diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 00000000..e69de29b diff --git a/COPYING b/COPYING new file mode 100644 index 00000000..85265b0a --- /dev/null +++ b/COPYING @@ -0,0 +1 @@ +Public domain diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 00000000..e69de29b diff --git a/NEWS b/NEWS new file mode 100644 index 00000000..e69de29b diff --git a/README b/README new file mode 100644 index 00000000..1dbff7a1 --- /dev/null +++ b/README @@ -0,0 +1 @@ +See README.markdown diff --git a/README.markdown b/README.markdown new file mode 100644 index 00000000..e69de29b diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 00000000..ee77b698 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,11 @@ +#! /bin/sh + +if [ -x "`which autoreconf 2>/dev/null`" ] ; then + exec autoreconf -ivf +fi + +aclocal && \ +autoheader && \ +automake --add-missing --force-missing --include-deps && \ +autoconf + diff --git a/configure.ac b/configure.ac new file mode 100644 index 00000000..c6ebfec8 --- /dev/null +++ b/configure.ac @@ -0,0 +1,204 @@ +AC_PREREQ([2.61]) +AC_INIT([nacl-ref],[0.0.1],[https://github.com/jedisct1/nacl-ref]) +AC_CONFIG_MACRO_DIR([m4]) +AC_CONFIG_SRCDIR([src/libnacl/PROTOTYPES.c]) +AC_CONFIG_HEADER([config.h]) +AC_CANONICAL_HOST +AM_INIT_AUTOMAKE([1.9 dist-bzip2 tar-ustar]) +AM_MAINTAINER_MODE +AM_DEP_TRACK + +AC_SUBST(VERSION) +ISODATE=`date +%Y-%m-%d` +AC_SUBST(ISODATE) + +LX_CFLAGS=${CFLAGS-NONE} +AC_PROG_CC_C99 +AC_USE_SYSTEM_EXTENSIONS +CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + +AS_IF([test "$cross_compiling" != no], + AC_DEFINE(CROSS_COMPILING,,[define if you are cross-compiling]) +) + +AX_CHECK_COMPILE_FLAG([-fPIC], [ + AX_CHECK_LINK_FLAG([-fPIC], + [CFLAGS="$CFLAGS -fPIC"] + ) +]) + +AS_IF([test "$enable_pie" != "no"],[ + AX_CHECK_COMPILE_FLAG([-fPIE], [ + AX_CHECK_LINK_FLAG([-fPIE], + [AX_CHECK_LINK_FLAG([-pie], + [CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -pie"]) + ]) + ]) +]) + +AX_CHECK_COMPILE_FLAG([-fcatch-undefined-c99-behavior], + [CFLAGS="$CFLAGS -fcatch-undefined-c99-behavior"], + [AX_CHECK_COMPILE_FLAG([-fwrapv], [CFLAGS="$CFLAGS -fwrapv"])] +) +AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"]) +AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) + +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"]) + AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"]) + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], + [CFLAGS="$CFLAGS -fstack-protector-all"] + ) + ]) + ;; + dragonfly*) + AX_CHECK_COMPILE_FLAG([-fstack-protector], [ + AX_CHECK_LINK_FLAG([-fstack-protector], + [CFLAGS="$CFLAGS -fstack-protector"] + ) + ]) + ;; + *) + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], + [CFLAGS="$CFLAGS -fstack-protector-all"] + ) + ]) + ;; +esac + +AX_CHECK_COMPILE_FLAG([-Wbounded], [CFLAGS="$CFLAGS -Wbounded"]) +AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"]) +AX_CHECK_COMPILE_FLAG([-Wwrite-strings], [CFLAGS="$CFLAGS -Wwrite-strings"]) +AX_CHECK_COMPILE_FLAG([-Wdiv-by-zero], [CFLAGS="$CFLAGS -Wdiv-by-zero"]) + +AC_ARG_VAR([CWFLAGS], [define to compilation flags for generating extra warnings]) + +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wall], [CWFLAGS="$CWFLAGS -Wall"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wextra], [CWFLAGS="$CWFLAGS -Wextra"]) + +AC_MSG_CHECKING(for clang) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ +#ifndef __clang__ +be sad +#endif +]])], + [AC_MSG_RESULT(yes) + AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wno-unknown-warning-option], + [CWFLAGS="$CWFLAGS -Wno-unknown-warning-option"])], + [AC_MSG_RESULT(no) +]) + +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wbad-function-cast], [CWFLAGS="$CWFLAGS -Wbad-function-cast"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-align], [CWFLAGS="$CWFLAGS -Wcast-align"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-qual], [CWFLAGS="$CWFLAGS -Wcast-qual"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wchar-subscripts], [CWFLAGS="$CWFLAGS -Wchar-subscripts"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcomment], [CWFLAGS="$CWFLAGS -Wcomment"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wfloat-equal], [CWFLAGS="$CWFLAGS -Wfloat-equal"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wformat=2], [CWFLAGS="$CWFLAGS -Wformat=2"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wimplicit], [CWFLAGS="$CWFLAGS -Wimplicit"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-declarations], [CWFLAGS="$CWFLAGS -Wmissing-declarations"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-prototypes], [CWFLAGS="$CWFLAGS -Wmissing-prototypes"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wnormalized=id], [CWFLAGS="$CWFLAGS -Wnormalized=id"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Woverride-init], [CWFLAGS="$CWFLAGS -Woverride-init"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wparentheses], [CWFLAGS="$CWFLAGS -Wparentheses"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wpointer-arith], [CWFLAGS="$CWFLAGS -Wpointer-arith"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wredundant-decls], [CWFLAGS="$CWFLAGS -Wredundant-decls"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wstrict-prototypes], [CWFLAGS="$CWFLAGS -Wstrict-prototypes"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wswitch-enum], [CWFLAGS="$CWFLAGS -Wswitch-enum"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wvariable-decl], [CWFLAGS="$CWFLAGS -Wvariable-decl"]) + +AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"]) +AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"]) +AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"]) + +AC_ARG_VAR([AR], [path to the ar utility]) +AC_CHECK_TOOL([AR], [ar], [ar]) + +AS_IF([test -d /usr/local/include], [ + CPPFLAGS="$CPPFLAGS -I/usr/local/include" +]) + +AS_IF([test -d /usr/local/lib], [ + LDFLAGS="$LDFLAGS -L/usr/local/lib" +]) + +dnl Checks for typedefs, structures, and compiler characteristics. + +AC_C_BIGENDIAN + +dnl Switches. + +AC_ARG_ENABLE(pie, +[AS_HELP_STRING(--enable-pie,Produce position independent executables @<:@default=yes@:>@)], + enable_pie=$enableval, enable_pie="maybe") + +AC_ARG_ENABLE(ssp, +[AS_HELP_STRING(--disable-ssp,Don't compile with -fstack-protector)], +[AS_IF([test "x$enableval" = "xno"], [ + nxflags="" + for flag in `echo $CFLAGS`; do + case "$flag" in + -fstack-protector*) ;; + *) AS_VAR_APPEND([nxflags], [" $flag"]) ;; + esac + done + CFLAGS="$nxflags" + ]) +]) + +AC_ARG_ENABLE(debug, +[AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)], +[ + AS_IF([test "x$LX_CFLAGS" = "xNONE"], [ + nxflags="" + for flag in `echo $CFLAGS`; do + case "$flag" in + -O*) ;; + -g*) ;; + *) AS_VAR_APPEND([nxflags], [" $flag"]) ;; + esac + done + CFLAGS="$nxflags -O0 -g3" + ]) + CPPFLAGS="$CPPFLAGS -DDEBUG=1" +]) + +AC_ARG_WITH(safecode, +[AS_HELP_STRING(--with-safecode,For maintainers only - please do not use)], +[AS_IF([test "x$withval" = "xyes"], [ + AC_ARG_VAR([SAFECODE_HOME], [set to the safecode base directory]) + : ${SAFECODE_HOME:=/opt/safecode} + LDFLAGS="$LDFLAGS -L${SAFECODE_HOME}/lib" + LIBS="$LIBS -lsc_dbg_rt -lpoolalloc_bitmap -lstdc++" + CFLAGS="$CFLAGS -fmemsafety" + ]) +]) + +NACL_HOSTNAME="localhost" +NACL_PATH=libnacl/build/${NACL_HOSTNAME} + +AC_SUBST([MAINT]) +AC_SUBST([NACL_PATH]) + +dnl Output. + +AH_VERBATIM([NDEBUG], [/* Never ever ignore assertions */ +#ifdef NDEBUG +#/**/undef/**/ NDEBUG +#endif]) + +AC_CONFIG_FILES([Makefile + src/Makefile + src/libnacl/Makefile + src/libnacl/tests/Makefile + src/libnacl/okcompilers/c + src/libnacl/okcompilers/do]) + +AC_OUTPUT + +chmod +x src/libnacl/do +chmod +x src/libnacl/okcompilers/do diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 new file mode 100644 index 00000000..af1b556b --- /dev/null +++ b/m4/ax_check_compile_flag.m4 @@ -0,0 +1,73 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's compiler +# or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the current language's default +# flags (e.g. CFLAGS) when the check is done. The check is thus made with +# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +# force the compiler to issue an error when a bad flag is given. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 2 + +AC_DEFUN([AX_CHECK_COMPILE_FLAG], +[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ + ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[char x[42U], fodder = 0;if (fodder > -1000 && fgets(x,1000,stdin)) puts(x)]])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS diff --git a/m4/ax_check_gnu_make.m4 b/m4/ax_check_gnu_make.m4 new file mode 100644 index 00000000..938aad71 --- /dev/null +++ b/m4/ax_check_gnu_make.m4 @@ -0,0 +1,78 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_gnu_make.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_GNU_MAKE() +# +# DESCRIPTION +# +# This macro searches for a GNU version of make. If a match is found, the +# makefile variable `ifGNUmake' is set to the empty string, otherwise it +# is set to "#". This is useful for including a special features in a +# Makefile, which cannot be handled by other versions of make. The +# variable _cv_gnu_make_command is set to the command to invoke GNU make +# if it exists, the empty string otherwise. +# +# Here is an example of its use: +# +# Makefile.in might contain: +# +# # A failsafe way of putting a dependency rule into a makefile +# $(DEPEND): +# $(CC) -MM $(srcdir)/*.c > $(DEPEND) +# +# @ifGNUmake@ ifeq ($(DEPEND),$(wildcard $(DEPEND))) +# @ifGNUmake@ include $(DEPEND) +# @ifGNUmake@ endif +# +# Then configure.in would normally contain: +# +# AX_CHECK_GNU_MAKE() +# AC_OUTPUT(Makefile) +# +# Then perhaps to cause gnu make to override any other make, we could do +# something like this (note that GNU make always looks for GNUmakefile +# first): +# +# if ! test x$_cv_gnu_make_command = x ; then +# mv Makefile GNUmakefile +# echo .DEFAULT: > Makefile ; +# echo \ $_cv_gnu_make_command \$@ >> Makefile; +# fi +# +# Then, if any (well almost any) other make is called, and GNU make also +# exists, then the other make wraps the GNU make. +# +# LICENSE +# +# Copyright (c) 2008 John Darrington +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 7 + +AC_DEFUN([AX_CHECK_GNU_MAKE], [ AC_CACHE_CHECK( for GNU make,_cv_gnu_make_command, + _cv_gnu_make_command='' ; +dnl Search all the common names for GNU make + for a in "$MAKE" make gmake gnumake ; do + if test -z "$a" ; then continue ; fi ; + if ( sh -c "$a --version" 2> /dev/null | grep GNU 2>&1 > /dev/null ) ; then + _cv_gnu_make_command=$a ; + break; + fi + done ; + ) ; +dnl If there was a GNU version, then set @ifGNUmake@ to the empty string, '#' otherwise + if test "x$_cv_gnu_make_command" != "x" ; then + ifGNUmake='' ; + else + ifGNUmake='#' ; + AC_MSG_RESULT("Not found"); + fi + AC_SUBST(ifGNUmake) +] ) diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4 new file mode 100644 index 00000000..5895fa3d --- /dev/null +++ b/m4/ax_check_link_flag.m4 @@ -0,0 +1,72 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the linker or gives an error. +# (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the linker's default flags +# when the check is done. The check is thus made with the flags: "LDFLAGS +# EXTRA-FLAGS FLAG". This can for example be used to force the linker to +# issue an error when a bad flag is given. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 2 + +AC_DEFUN([AX_CHECK_LINK_FLAG], +[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl +AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS $4 $1" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[char x[42U];if (fgets(x,1000,stdin)) puts(x)]])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + LDFLAGS=$ax_check_save_flags]) +AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_LINK_FLAGS diff --git a/m4/ax_pthread.m4 b/m4/ax_pthread.m4 new file mode 100644 index 00000000..a6bf596c --- /dev/null +++ b/m4/ax_pthread.m4 @@ -0,0 +1,302 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. It +# sets the PTHREAD_LIBS output variable to the threads library and linker +# flags, and the PTHREAD_CFLAGS output variable to any special C compiler +# flags that are needed. (The user can also force certain compiler +# flags/libs to be tested by setting these environment variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). (This +# is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these flags, +# but also link it with them as well. e.g. you should link with +# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# +# If you are only building threads programs, you may wish to use these +# variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant +# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name +# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the +# PTHREAD_PRIO_INHERIT symbol is defined when compiling with +# PTHREAD_CFLAGS. +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads library +# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it +# is not found. If ACTION-IF-FOUND is not specified, the default action +# will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or if +# you have any other suggestions or comments. This macro was based on work +# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help +# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by +# Alejandro Forero Cuervo to the autoconf macro repository. We are also +# grateful for the helpful feedback of numerous users. +# +# Updated for Autoconf 2.68 by Daniel Richard G. