc5, 0xa4, 0x0e, 0x36, 0x6b, 0xc4, 0x4d, 0x00, 0x17, ++ 0x6a, 0xf7, 0x1c, 0x15, 0xe4, 0x8c, 0x86, 0xd3, 0x7e, 0x01, 0x37, 0x23, ++ 0xca, 0xac, 0x72, 0x23, 0xab, 0x3b, 0xf4, 0xd5, 0x4f, 0x18, 0x28, 0x71, ++ 0x3b, 0x2b, 0x4a, 0x6f, 0xe4, 0x0f, 0xab, 0x74, 0x40, 0x5c, 0xb7, 0x38, ++ 0xb0, 0x64, 0xc0, 0x6e, 0xcc, 0x76, 0xe9, 0xef, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++/* q=(p-1)/2 for prime prime_tls_8192 */ ++static const unsigned char subprime_tls_8192_data[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, ++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, ++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, ++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, ++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, ++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, ++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, ++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, ++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, ++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, ++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, ++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, ++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, ++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, ++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, ++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, ++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, ++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, ++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, ++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, ++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, ++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, ++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, ++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, ++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, ++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, ++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, ++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, ++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, ++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, ++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, ++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, ++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, ++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, ++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, ++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, ++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, ++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, ++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, ++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, ++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, ++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, ++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, ++ 0x67, 0xfa, 0x35, 0x55, 0x1b, 0x56, 0x80, 0x26, 0x7b, 0x00, 0x64, 0x1c, ++ 0x0f, 0x21, 0x2d, 0x18, 0xec, 0xa8, 0xd7, 0x32, 0x7e, 0xd9, 0x1f, 0xe7, ++ 0x64, 0xa8, 0x4e, 0xa1, 0xb4, 0x3f, 0xf5, 0xb4, 0xf6, 0xe8, 0xe6, 0x2f, ++ 0x05, 0xc6, 0x61, 0xde, 0xfb, 0x25, 0x88, 0x77, 0xc3, 0x5b, 0x18, 0xa1, ++ 0x51, 0xd5, 0xc4, 0x14, 0xaa, 0xad, 0x97, 0xba, 0x3e, 0x49, 0x93, 0x32, ++ 0xe5, 0x96, 0x07, 0x8e, 0x60, 0x0d, 0xeb, 0x81, 0x14, 0x9c, 0x44, 0x1c, ++ 0xe9, 0x57, 0x82, 0xf2, 0x2a, 0x28, 0x25, 0x63, 0xc5, 0xba, 0xc1, 0x41, ++ 0x14, 0x23, 0x60, 0x5d, 0x1a, 0xe1, 0xaf, 0xae, 0x2c, 0x8b, 0x06, 0x60, ++ 0x23, 0x7e, 0xc1, 0x28, 0xaa, 0x0f, 0xe3, 0x46, 0x4e, 0x43, 0x58, 0x11, ++ 0x5d, 0xb8, 0x4c, 0xc3, 0xb5, 0x23, 0x07, 0x3a, 0x28, 0xd4, 0x54, 0x98, ++ 0x84, 0xb8, 0x1f, 0xf7, 0x0e, 0x10, 0xbf, 0x36, 0x1c, 0x13, 0x72, 0x96, ++ 0x28, 0xd5, 0x34, 0x8f, 0x07, 0x21, 0x1e, 0x7e, 0x4c, 0xf4, 0xf1, 0x8b, ++ 0x28, 0x60, 0x90, 0xbd, 0xb1, 0x24, 0x0b, 0x66, 0xd6, 0xcd, 0x4a, 0xfc, ++ 0xea, 0xdc, 0x00, 0xca, 0x44, 0x6c, 0xe0, 0x50, 0x50, 0xff, 0x18, 0x3a, ++ 0xd2, 0xbb, 0xf1, 0x18, 0xc1, 0xfc, 0x0e, 0xa5, 0x1f, 0x97, 0xd2, 0x2b, ++ 0x8f, 0x7e, 0x46, 0x70, 0x5d, 0x45, 0x27, 0xf4, 0x5b, 0x42, 0xae, 0xff, ++ 0x39, 0x58, 0x53, 0x37, 0x6f, 0x69, 0x7d, 0xd5, 0xfd, 0xf2, 0xc5, 0x18, ++ 0x7d, 0x7d, 0x5f, 0x0e, 0x2e, 0xb8, 0xd4, 0x3f, 0x17, 0xba, 0x0f, 0x7c, ++ 0x60, 0xff, 0x43, 0x7f, 0x53, 0x5d, 0xfe, 0xf2, 0x98, 0x33, 0xbf, 0x86, ++ 0xcb, 0xe8, 0x8e, 0xa4, 0xfb, 0xd4, 0x22, 0x1e, 0x84, 0x11, 0x72, 0x83, ++ 0x54, 0xfa, 0x30, 0xa7, 0x00, 0x8f, 0x15, 0x4a, 0x41, 0xc7, 0xfc, 0x46, ++ 0x6b, 0x46, 0x45, 0xdb, 0xe2, 0xe3, 0x21, 0x26, 0x7f, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, ++}; ++ ++static const SECItem subprime_ike_1536= ++ { siBuffer, ++ (unsigned char *)subprime_ike_1536_data, ++ sizeof(subprime_ike_1536_data) }; ++static const SECItem subprime_ike_2048= ++ { siBuffer, ++ (unsigned char *) subprime_ike_2048_data, ++ sizeof(subprime_ike_2048_data) }; ++static const SECItem subprime_ike_3072= ++ { siBuffer, ++ (unsigned char *) subprime_ike_3072_data, ++ sizeof(subprime_ike_3072_data) }; ++static const SECItem subprime_ike_4096= ++ { siBuffer, ++ (unsigned char *) subprime_ike_4096_data, ++ sizeof(subprime_ike_4096_data) }; ++static const SECItem subprime_ike_6144= ++ { siBuffer, ++ (unsigned char *) subprime_ike_6144_data, ++ sizeof(subprime_ike_6144_data) }; ++static const SECItem subprime_ike_8192= ++ { siBuffer, ++ (unsigned char *) subprime_ike_8192_data, ++ sizeof(subprime_ike_8192_data) }; ++static const SECItem subprime_tls_2048= ++ { siBuffer, ++ (unsigned char *) subprime_tls_2048_data, ++ sizeof(subprime_tls_2048_data) }; ++static const SECItem subprime_tls_3072= ++ { siBuffer, ++ (unsigned char *) subprime_tls_3072_data, ++ sizeof(subprime_tls_3072_data) }; ++static const SECItem subprime_tls_4096= ++ { siBuffer, ++ (unsigned char *) subprime_tls_4096_data, ++ sizeof(subprime_tls_4096_data) }; ++static const SECItem subprime_tls_6144= ++ { siBuffer, ++ (unsigned char *) subprime_tls_6144_data, ++ sizeof(subprime_tls_6144_data) }; ++static const SECItem subprime_tls_8192= ++ { siBuffer, ++ (unsigned char *) subprime_tls_8192_data, ++ sizeof(subprime_tls_8192_data) }; ++ ++/* ++ * verify that dhPrime matches one of our known primes ++ */ ++const SECItem * ++sftk_VerifyDH_Prime(SECItem *dhPrime) ++{ ++ /* use the length to decide which primes to check */ ++ switch (dhPrime->len) { ++ case 1536 / PR_BITS_PER_BYTE: ++ if (PORT_Memcmp(dhPrime->data, prime_ike_1536, ++ sizeof(prime_ike_1536)) == 0) { ++ return &subprime_ike_1536; ++ } ++ break; ++ case 2048 / PR_BITS_PER_BYTE: ++ if (PORT_Memcmp(dhPrime->data, prime_tls_2048, ++ sizeof(prime_tls_2048)) == 0) { ++ return &subprime_tls_2048; ++ } ++ if (PORT_Memcmp(dhPrime->data, prime_ike_2048, ++ sizeof(prime_ike_2048)) == 0) { ++ return &subprime_ike_2048; ++ } ++ break; ++ case 3072 / PR_BITS_PER_BYTE: ++ if (PORT_Memcmp(dhPrime->data, prime_tls_3072, ++ sizeof(prime_tls_3072)) == 0) { ++ return &subprime_tls_3072; ++ } ++ if (PORT_Memcmp(dhPrime->data, prime_ike_3072, ++ sizeof(prime_ike_3072)) == 0) { ++ return &subprime_ike_3072; ++ } ++ break; ++ case 4096 / PR_BITS_PER_BYTE: ++ if (PORT_Memcmp(dhPrime->data, prime_tls_4096, ++ sizeof(prime_tls_4096)) == 0) { ++ return &subprime_tls_4096; ++ } ++ if (PORT_Memcmp(dhPrime->data, prime_ike_4096, ++ sizeof(prime_ike_4096)) == 0) { ++ return &subprime_ike_4096; ++ } ++ break; ++ case 6144 / PR_BITS_PER_BYTE: ++ if (PORT_Memcmp(dhPrime->data, prime_tls_6144, ++ sizeof(prime_tls_6144)) == 0) { ++ return &subprime_tls_6144; ++ } ++ if (PORT_Memcmp(dhPrime->data, prime_ike_6144, ++ sizeof(prime_ike_6144)) == 0) { ++ return &subprime_ike_6144; ++ } ++ break; ++ case 8192 / PR_BITS_PER_BYTE: ++ if (PORT_Memcmp(dhPrime->data, prime_tls_8192, ++ sizeof(prime_tls_8192)) == 0) { ++ return &subprime_tls_8192; ++ } ++ if (PORT_Memcmp(dhPrime->data, prime_ike_8192, ++ sizeof(prime_ike_8192)) == 0) { ++ return &subprime_ike_8192; ++ } ++ break; ++ } ++ /* no match found, return an error */ ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return NULL; ++} ++ ++ ++/* Use the provided subPrime to see if dhPrime is a safe prime. We'll check ++ * primality of those values later. */ ++SECStatus ++sftk_IsSafePrime(const SECItem *dhPrime, const SECItem *dhSubPrime, PRBool *isSafe) ++{ ++ int i; ++ unsigned char carry = 0; ++ int offset = 0, subPrimeLen = dhPrime->len; ++ *isSafe = PR_FALSE; ++ ++ /* Both dhPrime and dhSubPrime should be odd */ ++ if (((dhPrime->data[dhPrime->len - 1] & 0x1) != 1) && ((dhSubPrime->data[dhSubPrime->len - 1] & 0x1) != 1)) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return SECFailure; ++ } ++ ++ /* subPrime is p-1/2, which means subPrime is 1 bit shorter than p. ++ * It's length in bytes is the same unless the high byte of p == 1 or 0. ++ */ ++ if (dhPrime->data[0] <= 1) { ++ subPrimeLen--; ++ offset++; ++ carry = (dhPrime->data[0]) << 7; ++ } ++ ++ /* if subprime len is notlong enough it is not a strong prime */ ++ if (dhSubPrime->len != subPrimeLen) { ++ return SECSuccess; ++ } ++ ++ /* does the subprime match q == (p-1)/2 */ ++ for (i = 0; i < subPrimeLen; i++) { ++ if (dhSubPrime->data[i] != ++ (carry | ((dhPrime->data[i + offset] >> 1) & 0x7f))) { ++ return SECSuccess; ++ } ++ carry = ((dhPrime->data[i + offset] & 1) << 7) & 0x80; ++ } ++ /* subPrime for p claims to be q=(p-1)/2. So the caller thinks p ++ * is a strong prime, just need to check primality of p and q to verify */ ++ *isSafe = PR_TRUE; ++ return SECSuccess; ++} +diff --git a/lib/softoken/softoken.gyp b/lib/softoken/softoken.gyp +--- a/lib/softoken/softoken.gyp ++++ b/lib/softoken/softoken.gyp +@@ -51,16 +51,17 @@ + 'kbkdf.c', + 'lowkey.c', + 'lowpbe.c', + 'padbuf.c', + 'pkcs11.c', + 'pkcs11c.c', + 'pkcs11u.c', + 'sdb.c', ++ 'sftkdhverify.c', + 'sftkdb.c', + 'sftkhmac.c', + 'sftkike.c', + 'sftkmessage.c', + 'sftkpars.c', + 'sftkpwd.c', + 'softkver.c', + 'tlsprf.c' diff --git a/SOURCES/nss-softokn-3.53.1-measure-fix.patch b/SOURCES/nss-softokn-3.53.1-measure-fix.patch new file mode 100644 index 0000000..6565388 --- /dev/null +++ b/SOURCES/nss-softokn-3.53.1-measure-fix.patch @@ -0,0 +1,24 @@ +diff -up ./nss/coreconf/config.gypi.measure-fix ./nss/coreconf/config.gypi +--- ./nss/coreconf/config.gypi.measure-fix 2020-09-11 13:20:55.850869109 -0700 ++++ ./nss/coreconf/config.gypi 2020-09-11 13:21:30.392053996 -0700 +@@ -363,7 +363,7 @@ + '_DEFAULT_SOURCE', # for functions, strdup, realpath, and getentropy + '_BSD_SOURCE', # for the above in glibc <= 2.19 + '_POSIX_SOURCE', # for +- 'SQL_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls ++ 'SDB_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls + ], + }], + [ 'OS=="dragonfly" or OS=="freebsd"', { +diff -up ./nss/coreconf/Linux.mk.measure-fix ./nss/coreconf/Linux.mk +--- ./nss/coreconf/Linux.mk.measure-fix 2020-09-11 13:20:13.242641043 -0700 ++++ ./nss/coreconf/Linux.mk 2020-09-11 13:21:40.642108861 -0700 +@@ -21,7 +21,7 @@ ifeq ($(USE_PTHREADS),1) + endif + + DEFAULT_COMPILER = gcc +-DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSQL_MEASURE_USE_TEMP_DIR ++DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSDB_MEASURE_USE_TEMP_DIR + + ifeq ($(OS_TARGET),Android) + ifndef ANDROID_NDK diff --git a/SOURCES/nss-softokn-3.53.1-no-small-primes.patch b/SOURCES/nss-softokn-3.53.1-no-small-primes.patch new file mode 100644 index 0000000..438da0a --- /dev/null +++ b/SOURCES/nss-softokn-3.53.1-no-small-primes.patch @@ -0,0 +1,53 @@ +diff -up ./nss/lib/softoken/pkcs11c.c.no-small-primes ./nss/lib/softoken/pkcs11c.c +--- ./nss/lib/softoken/pkcs11c.c.no-small-primes 2020-09-11 13:41:59.364630218 -0700 ++++ ./nss/lib/softoken/pkcs11c.c 2020-09-11 13:44:19.722377883 -0700 +@@ -5103,7 +5103,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + /* subprime not supplied, In this case look it up. + * This only works with approved primes, but in FIPS mode + * that's the only kine of prime that will get here */ +- subPrimePtr = sftk_VerifyDH_Prime(&prime); ++ subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS); + if (subPrimePtr == NULL) { + crv = CKR_GENERAL_ERROR; + goto done; +@@ -8332,7 +8332,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + + /* if the prime is an approved prime, we can skip all the other + * checks. */ +- subPrime = sftk_VerifyDH_Prime(&dhPrime); ++ subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS); + if (subPrime == NULL) { + SECItem dhSubPrime; + /* In FIPS mode we only accept approved primes */ +diff -up ./nss/lib/softoken/pkcs11i.h.no-small-primes ./nss/lib/softoken/pkcs11i.h +--- ./nss/lib/softoken/pkcs11i.h.no-small-primes 2020-09-11 13:42:10.056687173 -0700 ++++ ./nss/lib/softoken/pkcs11i.h 2020-09-11 13:44:52.361551747 -0700 +@@ -926,7 +926,7 @@ char **NSC_ModuleDBFunc(unsigned long fu + /* dh verify functions */ + /* verify that dhPrime matches one of our known primes, and if so return + * it's subprime value */ +-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime); ++const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS); + /* check if dhSubPrime claims dhPrime is a safe prime. */ + SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); + +diff -up ./nss/lib/softoken/sftkdhverify.c.no-small-primes ./nss/lib/softoken/sftkdhverify.c +--- ./nss/lib/softoken/sftkdhverify.c.no-small-primes 2020-09-11 13:42:25.216767929 -0700 ++++ ./nss/lib/softoken/sftkdhverify.c 2020-09-11 13:46:59.570229369 -0700 +@@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192= + * verify that dhPrime matches one of our known primes + */ + const SECItem * +-sftk_VerifyDH_Prime(SECItem *dhPrime) ++sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS) + { + /* use the length to decide which primes to check */ + switch (dhPrime->len) { + case 1536 / PR_BITS_PER_BYTE: ++ /* don't accept 1536 bit primes in FIPS mode */ ++ if (isFIPS) { ++ break; ++ } + if (PORT_Memcmp(dhPrime->data, prime_ike_1536, + sizeof(prime_ike_1536)) == 0) { + return &subprime_ike_1536; diff --git a/SOURCES/nss-softokn-aarch64.patch b/SOURCES/nss-softokn-aarch64.patch new file mode 100644 index 0000000..d9c22c6 --- /dev/null +++ b/SOURCES/nss-softokn-aarch64.patch @@ -0,0 +1,26 @@ +diff -up nss/lib/freebl/Makefile.aarch64 nss/lib/freebl/Makefile +--- nss/lib/freebl/Makefile.aarch64 2020-07-22 12:22:50.983883934 +0200 ++++ nss/lib/freebl/Makefile 2020-07-22 12:23:29.054608879 +0200 +@@ -120,8 +120,20 @@ else + endif + endif + ifeq ($(CPU_ARCH),aarch64) +- DEFINES += -DUSE_HW_AES +- EXTRA_SRCS += aes-armv8.c gcm-aarch64.c ++ ifdef CC_IS_CLANG ++ DEFINES += -DUSE_HW_AES ++ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c ++ else ifeq (1,$(CC_IS_GCC)) ++ # Old compiler doesn't support ARM AES. ++ ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) ++ DEFINES += -DUSE_HW_AES ++ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c ++ endif ++ ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) ++ DEFINES += -DUSE_HW_AES ++ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c ++ endif ++ endif + endif + ifeq ($(CPU_ARCH),arm) + ifndef NSS_DISABLE_ARM32_NEON diff --git a/SOURCES/nss-softokn-fips-update.patch b/SOURCES/nss-softokn-fips-update.patch deleted file mode 100644 index 604b947..0000000 --- a/SOURCES/nss-softokn-fips-update.patch +++ /dev/null @@ -1,1148 +0,0 @@ -diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c ---- a/lib/freebl/fipsfreebl.c -+++ b/lib/freebl/fipsfreebl.c -@@ -10,18 +10,20 @@ - #ifdef FREEBL_NO_DEPEND - #include "stubs.h" - #endif - - #include "blapi.h" - #include "seccomon.h" /* Required for RSA and DSA. */ - #include "secerr.h" - #include "prtypes.h" -+#include "secitem.h" -+#include "pkcs11t.h" - --#include "ec.h" /* Required for ECDSA */ -+#include "ec.h" /* Required for EC */ - - /* - * different platforms have different ways of calling and initial entry point - * when the dll/.so is loaded. Most platforms support either a posix pragma - * or the GCC attribute. Some platforms suppor a pre-defined name, and some - * platforms have a link line way of invoking this function. - */ - -@@ -283,61 +285,88 @@ freebl_fips_AES_PowerUpSelfTest(int aes_ - - /* AES-CBC Known Initialization Vector (128-bits). */ - static const PRUint8 aes_cbc_known_initialization_vector[] = - { "SecurityytiruceS" }; - - /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */ - static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" }; - -+ static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" }; -+ - /* AES Known Ciphertext (128-bit key). */ - static const PRUint8 aes_ecb128_known_ciphertext[] = { - 0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1, - 0x03, 0x88, 0x16, 0x7b, 0x20, 0xbf, 0x35, 0x47 - }; - - static const PRUint8 aes_cbc128_known_ciphertext[] = { - 0xcf, 0x15, 0x1d, 0x4f, 0x96, 0xe4, 0x4f, 0x63, - 0x15, 0x54, 0x14, 0x1d, 0x4e, 0xd8, 0xd5, 0xea - }; - -+ static const PRUint8 aes_gcm128_known_ciphertext[] = { -+ 0x63, 0xf4, 0x95, 0x28, 0xe6, 0x78, 0xee, 0x6e, -+ 0x4f, 0xe0, 0xfc, 0x8d, 0xd7, 0xa2, 0xb1, 0xff, -+ 0x0c, 0x97, 0x1b, 0x0a, 0xdd, 0x97, 0x75, 0xed, -+ 0x8b, 0xde, 0xbf, 0x16, 0x5e, 0x57, 0x6b, 0x4f -+ }; -+ - /* AES Known Ciphertext (192-bit key). */ - static const PRUint8 aes_ecb192_known_ciphertext[] = { - 0xa0, 0x18, 0x62, 0xed, 0x88, 0x19, 0xcb, 0x62, - 0x88, 0x1d, 0x4d, 0xfe, 0x84, 0x02, 0x89, 0x0e - }; - - static const PRUint8 aes_cbc192_known_ciphertext[] = { - 0x83, 0xf7, 0xa4, 0x76, 0xd1, 0x6f, 0x07, 0xbe, - 0x07, 0xbc, 0x43, 0x2f, 0x6d, 0xad, 0x29, 0xe1 - }; - -+ static const PRUint8 aes_gcm192_known_ciphertext[] = { -+ 0xc1, 0x0b, 0x92, 0x1d, 0x68, 0x21, 0xf4, 0x25, -+ 0x41, 0x61, 0x20, 0x2d, 0x59, 0x7f, 0x53, 0xde, -+ 0x93, 0x39, 0xab, 0x09, 0x76, 0x41, 0x57, 0x2b, -+ 0x90, 0x2e, 0x44, 0xbb, 0x52, 0x03, 0xe9, 0x07 -+ }; -+ - /* AES Known Ciphertext (256-bit key). */ - static const PRUint8 aes_ecb256_known_ciphertext[] = { - 0xdb, 0xa6, 0x52, 0x01, 0x8a, 0x70, 0xae, 0x66, - 0x3a, 0x99, 0xd8, 0x95, 0x7f, 0xfb, 0x01, 0x67 - }; - - static const PRUint8 aes_cbc256_known_ciphertext[] = { - 0x37, 0xea, 0x07, 0x06, 0x31, 0x1c, 0x59, 0x27, - 0xc5, 0xc5, 0x68, 0x71, 0x6e, 0x34, 0x40, 0x16 - }; - -+ static const PRUint8 aes_gcm256_known_ciphertext[] = { -+ 0x5d, 0x9e, 0xd2, 0xa2, 0x74, 0x9c, 0xd9, 0x1c, -+ 0xd1, 0xc9, 0xee, 0x5d, 0xb6, 0xf2, 0xc9, 0xb6, -+ 0x79, 0x27, 0x53, 0x02, 0xa3, 0xdc, 0x22, 0xce, -+ 0xf4, 0xb0, 0xc1, 0x8c, 0x86, 0x51, 0xf5, 0xa1 -+ }; -+ - const PRUint8 *aes_ecb_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext; - - const PRUint8 *aes_cbc_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : aes_cbc256_known_ciphertext; - -+ const PRUint8 *aes_gcm_known_ciphertext = -+ (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_gcm192_known_ciphertext : aes_gcm256_known_ciphertext; -+ - /* AES variables. */ -- PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH]; -- PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH]; -+ PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH * 2]; -+ PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH * 2]; - AESContext *aes_context; - unsigned int aes_bytes_encrypted; - unsigned int aes_bytes_decrypted; -+ CK_GCM_PARAMS gcmParams; - SECStatus aes_status; - - /*check if aes_key_size is 128, 192, or 256 bits */ - if ((aes_key_size != FIPS_AES_128_KEY_SIZE) && - (aes_key_size != FIPS_AES_192_KEY_SIZE) && - (aes_key_size != FIPS_AES_256_KEY_SIZE)) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return (SECFailure); -@@ -450,16 +479,79 @@ freebl_fips_AES_PowerUpSelfTest(int aes_ - if ((aes_status != SECSuccess) || - (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) || - (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext, - FIPS_AES_DECRYPT_LENGTH) != 0)) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return (SECFailure); - } - -+ /******************************************************/ -+ /* AES-GCM Single-Round Known Answer Encryption Test. */ -+ /******************************************************/ -+ -+ gcmParams.pIv = (PRUint8 *)aes_cbc_known_initialization_vector; -+ gcmParams.ulIvLen = FIPS_AES_BLOCK_SIZE; -+ gcmParams.pAAD = (PRUint8 *)aes_gcm_known_aad; -+ gcmParams.ulAADLen = sizeof(aes_gcm_known_aad); -+ gcmParams.ulTagBits = FIPS_AES_BLOCK_SIZE * 8; -+ aes_context = AES_CreateContext(aes_known_key, -+ (PRUint8 *)&gcmParams, -+ NSS_AES_GCM, PR_TRUE, aes_key_size, -+ FIPS_AES_BLOCK_SIZE); -+ -+ if (aes_context == NULL) { -+ PORT_SetError(SEC_ERROR_NO_MEMORY); -+ return (SECFailure); -+ } -+ -+ aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext, -+ &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH * 2, -+ aes_known_plaintext, -+ FIPS_AES_DECRYPT_LENGTH); -+ -+ AES_DestroyContext(aes_context, PR_TRUE); -+ -+ if ((aes_status != SECSuccess) || -+ (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH * 2) || -+ (PORT_Memcmp(aes_computed_ciphertext, aes_gcm_known_ciphertext, -+ FIPS_AES_ENCRYPT_LENGTH * 2) != 0)) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return (SECFailure); -+ } -+ -+ /******************************************************/ -+ /* AES-GCM Single-Round Known Answer Decryption Test. */ -+ /******************************************************/ -+ -+ aes_context = AES_CreateContext(aes_known_key, -+ (PRUint8 *)&gcmParams, -+ NSS_AES_GCM, PR_FALSE, aes_key_size, -+ FIPS_AES_BLOCK_SIZE); -+ -+ if (aes_context == NULL) { -+ PORT_SetError(SEC_ERROR_NO_MEMORY); -+ return (SECFailure); -+ } -+ -+ aes_status = AES_Decrypt(aes_context, aes_computed_plaintext, -+ &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH * 2, -+ aes_gcm_known_ciphertext, -+ FIPS_AES_ENCRYPT_LENGTH * 2); -+ -+ AES_DestroyContext(aes_context, PR_TRUE); -+ -+ if ((aes_status != SECSuccess) || -+ (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) || -+ (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext, -+ FIPS_AES_DECRYPT_LENGTH) != 0)) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return (SECFailure); -+ } -+ - return (SECSuccess); - } - - /* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */ - static const PRUint8 known_hash_message[] = { - "The test message for the MD2, MD5, and SHA-1 hashing algorithms." - }; - -@@ -1089,17 +1181,17 @@ freebl_fips_ECDSA_Test(ECParams *ecparam - 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc, - 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f - }; - - static const PRUint8 msg[] = { - "Firefox and ThunderBird are awesome!" - }; - -- unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */ -+ unsigned char sha256[SHA256_LENGTH]; /* SHA-256 hash (256 bits) */ - unsigned char sig[2 * MAX_ECKEY_LEN]; - SECItem signature, digest; - ECPrivateKey *ecdsa_private_key = NULL; - ECPublicKey ecdsa_public_key; - SECStatus ecdsaStatus = SECSuccess; - - /* Generates a new EC key pair. The private key is a supplied - * random value (in seed) and the public key is the result of -@@ -1131,23 +1223,23 @@ freebl_fips_ECDSA_Test(ECParams *ecparam - if (ecdsaStatus != SECSuccess) { - goto loser; - } - - /***************************************************/ - /* ECDSA Single-Round Known Answer Signature Test. */ - /***************************************************/ - -- ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg); -+ ecdsaStatus = SHA256_HashBuf(sha256, msg, sizeof msg); - if (ecdsaStatus != SECSuccess) { - goto loser; - } - digest.type = siBuffer; -- digest.data = sha1; -- digest.len = SHA1_LENGTH; -+ digest.data = sha256; -+ digest.len = SHA256_LENGTH; - - memset(sig, 0, sizeof sig); - signature.type = siBuffer; - signature.data = sig; - signature.len = sizeof sig; - - ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature, - &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed); -@@ -1176,20 +1268,93 @@ loser: - if (ecdsaStatus != SECSuccess) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return (SECFailure); - } - return (SECSuccess); - } - - static SECStatus --freebl_fips_ECDSA_PowerUpSelfTest() -+freebl_fips_ECDH_Test(ECParams *ecparams) - { - -- /* ECDSA Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */ -+ /* ECDH Known result (reused old CAVS vector) */ -+ static const PRUint8 ecdh_known_pub_key_1[] = { -+ EC_POINT_FORM_UNCOMPRESSED, -+ /* pubX */ -+ 0x16, 0x81, 0x32, 0x86, 0xc8, 0xe4, 0x3a, 0x1f, -+ 0x5d, 0xe3, 0x06, 0x22, 0x8b, 0x99, 0x14, 0x25, -+ 0xf7, 0x9c, 0x5b, 0x1e, 0x96, 0x84, 0x85, 0x3b, -+ 0x17, 0xfe, 0xf3, 0x1c, 0x0e, 0xed, 0xc4, 0xce, -+ /* pubY */ -+ 0x7a, 0x44, 0xfe, 0xbd, 0x91, 0x71, 0x7d, 0x73, -+ 0xd9, 0x45, 0xea, 0xae, 0x66, 0x78, 0xfa, 0x6e, -+ 0x46, 0xcd, 0xfa, 0x95, 0x15, 0x47, 0x62, 0x5d, -+ 0xbb, 0x1b, 0x9f, 0xe6, 0x39, 0xfc, 0xfd, 0x47 -+ }; -+ static const PRUint8 ecdh_known_priv_key_2[] = { -+ 0xb4, 0x2a, 0xe3, 0x69, 0x19, 0xec, 0xf0, 0x42, -+ 0x6d, 0x45, 0x8c, 0x94, 0x4a, 0x26, 0xa7, 0x5c, -+ 0xea, 0x9d, 0xd9, 0x0f, 0x59, 0xe0, 0x1a, 0x9d, -+ 0x7c, 0xb7, 0x1c, 0x04, 0x53, 0xb8, 0x98, 0x5a -+ }; -+ static const PRUint8 ecdh_known_hash_result[] = { -+ 0x16, 0xf3, 0x85, 0xa2, 0x41, 0xf3, 0x7f, 0xc4, -+ 0x0b, 0x56, 0x47, 0xee, 0xa7, 0x74, 0xb9, 0xdb, -+ 0xe1, 0xfa, 0x22, 0xe9, 0x04, 0xf1, 0xb6, 0x12, -+ 0x4b, 0x44, 0x8a, 0xbb, 0xbc, 0x08, 0x2b, 0xa7, -+ }; -+ -+ SECItem ecdh_priv_2, ecdh_pub_1; -+ SECItem ZZ = { 0, 0, 0 }; -+ SECStatus ecdhStatus = SECSuccess; -+ PRUint8 computed_hash_result[HASH_LENGTH_MAX]; -+ -+ ecdh_priv_2.data = (PRUint8 *)ecdh_known_priv_key_2; -+ ecdh_priv_2.len = sizeof(ecdh_known_priv_key_2); -+ ecdh_pub_1.data = (PRUint8 *)ecdh_known_pub_key_1; -+ ecdh_pub_1.len = sizeof(ecdh_known_pub_key_1); -+ -+ /* Generates a new EC key pair. The private key is a supplied -+ * random value (in seed) and the public key is the result of -+ * performing a scalar point multiplication of that value with -+ * the curve's base point. -+ */ -+ ecdhStatus = ECDH_Derive(&ecdh_pub_1, ecparams, &ecdh_priv_2, PR_FALSE, &ZZ); -+ if (ecdhStatus != SECSuccess) { -+ goto loser; -+ } -+ ecdhStatus = SHA256_HashBuf(computed_hash_result, ZZ.data, ZZ.len); -+ if (ecdhStatus != SECSuccess) { -+ goto loser; -+ } -+ -+ if (PORT_Memcmp(computed_hash_result, ecdh_known_hash_result, -+ sizeof(ecdh_known_hash_result)) != 0) { -+ ecdhStatus = SECFailure; -+ goto loser; -+ } -+ -+loser: -+ if (ZZ.data) { -+ SECITEM_FreeItem(&ZZ, PR_FALSE); -+ } -+ -+ if (ecdhStatus != SECSuccess) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return (SECFailure); -+ } -+ return (SECSuccess); -+} -+ -+static SECStatus -+freebl_fips_EC_PowerUpSelfTest() -+{ -+ -+ /* EC Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */ - static const unsigned char p256_prime[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF - }; - static const unsigned char p256_a[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -1212,17 +1377,17 @@ freebl_fips_ECDSA_PowerUpSelfTest() - static const unsigned char p256_order[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, - 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 - }; - static const unsigned char p256_encoding[] = { - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 - }; -- static const ECParams ecdsa_known_P256_Params = { -+ static const ECParams ec_known_P256_Params = { - NULL, ec_params_named, /* arena, type */ - /* fieldID */ - { 256, ec_field_GFp, /* size and type */ - { { siBuffer, (unsigned char *)p256_prime, sizeof(p256_prime) } }, /* u.prime */ - 0, - 0, - 0 }, - /* curve */ -@@ -1245,34 +1410,39 @@ freebl_fips_ECDSA_PowerUpSelfTest() - { siBuffer, (unsigned char *)(p256_encoding) + 2, sizeof(p256_encoding) - 2 }, - }; - - static const PRUint8 ecdsa_known_P256_signature[] = { - 0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10, 0xd6, - 0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff, - 0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f, - 0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5, -- 0x59, 0x6a, 0x62, 0x49, 0x3d, 0x50, 0xc9, 0xe1, -- 0x27, 0x3b, 0xff, 0x9b, 0x13, 0x66, 0x67, 0xdd, -- 0x7d, 0xd1, 0x0d, 0x2d, 0x7c, 0x44, 0x04, 0x1b, -- 0x16, 0x21, 0x12, 0xc5, 0xcb, 0xbd, 0x9e, 0x75 -+ 0xa7, 0xd2, 0x20, 0xdd, 0x45, 0xf9, 0x2b, 0xdd, -+ 0xda, 0x98, 0x99, 0x5b, 0x1c, 0x02, 0x3a, 0x27, -+ 0x8b, 0x7d, 0xb6, 0xed, 0x0e, 0xe0, 0xa7, 0xac, -+ 0xaa, 0x36, 0x2c, 0xfa, 0x1a, 0xdf, 0x0d, 0xe1, - }; - - ECParams ecparams; - - SECStatus rv; - - /* ECDSA GF(p) prime field curve test */ -- ecparams = ecdsa_known_P256_Params; -+ ecparams = ec_known_P256_Params; - rv = freebl_fips_ECDSA_Test(&ecparams, - ecdsa_known_P256_signature, - sizeof ecdsa_known_P256_signature); - if (rv != SECSuccess) { - return (SECFailure); - } -+ /* ECDH GF(p) prime field curve test */ -+ rv = freebl_fips_ECDH_Test(&ecparams); -+ if (rv != SECSuccess) { -+ return (SECFailure); -+ } - - return (SECSuccess); - } - - static SECStatus - freebl_fips_DSA_PowerUpSelfTest(void) - { - /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */ -@@ -1413,16 +1583,148 @@ freebl_fips_DSA_PowerUpSelfTest(void) - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - - return (SECSuccess); - } - - static SECStatus -+freebl_fips_DH_PowerUpSelfTest(void) -+{ -+ /* DH Known P (2048-bits) */ -+ static const PRUint8 dh_known_P[] = { -+ 0xc2, 0x79, 0xbb, 0x76, 0x32, 0x0d, 0x43, 0xfd, -+ 0x1b, 0x8c, 0xa2, 0x3c, 0x00, 0xdd, 0x6d, 0xef, -+ 0xf8, 0x1a, 0xd9, 0xc1, 0xa2, 0xf5, 0x73, 0x2b, -+ 0xdb, 0x1a, 0x3e, 0x84, 0x90, 0xeb, 0xe7, 0x8e, -+ 0x5f, 0x5c, 0x6b, 0xb6, 0x61, 0x89, 0xd1, 0x03, -+ 0xb0, 0x5f, 0x91, 0xe4, 0xd2, 0x82, 0x90, 0xfc, -+ 0x3c, 0x49, 0x69, 0x59, 0xc1, 0x51, 0x6a, 0x85, -+ 0x71, 0xe7, 0x5d, 0x72, 0x5a, 0x45, 0xad, 0x01, -+ 0x6f, 0x82, 0xae, 0xec, 0x91, 0x08, 0x2e, 0x7c, -+ 0x64, 0x93, 0x46, 0x1c, 0x68, 0xef, 0xc2, 0x03, -+ 0x28, 0x1d, 0x75, 0x3a, 0xeb, 0x9c, 0x46, 0xf0, -+ 0xc9, 0xdb, 0x99, 0x95, 0x13, 0x66, 0x4d, 0xd5, -+ 0x1a, 0x78, 0x92, 0x51, 0x89, 0x72, 0x28, 0x7f, -+ 0x20, 0x70, 0x41, 0x49, 0xa2, 0x86, 0xe9, 0xf9, -+ 0x78, 0x5f, 0x8d, 0x2e, 0x5d, 0xfa, 0xdb, 0x57, -+ 0xd4, 0x71, 0xdf, 0x66, 0xe3, 0x9e, 0x88, 0x70, -+ 0xa4, 0x21, 0x44, 0x6a, 0xc7, 0xae, 0x30, 0x2c, -+ 0x9c, 0x1f, 0x91, 0x57, 0xc8, 0x24, 0x34, 0x2d, -+ 0x7a, 0x4a, 0x43, 0xc2, 0x5f, 0xab, 0x64, 0x2e, -+ 0xaa, 0x28, 0x32, 0x95, 0x42, 0x7b, 0xa0, 0xcc, -+ 0xdf, 0xfd, 0x22, 0xc8, 0x56, 0x84, 0xc1, 0x62, -+ 0x15, 0xb2, 0x77, 0x86, 0x81, 0xfc, 0xa5, 0x12, -+ 0x3c, 0xca, 0x28, 0x17, 0x8f, 0x03, 0x16, 0x6e, -+ 0xb8, 0x24, 0xfa, 0x1b, 0x15, 0x02, 0xfd, 0x8b, -+ 0xb6, 0x0a, 0x1a, 0xf7, 0x47, 0x41, 0xc5, 0x2b, -+ 0x37, 0x3e, 0xa1, 0xbf, 0x68, 0xda, 0x1c, 0x55, -+ 0x44, 0xc3, 0xee, 0xa1, 0x63, 0x07, 0x11, 0x3b, -+ 0x5f, 0x00, 0x84, 0xb4, 0xc4, 0xe4, 0xa7, 0x97, -+ 0x29, 0xf8, 0xce, 0xab, 0xfc, 0x27, 0x3e, 0x34, -+ 0xe4, 0xc7, 0x81, 0x52, 0x32, 0x0e, 0x27, 0x3c, -+ 0xa6, 0x70, 0x3f, 0x4a, 0x54, 0xda, 0xdd, 0x60, -+ 0x26, 0xb3, 0x6e, 0x45, 0x26, 0x19, 0x41, 0x6f -+ }; -+ -+ static const PRUint8 dh_known_Y_1[] = { -+ 0xb4, 0xc7, 0x85, 0xba, 0xa6, 0x98, 0xb3, 0x77, -+ 0x41, 0x2b, 0xd9, 0x9a, 0x72, 0x90, 0xa4, 0xac, -+ 0xc4, 0xf7, 0xc2, 0x23, 0x9a, 0x68, 0xe2, 0x7d, -+ 0x3a, 0x54, 0x45, 0x91, 0xc1, 0xd7, 0x8a, 0x17, -+ 0x54, 0xd3, 0x37, 0xaa, 0x0c, 0xcd, 0x0b, 0xe2, -+ 0xf2, 0x34, 0x0f, 0x17, 0xa8, 0x07, 0x88, 0xaf, -+ 0xed, 0xc1, 0x02, 0xd4, 0xdb, 0xdc, 0x0f, 0x22, -+ 0x51, 0x23, 0x40, 0xb9, 0x65, 0x6d, 0x39, 0xf4, -+ 0xe1, 0x8b, 0x57, 0x7d, 0xb6, 0xd3, 0xf2, 0x6b, -+ 0x02, 0xa9, 0x36, 0xf0, 0x0d, 0xe3, 0xdb, 0x9a, -+ 0xbf, 0x20, 0x00, 0x4d, 0xec, 0x6f, 0x68, 0x95, -+ 0xee, 0x59, 0x4e, 0x3c, 0xb6, 0xda, 0x7b, 0x19, -+ 0x08, 0x9a, 0xef, 0x61, 0x43, 0xf5, 0xfb, 0x25, -+ 0x70, 0x19, 0xc1, 0x5f, 0x0e, 0x0f, 0x6a, 0x63, -+ 0x44, 0xe9, 0xcf, 0x33, 0xce, 0x13, 0x4f, 0x34, -+ 0x3c, 0x94, 0x40, 0x8d, 0xf2, 0x65, 0x42, 0xef, -+ 0x70, 0x54, 0xdd, 0x5f, 0xc1, 0xd7, 0x0b, 0xa6, -+ 0x06, 0xd5, 0xa6, 0x47, 0xae, 0x2c, 0x1f, 0x5a, -+ 0xa6, 0xb3, 0xc1, 0x38, 0x3a, 0x3b, 0x60, 0x94, -+ 0xa2, 0x95, 0xab, 0xb2, 0x86, 0x82, 0xc5, 0x3b, -+ 0xb8, 0x6f, 0x3e, 0x55, 0x86, 0x84, 0xe0, 0x00, -+ 0xe5, 0xef, 0xca, 0x5c, 0xec, 0x7e, 0x38, 0x0f, -+ 0x82, 0xa2, 0xb1, 0xee, 0x48, 0x1b, 0x32, 0xbb, -+ 0x5a, 0x33, 0xa5, 0x01, 0xba, 0xca, 0xa6, 0x64, -+ 0x61, 0xb6, 0xe5, 0x5c, 0x0e, 0x5f, 0x2c, 0x66, -+ 0x0d, 0x01, 0x6a, 0x20, 0x04, 0x70, 0x68, 0x82, -+ 0x93, 0x29, 0x15, 0x3b, 0x7a, 0x06, 0xb2, 0x92, -+ 0x61, 0xcd, 0x7e, 0xa4, 0xc1, 0x15, 0x64, 0x3b, -+ 0x3c, 0x51, 0x10, 0x4c, 0x87, 0xa6, 0xaf, 0x07, -+ 0xce, 0x46, 0x82, 0x75, 0xf3, 0x90, 0xf3, 0x21, -+ 0x55, 0x74, 0xc2, 0xe4, 0x96, 0x7d, 0xc3, 0xe6, -+ 0x33, 0xa5, 0xc6, 0x51, 0xef, 0xec, 0x90, 0x08 -+ }; -+ -+ static const PRUint8 dh_known_x_2[] = { -+ 0x9e, 0x9b, 0xc3, 0x25, 0x53, 0xf9, 0xfc, 0x92, -+ 0xb6, 0xae, 0x54, 0x8e, 0x23, 0x4c, 0x94, 0xba, -+ 0x41, 0xe6, 0x29, 0x33, 0xb9, 0xdb, 0xff, 0x6d, -+ 0xa8, 0xb8, 0x48, 0x49, 0x66, 0x11, 0xa6, 0x13 -+ }; -+ -+ static const PRUint8 dh_known_hash_result[] = { -+ 0x93, 0xa2, 0x89, 0x1c, 0x8a, 0xc3, 0x70, 0xbf, -+ 0xa7, 0xdf, 0xb6, 0xd7, 0x82, 0xfb, 0x87, 0x81, -+ 0x09, 0x47, 0xf3, 0x9f, 0x5a, 0xbf, 0x4f, 0x3f, -+ 0x8e, 0x5e, 0x06, 0xca, 0x30, 0xa7, 0xaf, 0x10 -+ }; -+ -+ /* DH variables. */ -+ SECStatus dhStatus; -+ SECItem dh_prime; -+ SECItem dh_pub_key_1; -+ SECItem dh_priv_key_2; -+ SECItem ZZ = { 0, 0, 0 }; -+ PRUint8 computed_hash_result[HASH_LENGTH_MAX]; -+ -+ dh_prime.data = (PRUint8 *)dh_known_P; -+ dh_prime.len = sizeof(dh_known_P); -+ dh_pub_key_1.data = (PRUint8 *)dh_known_Y_1; -+ dh_pub_key_1.len = sizeof(dh_known_Y_1); -+ dh_priv_key_2.data = (PRUint8 *)dh_known_x_2; -+ dh_priv_key_2.len = sizeof(dh_known_x_2); -+ -+ /* execute the derive */ -+ dhStatus = DH_Derive(&dh_pub_key_1, &dh_prime, &dh_priv_key_2, &ZZ, dh_prime.len); -+ if (dhStatus != SECSuccess) { -+ goto loser; -+ } -+ -+ dhStatus = SHA256_HashBuf(computed_hash_result, ZZ.data, ZZ.len); -+ if (dhStatus != SECSuccess) { -+ goto loser; -+ } -+ -+ if (PORT_Memcmp(computed_hash_result, dh_known_hash_result, -+ sizeof(dh_known_hash_result)) != 0) { -+ dhStatus = SECFailure; -+ goto loser; -+ } -+ -+loser: -+ if (ZZ.data) { -+ SECITEM_FreeItem(&ZZ, PR_FALSE); -+ } -+ -+ if (dhStatus != SECSuccess) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return (SECFailure); -+ } -+ return (SECSuccess); -+} -+ -+static SECStatus - freebl_fips_RNG_PowerUpSelfTest(void) - { - static const PRUint8 Q[] = { - 0x85, 0x89, 0x9c, 0x77, 0xa3, 0x79, 0xff, 0x1a, - 0x86, 0x6f, 0x2f, 0x3e, 0x2e, 0xf9, 0x8c, 0x9c, - 0x9d, 0xef, 0xeb, 0xed - }; - static const PRUint8 GENX[] = { -@@ -1536,31 +1838,37 @@ freebl_fipsPowerUpSelfTest(unsigned int - - /* HMAC SHA-X Power-Up SelfTest(s). */ - rv = freebl_fips_HMAC_PowerUpSelfTest(); - - if (rv != SECSuccess) - return rv; - - /* NOTE: RSA can only be tested in full freebl. It requires access to -- * the locking primitives */ -+ * the locking primitives */ - /* RSA Power-Up SelfTest(s). */ - rv = freebl_fips_RSA_PowerUpSelfTest(); - - if (rv != SECSuccess) - return rv; - - /* DSA Power-Up SelfTest(s). */ - rv = freebl_fips_DSA_PowerUpSelfTest(); - - if (rv != SECSuccess) - return rv; - -- /* ECDSA Power-Up SelfTest(s). */ -- rv = freebl_fips_ECDSA_PowerUpSelfTest(); -+ /* DH Power-Up SelfTest(s). */ -+ rv = freebl_fips_DH_PowerUpSelfTest(); -+ -+ if (rv != SECSuccess) -+ return rv; -+ -+ /* EC Power-Up SelfTest(s). */ -+ rv = freebl_fips_EC_PowerUpSelfTest(); - - if (rv != SECSuccess) - return rv; - } - /* Passed Power-Up SelfTest(s). */ - return (SECSuccess); - } - -diff --git a/lib/freebl/intel-gcm-wrap.c b/lib/freebl/intel-gcm-wrap.c ---- a/lib/freebl/intel-gcm-wrap.c -+++ b/lib/freebl/intel-gcm-wrap.c -@@ -138,16 +138,17 @@ intel_AES_GCM_CreateContext(void *contex - loser: - PORT_Free(gcm); - return NULL; - } - - void - intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit) - { -+ PORT_Memset(gcm, 0, sizeof(intel_AES_GCMContext)); - if (freeit) { - PORT_Free(gcm); - } - } - - SECStatus - intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, - unsigned char *outbuf, -diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c ---- a/lib/freebl/pqg.c -+++ b/lib/freebl/pqg.c -@@ -486,21 +486,21 @@ cleanup: - ** Perform steps from FIPS 186-3, Appendix A.1.2.1 and Appendix C.6 - ** - ** This generates a provable prime from two smaller prime. The resulting - ** prime p will have q0 as a multiple of p-1. q0 can be 1. - ** - ** This implments steps 4 thorough 22 of FIPS 186-3 A.1.2.1 and - ** steps 16 through 34 of FIPS 186-2 C.6 - */ --#define MAX_ST_SEED_BITS (HASH_LENGTH_MAX * PR_BITS_PER_BYTE) - static SECStatus - makePrimefromPrimesShaweTaylor( - HASH_HashType hashtype, /* selected Hashing algorithm */ - unsigned int length, /* input. Length of prime in bits. */ -+ unsigned int seedlen, /* input seed length in bits */ - mp_int *c0, /* seed prime */ - mp_int *q, /* sub prime, can be 1 */ - mp_int *prime, /* output. */ - SECItem *prime_seed, /* input/output. */ - unsigned int *prime_gen_counter) /* input/output. */ - { - mp_int c; - mp_int c0_2; -@@ -552,33 +552,32 @@ makePrimefromPrimesShaweTaylor( - */ - - /* Step 4/16 iterations = ceiling(length/outlen)-1 */ - iterations = (length + outlen - 1) / outlen; /* NOTE: iterations +1 */ - /* Step 5/17 old_counter = prime_gen_counter */ - old_counter = *prime_gen_counter; - /* - ** Comment: Generate a pseudorandom integer x in the interval -- ** [2**(lenght-1), 2**length]. -+ ** [2**(length-1), 2**length]. - ** - ** Step 6/18 x = 0 - */ - PORT_Memset(x, 0, sizeof(x)); - /* - ** Step 7/19 for i = 0 to iterations do - ** x = x + (HASH(prime_seed + i) * 2^(i*outlen)) - */ - for (i = 0; i < iterations; i++) { - /* is bigger than prime_seed should get to */ - CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i, -- MAX_ST_SEED_BITS, &x[(iterations - i - 1) * hashlen])); -+ seedlen, &x[(iterations - i - 1) * hashlen])); - } - /* Step 8/20 prime_seed = prime_seed + iterations + 1 */ -- CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS, -- prime_seed)); -+ CHECK_SEC_OK(addToSeed(prime_seed, iterations, seedlen, prime_seed)); - /* - ** Step 9/21 x = 2 ** (length-1) + x mod 2 ** (length-1) - ** - ** This step mathematically sets the high bit and clears out - ** all the other bits higher than length. 