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson +# Copyright (c) 2011 Daniel Richard G. +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 16 + +AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) +AC_DEFUN([AX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_PUSH([C]) +ax_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) + AC_MSG_RESULT($ax_pthread_ok) + if test x"$ax_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case "${host_cpu}-${host_os}" in + *solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" + ;; + + *-darwin*) + ax_pthread_flags="-pthread $ax_pthread_flags" + ;; +esac + +if test x"$ax_pthread_ok" = xno; then +for flag in $ax_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) + if test x"$ax_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include + static void routine(void *a) { a = 0; } + static void *start_routine(void *a) { return a; }], + [pthread_t th; pthread_attr_t attr; + pthread_create(&th, 0, start_routine, 0); + pthread_join(th, 0); + pthread_attr_init(&attr); + pthread_cleanup_push(routine, 0); + pthread_cleanup_pop(0) /* ; */])], + [ax_pthread_ok=yes], + []) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($ax_pthread_ok) + if test "x$ax_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$ax_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], + [int attr = $attr; return attr /* ; */])], + [attr_name=$attr; break], + []) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case "${host_cpu}-${host_os}" in + *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; + *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + ax_cv_PTHREAD_PRIO_INHERIT, [ + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[#include ]], [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], + AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: must compile with xlc_r or cc_r + if test x"$GCC" != xyes; then + AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) + else + PTHREAD_CC=$CC + fi +else + PTHREAD_CC="$CC" +fi + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$ax_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + ax_pthread_ok=no + $2 +fi +AC_LANG_POP +])dnl AX_PTHREAD diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 00000000..5e297a3a --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,3 @@ + +SUBDIRS = \ + libnacl diff --git a/src/libnacl/MACROS b/src/libnacl/MACROS new file mode 100644 index 00000000..26f6cd02 --- /dev/null +++ b/src/libnacl/MACROS @@ -0,0 +1,56 @@ +crypto_verify +crypto_verify_BYTES +crypto_core +crypto_core_OUTPUTBYTES +crypto_core_INPUTBYTES +crypto_core_KEYBYTES +crypto_core_CONSTBYTES +crypto_hashblocks +crypto_hashblocks_STATEBYTES +crypto_hashblocks_BLOCKBYTES +crypto_hash +crypto_hash_BYTES +crypto_stream +crypto_stream_xor +crypto_stream_beforenm +crypto_stream_afternm +crypto_stream_xor_afternm +crypto_stream_KEYBYTES +crypto_stream_NONCEBYTES +crypto_stream_BEFORENMBYTES +crypto_onetimeauth +crypto_onetimeauth_verify +crypto_onetimeauth_BYTES +crypto_onetimeauth_KEYBYTES +crypto_auth +crypto_auth_verify +crypto_auth_BYTES +crypto_auth_KEYBYTES +crypto_secretbox +crypto_secretbox_open +crypto_secretbox_KEYBYTES +crypto_secretbox_NONCEBYTES +crypto_secretbox_ZEROBYTES +crypto_secretbox_BOXZEROBYTES +crypto_scalarmult +crypto_scalarmult_base +crypto_scalarmult_BYTES +crypto_scalarmult_SCALARBYTES +crypto_box +crypto_box_open +crypto_box_keypair +crypto_box_beforenm +crypto_box_afternm +crypto_box_open_afternm +crypto_box_PUBLICKEYBYTES +crypto_box_SECRETKEYBYTES +crypto_box_BEFORENMBYTES +crypto_box_NONCEBYTES +crypto_box_ZEROBYTES +crypto_box_BOXZEROBYTES +crypto_sign +crypto_sign_open +crypto_sign_keypair +crypto_sign_BYTES +crypto_sign_PUBLICKEYBYTES +crypto_sign_SECRETKEYBYTES diff --git a/src/libnacl/OPERATIONS b/src/libnacl/OPERATIONS new file mode 100644 index 00000000..5fc25d35 --- /dev/null +++ b/src/libnacl/OPERATIONS @@ -0,0 +1,11 @@ +crypto_verify +crypto_core +crypto_hashblocks +crypto_hash +crypto_stream +crypto_onetimeauth +crypto_auth +crypto_secretbox +crypto_scalarmult +crypto_box +crypto_sign diff --git a/src/libnacl/PROTOTYPES.c b/src/libnacl/PROTOTYPES.c new file mode 100644 index 00000000..bc8ca531 --- /dev/null +++ b/src/libnacl/PROTOTYPES.c @@ -0,0 +1,26 @@ +extern int crypto_verify(const unsigned char *,const unsigned char *); +extern int crypto_core(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_hashblocks(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hash(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_stream(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_beforenm(unsigned char *,const unsigned char *); +extern int crypto_stream_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_onetimeauth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_onetimeauth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_secretbox(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_secretbox_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_scalarmult(unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_scalarmult_base(unsigned char *,const unsigned char *); +extern int crypto_box(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_keypair(unsigned char *,unsigned char *); +extern int crypto_box_beforenm(unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_box_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_sign_keypair(unsigned char *,unsigned char *); diff --git a/src/libnacl/PROTOTYPES.cpp b/src/libnacl/PROTOTYPES.cpp new file mode 100644 index 00000000..4318a049 --- /dev/null +++ b/src/libnacl/PROTOTYPES.cpp @@ -0,0 +1,17 @@ +extern std::string crypto_auth(const std::string &,const std::string &); +extern void crypto_auth_verify(const std::string &,const std::string &,const std::string &); +extern std::string crypto_box(const std::string &,const std::string &,const std::string &,const std::string &); +extern std::string crypto_box_open(const std::string &,const std::string &,const std::string &,const std::string &); +extern std::string crypto_box_keypair(std::string *); +extern std::string crypto_hash(const std::string &); +extern std::string crypto_onetimeauth(const std::string &,const std::string &); +extern void crypto_onetimeauth_verify(const std::string &,const std::string &,const std::string &); +extern std::string crypto_scalarmult(const std::string &,const std::string &); +extern std::string crypto_scalarmult_base(const std::string &); +extern std::string crypto_secretbox(const std::string &,const std::string &,const std::string &); +extern std::string crypto_secretbox_open(const std::string &,const std::string &,const std::string &); +extern std::string crypto_stream(size_t,const std::string &,const std::string &); +extern std::string crypto_stream_xor(const std::string &,const std::string &,const std::string &); +extern std::string crypto_sign(const std::string &,const std::string &); +extern std::string crypto_sign_open(const std::string &,const std::string &); +extern std::string crypto_sign_keypair(std::string *); diff --git a/src/libnacl/commandline/nacl-sha256.c b/src/libnacl/commandline/nacl-sha256.c new file mode 100644 index 00000000..8e0df453 --- /dev/null +++ b/src/libnacl/commandline/nacl-sha256.c @@ -0,0 +1,64 @@ +/* +commandline/nacl-sha256.c version 20080713 +D. J. Bernstein +Public domain. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include "crypto_hash_sha256.h" + +unsigned char *input; +unsigned long long inputalloc; +unsigned long long inputlen; + +unsigned char h[crypto_hash_sha256_BYTES]; + +void h_print(void) +{ + int i; + for (i = 0;i < crypto_hash_sha256_BYTES;++i) printf("%02x",255 & (int) h[i]); + printf("\n"); +} + +int main() +{ + struct stat st; + int ch; + + if (fstat(0,&st) == 0) { + input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0); + if (input != MAP_FAILED) { + crypto_hash_sha256(h,input,st.st_size); + h_print(); + return 0; + } + } + + input = 0; + inputalloc = 0; + inputlen = 0; + + while ((ch = getchar()) != EOF) { + if (inputlen >= inputalloc) { + void *newinput; + while (inputlen >= inputalloc) + inputalloc = inputalloc * 2 + 1; + if (posix_memalign(&newinput,16,inputalloc) != 0) return 111; + memcpy(newinput,input,inputlen); + free(input); + input = newinput; + } + input[inputlen++] = ch; + } + + crypto_hash_sha256(h,input,inputlen); + h_print(); + + return 0; +} diff --git a/src/libnacl/commandline/nacl-sha512.c b/src/libnacl/commandline/nacl-sha512.c new file mode 100644 index 00000000..6864c76a --- /dev/null +++ b/src/libnacl/commandline/nacl-sha512.c @@ -0,0 +1,64 @@ +/* +commandline/nacl-sha512.c version 20080713 +D. J. Bernstein +Public domain. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include "crypto_hash_sha512.h" + +unsigned char *input; +unsigned long long inputalloc; +unsigned long long inputlen; + +unsigned char h[crypto_hash_sha512_BYTES]; + +void h_print(void) +{ + int i; + for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",255 & (int) h[i]); + printf("\n"); +} + +int main() +{ + struct stat st; + int ch; + + if (fstat(0,&st) == 0) { + input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0); + if (input != MAP_FAILED) { + crypto_hash_sha512(h,input,st.st_size); + h_print(); + return 0; + } + } + + input = 0; + inputalloc = 0; + inputlen = 0; + + while ((ch = getchar()) != EOF) { + if (inputlen >= inputalloc) { + void *newinput; + while (inputlen >= inputalloc) + inputalloc = inputalloc * 2 + 1; + if (posix_memalign(&newinput,16,inputalloc) != 0) return 111; + memcpy(newinput,input,inputlen); + free(input); + input = newinput; + } + input[inputlen++] = ch; + } + + crypto_hash_sha512(h,input,inputlen); + h_print(); + + return 0; +} diff --git a/src/libnacl/cpucycles/alpha.c b/src/libnacl/cpucycles/alpha.c new file mode 100644 index 00000000..ef497999 --- /dev/null +++ b/src/libnacl/cpucycles/alpha.c @@ -0,0 +1,80 @@ +/* +cpucycles/alpha.c version 20060316 +D. J. Bernstein +Public domain. +*/ + +#include +#include +#include + +static long long tod(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static long long rpcc(void) +{ + unsigned long long t; + asm volatile("rpcc %0" : "=r"(t)); + return t & 0xffffffff; +} + +static long long firstrpcc; +static long long firsttod; +static long long lastrpcc; +static long long lasttod; +static double mhz = 0; + +static void init(void) +{ + firstrpcc = rpcc(); + firsttod = tod(); + + do { + lastrpcc = rpcc(); + lasttod = tod(); + } while (lasttod - firsttod < 10000); + + lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff; + lasttod -= firsttod; + + mhz = (double) lastrpcc / (double) lasttod; +} + +long long cpucycles_alpha(void) +{ + double x; + long long y; + + if (!mhz) init(); + + lastrpcc = rpcc(); + lasttod = tod(); + + lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff; + lasttod -= firsttod; + + /* Number of cycles since firstrpcc is lastrpcc + 2^32 y for unknown y. */ + /* Number of microseconds since firsttod is lasttod. */ + + x = (lasttod * mhz - lastrpcc) * 0.00000000023283064365386962890625; + y = x; + while (x > y + 0.5) y += 1; + while (x < y - 0.5) y -= 1; + + y *= 4294967296ULL; + lastrpcc += y; + + mhz = (double) lastrpcc / (double) lasttod; + + return firstrpcc + lastrpcc; +} + +long long cpucycles_alpha_persecond(void) +{ + if (!mhz) init(); + return 1000000.0 * mhz; +} diff --git a/src/libnacl/cpucycles/alpha.h b/src/libnacl/cpucycles/alpha.h new file mode 100644 index 00000000..c97672af --- /dev/null +++ b/src/libnacl/cpucycles/alpha.h @@ -0,0 +1,27 @@ +/* +cpucycles alpha.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_alpha_h +#define CPUCYCLES_alpha_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_alpha(void); +extern long long cpucycles_alpha_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "alpha" +#define cpucycles cpucycles_alpha +#define cpucycles_persecond cpucycles_alpha_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/amd64cpuinfo.c b/src/libnacl/cpucycles/amd64cpuinfo.c new file mode 100644 index 00000000..729f2612 --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuinfo.c @@ -0,0 +1,16 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_amd64cpuinfo(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/amd64cpuinfo.h b/src/libnacl/cpucycles/amd64cpuinfo.h new file mode 100644 index 00000000..8f858ae7 --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_amd64cpuinfo_h +#define CPUCYCLES_amd64cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64cpuinfo(void); +extern long long cpucycles_amd64cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64cpuinfo" +#define cpucycles cpucycles_amd64cpuinfo +#define cpucycles_persecond cpucycles_amd64cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/amd64cpuspeed.c b/src/libnacl/cpucycles/amd64cpuspeed.c new file mode 100644 index 00000000..7e89511c --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuspeed.c @@ -0,0 +1,25 @@ +#include +#include +#include +#include + +long long cpucycles_amd64cpuspeed(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64cpuspeed_persecond(void) +{ + int oid[2]; + int val; + size_t size; + oid[0] = CTL_HW; + oid[1] = HW_CPUSPEED; + size = sizeof val; + if (sysctl(oid,2,&val,&size,0,0) == -1) return 0; + if (size != sizeof val) return 0; + return val * 1000000LL; +} diff --git a/src/libnacl/cpucycles/amd64cpuspeed.h b/src/libnacl/cpucycles/amd64cpuspeed.h new file mode 100644 index 00000000..1f6ed54d --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuspeed.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64cpuspeed.h version 20090716 +Matthew Dempsky +Public domain. +*/ + +#ifndef CPUCYCLES_amd64cpuspeed_h +#define CPUCYCLES_amd64cpuspeed_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64cpuspeed(void); +extern long long cpucycles_amd64cpuspeed_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64cpuspeed" +#define cpucycles cpucycles_amd64cpuspeed +#define cpucycles_persecond cpucycles_amd64cpuspeed_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/amd64tscfreq.c b/src/libnacl/cpucycles/amd64tscfreq.c new file mode 100644 index 00000000..ef182c1b --- /dev/null +++ b/src/libnacl/cpucycles/amd64tscfreq.c @@ -0,0 +1,18 @@ +#include +#include + +long long cpucycles_amd64tscfreq(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64tscfreq_persecond(void) +{ + long result = 0; + size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + return result; +} diff --git a/src/libnacl/cpucycles/amd64tscfreq.h b/src/libnacl/cpucycles/amd64tscfreq.h new file mode 100644 index 00000000..a3c7aa6f --- /dev/null +++ b/src/libnacl/cpucycles/amd64tscfreq.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64tscfreq.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_amd64tscfreq_h +#define CPUCYCLES_amd64tscfreq_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64tscfreq(void); +extern long long cpucycles_amd64tscfreq_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64tscfreq" +#define cpucycles cpucycles_amd64tscfreq +#define cpucycles_persecond cpucycles_amd64tscfreq_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/celllinux.c b/src/libnacl/cpucycles/celllinux.c new file mode 100644 index 00000000..83a0c38a --- /dev/null +++ b/src/libnacl/cpucycles/celllinux.c @@ -0,0 +1,83 @@ +#include +#include +#include +#include +#include +#include + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static long long timebase(void) +{ + unsigned long long result; + result = -spu_read_decrementer(); + return 0xffffffff & result; +} + +static double cpufrequency = 0; +static long tbcycles = 0; + +static double guesstbcycles(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = timebase(); + us0 = microseconds(); + do { + tb1 = timebase(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return (cpufrequency * 0.000001 * (double) us1) / (double) tb1; +} + +static void init(void) +{ + int loop; + double guess1; + double guess2; + + spu_write_decrementer(0xffffffff); + + cpufrequency = 3192000000.0; + + for (loop = 0;loop < 100;++loop) { + guess1 = guesstbcycles(); + guess2 = guesstbcycles(); + tbcycles = myround(guess1); + if (guess1 - tbcycles > 0.1) continue; + if (tbcycles - guess1 > 0.1) continue; + if (guess2 - tbcycles > 0.1) continue; + if (tbcycles - guess2 > 0.1) continue; + return; + } + tbcycles = 0; +} + +long long cpucycles_celllinux(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_celllinux_persecond(void) +{ + if (!tbcycles) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/celllinux.h b/src/libnacl/cpucycles/celllinux.h new file mode 100644 index 00000000..75a5a3f2 --- /dev/null +++ b/src/libnacl/cpucycles/celllinux.h @@ -0,0 +1,27 @@ +/* +cpucycles celllinux.h version 20081201 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_celllinux_h +#define CPUCYCLES_celllinux_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_celllinux(void); +extern long long cpucycles_celllinux_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "celllinux" +#define cpucycles cpucycles_celllinux +#define cpucycles_persecond cpucycles_celllinux_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/cortex.c b/src/libnacl/cpucycles/cortex.c new file mode 100644 index 00000000..ef1a42cd --- /dev/null +++ b/src/libnacl/cpucycles/cortex.c @@ -0,0 +1,73 @@ +/* +cpucycles/cortex.c version 20101203 +D. J. Bernstein +Public domain. +*/ + +#define SCALE 1 +#include +#include +#include + +static int enabled = 0; + +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readticks(unsigned int *result) +{ + struct timeval t; + unsigned int cc; + if (!enabled) { + asm volatile("mcr p15, 0, %0, c9, c12, 0" :: "r"(17)); + asm volatile("mcr p15, 0, %0, c9, c12, 1" :: "r"(0x8000000f)); + asm volatile("mcr p15, 0, %0, c9, c12, 3" :: "r"(0x8000000f)); + enabled = 1; + } + asm volatile("mrc p15, 0, %0, c9, c13, 0" : "=r"(cc)); + gettimeofday(&t,(struct timezone *) 0); + result[0] = cc; + result[1] = t.tv_usec; + result[2] = t.tv_sec; +} + +long long cpucycles_cortex(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + readticks(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000)) + return (prevcycles + delta4) * SCALE; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles * SCALE; +} + +long long cpucycles_cortex_persecond(void) +{ + while (!cyclespersec) cpucycles_cortex(); + return cyclespersec * SCALE; +} diff --git a/src/libnacl/cpucycles/cortex.h b/src/libnacl/cpucycles/cortex.h new file mode 100644 index 00000000..e622f132 --- /dev/null +++ b/src/libnacl/cpucycles/cortex.h @@ -0,0 +1,27 @@ +/* +cpucycles cortex.h version 20100912 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_cortex_h +#define CPUCYCLES_cortex_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_cortex(void); +extern long long cpucycles_cortex_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "cortex" +#define cpucycles cpucycles_cortex +#define cpucycles_persecond cpucycles_cortex_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/dev4ns.c b/src/libnacl/cpucycles/dev4ns.c new file mode 100644 index 00000000..08dd562b --- /dev/null +++ b/src/libnacl/cpucycles/dev4ns.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include +#include +#include + +static int fddev = -1; +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readdev(unsigned int *result) +{ + if (read(fddev,result,12) == 12) return; + result[0] = result[1] = result[2] = 0; +} + +long long cpucycles_dev4ns(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + if (fddev == -1) { + fddev = open("/dev/cpucycles4ns",O_RDONLY); + readdev(prev); + } + + readdev(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000000) || (deltas == 1 && deltan < -800000000)) + return prevcycles + delta4; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000000) || (deltas == 1 && deltan < -700000000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles; +} + +long long cpucycles_dev4ns_persecond(void) +{ + while (!cyclespersec) cpucycles_dev4ns(); + return cyclespersec; +} diff --git a/src/libnacl/cpucycles/dev4ns.h b/src/libnacl/cpucycles/dev4ns.h new file mode 100644 index 00000000..1d99639a --- /dev/null +++ b/src/libnacl/cpucycles/dev4ns.h @@ -0,0 +1,27 @@ +/* +cpucycles dev4ns.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_dev4ns_h +#define CPUCYCLES_dev4ns_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_dev4ns(void); +extern long long cpucycles_dev4ns_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "dev4ns" +#define cpucycles cpucycles_dev4ns +#define cpucycles_persecond cpucycles_dev4ns_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/do b/src/libnacl/cpucycles/do new file mode 100755 index 00000000..ee25b208 --- /dev/null +++ b/src/libnacl/cpucycles/do @@ -0,0 +1,44 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + + rm -f cpucycles.o cpucycles.h + + ( + echo monotoniccpuinfo + echo monotonic + echo gettimeofday + ) | ( + while read n + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c + cp $n.c cpucycles-impl.c || continue + cp $n.h cpucycles-impl.h || continue + $c -c cpucycles-impl.c || continue + $c -o test test.c cpucycles-impl.o || continue + echo "=== `date` === Success. Using $n.c." >&2 + mkdir -p lib/$abi + mv cpucycles-impl.o lib/$abi/cpucycles.o + mkdir -p include/$abi + mv cpucycles-impl.h include/$abi/cpucycles.h + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) || ( + echo ===== Giving up. >&2 + rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c + exit 111 + ) || exit 0 + + done + exit 0 +) || exit 111 diff --git a/src/libnacl/cpucycles/gettimeofday.c b/src/libnacl/cpucycles/gettimeofday.c new file mode 100644 index 00000000..0bf5e03c --- /dev/null +++ b/src/libnacl/cpucycles/gettimeofday.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include +#include "osfreq.c" + +static double cpufrequency = 0; + +static void init(void) +{ + cpufrequency = osfreq(); +} + +long long cpucycles_gettimeofday(void) +{ + double result; + struct timeval t; + if (!cpufrequency) init(); + gettimeofday(&t,(struct timezone *) 0); + result = t.tv_usec; + result *= 0.000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_gettimeofday_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/gettimeofday.h b/src/libnacl/cpucycles/gettimeofday.h new file mode 100644 index 00000000..147b127b --- /dev/null +++ b/src/libnacl/cpucycles/gettimeofday.h @@ -0,0 +1,27 @@ +/* +cpucycles gettimeofday.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_gettimeofday_h +#define CPUCYCLES_gettimeofday_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_gettimeofday(void); +extern long long cpucycles_gettimeofday_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "gettimeofday" +#define cpucycles cpucycles_gettimeofday +#define cpucycles_persecond cpucycles_gettimeofday_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/hppapstat.c b/src/libnacl/cpucycles/hppapstat.c new file mode 100644 index 00000000..5ae1e843 --- /dev/null +++ b/src/libnacl/cpucycles/hppapstat.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include +#include +#include + +long long cpucycles_hppapstat(void) +{ + register long long result; + _MFCTL(16,result); + return result; +} + +long long cpucycles_hppapstat_persecond(void) +{ + struct pst_processor pst; + union pstun pu; + double result; + + pu.pst_processor = &pst; + if (pstat(PSTAT_PROCESSOR,pu,sizeof(pst),1,0) < 0) return 0; + result = pst.psp_iticksperclktick; + result *= (double) sysconf(_SC_CLK_TCK); + return result; +} diff --git a/src/libnacl/cpucycles/hppapstat.h b/src/libnacl/cpucycles/hppapstat.h new file mode 100644 index 00000000..721814bb --- /dev/null +++ b/src/libnacl/cpucycles/hppapstat.h @@ -0,0 +1,27 @@ +/* +cpucycles hppapstat.h version 20060319 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_hppapstat_h +#define CPUCYCLES_hppapstat_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_hppapstat(void); +extern long long cpucycles_hppapstat_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "hppapstat" +#define cpucycles cpucycles_hppapstat +#define cpucycles_persecond cpucycles_hppapstat_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/ia64cpuinfo.c b/src/libnacl/cpucycles/ia64cpuinfo.c new file mode 100644 index 00000000..580c6cee --- /dev/null +++ b/src/libnacl/cpucycles/ia64cpuinfo.c @@ -0,0 +1,15 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_ia64cpuinfo(void) +{ + long long result; + asm volatile("mov %0=ar.itc" : "=r"(result)); + return result; +} + +long long cpucycles_ia64cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/ia64cpuinfo.h b/src/libnacl/cpucycles/ia64cpuinfo.h new file mode 100644 index 00000000..a6bcf47d --- /dev/null +++ b/src/libnacl/cpucycles/ia64cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles ia64cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_ia64cpuinfo_h +#define CPUCYCLES_ia64cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_ia64cpuinfo(void); +extern long long cpucycles_ia64cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "ia64cpuinfo" +#define cpucycles cpucycles_ia64cpuinfo +#define cpucycles_persecond cpucycles_ia64cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/mips.c b/src/libnacl/cpucycles/mips.c new file mode 100644 index 00000000..d9736f00 --- /dev/null +++ b/src/libnacl/cpucycles/mips.c @@ -0,0 +1,65 @@ +/* +cpucycles/mips.c version 20100803 +D. J. Bernstein +Public domain. +*/ + +#define SCALE 2 +#include +#include +#include + +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readticks(unsigned int *result) +{ + struct timeval t; + unsigned int cc; + asm volatile(".byte 59; .byte 16; .byte 2; .byte 124; move %0,$2" : "=r"(cc) : : "$2"); + gettimeofday(&t,(struct timezone *) 0); + result[0] = cc; + result[1] = t.tv_usec; + result[2] = t.tv_sec; +} + +long long cpucycles_mips(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + readticks(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000)) + return (prevcycles + delta4) * SCALE; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles * SCALE; +} + +long long cpucycles_mips_persecond(void) +{ + while (!cyclespersec) cpucycles_mips(); + return cyclespersec * SCALE; +} diff --git a/src/libnacl/cpucycles/mips.h b/src/libnacl/cpucycles/mips.h new file mode 100644 index 00000000..6f1b26c3 --- /dev/null +++ b/src/libnacl/cpucycles/mips.h @@ -0,0 +1,27 @@ +/* +cpucycles mips.h version 20100802 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_mips_h +#define CPUCYCLES_mips_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_mips(void); +extern long long cpucycles_mips_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "mips" +#define cpucycles cpucycles_mips +#define cpucycles_persecond cpucycles_mips_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/monotonic.c b/src/libnacl/cpucycles/monotonic.c new file mode 100644 index 00000000..321afd9a --- /dev/null +++ b/src/libnacl/cpucycles/monotonic.c @@ -0,0 +1,35 @@ +#include +#include +#include +#include +#include +#include +#include + +static double cpufrequency = 0; + +static void init(void) +{ + long result = 0; size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + cpufrequency = result; +} + +long long cpucycles_monotonic(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_MONOTONIC,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_monotonic_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/monotonic.h b/src/libnacl/cpucycles/monotonic.h new file mode 100644 index 00000000..9070860b --- /dev/null +++ b/src/libnacl/cpucycles/monotonic.h @@ -0,0 +1,27 @@ +/* +cpucycles monotonic.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_monotonic_h +#define CPUCYCLES_monotonic_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_monotonic(void); +extern long long cpucycles_monotonic_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "monotonic" +#define cpucycles cpucycles_monotonic +#define cpucycles_persecond cpucycles_monotonic_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/monotoniccpuinfo.c b/src/libnacl/cpucycles/monotoniccpuinfo.c new file mode 100644 index 00000000..890e6b24 --- /dev/null +++ b/src/libnacl/cpucycles/monotoniccpuinfo.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include +#include +#include +#include +#include "osfreq.c" + +static double cpufrequency = 0; + +static void init(void) +{ + cpufrequency = osfreq(); +} + +long long cpucycles_monotoniccpuinfo(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_MONOTONIC,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_monotoniccpuinfo_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/monotoniccpuinfo.h b/src/libnacl/cpucycles/monotoniccpuinfo.h new file mode 100644 index 00000000..d4ba7ea8 --- /dev/null +++ b/src/libnacl/cpucycles/monotoniccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles monotoniccpuinfo.h version 20100804 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_monotoniccpuinfo_h +#define CPUCYCLES_monotoniccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_monotoniccpuinfo(void); +extern long long cpucycles_monotoniccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "monotoniccpuinfo" +#define cpucycles cpucycles_monotoniccpuinfo +#define cpucycles_persecond cpucycles_monotoniccpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/osfreq.c b/src/libnacl/cpucycles/osfreq.c new file mode 100644 index 00000000..4e106a23 --- /dev/null +++ b/src/libnacl/cpucycles/osfreq.c @@ -0,0 +1,65 @@ +static double osfreq(void) +{ + FILE *f; + double result; + int s; + + f = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq", "r"); + if (f) { + s = fscanf(f,"%lf",&result); + fclose(f); + if (s > 0) return 1000.0 * result; + } + + f = fopen("/sys/devices/system/cpu/cpu0/clock_tick", "r"); + if (f) { + s = fscanf(f,"%lf",&result); + fclose(f); + if (s > 0) return result; + } + + f = fopen("/proc/cpuinfo","r"); + if (f) { + for (;;) { + s = fscanf(f,"cpu MHz : %lf",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + fclose(f); + if (result) return 1000000.0 * result; + } + + f = fopen("/proc/cpuinfo","r"); + if (f) { + for (;;) { + s = fscanf(f,"clock : %lf",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + fclose(f); + if (result) return 1000000.0 * result; + } + + f = popen("/usr/sbin/lsattr -E -l proc0 -a frequency 2>/dev/null","r"); + if (f) { + s = fscanf(f,"frequency %lf",&result); + pclose(f); + if (s > 0) return result; + } + + f = popen("/usr/sbin/psrinfo -v 2>/dev/null","r"); + if (f) { + for (;;) { + s = fscanf(f," The %*s processor operates at %lf MHz",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + pclose(f); + if (result) return 1000000.0 * result; + } + + return 0; +} diff --git a/src/libnacl/cpucycles/powerpccpuinfo.c b/src/libnacl/cpucycles/powerpccpuinfo.c new file mode 100644 index 00000000..b70c745a --- /dev/null +++ b/src/libnacl/cpucycles/powerpccpuinfo.c @@ -0,0 +1,95 @@ +#include +#include +#include +#include +#include +#include "osfreq.c" + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static int tbshift = 0; + +static long long timebase(void) +{ + unsigned long high; + unsigned long low; + unsigned long newhigh; + unsigned long long result; + asm volatile( + "7:mftbu %0;mftb %1;mftbu %2;cmpw %0,%2;bne 7b" + : "=r" (high), "=r" (low), "=r" (newhigh) + ); + result = high; + result <<= 32; + result |= low; + return result >> tbshift; +} + +static double cpufrequency = 0; +static long tbcycles = 0; + +static double guesstbcycles(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = timebase(); + us0 = microseconds(); + do { + tb1 = timebase(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return (cpufrequency * 0.000001 * (double) us1) / (double) tb1; +} + +static void init(void) +{ + int loop; + double guess1; + double guess2; + + cpufrequency = osfreq(); + if (!cpufrequency) return; + + for (tbshift = 0;tbshift < 10;++tbshift) { + for (loop = 0;loop < 100;++loop) { + guess1 = guesstbcycles(); + guess2 = guesstbcycles(); + tbcycles = myround(guess1); + if (guess1 - tbcycles > 0.1) continue; + if (tbcycles - guess1 > 0.1) continue; + if (guess2 - tbcycles > 0.1) continue; + if (tbcycles - guess2 > 0.1) continue; + return; + } + } + tbcycles = 0; +} + +long long cpucycles_powerpccpuinfo(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_powerpccpuinfo_persecond(void) +{ + if (!tbcycles) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/powerpccpuinfo.h b/src/libnacl/cpucycles/powerpccpuinfo.h new file mode 100644 index 00000000..c763a1b4 --- /dev/null +++ b/src/libnacl/cpucycles/powerpccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles powerpccpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_powerpccpuinfo_h +#define CPUCYCLES_powerpccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_powerpccpuinfo(void); +extern long long cpucycles_powerpccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "powerpccpuinfo" +#define cpucycles cpucycles_powerpccpuinfo +#define cpucycles_persecond cpucycles_powerpccpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/powerpcmacos.c b/src/libnacl/cpucycles/powerpcmacos.c new file mode 100644 index 00000000..f855b276 --- /dev/null +++ b/src/libnacl/cpucycles/powerpcmacos.c @@ -0,0 +1,43 @@ +#include +#include +#include +#include + +#define timebase mach_absolute_time + +static int cpumib[2] = { CTL_HW, HW_CPU_FREQ } ; +static int tbmib[2] = { CTL_HW, HW_TB_FREQ } ; + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long tbcycles = 0; + +static void init(void) +{ + unsigned int cpufrequency = 0; size_t cpufrequencylen = sizeof(unsigned int); + unsigned int tbfrequency = 0; size_t tbfrequencylen = sizeof(unsigned int); + sysctl(cpumib,2,&cpufrequency,&cpufrequencylen,0,0); + sysctl(tbmib,2,&tbfrequency,&tbfrequencylen,0,0); + if (tbfrequency > 0) + tbcycles = myround((double) (unsigned long long) cpufrequency + / (double) (unsigned long long) tbfrequency); +} + +long long cpucycles_powerpcmacos(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_powerpcmacos_persecond(void) +{ + unsigned int result = 0; size_t resultlen = sizeof(unsigned int); + sysctl(cpumib,2,&result,&resultlen,0,0); + return (unsigned long long) result; +} diff --git a/src/libnacl/cpucycles/powerpcmacos.h b/src/libnacl/cpucycles/powerpcmacos.h new file mode 100644 index 00000000..f66c0e36 --- /dev/null +++ b/src/libnacl/cpucycles/powerpcmacos.h @@ -0,0 +1,27 @@ +/* +cpucycles powerpcmacos.h version 20060319 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_powerpcmacos_h +#define CPUCYCLES_powerpcmacos_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_powerpcmacos(void); +extern long long cpucycles_powerpcmacos_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "powerpcmacos" +#define cpucycles cpucycles_powerpcmacos +#define cpucycles_persecond cpucycles_powerpcmacos_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/sgi.c b/src/libnacl/cpucycles/sgi.c new file mode 100644 index 00000000..c0e731f6 --- /dev/null +++ b/src/libnacl/cpucycles/sgi.c @@ -0,0 +1,39 @@ +#include +#include +#include +#include +#include +#include +#include + +static double cpufrequency = 0; + +static void init(void) +{ + FILE *f; + + f = popen("hinv -c processor | awk '{if ($3==\"MHZ\") print $2*1000000}'","r"); + if (!f) return; + if (fscanf(f,"%lf",&cpufrequency) < 1) cpufrequency = 0; + pclose(f); + if (!cpufrequency) return; +} + +long long cpucycles_sgi(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_SGI_CYCLE,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_sgi_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/sgi.h b/src/libnacl/cpucycles/sgi.h new file mode 100644 index 00000000..56bad976 --- /dev/null +++ b/src/libnacl/cpucycles/sgi.h @@ -0,0 +1,27 @@ +/* +cpucycles sgi.h version 20070916 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sgi_h +#define CPUCYCLES_sgi_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sgi(void); +extern long long cpucycles_sgi_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sgi" +#define cpucycles cpucycles_sgi +#define cpucycles_persecond cpucycles_sgi_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/sparc32cpuinfo.c b/src/libnacl/cpucycles/sparc32cpuinfo.c new file mode 100644 index 00000000..1fc53d06 --- /dev/null +++ b/src/libnacl/cpucycles/sparc32cpuinfo.c @@ -0,0 +1,16 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_sparc32cpuinfo(void) +{ + long long result; + asm volatile(".word 2202075136; .word 2570088480; srl %%g1,0,%L0; mov %%o4,%H0" + : "=r" (result) : : "g1","o4"); + return result; +} + +long long cpucycles_sparc32cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/sparc32cpuinfo.h b/src/libnacl/cpucycles/sparc32cpuinfo.h new file mode 100644 index 00000000..9d39dc65 --- /dev/null +++ b/src/libnacl/cpucycles/sparc32cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles sparc32cpuinfo.h version 20100804 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sparc32cpuinfo_h +#define CPUCYCLES_sparc32cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sparc32cpuinfo(void); +extern long long cpucycles_sparc32cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sparc32cpuinfo" +#define cpucycles cpucycles_sparc32cpuinfo +#define cpucycles_persecond cpucycles_sparc32cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/sparccpuinfo.c b/src/libnacl/cpucycles/sparccpuinfo.c new file mode 100644 index 00000000..d07aafec --- /dev/null +++ b/src/libnacl/cpucycles/sparccpuinfo.c @@ -0,0 +1,15 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_sparccpuinfo(void) +{ + long long result; + asm volatile("rd %%tick,%0" : "=r" (result)); + return result; +} + +long long cpucycles_sparccpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/sparccpuinfo.h b/src/libnacl/cpucycles/sparccpuinfo.h new file mode 100644 index 00000000..badb2144 --- /dev/null +++ b/src/libnacl/cpucycles/sparccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles sparccpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sparccpuinfo_h +#define CPUCYCLES_sparccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sparccpuinfo(void); +extern long long cpucycles_sparccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sparccpuinfo" +#define cpucycles cpucycles_sparccpuinfo +#define cpucycles_persecond cpucycles_sparccpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/test.c b/src/libnacl/cpucycles/test.c new file mode 100644 index 00000000..30a37230 --- /dev/null +++ b/src/libnacl/cpucycles/test.c @@ -0,0 +1,27 @@ +#include +#include +#include +#include +#include "cpucycles-impl.h" + +static long long tod(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +long long todstart; +long long todend; +long long cpustart; +long long cpuend; + +long long cyclespersecond; +long long cyclespertod; + +long long t[1001]; + +int main() +{ + return 0; +} diff --git a/src/libnacl/cpucycles/x86cpuinfo.c b/src/libnacl/cpucycles/x86cpuinfo.c new file mode 100644 index 00000000..3fb0a1b0 --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuinfo.c @@ -0,0 +1,15 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_x86cpuinfo(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/x86cpuinfo.h b/src/libnacl/cpucycles/x86cpuinfo.h new file mode 100644 index 00000000..88f151dd --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles x86cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86cpuinfo_h +#define CPUCYCLES_x86cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86cpuinfo(void); +extern long long cpucycles_x86cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86cpuinfo" +#define cpucycles cpucycles_x86cpuinfo +#define cpucycles_persecond cpucycles_x86cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/x86cpuspeed.c b/src/libnacl/cpucycles/x86cpuspeed.c new file mode 100644 index 00000000..34222565 --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuspeed.c @@ -0,0 +1,24 @@ +#include +#include +#include +#include + +long long cpucycles_x86cpuspeed(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86cpuspeed_persecond(void) +{ + int oid[2]; + int val; + size_t size; + oid[0] = CTL_HW; + oid[1] = HW_CPUSPEED; + size = sizeof val; + if (sysctl(oid,2,&val,&size,0,0) == -1) return 0; + if (size != sizeof val) return 0; + return val * 1000000LL; +} diff --git a/src/libnacl/cpucycles/x86cpuspeed.h b/src/libnacl/cpucycles/x86cpuspeed.h new file mode 100644 index 00000000..43005cda --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuspeed.h @@ -0,0 +1,27 @@ +/* +cpucycles x86cpuspeed.h version 20090716 +Matthew Dempsky +Public domain. +*/ + +#ifndef CPUCYCLES_x86cpuspeed_h +#define CPUCYCLES_x86cpuspeed_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86cpuspeed(void); +extern