'x' is stored - ** in the x array, MSB first. The above formula gives us an 'x' - ** which is length bytes long and has the high bit set. We also know - ** that length <= iterations*outlen since -@@ -590,17 +589,17 @@ makePrimefromPrimesShaweTaylor( - * multiple of 8,*/ - bit = 1 << ((length - 1) & 0x7); /* select the proper bit in the byte */ - /* we need to zero out the rest of the bits in the byte above */ - mask = (bit - 1); - /* now we set it */ - x[offset] = (mask & x[offset]) | bit; - /* - ** Comment: Generate a candidate prime c in the interval -- ** [2**(lenght-1), 2**length]. -+ ** [2**(length-1), 2**length]. - ** - ** Step 10 t = ceiling(x/(2q(p0))) - ** Step 22 t = ceiling(x/(2(c0))) - */ - CHECK_MPI_OK(mp_read_unsigned_octets(&t, &x[offset], - hashlen * iterations - offset)); /* t = x */ - CHECK_MPI_OK(mp_mul(c0, q, &c0_2)); /* c0_2 is now c0*q */ - CHECK_MPI_OK(mp_add(&c0_2, &c0_2, &c0_2)); /* c0_2 is now 2*q*c0 */ -@@ -619,17 +618,17 @@ makePrimefromPrimesShaweTaylor( - step_23: - CHECK_MPI_OK(mp_mul(&t, &c0_2, &c)); /* c = t*2qc0 */ - CHECK_MPI_OK(mp_add_d(&c, (mp_digit)1, &c)); /* c= 2tqc0 + 1*/ - if (mpl_significant_bits(&c) > length) { /* if c > 2**length */ - CHECK_MPI_OK(mp_sub_d(&c0_2, (mp_digit)1, &t)); /* t = 2qc0-1 */ - /* t = 2**(length-1) + 2qc0 -1 */ - CHECK_MPI_OK(mp_add(&two_length_minus_1, &t, &t)); - /* t = floor((2**(length-1)+2qc0 -1)/2qco) -- * = ceil(2**(lenght-2)/2qc0) */ -+ * = ceil(2**(length-2)/2qc0) */ - CHECK_MPI_OK(mp_div(&t, &c0_2, &t, NULL)); - CHECK_MPI_OK(mp_mul(&t, &c0_2, &c)); - CHECK_MPI_OK(mp_add_d(&c, (mp_digit)1, &c)); /* c= 2tqc0 + 1*/ - } - /* Step 13/25 prime_gen_counter = prime_gen_counter + 1*/ - (*prime_gen_counter)++; - /* - ** Comment: Test the candidate prime c for primality; first pick an -@@ -640,23 +639,21 @@ step_23: - PORT_Memset(x, 0, sizeof(x)); /* use x for a */ - /* - ** Step 15/27 for i = 0 to iterations do - ** a = a + (HASH(prime_seed + i) * 2^(i*outlen)) - ** - ** NOTE: we reuse the x array for 'a' initially. - */ - for (i = 0; i < iterations; i++) { -- /* MAX_ST_SEED_BITS is bigger than prime_seed should get to */ - CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i, -- MAX_ST_SEED_BITS, &x[(iterations - i - 1) * hashlen])); -+ seedlen, &x[(iterations - i - 1) * hashlen])); - } - /* Step 16/28 prime_seed = prime_seed + iterations + 1 */ -- CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS, -- prime_seed)); -+ CHECK_SEC_OK(addToSeed(prime_seed, iterations, seedlen, prime_seed)); - /* Step 17/29 a = 2 + (a mod (c-3)). */ - CHECK_MPI_OK(mp_read_unsigned_octets(&a, x, iterations * hashlen)); - CHECK_MPI_OK(mp_sub_d(&c, (mp_digit)3, &z)); /* z = c -3 */ - CHECK_MPI_OK(mp_mod(&a, &z, &a)); /* a = a mod c -3 */ - CHECK_MPI_OK(mp_add_d(&a, (mp_digit)2, &a)); /* a = 2 + a mod c -3 */ - /* - ** Step 18 z = a**(2tq) mod p. - ** Step 30 z = a**(2t) mod c. -@@ -737,16 +734,17 @@ makePrimefromSeedShaweTaylor( - { - mp_int c; - mp_int c0; - mp_int one; - SECStatus rv = SECFailure; - int hashlen = HASH_ResultLen(hashtype); - int outlen = hashlen * PR_BITS_PER_BYTE; - int offset; -+ int seedlen = input_seed->len * 8; /*seedlen is in bits */ - unsigned char bit, mask; - unsigned char x[HASH_LENGTH_MAX * 2]; - mp_digit dummy; - mp_err err = MP_OKAY; - int i; - - MP_DIGITS(&c) = 0; - MP_DIGITS(&c0) = 0; -@@ -770,30 +768,29 @@ makePrimefromSeedShaweTaylor( - */ - rv = makePrimefromSeedShaweTaylor(hashtype, (length + 1) / 2 + 1, - input_seed, &c0, prime_seed, prime_gen_counter); - /* Step 15 if FAILURE is returned, return (FAILURE, 0, 0, 0). */ - if (rv != SECSuccess) { - goto cleanup; - } - /* Steps 16-34 */ -- rv = makePrimefromPrimesShaweTaylor(hashtype, length, &c0, &one, -+ rv = makePrimefromPrimesShaweTaylor(hashtype, length, seedlen, &c0, &one, - prime, prime_seed, prime_gen_counter); - goto cleanup; /* we're done, one way or the other */ - } - /* Step 3 prime_seed = input_seed */ - CHECK_SEC_OK(SECITEM_CopyItem(NULL, prime_seed, input_seed)); - /* Step 4 prime_gen_count = 0 */ - *prime_gen_counter = 0; - - step_5: - /* Step 5 c = Hash(prime_seed) xor Hash(prime_seed+1). */ - CHECK_SEC_OK(HASH_HashBuf(hashtype, x, prime_seed->data, prime_seed->len)); -- CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, 1, -- MAX_ST_SEED_BITS, &x[hashlen])); -+ CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, 1, seedlen, &x[hashlen])); - for (i = 0; i < hashlen; i++) { - x[i] = x[i] ^ x[i + hashlen]; - } - /* Step 6 c = 2**length-1 + c mod 2**length-1 */ - /* This step mathematically sets the high bit and clears out - ** all the other bits higher than length. Right now c is stored - ** in the x array, MSB first. The above formula gives us a c which - ** is length bytes long and has the high bit set. We also know that -@@ -812,17 +809,17 @@ step_5: - /* Step 7 c = c*floor(c/2) + 1 */ - /* set the low bit. much easier to find (the end of the array) */ - x[hashlen - 1] |= 1; - /* now that we've set our bits, we can create our candidate "c" */ - CHECK_MPI_OK(mp_read_unsigned_octets(&c, &x[offset], hashlen - offset)); - /* Step 8 prime_gen_counter = prime_gen_counter + 1 */ - (*prime_gen_counter)++; - /* Step 9 prime_seed = prime_seed + 2 */ -- CHECK_SEC_OK(addToSeed(prime_seed, 2, MAX_ST_SEED_BITS, prime_seed)); -+ CHECK_SEC_OK(addToSeed(prime_seed, 2, seedlen, prime_seed)); - /* Step 10 Perform deterministic primality test on c. For example, since - ** c is small, it's primality can be tested by trial division, See - ** See Appendic C.7. - ** - ** We in fact test with trial division. mpi has a built int trial divider - ** that divides all divisors up to 2^16. - */ - if (prime_tab[prime_tab_size - 1] < 0xFFF1) { -@@ -885,17 +882,18 @@ findQfromSeed( - unsigned int L, /* input. Length of p in bits. */ - unsigned int N, /* input. Length of q in bits. */ - unsigned int g, /* input. Length of seed in bits. */ - const SECItem *seed, /* input. */ - mp_int *Q, /* input. */ - mp_int *Q_, /* output. */ - unsigned int *qseed_len, /* output */ - HASH_HashType *hashtypePtr, /* output. Hash uses */ -- pqgGenType *typePtr) /* output. Generation Type used */ -+ pqgGenType *typePtr, /* output. Generation Type used */ -+ unsigned int *qgen_counter) /* output. q_counter */ - { - HASH_HashType hashtype; - SECItem firstseed = { 0, 0, 0 }; - SECItem qseed = { 0, 0, 0 }; - SECStatus rv; - - *qseed_len = 0; /* only set if FIPS186_3_ST_TYPE */ - -@@ -959,16 +957,17 @@ findQfromSeed( - * accident, someone has been tweeking with the seeds, just - * fail a this point. */ - SECITEM_FreeItem(&qseed, PR_FALSE); - return SECFailure; - } - *qseed_len = qseed.len; - *hashtypePtr = hashtype; - *typePtr = FIPS186_3_ST_TYPE; -+ *qgen_counter = count; - SECITEM_FreeItem(&qseed, PR_FALSE); - return SECSuccess; - } - SECITEM_FreeItem(&qseed, PR_FALSE); - } - /* no hash algorithms found which match seed to Q, fail */ - return SECFailure; - } -@@ -1383,29 +1382,33 @@ step_5: - CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q, - &qseed, &qgen_counter)); - /* Step 3. Use floor(L/2+1) and qseed to generate random prime p0 - * using Appendix C.6 */ - pgen_counter = 0; - CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, (L + 1) / 2 + 1, - &qseed, &p0, &pseed, &pgen_counter)); - /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */ -- CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L, -+ CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L, seedBytes * 8, - &p0, &Q, &P, &pseed, &pgen_counter)); - - /* combine all the seeds */ -- seed->len = firstseed.len + qseed.len + pseed.len; -+ if ((qseed.len > firstseed.len) || (pseed.len > firstseed.len)) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); /* shouldn't happen */ -+ goto cleanup; -+ } -+ seed->len = firstseed.len * 3; /*handle leading zeros in pseed and qseed*/ - seed->data = PORT_ArenaZAlloc(verify->arena, seed->len); - if (seed->data == NULL) { - goto cleanup; - } - PORT_Memcpy(seed->data, firstseed.data, firstseed.len); -- PORT_Memcpy(seed->data + firstseed.len, pseed.data, pseed.len); -- PORT_Memcpy(seed->data + firstseed.len + pseed.len, qseed.data, qseed.len); -- counter = 0; /* (qgen_counter << 16) | pgen_counter; */ -+ PORT_Memcpy(seed->data + 2 * firstseed.len - pseed.len, pseed.data, pseed.len); -+ PORT_Memcpy(seed->data + 3 * firstseed.len - qseed.len, qseed.data, qseed.len); -+ counter = (qgen_counter << 16) | pgen_counter; - - /* we've generated both P and Q now, skip to generating G */ - goto generate_G; - } - /* ****************************************************************** - ** Step 8. (Step 4 in 186-1) - ** "Use a robust primality testing algorithm to test whether q is prime." - ** -@@ -1615,16 +1618,17 @@ PQG_VerifyParams(const PQGParams *params - { - SECStatus rv = SECSuccess; - unsigned int g, n, L, N, offset, outlen; - mp_int p0, P, Q, G, P_, Q_, G_, r, h; - mp_err err = MP_OKAY; - int j; - unsigned int counter_max = 0; /* handle legacy L < 1024 */ - unsigned int qseed_len; -+ unsigned int qgen_counter_ = 0; - SECItem pseed_ = { 0, 0, 0 }; - HASH_HashType hashtype; - pqgGenType type; - - #define CHECKPARAM(cond) \ - if (!(cond)) { \ - *result = SECFailure; \ - goto cleanup; \ -@@ -1694,77 +1698,104 @@ PQG_VerifyParams(const PQGParams *params - CHECKPARAM(mp_cmp_d(&r, 1) == 0); - /* 5. Q is prime */ - CHECKPARAM(mpp_pprime(&Q, prime_testcount_q(L, N)) == MP_YES); - /* 6. P is prime */ - CHECKPARAM(mpp_pprime(&P, prime_testcount_p(L, N)) == MP_YES); - /* Steps 7-12 are done only if the optional PQGVerify is supplied. */ - /* continue processing P */ - /* 7. counter < 4*L */ -- CHECKPARAM((vfy->counter == -1) || (vfy->counter < counter_max)); - /* 8. g >= N and g < 2*L (g is length of seed in bits) */ -- g = vfy->seed.len * 8; -- CHECKPARAM(g >= N && g < counter_max / 2); -+ /* step 7 and 8 are delayed until we determine which type of generation -+ * was used */ - /* 9. Q generated from SEED matches Q in PQGParams. */ - /* This function checks all possible hash and generation types to - * find a Q_ which matches Q. */ -+ g = vfy->seed.len * 8; - CHECKPARAM(findQfromSeed(L, N, g, &vfy->seed, &Q, &Q_, &qseed_len, -- &hashtype, &type) == SECSuccess); -+ &hashtype, &type, &qgen_counter_) == SECSuccess); - CHECKPARAM(mp_cmp(&Q, &Q_) == 0); -+ /* now we can do steps 7 & 8*/ -+ if ((type == FIPS186_1_TYPE) || (type == FIPS186_3_TYPE)) { -+ CHECKPARAM((vfy->counter == -1) || (vfy->counter < counter_max)); -+ CHECKPARAM(g >= N && g < counter_max / 2); -+ } - if (type == FIPS186_3_ST_TYPE) { - SECItem qseed = { 0, 0, 0 }; - SECItem pseed = { 0, 0, 0 }; - unsigned int first_seed_len; -- unsigned int pgen_counter = 0; -+ unsigned int pgen_counter_ = 0; -+ unsigned int qgen_counter = (vfy->counter >> 16) & 0xffff; -+ unsigned int pgen_counter = (vfy->counter) & 0xffff; - - /* extract pseed and qseed from domain_parameter_seed, which is - * first_seed || pseed || qseed. qseed is first_seed + small_integer -- * pseed is qseed + small_integer. This means most of the time -+ * mod the length of first_seed. pseed is qseed + small_integer mod -+ * the length of first_seed. This means most of the time - * first_seed.len == qseed.len == pseed.len. Rarely qseed.len and/or -- * pseed.len will be one greater than first_seed.len, so we can -- * depend on the fact that -- * first_seed.len = floor(domain_parameter_seed.len/3). -- * findQfromSeed returned qseed.len, so we can calculate pseed.len as -- * pseed.len = domain_parameter_seed.len - first_seed.len - qseed.len -- * this is probably over kill, since 99.999% of the time they will all -- * be equal. -- * -- * With the lengths, we can now find the offsets; -+ * pseed.len will be smaller because mpi clamps them. pqgGen -+ * automatically adds the zero pad back though, so we can depend -+ * domain_parameter_seed.len to be a multiple of three. We only have -+ * to deal with the fact that the returned seeds from our functions -+ * could be shorter. -+ * first_seed.len = domain_parameter_seed.len/3 -+ * We can now find the offsets; - * first_seed.data = domain_parameter_seed.data + 0 - * pseed.data = domain_parameter_seed.data + first_seed.len - * qseed.data = domain_parameter_seed.data - * + domain_paramter_seed.len - qseed.len -- * -+ * We deal with pseed possibly having zero pad in the pseed check later. - */ - first_seed_len = vfy->seed.len / 3; - CHECKPARAM(qseed_len < vfy->seed.len); - CHECKPARAM(first_seed_len * 8 > N - 1); -- CHECKPARAM(first_seed_len + qseed_len < vfy->seed.len); -+ CHECKPARAM(first_seed_len * 8 < counter_max / 2); -+ CHECKPARAM(first_seed_len >= qseed_len); - qseed.len = qseed_len; - qseed.data = vfy->seed.data + vfy->seed.len - qseed.len; -- pseed.len = vfy->seed.len - (first_seed_len + qseed_len); -+ pseed.len = first_seed_len; - pseed.data = vfy->seed.data + first_seed_len; - - /* - * now complete FIPS 186-3 A.1.2.1.2. Step 1 was completed - * above in our initial checks, Step 2 was completed by - * findQfromSeed */ - - /* Step 3 (status, c0, prime_seed, prime_gen_counter) = - ** (ST_Random_Prime((ceil(length/2)+1, input_seed) - */ - CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, (L + 1) / 2 + 1, -- &qseed, &p0, &pseed_, &pgen_counter)); -+ &qseed, &p0, &pseed_, &pgen_counter_)); - /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */ -- CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L, -- &p0, &Q_, &P_, &pseed_, &pgen_counter)); -+ CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L, first_seed_len * 8, -+ &p0, &Q_, &P_, &pseed_, &pgen_counter_)); - CHECKPARAM(mp_cmp(&P, &P_) == 0); - /* make sure pseed wasn't tampered with (since it is part of - * calculating G) */ -+ if (pseed.len > pseed_.len) { -+ /* handle the case of zero pad for pseed */ -+ int extra = pseed.len - pseed_.len; -+ int i; -+ for (i = 0; i < extra; i++) { -+ if (pseed.data[i] != 0) { -+ *result = SECFailure; -+ goto cleanup; -+ } -+ } -+ pseed.data += extra; -+ pseed.len -= extra; -+ /* the rest is handled in the normal compare below */ -+ } - CHECKPARAM(SECITEM_CompareItem(&pseed, &pseed_) == SECEqual); -+ if (vfy->counter != -1) { -+ CHECKPARAM(pgen_counter < counter_max); -+ CHECKPARAM(qgen_counter < counter_max); -+ CHECKPARAM((pgen_counter_ == pgen_counter)); -+ CHECKPARAM((qgen_counter_ == qgen_counter)); -+ } - } else if (vfy->counter == -1) { - /* If counter is set to -1, we are really only verifying G, skip - * the remainder of the checks for P */ - CHECKPARAM(type != FIPS186_1_TYPE); /* we only do this for DSA2 */ - } else { - /* 10. P generated from (L, counter, g, SEED, Q) matches P - * in PQGParams. */ - outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE; -diff --git a/lib/freebl/rijndael.c b/lib/freebl/rijndael.c ---- a/lib/freebl/rijndael.c -+++ b/lib/freebl/rijndael.c -@@ -1027,23 +1027,25 @@ AES_CreateContext(const unsigned char *k - * AES_DestroyContext - * - * Zero an AES cipher context. If freeit is true, also free the pointer - * to the context. - */ - void - AES_DestroyContext(AESContext *cx, PRBool freeit) - { -+ void *mem = cx->mem; - if (cx->worker_cx && cx->destroy) { - (*cx->destroy)(cx->worker_cx, PR_TRUE); - cx->worker_cx = NULL; - cx->destroy = NULL; - } -+ PORT_Memset(cx, 0, sizeof(AESContext)); - if (freeit) { -- PORT_Free(cx->mem); -+ PORT_Free(mem); - } - } - - /* - * AES_Encrypt - * - * Encrypt an arbitrary-length buffer. The output buffer must already be - * allocated to at least inputLen. -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -4708,16 +4708,24 @@ sftk_PairwiseConsistencyCheck(CK_SESSION - pairwise_digest_length, - signature, - &signature_length); - if (crv != CKR_OK) { - PORT_Free(signature); - return crv; - } - -+ /* detect trivial signing transforms */ -+ if (signature_length >= pairwise_digest_length) { -+ if (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0) { -+ PORT_Free(signature); -+ return CKR_DEVICE_ERROR; -+ } -+ } -+ - /* Verify the known hash using the public key. */ - crv = NSC_VerifyInit(hSession, &mech, publicKey->handle); - if (crv != CKR_OK) { - PORT_Free(signature); - return crv; - } - - crv = NSC_Verify(hSession, -@@ -7543,40 +7551,55 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - SHA512_HashBuf(key_block, (const unsigned char *)att->attrib.pValue, - att->attrib.ulValueLen); - - crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize); - break; - - case CKM_DH_PKCS_DERIVE: { - SECItem derived, dhPublic; -- SECItem dhPrime, dhValue; -+ SECItem dhPrime, dhSubPrime, dhValue; - /* sourceKey - values for the local existing low key */ - /* get prime and value attributes */ - crv = sftk_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME); -- if (crv != SECSuccess) -+ if (crv != CKR_OK) - break; - crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); -- if (crv != SECSuccess) { -+ if (crv != CKR_OK) { - PORT_Free(dhPrime.data); - break; - } - - dhPublic.data = pMechanism->pParameter; - dhPublic.len = pMechanism->ulParameterLen; - -+ /* if the caller bothered to provide Q, use Q to validate. -+ * the public key */ -+ crv = sftk_Attribute2SecItem(NULL, &dhSubPrime, sourceKey, CKA_SUBPRIME); -+ if (crv == CKR_OK) { -+ rv = KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime); -+ PORT_Free(dhSubPrime.data); -+ if (rv != SECSuccess) { -+ crv = CKR_ARGUMENTS_BAD; -+ PORT_Free(dhPrime.data); -+ PORT_Free(dhValue.data); -+ break; -+ } -+ } -+ - /* calculate private value - oct */ - rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize); - - PORT_Free(dhPrime.data); - PORT_Free(dhValue.data); - - if (rv == SECSuccess) { - sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); - PORT_ZFree(derived.data, derived.len); -+ crv = CKR_OK; - } else - crv = CKR_HOST_MEMORY; - - break; - } - - case CKM_ECDH1_DERIVE: - case CKM_ECDH1_COFACTOR_DERIVE: { diff --git a/SOURCES/nss-softokn-fix-public-key-from-priv.patch b/SOURCES/nss-softokn-fix-public-key-from-priv.patch deleted file mode 100644 index a5e43e3..0000000 --- a/SOURCES/nss-softokn-fix-public-key-from-priv.patch +++ /dev/null @@ -1,241 +0,0 @@ -diff -up ./nss/lib/softoken/lowkey.c.pub-priv-mech ./nss/lib/softoken/lowkey.c ---- ./nss/lib/softoken/lowkey.c.pub-priv-mech 2019-05-10 14:14:18.000000000 -0700 -+++ ./nss/lib/softoken/lowkey.c 2019-06-05 10:40:34.302002920 -0700 -@@ -261,6 +261,7 @@ NSSLOWKEYPublicKey * - nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) - { - NSSLOWKEYPublicKey *pubk; -+ SECItem publicValue; - PLArenaPool *arena; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -@@ -301,6 +302,19 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPr - - pubk->arena = arena; - pubk->keyType = privk->keyType; -+ /* if the public key value doesn't exist, calculate it */ -+ if (privk->u.dsa.publicValue.len == 0) { -+ rv = DH_Derive(&privk->u.dsa.params.base, &privk->u.dsa.params.prime, -+ &privk->u.dsa.privateValue, &publicValue, 0); -+ if (rv != SECSuccess) { -+ break; -+ } -+ rv = SECITEM_CopyItem(privk->arena, &privk->u.dsa.publicValue, &publicValue); -+ SECITEM_FreeItem(&publicValue, PR_FALSE); -+ if (rv != SECSuccess) { -+ break; -+ } -+ } - rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue, - &privk->u.dsa.publicValue); - if (rv != SECSuccess) -@@ -327,6 +341,19 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPr - - pubk->arena = arena; - pubk->keyType = privk->keyType; -+ /* if the public key value doesn't exist, calculate it */ -+ if (privk->u.dh.publicValue.len == 0) { -+ rv = DH_Derive(&privk->u.dh.base, &privk->u.dh.prime, -+ &privk->u.dh.privateValue, &publicValue, 0); -+ if (rv != SECSuccess) { -+ break; -+ } -+ rv = SECITEM_CopyItem(privk->arena, &privk->u.dh.publicValue, &publicValue); -+ SECITEM_FreeItem(&publicValue, PR_FALSE); -+ if (rv != SECSuccess) { -+ break; -+ } -+ } - rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue, - &privk->u.dh.publicValue); - if (rv != SECSuccess) -diff -up ./nss/lib/softoken/pkcs11c.c.pub-priv-mech ./nss/lib/softoken/pkcs11c.c ---- ./nss/lib/softoken/pkcs11c.c.pub-priv-mech 2019-06-05 10:40:34.298002922 -0700 -+++ ./nss/lib/softoken/pkcs11c.c 2019-06-05 10:43:38.610909153 -0700 -@@ -6569,6 +6569,10 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - extractValue = PR_FALSE; - classType = CKO_PRIVATE_KEY; - break; -+ case CKM_NSS_PUB_FROM_PRIV: -+ extractValue = PR_FALSE; -+ classType = CKO_PUBLIC_KEY; -+ break; - case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ - case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ - case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ -@@ -6610,6 +6614,35 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - } - - switch (mechanism) { -+ /* get a public key from a private key. nsslowkey_ConvertToPublickey() -+ * will generate the public portion if it doesn't already exist. */ -+ case CKM_NSS_PUB_FROM_PRIV: { -+ NSSLOWKEYPrivateKey *privKey; -+ NSSLOWKEYPublicKey *pubKey; -+ int error; -+ -+ crv = sftk_GetULongAttribute(sourceKey, CKA_KEY_TYPE, &keyType); -+ if (crv != CKR_OK) { -+ break; -+ } -+ -+ /* privKey is stored in sourceKey and will be destroyed when -+ * the sourceKey is freed. */ -+ privKey = sftk_GetPrivKey(sourceKey, keyType, &crv); -+ if (privKey == NULL) { -+ break; -+ } -+ pubKey = nsslowkey_ConvertToPublicKey(privKey); -+ if (pubKey == NULL) { -+ error = PORT_GetError(); -+ crv = sftk_MapCryptError(error); -+ break; -+ } -+ crv = sftk_PutPubKey(key, sourceKey, keyType, pubKey); -+ nsslowkey_DestroyPublicKey(pubKey); -+ break; -+ } -+ - case CKM_NSS_IKE_PRF_DERIVE: - if (pMechanism->ulParameterLen != - sizeof(CK_NSS_IKE_PRF_DERIVE_PARAMS)) { -diff -up ./nss/lib/softoken/pkcs11.c.pub-priv-mech ./nss/lib/softoken/pkcs11.c ---- ./nss/lib/softoken/pkcs11.c.pub-priv-mech 2019-06-05 10:40:34.284002929 -0700 -+++ ./nss/lib/softoken/pkcs11.c 2019-06-05 10:40:34.303002919 -0700 -@@ -2208,6 +2208,123 @@ sftk_GetPrivKey(SFTKObject *object, CK_K - return priv; - } - -+/* populate a public key object from a lowpublic keys structure */ -+CK_RV -+sftk_PutPubKey(SFTKObject *publicKey, SFTKObject *privateKey, CK_KEY_TYPE keyType, NSSLOWKEYPublicKey *pubKey) -+{ -+ CK_OBJECT_CLASS classType = CKO_PUBLIC_KEY; -+ CK_BBOOL cktrue = CK_TRUE; -+ CK_RV crv = CKR_OK; -+ sftk_DeleteAttributeType(publicKey, CKA_CLASS); -+ sftk_DeleteAttributeType(publicKey, CKA_KEY_TYPE); -+ sftk_DeleteAttributeType(publicKey, CKA_VALUE); -+ -+ switch (keyType) { -+ case CKK_RSA: -+ sftk_DeleteAttributeType(publicKey, CKA_MODULUS); -+ sftk_DeleteAttributeType(publicKey, CKA_PUBLIC_EXPONENT); -+ /* format the keys */ -+ /* fill in the RSA dependent paramenters in the public key */ -+ crv = sftk_AddAttributeType(publicKey, CKA_MODULUS, -+ sftk_item_expand(&pubKey->u.rsa.modulus)); -+ if (crv != CKR_OK) -+ break; -+ crv = sftk_AddAttributeType(publicKey, CKA_PUBLIC_EXPONENT, -+ sftk_item_expand(&pubKey->u.rsa.publicExponent)); -+ break; -+ case CKK_DSA: -+ sftk_DeleteAttributeType(publicKey, CKA_PRIME); -+ sftk_DeleteAttributeType(publicKey, CKA_SUBPRIME); -+ sftk_DeleteAttributeType(publicKey, CKA_BASE); -+ crv = sftk_AddAttributeType(publicKey, CKA_PRIME, -+ sftk_item_expand(&pubKey->u.dsa.params.prime)); -+ if (crv != CKR_OK) { -+ break; -+ } -+ crv = sftk_AddAttributeType(publicKey, CKA_SUBPRIME, -+ sftk_item_expand(&pubKey->u.dsa.params.subPrime)); -+ if (crv != CKR_OK) { -+ break; -+ } -+ crv = sftk_AddAttributeType(publicKey, CKA_BASE, -+ sftk_item_expand(&pubKey->u.dsa.params.base)); -+ if (crv != CKR_OK) { -+ break; -+ } -+ crv = sftk_AddAttributeType(publicKey, CKA_VALUE, -+ sftk_item_expand(&pubKey->u.dsa.publicValue)); -+ break; -+ -+ case CKK_DH: -+ sftk_DeleteAttributeType(publicKey, CKA_PRIME); -+ sftk_DeleteAttributeType(publicKey, CKA_BASE); -+ crv = sftk_AddAttributeType(publicKey, CKA_PRIME, -+ sftk_item_expand(&pubKey->u.dh.prime)); -+ if (crv != CKR_OK) { -+ break; -+ } -+ crv = sftk_AddAttributeType(publicKey, CKA_BASE, -+ sftk_item_expand(&pubKey->u.dh.base)); -+ if (crv != CKR_OK) { -+ break; -+ } -+ crv = sftk_AddAttributeType(publicKey, CKA_VALUE, -+ sftk_item_expand(&pubKey->u.dh.publicValue)); -+ break; -+ -+ case CKK_EC: -+ sftk_DeleteAttributeType(publicKey, CKA_EC_PARAMS); -+ sftk_DeleteAttributeType(publicKey, CKA_EC_POINT); -+ -+ crv = sftk_AddAttributeType(publicKey, CKA_EC_PARAMS, -+ sftk_item_expand(&pubKey->u.ec.ecParams.DEREncoding)); -+ if (crv != CKR_OK) { -+ break; -+ } -+ -+ crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, -+ sftk_item_expand(&pubKey->u.ec.publicValue)); -+ break; -+ -+ default: -+ return CKR_KEY_TYPE_INCONSISTENT; -+ } -+ crv = sftk_AddAttributeType(publicKey, CKA_CLASS, &classType, -+ sizeof(CK_OBJECT_CLASS)); -+ if (crv != CKR_OK) -+ return crv; -+ crv = sftk_AddAttributeType(publicKey, CKA_KEY_TYPE, &keyType, -+ sizeof(CK_KEY_TYPE)); -+ if (crv != CKR_OK) -+ return crv; -+ /* now handle the operator attributes */ -+ if (sftk_isTrue(privateKey, CKA_DECRYPT)) { -+ crv = sftk_forceAttribute(publicKey, CKA_ENCRYPT, &cktrue, sizeof(CK_BBOOL)); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ } -+ if (sftk_isTrue(privateKey, CKA_SIGN)) { -+ crv = sftk_forceAttribute(publicKey, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ } -+ if (sftk_isTrue(privateKey, CKA_SIGN_RECOVER)) { -+ crv = sftk_forceAttribute(publicKey, CKA_VERIFY_RECOVER, &cktrue, sizeof(CK_BBOOL)); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ } -+ if (sftk_isTrue(privateKey, CKA_DERIVE)) { -+ crv = sftk_forceAttribute(publicKey, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ } -+ return crv; -+} -+ - /* - **************************** Symetric Key utils ************************ - */ -diff -up ./nss/lib/softoken/pkcs11i.h.pub-priv-mech ./nss/lib/softoken/pkcs11i.h ---- ./nss/lib/softoken/pkcs11i.h.pub-priv-mech 2019-06-05 10:40:34.306002918 -0700 -+++ ./nss/lib/softoken/pkcs11i.h 2019-06-05 10:45:24.205855432 -0700 -@@ -695,6 +695,9 @@ extern NSSLOWKEYPublicKey *sftk_GetPubKe - CK_KEY_TYPE key_type, CK_RV *crvp); - extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object, - CK_KEY_TYPE key_type, CK_RV *crvp); -+extern CK_RV sftk_PutPubKey(SFTKObject *publicKey, SFTKObject *privKey, -+ CK_KEY_TYPE keyType, -+ NSSLOWKEYPublicKey *pubKey); - extern void sftk_FormatDESKey(unsigned char *key, int length); - extern PRBool sftk_CheckDESKey(unsigned char *key); - extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type); diff --git a/SOURCES/nss-softokn-glibc-skip-rng-self-tests.patch b/SOURCES/nss-softokn-glibc-skip-rng-self-tests.patch new file mode 100644 index 0000000..ff472ac --- /dev/null +++ b/SOURCES/nss-softokn-glibc-skip-rng-self-tests.patch @@ -0,0 +1,46 @@ +# HG changeset patch +# User Daiki Ueno +# Date 1599144357 -7200 +# Thu Sep 03 16:45:57 2020 +0200 +# Node ID e9841b583576dc54ad0de36abc84b764a5b80f0f +# Parent 9213848965f624055e3f2147f584e2433c355432 +Bug 1662738, run RNG self-tests only if NSPR is linked, r?rrelyea + +Summary: After the continuous DRBG test was added, RNG self-tests have no longer worked standalone. This moves the self-tests to the DO_REST block so it only runs when the program is also linked to NSPR. + +Reviewers: rrelyea + +Tags: #secure-revision + +Bug #: 1662738 + +Differential Revision: https://phabricator.services.mozilla.com/D89250 + +diff -r 9213848965f6 -r e9841b583576 lib/freebl/fipsfreebl.c +--- a/lib/freebl/fipsfreebl.c Wed Sep 02 10:45:48 2020 -0700 ++++ b/lib/freebl/fipsfreebl.c Thu Sep 03 16:45:57 2020 +0200 +@@ -2023,18 +2023,18 @@ + + if (rv != SECSuccess) + return rv; ++ } ++ ++ /* ++ * test the rest of the algorithms not accessed through freebl ++ * standalone */ ++ if (tests & DO_REST) { + + /* RNG Power-Up SelfTest(s). */ + rv = freebl_fips_RNG_PowerUpSelfTest(); + + if (rv != SECSuccess) + return rv; +- } +- +- /* +- * test the rest of the algorithms not accessed through freebl +- * standalone */ +- if (tests & DO_REST) { + + /* DES3 Power-Up SelfTest(s). */ + rv = freebl_fips_DES3_PowerUpSelfTest(); diff --git a/SOURCES/nss-softokn-ike-patch.patch b/SOURCES/nss-softokn-ike-patch.patch deleted file mode 100644 index 784a2b0..0000000 --- a/SOURCES/nss-softokn-ike-patch.patch +++ /dev/null @@ -1,4581 +0,0 @@ -diff --git a/cmd/fipstest/README b/cmd/fipstest/README -new file mode 100644 ---- /dev/null -+++ b/cmd/fipstest/README -@@ -0,0 +1,1 @@ -+The scripts have been moved to tests/fips/cavs_scripts -diff --git a/cmd/fipstest/aes.sh b/cmd/fipstest/aes.sh -deleted file mode 100644 ---- a/cmd/fipstest/aes.sh -+++ /dev/null -@@ -1,112 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# --# A Bourne shell script for running the NIST AES Algorithm Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. -- --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/AES --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --cbc_kat_requests=" --CBCGFSbox128.req --CBCGFSbox192.req --CBCGFSbox256.req --CBCKeySbox128.req --CBCKeySbox192.req --CBCKeySbox256.req --CBCVarKey128.req --CBCVarKey192.req --CBCVarKey256.req --CBCVarTxt128.req --CBCVarTxt192.req --CBCVarTxt256.req --" -- --cbc_mct_requests=" --CBCMCT128.req --CBCMCT192.req --CBCMCT256.req --" -- --cbc_mmt_requests=" --CBCMMT128.req --CBCMMT192.req --CBCMMT256.req --" -- --ecb_kat_requests=" --ECBGFSbox128.req --ECBGFSbox192.req --ECBGFSbox256.req --ECBKeySbox128.req --ECBKeySbox192.req --ECBKeySbox256.req --ECBVarKey128.req --ECBVarKey192.req --ECBVarKey256.req --ECBVarTxt128.req --ECBVarTxt192.req --ECBVarTxt256.req --" -- --ecb_mct_requests=" --ECBMCT128.req --ECBMCT192.req --ECBMCT256.req --" -- --ecb_mmt_requests=" --ECBMMT128.req --ECBMMT192.req --ECBMMT256.req --" -- --if [ ${COMMAND} = "verify" ]; then -- for request in $cbc_kat_requests $cbc_mct_requests $cbc_mmt_requests $ecb_kat_requests $ecb_mct_requests $ecb_mmt_requests; do -- sh ./validate1.sh ${TESTDIR} $request -- done -- exit 0 --fi -- --for request in $cbc_kat_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes kat cbc ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $cbc_mct_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes mct cbc ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $cbc_mmt_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $ecb_kat_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes kat ecb ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $ecb_mct_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes mct ecb ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $ecb_mmt_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response --done -diff --git a/cmd/fipstest/aesgcm.sh b/cmd/fipstest/aesgcm.sh -deleted file mode 100644 ---- a/cmd/fipstest/aesgcm.sh -+++ /dev/null -@@ -1,67 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST AES Algorithm Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. -- --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/AES_GCM --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --gcm_decrypt_requests=" --gcmDecrypt128.req --gcmDecrypt192.req --gcmDecrypt256.req --" -- --gcm_encrypt_extiv_requests=" --gcmEncryptExtIV128.req --gcmEncryptExtIV192.req --gcmEncryptExtIV256.req --" --gcm_encrypt_intiv_requests=" --" -- --#gcm_encrypt_intiv_requests=" --#gcmEncryptIntIV128.req --#gcmEncryptIntIV192.req --#gcmEncryptIntIV256.req --#" -- --if [ ${COMMAND} = "verify" ]; then -- for request in $gcm_decrypt_requests $gcm_encrypt_extiv_requests; do -- sh ./validate1.sh ${TESTDIR} $request ' ' '-e /Reason:/d' -- done -- for request in $gcm_encrypt_intiv_requests; do -- name=`basename $request .req` -- echo ">>>>> $name" -- fipstest aes gcm decrypt ${RSPDIR}/$name.rsp | grep FAIL -- done -- exit 0 --fi -- --for request in $gcm_decrypt_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes gcm decrypt ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $gcm_encrypt_intiv_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes gcm encrypt_intiv ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $gcm_encrypt_extiv_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest aes gcm encrypt_extiv ${REQDIR}/$request > ${RSPDIR}/$response --done -diff --git a/cmd/fipstest/dsa.sh b/cmd/fipstest/dsa.sh -deleted file mode 100755 ---- a/cmd/fipstest/dsa.sh -+++ /dev/null -@@ -1,71 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST DSA Validation System --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/DSA2 --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- -- --# --# several of the DSA tests do use known answer tests to verify the result. --# in those cases, feed generated tests back into the fipstest tool and --# see if we can verify those value. NOTE: th PQGVer and SigVer tests verify --# the dsa pqgver and dsa sigver functions, so we know they can detect errors --# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular. --# --if [ ${COMMAND} = "verify" ]; then --# verify generated keys -- name=KeyPair -- echo ">>>>> $name" -- fipstest dsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify generated pqg values -- name=PQGGen -- echo ">>>>> $name" -- fipstest dsa pqgver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify PQGVer with known answer --# sh ./validate1.sh ${TESTDIR} PQGVer.req ' ' '-e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' --# verify signatures -- name=SigGen -- echo ">>>>> $name" -- fipstest dsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify SigVer with known answer -- sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);;' -- exit 0 --fi -- --request=KeyPair.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dsa keypair ${REQDIR}/$request > ${RSPDIR}/$response -- --request=PQGGen.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dsa pqggen ${REQDIR}/$request > ${RSPDIR}/$response -- --request=PQGVer1863.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dsa pqgver ${REQDIR}/$request > ${RSPDIR}/$response -- --request=SigGen.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dsa siggen ${REQDIR}/$request > ${RSPDIR}/$response -- --request=SigVer.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -diff --git a/cmd/fipstest/ecdsa.sh b/cmd/fipstest/ecdsa.sh -deleted file mode 100644 ---- a/cmd/fipstest/ecdsa.sh -+++ /dev/null -@@ -1,60 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST ECDSA Validation System --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/ECDSA2 --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --# --# several of the ECDSA tests do not use known answer tests to verify the result. --# In those cases, feed generated tests back into the fipstest tool and --# see if we can verify those value. NOTE: PQGVer and SigVer tests verify --# the dsa pqgver and dsa sigver functions, so we know they can detect errors --# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular. --# --if [ ${COMMAND} = "verify" ]; then --# verify generated keys -- name=KeyPair -- echo ">>>>> $name" -- fipstest ecdsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F -- sh ./validate1.sh ${TESTDIR} PKV.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' --# verify signatures -- name=SigGen -- echo ">>>>> $name" -- fipstest ecdsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify SigVer with known answer -- sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' -- exit 0 --fi -- --request=KeyPair.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdsa keypair ${REQDIR}/$request > ${RSPDIR}/$response -- --request=PKV.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdsa pkv ${REQDIR}/$request > ${RSPDIR}/$response -- --request=SigGen.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdsa siggen ${REQDIR}/$request > ${RSPDIR}/$response -- --request=SigVer.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c ---- a/cmd/fipstest/fipstest.c -+++ b/cmd/fipstest/fipstest.c -@@ -29,16 +29,21 @@ - #undef CK_PKCS11_FUNCTION_INFO - #undef CK_NEED_ARG_LIST - #undef __PASTE - #define SSL3_RANDOM_LENGTH 32 - - #if 0 - #include "../../lib/freebl/mpi/mpi.h" - #endif -+#define MATCH_OPENSSL 1 -+/*#define MATCH_NIST 1 */ -+#ifdef MATCH_NIST -+#define VERBOSE_REASON 1 -+#endif - - extern SECStatus - EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); - extern SECStatus - EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); - - #define ENCRYPT 1 -@@ -3164,16 +3169,20 @@ ecdh_functional(char *reqfn, PRBool resp - fprintf(stderr, "generate key had invalid public value len\n"); - goto loser; - } - uit_len = (uit_len - 1) / 2; - if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - fprintf(stderr, "generate key was compressed\n"); - goto loser; - } -+ fputs("deIUT = ", ecdhresp); -+ to_hex_str(buf, ecpriv->privateValue.data, ecpriv->privateValue.len); -+ fputs(buf, ecdhresp); -+ fputc('\n', ecdhresp); - fputs("QeIUTx = ", ecdhresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], uit_len); - fputs(buf, ecdhresp); - fputc('\n', ecdhresp); - fputs("QeIUTy = ", ecdhresp); - to_hex_str(buf, &ecpriv->publicValue.data[1 + uit_len], uit_len); - fputs(buf, ecdhresp); - fputc('\n', ecdhresp); -@@ -3210,17 +3219,16 @@ loser: - } - } - if (pubkey.data != NULL) { - PORT_Free(pubkey.data); - } - fclose(ecdhreq); - } - --#define MATCH_OPENSSL 1 - /* - * Perform the ECDH Validity Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ - void -@@ -3403,42 +3411,47 @@ ecdh_verify(char *reqfn, PRBool response - if (strncmp(buf, "QeIUTx", 6) == 0) { - fputs(buf, ecdhresp); - continue; - } - if (strncmp(buf, "QeIUTy", 6) == 0) { - fputs(buf, ecdhresp); - continue; - } -- if (strncmp(buf, "CAVSHashZZ", 10) == 0) { -+ if ((strncmp(buf, "CAVSHashZZ", 10) == 0) || -+ (strncmp(buf, "HashZZ", 6) == 0)) { - fputs(buf, ecdhresp); -- i = 10; -+ i = (buf[0] == 'C') ? 10 : 6; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - from_hex_str(cavsHashBuf, fips_hashLen(hash), &buf[i]); - if (current_ecparams == NULL) { - fprintf(stderr, "no curve defined for type defined\n"); - goto loser; - } - /* validate CAVS public key */ - if (EC_ValidatePublicKey(current_ecparams, &pubkey) != SECSuccess) { --#ifdef MATCH_OPENSSL -+#ifdef VERBOSE_REASON -+ fprintf(ecdhresp, "Result = F # key didn't validate\n"); -+#else - fprintf(ecdhresp, "Result = F\n"); --#else -- fprintf(ecdhresp, "Result = F # key didn't validate\n"); - #endif - continue; - } - - /* ECDH */ - if (ECDH_Derive(&pubkey, current_ecparams, &private_value, - PR_FALSE, &ZZ) != SECSuccess) { -- fprintf(stderr, "Derive failed\n"); -- goto loser; -+#ifdef VERBOSE_REASON -+ fprintf(ecdhresp, "Result = F # derive failure\n"); -+#else -+ fprintf(ecdhresp, "Result = F\n"); -+#endif -+ continue; - } - /* output ZZ */ - #ifndef MATCH_OPENSSL - fputs("Z = ", ecdhresp); - to_hex_str(buf, ZZ.data, ZZ.len); - fputs(buf, ecdhresp); - fputc('\n', ecdhresp); - #endif -@@ -3450,20 +3463,20 @@ ecdh_verify(char *reqfn, PRBool response - SECITEM_FreeItem(&ZZ, PR_FALSE); - #ifndef MATCH_NIST - fputs("IUTHashZZ = ", ecdhresp); - to_hex_str(buf, hashBuf, fips_hashLen(hash)); - fputs(buf, ecdhresp); - fputc('\n', ecdhresp); - #endif - if (memcmp(hashBuf, cavsHashBuf, fips_hashLen(hash)) != 0) { --#ifdef MATCH_OPENSSL -+#ifdef VERBOSE_REASON -+ fprintf(ecdhresp, "Result = F # hash doesn't match\n"); -+#else - fprintf(ecdhresp, "Result = F\n"); --#else -- fprintf(ecdhresp, "Result = F # hash doesn't match\n"); - #endif - } else { - fprintf(ecdhresp, "Result = P\n"); - } - #ifndef MATCH_OPENSSL - fputc('\n', ecdhresp); - #endif - continue; -@@ -3670,17 +3683,16 @@ dh_functional(char *reqfn, PRBool respon - } - loser: - if (dsapriv != NULL) { - PORT_FreeArena(dsapriv->params.arena, PR_TRUE); - } - fclose(dhreq); - } - --#define MATCH_OPENSSL 1 - /* - * Perform the DH Validity Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ - void -@@ -3841,19 +3853,20 @@ dh_verify(char *reqfn, PRBool response) - continue; - } - /* YephemUIT = ... */ - if (strncmp(buf, "YephemIUT", 9) == 0) { - fputs(buf, dhresp); - continue; - } - /* CAVSHashZZ = ... */ -- if (strncmp(buf, "CAVSHashZZ", 10) == 0) { -+ if ((strncmp(buf, "CAVSHashZZ", 10) == 0) || -+ (strncmp(buf, "HashZZ", 6) == 0)) { - fputs(buf, dhresp); -- i = 10; -+ i = buf[0] == 'C' ? 10 : 6; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - from_hex_str(cavsHashBuf, fips_hashLen(hash), &buf[i]); - /* do the DH operation*/ - if (DH_Derive(&pubkey, &pqg.prime, &privkey, - &ZZ, pqg.prime.len) != SECSuccess) { - fprintf(stderr, "Derive failed\n"); -@@ -3866,17 +3879,17 @@ dh_verify(char *reqfn, PRBool response) - fputs(buf, dhresp); - fputc('\n', dhresp); - #endif - if (fips_hashBuf(hash, hashBuf, ZZ.data, ZZ.len) != SECSuccess) { - fprintf(stderr, "hash of derived key failed\n"); - goto loser; - } - SECITEM_FreeItem(&ZZ, PR_FALSE); --#ifndef MATCH_NIST_ -+#ifndef MATCH_NIST - fputs("IUTHashZZ = ", dhresp); - to_hex_str(buf, hashBuf, fips_hashLen(hash)); - fputs(buf, dhresp); - fputc('\n', dhresp); - #endif - if (memcmp(hashBuf, cavsHashBuf, fips_hashLen(hash)) != 0) { - fprintf(dhresp, "Result = F\n"); - } else { -@@ -6895,16 +6908,1306 @@ loser: - if (master_secret) - free(master_secret); - if (key_block) - free(key_block); - if (tlsreq) - fclose(tlsreq); - } - -+void -+ikev1(char *reqfn) -+{ -+ char buf[4096]; /* holds one line from the input REQUEST file. -+ * needs to be large enough to hold the longest -+ * line "g^xy = <2048 hex digits>\n". -+ */ -+ unsigned char *gxy = NULL; -+ int gxy_len; -+ unsigned char *Ni = NULL; -+ int Ni_len; -+ unsigned char *Nr = NULL; -+ int Nr_len; -+ unsigned char CKYi[8]; -+ int CKYi_len; -+ unsigned char CKYr[8]; -+ int CKYr_len; -+ unsigned int i, j; -+ FILE *ikereq = NULL; /* input stream from the REQUEST file */ -+ FILE *ikeresp; /* output stream to the RESPONSE file */ -+ -+ CK_SLOT_ID slotList[10]; -+ CK_SLOT_ID slotID; -+ CK_ULONG slotListCount = sizeof(slotList) / sizeof(slotList[0]); -+ CK_ULONG count; -+ static const CK_C_INITIALIZE_ARGS pk11args = { -+ NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS, -+ (void *)"flags=readOnly,noCertDB,noModDB", NULL -+ }; -+ static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; -+ static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; -+ static CK_BBOOL ck_true = CK_TRUE; -+ static CK_ULONG keyLen = 1; -+ CK_ATTRIBUTE gxy_template[] = { -+ { CKA_VALUE, NULL, 0 }, /* must be first */ -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ }; -+ CK_ULONG gxy_template_count = -+ sizeof(gxy_template) / sizeof(gxy_template[0]); -+ CK_ATTRIBUTE derive_template[] = { -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, /* must be last */ -+ }; -+ CK_ULONG derive_template_count = -+ sizeof(derive_template) / sizeof(derive_template[0]); -+ CK_ATTRIBUTE skeyid_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE skeyid_d_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE skeyid_a_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE skeyid_e_template = -+ { CKA_VALUE, NULL, 0 }; -+ unsigned char skeyid_secret[HASH_LENGTH_MAX]; -+ unsigned char skeyid_d_secret[HASH_LENGTH_MAX]; -+ unsigned char skeyid_a_secret[HASH_LENGTH_MAX]; -+ unsigned char skeyid_e_secret[HASH_LENGTH_MAX]; -+ -+ CK_MECHANISM ike_mech = { CKM_NSS_IKE_PRF_DERIVE, NULL, 0 }; -+ CK_MECHANISM ike1_mech = { CKM_NSS_IKE1_PRF_DERIVE, NULL, 0 }; -+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf; -+ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf; -+ CK_RV crv; -+ -+ /* set up PKCS #11 parameters */ -+ ike_prf.bDataAsKey = PR_TRUE; -+ ike_prf.bRekey = PR_FALSE; -+ ike_prf.hNewKey = CK_INVALID_HANDLE; -+ CKYi_len = sizeof(CKYi); -+ CKYr_len = sizeof(CKYr); -+ ike1_prf.pCKYi = CKYi; -+ ike1_prf.ulCKYiLen = CKYi_len; -+ ike1_prf.pCKYr = CKYr; -+ ike1_prf.ulCKYrLen = CKYr_len; -+ ike_mech.pParameter = &ike_prf; -+ ike_mech.ulParameterLen = sizeof(ike_prf); -+ ike1_mech.pParameter = &ike1_prf; -+ ike1_mech.ulParameterLen = sizeof(ike1_prf); -+ skeyid_template.pValue = skeyid_secret; -+ skeyid_template.ulValueLen = HASH_LENGTH_MAX; -+ skeyid_d_template.pValue = skeyid_d_secret; -+ skeyid_d_template.ulValueLen = HASH_LENGTH_MAX; -+ skeyid_a_template.pValue = skeyid_a_secret; -+ skeyid_a_template.ulValueLen = HASH_LENGTH_MAX; -+ skeyid_e_template.pValue = skeyid_e_secret; -+ skeyid_e_template.ulValueLen = HASH_LENGTH_MAX; -+ -+ crv = NSC_Initialize((CK_VOID_PTR)&pk11args); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv); -+ goto loser; -+ } -+ count = slotListCount; -+ crv = NSC_GetSlotList(PR_TRUE, slotList, &count); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetSlotList failed crv=0x%x\n", (unsigned int)crv); -+ goto loser; -+ } -+ if ((count > slotListCount) || count < 1) { -+ fprintf(stderr, -+ "NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", -+ (int)count, (int)slotListCount); -+ goto loser; -+ } -+ slotID = slotList[0]; -+ ikereq = fopen(reqfn, "r"); -+ ikeresp = stdout; -+ while (fgets(buf, sizeof buf, ikereq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* [.....] */ -+ if (buf[0] == '[') { -+ if (strncmp(buf, "[SHA-1]", 7) == 0) { -+ ike_prf.prfMechanism = CKM_SHA_1_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA_1_HMAC; -+ } -+ if (strncmp(buf, "[SHA-224]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA224_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA224_HMAC; -+ } -+ if (strncmp(buf, "[SHA-256]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA256_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA256_HMAC; -+ } -+ if (strncmp(buf, "[SHA-384]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA384_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA384_HMAC; -+ } -+ if (strncmp(buf, "[SHA-512]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA512_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA512_HMAC; -+ } -+ if (strncmp(buf, "[AES-XCBC", 9) == 0) { -+ ike_prf.prfMechanism = CKM_AES_XCBC_MAC; -+ ike1_prf.prfMechanism = CKM_AES_XCBC_MAC; -+ } -+ if (strncmp(buf, "[g^xy", 5) == 0) { -+ if (sscanf(buf, "[g^xy length = %d]", -+ &gxy_len) != 1) { -+ goto loser; -+ } -+ gxy_len = gxy_len / 8; -+ if (gxy) -+ free(gxy); -+ gxy = malloc(gxy_len); -+ gxy_template[0].pValue = gxy; -+ gxy_template[0].ulValueLen = gxy_len; -+ } -+ if (strncmp(buf, "[Ni", 3) == 0) { -+ if (sscanf(buf, "[Ni length = %d]", &Ni_len) != 1) { -+ goto loser; -+ } -+ Ni_len = Ni_len / 8; -+ if (Ni) -+ free(Ni); -+ Ni = malloc(Ni_len); -+ ike_prf.pNi = Ni; -+ ike_prf.ulNiLen = Ni_len; -+ } -+ if (strncmp(buf, "[Nr", 3) == 0) { -+ if (sscanf(buf, "[Nr length = %d]", &Nr_len) != 1) { -+ goto loser; -+ } -+ Nr_len = Nr_len / 8; -+ if (Nr) -+ free(Nr); -+ Nr = malloc(Nr_len); -+ ike_prf.pNr = Nr; -+ ike_prf.ulNrLen = Nr_len; -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* "COUNT = x" begins a new data set */ -+ if (strncmp(buf, "COUNT", 5) == 0) { -+ /* zeroize the variables for the test with this data set */ -+ memset(gxy, 0, gxy_len); -+ memset(Ni, 0, Ni_len); -+ memset(Nr, 0, Nr_len); -+ memset(CKYi, 0, CKYi_len); -+ memset(CKYr, 0, CKYr_len); -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* Ni = ... */ -+ if (strncmp(buf, "Ni", 2) == 0) { -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < Ni_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &Ni[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* Nr = ... */ -+ if (strncmp(buf, "Nr", 2) == 0) { -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < Nr_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &Nr[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* CKYi = ... */ -+ if (strncmp(buf, "CKY_I", 5) == 0) { -+ i = 5; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < CKYi_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &CKYi[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* CKYr = ... */ -+ if (strncmp(buf, "CKY_R", 5) == 0) { -+ i = 5; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < CKYr_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &CKYr[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* g^xy = ... */ -+ if (strncmp(buf, "g^xy", 4) == 0) { -+ CK_SESSION_HANDLE session; -+ CK_OBJECT_HANDLE gxy_handle; -+ CK_OBJECT_HANDLE skeyid_handle; -+ CK_OBJECT_HANDLE skeyid_d_handle; -+ CK_OBJECT_HANDLE skeyid_a_handle; -+ CK_OBJECT_HANDLE skeyid_e_handle; -+ i = 4; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < gxy_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &gxy[j]); -+ } -+ fputs(buf, ikeresp); -+ crv = NSC_OpenSession(slotID, 0, NULL, NULL, &session); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_OpenSession failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_CreateObject(session, gxy_template, -+ gxy_template_count, &gxy_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_CreateObject failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ /* get the skeyid key */ -+ crv = NSC_DeriveKey(session, &ike_mech, gxy_handle, -+ derive_template, derive_template_count - 1, -+ &skeyid_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ skeyid_template.ulValueLen = HASH_LENGTH_MAX; -+ crv = NSC_GetAttributeValue(session, skeyid_handle, -+ &skeyid_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ /* use the length of the skeyid to set the target length of all the -+ * other keys */ -+ keyLen = skeyid_template.ulValueLen; -+ ike1_prf.hKeygxy = gxy_handle; -+ ike1_prf.bHasPrevKey = PR_FALSE; -+ ike1_prf.keyNumber = 0; -+ crv = NSC_DeriveKey(session, &ike1_mech, skeyid_handle, -+ derive_template, derive_template_count, -+ &skeyid_d_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid_d) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ -+ ike1_prf.hKeygxy = gxy_handle; -+ ike1_prf.bHasPrevKey = CK_TRUE; -+ ike1_prf.hPrevKey = skeyid_d_handle; -+ ike1_prf.keyNumber = 1; -+ crv = NSC_DeriveKey(session, &ike1_mech, skeyid_handle, -+ derive_template, derive_template_count, -+ &skeyid_a_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid_a) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ ike1_prf.hKeygxy = gxy_handle; -+ ike1_prf.bHasPrevKey = CK_TRUE; -+ ike1_prf.hPrevKey = skeyid_a_handle; -+ ike1_prf.keyNumber = 2; -+ crv = NSC_DeriveKey(session, &ike1_mech, skeyid_handle, -+ derive_template, derive_template_count, -+ &skeyid_e_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid_e) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID = ", ikeresp); -+ to_hex_str(buf, skeyid_secret, keyLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ skeyid_d_template.ulValueLen = keyLen; -+ crv = NSC_GetAttributeValue(session, skeyid_d_handle, -+ &skeyid_d_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid_d) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID_d = ", ikeresp); -+ to_hex_str(buf, skeyid_d_secret, skeyid_d_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ skeyid_a_template.ulValueLen = keyLen; -+ crv = NSC_GetAttributeValue(session, skeyid_a_handle, -+ &skeyid_a_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid_a) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID_a = ", ikeresp); -+ to_hex_str(buf, skeyid_a_secret, skeyid_a_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ skeyid_e_template.ulValueLen = keyLen; -+ crv = NSC_GetAttributeValue(session, skeyid_e_handle, -+ &skeyid_e_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid_e) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID_e = ", ikeresp); -+ to_hex_str(buf, skeyid_e_secret, skeyid_e_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ crv = NSC_CloseSession(session); -+ continue; -+ } -+ } -+loser: -+ NSC_Finalize(NULL); -+ if (gxy) -+ free(gxy); -+ if (Ni) -+ free(Ni); -+ if (Nr) -+ free(Nr); -+ if (ikereq) -+ fclose(ikereq); -+} -+ -+void -+ikev1_psk(char *reqfn) -+{ -+ char buf[4096]; /* holds one line from the input REQUEST file. -+ * needs to be large enough to hold the longest -+ * line "g^xy = <2048 hex digits>\n". -+ */ -+ unsigned char *gxy = NULL; -+ int gxy_len; -+ unsigned char *Ni = NULL; -+ int Ni_len; -+ unsigned char *Nr = NULL; -+ int Nr_len; -+ unsigned char CKYi[8]; -+ int CKYi_len; -+ unsigned char CKYr[8]; -+ int CKYr_len; -+ unsigned char *psk = NULL; -+ int psk_len; -+ unsigned int i, j; -+ FILE *ikereq = NULL; /* input stream from the REQUEST file */ -+ FILE *ikeresp; /* output stream to the RESPONSE file */ -+ -+ CK_SLOT_ID slotList[10]; -+ CK_SLOT_ID slotID; -+ CK_ULONG slotListCount = sizeof(slotList) / sizeof(slotList[0]); -+ CK_ULONG count; -+ static const CK_C_INITIALIZE_ARGS pk11args = { -+ NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS, -+ (void *)"flags=readOnly,noCertDB,noModDB", NULL -+ }; -+ static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; -+ static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; -+ static CK_BBOOL ck_true = CK_TRUE; -+ static CK_ULONG keyLen = 1; -+ CK_ATTRIBUTE gxy_template[] = { -+ { CKA_VALUE, NULL, 0 }, /* must be first */ -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ }; -+ CK_ULONG gxy_template_count = -+ sizeof(gxy_template) / sizeof(gxy_template[0]); -+ CK_ATTRIBUTE psk_template[] = { -+ { CKA_VALUE, NULL, 0 }, /* must be first */ -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ }; -+ CK_ULONG psk_template_count = -+ sizeof(psk_template) / sizeof(psk_template[0]); -+ CK_ATTRIBUTE derive_template[] = { -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, /* must be last */ -+ }; -+ CK_ULONG derive_template_count = -+ sizeof(derive_template) / sizeof(derive_template[0]); -+ CK_ATTRIBUTE skeyid_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE skeyid_d_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE skeyid_a_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE skeyid_e_template = -+ { CKA_VALUE, NULL, 0 }; -+ unsigned char skeyid_secret[HASH_LENGTH_MAX]; -+ unsigned char skeyid_d_secret[HASH_LENGTH_MAX]; -+ unsigned char skeyid_a_secret[HASH_LENGTH_MAX]; -+ unsigned char skeyid_e_secret[HASH_LENGTH_MAX]; -+ -+ CK_MECHANISM ike_mech = { CKM_NSS_IKE_PRF_DERIVE, NULL, 0 }; -+ CK_MECHANISM ike1_mech = { CKM_NSS_IKE1_PRF_DERIVE, NULL, 0 }; -+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf; -+ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf; -+ CK_RV crv; -+ -+ /* set up PKCS #11 parameters */ -+ ike_prf.bDataAsKey = PR_FALSE; -+ ike_prf.bRekey = PR_FALSE; -+ ike_prf.hNewKey = CK_INVALID_HANDLE; -+ CKYi_len = 8; -+ CKYr_len = 8; -+ ike1_prf.pCKYi = CKYi; -+ ike1_prf.ulCKYiLen = CKYi_len; -+ ike1_prf.pCKYr = CKYr; -+ ike1_prf.ulCKYrLen = CKYr_len; -+ ike_mech.pParameter = &ike_prf; -+ ike_mech.ulParameterLen = sizeof(ike_prf); -+ ike1_mech.pParameter = &ike1_prf; -+ ike1_mech.ulParameterLen = sizeof(ike1_prf); -+ skeyid_template.pValue = skeyid_secret; -+ skeyid_template.ulValueLen = HASH_LENGTH_MAX; -+ skeyid_d_template.pValue = skeyid_d_secret; -+ skeyid_d_template.ulValueLen = HASH_LENGTH_MAX; -+ skeyid_a_template.pValue = skeyid_a_secret; -+ skeyid_a_template.ulValueLen = HASH_LENGTH_MAX; -+ skeyid_e_template.pValue = skeyid_e_secret; -+ skeyid_e_template.ulValueLen = HASH_LENGTH_MAX; -+ -+ crv = NSC_Initialize((CK_VOID_PTR)&pk11args); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv); -+ goto loser; -+ } -+ count = slotListCount; -+ crv = NSC_GetSlotList(PR_TRUE, slotList, &count); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetSlotList failed crv=0x%x\n", (unsigned int)crv); -+ goto loser; -+ } -+ if ((count > slotListCount) || count < 1) { -+ fprintf(stderr, -+ "NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", -+ (int)count, (int)slotListCount); -+ goto loser; -+ } -+ slotID = slotList[0]; -+ ikereq = fopen(reqfn, "r"); -+ ikeresp = stdout; -+ while (fgets(buf, sizeof buf, ikereq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* [.....] */ -+ if (buf[0] == '[') { -+ if (strncmp(buf, "[SHA-1]", 7) == 0) { -+ ike_prf.prfMechanism = CKM_SHA_1_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA_1_HMAC; -+ } -+ if (strncmp(buf, "[SHA-224]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA224_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA224_HMAC; -+ } -+ if (strncmp(buf, "[SHA-256]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA256_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA256_HMAC; -+ } -+ if (strncmp(buf, "[SHA-384]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA384_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA384_HMAC; -+ } -+ if (strncmp(buf, "[SHA-512]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA512_HMAC; -+ ike1_prf.prfMechanism = CKM_SHA512_HMAC; -+ } -+ if (strncmp(buf, "[AES-XCBC", 9) == 0) { -+ ike_prf.prfMechanism = CKM_AES_XCBC_MAC; -+ ike1_prf.prfMechanism = CKM_AES_XCBC_MAC; -+ } -+ if (strncmp(buf, "[g^xy", 5) == 0) { -+ if (sscanf(buf, "[g^xy length = %d]", -+ &gxy_len) != 1) { -+ goto loser; -+ } -+ gxy_len = gxy_len / 8; -+ if (gxy) -+ free(gxy); -+ gxy = malloc(gxy_len); -+ gxy_template[0].pValue = gxy; -+ gxy_template[0].ulValueLen = gxy_len; -+ } -+ if (strncmp(buf, "[pre-shared-key", 15) == 0) { -+ if (sscanf(buf, "[pre-shared-key length = %d]", -+ &psk_len) != 1) { -+ goto loser; -+ } -+ psk_len = psk_len / 8; -+ if (psk) -+ free(psk); -+ psk = malloc(psk_len); -+ psk_template[0].pValue = psk; -+ psk_template[0].ulValueLen = psk_len; -+ } -+ if (strncmp(buf, "[Ni", 3) == 0) { -+ if (sscanf(buf, "[Ni length = %d]", &Ni_len) != 1) { -+ goto loser; -+ } -+ Ni_len = Ni_len / 8; -+ if (Ni) -+ free(Ni); -+ Ni = malloc(Ni_len); -+ ike_prf.pNi = Ni; -+ ike_prf.ulNiLen = Ni_len; -+ } -+ if (strncmp(buf, "[Nr", 3) == 0) { -+ if (sscanf(buf, "[Nr length = %d]", &Nr_len) != 1) { -+ goto loser; -+ } -+ Nr_len = Nr_len / 8; -+ if (Nr) -+ free(Nr); -+ Nr = malloc(Nr_len); -+ ike_prf.pNr = Nr; -+ ike_prf.ulNrLen = Nr_len; -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* "COUNT = x" begins a new data set */ -+ if (strncmp(buf, "COUNT", 5) == 0) { -+ /* zeroize the variables for the test with this data set */ -+ memset(gxy, 0, gxy_len); -+ memset(Ni, 0, Ni_len); -+ memset(Nr, 0, Nr_len); -+ memset(CKYi, 0, CKYi_len); -+ memset(CKYr, 0, CKYr_len); -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* Ni = ... */ -+ if (strncmp(buf, "Ni", 2) == 0) { -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < Ni_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &Ni[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* Nr = ... */ -+ if (strncmp(buf, "Nr", 2) == 0) { -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < Nr_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &Nr[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* CKYi = ... */ -+ if (strncmp(buf, "CKY_I", 5) == 0) { -+ i = 5; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < CKYi_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &CKYi[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* CKYr = ... */ -+ if (strncmp(buf, "CKY_R", 5) == 0) { -+ i = 5; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < CKYr_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &CKYr[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* g^xy = ... */ -+ if (strncmp(buf, "g^xy", 4) == 0) { -+ i = 4; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < gxy_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &gxy[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* pre-shared-key = ... */ -+ if (strncmp(buf, "pre-shared-key", 14) == 0) { -+ CK_SESSION_HANDLE session; -+ CK_OBJECT_HANDLE gxy_handle; -+ CK_OBJECT_HANDLE psk_handle; -+ CK_OBJECT_HANDLE skeyid_handle; -+ CK_OBJECT_HANDLE skeyid_d_handle; -+ CK_OBJECT_HANDLE skeyid_a_handle; -+ CK_OBJECT_HANDLE skeyid_e_handle; -+ i = 14; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < psk_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &psk[j]); -+ } -+ fputs(buf, ikeresp); -+ crv = NSC_OpenSession(slotID, 0, NULL, NULL, &session); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_OpenSession failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_CreateObject(session, psk_template, -+ psk_template_count, &psk_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_CreateObject(psk) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_CreateObject(session, gxy_template, -+ gxy_template_count, &gxy_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_CreateObject(gxy) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ /* get the skeyid key */ -+ crv = NSC_DeriveKey(session, &ike_mech, psk_handle, -+ derive_template, derive_template_count - 1, -+ &skeyid_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ skeyid_template.ulValueLen = HASH_LENGTH_MAX; -+ crv = NSC_GetAttributeValue(session, skeyid_handle, -+ &skeyid_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ /* use the length of the skeyid to set the target length of all the -+ * other keys */ -+ keyLen = skeyid_template.ulValueLen; -+ ike1_prf.hKeygxy = gxy_handle; -+ ike1_prf.bHasPrevKey = PR_FALSE; -+ ike1_prf.keyNumber = 0; -+ crv = NSC_DeriveKey(session, &ike1_mech, skeyid_handle, -+ derive_template, derive_template_count, -+ &skeyid_d_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid_d) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ -+ ike1_prf.hKeygxy = gxy_handle; -+ ike1_prf.bHasPrevKey = CK_TRUE; -+ ike1_prf.hPrevKey = skeyid_d_handle; -+ ike1_prf.keyNumber = 1; -+ crv = NSC_DeriveKey(session, &ike1_mech, skeyid_handle, -+ derive_template, derive_template_count, -+ &skeyid_a_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid_a) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ ike1_prf.hKeygxy = gxy_handle; -+ ike1_prf.bHasPrevKey = CK_TRUE; -+ ike1_prf.hPrevKey = skeyid_a_handle; -+ ike1_prf.keyNumber = 2; -+ crv = NSC_DeriveKey(session, &ike1_mech, skeyid_handle, -+ derive_template, derive_template_count, -+ &skeyid_e_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid_e) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID = ", ikeresp); -+ to_hex_str(buf, skeyid_secret, keyLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ skeyid_d_template.ulValueLen = keyLen; -+ crv = NSC_GetAttributeValue(session, skeyid_d_handle, -+ &skeyid_d_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid_d) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID_d = ", ikeresp); -+ to_hex_str(buf, skeyid_d_secret, skeyid_d_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ skeyid_a_template.ulValueLen = keyLen; -+ crv = NSC_GetAttributeValue(session, skeyid_a_handle, -+ &skeyid_a_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid_a) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID_a = ", ikeresp); -+ to_hex_str(buf, skeyid_a_secret, skeyid_a_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ skeyid_e_template.ulValueLen = keyLen; -+ crv = NSC_GetAttributeValue(session, skeyid_e_handle, -+ &skeyid_e_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid_e) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYID_e = ", ikeresp); -+ to_hex_str(buf, skeyid_e_secret, skeyid_e_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ crv = NSC_CloseSession(session); -+ continue; -+ } -+ } -+loser: -+ NSC_Finalize(NULL); -+ if (psk) -+ free(psk); -+ if (gxy) -+ free(gxy); -+ if (Ni) -+ free(Ni); -+ if (Nr) -+ free(Nr); -+ if (ikereq) -+ fclose(ikereq); -+} -+ -+void -+ikev2(char *reqfn) -+{ -+ char buf[4096]; /* holds one line from the input REQUEST file. -+ * needs to be large enough to hold the longest -+ * line "g^xy = <2048 hex digits>\n". -+ */ -+ unsigned char *gir = NULL; -+ unsigned char *gir_new = NULL; -+ int gir_len; -+ unsigned char *Ni = NULL; -+ int Ni_len; -+ unsigned char *Nr = NULL; -+ int Nr_len; -+ unsigned char *SPIi = NULL; -+ int SPIi_len = 8; -+ unsigned char *SPIr = NULL; -+ int SPIr_len = 8; -+ unsigned char *DKM = NULL; -+ int DKM_len; -+ unsigned char *DKM_child = NULL; -+ int DKM_child_len; -+ unsigned char *seed_data = NULL; -+ int seed_data_len = 0; -+ unsigned int i, j; -+ FILE *ikereq = NULL; /* input stream from the REQUEST file */ -+ FILE *ikeresp; /* output stream to the RESPONSE file */ -+ -+ CK_SLOT_ID slotList[10]; -+ CK_SLOT_ID slotID; -+ CK_ULONG slotListCount = sizeof(slotList) / sizeof(slotList[0]); -+ CK_ULONG count; -+ static const CK_C_INITIALIZE_ARGS pk11args = { -+ NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS, -+ (void *)"flags=readOnly,noCertDB,noModDB", NULL -+ }; -+ static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; -+ static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; -+ static CK_BBOOL ck_true = CK_TRUE; -+ static CK_ULONG keyLen = 1; -+ CK_ATTRIBUTE gir_template[] = { -+ { CKA_VALUE, NULL, 0 }, -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ }; -+ CK_ULONG gir_template_count = -+ sizeof(gir_template) / sizeof(gir_template[0]); -+ CK_ATTRIBUTE gir_new_template[] = { -+ { CKA_VALUE, NULL, 0 }, -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ }; -+ CK_ULONG gir_new_template_count = -+ sizeof(gir_new_template) / sizeof(gir_new_template[0]); -+ CK_ATTRIBUTE derive_template[] = { -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, -+ }; -+ CK_ULONG derive_template_count = -+ sizeof(derive_template) / sizeof(derive_template[0]); -+ CK_ATTRIBUTE skeyseed_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE dkm_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE dkm_child_template = -+ { CKA_VALUE, NULL, 0 }; -+ unsigned char skeyseed_secret[HASH_LENGTH_MAX]; -+ -+ CK_MECHANISM ike_mech = { CKM_NSS_IKE_PRF_DERIVE, NULL, 0 }; -+ CK_MECHANISM ike2_mech = { CKM_NSS_IKE_PRF_PLUS_DERIVE, NULL, 0 }; -+ CK_MECHANISM subset_mech = { CKM_EXTRACT_KEY_FROM_KEY, NULL, 0 }; -+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf; -+ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS ike2_prf; -+ CK_EXTRACT_PARAMS subset_params; -+ CK_RV crv; -+ -+ /* set up PKCS #11 parameters */ -+ ike_mech.pParameter = &ike_prf; -+ ike_mech.ulParameterLen = sizeof(ike_prf); -+ ike2_mech.pParameter = &ike2_prf; -+ ike2_mech.ulParameterLen = sizeof(ike2_prf); -+ subset_mech.pParameter = &subset_params; -+ subset_mech.ulParameterLen = sizeof(subset_params); -+ subset_params = 0; -+ skeyseed_template.pValue = skeyseed_secret; -+ skeyseed_template.ulValueLen = HASH_LENGTH_MAX; -+ -+ crv = NSC_Initialize((CK_VOID_PTR)&pk11args); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv); -+ goto loser; -+ } -+ count = slotListCount; -+ crv = NSC_GetSlotList(PR_TRUE, slotList, &count); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetSlotList failed crv=0x%x\n", (unsigned int)crv); -+ goto loser; -+ } -+ if ((count > slotListCount) || count < 1) { -+ fprintf(stderr, -+ "NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", -+ (int)count, (int)slotListCount); -+ goto loser; -+ } -+ slotID = slotList[0]; -+ ikereq = fopen(reqfn, "r"); -+ ikeresp = stdout; -+ while (fgets(buf, sizeof buf, ikereq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* [.....] */ -+ if (buf[0] == '[') { -+ if (strncmp(buf, "[SHA-1]", 7) == 0) { -+ ike_prf.prfMechanism = CKM_SHA_1_HMAC; -+ ike2_prf.prfMechanism = CKM_SHA_1_HMAC; -+ } -+ if (strncmp(buf, "[SHA-224]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA224_HMAC; -+ ike2_prf.prfMechanism = CKM_SHA224_HMAC; -+ } -+ if (strncmp(buf, "[SHA-256]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA256_HMAC; -+ ike2_prf.prfMechanism = CKM_SHA256_HMAC; -+ } -+ if (strncmp(buf, "[SHA-384]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA384_HMAC; -+ ike2_prf.prfMechanism = CKM_SHA384_HMAC; -+ } -+ if (strncmp(buf, "[SHA-512]", 9) == 0) { -+ ike_prf.prfMechanism = CKM_SHA512_HMAC; -+ ike2_prf.prfMechanism = CKM_SHA512_HMAC; -+ } -+ if (strncmp(buf, "[AES-XCBC", 9) == 0) { -+ ike_prf.prfMechanism = CKM_AES_XCBC_MAC; -+ ike2_prf.prfMechanism = CKM_AES_XCBC_MAC; -+ } -+ if (strncmp(buf, "[g^ir", 5) == 0) { -+ if (sscanf(buf, "[g^ir length = %d]", -+ &gir_len) != 1) { -+ goto loser; -+ } -+ gir_len = gir_len / 8; -+ if (gir) -+ free(gir); -+ if (gir_new) -+ free(gir_new); -+ gir = malloc(gir_len); -+ gir_new = malloc(gir_len); -+ gir_template[0].pValue = gir; -+ gir_template[0].ulValueLen = gir_len; -+ gir_new_template[0].pValue = gir_new; -+ gir_new_template[0].ulValueLen = gir_len; -+ } -+ if (strncmp(buf, "[Ni", 3) == 0) { -+ if (sscanf(buf, "[Ni length = %d]", &Ni_len) != 1) { -+ goto loser; -+ } -+ Ni_len = Ni_len / 8; -+ } -+ if (strncmp(buf, "[Nr", 3) == 0) { -+ if (sscanf(buf, "[Nr length = %d]", &Nr_len) != 1) { -+ goto loser; -+ } -+ Nr_len = Nr_len / 8; -+ } -+ if (strncmp(buf, "[DKM", 4) == 0) { -+ if (sscanf(buf, "[DKM length = %d]", -+ &DKM_len) != 1) { -+ goto loser; -+ } -+ DKM_len = DKM_len / 8; -+ if (DKM) -+ free(DKM); -+ DKM = malloc(DKM_len); -+ dkm_template.pValue = DKM; -+ dkm_template.ulValueLen = DKM_len; -+ } -+ if (strncmp(buf, "[Child SA DKM", 13) == 0) { -+ if (sscanf(buf, "[Child SA DKM length = %d]", -+ &DKM_child_len) != 1) { -+ goto loser; -+ } -+ DKM_child_len = DKM_child_len / 8; -+ if (DKM_child) -+ free(DKM_child); -+ DKM_child = malloc(DKM_child_len); -+ dkm_child_template.pValue = DKM_child; -+ dkm_child_template.ulValueLen = DKM_child_len; -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* "COUNT = x" begins a new data set */ -+ if (strncmp(buf, "COUNT", 5) == 0) { -+ /* zeroize the variables for the test with this data set */ -+ int new_seed_len = Ni_len + Nr_len + SPIi_len + SPIr_len; -+ if (seed_data_len != new_seed_len) { -+ if (seed_data) -+ free(seed_data); -+ seed_data_len = new_seed_len; -+ seed_data = malloc(seed_data_len); -+ Ni = seed_data; -+ Nr = &seed_data[Ni_len]; -+ SPIi = &seed_data[Ni_len + Nr_len]; -+ SPIr = &seed_data[new_seed_len - SPIr_len]; -+ ike_prf.pNi = Ni; -+ ike_prf.ulNiLen = Ni_len; -+ ike_prf.pNr = Nr; -+ ike_prf.ulNrLen = Nr_len; -+ ike2_prf.pSeedData = seed_data; -+ } -+ memset(gir, 0, gir_len); -+ memset(gir_new, 0, gir_len); -+ memset(seed_data, 0, seed_data_len); -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* Ni = ... */ -+ if (strncmp(buf, "Ni", 2) == 0) { -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < Ni_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &Ni[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* Nr = ... */ -+ if (strncmp(buf, "Nr", 2) == 0) { -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < Nr_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &Nr[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* g^ir (new) = ... */ -+ if (strncmp(buf, "g^ir (new)", 10) == 0) { -+ i = 10; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < gir_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &gir_new[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* g^ir = ... */ -+ if (strncmp(buf, "g^ir", 4) == 0) { -+ i = 4; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < gir_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &gir[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* SPIi = ... */ -+ if (strncmp(buf, "SPIi", 4) == 0) { -+ i = 4; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < SPIi_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &SPIi[j]); -+ } -+ fputs(buf, ikeresp); -+ continue; -+ } -+ /* SPIr = ... */ -+ if (strncmp(buf, "SPIr", 4) == 0) { -+ CK_SESSION_HANDLE session; -+ CK_OBJECT_HANDLE gir_handle; -+ CK_OBJECT_HANDLE gir_new_handle; -+ CK_OBJECT_HANDLE skeyseed_handle; -+ CK_OBJECT_HANDLE sk_d_handle; -+ CK_OBJECT_HANDLE skeyseed_new_handle; -+ CK_OBJECT_HANDLE dkm_handle; -+ CK_OBJECT_HANDLE dkm_child_handle; -+ i = 4; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j = 0; j < SPIr_len; i += 2, j++) { -+ hex_to_byteval(&buf[i], &SPIr[j]); -+ } -+ fputs(buf, ikeresp); -+ crv = NSC_OpenSession(slotID, 0, NULL, NULL, &session); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_OpenSession failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_CreateObject(session, gir_template, -+ gir_template_count, &gir_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_CreateObject (g^ir) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_CreateObject(session, gir_new_template, -+ gir_new_template_count, &gir_new_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_CreateObject (g^ir new) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ /* get the SKEYSEED key */ -+ ike_prf.bDataAsKey = CK_TRUE; -+ ike_prf.bRekey = CK_FALSE; -+ ike_prf.hNewKey = CK_INVALID_HANDLE; -+ crv = NSC_DeriveKey(session, &ike_mech, gir_handle, -+ derive_template, derive_template_count - 1, -+ &skeyseed_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ skeyseed_template.ulValueLen = HASH_LENGTH_MAX; -+ crv = NSC_GetAttributeValue(session, skeyseed_handle, -+ &skeyseed_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYSEED = ", ikeresp); -+ to_hex_str(buf, skeyseed_secret, skeyseed_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ /* get DKM */ -+ keyLen = DKM_len; -+ ike2_prf.bHasSeedKey = CK_FALSE; -+ ike2_prf.hSeedKey = CK_INVALID_HANDLE; -+ ike2_prf.ulSeedDataLen = seed_data_len; -+ crv = NSC_DeriveKey(session, &ike2_mech, skeyseed_handle, -+ derive_template, derive_template_count, -+ &dkm_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(DKM) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_GetAttributeValue(session, dkm_handle, -+ &dkm_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(DKM) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("DKM = ", ikeresp); -+ to_hex_str(buf, DKM, DKM_len); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ /* get the sk_d from the DKM */ -+ keyLen = skeyseed_template.ulValueLen; -+ crv = NSC_DeriveKey(session, &subset_mech, dkm_handle, -+ derive_template, derive_template_count, -+ &sk_d_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(sk_d) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ -+ /* get DKM child */ -+ keyLen = DKM_child_len; -+ ike2_prf.bHasSeedKey = CK_FALSE; -+ ike2_prf.hSeedKey = CK_INVALID_HANDLE; -+ ike2_prf.ulSeedDataLen = Ni_len + Nr_len; -+ crv = NSC_DeriveKey(session, &ike2_mech, sk_d_handle, -+ derive_template, derive_template_count, -+ &dkm_child_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(DKM Child SA) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_GetAttributeValue(session, dkm_child_handle, -+ &dkm_child_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(DKM Child SA) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("DKM(Child SA) = ", ikeresp); -+ to_hex_str(buf, DKM_child, DKM_child_len); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ /* get DKM child D-H*/ -+ keyLen = DKM_child_len; -+ ike2_prf.bHasSeedKey = CK_TRUE; -+ ike2_prf.hSeedKey = gir_new_handle; -+ ike2_prf.ulSeedDataLen = Ni_len + Nr_len; -+ crv = NSC_DeriveKey(session, &ike2_mech, sk_d_handle, -+ derive_template, derive_template_count, -+ &dkm_child_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(DKM Child SA D-H) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ crv = NSC_GetAttributeValue(session, dkm_child_handle, -+ &dkm_child_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(DKM Child SA D-H) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("DKM(Child SA D-H) = ", ikeresp); -+ to_hex_str(buf, DKM_child, DKM_child_len); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ /* get SKEYSEED(rekey) */ -+ ike_prf.bDataAsKey = CK_FALSE; -+ ike_prf.bRekey = CK_TRUE; -+ ike_prf.hNewKey = gir_new_handle; -+ crv = NSC_DeriveKey(session, &ike_mech, sk_d_handle, -+ derive_template, derive_template_count - 1, -+ &skeyseed_new_handle); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_DeriveKey(skeyid rekey) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ skeyseed_template.ulValueLen = HASH_LENGTH_MAX; -+ crv = NSC_GetAttributeValue(session, skeyseed_new_handle, -+ &skeyseed_template, 1); -+ if (crv != CKR_OK) { -+ fprintf(stderr, "NSC_GetAttribute(skeyid) failed crv=0x%x\n", -+ (unsigned int)crv); -+ goto loser; -+ } -+ fputs("SKEYSEED(rekey) = ", ikeresp); -+ to_hex_str(buf, skeyseed_secret, skeyseed_template.ulValueLen); -+ fputs(buf, ikeresp); -+ fputc('\n', ikeresp); -+ -+ crv = NSC_CloseSession(session); -+ continue; -+ } -+ } -+loser: -+ NSC_Finalize(NULL); -+ if (gir) -+ free(gir); -+ if (gir_new) -+ free(gir_new); -+ if (seed_data) -+ free(seed_data); -+ if (DKM) -+ free(DKM); -+ if (DKM_child) -+ free(DKM_child); -+ if (ikereq) -+ fclose(ikereq); -+} -+ - int - main(int argc, char **argv) - { - if (argc < 2) - exit(-1); - - RNG_RNGInit(); - SECOID_Init(); -@@ -7066,11 +8369,19 @@ main(int argc, char **argv) - rng_mct(argv[3]); - } - } else if (strcmp(argv[1], "drbg") == 0) { - /* Variable Seed Test */ - drbg(argv[2]); - } else if (strcmp(argv[1], "ddrbg") == 0) { - debug = 1; - drbg(argv[2]); -+ } else if (strcmp(argv[1], "tls") == 0) { -+ tls(argv[2]); -+ } else if (strcmp(argv[1], "ikev1") == 0) { -+ ikev1(argv[2]); -+ } else if (strcmp(argv[1], "ikev1-psk") == 0) { -+ ikev1_psk(argv[2]); -+ } else if (strcmp(argv[1], "ikev2") == 0) { -+ ikev2(argv[2]); - } - return 0; - } -diff --git a/cmd/fipstest/hmac.sh b/cmd/fipstest/hmac.sh -deleted file mode 100755 ---- a/cmd/fipstest/hmac.sh -+++ /dev/null -@@ -1,36 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST HMAC Algorithm Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. -- --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/HMAC --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --hmac_requests=" --HMAC.req --" -- --if [ ${COMMAND} = "verify" ]; then -- for request in $hmac_requests; do -- sh ./validate1.sh ${TESTDIR} $request -- done -- exit 0 --fi --for request in $hmac_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest hmac ${REQDIR}/$request > ${RSPDIR}/$response --done -- -diff --git a/cmd/fipstest/kas.sh b/cmd/fipstest/kas.sh -deleted file mode 100755 ---- a/cmd/fipstest/kas.sh -+++ /dev/null -@@ -1,84 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST DSA Validation System --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/KAS --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- -- --# --if [ ${COMMAND} = "verify" ]; then --# --# need verify for KAS tests -- --# verify generated keys --# name=KeyPair --# echo ">>>>> $name" --# fipstest dsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify generated pqg values --# name=PQGGen --# echo ">>>>> $name" --# fipstest dsa pqgver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify PQGVer with known answer --# sh ./validate1.sh ${TESTDIR} PQGVer.req ' ' '-e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' --# verify signatures --# name=SigGen --# echo ">>>>> $name" --# fipstest dsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# verify SigVer with known answer --# sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);;' -- exit 0 --fi -- --request=KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_init.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdh init-func ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_resp.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdh resp-func ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdh init-verify ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest ecdh resp-verify ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASFunctionTest_FFCEphem_NOKC_ZZOnly_init.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dh init-func ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASFunctionTest_FFCEphem_NOKC_ZZOnly_resp.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dh resp-func ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASValidityTest_FFCEphem_NOKC_ZZOnly_init.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dh init-verify ${REQDIR}/$request > ${RSPDIR}/$response -- --request=KASValidityTest_FFCEphem_NOKC_ZZOnly_resp.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest dh resp-verify ${REQDIR}/$request > ${RSPDIR}/$response -- -diff --git a/cmd/fipstest/rng.sh b/cmd/fipstest/rng.sh -deleted file mode 100644 ---- a/cmd/fipstest/rng.sh -+++ /dev/null -@@ -1,34 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST RNG Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/DRBG800-90A --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --drbg_requests=" --Hash_DRBG.req --" -- --if [ ${COMMAND} = "verify" ]; then -- for request in $drbg_requests; do -- sh ./validate1.sh ${TESTDIR} $request -- done -- exit 0 --fi --for request in $drbg_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest drbg ${REQDIR}/$request > ${RSPDIR}/$response --done -diff --git a/cmd/fipstest/rsa.sh b/cmd/fipstest/rsa.sh -deleted file mode 100644 ---- a/cmd/fipstest/rsa.sh -+++ /dev/null -@@ -1,50 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST RSA Validation System --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/RSA2 --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --if [ ${COMMAND} = "verify" ]; then --#verify the signatures. The fax file does not have any known answers, so --#use our own verify function. -- name=SigGen15_186-3 -- echo ">>>>> $name" -- fipstest rsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F --# fipstest rsa sigver ${REQDIR}/SigVer15_186-3.req | grep ^Result.=.F --#The Fax file has the private exponent and the salt value, remove it --#also remove the false reason -- sh ./validate1.sh ${TESTDIR} SigVer15_186-3.req ' ' '-e /^SaltVal/d -e/^d.=/d -e /^p.=/d -e /^q.=/d -e /^EM.with/d -e /^Result.=.F/s;.(.*);;' --# --# currently don't have a way to verify the RSA keygen --# -- exit 0 --fi -- --request=SigGen15_186-3.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest rsa siggen ${REQDIR}/$request > ${RSPDIR}/$response -- --request=SigVer15_186-3.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest rsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -- --#request=KeyGen_186-3.req --request=KeyGen_RandomProbablyPrime3_3.req --response=`echo $request | sed -e "s/req/rsp/"` --echo $request $response --fipstest rsa keypair ${REQDIR}/$request > ${RSPDIR}/$response -diff --git a/cmd/fipstest/runtest.sh b/cmd/fipstest/runtest.sh -deleted file mode 100644 ---- a/cmd/fipstest/runtest.sh -+++ /dev/null -@@ -1,14 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --TESTDIR=${1-.} --COMMAND=${2-run} --TESTS="aes aesgcm dsa ecdsa hmac kas tls rng rsa sha tdea" --for i in $TESTS --do -- echo "********************Running $i tests" -- sh ./${i}.sh ${TESTDIR} ${COMMAND} --done -diff --git a/cmd/fipstest/sha.sh b/cmd/fipstest/sha.sh -deleted file mode 100644 ---- a/cmd/fipstest/sha.sh -+++ /dev/null -@@ -1,66 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST SHA Algorithm Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/SHA --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --sha_ShortMsg_requests=" --SHA1ShortMsg.req --SHA224ShortMsg.req --SHA256ShortMsg.req --SHA384ShortMsg.req --SHA512ShortMsg.req --" -- --sha_LongMsg_requests=" --SHA1LongMsg.req --SHA224LongMsg.req --SHA256LongMsg.req --SHA384LongMsg.req --SHA512LongMsg.req --" -- --sha_Monte_requests=" --SHA1Monte.req --SHA224Monte.req --SHA256Monte.req --SHA384Monte.req --SHA512Monte.req --" -- --if [ ${COMMAND} = "verify" ]; then -- for request in $sha_ShortMsg_requests $sha_LongMsg_requests $sha_Monte_requests; do -- sh ./validate1.sh ${TESTDIR} $request -- done -- exit 0 --fi -- --for request in $sha_ShortMsg_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $sha_LongMsg_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $sha_Monte_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response --done -- -diff --git a/cmd/fipstest/tdea.sh b/cmd/fipstest/tdea.sh -deleted file mode 100644 ---- a/cmd/fipstest/tdea.sh -+++ /dev/null -@@ -1,106 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST tdea Algorithm Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. -- --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/TDES --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --#CBC_Known_Answer_tests --#Initial Permutation KAT --#Permutation Operation KAT --#Subsitution Table KAT --#Variable Key KAT --#Variable PlainText KAT --cbc_kat_requests=" --TCBCinvperm.req --TCBCpermop.req --TCBCsubtab.req --TCBCvarkey.req --TCBCvartext.req --" -- --#CBC Monte Carlo KATs --cbc_monte_requests=" --TCBCMonte1.req --TCBCMonte2.req --TCBCMonte3.req --" --#Multi-block Message KATs --cbc_mmt_requests=" --TCBCMMT1.req --TCBCMMT2.req --TCBCMMT3.req --" -- --ecb_kat_requests=" --TECBinvperm.req --TECBpermop.req --TECBsubtab.req --TECBvarkey.req --TECBvartext.req --" -- --ecb_monte_requests=" --TECBMonte1.req --TECBMonte2.req --TECBMonte3.req --" -- --ecb_mmt_requests=" --TECBMMT1.req --TECBMMT2.req --TECBMMT3.req --" -- -- --if [ ${COMMAND} = "verify" ]; then -- for request in $cbc_kat_requests $cbc_monte_requests $cbc_mmt_requests $ecb_kat_requests $ecb_monte_requests $ecb_mmt_requests -- do -- sh ./validate1.sh ${TESTDIR} $request "-e /^NumKeys/d" -- done -- exit 0 --fi -- --for request in $cbc_kat_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tdea kat cbc ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $cbc_mmt_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tdea mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $cbc_monte_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tdea mct cbc ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $ecb_kat_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tdea kat ecb ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $ecb_mmt_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tdea mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response --done --for request in $ecb_monte_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tdea mct ecb ${REQDIR}/$request > ${RSPDIR}/$response --done -diff --git a/cmd/fipstest/tls.sh b/cmd/fipstest/tls.sh -deleted file mode 100644 ---- a/cmd/fipstest/tls.sh -+++ /dev/null -@@ -1,34 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# A Bourne shell script for running the NIST RNG Validation Suite --# --# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment --# variables appropriately so that the fipstest command and the NSPR and NSS --# shared libraries/DLLs are on the search path. Then run this script in the --# directory where the REQUEST (.req) files reside. The script generates the --# RESPONSE (.rsp) files in the same directory. --BASEDIR=${1-.} --TESTDIR=${BASEDIR}/KDF135 --COMMAND=${2-run} --REQDIR=${TESTDIR}/req --RSPDIR=${TESTDIR}/resp -- --drbg_requests=" --tls.req --" -- --if [ ${COMMAND} = "verify" ]; then -- for request in $drbg_requests; do -- sh ./validate1.sh ${TESTDIR} $request -- done -- exit 0 --fi --for request in $drbg_requests; do -- response=`echo $request | sed -e "s/req/rsp/"` -- echo $request $response -- fipstest tls ${REQDIR}/$request > ${RSPDIR}/$response --done -diff --git a/cmd/fipstest/validate.sh b/cmd/fipstest/validate.sh -deleted file mode 100644 ---- a/cmd/fipstest/validate.sh -+++ /dev/null -@@ -1,7 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --sh ./runtest.sh ${1-.} verify -diff --git a/cmd/fipstest/validate1.sh b/cmd/fipstest/validate1.sh -deleted file mode 100644 ---- a/cmd/fipstest/validate1.sh -+++ /dev/null -@@ -1,30 +0,0 @@ --#!/bin/sh --# --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. --# --# Validate1.sh is a helper shell script that each of the base test shell --# scripts call to help validate that the generated response (response) --# matches the known answer response (fax). Sometimes (depending on the --# individual tests) there are extraneous output in either or both response --# and fax files. These allow the caller to pass in additional sed commands --# to clear out those extraneous outputs before we compare the two files. --# The sed line always clears out Windows line endings, replaces tabs with --# spaces, and removed comments. --# --TESTDIR=${1-.} --request=${2} --extraneous_response=${3} --extraneous_fax=${4} --name=`basename $request .req` --echo ">>>>> $name" --sed -e 's; ;;g' -e 's; ; ;g' -e '/^#/d' $extraneous_response ${TESTDIR}/resp/${name}.rsp > /tmp/y1 --# if we didn't generate any output, flag that as an error --size=`sum /tmp/y1 | awk '{ print $NF }'` --if [ $size -eq 0 ]; then -- echo "${TESTDIR}/resp/${name}.rsp: empty" -- exit 1; --fi --sed -e 's; ;;g' -e 's; ; ;g' -e '/^#/d' $extraneous_fax ${TESTDIR}/fax/${name}.fax > /tmp/y2 --diff -i -w -B /tmp/y1 /tmp/y2 -diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c ---- a/lib/softoken/fipstest.c -+++ b/lib/softoken/fipstest.c -@@ -7,16 +7,17 @@ - - #ifndef NSS_FIPS_DISABLED - #include "seccomon.h" - #include "blapi.h" - #include "softoken.h" - #include "lowkeyi.h" - #include "secoid.h" - #include "secerr.h" -+#include "pkcs11i.h" - - /* - * different platforms have different ways of calling and initial entry point - * when the dll/.so is loaded. Most platforms support either a posix pragma - * or the GCC attribute. Some platforms suppor a pre-defined name, and some - * platforms have a link line way of invoking this function. - */ - -@@ -621,16 +622,20 @@ sftk_startup_tests(void) - return; - } - if (!BLAPI_SHVerify(libraryName, - (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) { - /* something is wrong with the library, fail without enabling - * the token */ - return; - } -+ rv = sftk_fips_IKE_PowerUpSelfTests(); -+ if (rv != SECSuccess) { -+ return; -+ } - sftk_self_tests_success = PR_TRUE; - } - - /* - * this is called from nsc_Common_Initizialize entry points that gates access - * to * all other pkcs11 functions. This prevents softoken operation if our - * power on selftest failed. - */ -diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn ---- a/lib/softoken/manifest.mn -+++ b/lib/softoken/manifest.mn -@@ -41,16 +41,17 @@ CSRCS = \ - lowpbe.c \ - padbuf.c \ - pkcs11.c \ - pkcs11c.c \ - pkcs11u.c \ - sdb.c \ - sftkdb.c \ - sftkhmac.c \ -+ sftkike.c \ - sftkpars.c \ - sftkpwd.c \ - softkver.c \ - tlsprf.c \ - jpakesftk.c \ - $(NULL) - - ifdef SQLITE_UNSAFE_THREADS -diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c ---- a/lib/softoken/pkcs11.c -+++ b/lib/softoken/pkcs11.c -@@ -323,16 +323,18 @@ static const struct mechanismList mechan - { CKM_AES_ECB, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, - { CKM_AES_CBC, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, - { CKM_AES_MAC, { 16, 32, CKF_SN_VR }, PR_TRUE }, - { CKM_AES_MAC_GENERAL, { 16, 32, CKF_SN_VR }, PR_TRUE }, - { CKM_AES_CBC_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, - { CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE }, - { CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE }, - { CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE }, -+ { CKM_AES_XCBC_MAC_96, { 12, 12, CKF_SN_VR }, PR_TRUE }, -+ { CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE }, - /* ------------------------- Camellia Operations --------------------- */ - { CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE }, - { CKM_CAMELLIA_ECB, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, - { CKM_CAMELLIA_CBC, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, - { CKM_CAMELLIA_MAC, { 16, 32, CKF_SN_VR }, PR_TRUE }, - { CKM_CAMELLIA_MAC_GENERAL, { 16, 32, CKF_SN_VR }, PR_TRUE }, - { CKM_CAMELLIA_CBC_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, - /* ------------------------- SEED Operations --------------------------- */ -@@ -504,17 +506,21 @@ static const struct mechanismList mechan - { CKM_NSS_JPAKE_ROUND2_SHA384, { 0, 0, CKF_DERIVE }, PR_TRUE }, - { CKM_NSS_JPAKE_ROUND2_SHA512, { 0, 0, CKF_DERIVE }, PR_TRUE }, - { CKM_NSS_JPAKE_FINAL_SHA1, { 0, 0, CKF_DERIVE }, PR_TRUE }, - { CKM_NSS_JPAKE_FINAL_SHA256, { 0, 0, CKF_DERIVE }, PR_TRUE }, - { CKM_NSS_JPAKE_FINAL_SHA384, { 0, 0, CKF_DERIVE }, PR_TRUE }, - { CKM_NSS_JPAKE_FINAL_SHA512, { 0, 0, CKF_DERIVE }, PR_TRUE }, - /* -------------------- Constant Time TLS MACs ----------------------- */ - { CKM_NSS_HMAC_CONSTANT_TIME, { 0, 0, CKF_DIGEST }, PR_TRUE }, -- { CKM_NSS_SSL3_MAC_CONSTANT_TIME, { 0, 0, CKF_DIGEST }, PR_TRUE } -+ { CKM_NSS_SSL3_MAC_CONSTANT_TIME, { 0, 0, CKF_DIGEST }, PR_TRUE }, -+ /* --------------------IPSEC ----------------------- */ -+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }, -+ { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }, -+ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE } - }; - static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]); - - /* sigh global so fipstokn can read it */ - PRBool nsc_init = PR_FALSE; - - #if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED) - -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -94,49 +94,16 @@ sftk_Space(void *data, PRBool freeit) - PORT_Free(data); - } - - /* - * map all the SEC_ERROR_xxx error codes that may be returned by freebl - * functions to CKR_xxx. return CKR_DEVICE_ERROR by default for backward - * compatibility. - */ --static CK_RV --sftk_MapCryptError(int error) --{ -- switch (error) { -- case SEC_ERROR_INVALID_ARGS: -- case SEC_ERROR_BAD_DATA: /* MP_RANGE gets mapped to this */ -- return CKR_ARGUMENTS_BAD; -- case SEC_ERROR_INPUT_LEN: -- return CKR_DATA_LEN_RANGE; -- case SEC_ERROR_OUTPUT_LEN: -- return CKR_BUFFER_TOO_SMALL; -- case SEC_ERROR_LIBRARY_FAILURE: -- return CKR_GENERAL_ERROR; -- case SEC_ERROR_NO_MEMORY: -- return CKR_HOST_MEMORY; -- case SEC_ERROR_BAD_SIGNATURE: -- return CKR_SIGNATURE_INVALID; -- case SEC_ERROR_INVALID_KEY: -- return CKR_KEY_SIZE_RANGE; -- case SEC_ERROR_BAD_KEY: /* an EC public key that fails validation */ -- return CKR_KEY_SIZE_RANGE; /* the closest error code */ -- case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: -- return CKR_TEMPLATE_INCONSISTENT; -- case SEC_ERROR_UNSUPPORTED_KEYALG: -- return CKR_MECHANISM_INVALID; -- case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: -- return CKR_DOMAIN_PARAMS_INVALID; -- /* key pair generation failed after max number of attempts */ -- case SEC_ERROR_NEED_RANDOM: -- return CKR_FUNCTION_FAILED; -- } -- return CKR_DEVICE_ERROR; --} - - /* used by Decrypt and UnwrapKey (indirectly) */ - static CK_RV - sftk_MapDecryptError(int error) - { - switch (error) { - case SEC_ERROR_BAD_DATA: - return CKR_ENCRYPTED_DATA_INVALID; -@@ -2075,19 +2042,22 @@ sftk_InitCBCMac(CK_SESSION_HANDLE hSessi - CK_MECHANISM cbc_mechanism; - CK_ULONG mac_bytes = SFTK_INVALID_MAC_SIZE; - CK_RC2_CBC_PARAMS rc2_params; - #if NSS_SOFTOKEN_DOES_RC5 - CK_RC5_CBC_PARAMS rc5_params; - CK_RC5_MAC_GENERAL_PARAMS *rc5_mac; - #endif - unsigned char ivBlock[SFTK_MAX_BLOCK_SIZE]; -+ unsigned char k2[SFTK_MAX_BLOCK_SIZE]; -+ unsigned char k3[SFTK_MAX_BLOCK_SIZE]; - SFTKSessionContext *context; - CK_RV crv; - unsigned int blockSize; -+ PRBool isXCBC = PR_FALSE; - - switch (pMechanism->mechanism) { - case CKM_RC2_MAC_GENERAL: - if (!pMechanism->pParameter) { - return CKR_MECHANISM_PARAM_INVALID; - } - mac_bytes = - ((CK_RC2_MAC_GENERAL_PARAMS *)pMechanism->pParameter)->ulMacLength; -@@ -2181,43 +2151,82 @@ sftk_InitCBCMac(CK_SESSION_HANDLE hSessi - /* fall through */ - case CKM_AES_MAC: - blockSize = 16; - PORT_Memset(ivBlock, 0, blockSize); - cbc_mechanism.mechanism = CKM_AES_CBC; - cbc_mechanism.pParameter = &ivBlock; - cbc_mechanism.ulParameterLen = blockSize; - break; -+ case CKM_AES_XCBC_MAC_96: -+ case CKM_AES_XCBC_MAC: -+ /* The only difference between CKM_AES_XCBC_MAC -+ * and CKM_AES_XCBC_MAC_96 is the size of the returned mac. */ -+ mac_bytes = pMechanism->mechanism == CKM_AES_XCBC_MAC_96 ? 