long long cpucycles_x86cpuspeed_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86cpuspeed" +#define cpucycles cpucycles_x86cpuspeed +#define cpucycles_persecond cpucycles_x86cpuspeed_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/x86estimate.c b/src/libnacl/cpucycles/x86estimate.c new file mode 100644 index 00000000..cd8e1c4b --- /dev/null +++ b/src/libnacl/cpucycles/x86estimate.c @@ -0,0 +1,60 @@ +#include +#include +#include +#include +#include + +long long cpucycles_x86estimate(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static double guessfreq(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = cpucycles_x86estimate(); + us0 = microseconds(); + do { + tb1 = cpucycles_x86estimate(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return ((double) tb1) / (0.000001 * (double) us1); +} + +static double cpufrequency = 0; + +static void init(void) +{ + double guess1; + double guess2; + int loop; + + for (loop = 0;loop < 100;++loop) { + guess1 = guessfreq(); + guess2 = guessfreq(); + if (guess1 > 1.01 * guess2) continue; + if (guess2 > 1.01 * guess1) continue; + cpufrequency = 0.5 * (guess1 + guess2); + break; + } +} + +long long cpucycles_x86estimate_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/x86estimate.h b/src/libnacl/cpucycles/x86estimate.h new file mode 100644 index 00000000..98f2dd15 --- /dev/null +++ b/src/libnacl/cpucycles/x86estimate.h @@ -0,0 +1,27 @@ +/* +cpucycles x86estimate.h version 20070121 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86estimate_h +#define CPUCYCLES_x86estimate_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86estimate(void); +extern long long cpucycles_x86estimate_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86estimate" +#define cpucycles cpucycles_x86estimate +#define cpucycles_persecond cpucycles_x86estimate_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/x86tscfreq.c b/src/libnacl/cpucycles/x86tscfreq.c new file mode 100644 index 00000000..400da941 --- /dev/null +++ b/src/libnacl/cpucycles/x86tscfreq.c @@ -0,0 +1,18 @@ +#include +#include +#include + +long long cpucycles_x86tscfreq(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86tscfreq_persecond(void) +{ + long result = 0; + size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + return result; +} diff --git a/src/libnacl/cpucycles/x86tscfreq.h b/src/libnacl/cpucycles/x86tscfreq.h new file mode 100644 index 00000000..abf616e5 --- /dev/null +++ b/src/libnacl/cpucycles/x86tscfreq.h @@ -0,0 +1,27 @@ +/* +cpucycles x86tscfreq.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86tscfreq_h +#define CPUCYCLES_x86tscfreq_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86tscfreq(void); +extern long long cpucycles_x86tscfreq_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86tscfreq" +#define cpucycles cpucycles_x86tscfreq +#define cpucycles_persecond cpucycles_x86tscfreq_persecond +#endif + +#endif diff --git a/src/libnacl/cpuid/cbytes.c b/src/libnacl/cpuid/cbytes.c new file mode 100644 index 00000000..bd5d1444 --- /dev/null +++ b/src/libnacl/cpuid/cbytes.c @@ -0,0 +1,16 @@ +#include + +int main() +{ + char ch; + int loop = 0; + while (scanf("%c",&ch) == 1) { + printf("0x%02x,",255 & (int) ch); + if (++loop == 16) { + loop = 0; + printf("\n"); + } + } + printf("0x00\n"); + return 0; +} diff --git a/src/libnacl/cpuid/cpuid.c b/src/libnacl/cpuid/cpuid.c new file mode 100644 index 00000000..1a5c6b8e --- /dev/null +++ b/src/libnacl/cpuid/cpuid.c @@ -0,0 +1,41 @@ +#include +#include +#include +#include + +void nope() +{ + exit(1); +} + +int main() +{ + unsigned long x[4]; + unsigned long y[4]; + int i; + int j; + char c; + + signal(SIGILL,nope); + + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + + asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) ); + if (!x[0]) return 0; + asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) ); + + for (i = 1;i < 4;++i) + for (j = 0;j < 4;++j) { + c = x[i] >> (8 * j); + if (c < 32) c = 32; + if (c > 126) c = 126; + putchar(c); + } + + printf("-%08x-%08x\n",y[0],y[3]); + + return 0; +} diff --git a/src/libnacl/cpuid/do b/src/libnacl/cpuid/do new file mode 100755 index 00000000..8a3a6f7b --- /dev/null +++ b/src/libnacl/cpuid/do @@ -0,0 +1,37 @@ +#!/bin/sh -e + +mkdir include + +( + echo x86 + echo unknown +) | ( + while read n + do + okabi | ( + while read abi + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f cpuid.c + cp $n.c cpuid.c || continue + $c -o cpuid cpuid.c || continue + $c -o cbytes cbytes.c || continue + ./cpuid > cpuid.out || continue + echo 'static const char cpuid[] = {' > cpuid.h || continue + ./cbytes < cpuid.out >> cpuid.h || continue + echo '} ;' >> cpuid.h || continue + cp cpuid.h include/cpuid.h || continue + cat cpuid.out + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 +) diff --git a/src/libnacl/cpuid/unknown.c b/src/libnacl/cpuid/unknown.c new file mode 100644 index 00000000..786a5e72 --- /dev/null +++ b/src/libnacl/cpuid/unknown.c @@ -0,0 +1,7 @@ +#include + +main() +{ + printf("unknown CPU ID\n"); + return 0; +} diff --git a/src/libnacl/cpuid/x86.c b/src/libnacl/cpuid/x86.c new file mode 100644 index 00000000..99e6a0c4 --- /dev/null +++ b/src/libnacl/cpuid/x86.c @@ -0,0 +1,41 @@ +#include +#include +#include +#include + +void nope() +{ + exit(1); +} + +int main() +{ + unsigned long x[4]; + unsigned long y[4]; + int i; + int j; + char c; + + signal(SIGILL,nope); + + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + + asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) ); + if (!x[0]) return 0; + asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) ); + + for (i = 1;i < 4;++i) + for (j = 0;j < 4;++j) { + c = x[i] >> (8 * j); + if (c < 32) c = 32; + if (c > 126) c = 126; + putchar(c); + } + + printf("-%08x-%08x\n",(unsigned int) y[0],(unsigned int) y[3]); + + return 0; +} diff --git a/src/libnacl/crypto_auth/hmacsha256/checksum b/src/libnacl/crypto_auth/hmacsha256/checksum new file mode 100644 index 00000000..2fa9604b --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/checksum @@ -0,0 +1 @@ +3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632 diff --git a/src/libnacl/crypto_auth/hmacsha256/ref/api.h b/src/libnacl/crypto_auth/hmacsha256/ref/api.h new file mode 100644 index 00000000..c224d9d5 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_auth/hmacsha256/ref/hmac.c b/src/libnacl/crypto_auth/hmacsha256/ref/hmac.c new file mode 100644 index 00000000..8ab30bb4 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/ref/hmac.c @@ -0,0 +1,83 @@ +/* + * 20080913 + * D. J. Bernstein + * Public domain. + * */ + +#include "crypto_hashblocks_sha256.h" +#include "crypto_auth.h" + +#define blocks crypto_hashblocks_sha256 + +typedef unsigned int uint32; + +static const char iv[32] = { + 0x6a,0x09,0xe6,0x67, + 0xbb,0x67,0xae,0x85, + 0x3c,0x6e,0xf3,0x72, + 0xa5,0x4f,0xf5,0x3a, + 0x51,0x0e,0x52,0x7f, + 0x9b,0x05,0x68,0x8c, + 0x1f,0x83,0xd9,0xab, + 0x5b,0xe0,0xcd,0x19, +} ; + +int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char h[32]; + unsigned char padded[128]; + int i; + unsigned long long bits = 512 + (inlen << 3); + + for (i = 0;i < 32;++i) h[i] = iv[i]; + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36; + for (i = 32;i < 64;++i) padded[i] = 0x36; + + blocks(h,padded,64); + blocks(h,in,inlen); + in += inlen; + inlen &= 63; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 56) { + for (i = inlen + 1;i < 56;++i) padded[i] = 0; + padded[56] = bits >> 56; + padded[57] = bits >> 48; + padded[58] = bits >> 40; + padded[59] = bits >> 32; + padded[60] = bits >> 24; + padded[61] = bits >> 16; + padded[62] = bits >> 8; + padded[63] = bits; + blocks(h,padded,64); + } else { + for (i = inlen + 1;i < 120;++i) padded[i] = 0; + padded[120] = bits >> 56; + padded[121] = bits >> 48; + padded[122] = bits >> 40; + padded[123] = bits >> 32; + padded[124] = bits >> 24; + padded[125] = bits >> 16; + padded[126] = bits >> 8; + padded[127] = bits; + blocks(h,padded,128); + } + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c; + for (i = 32;i < 64;++i) padded[i] = 0x5c; + for (i = 0;i < 32;++i) padded[64 + i] = h[i]; + + for (i = 0;i < 32;++i) out[i] = iv[i]; + + for (i = 32;i < 64;++i) padded[64 + i] = 0; + padded[64 + 32] = 0x80; + padded[64 + 62] = 3; + + blocks(out,padded,128); + + return 0; +} diff --git a/src/libnacl/crypto_auth/hmacsha256/ref/verify.c b/src/libnacl/crypto_auth/hmacsha256/ref/verify.c new file mode 100644 index 00000000..96ff0ea8 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_32.h" +#include "crypto_auth.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/src/libnacl/crypto_auth/hmacsha256/used b/src/libnacl/crypto_auth/hmacsha256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_auth/hmacsha512256/checksum b/src/libnacl/crypto_auth/hmacsha512256/checksum new file mode 100644 index 00000000..1c037f2d --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/checksum @@ -0,0 +1 @@ +2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886 diff --git a/src/libnacl/crypto_auth/hmacsha512256/ref/api.h b/src/libnacl/crypto_auth/hmacsha512256/ref/api.h new file mode 100644 index 00000000..c224d9d5 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c b/src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c new file mode 100644 index 00000000..56ebfa6b --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c @@ -0,0 +1,86 @@ +/* + * 20080913 + * D. J. Bernstein + * Public domain. + * */ + +#include "crypto_hashblocks_sha512.h" +#include "crypto_auth.h" + +#define blocks crypto_hashblocks_sha512 + +typedef unsigned long long uint64; + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char h[64]; + unsigned char padded[256]; + int i; + unsigned long long bytes = 128 + inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36; + for (i = 32;i < 128;++i) padded[i] = 0x36; + + blocks(h,padded,128); + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c; + for (i = 32;i < 128;++i) padded[i] = 0x5c; + + for (i = 0;i < 64;++i) padded[128 + i] = h[i]; + for (i = 0;i < 64;++i) h[i] = iv[i]; + + for (i = 64;i < 128;++i) padded[128 + i] = 0; + padded[128 + 64] = 0x80; + padded[128 + 126] = 6; + + blocks(h,padded,256); + for (i = 0;i < 32;++i) out[i] = h[i]; + + return 0; +} diff --git a/src/libnacl/crypto_auth/hmacsha512256/ref/verify.c b/src/libnacl/crypto_auth/hmacsha512256/ref/verify.c new file mode 100644 index 00000000..96ff0ea8 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_32.h" +#include "crypto_auth.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/src/libnacl/crypto_auth/hmacsha512256/selected b/src/libnacl/crypto_auth/hmacsha512256/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_auth/hmacsha512256/used b/src/libnacl/crypto_auth/hmacsha512256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_auth/measure.c b/src/libnacl/crypto_auth/measure.c new file mode 100644 index 00000000..e5209903 --- /dev/null +++ b/src/libnacl/crypto_auth/measure.c @@ -0,0 +1,69 @@ +#include "crypto_auth.h" +#include "randombytes.h" +#include "cpucycles.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; +const char *implementationversion = crypto_auth_VERSION; +const char *sizenames[] = { "outputbytes", "keybytes", 0 }; +const long long sizes[] = { crypto_auth_BYTES, crypto_auth_KEYBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *m; +static unsigned char *h; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_auth_KEYBYTES); + m = alignedcalloc(MAXTEST_BYTES); + h = alignedcalloc(crypto_auth_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_auth_KEYBYTES); + randombytes(m,mlen); + randombytes(h,crypto_auth_BYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_auth(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_auth_verify(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"verify_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_auth/try.c b/src/libnacl/crypto_auth/try.c new file mode 100644 index 00000000..0ea1f7ba --- /dev/null +++ b/src/libnacl/crypto_auth/try.c @@ -0,0 +1,121 @@ +/* + * crypto_auth/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash_sha256.h" +#include "crypto_auth.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *m; +static unsigned char *k; +static unsigned char *h2; +static unsigned char *m2; +static unsigned char *k2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_auth_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + k = alignedcalloc(crypto_auth_KEYBYTES); + h2 = alignedcalloc(crypto_auth_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES); + k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_auth(h,m,TUNE_BYTES,k); + crypto_auth_verify(h,m,TUNE_BYTES,k); +} + +char checksum[crypto_auth_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long klen = crypto_auth_KEYBYTES; + long long hlen = crypto_auth_BYTES; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output"; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap"; + for (j = 0;j < hlen;++j) m2[j] = m[j]; + if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; + m[mlen] = h2[0]; + } + if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (i = 0;i < crypto_auth_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_auth/wrapper-auth.cpp b/src/libnacl/crypto_auth/wrapper-auth.cpp new file mode 100644 index 00000000..2108aa31 --- /dev/null +++ b/src/libnacl/crypto_auth/wrapper-auth.cpp @@ -0,0 +1,11 @@ +#include +using std::string; +#include "crypto_auth.h" + +string crypto_auth(const string &m,const string &k) +{ + if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length"; + unsigned char a[crypto_auth_BYTES]; + crypto_auth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str()); + return string((char *) a,crypto_auth_BYTES); +} diff --git a/src/libnacl/crypto_auth/wrapper-verify.cpp b/src/libnacl/crypto_auth/wrapper-verify.cpp new file mode 100644 index 00000000..57e25a26 --- /dev/null +++ b/src/libnacl/crypto_auth/wrapper-verify.cpp @@ -0,0 +1,14 @@ +#include +using std::string; +#include "crypto_auth.h" + +void crypto_auth_verify(const string &a,const string &m,const string &k) +{ + if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length"; + if (a.size() != crypto_auth_BYTES) throw "incorrect authenticator length"; + if (crypto_auth_verify( + (const unsigned char *) a.c_str(), + (const unsigned char *) m.c_str(),m.size(), + (const unsigned char *) k.c_str()) == 0) return; + throw "invalid authenticator"; +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum new file mode 100644 index 00000000..56a20083 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum @@ -0,0 +1 @@ +5fac7400caabc14a99c5c0bc13fb1df5e468e870382a3a1c diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c new file mode 100644 index 00000000..eb243e22 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c @@ -0,0 +1,22 @@ +#include "crypto_secretbox_xsalsa20poly1305.h" +#include "crypto_box.h" + +int crypto_box_afternm( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + return crypto_secretbox_xsalsa20poly1305(c,m,mlen,n,k); +} + +int crypto_box_open_afternm( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + return crypto_secretbox_xsalsa20poly1305_open(m,c,clen,n,k); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h new file mode 100644 index 00000000..ce7762df --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h @@ -0,0 +1,6 @@ +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_SECRETKEYBYTES 32 +#define CRYPTO_BEFORENMBYTES 32 +#define CRYPTO_NONCEBYTES 24 +#define CRYPTO_ZEROBYTES 32 +#define CRYPTO_BOXZEROBYTES 16 diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c new file mode 100644 index 00000000..279bb12a --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c @@ -0,0 +1,17 @@ +#include "crypto_core_hsalsa20.h" +#include "crypto_scalarmult_curve25519.h" +#include "crypto_box.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; +static const unsigned char n[16] = {0}; + +int crypto_box_beforenm( + unsigned char *k, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char s[32]; + crypto_scalarmult_curve25519(s,sk,pk); + return crypto_core_hsalsa20(k,n,s,sigma); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c new file mode 100644 index 00000000..81ff72e2 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c @@ -0,0 +1,27 @@ +#include "crypto_box.h" + +int crypto_box( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + crypto_box_beforenm(k,pk,sk); + return crypto_box_afternm(c,m,mlen,n,k); +} + +int crypto_box_open( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + crypto_box_beforenm(k,pk,sk); + return crypto_box_open_afternm(m,c,clen,n,k); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c new file mode 100644 index 00000000..233bc950 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c @@ -0,0 +1,12 @@ +#include "crypto_scalarmult_curve25519.h" +#include "crypto_box.h" +#include "randombytes.h" + +int crypto_box_keypair( + unsigned char *pk, + unsigned char *sk +) +{ + randombytes(sk,32); + return crypto_scalarmult_curve25519_base(pk,sk); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/selected b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/used b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_box/measure.c b/src/libnacl/crypto_box/measure.c new file mode 100644 index 00000000..08df1e39 --- /dev/null +++ b/src/libnacl/crypto_box/measure.c @@ -0,0 +1,137 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_box.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_box_IMPLEMENTATION; +const char *implementationversion = crypto_box_VERSION; +const char *sizenames[] = { "publickeybytes", "secretkeybytes", "beforenmbytes", "noncebytes", "zerobytes", "boxzerobytes", 0 }; +const long long sizes[] = { crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES, crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES, crypto_box_ZEROBYTES, crypto_box_BOXZEROBYTES }; + +#define MAXTEST_BYTES 4096 + +static unsigned char *ska; +static unsigned char *pka; +static unsigned char *skb; +static unsigned char *pkb; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *sa; +static unsigned char *sb; + +void preallocate(void) +{ +} + +void allocate(void) +{ + ska = alignedcalloc(crypto_box_SECRETKEYBYTES); + pka = alignedcalloc(crypto_box_PUBLICKEYBYTES); + skb = alignedcalloc(crypto_box_SECRETKEYBYTES); + pkb = alignedcalloc(crypto_box_PUBLICKEYBYTES); + n = alignedcalloc(crypto_box_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + sa = alignedcalloc(crypto_box_BEFORENMBYTES); + sb = alignedcalloc(crypto_box_BEFORENMBYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_keypair(pka,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_keypair(pkb,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_beforenm(sa,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"beforenm_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_beforenm(sb,pka,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"beforenm_cycles",cycles,TIMINGS); + + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) { + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + randombytes(c,mlen + crypto_box_ZEROBYTES); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,pka,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + + ++c[crypto_box_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_afternm(c,m,mlen + crypto_box_ZEROBYTES,n,sb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"afternm_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_afternm_cycles",cycles,TIMINGS); + + ++c[crypto_box_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_afternm_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_box/try.c b/src/libnacl/crypto_box/try.c new file mode 100644 index 00000000..9e1e5079 --- /dev/null +++ b/src/libnacl/crypto_box/try.c @@ -0,0 +1,197 @@ +/* + * crypto_box/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_box.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_box_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *ska; +static unsigned char *pka; +static unsigned char *skb; +static unsigned char *pkb; +static unsigned char *s; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *t; +static unsigned char *ska2; +static unsigned char *pka2; +static unsigned char *skb2; +static unsigned char *pkb2; +static unsigned char *s2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *t2; + +#define sklen crypto_box_SECRETKEYBYTES +#define pklen crypto_box_PUBLICKEYBYTES +#define nlen crypto_box_NONCEBYTES +#define slen crypto_box_BEFORENMBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + ska = alignedcalloc(sklen); + pka = alignedcalloc(pklen); + skb = alignedcalloc(sklen); + pkb = alignedcalloc(pklen); + n = alignedcalloc(nlen); + m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + s = alignedcalloc(slen); + ska2 = alignedcalloc(sklen); + pka2 = alignedcalloc(pklen); + skb2 = alignedcalloc(sklen); + pkb2 = alignedcalloc(pklen); + n2 = alignedcalloc(nlen); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + t2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + s2 = alignedcalloc(slen); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_box(c,m,TUNE_BYTES + crypto_box_ZEROBYTES,n,pka,skb); + crypto_box_open(t,c,TUNE_BYTES + crypto_box_ZEROBYTES,n,pkb,ska); +} + +char checksum[nlen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + if (crypto_box_keypair(pka,ska) != 0) return "crypto_box_keypair returns nonzero"; + if (crypto_box_keypair(pkb,skb) != 0) return "crypto_box_keypair returns nonzero"; + + for (j = 0;j < crypto_box_ZEROBYTES;++j) m[j] = 0; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i + crypto_box_ZEROBYTES; + long long tlen = i + crypto_box_ZEROBYTES; + long long clen = i + crypto_box_ZEROBYTES; + + for (j = -16;j < 0;++j) ska[j] = random(); + for (j = -16;j < 0;++j) skb[j] = random(); + for (j = -16;j < 0;++j) pka[j] = random(); + for (j = -16;j < 0;++j) pkb[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + + for (j = sklen;j < sklen + 16;++j) ska[j] = random(); + for (j = sklen;j < sklen + 16;++j) skb[j] = random(); + for (j = pklen;j < pklen + 16;++j) pka[j] = random(); + for (j = pklen;j < pklen + 16;++j) pkb[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + + for (j = -16;j < sklen + 16;++j) ska2[j] = ska[j]; + for (j = -16;j < sklen + 16;++j) skb2[j] = skb[j]; + for (j = -16;j < pklen + 16;++j) pka2[j] = pka[j]; + for (j = -16;j < pklen + 16;++j) pkb2[j] = pkb[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random(); + + if (crypto_box(c,m,mlen,n,pkb,ska) != 0) return "crypto_box returns nonzero"; + + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box overwrites n"; + for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_box writes before output"; + for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box writes after output"; + for (j = 0;j < crypto_box_BOXZEROBYTES;++j) + if (c[j] != 0) return "crypto_box does not clear extra bytes"; + + for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box overwrites ska"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box overwrites skb"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box overwrites pka"; + for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box overwrites pkb"; + + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + + if (crypto_box_open(t,c,clen,n,pka,skb) != 0) return "crypto_box_open returns nonzero"; + + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box_open overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open writes after output"; + for (j = 0;j < crypto_box_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_open does not clear extra bytes"; + + for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box_open overwrites ska"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites skb"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pka"; + for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box_open overwrites pkb"; + + for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "plaintext does not match"; + + for (j = -16;j < slen + 16;++j) s2[j] = s[j] = random(); + if (crypto_box_beforenm(s,pkb,ska) != 0) return "crypto_box_beforenm returns nonzero"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pk"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites sk"; + for (j = -16;j < 0;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes before output"; + for (j = slen;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes after output"; + + for (j = -16;j < slen + 16;++j) s2[j] = s[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + if (crypto_box_afternm(t,m,mlen,n,s) != 0) return "crypto_box_afternm returns nonzero"; + for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_afternm overwrites s"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_afternm overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_afternm overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes after output"; + for (j = 0;j < crypto_box_BOXZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_afternm does not clear extra bytes"; + for (j = 0;j < mlen;++j) if (t[j] != c[j]) return "crypto_box_afternm does not match crypto_box"; + + if (crypto_box_beforenm(s,pka,skb) != 0) return "crypto_box_beforenm returns nonzero"; + + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + if (crypto_box_open_afternm(t,c,clen,n,s) != 0) return "crypto_box_open_afternm returns nonzero"; + for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_open_afternm overwrites s"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_open_afternm overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open_afternm overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes after output"; + for (j = 0;j < crypto_box_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_open_afternm does not clear extra bytes"; + for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "crypto_box_open_afternm does not match crypto_box_open"; + + for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_box_BOXZEROBYTES]; + if (i == 0) m[crypto_box_ZEROBYTES] = 0; + m[i + crypto_box_ZEROBYTES] = m[crypto_box_ZEROBYTES]; + for (j = 0;j < i;++j) m[j + crypto_box_ZEROBYTES] ^= c[j + crypto_box_BOXZEROBYTES]; + } + + for (i = 0;i < nlen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (n[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & n[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_box/wrapper-box.cpp b/src/libnacl/crypto_box/wrapper-box.cpp new file mode 100644 index 00000000..f0429295 --- /dev/null +++ b/src/libnacl/crypto_box/wrapper-box.cpp @@ -0,0 +1,24 @@ +#include +using std::string; +#include "crypto_box.h" + +string crypto_box(const string &m,const string &n,const string &pk,const string &sk) +{ + if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length"; + if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length"; + if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length"; + size_t mlen = m.size() + crypto_box_ZEROBYTES; + unsigned char mpad[mlen]; + for (int i = 0;i < crypto_box_ZEROBYTES;++i) mpad[i] = 0; + for (int i = crypto_box_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_box_ZEROBYTES]; + unsigned char cpad[mlen]; + crypto_box(cpad,mpad,mlen, + (const unsigned char *) n.c_str(), + (const unsigned char *) pk.c_str(), + (const unsigned char *) sk.c_str() + ); + return string( + (char *) cpad + crypto_box_BOXZEROBYTES, + mlen - crypto_box_BOXZEROBYTES + ); +} diff --git a/src/libnacl/crypto_box/wrapper-keypair.cpp b/src/libnacl/crypto_box/wrapper-keypair.cpp new file mode 100644 index 00000000..b59f92d9 --- /dev/null +++ b/src/libnacl/crypto_box/wrapper-keypair.