12 : 16; -+ blockSize = 16; -+ PORT_Memset(ivBlock, 0, blockSize); -+ cbc_mechanism.mechanism = CKM_AES_CBC; -+ cbc_mechanism.pParameter = &ivBlock; -+ cbc_mechanism.ulParameterLen = blockSize; -+ /* is XCBC requires extra processing at the end of the operation */ -+ isXCBC = PR_TRUE; -+ /* The input key is used to generate k1, k2, and k3. k2 and k3 -+ * are used at the end in the pad step. k1 replaces the input -+ * key in the aes cbc mac */ -+ crv = sftk_aes_xcbc_new_keys(hSession, hKey, &hKey, k2, k3); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ break; - default: - return CKR_FUNCTION_NOT_SUPPORTED; - } - - /* if MAC size is externally supplied, it should be checked. - */ - if (mac_bytes == SFTK_INVALID_MAC_SIZE) - mac_bytes = blockSize >> 1; - else { -- if (mac_bytes > blockSize) -- return CKR_MECHANISM_PARAM_INVALID; -+ if (mac_bytes > blockSize) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ goto fail; -+ } - } - - crv = sftk_CryptInit(hSession, &cbc_mechanism, hKey, - CKA_ENCRYPT, /* CBC mech is able to ENCRYPT, not SIGN/VERIFY */ - keyUsage, contextType, PR_TRUE); - if (crv != CKR_OK) -- return crv; -+ goto fail; - crv = sftk_GetContext(hSession, &context, contextType, PR_TRUE, NULL); - - /* this shouldn't happen! */ - PORT_Assert(crv == CKR_OK); - if (crv != CKR_OK) -- return crv; -+ goto fail; - context->blockSize = blockSize; - context->macSize = mac_bytes; -+ context->isXCBC = isXCBC; -+ if (isXCBC) { -+ /* save the xcbc specific parameters */ -+ PORT_Memcpy(context->k2, k2, blockSize); -+ PORT_Memcpy(context->k3, k3, blockSize); -+ PORT_Memset(k2, 0, blockSize); -+ PORT_Memset(k3, 0, blockSize); -+ /* get rid of the temp key now that the context has been created */ -+ NSC_DestroyObject(hSession, hKey); -+ } - return CKR_OK; -+fail: -+ if (isXCBC) { -+ PORT_Memset(k2, 0, blockSize); -+ PORT_Memset(k3, 0, blockSize); -+ NSC_DestroyObject(hSession, hKey); /* get rid of our temp key */ -+ } -+ return crv; - } - - /* - * encode RSA PKCS #1 Signature data before signing... - */ - static SECStatus - sftk_RSAHashSign(SFTKHashSignInfo *info, unsigned char *sig, - unsigned int *sigLen, unsigned int maxLen, -@@ -2823,16 +2832,23 @@ sftk_MACBlock(SFTKSessionContext *ctx, v - * - * Call once, then terminate MACing operation. - */ - static CK_RV - sftk_MACFinal(SFTKSessionContext *ctx) - { - unsigned int padLen = ctx->padDataLength; - /* pad and proceed the residual */ -+ if (ctx->isXCBC) { -+ CK_RV crv = sftk_xcbc_mac_pad(ctx->padBuf, padLen, ctx->blockSize, -+ ctx->k2, ctx->k3); -+ if (crv != CKR_OK) -+ return crv; -+ return sftk_MACBlock(ctx, ctx->padBuf); -+ } - if (padLen) { - /* shd clr ctx->padLen to make sftk_MACFinal idempotent */ - PORT_Memset(ctx->padBuf + padLen, 0, ctx->blockSize - padLen); - return sftk_MACBlock(ctx, ctx->padBuf); - } else - return CKR_OK; - } - -@@ -2861,31 +2877,31 @@ sftk_MACUpdate(CK_SESSION_HANDLE hSessio - - unsigned int blkSize = context->blockSize; - unsigned char *residual = /* free room in context->padBuf */ - context->padBuf + context->padDataLength; - unsigned int minInput = /* min input for MACing at least one block */ - blkSize - context->padDataLength; - - /* not enough data even for one block */ -- if (ulPartLen < minInput) { -+ if (ulPartLen <= minInput) { - PORT_Memcpy(residual, pPart, ulPartLen); - context->padDataLength += ulPartLen; - goto cleanup; - } - /* MACing residual */ - if (context->padDataLength) { - PORT_Memcpy(residual, pPart, minInput); - ulPartLen -= minInput; - pPart += minInput; - if (CKR_OK != (crv = sftk_MACBlock(context, context->padBuf))) - goto terminate; - } - /* MACing full blocks */ -- while (ulPartLen >= blkSize) { -+ while (ulPartLen > blkSize) { - if (CKR_OK != (crv = sftk_MACBlock(context, pPart))) - goto terminate; - ulPartLen -= blkSize; - pPart += blkSize; - } - /* save the residual */ - if ((context->padDataLength = ulPartLen)) - PORT_Memcpy(context->padBuf, pPart, ulPartLen); -@@ -6513,16 +6529,55 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - if (att == NULL) { - sftk_FreeObject(key); - sftk_FreeObject(sourceKey); - return CKR_KEY_HANDLE_INVALID; - } - } - - switch (mechanism) { -+ case CKM_NSS_IKE_PRF_DERIVE: -+ if (pMechanism->ulParameterLen != -+ sizeof(CK_NSS_IKE_PRF_DERIVE_PARAMS)) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ crv = sftk_ike_prf(hSession, att, -+ (CK_NSS_IKE_PRF_DERIVE_PARAMS *)pMechanism->pParameter, key); -+ break; -+ case CKM_NSS_IKE1_PRF_DERIVE: -+ if (pMechanism->ulParameterLen != -+ sizeof(CK_NSS_IKE1_PRF_DERIVE_PARAMS)) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ crv = sftk_ike1_prf(hSession, att, -+ (CK_NSS_IKE1_PRF_DERIVE_PARAMS *)pMechanism->pParameter, -+ key, keySize); -+ break; -+ case CKM_NSS_IKE1_APP_B_PRF_DERIVE: -+ if (pMechanism->ulParameterLen != -+ sizeof(CK_MECHANISM_TYPE)) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ crv = sftk_ike1_appendix_b_prf(hSession, att, -+ (CK_MECHANISM_TYPE *)pMechanism->pParameter, -+ key, keySize); -+ break; -+ case CKM_NSS_IKE_PRF_PLUS_DERIVE: -+ if (pMechanism->ulParameterLen != -+ sizeof(CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS)) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ crv = sftk_ike_prf_plus(hSession, att, -+ (CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS *)pMechanism->pParameter, -+ key, keySize); -+ break; - /* - * generate the master secret - */ - case CKM_TLS12_MASTER_KEY_DERIVE: - case CKM_TLS12_MASTER_KEY_DERIVE_DH: - case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: - case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: - case CKM_TLS_MASTER_KEY_DERIVE: -diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h ---- a/lib/softoken/pkcs11i.h -+++ b/lib/softoken/pkcs11i.h -@@ -248,22 +248,25 @@ typedef enum { - * multi=0 hashInfo=0 PKC S/V one shot (w/o hashing) - * multi=0 hashInfo=X *** shouldn't happen *** - */ - struct SFTKSessionContextStr { - SFTKContextType type; - PRBool multi; /* is multipart */ - PRBool rsa; /* is rsa */ - PRBool doPad; /* use PKCS padding for block ciphers */ -+ PRBool isXCBC; /* xcbc, use special handling in final */ - unsigned int blockSize; /* blocksize for padding */ - unsigned int padDataLength; /* length of the valid data in padbuf */ - /** latest incomplete block of data for block cipher */ - unsigned char padBuf[SFTK_MAX_BLOCK_SIZE]; - /** result of MAC'ing of latest full block of data with block cipher */ - unsigned char macBuf[SFTK_MAX_BLOCK_SIZE]; -+ unsigned char k2[SFTK_MAX_BLOCK_SIZE]; -+ unsigned char k3[SFTK_MAX_BLOCK_SIZE]; - CK_ULONG macSize; /* size of a general block cipher mac*/ - void *cipherInfo; - void *hashInfo; - unsigned int cipherInfoLen; - CK_MECHANISM_TYPE currentMech; - SFTKCipher update; - SFTKHash hashUpdate; - SFTKEnd end; -@@ -600,16 +603,17 @@ extern CK_RV SFTK_SlotInit(char *configd - extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir, - char *updatedir, char *updateID, - sftk_token_parameters *params, int moduleIndex); - extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot); - extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot); - extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout); - - /* internal utility functions used by pkcs11.c */ -+extern CK_RV sftk_MapCryptError(int error); - extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object, - CK_ATTRIBUTE_TYPE type); - extern void sftk_FreeAttribute(SFTKAttribute *attribute); - extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type, - const void *valPtr, CK_ULONG length); - extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - SFTKObject *object, CK_ATTRIBUTE_TYPE type); - extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena, -@@ -681,16 +685,40 @@ extern void sftk_CleanupFreeLists(void); - extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object, - CK_KEY_TYPE key_type, CK_RV *crvp); - extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object, - CK_KEY_TYPE key_type, CK_RV *crvp); - extern void sftk_FormatDESKey(unsigned char *key, int length); - extern PRBool sftk_CheckDESKey(unsigned char *key); - extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type); - -+/* ike and xcbc helpers */ -+extern CK_RV sftk_ike_prf(CK_SESSION_HANDLE hSession, -+ const SFTKAttribute *inKey, -+ const CK_NSS_IKE_PRF_DERIVE_PARAMS *params, SFTKObject *outKey); -+extern CK_RV sftk_ike1_prf(CK_SESSION_HANDLE hSession, -+ const SFTKAttribute *inKey, -+ const CK_NSS_IKE1_PRF_DERIVE_PARAMS *params, SFTKObject *outKey, -+ unsigned int keySize); -+extern CK_RV sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, -+ const SFTKAttribute *inKey, -+ const CK_MECHANISM_TYPE *params, SFTKObject *outKey, -+ unsigned int keySize); -+extern CK_RV sftk_ike_prf_plus(CK_SESSION_HANDLE hSession, -+ const SFTKAttribute *inKey, -+ const CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS *params, SFTKObject *outKey, -+ unsigned int keySize); -+extern CK_RV sftk_aes_xcbc_new_keys(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE hKey, CK_OBJECT_HANDLE_PTR phKey, -+ unsigned char *k2, unsigned char *k3); -+extern CK_RV sftk_xcbc_mac_pad(unsigned char *padBuf, unsigned int bufLen, -+ int blockSize, const unsigned char *k2, -+ const unsigned char *k3); -+extern SECStatus sftk_fips_IKE_PowerUpSelfTests(void); -+ - /* mechanism allows this operation */ - extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op); - - /* helper function which calls nsslowkey_FindKeyByPublicKey after safely - * acquiring a reference to the keydb from the slot */ - NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey); - - /* -diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c ---- a/lib/softoken/pkcs11u.c -+++ b/lib/softoken/pkcs11u.c -@@ -10,16 +10,57 @@ - #include "secasn1.h" - #include "blapi.h" - #include "secerr.h" - #include "prnetdb.h" /* for PR_ntohl */ - #include "sftkdb.h" - #include "softoken.h" - - /* -+ * ******************** Error mapping ******************************* -+ */ -+/* -+ * map all the SEC_ERROR_xxx error codes that may be returned by freebl -+ * functions to CKR_xxx. return CKR_DEVICE_ERROR by default for backward -+ * compatibility. -+ */ -+CK_RV -+sftk_MapCryptError(int error) -+{ -+ switch (error) { -+ case SEC_ERROR_INVALID_ARGS: -+ case SEC_ERROR_BAD_DATA: /* MP_RANGE gets mapped to this */ -+ return CKR_ARGUMENTS_BAD; -+ case SEC_ERROR_INPUT_LEN: -+ return CKR_DATA_LEN_RANGE; -+ case SEC_ERROR_OUTPUT_LEN: -+ return CKR_BUFFER_TOO_SMALL; -+ case SEC_ERROR_LIBRARY_FAILURE: -+ return CKR_GENERAL_ERROR; -+ case SEC_ERROR_NO_MEMORY: -+ return CKR_HOST_MEMORY; -+ case SEC_ERROR_BAD_SIGNATURE: -+ return CKR_SIGNATURE_INVALID; -+ case SEC_ERROR_INVALID_KEY: -+ return CKR_KEY_SIZE_RANGE; -+ case SEC_ERROR_BAD_KEY: /* an EC public key that fails validation */ -+ return CKR_KEY_SIZE_RANGE; /* the closest error code */ -+ case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: -+ return CKR_TEMPLATE_INCONSISTENT; -+ case SEC_ERROR_UNSUPPORTED_KEYALG: -+ return CKR_MECHANISM_INVALID; -+ case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: -+ return CKR_DOMAIN_PARAMS_INVALID; -+ /* key pair generation failed after max number of attempts */ -+ case SEC_ERROR_NEED_RANDOM: -+ return CKR_FUNCTION_FAILED; -+ } -+ return CKR_DEVICE_ERROR; -+} -+/* - * ******************** Attribute Utilities ******************************* - */ - - /* - * create a new attribute with type, value, and length. Space is allocated - * to hold value. - */ - static SFTKAttribute * -diff --git a/lib/softoken/sftkike.c b/lib/softoken/sftkike.c -new file mode 100644 ---- /dev/null -+++ b/lib/softoken/sftkike.c -@@ -0,0 +1,1289 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+/* -+ * This file implements PKCS 11 on top of our existing security modules -+ * -+ * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. -+ * This implementation has two slots: -+ * slot 1 is our generic crypto support. It does not require login. -+ * It supports Public Key ops, and all they bulk ciphers and hashes. -+ * It can also support Private Key ops for imported Private keys. It does -+ * not have any token storage. -+ * slot 2 is our private key support. It requires a login before use. It -+ * can store Private Keys and Certs as token objects. Currently only private -+ * keys and their associated Certificates are saved on the token. -+ * -+ * In this implementation, session objects are only visible to the session -+ * that created or generated them. -+ */ -+#include "seccomon.h" -+#include "secitem.h" -+#include "secport.h" -+#include "blapi.h" -+#include "pkcs11.h" -+#include "pkcs11i.h" -+#include "pkcs1sig.h" -+#include "lowkeyi.h" -+#include "secder.h" -+#include "secdig.h" -+#include "lowpbe.h" /* We do PBE below */ -+#include "pkcs11t.h" -+#include "secoid.h" -+#include "alghmac.h" -+#include "softoken.h" -+#include "secasn1.h" -+#include "secerr.h" -+ -+#include "prprf.h" -+#include "prenv.h" -+ -+/* -+ * A common prfContext to handle both hmac and aes xcbc -+ * hash contexts have non-null hashObj and hmac, aes -+ * contexts have non-null aes */ -+typedef struct prfContextStr { -+ HASH_HashType hashType; -+ const SECHashObject *hashObj; -+ HMACContext *hmac; -+ AESContext *aes; -+ unsigned int nextChar; -+ unsigned char padBuf[AES_BLOCK_SIZE]; -+ unsigned char macBuf[AES_BLOCK_SIZE]; -+ unsigned char k1[AES_BLOCK_SIZE]; -+ unsigned char k2[AES_BLOCK_SIZE]; -+ unsigned char k3[AES_BLOCK_SIZE]; -+} prfContext; -+ -+/* iv full of zeros used in several places in aex xcbc */ -+static const unsigned char iv_zero[] = { -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -+}; -+ -+/* -+ * Generate AES XCBC keys from the AES MAC key. -+ * k1 is used in the actual mac. -+ * k2 and k3 are used in the final pad step. -+ */ -+static CK_RV -+sftk_aes_xcbc_get_keys(const unsigned char *keyValue, unsigned int keyLen, -+ unsigned char *k1, unsigned char *k2, unsigned char *k3) -+{ -+ SECStatus rv; -+ CK_RV crv; -+ unsigned int tmpLen; -+ AESContext *aes_context = NULL; -+ unsigned char newKey[AES_BLOCK_SIZE]; -+ -+ /* AES XCBC keys. k1, k2, and k3 are derived by encrypting -+ * k1data, k2data, and k3data with the mac key. -+ */ -+ static const unsigned char k1data[] = { -+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, -+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 -+ }; -+ static const unsigned char k2data[] = { -+ 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, -+ 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02 -+ }; -+ static const unsigned char k3data[] = { -+ 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, -+ 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 -+ }; -+ -+ /* k1_0 = aes_ecb(0, k1data) */ -+ static const unsigned char k1_0[] = { -+ 0xe1, 0x4d, 0x5d, 0x0e, 0xe2, 0x77, 0x15, 0xdf, -+ 0x08, 0xb4, 0x15, 0x2b, 0xa2, 0x3d, 0xa8, 0xe0 -+ -+ }; -+ /* k2_0 = aes_ecb(0, k2data) */ -+ static const unsigned char k2_0[] = { -+ 0x5e, 0xba, 0x73, 0xf8, 0x91, 0x42, 0xc5, 0x48, -+ 0x80, 0xf6, 0x85, 0x94, 0x37, 0x3c, 0x5c, 0x37 -+ }; -+ /* k3_0 = aes_ecb(0, k3data) */ -+ static const unsigned char k3_0[] = { -+ 0x8d, 0x34, 0xef, 0xcb, 0x3b, 0xd5, 0x45, 0xca, -+ 0x06, 0x2a, 0xec, 0xdf, 0xef, 0x7c, 0x0b, 0xfa -+ }; -+ -+ /* first make sure out input key is the correct length -+ * rfc 4434. If key is shorter, pad with zeros to the -+ * the right. If key is longer newKey = aes_xcbc(0, key, keyLen). -+ */ -+ if (keyLen < AES_BLOCK_SIZE) { -+ PORT_Memcpy(newKey, keyValue, keyLen); -+ PORT_Memset(&newKey[keyLen], 0, AES_BLOCK_SIZE - keyLen); -+ keyValue = newKey; -+ } else if (keyLen > AES_BLOCK_SIZE) { -+ /* calculate our new key = aes_xcbc(0, key, keyLen). Because the -+ * key above is fixed (0), we can precalculate k1, k2, and k2. -+ * if this code ever needs to be more generic (support any xcbc -+ * function rather than just aes, we would probably want to just -+ * recurse here using our prf functions. This would be safe because -+ * the recurse case would have keyLen == blocksize and thus skip -+ * this conditional. -+ */ -+ aes_context = AES_CreateContext(k1_0, iv_zero, NSS_AES_CBC, -+ PR_TRUE, AES_BLOCK_SIZE, AES_BLOCK_SIZE); -+ /* we know the following loop will execute at least once */ -+ while (keyLen > AES_BLOCK_SIZE) { -+ rv = AES_Encrypt(aes_context, newKey, &tmpLen, AES_BLOCK_SIZE, -+ keyValue, AES_BLOCK_SIZE); -+ if (rv != SECSuccess) { -+ goto fail; -+ } -+ keyValue += AES_BLOCK_SIZE; -+ keyLen -= AES_BLOCK_SIZE; -+ } -+ PORT_Memcpy(newKey, keyValue, keyLen); -+ sftk_xcbc_mac_pad(newKey, keyLen, AES_BLOCK_SIZE, k2_0, k3_0); -+ rv = AES_Encrypt(aes_context, newKey, &tmpLen, AES_BLOCK_SIZE, -+ newKey, AES_BLOCK_SIZE); -+ if (rv != SECSuccess) { -+ goto fail; -+ } -+ keyValue = newKey; -+ AES_DestroyContext(aes_context, PR_TRUE); -+ } -+ /* the length of the key in keyValue is known to be AES_BLOCK_SIZE, -+ * either because it was on input, or it was shorter and extended, or -+ * because it was mac'd down using aes_xcbc_prf. -+ */ -+ aes_context = AES_CreateContext(keyValue, iv_zero, -+ NSS_AES, PR_TRUE, AES_BLOCK_SIZE, AES_BLOCK_SIZE); -+ if (aes_context == NULL) { -+ goto fail; -+ } -+ rv = AES_Encrypt(aes_context, k1, &tmpLen, AES_BLOCK_SIZE, -+ k1data, sizeof(k1data)); -+ if (rv != SECSuccess) { -+ goto fail; -+ } -+ rv = AES_Encrypt(aes_context, k2, &tmpLen, AES_BLOCK_SIZE, -+ k2data, sizeof(k2data)); -+ if (rv != SECSuccess) { -+ goto fail; -+ } -+ rv = AES_Encrypt(aes_context, k3, &tmpLen, AES_BLOCK_SIZE, -+ k3data, sizeof(k3data)); -+ if (rv != SECSuccess) { -+ goto fail; -+ } -+ AES_DestroyContext(aes_context, PR_TRUE); -+ PORT_Memset(newKey, 0, AES_BLOCK_SIZE); -+ return CKR_OK; -+fail: -+ crv = sftk_MapCryptError(PORT_GetError()); -+ if (aes_context) { -+ AES_DestroyContext(aes_context, PR_TRUE); -+ } -+ PORT_Memset(k1, 0, AES_BLOCK_SIZE); -+ PORT_Memset(k2, 0, AES_BLOCK_SIZE); -+ PORT_Memset(k3, 0, AES_BLOCK_SIZE); -+ PORT_Memset(newKey, 0, AES_BLOCK_SIZE); -+ return crv; -+} -+ -+/* encode the final pad block of aes xcbc, padBuf is modified */ -+CK_RV -+sftk_xcbc_mac_pad(unsigned char *padBuf, unsigned int bufLen, int blockSize, -+ const unsigned char *k2, const unsigned char *k3) -+{ -+ int i; -+ if (bufLen == blockSize) { -+ for (i = 0; i < blockSize; i++) { -+ padBuf[i] ^= k2[i]; -+ } -+ } else { -+ padBuf[bufLen++] = 0x80; -+ for (i = bufLen; i < blockSize; i++) { -+ padBuf[i] = 0x00; -+ } -+ for (i = 0; i < blockSize; i++) { -+ padBuf[i] ^= k3[i]; -+ } -+ } -+ return CKR_OK; -+} -+ -+/* Map the mechanism to the underlying hash. If the type is not a hash -+ * or HMAC, return HASH_AlgNULL. This can happen legitimately if -+ * we are doing AES XCBC */ -+static HASH_HashType -+sftk_map_hmac_to_hash(CK_MECHANISM_TYPE type) -+{ -+ switch (type) { -+ case CKM_SHA_1_HMAC: -+ case CKM_SHA_1: -+ return HASH_AlgSHA1; -+ case CKM_MD5_HMAC: -+ case CKM_MD5: -+ return HASH_AlgMD5; -+ case CKM_MD2_HMAC: -+ case CKM_MD2: -+ return HASH_AlgMD2; -+ case CKM_SHA224_HMAC: -+ case CKM_SHA224: -+ return HASH_AlgSHA224; -+ case CKM_SHA256_HMAC: -+ case CKM_SHA256: -+ return HASH_AlgSHA256; -+ case CKM_SHA384_HMAC: -+ case CKM_SHA384: -+ return HASH_AlgSHA384; -+ case CKM_SHA512_HMAC: -+ case CKM_SHA512: -+ return HASH_AlgSHA512; -+ } -+ return HASH_AlgNULL; -+} -+ -+/* -+ * Generally setup the context based on the mechanism. -+ * If the mech is HMAC, context->hashObj should be set -+ * Otherwise it is assumed to be AES XCBC. prf_setup -+ * checks these assumptions and will return an error -+ * if they are not met. NOTE: this function does not allocate -+ * anything, so there is no requirement to free context after -+ * prf_setup like there is if you call prf_init. -+ */ -+static CK_RV -+prf_setup(prfContext *context, CK_MECHANISM_TYPE mech) -+{ -+ context->hashType = sftk_map_hmac_to_hash(mech); -+ context->hashObj = NULL; -+ context->hmac = NULL; -+ context->aes = NULL; -+ if (context->hashType != HASH_AlgNULL) { -+ context->hashObj = HASH_GetRawHashObject(context->hashType); -+ if (context->hashObj == NULL) { -+ return CKR_GENERAL_ERROR; -+ } -+ return CKR_OK; -+ } else if (mech == CKM_AES_XCBC_MAC) { -+ return CKR_OK; -+ } -+ return CKR_MECHANISM_PARAM_INVALID; -+} -+ -+/* return the underlying prf length for this context. This will -+ * function once the context is setup */ -+static CK_RV -+prf_length(prfContext *context) -+{ -+ if (context->hashObj) { -+ return context->hashObj->length; -+ } -+ return AES_BLOCK_SIZE; /* AES */ -+} -+ -+/* set up the key for the prf. prf_update or prf_final should not be called if -+ * prf_init has not been called first. Once prf_init returns hmac and -+ * aes contexts should set and valid. -+ */ -+static CK_RV -+prf_init(prfContext *context, const unsigned char *keyValue, -+ unsigned int keyLen) -+{ -+ CK_RV crv; -+ -+ context->hmac = NULL; -+ if (context->hashObj) { -+ context->hmac = HMAC_Create(context->hashObj, -+ keyValue, keyLen, PR_FALSE); -+ if (context->hmac == NULL) { -+ return sftk_MapCryptError(PORT_GetError()); -+ } -+ HMAC_Begin(context->hmac); -+ } else { -+ crv = sftk_aes_xcbc_get_keys(keyValue, keyLen, context->k1, -+ context->k2, context->k3); -+ if (crv != CKR_OK) -+ return crv; -+ context->nextChar = 0; -+ context->aes = AES_CreateContext(context->k1, iv_zero, NSS_AES_CBC, -+ PR_TRUE, sizeof(context->k1), AES_BLOCK_SIZE); -+ if (context->aes == NULL) { -+ crv = sftk_MapCryptError(PORT_GetError()); -+ PORT_Memset(context->k1, 0, sizeof(context->k1)); -+ PORT_Memset(context->k2, 0, sizeof(context->k2)); -+ PORT_Memset(context->k3, 0, sizeof(context->k2)); -+ return crv; -+ } -+ } -+ return CKR_OK; -+} -+ -+/* -+ * process input to the prf -+ */ -+static CK_RV -+prf_update(prfContext *context, const unsigned char *buf, unsigned int len) -+{ -+ unsigned int tmpLen; -+ SECStatus rv; -+ -+ if (context->hmac) { -+ HMAC_Update(context->hmac, buf, len); -+ } else { -+ /* AES MAC XCBC*/ -+ /* We must keep the last block back so that it can be processed in -+ * final. This is why we only check that nextChar + len > blocksize, -+ * rather than checking that nextChar + len >= blocksize */ -+ while (context->nextChar + len > AES_BLOCK_SIZE) { -+ if (context->nextChar != 0) { -+ /* first handle fill in any partial blocks in the buffer */ -+ unsigned int left = AES_BLOCK_SIZE - context->nextChar; -+ /* note: left can be zero */ -+ PORT_Memcpy(context->padBuf + context->nextChar, buf, left); -+ /* NOTE: AES MAC XCBC xors the data with the previous block -+ * We don't do that step here because our AES_Encrypt mode -+ * is CBC, which does the xor automatically */ -+ rv = AES_Encrypt(context->aes, context->macBuf, &tmpLen, -+ sizeof(context->macBuf), context->padBuf, -+ sizeof(context->padBuf)); -+ if (rv != SECSuccess) { -+ return sftk_MapCryptError(PORT_GetError()); -+ } -+ context->nextChar = 0; -+ len -= left; -+ buf += left; -+ } else { -+ /* optimization. if we have complete blocks to write out -+ * (and will still have leftover blocks for padbuf in the end). -+ * we can mac directly out of our buffer without first copying -+ * them to padBuf */ -+ rv = AES_Encrypt(context->aes, context->macBuf, &tmpLen, -+ sizeof(context->macBuf), buf, AES_BLOCK_SIZE); -+ if (rv != SECSuccess) { -+ return sftk_MapCryptError(PORT_GetError()); -+ } -+ len -= AES_BLOCK_SIZE; -+ buf += AES_BLOCK_SIZE; -+ } -+ } -+ PORT_Memcpy(context->padBuf + context->nextChar, buf, len); -+ context->nextChar += len; -+ } -+ return CKR_OK; -+} -+ -+/* -+ * free the data associated with the prf. Clear any possible CSPs -+ * This can safely be called on any context after prf_setup. It can -+ * also be called an an already freed context. -+ * A free context can be reused by calling prf_init again without -+ * the need to call prf_setup. -+ */ -+static void -+prf_free(prfContext *context) -+{ -+ if (context->hmac) { -+ HMAC_Destroy(context->hmac, PR_TRUE); -+ context->hmac = NULL; -+ } -+ if (context->aes) { -+ PORT_Memset(context->k1, 0, sizeof(context->k1)); -+ PORT_Memset(context->k2, 0, sizeof(context->k2)); -+ PORT_Memset(context->k3, 0, sizeof(context->k2)); -+ PORT_Memset(context->padBuf, 0, sizeof(context->padBuf)); -+ PORT_Memset(context->macBuf, 0, sizeof(context->macBuf)); -+ AES_DestroyContext(context->aes, PR_TRUE); -+ context->aes = NULL; -+ } -+} -+ -+/* -+ * extract the final prf value. On success, this has the side effect of -+ * also freeing the context data and clearing the keys -+ */ -+static CK_RV -+prf_final(prfContext *context, unsigned char *buf, unsigned int len) -+{ -+ unsigned int tmpLen; -+ SECStatus rv; -+ -+ if (context->hmac) { -+ unsigned int outLen; -+ HMAC_Finish(context->hmac, buf, &outLen, len); -+ if (outLen != len) { -+ return CKR_GENERAL_ERROR; -+ } -+ } else { -+ /* prf_update had guarrenteed that the last full block is still in -+ * the padBuf if the input data is a multiple of the blocksize. This -+ * allows sftk_xcbc_mac_pad to process that pad buf accordingly */ -+ sftk_xcbc_mac_pad(context->padBuf, context->nextChar, AES_BLOCK_SIZE, -+ context->k2, context->k3); -+ rv = AES_Encrypt(context->aes, context->macBuf, &tmpLen, -+ sizeof(context->macBuf), context->padBuf, AES_BLOCK_SIZE); -+ if (rv != SECSuccess) { -+ return sftk_MapCryptError(PORT_GetError()); -+ } -+ PORT_Memcpy(buf, context->macBuf, len); -+ } -+ prf_free(context); -+ return CKR_OK; -+} -+ -+/* -+ * There are four flavors of ike prf functions here. -+ * ike_prf is useb in both ikeV1 and ikeV2 to generate -+ * an initial key that all the other keys are generated with. -+ * -+ * These functions are called from NSC_DeriveKey with the inKey value -+ * already looked up, and it expects the CKA_VALUE for outKey to be set. -+ * -+ * Depending on usage it returns either: -+ * 1. prf(Ni|Nr, inKey); (bDataAsKey=TRUE, bRekey=FALSE) -+ * 2. prf(inKey, Ni|Nr); (bDataAsKkey=FALSE, bRekey=FALSE) -+ * 3. prf(inKey, newKey | Ni | Nr); (bDataAsKey=FALSE, bRekey=TRUE) -+ * The resulting output key is always the length of the underlying prf -+ * (as returned by prf_length()). -+ * The combination of bDataAsKey=TRUE and bRekey=TRUE is not allowed -+ * -+ * Case 1 is used in -+ * a. ikev2 (rfc5996) inKey is called g^ir, the output is called SKEYSEED -+ * b. ikev1 (rfc2409) inKey is called g^ir, the output is called SKEYID -+ * Case 2 is used in ikev1 (rfc2409) inkey is called pre-shared-key, output -+ * id called SKEYID -+ * Case 3 is used in ikev2 (rfc5996) rekey case, inKey is SK_d, newKey is -+ * g^ir (new), the output is called SKEYSEED -+ */ -+CK_RV -+sftk_ike_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey, -+ const CK_NSS_IKE_PRF_DERIVE_PARAMS *params, SFTKObject *outKey) -+{ -+ SFTKAttribute *newKeyValue = NULL; -+ SFTKObject *newKeyObj = NULL; -+ unsigned char outKeyData[HASH_LENGTH_MAX]; -+ unsigned char *newInKey = NULL; -+ unsigned int newInKeySize; -+ unsigned int macSize; -+ CK_RV crv = CKR_OK; -+ prfContext context; -+ -+ crv = prf_setup(&context, params->prfMechanism); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ macSize = prf_length(&context); -+ if ((params->bDataAsKey) && (params->bRekey)) { -+ return CKR_ARGUMENTS_BAD; -+ } -+ if (params->bRekey) { -+ /* lookup the value of new key from the session and key handle */ -+ SFTKSession *session = sftk_SessionFromHandle(hSession); -+ if (session == NULL) { -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ newKeyObj = sftk_ObjectFromHandle(params->hNewKey, session); -+ sftk_FreeSession(session); -+ if (newKeyObj == NULL) { -+ return CKR_KEY_HANDLE_INVALID; -+ } -+ newKeyValue = sftk_FindAttribute(newKeyObj, CKA_VALUE); -+ if (newKeyValue == NULL) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ } -+ if (params->bDataAsKey) { -+ /* The key is Ni || Np, so we need to concatenate them together first */ -+ newInKeySize = params->ulNiLen + params->ulNrLen; -+ newInKey = PORT_Alloc(newInKeySize); -+ if (newInKey == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto fail; -+ } -+ PORT_Memcpy(newInKey, params->pNi, params->ulNiLen); -+ PORT_Memcpy(newInKey + params->ulNiLen, params->pNr, params->ulNrLen); -+ crv = prf_init(&context, newInKey, newInKeySize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ /* key as the data */ -+ crv = prf_update(&context, inKey->attrib.pValue, -+ inKey->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } else { -+ crv = prf_init(&context, inKey->attrib.pValue, -+ inKey->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ if (newKeyValue) { -+ crv = prf_update(&context, newKeyValue->attrib.pValue, -+ newKeyValue->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } -+ crv = prf_update(&context, params->pNi, params->ulNiLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, params->pNr, params->ulNrLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } -+ crv = prf_final(&context, outKeyData, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ -+ crv = sftk_forceAttribute(outKey, CKA_VALUE, outKeyData, macSize); -+fail: -+ if (newInKey) { -+ PORT_Free(newInKey); -+ } -+ if (newKeyValue) { -+ sftk_FreeAttribute(newKeyValue); -+ } -+ if (newKeyObj) { -+ sftk_FreeObject(newKeyObj); -+ } -+ PORT_Memset(outKeyData, 0, macSize); -+ prf_free(&context); -+ return crv; -+} -+ -+/* -+ * The second flavor of ike prf is ike1_prf. -+ * -+ * It is used by ikeV1 to generate the various session keys used in the -+ * connection. It uses the initial key, an optional previous key, and a one byte -+ * key number to generate a unique key for each of the various session -+ * functions (encryption, decryption, mac). These keys expect a key size -+ * (as they may vary in length based on usage). If no length is provided, -+ * it will default to the length of the prf. -+ * -+ * This function returns either: -+ * prf(inKey, gxyKey || CKYi || CKYr || key_number) -+ * or -+ * prf(inKey, prefkey || gxyKey || CKYi || CKYr || key_number) -+ * depending on the stats of bHasPrevKey -+ * -+ * This is defined in rfc2409. For each of the following keys. -+ * inKey is SKEYID, gxyKey is g^xy -+ * for outKey = SKEYID_d, bHasPrevKey = false, key_number = 0 -+ * for outKey = SKEYID_a, prevKey= SKEYID_d, key_number = 1 -+ * for outKey = SKEYID_e, prevKey= SKEYID_a, key_number = 2 -+ */ -+CK_RV -+sftk_ike1_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey, -+ const CK_NSS_IKE1_PRF_DERIVE_PARAMS *params, SFTKObject *outKey, -+ unsigned int keySize) -+{ -+ SFTKAttribute *gxyKeyValue = NULL; -+ SFTKObject *gxyKeyObj = NULL; -+ SFTKAttribute *prevKeyValue = NULL; -+ SFTKObject *prevKeyObj = NULL; -+ SFTKSession *session; -+ unsigned char outKeyData[HASH_LENGTH_MAX]; -+ unsigned int macSize; -+ CK_RV crv; -+ prfContext context; -+ -+ crv = prf_setup(&context, params->prfMechanism); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ macSize = prf_length(&context); -+ if (keySize > macSize) { -+ return CKR_KEY_SIZE_RANGE; -+ } -+ if (keySize == 0) { -+ keySize = macSize; -+ } -+ -+ /* lookup the two keys from their passed in handles */ -+ session = sftk_SessionFromHandle(hSession); -+ if (session == NULL) { -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ gxyKeyObj = sftk_ObjectFromHandle(params->hKeygxy, session); -+ if (params->bHasPrevKey) { -+ prevKeyObj = sftk_ObjectFromHandle(params->hPrevKey, session); -+ } -+ sftk_FreeSession(session); -+ if ((gxyKeyObj == NULL) || ((params->bHasPrevKey) && -+ (prevKeyObj == NULL))) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ gxyKeyValue = sftk_FindAttribute(gxyKeyObj, CKA_VALUE); -+ if (gxyKeyValue == NULL) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ if (prevKeyObj) { -+ prevKeyValue = sftk_FindAttribute(prevKeyObj, CKA_VALUE); -+ if (prevKeyValue == NULL) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ } -+ -+ /* outKey = prf(inKey, [prevKey|] gxyKey | CKYi | CKYr | keyNumber) */ -+ crv = prf_init(&context, inKey->attrib.pValue, inKey->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ if (prevKeyValue) { -+ crv = prf_update(&context, prevKeyValue->attrib.pValue, -+ prevKeyValue->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } -+ crv = prf_update(&context, gxyKeyValue->attrib.pValue, -+ gxyKeyValue->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, params->pCKYi, params->ulCKYiLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, params->pCKYr, params->ulCKYrLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, ¶ms->keyNumber, 1); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_final(&context, outKeyData, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ -+ crv = sftk_forceAttribute(outKey, CKA_VALUE, outKeyData, keySize); -+fail: -+ if (gxyKeyValue) { -+ sftk_FreeAttribute(gxyKeyValue); -+ } -+ if (prevKeyValue) { -+ sftk_FreeAttribute(prevKeyValue); -+ } -+ if (gxyKeyObj) { -+ sftk_FreeObject(gxyKeyObj); -+ } -+ if (prevKeyObj) { -+ sftk_FreeObject(prevKeyObj); -+ } -+ PORT_Memset(outKeyData, 0, macSize); -+ prf_free(&context); -+ return crv; -+} -+ -+/* -+ * The third flavor of ike prf is ike1_appendix_b. -+ * -+ * It is used by ikeV1 to generate longer key material from skeyid_e. -+ * Unlike ike1_prf, if