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_box.h" + +string crypto_box_keypair(string *sk_string) +{ + unsigned char pk[crypto_box_PUBLICKEYBYTES]; + unsigned char sk[crypto_box_SECRETKEYBYTES]; + crypto_box_keypair(pk,sk); + *sk_string = string((char *) sk,sizeof sk); + return string((char *) pk,sizeof pk); +} diff --git a/src/libnacl/crypto_box/wrapper-open.cpp b/src/libnacl/crypto_box/wrapper-open.cpp new file mode 100644 index 00000000..67663a21 --- /dev/null +++ b/src/libnacl/crypto_box/wrapper-open.cpp @@ -0,0 +1,27 @@ +#include +using std::string; +#include "crypto_box.h" + +string crypto_box_open(const string &c,const string &n,const string &pk,const string &sk) +{ + if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length"; + if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length"; + if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length"; + size_t clen = c.size() + crypto_box_BOXZEROBYTES; + unsigned char cpad[clen]; + for (int i = 0;i < crypto_box_BOXZEROBYTES;++i) cpad[i] = 0; + for (int i = crypto_box_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_box_BOXZEROBYTES]; + unsigned char mpad[clen]; + if (crypto_box_open(mpad,cpad,clen, + (const unsigned char *) n.c_str(), + (const unsigned char *) pk.c_str(), + (const unsigned char *) sk.c_str() + ) != 0) + throw "ciphertext fails verification"; + if (clen < crypto_box_ZEROBYTES) + throw "ciphertext too short"; // should have been caught by _open + return string( + (char *) mpad + crypto_box_ZEROBYTES, + clen - crypto_box_ZEROBYTES + ); +} diff --git a/src/libnacl/crypto_core/hsalsa20/checksum b/src/libnacl/crypto_core/hsalsa20/checksum new file mode 100644 index 00000000..f67bb2e2 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/checksum @@ -0,0 +1 @@ +28ebe700b5878570702a68740aa131e6fa907e58a3f6915cd183c6db3f7afd7a diff --git a/src/libnacl/crypto_core/hsalsa20/ref/api.h b/src/libnacl/crypto_core/hsalsa20/ref/api.h new file mode 100644 index 00000000..73bd8541 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 32 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/hsalsa20/ref/core.c b/src/libnacl/crypto_core/hsalsa20/ref/core.c new file mode 100644 index 00000000..36118da0 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref/core.c @@ -0,0 +1,135 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + x0 -= load_littleendian(c + 0); + x5 -= load_littleendian(c + 4); + x10 -= load_littleendian(c + 8); + x15 -= load_littleendian(c + 12); + x6 -= load_littleendian(in + 0); + x7 -= load_littleendian(in + 4); + x8 -= load_littleendian(in + 8); + x9 -= load_littleendian(in + 12); + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x5); + store_littleendian(out + 8,x10); + store_littleendian(out + 12,x15); + store_littleendian(out + 16,x6); + store_littleendian(out + 20,x7); + store_littleendian(out + 24,x8); + store_littleendian(out + 28,x9); + + return 0; +} diff --git a/src/libnacl/crypto_core/hsalsa20/ref/implementors b/src/libnacl/crypto_core/hsalsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/hsalsa20/ref2/api.h b/src/libnacl/crypto_core/hsalsa20/ref2/api.h new file mode 100644 index 00000000..73bd8541 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref2/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 32 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/hsalsa20/ref2/core.c b/src/libnacl/crypto_core/hsalsa20/ref2/core.c new file mode 100644 index 00000000..9a9a8c7c --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref2/core.c @@ -0,0 +1,108 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + int i; + + x0 = load_littleendian(c + 0); + x1 = load_littleendian(k + 0); + x2 = load_littleendian(k + 4); + x3 = load_littleendian(k + 8); + x4 = load_littleendian(k + 12); + x5 = load_littleendian(c + 4); + x6 = load_littleendian(in + 0); + x7 = load_littleendian(in + 4); + x8 = load_littleendian(in + 8); + x9 = load_littleendian(in + 12); + x10 = load_littleendian(c + 8); + x11 = load_littleendian(k + 16); + x12 = load_littleendian(k + 20); + x13 = load_littleendian(k + 24); + x14 = load_littleendian(k + 28); + x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x5); + store_littleendian(out + 8,x10); + store_littleendian(out + 12,x15); + store_littleendian(out + 16,x6); + store_littleendian(out + 20,x7); + store_littleendian(out + 24,x8); + store_littleendian(out + 28,x9); + + return 0; +} diff --git a/src/libnacl/crypto_core/hsalsa20/ref2/implementors b/src/libnacl/crypto_core/hsalsa20/ref2/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref2/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/hsalsa20/used b/src/libnacl/crypto_core/hsalsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/measure.c b/src/libnacl/crypto_core/measure.c new file mode 100644 index 00000000..dd7bac81 --- /dev/null +++ b/src/libnacl/crypto_core/measure.c @@ -0,0 +1,18 @@ +#include "crypto_core.h" + +const char *primitiveimplementation = crypto_core_IMPLEMENTATION; +const char *implementationversion = crypto_core_VERSION; +const char *sizenames[] = { "outputbytes", "inputbytes", "keybytes", "constbytes", 0 }; +const long long sizes[] = { crypto_core_OUTPUTBYTES, crypto_core_INPUTBYTES, crypto_core_KEYBYTES, crypto_core_CONSTBYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/src/libnacl/crypto_core/salsa20/checksum b/src/libnacl/crypto_core/salsa20/checksum new file mode 100644 index 00000000..fcf56186 --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/checksum @@ -0,0 +1 @@ +9d1ee8d84b974e648507ffd93829376c5b4420751710e44f6593abd8769378011d85ecda51ceb8f43661d3c65ef5b57c4f5bf8df76c8202784c8df8def61e6a6 diff --git a/src/libnacl/crypto_core/salsa20/ref/api.h b/src/libnacl/crypto_core/salsa20/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/salsa20/ref/core.c b/src/libnacl/crypto_core/salsa20/ref/core.c new file mode 100644 index 00000000..910a0056 --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/src/libnacl/crypto_core/salsa20/ref/implementors b/src/libnacl/crypto_core/salsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/salsa20/used b/src/libnacl/crypto_core/salsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/salsa2012/checksum b/src/libnacl/crypto_core/salsa2012/checksum new file mode 100644 index 00000000..2f99a8d6 --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/checksum @@ -0,0 +1 @@ +f36d643f798efc0fca888d3ac4bdcc54c98a968c2da16bd5b8bfe9fe9025a6ca3a207e9362dc7cf17ddfc7477ee754d3f521b1df91640093754f7275b1a54293 diff --git a/src/libnacl/crypto_core/salsa2012/ref/api.h b/src/libnacl/crypto_core/salsa2012/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/salsa2012/ref/core.c b/src/libnacl/crypto_core/salsa2012/ref/core.c new file mode 100644 index 00000000..d4b59e48 --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 12 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/src/libnacl/crypto_core/salsa2012/ref/implementors b/src/libnacl/crypto_core/salsa2012/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/salsa2012/used b/src/libnacl/crypto_core/salsa2012/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/salsa208/checksum b/src/libnacl/crypto_core/salsa208/checksum new file mode 100644 index 00000000..a16cb52f --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/checksum @@ -0,0 +1 @@ +1e13ea9e74cb36989f7cbf4abc80b29154e1a8b150bd5244951318abea002a93ae9fe2abbcf7217526ac2a85b66c256ba9374b1257eda0c01816da328edfa11a diff --git a/src/libnacl/crypto_core/salsa208/ref/api.h b/src/libnacl/crypto_core/salsa208/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/salsa208/ref/core.c b/src/libnacl/crypto_core/salsa208/ref/core.c new file mode 100644 index 00000000..921e7a86 --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 8 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/src/libnacl/crypto_core/salsa208/ref/implementors b/src/libnacl/crypto_core/salsa208/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/salsa208/used b/src/libnacl/crypto_core/salsa208/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/try.c b/src/libnacl/crypto_core/try.c new file mode 100644 index 00000000..6f5534e7 --- /dev/null +++ b/src/libnacl/crypto_core/try.c @@ -0,0 +1,117 @@ +/* + * crypto_core/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_core.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_core_IMPLEMENTATION; + +static unsigned char *h; +static unsigned char *n; +static unsigned char *k; +static unsigned char *c; +static unsigned char *h2; +static unsigned char *n2; +static unsigned char *k2; +static unsigned char *c2; + +#define hlen crypto_core_OUTPUTBYTES +#define nlen crypto_core_INPUTBYTES +#define klen crypto_core_KEYBYTES +#define clen crypto_core_CONSTBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(hlen); + n = alignedcalloc(nlen); + k = alignedcalloc(klen); + c = alignedcalloc(clen); + h2 = alignedcalloc(hlen); + n2 = alignedcalloc(nlen + crypto_core_OUTPUTBYTES); + k2 = alignedcalloc(klen + crypto_core_OUTPUTBYTES); + c2 = alignedcalloc(clen + crypto_core_OUTPUTBYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_core(h,n,k,c); +} + +static unsigned char newbyte(void) +{ + unsigned long long x; + long long j; + x = 8675309; + for (j = 0;j < hlen;++j) { x += h[j]; x *= x; x += (x >> 31); } + for (j = 0;j < nlen;++j) { x += n[j]; x *= x; x += (x >> 31); } + for (j = 0;j < klen;++j) { x += k[j]; x *= x; x += (x >> 31); } + for (j = 0;j < clen;++j) { x += c[j]; x *= x; x += (x >> 31); } + for (j = 0;j < 100;++j) { x += j ; x *= x; x += (x >> 31); } + return x; +} + +char checksum[hlen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < 100;++i) { + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) n[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < 0;++j) k[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_core writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_core writes after output"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_core writes to k"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_core writes to n"; + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_core writes to c"; + + if (crypto_core(n2,n2,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != n2[j]) return "crypto_core does not handle n overlap"; + for (j = 0;j < hlen;++j) n2[j] = n[j]; + if (crypto_core(k2,n2,k2,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != k2[j]) return "crypto_core does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + if (crypto_core(c2,n2,k2,c2) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != c2[j]) return "crypto_core does not handle c overlap"; + for (j = 0;j < hlen;++j) c2[j] = c[j]; + + for (j = 0;j < nlen;++j) n[j] = newbyte(); + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < klen;++j) k[j] = newbyte(); + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < clen;++j) c[j] = newbyte(); + } + + for (i = 0;i < hlen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_core/wrapper-empty.cpp b/src/libnacl/crypto_core/wrapper-empty.cpp new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/measure.c b/src/libnacl/crypto_hash/measure.c new file mode 100644 index 00000000..cec0404d --- /dev/null +++ b/src/libnacl/crypto_hash/measure.c @@ -0,0 +1,66 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_hash.