no length is provided, this function -+ * will generate a KEY_RANGE_ERROR. -+ * -+ * This function returns (from rfc2409 appendix b): -+ * Ka = K1 | K2 | K3 | K4 |... Kn -+ * where: -+ * K1 = prf(K, 0x00) -+ * K2 = prf(K, K1) -+ * K3 = prf(K, K2) -+ * K4 = prf(K, K3) -+ * . -+ * Kn = prf(K, T(n-1)) -+ * K = inKey, S = seedKey | seedData -+ */ -+CK_RV -+sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey, -+ const CK_MECHANISM_TYPE *mech, SFTKObject *outKey, unsigned int keySize) -+{ -+ unsigned char *outKeyData = NULL; -+ unsigned char *thisKey = NULL; -+ unsigned char *lastKey = NULL; -+ unsigned int macSize; -+ unsigned int outKeySize; -+ unsigned int genKeySize; -+ CK_RV crv; -+ prfContext context; -+ -+ crv = prf_setup(&context, *mech); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ -+ macSize = prf_length(&context); -+ -+ if (keySize == 0) { -+ keySize = macSize; -+ } -+ -+ if (keySize <= inKey->attrib.ulValueLen) { -+ return sftk_forceAttribute(outKey, CKA_VALUE, -+ inKey->attrib.pValue, keySize); -+ -+ } -+ outKeySize = PR_ROUNDUP(keySize, macSize); -+ outKeyData = PORT_Alloc(outKeySize); -+ if (outKeyData == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto fail; -+ } -+ -+ /* -+ * this loop generates on block of the prf, basically -+ * kn = prf(key, Kn-1) -+ * Kn is thisKey, Kn-1 is lastKey -+ * key is inKey -+ */ -+ thisKey = outKeyData; -+ for (genKeySize = 0; genKeySize <= keySize; genKeySize += macSize) { -+ crv = prf_init(&context, inKey->attrib.pValue, inKey->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ if (lastKey == NULL) { -+ const unsigned char zero = 0; -+ crv = prf_update(&context, &zero, 1); -+ } else { -+ crv = prf_update(&context, lastKey, macSize); -+ } -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_final(&context, thisKey, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ lastKey = thisKey; -+ thisKey += macSize; -+ } -+ crv = sftk_forceAttribute(outKey, CKA_VALUE, outKeyData, keySize); -+fail: -+ if (outKeyData) { -+ PORT_ZFree(outKeyData, outKeySize); -+ } -+ prf_free(&context); -+ return crv; -+} -+ -+/* -+ * The final flavor of ike prf is ike_prf_plus -+ * -+ * It is used by ikeV2 to generate the various session keys used in the -+ * connection. It uses the initial key and a feedback version of the prf -+ * to generate sufficient bytes to cover all the session keys. The application -+ * will then use CK_EXTRACT_KEY_FROM_KEY to pull out the various subkeys. -+ * This function expects a key size to be set by the application to cover -+ * all the keys. Unlike ike1_prf, if no length is provided, this function -+ * will generate a KEY_RANGE_ERROR -+ * -+ * This function returns (from rfc5996): -+ * prfplus = T1 | T2 | T3 | T4 |... Tn -+ * where: -+ * T1 = prf(K, S | 0x01) -+ * T2 = prf(K, T1 | S | 0x02) -+ * T3 = prf(K, T3 | S | 0x03) -+ * T4 = prf(K, T4 | S | 0x04) -+ * . -+ * Tn = prf(K, T(n-1) | n) -+ * K = inKey, S = seedKey | seedData -+ */ -+ -+CK_RV -+sftk_ike_prf_plus(CK_SESSION_HANDLE hSession, const SFTKAttribute *inKey, -+ const CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS *params, SFTKObject *outKey, -+ unsigned int keySize) -+{ -+ SFTKAttribute *seedValue = NULL; -+ SFTKObject *seedKeyObj = NULL; -+ unsigned char *outKeyData = NULL; -+ unsigned int outKeySize; -+ unsigned char *thisKey; -+ unsigned char *lastKey = NULL; -+ unsigned char currentByte = 0; -+ unsigned int getKeySize; -+ unsigned int macSize; -+ CK_RV crv; -+ prfContext context; -+ -+ if (keySize == 0) { -+ return CKR_KEY_SIZE_RANGE; -+ } -+ -+ crv = prf_setup(&context, params->prfMechanism); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ /* pull in optional seedKey */ -+ if (params->bHasSeedKey) { -+ SFTKSession *session = sftk_SessionFromHandle(hSession); -+ if (session == NULL) { -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ seedKeyObj = sftk_ObjectFromHandle(params->hSeedKey, session); -+ sftk_FreeSession(session); -+ if (seedKeyObj == NULL) { -+ return CKR_KEY_HANDLE_INVALID; -+ } -+ seedValue = sftk_FindAttribute(seedKeyObj, CKA_VALUE); -+ if (seedValue == NULL) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ } else if (params->ulSeedDataLen == 0) { -+ crv = CKR_ARGUMENTS_BAD; -+ goto fail; -+ } -+ macSize = prf_length(&context); -+ outKeySize = PR_ROUNDUP(keySize, macSize); -+ outKeyData = PORT_Alloc(outKeySize); -+ if (outKeyData == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto fail; -+ } -+ -+ /* -+ * this loop generates on block of the prf, basically -+ * Tn = prf(key, Tn-1 | S | n) -+ * Tn is thisKey, Tn-2 is lastKey, S is seedKey || seedData, -+ * key is inKey. currentByte = n-1 on entry. -+ */ -+ thisKey = outKeyData; -+ for (getKeySize = 0; getKeySize < keySize; getKeySize += macSize) { -+ /* if currentByte is 255, we'll overflow when we increment it below. -+ * This can only happen if keysize > 255*macSize. In that case -+ * the application has asked for too much key material, so return -+ * an error */ -+ if (currentByte == 255) { -+ crv = CKR_KEY_SIZE_RANGE; -+ goto fail; -+ } -+ crv = prf_init(&context, inKey->attrib.pValue, -+ inKey->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ -+ if (lastKey) { -+ crv = prf_update(&context, lastKey, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } -+ /* prf the key first */ -+ if (seedValue) { -+ crv = prf_update(&context, seedValue->attrib.pValue, -+ seedValue->attrib.ulValueLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } -+ /* then prf the data */ -+ if (params->ulSeedDataLen != 0) { -+ crv = prf_update(&context, params->pSeedData, -+ params->ulSeedDataLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ } -+ currentByte++; -+ crv = prf_update(&context, ¤tByte, 1); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_final(&context, thisKey, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ lastKey = thisKey; -+ thisKey += macSize; -+ } -+ crv = sftk_forceAttribute(outKey, CKA_VALUE, outKeyData, keySize); -+fail: -+ if (outKeyData) { -+ PORT_ZFree(outKeyData, outKeySize); -+ } -+ if (seedValue) { -+ sftk_FreeAttribute(seedValue); -+ } -+ if (seedKeyObj) { -+ sftk_FreeObject(seedKeyObj); -+ } -+ prf_free(&context); -+ return crv; -+} -+ -+/* sftk_aes_xcbc_new_keys: -+ * -+ * aes xcbc creates 3 new keys from the input key. The first key will be the -+ * base key of the underlying cbc. The sign code hooks directly into encrypt -+ * so we'll have to create a full PKCS #11 key with handle for that key. The -+ * caller needs to delete the key when it's through setting up the context. -+ * -+ * The other two keys will be stored in the sign context until we need them -+ * at the end. -+ */ -+CK_RV -+sftk_aes_xcbc_new_keys(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE hKey, CK_OBJECT_HANDLE_PTR phKey, -+ unsigned char *k2, unsigned char *k3) -+{ -+ SFTKObject *key = NULL; -+ SFTKSession *session = NULL; -+ SFTKObject *inKeyObj = NULL; -+ SFTKAttribute *inKeyValue = NULL; -+ CK_KEY_TYPE key_type = CKK_AES; -+ CK_OBJECT_CLASS objclass = CKO_SECRET_KEY; -+ CK_BBOOL ck_true = CK_TRUE; -+ CK_RV crv = CKR_OK; -+ SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); -+ unsigned char buf[AES_BLOCK_SIZE]; -+ -+ if (!slot) { -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ -+ /* get the session */ -+ session = sftk_SessionFromHandle(hSession); -+ if (session == NULL) { -+ crv = CKR_SESSION_HANDLE_INVALID; -+ goto fail; -+ } -+ -+ inKeyObj = sftk_ObjectFromHandle(hKey, session); -+ if (inKeyObj == NULL) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ -+ inKeyValue = sftk_FindAttribute(inKeyObj, CKA_VALUE); -+ if (inKeyValue == NULL) { -+ crv = CKR_KEY_HANDLE_INVALID; -+ goto fail; -+ } -+ -+ crv = sftk_aes_xcbc_get_keys(inKeyValue->attrib.pValue, -+ inKeyValue->attrib.ulValueLen, buf, k2, k3); -+ -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ -+ /* -+ * now lets create an object to hang the attributes off of -+ */ -+ key = sftk_NewObject(slot); /* fill in the handle later */ -+ if (key == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto fail; -+ } -+ -+ /* make sure we don't have any class, key_type, or value fields */ -+ sftk_DeleteAttributeType(key, CKA_CLASS); -+ sftk_DeleteAttributeType(key, CKA_KEY_TYPE); -+ sftk_DeleteAttributeType(key, CKA_VALUE); -+ sftk_DeleteAttributeType(key, CKA_SIGN); -+ -+ /* Add the class, key_type, and value */ -+ crv = sftk_AddAttributeType(key, CKA_CLASS, &objclass, sizeof(CK_OBJECT_CLASS)); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &key_type, sizeof(CK_KEY_TYPE)); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = sftk_AddAttributeType(key, CKA_SIGN, &ck_true, sizeof(CK_BBOOL)); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = sftk_AddAttributeType(key, CKA_VALUE, buf, AES_BLOCK_SIZE); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ -+ /* -+ * finish filling in the key and link it with our global system. -+ */ -+ crv = sftk_handleObject(key, session); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ *phKey = key->handle; -+fail: -+ if (session) { -+ sftk_FreeSession(session); -+ } -+ -+ if (inKeyValue) { -+ sftk_FreeAttribute(inKeyValue); -+ } -+ if (inKeyObj) { -+ sftk_FreeObject(inKeyObj); -+ } -+ if (key) { -+ sftk_FreeObject(key); -+ } -+ /* clear our CSPs */ -+ if (crv != CKR_OK) { -+ PORT_Memset(k2, 0, AES_BLOCK_SIZE); -+ PORT_Memset(k3, 0, AES_BLOCK_SIZE); -+ } -+ return crv; -+} -+ -+/* -+ * Helper function that tests a single prf test vector -+ */ -+static SECStatus -+prf_test(CK_MECHANISM_TYPE mech, -+ const unsigned char *inKey, unsigned int inKeyLen, -+ const unsigned char *plainText, unsigned int plainTextLen, -+ const unsigned char *expectedResult, unsigned int expectedResultLen) -+{ -+ PRUint8 ike_computed_mac[HASH_LENGTH_MAX]; -+ prfContext context; -+ unsigned int macSize; -+ CK_RV crv; -+ -+ crv = prf_setup(&context, mech); -+ if (crv != CKR_OK) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+ } -+ macSize = prf_length(&context); -+ crv = prf_init(&context, inKey, inKeyLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, plainText, plainTextLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_final(&context, ike_computed_mac, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ -+ if (macSize != expectedResultLen) { -+ goto fail; -+ } -+ if (PORT_Memcmp(expectedResult, ike_computed_mac, macSize) != 0) { -+ goto fail; -+ } -+ -+ /* only do the alignment if the plaintext is long enough */ -+ if (plainTextLen <= macSize) { -+ return SECSuccess; -+ } -+ /* do it again, but this time tweak with the alignment */ -+ crv = prf_init(&context, inKey, inKeyLen); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, plainText, 1); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, &plainText[1], macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_update(&context, &plainText[1 + macSize], plainTextLen - (macSize + 1)); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ crv = prf_final(&context, ike_computed_mac, macSize); -+ if (crv != CKR_OK) { -+ goto fail; -+ } -+ if (PORT_Memcmp(expectedResult, ike_computed_mac, macSize) != 0) { -+ goto fail; -+ } -+ return SECSuccess; -+fail: -+ prf_free(&context); -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+} -+ -+/* -+ * FIPS Power up Self Tests for IKE. This is in this function so it -+ * can access the private prf_ functions here. It's called out of fipstest.c -+ */ -+SECStatus -+sftk_fips_IKE_PowerUpSelfTests(void) -+{ -+ /* PRF known test vectors */ -+ static const PRUint8 ike_xcbc_known_key[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -+ }; -+ static const PRUint8 ike_xcbc_known_plain_text[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -+ }; -+ static const PRUint8 ike_xcbc_known_mac[] = { -+ 0xd2, 0xa2, 0x46, 0xfa, 0x34, 0x9b, 0x68, 0xa7, -+ 0x99, 0x98, 0xa4, 0x39, 0x4f, 0xf7, 0xa2, 0x63 -+ }; -+ /* test 2 uses the same key as test 1 */ -+ static const PRUint8 ike_xcbc_known_plain_text_2[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -+ 0x10, 0x11, 0x12, 0x13 -+ }; -+ static const PRUint8 ike_xcbc_known_mac_2[] = { -+ 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15, -+ 0xb8, 0x98, 0x5c, 0x63, 0x05, 0x5e, 0xd3, 0x08 -+ }; -+ static const PRUint8 ike_xcbc_known_key_3[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09 -+ }; -+ /* test 3 uses the same plaintest as test 2 */ -+ static const PRUint8 ike_xcbc_known_mac_3[] = { -+ 0x0f, 0xa0, 0x87, 0xaf, 0x7d, 0x86, 0x6e, 0x76, -+ 0x53, 0x43, 0x4e, 0x60, 0x2f, 0xdd, 0xe8, 0x35 -+ }; -+ static const PRUint8 ike_xcbc_known_key_4[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -+ 0xed, 0xcb -+ }; -+ /* test 4 uses the same plaintest as test 2 */ -+ static const PRUint8 ike_xcbc_known_mac_4[] = { -+ 0x8c, 0xd3, 0xc9, 0x3a, 0xe5, 0x98, 0xa9, 0x80, -+ 0x30, 0x06, 0xff, 0xb6, 0x7c, 0x40, 0xe9, 0xe4 -+ }; -+ static const PRUint8 ike_sha1_known_key[] = { -+ 0x59, 0x98, 0x2b, 0x5b, 0xa5, 0x7e, 0x62, 0xc0, -+ 0x46, 0x0d, 0xef, 0xc7, 0x1e, 0x18, 0x64, 0x63 -+ }; -+ static const PRUint8 ike_sha1_known_plain_text[] = { -+ 0x1c, 0x07, 0x32, 0x1a, 0x9a, 0x7e, 0x41, 0xcd, -+ 0x88, 0x0c, 0xa3, 0x7a, 0xdb, 0x10, 0xc7, 0x3b, -+ 0xf0, 0x0e, 0x7a, 0xe3, 0xcf, 0xc6, 0xfd, 0x8b, -+ 0x51, 0xbc, 0xe2, 0xb9, 0x90, 0xe6, 0xf2, 0x01 -+ }; -+ static const PRUint8 ike_sha1_known_mac[] = { -+ 0x0c, 0x2a, 0xf3, 0x42, 0x97, 0x15, 0x62, 0x1d, -+ 0x2a, 0xad, 0xc9, 0x94, 0x5a, 0x90, 0x26, 0xfa, -+ 0xc7, 0x91, 0xe2, 0x4b -+ }; -+ static const PRUint8 ike_sha256_known_key[] = { -+ 0x9d, 0xa2, 0xd5, 0x8f, 0x57, 0xf0, 0x39, 0xf9, -+ 0x20, 0x4e, 0x0d, 0xd0, 0xef, 0x04, 0xf3, 0x72 -+ }; -+ static const PRUint8 ike_sha256_known_plain_text[] = { -+ 0x33, 0xf1, 0x7a, 0xfc, 0xb6, 0x13, 0x4c, 0xbf, -+ 0x1c, 0xab, 0x59, 0x87, 0x7d, 0x42, 0xdb, 0x35, -+ 0x82, 0x22, 0x6e, 0xff, 0x74, 0xdd, 0x37, 0xeb, -+ 0x8b, 0x75, 0xe6, 0x75, 0x64, 0x5f, 0xc1, 0x69 -+ }; -+ static const PRUint8 ike_sha256_known_mac[] = { -+ 0x80, 0x4b, 0x4a, 0x1e, 0x0e, 0xc5, 0x93, 0xcf, 0xb6, -+ 0xe4, 0x54, 0x52, 0x41, 0x49, 0x39, 0x6d, 0xe2, 0x34, -+ 0xd0, 0xda, 0xe2, 0x9f, 0x34, 0xa8, 0xfd, 0xb5, 0xf9, -+ 0xaf, 0xe7, 0x6e, 0xa6, 0x52 -+ }; -+ static const PRUint8 ike_sha384_known_key[] = { -+ 0xce, 0xc8, 0x9d, 0x84, 0x5a, 0xdd, 0x83, 0xef, -+ 0xce, 0xbd, 0x43, 0xab, 0x71, 0xd1, 0x7d, 0xb9 -+ }; -+ static const PRUint8 ike_sha384_known_plain_text[] = { -+ 0x17, 0x24, 0xdb, 0xd8, 0x93, 0x52, 0x37, 0x64, -+ 0xbf, 0xef, 0x8c, 0x6f, 0xa9, 0x27, 0x85, 0x6f, -+ 0xcc, 0xfb, 0x77, 0xae, 0x25, 0x43, 0x58, 0xcc, -+ 0xe2, 0x9c, 0x27, 0x69, 0xa3, 0x29, 0x15, 0xc1 -+ }; -+ static const PRUint8 ike_sha384_known_mac[] = { -+ 0x6e, 0x45, 0x14, 0x61, 0x0b, 0xf8, 0x2d, 0x0a, -+ 0xb7, 0xbf, 0x02, 0x60, 0x09, 0x6f, 0x61, 0x46, -+ 0xa1, 0x53, 0xc7, 0x12, 0x07, 0x1a, 0xbb, 0x63, -+ 0x3c, 0xed, 0x81, 0x3c, 0x57, 0x21, 0x56, 0xc7, -+ 0x83, 0xe3, 0x68, 0x74, 0xa6, 0x5a, 0x64, 0x69, -+ 0x0c, 0xa7, 0x01, 0xd4, 0x0d, 0x56, 0xea, 0x18 -+ }; -+ static const PRUint8 ike_sha512_known_key[] = { -+ 0xac, 0xad, 0xc6, 0x31, 0x4a, 0x69, 0xcf, 0xcd, -+ 0x4e, 0x4a, 0xd1, 0x77, 0x18, 0xfe, 0xa7, 0xce -+ }; -+ static const PRUint8 ike_sha512_known_plain_text[] = { -+ 0xb1, 0x5a, 0x9c, 0xfc, 0xe8, 0xc8, 0xd7, 0xea, -+ 0xb8, 0x79, 0xd6, 0x24, 0x30, 0x29, 0xd4, 0x01, -+ 0x88, 0xd3, 0xb7, 0x40, 0x87, 0x5a, 0x6a, 0xc6, -+ 0x2f, 0x56, 0xca, 0xc4, 0x37, 0x7e, 0x2e, 0xdd -+ }; -+ static const PRUint8 ike_sha512_known_mac[] = { -+ 0xf0, 0x5a, 0xa0, 0x36, 0xdf, 0xce, 0x45, 0xa5, -+ 0x58, 0xd4, 0x04, 0x18, 0xde, 0xa9, 0x80, 0x96, -+ 0xe5, 0x19, 0xbc, 0x78, 0x41, 0xe3, 0xdb, 0x3d, -+ 0xd9, 0x36, 0x58, 0xd1, 0x18, 0xc3, 0xe8, 0x3b, -+ 0x50, 0x2f, 0x39, 0x8e, 0xcb, 0x13, 0x61, 0xec, -+ 0x77, 0xd3, 0x8a, 0x88, 0x55, 0xef, 0xff, 0x40, -+ 0x7f, 0x6f, 0x77, 0x2e, 0x5d, 0x65, 0xb5, 0x8e, -+ 0xb1, 0x13, 0x40, 0x96, 0xe8, 0x47, 0x8d, 0x2b -+ }; -+ SECStatus rv; -+ -+ rv = prf_test(CKM_AES_XCBC_MAC, -+ ike_xcbc_known_key, sizeof(ike_xcbc_known_key), -+ ike_xcbc_known_plain_text, sizeof(ike_xcbc_known_plain_text), -+ ike_xcbc_known_mac, sizeof(ike_xcbc_known_mac)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_AES_XCBC_MAC, -+ ike_xcbc_known_key, sizeof(ike_xcbc_known_key), -+ ike_xcbc_known_plain_text_2, sizeof(ike_xcbc_known_plain_text_2), -+ ike_xcbc_known_mac_2, sizeof(ike_xcbc_known_mac_2)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_AES_XCBC_MAC, -+ ike_xcbc_known_key_3, sizeof(ike_xcbc_known_key_3), -+ ike_xcbc_known_plain_text_2, sizeof(ike_xcbc_known_plain_text_2), -+ ike_xcbc_known_mac_3, sizeof(ike_xcbc_known_mac_3)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_AES_XCBC_MAC, -+ ike_xcbc_known_key_4, sizeof(ike_xcbc_known_key_4), -+ ike_xcbc_known_plain_text_2, sizeof(ike_xcbc_known_plain_text_2), -+ ike_xcbc_known_mac_4, sizeof(ike_xcbc_known_mac_4)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_SHA_1_HMAC, -+ ike_sha1_known_key, sizeof(ike_sha1_known_key), -+ ike_sha1_known_plain_text, sizeof(ike_sha1_known_plain_text), -+ ike_sha1_known_mac, sizeof(ike_sha1_known_mac)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_SHA256_HMAC, -+ ike_sha256_known_key, sizeof(ike_sha256_known_key), -+ ike_sha256_known_plain_text, -+ sizeof(ike_sha256_known_plain_text), -+ ike_sha256_known_mac, sizeof(ike_sha256_known_mac)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_SHA384_HMAC, -+ ike_sha384_known_key, sizeof(ike_sha384_known_key), -+ ike_sha384_known_plain_text, -+ sizeof(ike_sha384_known_plain_text), -+ ike_sha384_known_mac, sizeof(ike_sha384_known_mac)); -+ if (rv != SECSuccess) -+ return rv; -+ rv = prf_test(CKM_SHA512_HMAC, -+ ike_sha512_known_key, sizeof(ike_sha512_known_key), -+ ike_sha512_known_plain_text, -+ sizeof(ike_sha512_known_plain_text), -+ ike_sha512_known_mac, sizeof(ike_sha512_known_mac)); -+ return rv; -+} -diff --git a/lib/softoken/softoken.gyp b/lib/softoken/softoken.gyp ---- a/lib/softoken/softoken.gyp -+++ b/lib/softoken/softoken.gyp -@@ -53,16 +53,17 @@ - 'lowpbe.c', - 'padbuf.c', - 'pkcs11.c', - 'pkcs11c.c', - 'pkcs11u.c', - 'sdb.c', - 'sftkdb.c', - 'sftkhmac.c', -+ 'sftkike.c', - 'sftkpars.c', - 'sftkpwd.c', - 'softkver.c', - 'tlsprf.c' - ], - }, - }, - { -diff --git a/tests/common/init.sh b/tests/common/init.sh ---- a/tests/common/init.sh -+++ b/tests/common/init.sh -@@ -646,18 +646,21 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - - TOTAL_CRL_RANGE=`expr ${CRL_GRP_1_RANGE} + ${CRL_GRP_2_RANGE} + \ - ${CRL_GRP_3_RANGE}` - - TOTAL_GRP_NUM=3 - - RELOAD_CRL=1 - -- NSS_DEFAULT_DB_TYPE="dbm" -- export NSS_DEFAULT_DB_TYPE -+ # if test mode isn't set, test scripts default to expecting dbm -+ if [ "${TEST_MODE}" = "" ]; then -+ NSS_DEFAULT_DB_TYPE="dbm" -+ export NSS_DEFAULT_DB_TYPE -+ fi - - MSG_ID=0 - - ################################################# - # Interoperability testing constatnts - # - # if suite is setup for testing, IOPR_HOSTADDR_LIST should have - # at least one host name(FQDN) -diff -up ./tests/fips/fips.sh.ike_mechs ./tests/fips/fips.sh -new file mode 100755 ---- ./tests/fips/fips.sh.ike_mechs 2019-04-19 10:00:54.535025153 -0700 -+++ ./tests/fips/fips.sh 2019-04-19 10:00:03.619825955 -0700 -@@ -0,0 +1,323 @@ -+#! /bin/bash -+# -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+######################################################################## -+# mozilla/security/nss/tests/fips/fips.sh -+# -+# Script to test basic functionallity of NSS in FIPS-compliant mode -+# -+# needs to work on all Unix and Windows platforms -+# -+# tests implemented: -+# -+# special strings -+# --------------- -+# -+######################################################################## -+ -+############################## fips_init ############################## -+# local shell function to initialize this script -+######################################################################## -+fips_init() -+{ -+ SCRIPTNAME=fips.sh # sourced - $0 would point to all.sh -+ -+ if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for -+ CLEANUP="${SCRIPTNAME}" # cleaning this script will do it -+ fi -+ -+ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then -+ cd ../common -+ . ./init.sh -+ fi -+# if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here -+# cd ../cert -+# . ./cert.sh -+# fi -+ SCRIPTNAME=fips.sh -+ html_head "FIPS 140 Compliance Tests" -+ -+# grep "SUCCESS: FIPS passed" $CERT_LOG_FILE >/dev/null || { -+# Exit 15 "Fatal - FIPS of cert.sh needs to pass first" -+# } -+ -+ COPYDIR=${FIPSDIR}/copydir -+ CAVSDIR=${FIPSDIR}/cavs/tests -+ CAVSRUNDIR=${FIPSDIR}/cavs/scripts -+ -+ R_FIPSDIR=../fips -+ P_R_FIPSDIR=../fips -+ R_COPYDIR=../fips/copydir -+ -+ if [ -n "${MULTIACCESS_DBM}" ]; then -+ P_R_FIPSDIR="multiaccess:${D_FIPS}" -+ fi -+ -+ mkdir -p ${FIPSDIR} -+ mkdir -p ${COPYDIR} -+ mkdir -p ${CAVSDIR} -+ mkdir -p ${CAVSRUNDIR} -+ -+ cd ${FIPSDIR} -+} -+ -+############################## fips_140 ############################## -+# local shell function to test basic functionality of NSS while in -+# FIPS 140 compliant mode -+######################################################################## -+fips_140() -+{ -+ echo "$SCRIPTNAME: Verify this module is in FIPS mode -----------------" -+ echo "modutil -dbdir ${P_R_FIPSDIR} -list" -+ ${BINDIR}/modutil -dbdir ${P_R_FIPSDIR} -list 2>&1 -+ ${BINDIR}/modutil -dbdir ${P_R_FIPSDIR} -chkfips true 2>&1 -+ html_msg $? 0 "Verify this module is in FIPS mode (modutil -chkfips true)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module certificates -----------------" -+ echo "certutil -d ${P_R_FIPSDIR} -L" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1 -+ html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module keys -------------------------" -+ echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "List the FIPS module keys (certutil -K)" "." -+ -+ echo "$SCRIPTNAME: Attempt to list FIPS module keys with incorrect password" -+ echo "certutil -d ${P_R_FIPSDIR} -K -f ${FIPSBADPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${FIPSBADPWFILE} 2>&1 -+ RET=$? -+ html_msg $RET 255 "Attempt to list FIPS module keys with incorrect password (certutil -K)" "." -+ echo "certutil -K returned $RET" -+ -+ echo "$SCRIPTNAME: Validate the certificate --------------------------" -+ echo "certutil -d ${P_R_FIPSDIR} -V -n ${FIPSCERTNICK} -u SR -e -f ${R_FIPSPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -V -n ${FIPSCERTNICK} -u SR -e -f ${R_FIPSPWFILE} -+ html_msg $? 0 "Validate the certificate (certutil -V -e)" "." -+ -+ echo "$SCRIPTNAME: Export the certificate and key as a PKCS#12 file --" -+ echo "pk12util -d ${P_R_FIPSDIR} -o fips140.p12 -n ${FIPSCERTNICK} -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" -+ ${BINDIR}/pk12util -d ${P_R_FIPSDIR} -o fips140.p12 -n ${FIPSCERTNICK} -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "Export the certificate and key as a PKCS#12 file (pk12util -o)" "." -+ -+ echo "$SCRIPTNAME: Export the certificate as a DER-encoded file ------" -+ echo "certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt 2>&1 -+ html_msg $? 0 "Export the certificate as a DER (certutil -L -r)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module certificates -----------------" -+ echo "certutil -d ${P_R_FIPSDIR} -L" -+ certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1` -+ ret=$? -+ echo "${certs}" -+ if [ ${ret} -eq 0 ]; then -+ echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null -+ ret=$? -+ fi -+ html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." -+ -+ -+ echo "$SCRIPTNAME: Delete the certificate and key from the FIPS module" -+ echo "certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -F)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module certificates -----------------" -+ echo "certutil -d ${P_R_FIPSDIR} -L" -+ certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1` -+ ret=$? -+ echo "${certs}" -+ if [ ${ret} -eq 0 ]; then -+ echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null -+ if [ $? -eq 0 ]; then -+ ret=255 -+ fi -+ fi -+ html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module keys." -+ echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 -+ # certutil -K now returns a failure if no keys are found. This verifies that -+ # our delete succeded. -+ html_msg $? 255 "List the FIPS module keys (certutil -K)" "." -+ -+ -+ echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file" -+ echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" -+ ${BINDIR}/pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module certificates -----------------" -+ echo "certutil -d ${P_R_FIPSDIR} -L" -+ certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1` -+ ret=$? -+ echo "${certs}" -+ if [ ${ret} -eq 0 ]; then -+ echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null -+ ret=$? -+ fi -+ html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module keys --------------------------" -+ echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "List the FIPS module keys (certutil -K)" "." -+ -+ -+ echo "$SCRIPTNAME: Delete the certificate from the FIPS module" -+ echo "certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK} 2>&1 -+ html_msg $? 0 "Delete the certificate from the FIPS module (certutil -D)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module certificates -----------------" -+ echo "certutil -d ${P_R_FIPSDIR} -L" -+ certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1` -+ ret=$? -+ echo "${certs}" -+ if [ ${ret} -eq 0 ]; then -+ echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null -+ if [ $? -eq 0 ]; then -+ ret=255 -+ fi -+ fi -+ html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." -+ -+ -+ echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file" -+ echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" -+ ${BINDIR}/pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module certificates -----------------" -+ echo "certutil -d ${P_R_FIPSDIR} -L" -+ certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1` -+ ret=$? -+ echo "${certs}" -+ if [ ${ret} -eq 0 ]; then -+ echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null -+ ret=$? -+ fi -+ html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." -+ -+ echo "$SCRIPTNAME: List the FIPS module keys --------------------------" -+ echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" -+ ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "List the FIPS module keys (certutil -K)" "." -+ -+ -+ echo "$SCRIPTNAME: Run PK11MODE in FIPSMODE -----------------" -+ echo "pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE}" -+ ${BINDIR}/pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE} 2>&1 -+ html_msg $? 0 "Run PK11MODE in FIPS mode (pk11mode)" "." -+ -+ echo "$SCRIPTNAME: Run PK11MODE in Non FIPSMODE -----------------" -+ echo "pk11mode -d ${P_R_FIPSDIR} -p nonfips- -f ${R_FIPSPWFILE} -n" -+ ${BINDIR}/pk11mode -d ${P_R_FIPSDIR} -p nonfips- -f ${R_FIPSPWFILE} -n 2>&1 -+ html_msg $? 0 "Run PK11MODE in Non FIPS mode (pk11mode -n)" "." -+ -+ LIBDIR="${DIST}/${OBJDIR}/lib" -+ MANGLEDIR="${FIPSDIR}/mangle" -+ -+ # There are different versions of cp command on different systems, some of them -+ # copies only symlinks, others doesn't have option to disable links, so there -+ # is needed to copy files one by one. -+ echo "mkdir ${MANGLEDIR}" -+ mkdir ${MANGLEDIR} -+ for lib in `ls ${LIBDIR}`; do -+ echo "cp ${LIBDIR}/${lib} ${MANGLEDIR}" -+ cp ${LIBDIR}/${lib} ${MANGLEDIR} -+ done -+ -+ echo "$SCRIPTNAME: Detect mangled softoken--------------------------" -+ SOFTOKEN=${MANGLEDIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} -+ -+ echo "mangling ${SOFTOKEN}" -+ echo "mangle -i ${SOFTOKEN} -o -8 -b 5" -+ # If nss was built without softoken use the system installed one. -+ # It's location must be specified by the package maintainer. -+ if [ ! -e ${MANGLEDIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} ]; then -+ echo "cp ${SOFTOKEN_LIB_DIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} ${MANGLEDIR}" -+ cp ${SOFTOKEN_LIB_DIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} ${MANGLEDIR} -+ fi -+ ${BINDIR}/mangle -i ${SOFTOKEN} -o -8 -b 5 2>&1 -+ if [ $? -eq 0 ]; then -+ if [ "${OS_ARCH}" = "WINNT" ]; then -+ DBTEST=`which dbtest` -+ if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then -+ DBTEST=`cygpath -m ${DBTEST}` -+ MANGLEDIR=`cygpath -u ${MANGLEDIR}` -+ fi -+ echo "PATH=${MANGLEDIR} ${DBTEST} -r -d ${P_R_FIPSDIR}" -+ PATH="${MANGLEDIR}" ${DBTEST} -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 -+ RESULT=$? -+ elif [ "${OS_ARCH}" = "HP-UX" ]; then -+ echo "SHLIB_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" -+ LD_LIBRARY_PATH="" SHLIB_PATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 -+ RESULT=$? -+ elif [ "${OS_ARCH}" = "AIX" ]; then -+ echo "LIBPATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" -+ LIBPATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 -+ RESULT=$? -+ elif [ "${OS_ARCH}" = "Darwin" ]; then -+ echo "DYLD_LIBRARY_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" -+ DYLD_LIBRARY_PATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 -+ RESULT=$? -+ else -+ echo "LD_LIBRARY_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" -+ LD_LIBRARY_PATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 -+ RESULT=$? -+ fi -+ -+ html_msg ${RESULT} 46 "Init NSS with a corrupted library (dbtest -r)" "." -+ else -+ html_failed "Mangle ${DLL_PREFIX}softokn3.${DLL_SUFFIX}" -+ fi -+} -+ -+fips_cavs() -+{ -+ if [ "${CAVS_VECTORS}" = "all" ]; then -+ VECTORS= -+ elif [ "${CAVS_VECTORS}" = "" ]; then -+ VECTORS="aesgcm ecdsa hmac kas tls ike rng sha" -+ else -+ VECTORS=${CAVS_VECTORS} -+ fi -+ echo "Copying CAVS vectors" -+ cp -r ${QADIR}/fips/cavs_samples/* ${CAVSDIR} -+# we copy the scripts to the test directory because they are designed to run from their -+# own directory and we want any resulting core dumps to wind up in the test_results directory. -+ echo "Copying CAVS scripts" -+ cp -r ${QADIR}/fips/cavs_scripts/* ${CAVSRUNDIR} -+ echo "cd ${CAVSRUNDIR}" -+ cd ${CAVSRUNDIR} -+ echo "Running CAVS tests in ${CAVSDIR}" -+ ./runtest.sh ${CAVSDIR} run ${VECTORS} -+ echo "Verifying CAVS results in ${CAVSDIR}" -+ ./runtest.sh ${CAVSDIR} verify ${VECTORS} -+ RESULT=$? -+ html_msg $RESULT 0 "NIST CAVS test" "${CAVSDIR}" -+} -+ -+############################## fips_cleanup ############################ -+# local shell function to finish this script (no exit since it might be -+# sourced) -+######################################################################## -+fips_cleanup() -+{ -+ html "
" -+ cd ${QADIR} -+ . common/cleanup.sh -+} -+ -+################## main ################################################# -+ -+fips_init -+#fips_140 -+fips_cavs -+fips_cleanup -+echo "fips.sh done" diff --git a/SOURCES/nss-softokn-sha2-ppc.patch b/SOURCES/nss-softokn-sha2-ppc.patch new file mode 100644 index 0000000..c462b4b --- /dev/null +++ b/SOURCES/nss-softokn-sha2-ppc.patch @@ -0,0 +1,2266 @@ +From cd904815e4f4e377faeacc01627aa3f15b6fb217 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 8 Jun 2020 10:26:34 +0200 +Subject: [PATCH] Revert "Bug 1613238 - POWER SHA-2 digest vector acceleration. + r=jcj,kjacobs" + +This reverts commit 7d4b0ba0256aed6879008f87d9a3b4f6bfbc7817. +--- + lib/freebl/Makefile | 3 - + lib/freebl/freebl.gyp | 58 +- + lib/freebl/freebl_base.gypi | 9 +- + lib/freebl/gcm.h | 22 +- + lib/freebl/ppc-crypto.h | 31 -- + lib/freebl/scripts/LICENSE | 36 -- + lib/freebl/scripts/gen.sh | 19 - + lib/freebl/scripts/ppc-xlate.pl | 352 ------------ + lib/freebl/scripts/sha512p8-ppc.pl | 413 -------------- + lib/freebl/sha512-p8.s | 851 ----------------------------- + lib/freebl/sha512.c | 248 +++------ + 11 files changed, 101 insertions(+), 1941 deletions(-) + delete mode 100644 lib/freebl/ppc-crypto.h + delete mode 100644 lib/freebl/scripts/LICENSE + delete mode 100755 lib/freebl/scripts/gen.sh + delete mode 100644 lib/freebl/scripts/ppc-xlate.pl + delete mode 100644 lib/freebl/scripts/sha512p8-ppc.pl + delete mode 100644 lib/freebl/sha512-p8.s + +diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile +index 5f7384429..a8ea6936a 100644 +--- a/lib/freebl/Makefile ++++ b/lib/freebl/Makefile +@@ -267,7 +267,6 @@ ifeq ($(CPU_ARCH),arm) + endif + ifeq ($(CPU_ARCH),ppc) + EXTRA_SRCS += gcm-ppc.c +- ASFILES += sha512-p8.s + ifdef USE_64 + DEFINES += -DNSS_NO_INIT_SUPPORT + endif # USE_64 +@@ -727,8 +726,6 @@ ifndef NSS_DISABLE_ALTIVEC + $(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx + $(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx + $(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx +-$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx \ +- -funroll-loops -fpeel-loops + endif + endif + +diff --git a/lib/freebl/freebl.gyp b/lib/freebl/freebl.gyp +index f3bb8a71a..1df25f88e 100644 +--- a/lib/freebl/freebl.gyp ++++ b/lib/freebl/freebl.gyp +@@ -258,8 +258,7 @@ + 'target_name': 'gcm-aes-ppc_c_lib', + 'type': 'static_library', + 'sources': [ +- 'gcm-ppc.c', +- 'sha512-p8.s', ++ 'gcm-ppc.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports' +@@ -271,58 +270,7 @@ + 'cflags_mozilla': [ + '-mcrypto', + '-maltivec' +- ], +- }, +- { +- 'target_name': 'gcm-sha512-nodepend-ppc_c_lib', +- 'type': 'static_library', +- 'sources': [ +- 'sha512.c', +- ], +- 'dependencies': [ +- '<(DEPTH)/exports.gyp:nss_exports' +- ], +- 'cflags': [ +- '-mcrypto', +- '-maltivec', +- '-mvsx', +- '-funroll-loops', +- '-fpeel-loops', +- ], +- 'cflags_mozilla': [ +- '-mcrypto', +- '-maltivec', +- '-mvsx', +- '-funroll-loops', +- '-fpeel-loops', +- ], +- }, +- { +- 'target_name': 'gcm-sha512-ppc_c_lib', +- 'type': 'static_library', +- 'sources': [ +- 'sha512.c', +- ], +- 'dependencies': [ +- '<(DEPTH)/exports.gyp:nss_exports' +- ], +- 'cflags': [ +- '-mcrypto', +- '-maltivec', +- '-mvsx', +- '-funroll-loops', +- '-fpeel-loops', +- ], +- 'cflags_mozilla': [ +- '-mcrypto', +- '-maltivec', +- '-mvsx', +- '-funroll-loops', +- '-fpeel-loops', +- ], +- 'defines!': [ +- 'FREEBL_NO_DEPEND', +- ], ++ ] + }, + { + 'target_name': 'armv8_c_lib', +@@ -407,7 +355,6 @@ + [ 'disable_altivec==0 and (target_arch=="ppc64" or target_arch=="ppc64le")', { + 'dependencies': [ + 'gcm-aes-ppc_c_lib', +- 'gcm-sha512-ppc_c_lib', + ], + }], + [ 'disable_altivec==1 and (target_arch=="ppc64" or target_arch=="ppc64le")', { +@@ -475,7 +422,6 @@ + [ 'disable_altivec==0 and (target_arch=="ppc64" or target_arch=="ppc64le")', { + 'dependencies': [ + 'gcm-aes-ppc_c_lib', +- 'gcm-sha512-nodepend-ppc_c_lib', + ], + }], + [ 'disable_altivec==1 and (target_arch=="ppc64" or target_arch=="ppc64le")', { +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi +index 9ba9169f4..e1e4c88dc 100644 +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi +@@ -55,6 +55,8 @@ + 'rijndael.c', + 'rsa.c', + 'rsapkcs.c', ++ 'seed.c', ++ 'sha512.c', + 'sha_fast.c', + 'shvfy.c', + 'sysrand.c', +@@ -144,13 +146,6 @@ + 'ecl/curve25519_32.c', + ], + }], +- ['(target_arch!="ppc64" and target_arch!="ppc64le") or disable_altivec==1', { +- 'sources': [ +- # Gyp does not support per-file cflags, so working around like this. +- # ppc performance greatly benefits from specific flags. +- 'sha512.c', +- ], +- }], + [ 'disable_chachapoly==0', { + # The ChaCha20 code is linked in through the static ssse3-crypto lib on + # all platforms that support SSSE3. There are runtime checks in place to +diff --git a/lib/freebl/gcm.h b/lib/freebl/gcm.h +index 21792e0b3..38b066580 100644 +--- a/lib/freebl/gcm.h ++++ b/lib/freebl/gcm.h +@@ -31,8 +31,26 @@ + #include + #endif + +-#if defined(__powerpc64__) +-#include "ppc-crypto.h" ++#if defined(__powerpc64__) && !defined(NSS_DISABLE_ALTIVEC) ++#include "altivec-types.h" ++ ++/* The ghash freebl test tries to use this in C++, and gcc defines conflict. */ ++#ifdef __cplusplus ++#undef pixel ++#undef vector ++#undef bool ++#endif ++ ++/* ++ * PPC CRYPTO requires at least gcc 8 or clang. The LE check is purely ++ * because it's only been tested on LE. If you're interested in BE, ++ * please send a patch. ++ */ ++#if (defined(__clang__) || (defined(__GNUC__) && __GNUC__ >= 8)) && \ ++ defined(IS_LITTLE_ENDIAN) ++#define USE_PPC_CRYPTO ++#endif ++ + #endif + + SEC_BEGIN_PROTOS +diff --git a/lib/freebl/ppc-crypto.h b/lib/freebl/ppc-crypto.h +deleted file mode 100644 +index 4d283895f..000000000 +--- a/lib/freebl/ppc-crypto.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* This Source Code Form is subject to the terms of the Mozilla Public +- * License, v. 2.0. If a copy of the MPL was not distributed with this +- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +- +-#ifndef PPC_CRYPTO_H +-#define PPC_CRYPTO_H 1 +- +-#if defined(__powerpc64__) && defined(__ALTIVEC__) && \ +- !defined(NSS_DISABLE_ALTIVEC) +-#include "altivec-types.h" +- +-/* The ghash freebl test tries to use this in C++, and gcc defines conflict. */ +-#ifdef __cplusplus +-#undef pixel +-#undef vector +-#undef bool +-#endif +- +-/* +- * PPC CRYPTO requires at least gcc 8 or clang. The LE check is purely +- * because it's only been tested on LE. If you're interested in BE, +- * please send a patch. +- */ +-#if (defined(__clang__) || (defined(__GNUC__) && __GNUC__ >= 8)) && \ +- defined(IS_LITTLE_ENDIAN) && defined(__VSX__) +-#define USE_PPC_CRYPTO +-#endif +- +-#endif /* defined(__powerpc64__) && !defined(NSS_DISABLE_ALTIVEC) && defined(__ALTIVEC__) */ +- +-#endif +diff --git a/lib/freebl/scripts/LICENSE b/lib/freebl/scripts/LICENSE +deleted file mode 100644 +index a9335c22f..000000000 +--- a/lib/freebl/scripts/LICENSE ++++ /dev/null +@@ -1,36 +0,0 @@ +-Copyright (c) 2006, CRYPTOGAMS by +-All rights reserved. +- +-Redistribution and use in source and binary forms, with or without +-modification, are permitted provided that the following conditions +-are met: +- +- * Redistributions of source code must retain copyright notices, +- this list of conditions and the following disclaimer. +- +- * Redistributions in binary form must reproduce the above +- copyright notice, this list of conditions and the following +- disclaimer in the documentation and/or other materials +- provided with the distribution. +- +- * Neither the name of the CRYPTOGAMS nor the names of its +- copyright holder and contributors may be used to endorse or +- promote products derived from this software without specific +- prior written permission. +- +-ALTERNATIVELY, provided that this notice is retained in full, this +-product may be distributed under the terms of the GNU General Public +-License (GPL), in which case the provisions of the GPL apply INSTEAD OF +-those given above. +- +-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS +-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +diff --git a/lib/freebl/scripts/gen.sh b/lib/freebl/scripts/gen.sh +deleted file mode 100755 +index ea415cc94..000000000 +--- a/lib/freebl/scripts/gen.sh ++++ /dev/null +@@ -1,19 +0,0 @@ +-#!/bin/sh +-# +-# Run the scripts in this folder, generating the assembly, +-# +- +-perl sha512p8-ppc.pl linux64le sha512-p8.s +- +-# Add the license mention +-cat > hdr << "EOF" +-# Copyright (c) 2006, CRYPTOGAMS by +-# All rights reserved. +-# See the full LICENSE under scripts/. +- +-EOF +- +-cat hdr sha512-p8.s > ../sha512-p8.s +- +-# Cleanup +-rm hdr sha512-p8.s +diff --git a/lib/freebl/scripts/ppc-xlate.pl b/lib/freebl/scripts/ppc-xlate.pl +deleted file mode 100644 +index a0fcf6a31..000000000 +--- a/lib/freebl/scripts/ppc-xlate.pl ++++ /dev/null +@@ -1,352 +0,0 @@ +-#!/usr/bin/env perl +- +-# PowerPC assembler distiller by \@dot-asm. +- +-################################################################ +-# Recognized "flavour"-s are: +-# +-# linux{32|64}[le] GNU assembler and ELF symbol decorations, +-# with little-endian option +-# linux64v2 GNU asssembler and big-endian instantiation +-# of latest ELF specification +-# aix{32|64} AIX assembler and symbol decorations +-# osx{32|64} Mac OS X assembler and symbol decoratons +- +-my $flavour = shift; +-my $output = shift; +-open STDOUT,">$output" || die "can't open $output: $!"; +- +-my %GLOBALS; +-my %TYPES; +-my $dotinlocallabels=($flavour=~/linux/)?1:0; +- +-################################################################ +-# directives which need special treatment on different platforms +-################################################################ +-my $type = sub { +- my ($dir,$name,$type) = @_; +- +- $TYPES{$name} = $type; +- if ($flavour =~ /linux/) { +- $name =~ s|^\.||; +- ".type $name,$type"; +- } else { +- ""; +- } +-}; +-my $globl = sub { +- my $junk = shift; +- my $name = shift; +- my $global = \$GLOBALS{$name}; +- my $type = \$TYPES{$name}; +- my $ret; +- +- $name =~ s|^\.||; +- +- SWITCH: for ($flavour) { +- /aix/ && do { if (!$$type) { +- $$type = "\@function"; +- } +- if ($$type =~ /function/) { +- $name = ".$name"; +- } +- last; +- }; +- /osx/ && do { $name = "_$name"; +- last; +- }; +- /linux.*(32|64(le|v2))/ +- && do { $ret .= ".globl $name"; +- if (!$$type) { +- $ret .= "\n.type $name,\@function"; +- $$type = "\@function"; +- } +- last; +- }; +- /linux.*64/ && do { $ret .= ".globl $name"; +- if (!$$type) { +- $ret .= "\n.type $name,\@function"; +- $$type = "\@function"; +- } +- if ($$type =~ /function/) { +- $ret .= "\n.section \".opd\",\"aw\""; +- $ret .= "\n.align 3"; +- $ret .= "\n$name:"; +- $ret .= "\n.quad .$name,.TOC.\@tocbase,0"; +- $ret .= "\n.previous"; +- $name = ".$name"; +- } +- last; +- }; +- } +- +- $ret = ".globl $name" if (!$ret); +- $$global = $name; +- $ret; +-}; +-my $text = sub { +- my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text"; +- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/); +- $ret; +-}; +-my $machine = sub { +- my $junk = shift; +- my $arch = shift; +- if ($flavour =~ /osx/) +- { $arch =~ s/\"//g; +- $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any"); +- } +- ".machine $arch"; +-}; +-my $size = sub { +- if ($flavour =~ /linux/) +- { shift; +- my $name = shift; +- my $real = $GLOBALS{$name} ? \$GLOBALS{$name} : \$name; +- my $ret = ".size $$real,.-$$real"; +- $name =~ s|^\.||; +- if ($$real ne $name) { +- $ret .= "\n.size $name,.-$$real"; +- } +- $ret; +- } +- else +- { ""; } +-}; +-my $asciz = sub { +- shift; +- my $line = join(",",@_); +- if ($line =~ /^"(.*)"$/) +- { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } +- else +- { ""; } +-}; +-my $quad = sub { +- shift; +- my @ret; +- my ($hi,$lo); +- for (@_) { +- if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io) +- { $hi=$1?"0x$1":"0"; $lo="0x$2"; } +- elsif (/^([0-9]+)$/o) +- { $hi=$1>>32; $lo=$1&0xffffffff; } # error-prone with 32-bit perl +- else +- { $hi=undef; $lo=$_; } +- +- if (defined($hi)) +- { push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo"); } +- else +- { push(@ret,".quad $lo"); } +- } +- join("\n",@ret); +-}; +- +-################################################################ +-# simplified mnemonics not handled by at least one assembler +-################################################################ +-my $cmplw = sub { +- my $f = shift; +- my $cr = 0; $cr = shift if ($#_>1); +- # Some out-of-date 32-bit GNU assembler just can't handle cmplw... +- ($flavour =~ /linux.*32/) ? +- " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 : +- " cmplw ".join(',',$cr,@_); +-}; +-my $bdnz = sub { +- my $f = shift; +- my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint +- " bc $bo,0,".shift; +-} if ($flavour!~/linux/); +-my $bltlr = sub { +- my $f = shift; +- my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint +- ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints +- " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 : +- " bclr $bo,0"; +-}; +-my $bnelr = sub { +- my $f = shift; +- my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint +- ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints +- " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : +- " bclr $bo,2"; +-}; +-my $beqlr = sub { +- my $f = shift; +- my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint +- ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints +- " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : +- " bclr $bo,2"; +-}; +-# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two +-# arguments is 64, with "operand out of range" error. +-my $extrdi = sub { +- my ($f,$ra,$rs,$n,$b) = @_; +- $b = ($b+$n)&63; $n = 64-$n; +- " rldicl $ra,$rs,$b,$n"; +-}; +-my $vmr = sub { +- my ($f,$vx,$vy) = @_; +- " vor $vx,$vy,$vy"; +-}; +- +-# Some ABIs specify vrsave, special-purpose register #256, as reserved +-# for system use. +-my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/); +-my $mtspr = sub { +- my ($f,$idx,$ra) = @_; +- if ($idx == 256 && $no_vrsave) { +- " or $ra,$ra,$ra"; +- } else { +- " mtspr $idx,$ra"; +- } +-}; +-my $mfspr = sub { +- my ($f,$rd,$idx) = @_; +- if ($idx == 256 && $no_vrsave) { +- " li $rd,-1"; +- } else { +- " mfspr $rd,$idx"; +- } +-}; +- +-# PowerISA 2.06 stuff +-sub vsxmem_op { +- my ($f, $vrt, $ra, $rb, $op) = @_; +- " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|($rb<<11)|($op*2+1); +-} +-# made-up unaligned memory reference AltiVec/VMX instructions +-my $lvx_u = sub { vsxmem_op(@_, 844); }; # lxvd2x +-my $stvx_u = sub { vsxmem_op(@_, 972); }; # stxvd2x +-my $lvdx_u = sub { vsxmem_op(@_, 588); }; # lxsdx +-my $stvdx_u = sub { vsxmem_op(@_, 716); }; # stxsdx +-my $lvx_4w = sub { vsxmem_op(@_, 780); }; # lxvw4x +-my $stvx_4w = sub { vsxmem_op(@_, 908); }; # stxvw4x +-my $lvx_splt = sub { vsxmem_op(@_, 332); }; # lxvdsx +-# VSX instruction[s] masqueraded as made-up AltiVec/VMX +-my $vpermdi = sub { # xxpermdi +- my ($f, $vrt, $vra, $vrb, $dm) = @_; +- $dm = oct($dm) if ($dm =~ /^0/); +- " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; +-}; +- +-# PowerISA 2.07 stuff +-sub vcrypto_op { +- my ($f, $vrt, $vra, $vrb, $op) = @_; +- " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op; +-} +-sub vfour { +- my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_; +- " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op; +-}; +-my $vcipher = sub { vcrypto_op(@_, 1288); }; +-my $vcipherlast = sub { vcrypto_op(@_, 1289); }; +-my $vncipher = sub { vcrypto_op(@_, 1352); }; +-my $vncipherlast= sub { vcrypto_op(@_, 1353); }; +-my $vsbox = sub { vcrypto_op(@_, 0, 1480); }; +-my $vshasigmad = sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1730); }; +-my $vshasigmaw = sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1666); }; +-my $vpmsumb = sub { vcrypto_op(@_, 1032); }; +-my $vpmsumd = sub { vcrypto_op(@_, 1224); }; +-my $vpmsubh = sub { vcrypto_op(@_, 1096); }; +-my $vpmsumw = sub { vcrypto_op(@_, 1160); }; +-# These are not really crypto, but vcrypto_op template works +-my $vaddudm = sub { vcrypto_op(@_, 192); }; +-my $vadduqm = sub { vcrypto_op(@_, 256); }; +-my $vmuleuw = sub { vcrypto_op(@_, 648); }; +-my $vmulouw = sub { vcrypto_op(@_, 136); }; +-my $vrld = sub { vcrypto_op(@_, 196); }; +-my $vsld = sub { vcrypto_op(@_, 1476); }; +-my $vsrd = sub { vcrypto_op(@_, 1732); }; +-my $vsubudm = sub { vcrypto_op(@_, 1216); }; +-my $vaddcuq = sub { vcrypto_op(@_, 320); }; +-my $vaddeuqm = sub { vfour(@_,60); }; +-my $vaddecuq = sub { vfour(@_,61); }; +-my $vmrgew = sub { vfour(@_,0,1932); }; +-my $vmrgow = sub { vfour(@_,0,1676); }; +- +-my $mtsle = sub { +- my ($f, $arg) = @_; +- " .long ".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2); +-}; +- +-# VSX instructions masqueraded as AltiVec/VMX +-my $mtvrd = sub { +- my ($f, $vrt, $ra) = @_; +- " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1; +-}; +-my $mtvrwz = sub { +- my ($f, $vrt, $ra) = @_; +- " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1; +-}; +-my $lvwzx_u = sub { vsxmem_op(@_, 12); }; # lxsiwzx +-my $stvwx_u = sub { vsxmem_op(@_, 140); }; # stxsiwx +- +-# PowerISA 3.0 stuff +-my $maddhdu = sub { vfour(@_,49); }; +-my $maddld = sub { vfour(@_,51); }; +-my $darn = sub { +- my ($f, $rt, $l) = @_; +- " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1); +-}; +-my $iseleq = sub { +- my ($f, $rt, $ra, $rb) = @_; +- " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30; +-}; +-# VSX instruction[s] masqueraded as made-up AltiVec/VMX +-my $vspltib = sub { # xxspltib +- my ($f, $vrt, $imm8) = @_; +- $imm8 = oct($imm8) if ($imm8 =~ /^0/); +- $imm8 &= 0xff; +- " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1; +-}; +- +-# PowerISA 3.0B stuff +-my $addex = sub { +- my ($f, $rt, $ra, $rb, $cy) = @_; # only cy==0 is specified in 3.0B +- " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1); +-}; +-my $vmsumudm = sub { vfour(@_,35); }; +- +-while($line=<>) { +- +- $line =~ s|[#!;].*$||; # get rid of asm-style comments... +- $line =~ s|/\*.*\*/||; # ... and C-style comments... +- $line =~ s|^\s+||; # ... and skip white spaces in beginning... +- $line =~ s|\s+$||; # ... and at the end +- +- { +- $line =~ s|\.L(\w+)|L$1|g; # common denominator for Locallabel +- $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); +- } +- +- { +- $line =~ s|(^[\.\w]+)\:\s*||; +- my $label = $1; +- if ($label) { +- my $xlated = ($GLOBALS{$label} or $label); +- print "$xlated:"; +- if ($flavour =~ /linux.*64(le|v2)/) { +- if ($TYPES{$label} =~ /function/) { +- printf "\n.localentry %s,0\n",$xlated; +- } +- } +- } +- } +- +- { +- $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||; +- my $c = $1; $c = "\t" if ($c eq ""); +- my $mnemonic = $2; +- my $f = $3; +- my $opcode = eval("\$$mnemonic"); +- $line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/); +- if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(/,\s*/,$line)); } +- elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } +- } +- +- print $line if ($line); +- print "\n"; +-} +- +-close STDOUT; +diff --git a/lib/freebl/scripts/sha512p8-ppc.pl b/lib/freebl/scripts/sha512p8-ppc.pl +deleted file mode 100644 +index 3bef98be7..000000000 +--- a/lib/freebl/scripts/sha512p8-ppc.pl ++++ /dev/null +@@ -1,413 +0,0 @@ +-#!/usr/bin/env perl +- +-# ==================================================================== +-# Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL +-# project. The module is dual licensed under OpenSSL and CRYPTOGAMS +-# licenses depending on where you obtain it. For further details see +-# https://github.com/dot-asm/cryptogams/. +-# ==================================================================== +- +-# SHA256/512 for PowerISA v2.07. +-# +-# Accurate performance measurements are problematic, because it's +-# always virtualized setup with possibly throttled processor. +-# Relative comparison is therefore more informative. This module is +-# ~60% faster than integer-only sha512-ppc.pl. To anchor to something +-# else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than +-# hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than +-# sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting +-# result is degree of computational resources' utilization. POWER8 is +-# "massively multi-threaded chip" and difference between single- and +-# maximum multi-process benchmark results tells that utilization is +-# whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and +-# for sha1-ppc.pl - 73%. 100% means that multi-process result equals +-# to single-process one, given that all threads end up on the same +-# physical core. +-# +-###################################################################### +-# Believed-to-be-accurate results in cycles per processed byte [on +-# little-endian system]. Numbers in square brackets are for 64-bit +-# build of sha512-ppc.pl, presented for reference. +-# +-# POWER8 POWER9 +-# SHA256 9.7 [15.8] 11.2 [12.5] +-# SHA512 6.1 [10.3] 7.0 [7.9] +- +-$flavour=shift; +-$output =shift; +- +-if ($flavour =~ /64/) { +- $SIZE_T=8; +- $LRSAVE=2*$SIZE_T; +- $STU="stdu"; +- $POP="ld"; +- $PUSH="std"; +-} elsif ($flavour =~ /32/) { +- $SIZE_T=4; +- $LRSAVE=$SIZE_T; +- $STU="stwu"; +- $POP="lwz"; +- $PUSH="stw"; +-} else { die "nonsense $flavour"; } +- +-$LENDIAN=($flavour=~/le/); +- +-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +-die "can't locate ppc-xlate.pl"; +- +-open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!"; +- +-if ($output =~ /512/) { +- $bits=512; +- $SZ=8; +- $sz="d"; +- $rounds=80; +-} else { +- $bits=256; +- $SZ=4; +- $sz="w"; +- $rounds=64; +-} +- +-$func="sha${bits}_block_p8"; +-$LOCALS=8*$SIZE_T+8*16; +-$FRAME=$LOCALS+9*16+6*$SIZE_T; +- +-$sp ="r1"; +-$toc="r2"; +-$ctx="r3"; +-$inp="r4"; +-$num="r5"; +-$Tbl="r6"; +-$idx="r7"; +-$lrsave="r8"; +-$offload="r11"; +-$vrsave="r12"; +-@I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31))); +- +-@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); +-@X=map("v$_",(8..19,24..27)); +-($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31)); +- +-sub ROUND { +-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +-my $j=($i+1)%16; +-my $k=($i+2)%8; +- +-$code.=<<___ if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1)); +- lvx_u @X[$i+1],0,$inp ; load X[i] in advance +- addi $inp,$inp,16 +-___ +-$code.=<<___ if ($i<16 && ($i%(16/$SZ))); +- vsldoi @X[$i],@X[$i-1],@X[$i-1],$SZ +-___ +-$code.=<<___ if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0); +- vperm @X[$i],@X[$i],@X[$i],$lemask +-___ +-$code.=<<___ if ($i>=15); +- vshasigma${sz} $Sigma,@X[($j+1)%16],0,0 +- vaddu${sz}m @X[$j],@X[$j],$Sigma +- vshasigma${sz} $Sigma,@X[($j+14)%16],0,15 +- vaddu${sz}m @X[$j],@X[$j],$Sigma +- vaddu${sz}m @X[$j],@X[$j],@X[($j+9)%16] +-___ +-$code.=<<___; +- vaddu${sz}m $h,$h,@X[$i%16] ; h+=X[i] +- vsel $Func,$g,$f,$e ; Ch(e,f,g) +- vaddu${sz}m $g,$g,$Ki ; future h+=K[i] +- vaddu${sz}m $h,$h,$Func ; h+=Ch(e,f,g) +- vshasigma${sz} $Sigma,$e,1,15 ; Sigma1(e) +- vaddu${sz}m $h,$h,$Sigma ; h+=Sigma1(e) +- vxor $Func,$a,$b +- vsel $Func,$b,$c,$Func ; Maj(a,b,c) +- vaddu${sz}m $d,$d,$h ; d+=h +- vshasigma${sz} $Sigma,$a,1,0 ; Sigma0(a) +- vaddu${sz}m $Sigma,$Sigma,$Func ; Sigma0(a)+Maj(a,b,c) +- vaddu${sz}m $h,$h,$Sigma ; h+=Sigma0(a)+Maj(a,b,c) +- lvx $Ki,@I[$k],$idx ; load next K[i] +-___ +-$code.=<<___ if ($k == 7); +- addi $idx,$idx,0x80 +-___ +-} +- +-$code=<<___; +-.machine "any" +-.text +- +-.globl $func +-.align 6 +-$func: +- $STU $sp,-$FRAME($sp) +- mflr $lrsave +- li r10,`$LOCALS+15` +- li r11,`$LOCALS+31` +- stvx v24,r10,$sp # ABI says so +- addi r10,r10,32 +- mfspr $vrsave,256 +- stvx v25,r11,$sp +- addi r11,r11,32 +- stvx v26,r10,$sp +- addi r10,r10,32 +- stvx v27,r11,$sp +- addi r11,r11,32 +- stvx v28,r10,$sp +- addi r10,r10,32 +- stvx v29,r11,$sp +- addi r11,r11,32 +- stvx v30,r10,$sp +- stvx v31,r11,$sp +- li r11,-4096+255 # 0xfffff0ff +- stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave +- li $x10,0x10 +- $PUSH r26,`$FRAME-6*$SIZE_T`($sp) +- li $x20,0x20 +- $PUSH r27,`$FRAME-5*$SIZE_T`($sp) +- li $x30,0x30 +- $PUSH r28,`$FRAME-4*$SIZE_T`($sp) +- li $x40,0x40 +- $PUSH r29,`$FRAME-3*$SIZE_T`($sp) +- li $x50,0x50 +- $PUSH r30,`$FRAME-2*$SIZE_T`($sp) +- li $x60,0x60 +- $PUSH r31,`$FRAME-1*$SIZE_T`($sp) +- li $x70,0x70 +- $PUSH $lrsave,`$FRAME+$LRSAVE`($sp) +- mtspr 256,r11 +- +- bl LPICmeup +- addi $offload,$sp,`8*$SIZE_T+15` +-___ +-$code.=<<___ if ($LENDIAN); +- li $idx,8 +- lvsl $lemask,0,$idx +- vspltisb $Ki,0x0f +- vxor $lemask,$lemask,$Ki +-___ +-$code.=<<___ if ($SZ==4); +- lvx_4w $A,$x00,$ctx +- lvx_4w $E,$x10,$ctx +- vsldoi $B,$A,$A,4 # unpack +- vsldoi $C,$A,$A,8 +- vsldoi $D,$A,$A,12 +- vsldoi $F,$E,$E,4 +- vsldoi $G,$E,$E,8 +- vsldoi $H,$E,$E,12 +-___ +-$code.=<<___ if ($SZ==8); +- lvx_u $A,$x00,$ctx +- lvx_u $C,$x10,$ctx +- lvx_u $E,$x20,$ctx +- vsldoi $B,$A,$A,8 # unpack +- lvx_u $G,$x30,$ctx +- vsldoi $D,$C,$C,8 +- vsldoi $F,$E,$E,8 +- vsldoi $H,$G,$G,8 +-___ +-$code.=<<___; +- li r0,`($rounds-16)/16` # inner loop counter +- b Loop +-.align 5 +-Loop: +- lvx $Ki,$x00,$Tbl +- lvx_u @X[0],0,$inp +- addi $inp,$inp,16 +- mr $idx,$Tbl # copy $Tbl +- stvx $A,$x00,$offload # offload $A-$H +- stvx $B,$x10,$offload +- stvx $C,$x20,$offload +- stvx $D,$x30,$offload +- stvx $E,$x40,$offload +- stvx $F,$x50,$offload +- stvx $G,$x60,$offload +- stvx $H,$x70,$offload +- vaddu${sz}m $H,$H,$Ki # h+K[i] +- lvx $Ki,$x10,$Tbl +-___ +-for ($i=0;$i<16;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); } +-$code.=<<___; +- mtctr r0 +- b L16_xx +-.align 5 +-L16_xx: +-___ +-for (;$i<32;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); } +-$code.=<<___; +- bdnz L16_xx +- +- lvx @X[2],$x00,$offload +- subic. $num,$num,1 +- lvx @X[3],$x10,$offload +- vaddu${sz}m $A,$A,@X[2] +- lvx @X[4],$x20,$offload +- vaddu${sz}m $B,$B,@X[3] +- lvx @X[5],$x30,$offload +- vaddu${sz}m $C,$C,@X[4] +- lvx @X[6],$x40,$offload +- vaddu${sz}m $D,$D,@X[5] +- lvx @X[7],$x50,$offload +- vaddu${sz}m $E,$E,@X[6] +- lvx @X[8],$x60,$offload +- vaddu${sz}m $F,$F,@X[7] +- lvx @X[9],$x70,$offload +- vaddu${sz}m $G,$G,@X[8] +- vaddu${sz}m $H,$H,@X[9] +- bne Loop +-___ +-$code.=<<___ if ($SZ==4); +- lvx @X[0],$x20,$idx +- vperm $A,$A,$B,$Ki # pack the answer +- lvx @X[1],$x30,$idx +- vperm $E,$E,$F,$Ki +- vperm $A,$A,$C,@X[0] +- vperm $E,$E,$G,@X[0] +- vperm $A,$A,$D,@X[1] +- vperm $E,$E,$H,@X[1] +- stvx_4w $A,$x00,$ctx +- stvx_4w $E,$x10,$ctx +-___ +-$code.=<<___ if ($SZ==8); +- vperm $A,$A,$B,$Ki # pack the answer +- vperm $C,$C,$D,$Ki +- vperm $E,$E,$F,$Ki +- vperm $G,$G,$H,$Ki +- stvx_u $A,$x00,$ctx +- stvx_u $C,$x10,$ctx +- stvx_u $E,$x20,$ctx +- stvx_u $G,$x30,$ctx +-___ +-$code.=<<___; +- addi $offload,$sp,`$LOCALS+15` +- mtlr $lrsave +- mtspr 256,$vrsave +- lvx v24,$x00,$offload # ABI says so +- lvx v25,$x10,$offload +- lvx v26,$x20,$offload +- lvx v27,$x30,$offload +- lvx v28,$x40,$offload +- lvx v29,$x50,$offload +- lvx v30,$x60,$offload +- lvx v31,$x70,$offload +- $POP r26,`$FRAME-6*$SIZE_T`($sp) +- $POP r27,`$FRAME-5*$SIZE_T`($sp) +- $POP r28,`$FRAME-4*$SIZE_T`($sp) +- $POP r29,`$FRAME-3*$SIZE_T`($sp) +- $POP r30,`$FRAME-2*$SIZE_T`($sp) +- $POP r31,`$FRAME-1*$SIZE_T`($sp) +- addi $sp,$sp,$FRAME +- blr +- .long 0 +- .byte 0,12,4,1,0x80,6,3,0 +- .long 0 +-.size $func,.-$func +-___ +- +-# Ugly hack here, because PPC assembler syntax seem to vary too +-# much from platforms to platform... +-$code.=<<___; +-.align 6 +-LPICmeup: +- mflr r0 +- bcl 20,31,\$+4 +- mflr $Tbl ; vvvvvv "distance" between . and 1st data entry +- addi $Tbl,$Tbl,`64-8` +- mtlr r0 +- blr +- .long 0 +- .byte 0,12,0x14,0,0,0,0,0 +- .space `64-9*4` +-___ +- +-if ($SZ==8) { +- local *table = sub { +- foreach(@_) { $code.=".quad $_,$_\n"; } +- }; +- table( +- "0x428a2f98d728ae22","0x7137449123ef65cd", +- "0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc", +- "0x3956c25bf348b538","0x59f111f1b605d019", +- "0x923f82a4af194f9b","0xab1c5ed5da6d8118", +- "0xd807aa98a3030242","0x12835b0145706fbe", +- "0x243185be4ee4b28c","0x550c7dc3d5ffb4e2", +- "0x72be5d74f27b896f","0x80deb1fe3b1696b1", +- "0x9bdc06a725c71235","0xc19bf174cf692694", +- "0xe49b69c19ef14ad2","0xefbe4786384f25e3", +- "0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65", +- "0x2de92c6f592b0275","0x4a7484aa6ea6e483", +- "0x5cb0a9dcbd41fbd4","0x76f988da831153b5", +- "0x983e5152ee66dfab","0xa831c66d2db43210", +- "0xb00327c898fb213f","0xbf597fc7beef0ee4", +- "0xc6e00bf33da88fc2","0xd5a79147930aa725", +- "0x06ca6351e003826f","0x142929670a0e6e70", +- "0x27b70a8546d22ffc","0x2e1b21385c26c926", +- "0x4d2c6dfc5ac42aed","0x53380d139d95b3df", +- "0x650a73548baf63de","0x766a0abb3c77b2a8", +- "0x81c2c92e47edaee6","0x92722c851482353b", +- "0xa2bfe8a14cf10364","0xa81a664bbc423001", +- "0xc24b8b70d0f89791","0xc76c51a30654be30", +- "0xd192e819d6ef5218","0xd69906245565a910", +- "0xf40e35855771202a","0x106aa07032bbd1b8", +- "0x19a4c116b8d2d0c8","0x1e376c085141ab53", +- "0x2748774cdf8eeb99","0x34b0bcb5e19b48a8", +- "0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb", +- "0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3", +- "0x748f82ee5defb2fc","0x78a5636f43172f60", +- "0x84c87814a1f0ab72","0x8cc702081a6439ec", +- "0x90befffa23631e28","0xa4506cebde82bde9", +- "0xbef9a3f7b2c67915","0xc67178f2e372532b", +- "0xca273eceea26619c","0xd186b8c721c0c207", +- "0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178", +- "0x06f067aa72176fba","0x0a637dc5a2c898a6", +- "0x113f9804bef90dae","0x1b710b35131c471b", +- "0x28db77f523047d84","0x32caab7b40c72493", +- "0x3c9ebe0a15c9bebc","0x431d67c49c100d4c", +- "0x4cc5d4becb3e42b6","0x597f299cfc657e2a", +- "0x5fcb6fab3ad6faec","0x6c44198c4a475817","0"); +-$code.=<<___ if (!$LENDIAN); +-.quad 0x0001020304050607,0x1011121314151617 +-___ +-$code.=<<___ if ($LENDIAN); # quad-swapped +-.quad 0x1011121314151617,0x0001020304050607 +-___ +-} else { +- local *table = sub { +- foreach(@_) { $code.=".long $_,$_,$_,$_\n"; } +- }; +- table( +- "0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5", +- "0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5", +- "0xd807aa98","0x12835b01","0x243185be","0x550c7dc3", +- "0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174", +- "0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc", +- "0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da", +- "0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7", +- "0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967", +- "0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13", +- "0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85", +- "0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3", +- "0xd192e819","0xd6990624","0xf40e3585","0x106aa070", +- "0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5", +- "0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3", +- "0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208", +- "0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0"); +-$code.=<<___ if (!$LENDIAN); +-.long 0x00010203,0x10111213,0x10111213,0x10111213 +-.long 0x00010203,0x04050607,0x10111213,0x10111213 +-.long 0x00010203,0x04050607,0x08090a0b,0x10111213 +-___ +-$code.=<<___ if ($LENDIAN); # word-swapped +-.long 0x10111213,0x10111213,0x10111213,0x00010203 +-.long 0x10111213,0x10111213,0x04050607,0x00010203 +-.long 0x10111213,0x08090a0b,0x04050607,0x00010203 +-___ +-} +-$code.=<<___; +-.asciz "SHA${bits} for PowerISA 2.07, CRYPTOGAMS by " +-.align 2 +-___ +- +-$code =~ s/\`([^\`]*)\`/eval $1/gem; +-print $code; +-close STDOUT; +diff --git a/lib/freebl/sha512-p8.s b/lib/freebl/sha512-p8.s +deleted file mode 100644 +index d84ec0478..000000000 +--- a/lib/freebl/sha512-p8.s ++++ /dev/null +@@ -1,851 +0,0 @@ +-# Copyright (c) 2006, CRYPTOGAMS by +-# All rights reserved. +-# See the full LICENSE under scripts/. +- +-.machine "any" +-.abiversion 2 +-.text +- +-.globl sha512_block_p8 +-.type sha512_block_p8,@function +-.align 6 +-sha512_block_p8: +-.localentry sha512_block_p8,0 +- +- stdu 1,-384(1) +- mflr 8 +- li 10,207 +- li 11,223 +- stvx 24,10,1 +- addi 10,10,32 +- li 12,-1 +- stvx 25,11,1 +- addi 11,11,32 +- stvx 26,10,1 +- addi 10,10,32 +- stvx 27,11,1 +- addi 11,11,32 +- stvx 28,10,1 +- addi 10,10,32 +- stvx 29,11,1 +- addi 11,11,32 +- stvx 30,10,1 +- stvx 31,11,1 +- li 11,-4096+255 +- stw 12,332(1) +- li 10,0x10 +- std 26,336(1) +- li 26,0x20 +- std 27,344(1) +- li 27,0x30 +- std 28,352(1) +- li 28,0x40 +- std 29,360(1) +- li 29,0x50 +- std 30,368(1) +- li 30,0x60 +- std 31,376(1) +- li 31,0x70 +- std 8,400(1) +- or 11,11,11 +- +- bl .LPICmeup +- addi 11,1,79 +- li 7,8 +- lvsl 31,0,7 +- vspltisb 28,0x0f +- vxor 31,31,28 +- .long 0x7C001E99 +- .long 0x7C4A1E99 +- .long 0x7C9A1E99 +- vsldoi 1,0,0,8 +- .long 0x7CDB1E99 +- vsldoi 3,2,2,8 +- vsldoi 5,4,4,8 +- vsldoi 7,6,6,8 +- li 0,4 +- b .Loop +-.align 5 +-.Loop: +- lvx 28,0,6 +- .long 0x7D002699 +- addi 4,4,16 +- mr 7,6 +- stvx 0,0,11 +- stvx 1,10,11 +- stvx 2,26,11 +- stvx 3,27,11 +- stvx 4,28,11 +- stvx 5,29,11 +- stvx 6,30,11 +- stvx 7,31,11 +- .long 0x10E7E0C0 +- lvx 28,10,6 +- vperm 8,8,8,31 +- .long 0x10E740C0 +- vsel 29,6,5,4 +- .long 0x10C6E0C0 +- .long 0x10E7E8C0 +- .long 0x13C4FEC2 +- .long 0x10E7F0C0 +- vxor 29,0,1 +- vsel 29,1,2,29 +- .long 0x106338C0 +- .long 0x13C086C2 +- .long 0x13DEE8C0 +- .long 0x10E7F0C0 +- lvx 28,26,7 +- .long 0x7D402699 +- addi 4,4,16 +- vsldoi 9,8,8,8 +- .long 0x10C648C0 +- vsel 29,5,4,3 +- .long 0x10A5E0C0 +- .long 0x10C6E8C0 +- .long 0x13C3FEC2 +- .long 0x10C6F0C0 +- vxor 29,7,0 +- vsel 29,0,1,29 +- .long 0x104230C0 +- .long 0x13C786C2 +- .long 0x13DEE8C0 +- .long 0x10C6F0C0 +- lvx 28,27,7 +- vperm 10,10,10,31 +- .long 0x10A550C0 +- vsel 29,4,3,2 +- .long 0x1084E0C0 +- .long 0x10A5E8C0 +- .long 0x13C2FEC2 +- .long 0x10A5F0C0 +- vxor 29,6,7 +- vsel 29,7,0,29 +- .long 0x102128C0 +- .long 0x13C686C2 +- .long 0x13DEE8C0 +- .long 0x10A5F0C0 +- lvx 28,28,7 +- .long 0x7D802699 +- addi 4,4,16 +- vsldoi 11,10,10,8 +- .long 0x108458C0 +- vsel 29,3,2,1 +- .long 0x1063E0C0 +- .long 0x1084E8C0 +- .long 0x13C1FEC2 +- .long 0x1084F0C0 +- vxor 29,5,6 +- vsel 29,6,7,29 +- .long 0x100020C0 +- .long 0x13C586C2 +- .long 0x13DEE8C0 +- .long 0x1084F0C0 +- lvx 28,29,7 +- vperm 12,12,12,31 +- .long 0x106360C0 +- vsel 29,2,1,0 +- .long 0x1042E0C0 +- .long 0x1063E8C0 +- .long 0x13C0FEC2 +- .long 0x1063F0C0 +- vxor 29,4,5 +- vsel 29,5,6,29 +- .long 0x10E718C0 +- .long 0x13C486C2 +- .long 0x13DEE8C0 +- .long 0x1063F0C0 +- lvx 28,30,7 +- .long 0x7DC02699 +- addi 4,4,16 +- vsldoi 13,12,12,8 +- .long 0x104268C0 +- vsel 29,1,0,7 +- .long 0x1021E0C0 +- .long 0x1042E8C0 +- .long 0x13C7FEC2 +- .long 0x1042F0C0 +- vxor 29,3,4 +- vsel 29,4,5,29 +- .long 0x10C610C0 +- .long 0x13C386C2 +- .long 0x13DEE8C0 +- .long 0x1042F0C0 +- lvx 28,31,7 +- addi 7,7,0x80 +- vperm 14,14,14,31 +- .long 0x102170C0 +- vsel 29,0,7,6 +- .long 0x1000E0C0 +- .long 0x1021E8C0 +- .long 0x13C6FEC2 +- .long 0x1021F0C0 +- vxor 29,2,3 +- vsel 29,3,4,29 +- .long 0x10A508C0 +- .long 0x13C286C2 +- .long 0x13DEE8C0 +- .long 0x1021F0C0 +- lvx 28,0,7 +- .long 0x7E002699 +- addi 4,4,16 +- vsldoi 15,14,14,8 +- .long 0x100078C0 +- vsel 29,7,6,5 +- .long 0x10E7E0C0 +- .long 0x1000E8C0 +- .long 0x13C5FEC2 +- .long 0x1000F0C0 +- vxor 29,1,2 +- vsel 29,2,3,29 +- .long 0x108400C0 +- .long 0x13C186C2 +- .long 0x13DEE8C0 +- .long 0x1000F0C0 +- lvx 28,10,7 +- vperm 16,16,16,31 +- .long 0x10E780C0 +- vsel 29,6,5,4 +- .long 0x10C6E0C0 +- .long 0x10E7E8C0 +- .long 0x13C4FEC2 +- .long 0x10E7F0C0 +- vxor 29,0,1 +- vsel 29,1,2,29 +- .long 0x106338C0 +- .long 0x13C086C2 +- .long 0x13DEE8C0 +- .long 0x10E7F0C0 +- lvx 28,26,7 +- .long 0x7E402699 +- addi 4,4,16 +- vsldoi 17,16,16,8 +- .long 0x10C688C0 +- vsel 29,5,4,3 +- .long 0x10A5E0C0 +- .long 0x10C6E8C0 +- .long 0x13C3FEC2 +- .long 0x10C6F0C0 +- vxor 29,7,0 +- vsel 29,0,1,29 +- .long 0x104230C0 +- .long 0x13C786C2 +- .long 0x13DEE8C0 +- .long 0x10C6F0C0 +- lvx 28,27,7 +- vperm 18,18,18,31 +- .long 0x10A590C0 +- vsel 29,4,3,2 +- .long 0x1084E0C0 +- .long 0x10A5E8C0 +- .long 0x13C2FEC2 +- .long 0x10A5F0C0 +- vxor 29,6,7 +- vsel 29,7,0,29 +- .long 0x102128C0 +- .long 0x13C686C2 +- .long 0x13DEE8C0 +- .long 0x10A5F0C0 +- lvx 28,28,7 +- .long 0x7F002699 +- addi 4,4,16 +- vsldoi 19,18,18,8 +- .long 0x108498C0 +- vsel 29,3,2,1 +- .long 0x1063E0C0 +- .long 0x1084E8C0 +- .long 0x13C1FEC2 +- .long 0x1084F0C0 +- vxor 29,5,6 +- vsel 29,6,7,29 +- .long 0x100020C0 +- .long 0x13C586C2 +- .long 0x13DEE8C0 +- .long 0x1084F0C0 +- lvx 28,29,7 +- vperm 24,24,24,31 +- .long 0x1063C0C0 +- vsel 29,2,1,0 +- .long 0x1042E0C0 +- .long 0x1063E8C0 +- .long 0x13C0FEC2 +- .long 0x1063F0C0 +- vxor 29,4,5 +- vsel 29,5,6,29 +- .long 0x10E718C0 +- .long 0x13C486C2 +- .long 0x13DEE8C0 +- .long 0x1063F0C0 +- lvx 28,30,7 +- .long 0x7F402699 +- addi 4,4,16 +- vsldoi 25,24,24,8 +- .long 0x1042C8C0 +- vsel 29,1,0,7 +- .long 0x1021E0C0 +- .long 0x1042E8C0 +- .long 0x13C7FEC2 +- .long 0x1042F0C0 +- vxor 29,3,4 +- vsel 29,4,5,29 +- .long 0x10C610C0 +- .long 0x13C386C2 +- .long 0x13DEE8C0 +- .long 0x1042F0C0 +- lvx 28,31,7 +- addi 7,7,0x80 +- vperm 26,26,26,31 +- .long 0x1021D0C0 +- vsel 29,0,7,6 +- .long 0x1000E0C0 +- .long 0x1021E8C0 +- .long 0x13C6FEC2 +- .long 0x1021F0C0 +- vxor 29,2,3 +- vsel 29,3,4,29 +- .long 0x10A508C0 +- .long 0x13C286C2 +- .long 0x13DEE8C0 +- .long 0x1021F0C0 +- lvx 28,0,7 +- vsldoi 27,26,26,8 +- .long 0x13C906C2 +- .long 0x1108F0C0 +- .long 0x13DA7EC2 +- .long 0x1108F0C0 +- .long 0x110888C0 +- .long 0x1000D8C0 +- vsel 29,7,6,5 +- .long 0x10E7E0C0 +- .long 0x1000E8C0 +- .long 0x13C5FEC2 +- .long 0x1000F0C0 +- vxor 29,1,2 +- vsel 29,2,3,29 +- .long 0x108400C0 +- .long 0x13C186C2 +- .long 0x13DEE8C0 +- .long 0x1000F0C0 +- lvx 28,10,7 +- mtctr 0 +- b .L16_xx +-.align 5 +-.L16_xx: +- .long 0x13CA06C2 +- .long 0x1129F0C0 +- .long 0x13DB7EC2 +- .long 0x1129F0C0 +- .long 0x112990C0 +- .long 0x10E740C0 +- vsel 29,6,5,4 +- .long 0x10C6E0C0 +- .long 0x10E7E8C0 +- .long 0x13C4FEC2 +- .long 0x10E7F0C0 +- vxor 29,0,1 +- vsel 29,1,2,29 +- .long 0x106338C0 +- .long 0x13C086C2 +- .long 0x13DEE8C0 +- .long 0x10E7F0C0 +- lvx 28,26,7 +- .long 0x13CB06C2 +- .long 0x114AF0C0 +- .long 0x13C87EC2 +- .long 0x114AF0C0 +- .long 0x114A98C0 +- .long 0x10C648C0 +- vsel 29,5,4,3 +- .long 0x10A5E0C0 +- .long 0x10C6E8C0 +- .long 0x13C3FEC2 +- .long 0x10C6F0C0 +- vxor 29,7,0 +- vsel 29,0,1,29 +- .long 0x104230C0 +- .long 0x13C786C2 +- .long 0x13DEE8C0 +- .long 0x10C6F0C0 +- lvx 28,27,7 +- .long 0x13CC06C2 +- .long 0x116BF0C0 +- .long 0x13C97EC2 +- .long 0x116BF0C0 +- .long 0x116BC0C0 +- .long 0x10A550C0 +- vsel 29,4,3,2 +- .long 0x1084E0C0 +- .long 0x10A5E8C0 +- .long 0x13C2FEC2 +- .long 0x10A5F0C0 +- vxor 29,6,7 +- vsel 29,7,0,29 +- .long 0x102128C0 +- .long 0x13C686C2 +- .long 0x13DEE8C0 +- .long 0x10A5F0C0 +- lvx 28,28,7 +- .long 0x13CD06C2 +- .long 0x118CF0C0 +- .long 0x13CA7EC2 +- .long 0x118CF0C0 +- .long 0x118CC8C0 +- .long 0x108458C0 +- vsel 29,3,2,1 +- .long 0x1063E0C0 +- .long 0x1084E8C0 +- .long 0x13C1FEC2 +- .long 0x1084F0C0 +- vxor 29,5,6 +- vsel 29,6,7,29 +- .long 0x100020C0 +- .long 0x13C586C2 +- .long 0x13DEE8C0 +- .long 0x1084F0C0 +- lvx 28,29,7 +- .long 0x13CE06C2 +- .long 0x11ADF0C0 +- .long 0x13CB7EC2 +- .long 0x11ADF0C0 +- .long 0x11ADD0C0 +- .long 0x106360C0 +- vsel 29,2,1,0 +- .long 0x1042E0C0 +- .long 0x1063E8C0 +- .long 0x13C0FEC2 +- .long 0x1063F0C0 +- vxor 29,4,5 +- vsel 29,5,6,29 +- .long 0x10E718C0 +- .long 0x13C486C2 +- .long 0x13DEE8C0 +- .long 0x1063F0C0 +- lvx 28,30,7 +- .long 0x13CF06C2 +- .long 0x11CEF0C0 +- .long 0x13CC7EC2 +- .long 0x11CEF0C0 +- .long 0x11CED8C0 +- .long 0x104268C0 +- vsel 29,1,0,7 +- .long 0x1021E0C0 +- .long 0x1042E8C0 +- .long 0x13C7FEC2 +- .long 0x1042F0C0 +- vxor 29,3,4 +- vsel 29,4,5,29 +- .long 0x10C610C0 +- .long 0x13C386C2 +- .long 0x13DEE8C0 +- .long 0x1042F0C0 +- lvx 28,31,7 +- addi 7,7,0x80 +- .long 0x13D006C2 +- .long 0x11EFF0C0 +- .long 0x13CD7EC2 +- .long 0x11EFF0C0 +- .long 0x11EF40C0 +- .long 0x102170C0 +- vsel 29,0,7,6 +- .long 0x1000E0C0 +- .long 0x1021E8C0 +- .long 0x13C6FEC2 +- .long 0x1021F0C0 +- vxor 29,2,3 +- vsel 29,3,4,29 +- .long 0x10A508C0 +- .long 0x13C286C2 +- .long 0x13DEE8C0 +- .long 0x1021F0C0 +- lvx 28,0,7 +- .long 0x13D106C2 +- .long 0x1210F0C0 +- .long 0x13CE7EC2 +- .long 0x1210F0C0 +- .long 0x121048C0 +- .long 0x100078C0 +- vsel 29,7,6,5 +- .long 0x10E7E0C0 +- .long 0x1000E8C0 +- .long 0x13C5FEC2 +- .long 0x1000F0C0 +- vxor 29,1,2 +- vsel 29,2,3,29 +- .long 0x108400C0 +- .long 0x13C186C2 +- .long 0x13DEE8C0 +- .long 0x1000F0C0 +- lvx 28,10,7 +- .long 0x13D206C2 +- .long 0x1231F0C0 +- .long 0x13CF7EC2 +- .long 0x1231F0C0 +- .long 0x123150C0 +- .long 0x10E780C0 +- vsel 29,6,5,4 +- .long 0x10C6E0C0 +- .long 0x10E7E8C0 +- .long 0x13C4FEC2 +- .long 0x10E7F0C0 +- vxor 29,0,1 +- vsel 29,1,2,29 +- .long 0x106338C0 +- .long 0x13C086C2 +- .long 0x13DEE8C0 +- .long 0x10E7F0C0 +- lvx 28,26,7 +- .long 0x13D306C2 +- .long 0x1252F0C0 +- .long 0x13D07EC2 +- .long 0x1252F0C0 +- .long 0x125258C0 +- .long 0x10C688C0 +- vsel 29,5,4,3 +- .long 0x10A5E0C0 +- .long 0x10C6E8C0 +- .long 0x13C3FEC2 +- .long 0x10C6F0C0 +- vxor 29,7,0 +- vsel 29,0,1,29 +- .long 0x104230C0 +- .long 0x13C786C2 +- .long 0x13DEE8C0 +- .long 0x10C6F0C0 +- lvx 28,27,7 +- .long 0x13D806C2 +- .long 0x1273F0C0 +- .long 0x13D17EC2 +- .long 0x1273F0C0 +- .long 0x127360C0 +- .long 0x10A590C0 +- vsel 29,4,3,2 +- .long 0x1084E0C0 +- .long 0x10A5E8C0 +- .long 0x13C2FEC2 +- .long 0x10A5F0C0 +- vxor 29,6,7 +- vsel 29,7,0,29 +- .long 0x102128C0 +- .long 0x13C686C2 +- .long 0x13DEE8C0 +- .long 0x10A5F0C0 +- lvx 28,28,7 +- .long 0x13D906C2 +- .long 0x1318F0C0 +- .long 0x13D27EC2 +- .long 0x1318F0C0 +- .long 0x131868C0 +- .long 0x108498C0 +- vsel 29,3,2,1 +- .long 0x1063E0C0 +- .long 0x1084E8C0 +- .long 0x13C1FEC2 +- .long 0x1084F0C0 +- vxor 29,5,6 +- vsel 29,6,7,29 +- .long 0x100020C0 +- .long 0x13C586C2 +- .long 0x13DEE8C0 +- .long 0x1084F0C0 +- lvx 28,29,7 +- .long 0x13DA06C2 +- .long 0x1339F0C0 +- .long 0x13D37EC2 +- .long 0x1339F0C0 +- .long 0x133970C0 +- .long 0x1063C0C0 +- vsel 29,2,1,0 +- .long 0x1042E0C0 +- .long 0x1063E8C0 +- .long 0x13C0FEC2 +- .long 0x1063F0C0 +- vxor 29,4,5 +- vsel 29,5,6,29 +- .long 0x10E718C0 +- .long 0x13C486C2 +- .long 0x13DEE8C0 +- .long 0x1063F0C0 +- lvx 28,30,7 +- .long 0x13DB06C2 +- .long 0x135AF0C0 +- .long 0x13D87EC2 +- .long 0x135AF0C0 +- .long 0x135A78C0 +- .long 0x1042C8C0 +- vsel 29,1,0,7 +- .long 0x1021E0C0 +- .long 0x1042E8C0 +- .long 0x13C7FEC2 +- .long 0x1042F0C0 +- vxor 29,3,4 +- vsel 29,4,5,29 +- .long 0x10C610C0 +- .long 0x13C386C2 +- .long 0x13DEE8C0 +- .long 0x1042F0C0 +- lvx 28,31,7 +- addi 7,7,0x80 +- .long 0x13C806C2 +- .long 0x137BF0C0 +- .long 0x13D97EC2 +- .long 0x137BF0C0 +- .long 0x137B80C0 +- .long 0x1021D0C0 +- vsel 29,0,7,6 +- .long 0x1000E0C0 +- .long 0x1021E8C0 +- .long 0x13C6FEC2 +- .long 0x1021F0C0 +- vxor 29,2,3 +- vsel 29,3,4,29 +- .long 0x10A508C0 +- .long 0x13C286C2 +- .long 0x13DEE8C0 +- .long 0x1021F0C0 +- lvx 28,0,7 +- .long 0x13C906C2 +- .long 0x1108F0C0 +- .long 0x13DA7EC2 +- .long 0x1108F0C0 +- .long 0x110888C0 +- .long 0x1000D8C0 +- vsel 29,7,6,5 +- .long 0x10E7E0C0 +- .long 0x1000E8C0 +- .long 0x13C5FEC2 +- .long 0x1000F0C0 +- vxor 29,1,2 +- vsel 29,2,3,29 +- .long 0x108400C0 +- .long 0x13C186C2 +- .long 0x13DEE8C0 +- .long 0x1000F0C0 +- lvx 28,10,7 +- bdnz .L16_xx +- +- lvx 10,0,11 +- subic. 5,5,1 +- lvx 11,10,11 +- .long 0x100050C0 +- lvx 12,26,11 +- .long 0x102158C0 +- lvx 13,27,11 +- .long 0x104260C0 +- lvx 14,28,11 +- .long 0x106368C0 +- lvx 15,29,11 +- .long 0x108470C0 +- lvx 16,30,11 +- .long 0x10A578C0 +- lvx 17,31,11 +- .long 0x10C680C0 +- .long 0x10E788C0 +- bne .Loop +- vperm 0,0,1,28 +- vperm 2,2,3,28 +- vperm 4,4,5,28 +- vperm 6,6,7,28 +- .long 0x7C001F99 +- .long 0x7C4A1F99 +- .long 0x7C9A1F99 +- .long 0x7CDB1F99 +- addi 11,1,207 +- mtlr 8 +- or 12,12,12 +- lvx 24,0,11 +- lvx 25,10,11 +- lvx 26,26,11 +- lvx 27,27,11 +- lvx 28,28,11 +- lvx 29,29,11 +- lvx 30,30,11 +- lvx 31,31,11 +- ld 26,336(1) +- ld 27,344(1) +- ld 28,352(1) +- ld 29,360(1) +- ld 30,368(1) +- ld 31,376(1) +- addi 1,1,384 +- blr +-.long 0 +-.byte 0,12,4,1,0x80,6,3,0 +-.long 0 +-.size sha512_block_p8,.-sha512_block_p8 +-.align 6 +-.LPICmeup: +- mflr 0 +- bcl 20,31,$+4 +- mflr 6 +- addi 6,6,56 +- mtlr 0 +- blr +-.long 0 +-.byte 0,12,0x14,0,0,0,0,0 +-.space 28 +-.long 0xd728ae22,0x428a2f98 +-.long 0xd728ae22,0x428a2f98 +-.long 0x23ef65cd,0x71374491 +-.long 0x23ef65cd,0x71374491 +-.long 0xec4d3b2f,0xb5c0fbcf +-.long 0xec4d3b2f,0xb5c0fbcf +-.long 0x8189dbbc,0xe9b5dba5 +-.long 0x8189dbbc,0xe9b5dba5 +-.long 0xf348b538,0x3956c25b +-.long 0xf348b538,0x3956c25b +-.long 0xb605d019,0x59f111f1 +-.long 0xb605d019,0x59f111f1 +-.long 0xaf194f9b,0x923f82a4 +-.long 0xaf194f9b,0x923f82a4 +-.long 0xda6d8118,0xab1c5ed5 +-.long 0xda6d8118,0xab1c5ed5 +-.long 0xa3030242,0xd807aa98 +-.long 0xa3030242,0xd807aa98 +-.long 0x45706fbe,0x12835b01 +-.long 0x45706fbe,0x12835b01 +-.long 0x4ee4b28c,0x243185be +-.long 0x4ee4b28c,0x243185be +-.long 0xd5ffb4e2,0x550c7dc3 +-.long 0xd5ffb4e2,0x550c7dc3 +-.long 0xf27b896f,0x72be5d74 +-.long 0xf27b896f,0x72be5d74 +-.long 0x3b1696b1,0x80deb1fe +-.long 0x3b1696b1,0x80deb1fe +-.long 0x25c71235,0x9bdc06a7 +-.long 0x25c71235,0x9bdc06a7 +-.long 0xcf692694,0xc19bf174 +-.long 0xcf692694,0xc19bf174 +-.long 0x9ef14ad2,0xe49b69c1 +-.long 0x9ef14ad2,0xe49b69c1 +-.long 0x384f25e3,0xefbe4786 +-.long 0x384f25e3,0xefbe4786 +-.long 0x8b8cd5b5,0x0fc19dc6 +-.long 0x8b8cd5b5,0x0fc19dc6 +-.long 0x77ac9c65,0x240ca1cc +-.long 0x77ac9c65,0x240ca1cc +-.long 0x592b0275,0x2de92c6f +-.long 0x592b0275,0x2de92c6f +-.long 0x6ea6e483,0x4a7484aa +-.long 0x6ea6e483,0x4a7484aa +-.long 0xbd41fbd4,0x5cb0a9dc +-.long 0xbd41fbd4,0x5cb0a9dc +-.long 0x831153b5,0x76f988da +-.long 0x831153b5,0x76f988da +-.long 0xee66dfab,0x983e5152 +-.long 0xee66dfab,0x983e5152 +-.long 0x2db43210,0xa831c66d +-.long 0x2db43210,0xa831c66d +-.long 0x98fb213f,0xb00327c8 +-.long 0x98fb213f,0xb00327c8 +-.long 0xbeef0ee4,0xbf597fc7 +-.long 0xbeef0ee4,0xbf597fc7 +-.long 0x3da88fc2,0xc6e00bf3 +-.long 0x3da88fc2,0xc6e00bf3 +-.long 0x930aa725,0xd5a79147 +-.long 0x930aa725,0xd5a79147 +-.long 0xe003826f,0x06ca6351 +-.long 0xe003826f,0x06ca6351 +-.long 0x0a0e6e70,0x14292967 +-.long 0x0a0e6e70,0x14292967 +-.long 0x46d22ffc,0x27b70a85 +-.long 0x46d22ffc,0x27b70a85 +-.long 0x5c26c926,0x2e1b2138 +-.long 0x5c26c926,0x2e1b2138 +-.long 0x5ac42aed,0x4d2c6dfc +-.long 0x5ac42aed,0x4d2c6dfc +-.long 0x9d95b3df,0x53380d13 +-.long 0x9d95b3df,0x53380d13 +-.long 0x8baf63de,0x650a7354 +-.long 0x8baf63de,0x650a7354 +-.long 0x3c77b2a8,0x766a0abb +-.long 0x3c77b2a8,0x766a0abb +-.long 0x47edaee6,0x81c2c92e +-.long 0x47edaee6,0x81c2c92e +-.long 0x1482353b,0x92722c85 +-.long 0x1482353b,0x92722c85 +-.long 0x4cf10364,0xa2bfe8a1 +-.long 0x4cf10364,0xa2bfe8a1 +-.long 0xbc423001,0xa81a664b +-.long 0xbc423001,0xa81a664b +-.long 0xd0f89791,0xc24b8b70 +-.long 0xd0f89791,0xc24b8b70 +-.long 0x0654be30,0xc76c51a3 +-.long 0x0654be30,0xc76c51a3 +-.long 0xd6ef5218,0xd192e819 +-.long 0xd6ef5218,0xd192e819 +-.long 0x5565a910,0xd6990624 +-.long 0x5565a910,0xd6990624 +-.long 0x5771202a,0xf40e3585 +-.long 0x5771202a,0xf40e3585 +-.long 0x32bbd1b8,0x106aa070 +-.long 0x32bbd1b8,0x106aa070 +-.long 0xb8d2d0c8,0x19a4c116 +-.long 0xb8d2d0c8,0x19a4c116 +-.long 0x5141ab53,0x1e376c08 +-.long 0x5141ab53,0x1e376c08 +-.long 0xdf8eeb99,0x2748774c +-.long 0xdf8eeb99,0x2748774c +-.long 0xe19b48a8,0x34b0bcb5 +-.long 0xe19b48a8,0x34b0bcb5 +-.long 0xc5c95a63,0x391c0cb3 +-.long 0xc5c95a63,0x391c0cb3 +-.long 0xe3418acb,0x4ed8aa4a +-.long 0xe3418acb,0x4ed8aa4a +-.long 0x7763e373,0x5b9cca4f +-.long 0x7763e373,0x5b9cca4f +-.long 0xd6b2b8a3,0x682e6ff3 +-.long 0xd6b2b8a3,0x682e6ff3 +-.long 0x5defb2fc,0x748f82ee +-.long 0x5defb2fc,0x748f82ee +-.long 0x43172f60,0x78a5636f +-.long 0x43172f60,0x78a5636f +-.long 0xa1f0ab72,0x84c87814 +-.long 0xa1f0ab72,0x84c87814 +-.long 0x1a6439ec,0x8cc70208 +-.long 0x1a6439ec,0x8cc70208 +-.long 0x23631e28,0x90befffa +-.long 0x23631e28,0x90befffa +-.long 0xde82bde9,0xa4506ceb +-.long 0xde82bde9,0xa4506ceb +-.long 0xb2c67915,0xbef9a3f7 +-.long 0xb2c67915,0xbef9a3f7 +-.long 0xe372532b,0xc67178f2 +-.long 0xe372532b,0xc67178f2 +-.long 0xea26619c,0xca273ece +-.long 0xea26619c,0xca273ece +-.long 0x21c0c207,0xd186b8c7 +-.long 0x21c0c207,0xd186b8c7 +-.long 0xcde0eb1e,0xeada7dd6 +-.long 0xcde0eb1e,0xeada7dd6 +-.long 0xee6ed178,0xf57d4f7f +-.long 0xee6ed178,0xf57d4f7f +-.long 0x72176fba,0x06f067aa +-.long 0x72176fba,0x06f067aa +-.long 0xa2c898a6,0x0a637dc5 +-.long 0xa2c898a6,0x0a637dc5 +-.long 0xbef90dae,0x113f9804 +-.long 0xbef90dae,0x113f9804 +-.long 0x131c471b,0x1b710b35 +-.long 0x131c471b,0x1b710b35 +-.long 0x23047d84,0x28db77f5 +-.long 0x23047d84,0x28db77f5 +-.long 0x40c72493,0x32caab7b +-.long 0x40c72493,0x32caab7b +-.long 0x15c9bebc,0x3c9ebe0a +-.long 0x15c9bebc,0x3c9ebe0a +-.long 0x9c100d4c,0x431d67c4 +-.long 0x9c100d4c,0x431d67c4 +-.long 0xcb3e42b6,0x4cc5d4be +-.long 0xcb3e42b6,0x4cc5d4be +-.long 0xfc657e2a,0x597f299c +-.long 0xfc657e2a,0x597f299c +-.long 0x3ad6faec,0x5fcb6fab +-.long 0x3ad6faec,0x5fcb6fab +-.long 0x4a475817,0x6c44198c +-.long 0x4a475817,0x6c44198c +-.long 0,0 +-.long 0,0 +-.long 0x14151617,0x10111213 +-.long 0x04050607,0x00010203 +-.byte 83,72,65,53,49,50,32,102,111,114,32,80,111,119,101,114,73,83,65,32,50,46,48,55,44,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +-.align 2 +-.align 2 +diff --git a/lib/freebl/sha512.c b/lib/freebl/sha512.c +index f2a1a33ca..c1cfb7376 100644 +--- a/lib/freebl/sha512.c ++++ b/lib/freebl/sha512.c +@@ -18,10 +18,8 @@ + #include "prlong.h" + #include "secport.h" /* for PORT_XXX */ + #include "blapi.h" +-#include "blapii.h" + #include "sha256.h" /* for struct SHA256ContextStr */ + #include "crypto_primitives.h" +-#include "ppc-crypto.h" /* for USE_PPC_CRYPTO */ + + /* ============= Common constants and defines ======================= */ + +@@ -45,7 +43,7 @@ static const PRUint8 pad[240] = { + /* ============= SHA256 implementation ================================== */ + + /* SHA-256 constants, K256. */ +-pre_align static const PRUint32 K256[64] post_align = { ++static const PRUint32 K256[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, +@@ -179,162 +177,9 @@ SHA256_Begin(SHA256Context *ctx) + memcpy(H, H256, sizeof H256); + } + +-#if defined(USE_PPC_CRYPTO) +- +-#define ROUND(n, a, b, c, d, e, f, g, h) \ +- s0 = __builtin_crypto_vshasigmaw(e, 1, 0xf); \ +- h += s0 + vec_sel(g, f, e) + w[n / 4]; \ +- d += h; \ +- s0 = __builtin_crypto_vshasigmaw(a, 1, 0); \ +- h += s0 + vec_sel(b, c, vec_xor(a, b)); \ +- if (n % 4 != 3) \ +- w[n / 4] = vec_sro(w[n / 4], rshift); +- +-#else +- +-#define ROUND(n, a, b, c, d, e, f, g, h) \ +- h += S1(e) + Ch(e, f, g) + K256[n] + W[n]; \ +- d += h; \ +- h += S0(a) + Maj(a, b, c); +- +-#endif +- +-#define SHA256_UNROLLED_ROUNDS \ +- ROUND(0, a, b, c, d, e, f, g, h) \ +- ROUND(1, h, a, b, c, d, e, f, g) \ +- ROUND(2, g, h, a, b, c, d, e, f) \ +- ROUND(3, f, g, h, a, b, c, d, e) \ +- ROUND(4, e, f, g, h, a, b, c, d) \ +- ROUND(5, d, e, f, g, h, a, b, c) \ +- ROUND(6, c, d, e, f, g, h, a, b) \ +- ROUND(7, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(8, a, b, c, d, e, f, g, h) \ +- ROUND(9, h, a, b, c, d, e, f, g) \ +- ROUND(10, g, h, a, b, c, d, e, f) \ +- ROUND(11, f, g, h, a, b, c, d, e) \ +- ROUND(12, e, f, g, h, a, b, c, d) \ +- ROUND(13, d, e, f, g, h, a, b, c) \ +- ROUND(14, c, d, e, f, g, h, a, b) \ +- ROUND(15, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(16, a, b, c, d, e, f, g, h) \ +- ROUND(17, h, a, b, c, d, e, f, g) \ +- ROUND(18, g, h, a, b, c, d, e, f) \ +- ROUND(19, f, g, h, a, b, c, d, e) \ +- ROUND(20, e, f, g, h, a, b, c, d) \ +- ROUND(21, d, e, f, g, h, a, b, c) \ +- ROUND(22, c, d, e, f, g, h, a, b) \ +- ROUND(23, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(24, a, b, c, d, e, f, g, h) \ +- ROUND(25, h, a, b, c, d, e, f, g) \ +- ROUND(26, g, h, a, b, c, d, e, f) \ +- ROUND(27, f, g, h, a, b, c, d, e) \ +- ROUND(28, e, f, g, h, a, b, c, d) \ +- ROUND(29, d, e, f, g, h, a, b, c) \ +- ROUND(30, c, d, e, f, g, h, a, b) \ +- ROUND(31, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(32, a, b, c, d, e, f, g, h) \ +- ROUND(33, h, a, b, c, d, e, f, g) \ +- ROUND(34, g, h, a, b, c, d, e, f) \ +- ROUND(35, f, g, h, a, b, c, d, e) \ +- ROUND(36, e, f, g, h, a, b, c, d) \ +- ROUND(37, d, e, f, g, h, a, b, c) \ +- ROUND(38, c, d, e, f, g, h, a, b) \ +- ROUND(39, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(40, a, b, c, d, e, f, g, h) \ +- ROUND(41, h, a, b, c, d, e, f, g) \ +- ROUND(42, g, h, a, b, c, d, e, f) \ +- ROUND(43, f, g, h, a, b, c, d, e) \ +- ROUND(44, e, f, g, h, a, b, c, d) \ +- ROUND(45, d, e, f, g, h, a, b, c) \ +- ROUND(46, c, d, e, f, g, h, a, b) \ +- ROUND(47, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(48, a, b, c, d, e, f, g, h) \ +- ROUND(49, h, a, b, c, d, e, f, g) \ +- ROUND(50, g, h, a, b, c, d, e, f) \ +- ROUND(51, f, g, h, a, b, c, d, e) \ +- ROUND(52, e, f, g, h, a, b, c, d) \ +- ROUND(53, d, e, f, g, h, a, b, c) \ +- ROUND(54, c, d, e, f, g, h, a, b) \ +- ROUND(55, b, c, d, e, f, g, h, a) \ +- \ +- ROUND(56, a, b, c, d, e, f, g, h) \ +- ROUND(57, h, a, b, c, d, e, f, g) \ +- ROUND(58, g, h, a, b, c, d, e, f) \ +- ROUND(59, f, g, h, a, b, c, d, e) \ +- ROUND(60, e, f, g, h, a, b, c, d) \ +- ROUND(61, d, e, f, g, h, a, b, c) \ +- ROUND(62, c, d, e, f, g, h, a, b) \ +- ROUND(63, b, c, d, e, f, g, h, a) +- + static void + SHA256_Compress(SHA256Context *ctx) + { +-#if defined(USE_PPC_CRYPTO) +- vec_u32 w[16], s0, s1; +- const vec_u8 rshift = (vec_u8)vec_splats(4 << 3); +- const vec_u8 shifthalf = (vec_u8)vec_splats(8 << 3); +- const vec_u8 bswap4 = (vec_u8){ +- 3, 2, 1, 0, 7, 6, 5, 4, 11, +- 10, 9, 8, 15, 14, 13, 12, +- }; +- unsigned i; +- +- for (i = 0; i < 4; i++) { +- w[i] = vec_vsx_ld(0, &W[i * 4]); +- w[i] = vec_perm(w[i], w[i], bswap4); +- } +- +- /* prepare the message schedule */ +- for (i = 4; i < 16; i++) { +- vec_u32 off1 = vec_sld(w[i - 3], w[i - 4], 12); +- vec_u32 off2 = vec_sld(w[i - 1], w[i - 2], 12); +- s0 = __builtin_crypto_vshasigmaw(off1, 0, 0); +- /* first half, s1 depends on two prior ints */ +- s1 = __builtin_crypto_vshasigmaw(w[i - 1], 0, 0xf); +- s1 = vec_sro(s1, shifthalf); +- w[i] = w[i - 4] + s0 + off2 + s1; +- +- /* second half s1 */ +- s1 = __builtin_crypto_vshasigmaw(w[i], 0, 0xf); +- s1 = vec_slo(s1, shifthalf); +- w[i] += s1; +- } +- +- for (i = 0; i < 16; i++) { +- w[i] += vec_ld(0, &K256[i * 4]); +- } +- +- vec_u32 a, b, c, d, e, f, g, h; +- a = vec_splats(H[0]); +- b = vec_splats(H[1]); +- c = vec_splats(H[2]); +- d = vec_splats(H[3]); +- e = vec_splats(H[4]); +- f = vec_splats(H[5]); +- g = vec_splats(H[6]); +- h = vec_splats(H[7]); +- +- SHA256_UNROLLED_ROUNDS; +- +- H[0] += a[0]; +- H[1] += b[0]; +- H[2] += c[0]; +- H[3] += d[0]; +- H[4] += e[0]; +- H[5] += f[0]; +- H[6] += g[0]; +- H[7] += h[0]; +- +-#undef ROUND +- +-#else /* USE_PPC_CRYPTO*/ +- + { + #if defined(IS_LITTLE_ENDIAN) + BYTESWAP4(W[0]); +@@ -435,6 +280,11 @@ SHA256_Compress(SHA256Context *ctx) + g = H[6]; + h = H[7]; + ++#define ROUND(n, a, b, c, d, e, f, g, h) \ ++ h += S1(e) + Ch(e, f, g) + K256[n] + W[n]; \ ++ d += h; \ ++ h += S0(a) + Maj(a, b, c); ++ + #ifdef NOUNROLL256 + { + int t; +@@ -450,7 +300,77 @@ SHA256_Compress(SHA256Context *ctx) + } + } + #else +- SHA256_UNROLLED_ROUNDS; ++ ROUND(0, a, b, c, d, e, f, g, h) ++ ROUND(1, h, a, b, c, d, e, f, g) ++ ROUND(2, g, h, a, b, c, d, e, f) ++ ROUND(3, f, g, h, a, b, c, d, e) ++ ROUND(4, e, f, g, h, a, b, c, d) ++ ROUND(5, d, e, f, g, h, a, b, c) ++ ROUND(6, c, d, e, f, g, h, a, b) ++ ROUND(7, b, c, d, e, f, g, h, a) ++ ++ ROUND(8, a, b, c, d, e, f, g, h) ++ ROUND(9, h, a, b, c, d, e, f, g) ++ ROUND(10, g, h, a, b, c, d, e, f) ++ ROUND(11, f, g, h, a, b, c, d, e) ++ ROUND(12, e, f, g, h, a, b, c, d) ++ ROUND(13, d, e, f, g, h, a, b, c) ++ ROUND(14, c, d, e, f, g, h, a, b) ++ ROUND(15, b, c, d, e, f, g, h, a) ++ ++ ROUND(16, a, b, c, d, e, f, g, h) ++ ROUND(17, h, a, b, c, d, e, f, g) ++ ROUND(18, g, h, a, b, c, d, e, f) ++ ROUND(19, f, g, h, a, b, c, d, e) ++ ROUND(20, e, f, g, h, a, b, c, d) ++ ROUND(21, d, e, f, g, h, a, b, c) ++ ROUND(22, c, d, e, f, g, h, a, b) ++ ROUND(23, b, c, d, e, f, g, h, a) ++ ++ ROUND(24, a, b, c, d, e, f, g, h) ++ ROUND(25, h, a, b, c, d, e, f, g) ++ ROUND(26, g, h, a, b, c, d, e, f) ++ ROUND(27, f, g, h, a, b, c, d, e) ++ ROUND(28, e, f, g, h, a, b, c, d) ++ ROUND(29, d, e, f, g, h, a, b, c) ++ ROUND(30, c, d, e, f, g, h, a, b) ++ ROUND(31, b, c, d, e, f, g, h, a) ++ ++ ROUND(32, a, b, c, d, e, f, g, h) ++ ROUND(33, h, a, b, c, d, e, f, g) ++ ROUND(34, g, h, a, b, c, d, e, f) ++ ROUND(35, f, g, h, a, b, c, d, e) ++ ROUND(36, e, f, g, h, a, b, c, d) ++ ROUND(37, d, e, f, g, h, a, b, c) ++ ROUND(38, c, d, e, f, g, h, a, b) ++ ROUND(39, b, c, d, e, f, g, h, a) ++ ++ ROUND(40, a, b, c, d, e, f, g, h) ++ ROUND(41, h, a, b, c, d, e, f, g) ++ ROUND(42, g, h, a, b, c, d, e, f) ++ ROUND(43, f, g, h, a, b, c, d, e) ++ ROUND(44, e, f, g, h, a, b, c, d) ++ ROUND(45, d, e, f, g, h, a, b, c) ++ ROUND(46, c, d, e, f, g, h, a, b) ++ ROUND(47, b, c, d, e, f, g, h, a) ++ ++ ROUND(48, a, b, c, d, e, f, g, h) ++ ROUND(49, h, a, b, c, d, e, f, g) ++ ROUND(50, g, h, a, b, c, d, e, f) ++ ROUND(51, f, g, h, a, b, c, d, e) ++ ROUND(52, e, f, g, h, a, b, c, d) ++ ROUND(53, d, e, f, g, h, a, b, c) ++ ROUND(54, c, d, e, f, g, h, a, b) ++ ROUND(55, b, c, d, e, f, g, h, a) ++ ++ ROUND(56, a, b, c, d, e, f, g, h) ++ ROUND(57, h, a, b, c, d, e, f, g) ++ ROUND(58, g, h, a, b, c, d, e, f) ++ ROUND(59, f, g, h, a, b, c, d, e) ++ ROUND(60, e, f, g, h, a, b, c, d) ++ ROUND(61, d, e, f, g, h, a, b, c) ++ ROUND(62, c, d, e, f, g, h, a, b) ++ ROUND(63, b, c, d, e, f, g, h, a) + #endif + + H[0] += a; +@@ -463,7 +383,6 @@ SHA256_Compress(SHA256Context *ctx) + H[7] += h; + } + #undef ROUND +-#endif /* !USE_PPC_CRYPTO */ + } + + #undef s0 +@@ -772,11 +691,6 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src) + + #endif + +-#if defined(USE_PPC_CRYPTO) +-void sha512_block_p8(void *ctx, const void *inp, size_t len); +- +-#else /* USE_PPC_CRYPTO */ +- + /* SHA-384 and SHA-512 constants, K512. */ + static const PRUint64 K512[80] = { + #if PR_BYTES_PER_LONG == 8 +@@ -864,8 +778,6 @@ static const PRUint64 K512[80] = { + #endif + }; + +-#endif /* !USE_PPC_CRYPTO */ +- + struct SHA512ContextStr { + union { + PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */ +@@ -1020,10 +932,6 @@ SHA512_Begin(SHA512Context *ctx) + static void + SHA512_Compress(SHA512Context *ctx) + { +-#if defined(USE_PPC_CRYPTO) +- sha512_block_p8(&H[0], &W[0], 1); +-#else /* USE_PPC_CRYPTO */ +- + #if defined(IS_LITTLE_ENDIAN) + { + BYTESWAP8(W[0]); +@@ -1266,8 +1174,6 @@ SHA512_Compress(SHA512Context *ctx) + ADDTO(g, H[6]); + ADDTO(h, H[7]); + } +- +-#endif /* !USE_PPC_CRYPTO */ + } + + void +-- +2.26.2 + diff --git a/SOURCES/nss-softokn-tls-cavs.patch b/SOURCES/nss-softokn-tls-cavs.patch deleted file mode 100644 index 668846b..0000000 --- a/SOURCES/nss-softokn-tls-cavs.patch +++ /dev/null @@ -1,72 +0,0 @@ -# HG changeset patch -# User Tomas Mraz -# Date 1560861770 -7200 -# Tue Jun 18 14:42:50 2019 +0200 -# Node ID 8c4e73e0bab6c2282e672dccad5e45bc171bc3fc -# Parent 313dfef345bd93bc67982249bffa2cfdd5a9d1b5 -fipstest: fix CKM_TLS12_MASTER_KEY_DERIVE usage in TLS test - -diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c ---- a/cmd/fipstest/fipstest.c -+++ b/cmd/fipstest/fipstest.c -@@ -6669,12 +6669,13 @@ tls(char *reqfn) - - CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE, NULL, 0 }; - CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE, NULL, 0 }; -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; -- CK_SSL3_KEY_MAT_PARAMS key_block_params; -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; -+ CK_TLS12_KEY_MAT_PARAMS key_block_params; - CK_SSL3_KEY_MAT_OUT key_material; - CK_RV crv; - - /* set up PKCS #11 parameters */ -+ master_params.prfHashMechanism = CKM_SHA256; - master_params.pVersion = NULL; - master_params.RandomInfo.pClientRandom = clientHello_random; - master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); -@@ -6682,6 +6683,7 @@ tls(char *reqfn) - master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); - master_mech.pParameter = (void *)&master_params; - master_mech.ulParameterLen = sizeof(master_params); -+ key_block_params.prfHashMechanism = CKM_SHA256; - key_block_params.ulMacSizeInBits = 0; - key_block_params.ulKeySizeInBits = 0; - key_block_params.ulIVSizeInBits = 0; -@@ -6726,11 +6728,32 @@ tls(char *reqfn) - if (buf[7] == '0') { - master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; - key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; -+ master_mech.ulParameterLen = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); -+ key_block_mech.ulParameterLen = sizeof(CK_SSL3_KEY_MAT_PARAMS); - } else if (buf[7] == '2') { -- master_mech.mechanism = -- CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; -- key_block_mech.mechanism = -- CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; -+ if (strncmp(&buf[10], "SHA-1", 5) == 0) { -+ master_params.prfHashMechanism = CKM_SHA_1; -+ key_block_params.prfHashMechanism = CKM_SHA_1; -+ } else if (strncmp(&buf[10], "SHA-224", 7) == 0) { -+ master_params.prfHashMechanism = CKM_SHA224; -+ key_block_params.prfHashMechanism = CKM_SHA224; -+ } else if (strncmp(&buf[10], "SHA-256", 7) == 0) { -+ master_params.prfHashMechanism = CKM_SHA256; -+ key_block_params.prfHashMechanism = CKM_SHA256; -+ } else if (strncmp(&buf[10], "SHA-384", 7)== 0) { -+ master_params.prfHashMechanism = CKM_SHA384; -+ key_block_params.prfHashMechanism = CKM_SHA384; -+ } else if (strncmp(&buf[10], "SHA-512", 7) == 0) { -+ master_params.prfHashMechanism = CKM_SHA512; -+ key_block_params.prfHashMechanism = CKM_SHA512; -+ } else { -+ fprintf(tlsresp, "ERROR: Unable to find prf Hash type"); -+ goto loser; -+ } -+ master_mech.mechanism = CKM_TLS12_MASTER_KEY_DERIVE; -+ key_block_mech.mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE; -+ master_mech.ulParameterLen = sizeof(master_params); -+ key_block_mech.ulParameterLen = sizeof(key_block_params); - } else { - fprintf(stderr, "Unknown TLS type %x\n", - (unsigned int)buf[0]); diff --git a/SPECS/nss-softokn.spec b/SPECS/nss-softokn.spec index 313a17e..7c80e8a 100644 --- a/SPECS/nss-softokn.spec +++ b/SPECS/nss-softokn.spec @@ -1,8 +1,8 @@ -%global nspr_version 4.21.0 +%global nspr_version 4.25.0 %global nss_name nss -%global nss_util_version 3.44.0 -%global nss_util_build -3 -%global nss_softokn_version 3.44.0 +%global nss_util_version 3.53.1 +%global nss_util_build -1 +%global nss_softokn_version 3.53.1 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global saved_files_dir %{_libdir}/nss/saved %global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/ @@ -40,7 +40,7 @@ rpm.define(string.format("nss_softokn_archive_version %s", Summary: Network Security Services Softoken Module Name: nss-softokn Version: %{nss_softokn_version} -Release: 8%{?dist} +Release: 6%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -98,23 +98,33 @@ Patch102: nss-softokn-tls-abi-fix.patch # https://bugzilla.mozilla.org/show_bug.cgi?id=1382736 Patch104: nss-softokn-fs-probe.patch -# Not upstreamed: https://bugzilla.redhat.com/show_bug.cgi?id=1555108 -# included in nss-softkn-fips-update -#Patch105: nss-softokn-aes-zeroize.patch - -# Upstream patch didn't make 3.44 -# https://bugzilla.mozilla.org/show_bug.cgi?id=1546229 -Patch200: nss-softokn-ike-patch.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1546477 -Patch201: nss-softokn-fips-update.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1473806 -Patch202: nss-softokn-fix-public-key-from-priv.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1559906 -Patch203: nss-softokn-tls-cavs.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 -Patch204: nss-3.44-encrypt-update.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1515342 -Patch205: nss-softokn-3.44-handle-malformed-ecdh.patch +# Not upstreamed +Patch206: nss-softokn-3.44-kbkdf-coverity.patch +# This patch has a minor conflict with the upstream version: +# off-by-one in sftk_ike1_appendix_b_prf is not fixed, gtests are not +# upstreamed: +Patch207: nss-softokn-3.44-missing-softokn-kdf.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822 +Patch208: nss-softokn-3.53.1-diffie_hellman_checks.patch +# To revert the upstream change that causes erroneous SHA-2 +# calculation with older gcc: +# https://bugzilla.mozilla.org/show_bug.cgi?id=1613238 +Patch209: nss-softokn-sha2-ppc.patch +# Local patch for compiling on AArch64 with older GCC +Patch210: nss-softokn-aarch64.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1660304 +Patch211: nss-3.53.1-cmac-kdf-selftests.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1631583 +patch215: nss-3.53.1-constant-time-p384.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1631583 +patch216: nss-3.53.1-constant-time-p521.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 +patch217: nss-3.53.1-chacha-len.patch +patch218: nss-3.53.1-chacha-multi.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1662738 +Patch219: nss-softokn-glibc-skip-rng-self-tests.patch +Patch220: nss-softokn-3.53.1-measure-fix.patch +Patch221: nss-softokn-3.53.1-no-small-primes.patch %description Network Security Services Softoken Cryptographic Module @@ -174,15 +184,21 @@ Header and library files for doing development with Network Security Services. pushd nss %patch97 -p1 -b .add_encrypt_derive %patch104 -p1 -b .fs-probe -#%patch105 -p1 -b .aes-zeroize -%patch200 -p1 -b .ike-mech -%patch201 -p1 -b .fips-update -%patch203 -p1 -b .tls-cavs -%patch204 -p1 -b .encrypt-update -%patch205 -p1 -b .handle-malformed-ecdh +%patch206 -p1 -b .kbkdf-coverity +%patch207 -p1 -b .missing-kdf +%patch208 -p1 -b .dh-checks +%patch209 -p1 -b .sha2-ppc +%patch210 -p1 -b .aarch64 +%patch211 -p1 -b .cmac-kdf-self-tests +%patch215 -p1 -b .ctp384 +%patch216 -p1 -b .ctp521 +%patch217 -p1 -b .chacha-len +%patch218 -p1 -b .chacha-multi +%patch219 -p1 -b .glibc-skip-rng-self-tests popd -%patch202 -p1 -b .pub-priv-mech +%patch220 -p1 -b .measure-fix +%patch221 -p1 -b .no-small-primes %patch102 -p1 -b .tls-abi-fix %build @@ -217,6 +233,12 @@ export BUILD_OPT # Generate symbolic info for debuggers XCFLAGS=$RPM_OPT_FLAGS + +# -std=c99 is the default since 3.48, which causes that some functions +# (e.g., putenv) are not declared under older glibc (<= 2.19), without +# explicitly set feature test macros: +# https://bugzilla.mozilla.org/show_bug.cgi?id=1590972 +XCFLAGS+=" -D_SVID_SOURCE" export XCFLAGS PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 @@ -252,6 +274,9 @@ export NSS_BUILD_SOFTOKEN_ONLY=1 export NSS_DISABLE_GTESTS=1 +# RHEL7 still has to run on power7 platforms +export NSS_DISABLE_ALTIVEC=1 + # display processor information CPU_INFO=`cat /proc/cpuinfo` echo "############## CPU INFO ##################" @@ -259,15 +284,14 @@ echo "${CPU_INFO}" echo "##########################################" # Compile softokn plus needed support -%{__make} -C ./nss/coreconf -%{__make} -C ./nss/lib/dbm # ldvector.c, pkcs11.c, and lginit.c include nss/lib/util/verref.h, # which is private export, move it to where it can be found. %{__mkdir_p} ./dist/private/nss %{__mv} ./nss/lib/util/verref.h ./dist/private/nss/verref.h -%{__make} -C ./nss +%{__make} -C ./nss all +%{__make} -C ./nss latest # Set up our package file # The nspr_version and nss_util_version globals used here @@ -427,7 +451,7 @@ do done # Copy some freebl include files we also want -for file in blapi.h alghmac.h +for file in blapi.h alghmac.h cmac.h do %{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3 done @@ -485,6 +509,7 @@ done %{_includedir}/nss3/blapi.h %{_includedir}/nss3/blapit.h %{_includedir}/nss3/alghmac.h +%{_includedir}/nss3/cmac.h %{_includedir}/nss3/lowkeyi.h %{_includedir}/nss3/lowkeyti.h @@ -509,6 +534,32 @@ done %{_includedir}/nss3/shsign.h %changelog +* Fri Sep 11 2020 Bob Relyea - 3.53.1-6 +- turn of ALTIVEC instruction for powerpc because they require + power8 and we need to support power7 on RHEL7 still. +- Fix typo in measure. +- Make sure only 2048 and greater primes are used in FIPS mode + for dh. + +* Thu Sep 3 2020 Daiki Ueno - 3.53.1-5 +- Fix the patch application in the previous change + +* Thu Sep 3 2020 Daiki Ueno - 3.53.1-4 +- Fix glibc regression in the rebase; run RNG self-tests only if NSPR is linked + +* Thu Aug 27 2020 Bob Relyea - 3.53.1-3 +- include patches for CVE-2020-6829, CVE-2020-12400, + and CVE-2020-12401 from upstream (ECC constant time issues). +- include patches for CVE-2020-12403 from upstream + (CHACHA issues). +- include self-tests for kdfs and cmac. + +* Wed Jul 22 2020 Daiki Ueno - 3.53.1-2 +- Install cmac.h required by blapi.h (#1764513) + +* Wed Jul 22 2020 Daiki Ueno - 3.53.1-1 +- Rebase to NSS 3.53.1 + * Wed Dec 4 2019 Bob Relyea - 3.44.0-8 - Fix segfault on empty or malformed ecdh keys (#1777712)