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; +const char *implementationversion = crypto_hash_VERSION; +const char *sizenames[] = { "outputbytes", 0 }; +const long long sizes[] = { crypto_hash_BYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *h; +static unsigned char *m; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hash_BYTES); + m = alignedcalloc(MAXTEST_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +static void printcycles(long long mlen) +{ + int i; + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); +} + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(m,mlen); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_hash(h,m,mlen); + } + printcycles(mlen); + } + } +} diff --git a/src/libnacl/crypto_hash/sha256/checksum b/src/libnacl/crypto_hash/sha256/checksum new file mode 100644 index 00000000..ee52aa30 --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/checksum @@ -0,0 +1 @@ +86df8bd202b2a2b5fdc04a7f50a591e43a345849c12fef08d487109648a08e05 diff --git a/src/libnacl/crypto_hash/sha256/ref/api.h b/src/libnacl/crypto_hash/sha256/ref/api.h new file mode 100644 index 00000000..ae8c7f6a --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 32 diff --git a/src/libnacl/crypto_hash/sha256/ref/hash.c b/src/libnacl/crypto_hash/sha256/ref/hash.c new file mode 100644 index 00000000..21ce68a0 --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/ref/hash.c @@ -0,0 +1,69 @@ +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_hashblocks_sha256.h" +#include "crypto_hash.h" + +#define blocks crypto_hashblocks_sha256 + +typedef unsigned int uint32; + +static const char iv[32] = { + 0x6a,0x09,0xe6,0x67, + 0xbb,0x67,0xae,0x85, + 0x3c,0x6e,0xf3,0x72, + 0xa5,0x4f,0xf5,0x3a, + 0x51,0x0e,0x52,0x7f, + 0x9b,0x05,0x68,0x8c, + 0x1f,0x83,0xd9,0xab, + 0x5b,0xe0,0xcd,0x19, +} ; + +int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[32]; + unsigned char padded[128]; + int i; + unsigned long long bits = inlen << 3; + + for (i = 0;i < 32;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 63; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 56) { + for (i = inlen + 1;i < 56;++i) padded[i] = 0; + padded[56] = bits >> 56; + padded[57] = bits >> 48; + padded[58] = bits >> 40; + padded[59] = bits >> 32; + padded[60] = bits >> 24; + padded[61] = bits >> 16; + padded[62] = bits >> 8; + padded[63] = bits; + blocks(h,padded,64); + } else { + for (i = inlen + 1;i < 120;++i) padded[i] = 0; + padded[120] = bits >> 56; + padded[121] = bits >> 48; + padded[122] = bits >> 40; + padded[123] = bits >> 32; + padded[124] = bits >> 24; + padded[125] = bits >> 16; + padded[126] = bits >> 8; + padded[127] = bits; + blocks(h,padded,128); + } + + for (i = 0;i < 32;++i) out[i] = h[i]; + + return 0; +} diff --git a/src/libnacl/crypto_hash/sha256/ref/implementors b/src/libnacl/crypto_hash/sha256/ref/implementors new file mode 100644 index 00000000..962e7d8e --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein (wrapper around crypto_hashblocks/sha256) diff --git a/src/libnacl/crypto_hash/sha256/used b/src/libnacl/crypto_hash/sha256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/sha512/checksum b/src/libnacl/crypto_hash/sha512/checksum new file mode 100644 index 00000000..edf714e9 --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/checksum @@ -0,0 +1 @@ +9a2a989e136a02c3362c98e6e1e0b52fab980a1dafbebe4dd5e44d15d061742e35fb686befd4e33c608d251c96e26c020f90d92bb7ec8a657f79bb8e0b00a473 diff --git a/src/libnacl/crypto_hash/sha512/ref/api.h b/src/libnacl/crypto_hash/sha512/ref/api.h new file mode 100644 index 00000000..de9380d7 --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 64 diff --git a/src/libnacl/crypto_hash/sha512/ref/hash.c b/src/libnacl/crypto_hash/sha512/ref/hash.c new file mode 100644 index 00000000..fc4347bb --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/ref/hash.c @@ -0,0 +1,71 @@ +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_hashblocks_sha512.h" +#include "crypto_hash.h" + +#define blocks crypto_hashblocks_sha512 + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +typedef unsigned long long uint64; + +int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[64]; + unsigned char padded[256]; + int i; + unsigned long long bytes = inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 64;++i) out[i] = h[i]; + + return 0; +} diff --git a/src/libnacl/crypto_hash/sha512/ref/implementors b/src/libnacl/crypto_hash/sha512/ref/implementors new file mode 100644 index 00000000..40afca09 --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein (wrapper around crypto_hashblocks/sha512) diff --git a/src/libnacl/crypto_hash/sha512/selected b/src/libnacl/crypto_hash/sha512/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/sha512/used b/src/libnacl/crypto_hash/sha512/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/try.c b/src/libnacl/crypto_hash/try.c new file mode 100644 index 00000000..c98beacc --- /dev/null +++ b/src/libnacl/crypto_hash/try.c @@ -0,0 +1,78 @@ +/* + * crypto_hash/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; + +#define MAXTEST_BYTES (10000 + crypto_hash_BYTES) +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *h2; +static unsigned char *m; +static unsigned char *m2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hash_BYTES); + h2 = alignedcalloc(crypto_hash_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_hash(h,m,TUNE_BYTES); +} + +char checksum[crypto_hash_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long hlen = crypto_hash_BYTES; + long long mlen = i; + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + if (crypto_hash(h,m,mlen) != 0) return "crypto_hash returns nonzero"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hash writes to input"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hash writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hash writes after output"; + if (crypto_hash(m2,m2,mlen) != 0) return "crypto_hash returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_hash does not handle overlap"; + for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen]; + m[mlen] = h[0]; + } + if (crypto_hash(h,m,CHECKSUM_BYTES) != 0) return "crypto_hash returns nonzero"; + + for (i = 0;i < crypto_hash_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_hash/wrapper-hash.cpp b/src/libnacl/crypto_hash/wrapper-hash.cpp new file mode 100644 index 00000000..4c0fb590 --- /dev/null +++ b/src/libnacl/crypto_hash/wrapper-hash.cpp @@ -0,0 +1,10 @@ +#include +using std::string; +#include "crypto_hash.h" + +string crypto_hash(const string &m) +{ + unsigned char h[crypto_hash_BYTES]; + crypto_hash(h,(const unsigned char *) m.c_str(),m.size()); + return string((char *) h,sizeof h); +} diff --git a/src/libnacl/crypto_hashblocks/measure.c b/src/libnacl/crypto_hashblocks/measure.c new file mode 100644 index 00000000..145fbbc4 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/measure.c @@ -0,0 +1,18 @@ +#include "crypto_hashblocks.h" + +const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION; +const char *implementationversion = crypto_hashblocks_VERSION; +const char *sizenames[] = { "statebytes", 0 }; +const long long sizes[] = { crypto_hashblocks_STATEBYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/src/libnacl/crypto_hashblocks/sha256/checksum b/src/libnacl/crypto_hashblocks/sha256/checksum new file mode 100644 index 00000000..edde1d4f --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/checksum @@ -0,0 +1 @@ +69a9dc2464f9593161e462d3dbb634b84f1d68d67d26df29aaa805f9dcd8f656 diff --git a/src/libnacl/crypto_hashblocks/sha256/inplace/api.h b/src/libnacl/crypto_hashblocks/sha256/inplace/api.h new file mode 100644 index 00000000..005a4f47 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/inplace/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 32 +#define CRYPTO_BLOCKBYTES 64 diff --git a/src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c b/src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c new file mode 100644 index 00000000..3364dc03 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c @@ -0,0 +1,228 @@ +#include "crypto_hashblocks.h" + +typedef unsigned int uint32; + +static uint32 load_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +static void store_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define M(w0,w14,w9,w1) w0 += sigma1(w14) + w9 + sigma0(w1); + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \ + r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \ + r3 += r7; \ + r7 += Sigma0(r0) + Maj(r0,r1,r2); + +#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15]) + +static const uint32 round[64] = { + 0x428a2f98 +, 0x71374491 +, 0xb5c0fbcf +, 0xe9b5dba5 +, 0x3956c25b +, 0x59f111f1 +, 0x923f82a4 +, 0xab1c5ed5 +, 0xd807aa98 +, 0x12835b01 +, 0x243185be +, 0x550c7dc3 +, 0x72be5d74 +, 0x80deb1fe +, 0x9bdc06a7 +, 0xc19bf174 +, 0xe49b69c1 +, 0xefbe4786 +, 0x0fc19dc6 +, 0x240ca1cc +, 0x2de92c6f +, 0x4a7484aa +, 0x5cb0a9dc +, 0x76f988da +, 0x983e5152 +, 0xa831c66d +, 0xb00327c8 +, 0xbf597fc7 +, 0xc6e00bf3 +, 0xd5a79147 +, 0x06ca6351 +, 0x14292967 +, 0x27b70a85 +, 0x2e1b2138 +, 0x4d2c6dfc +, 0x53380d13 +, 0x650a7354 +, 0x766a0abb +, 0x81c2c92e +, 0x92722c85 +, 0xa2bfe8a1 +, 0xa81a664b +, 0xc24b8b70 +, 0xc76c51a3 +, 0xd192e819 +, 0xd6990624 +, 0xf40e3585 +, 0x106aa070 +, 0x19a4c116 +, 0x1e376c08 +, 0x2748774c +, 0x34b0bcb5 +, 0x391c0cb3 +, 0x4ed8aa4a +, 0x5b9cca4f +, 0x682e6ff3 +, 0x748f82ee +, 0x78a5636f +, 0x84c87814 +, 0x8cc70208 +, 0x90befffa +, 0xa4506ceb +, 0xbef9a3f7 +, 0xc67178f2 +} ; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint32 state[8]; + uint32 r0; + uint32 r1; + uint32 r2; + uint32 r3; + uint32 r4; + uint32 r5; + uint32 r6; + uint32 r7; + + r0 = load_bigendian(statebytes + 0); state[0] = r0; + r1 = load_bigendian(statebytes + 4); state[1] = r1; + r2 = load_bigendian(statebytes + 8); state[2] = r2; + r3 = load_bigendian(statebytes + 12); state[3] = r3; + r4 = load_bigendian(statebytes + 16); state[4] = r4; + r5 = load_bigendian(statebytes + 20); state[5] = r5; + r6 = load_bigendian(statebytes + 24); state[6] = r6; + r7 = load_bigendian(statebytes + 28); state[7] = r7; + + while (inlen >= 64) { + uint32 w0 = load_bigendian(in + 0); + uint32 w1 = load_bigendian(in + 4); + uint32 w2 = load_bigendian(in + 8); + uint32 w3 = load_bigendian(in + 12); + uint32 w4 = load_bigendian(in + 16); + uint32 w5 = load_bigendian(in + 20); + uint32 w6 = load_bigendian(in + 24); + uint32 w7 = load_bigendian(in + 28); + uint32 w8 = load_bigendian(in + 32); + uint32 w9 = load_bigendian(in + 36); + uint32 w10 = load_bigendian(in + 40); + uint32 w11 = load_bigendian(in + 44); + uint32 w12 = load_bigendian(in + 48); + uint32 w13 = load_bigendian(in + 52); + uint32 w14 = load_bigendian(in + 56); + uint32 w15 = load_bigendian(in + 60); + + G(r0,r1,r2,r3,r4,r5,r6,r7,0) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,16) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,32) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,48) + + r0 += state[0]; + r1 += state[1]; + r2 += state[2]; + r3 += state[3]; + r4 += state[4]; + r5 += state[5]; + r6 += state[6]; + r7 += state[7]; + + state[0] = r0; + state[1] = r1; + state[2] = r2; + state[3] = r3; + state[4] = r4; + state[5] = r5; + state[6] = r6; + state[7] = r7; + + in += 64; + inlen -= 64; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 4,state[1]); + store_bigendian(statebytes + 8,state[2]); + store_bigendian(statebytes + 12,state[3]); + store_bigendian(statebytes + 16,state[4]); + store_bigendian(statebytes + 20,state[5]); + store_bigendian(statebytes + 24,state[6]); + store_bigendian(statebytes + 28,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha256/inplace/implementors b/src/libnacl/crypto_hashblocks/sha256/inplace/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/inplace/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha256/ref/api.h b/src/libnacl/crypto_hashblocks/sha256/ref/api.h new file mode 100644 index 00000000..005a4f47 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 32 +#define CRYPTO_BLOCKBYTES 64 diff --git a/src/libnacl/crypto_hashblocks/sha256/ref/blocks.c b/src/libnacl/crypto_hashblocks/sha256/ref/blocks.c new file mode 100644 index 00000000..95670754 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/ref/blocks.c @@ -0,0 +1,212 @@ +#include "crypto_hashblocks.h" + +typedef unsigned int uint32; + +static uint32 load_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +static void store_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint32 state[8]; + uint32 a; + uint32 b; + uint32 c; + uint32 d; + uint32 e; + uint32 f; + uint32 g; + uint32 h; + uint32 T1; + uint32 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 4); state[1] = b; + c = load_bigendian(statebytes + 8); state[2] = c; + d = load_bigendian(statebytes + 12); state[3] = d; + e = load_bigendian(statebytes + 16); state[4] = e; + f = load_bigendian(statebytes + 20); state[5] = f; + g = load_bigendian(statebytes + 24); state[6] = g; + h = load_bigendian(statebytes + 28); state[7] = h; + + while (inlen >= 64) { + uint32 w0 = load_bigendian(in + 0); + uint32 w1 = load_bigendian(in + 4); + uint32 w2 = load_bigendian(in + 8); + uint32 w3 = load_bigendian(in + 12); + uint32 w4 = load_bigendian(in + 16); + uint32 w5 = load_bigendian(in + 20); + uint32 w6 = load_bigendian(in + 24); + uint32 w7 = load_bigendian(in + 28); + uint32 w8 = load_bigendian(in + 32); + uint32 w9 = load_bigendian(in + 36); + uint32 w10 = load_bigendian(in + 40); + uint32 w11 = load_bigendian(in + 44); + uint32 w12 = load_bigendian(in + 48); + uint32 w13 = load_bigendian(in + 52); + uint32 w14 = load_bigendian(in + 56); + uint32 w15 = load_bigendian(in + 60); + + F(w0 ,0x428a2f98) + F(w1 ,0x71374491) + F(w2 ,0xb5c0fbcf) + F(w3 ,0xe9b5dba5) + F(w4 ,0x3956c25b) + F(w5 ,0x59f111f1) + F(w6 ,0x923f82a4) + F(w7 ,0xab1c5ed5) + F(w8 ,0xd807aa98) + F(w9 ,0x12835b01) + F(w10,0x243185be) + F(w11,0x550c7dc3) + F(w12,0x72be5d74) + F(w13,0x80deb1fe) + F(w14,0x9bdc06a7) + F(w15,0xc19bf174) + + EXPAND + + F(w0 ,0xe49b69c1) + F(w1 ,0xefbe4786) + F(w2 ,0x0fc19dc6) + F(w3 ,0x240ca1cc) + F(w4 ,0x2de92c6f) + F(w5 ,0x4a7484aa) + F(w6 ,0x5cb0a9dc) + F(w7 ,0x76f988da) + F(w8 ,0x983e5152) + F(w9 ,0xa831c66d) + F(w10,0xb00327c8) + F(w11,0xbf597fc7) + F(w12,0xc6e00bf3) + F(w13,0xd5a79147) + F(w14,0x06ca6351) + F(w15,0x14292967) + + EXPAND + + F(w0 ,0x27b70a85) + F(w1 ,0x2e1b2138) + F(w2 ,0x4d2c6dfc) + F(w3 ,0x53380d13) + F(w4 ,0x650a7354) + F(w5 ,0x766a0abb) + F(w6 ,0x81c2c92e) + F(w7 ,0x92722c85) + F(w8 ,0xa2bfe8a1) + F(w9 ,0xa81a664b) + F(w10,0xc24b8b70) + F(w11,0xc76c51a3) + F(w12,0xd192e819) + F(w13,0xd6990624) + F(w14,0xf40e3585) + F(w15,0x106aa070) + + EXPAND + + F(w0 ,0x19a4c116) + F(w1 ,0x1e376c08) + F(w2 ,0x2748774c) + F(w3 ,0x34b0bcb5) + F(w4 ,0x391c0cb3) + F(w5 ,0x4ed8aa4a) + F(w6 ,0x5b9cca4f) + F(w7 ,0x682e6ff3) + F(w8 ,0x748f82ee) + F(w9 ,0x78a5636f) + F(w10,0x84c87814) + F(w11,0x8cc70208) + F(w12,0x90befffa) + F(w13,0xa4506ceb) + F(w14,0xbef9a3f7) + F(w15,0xc67178f2) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 64; + inlen -= 64; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 4,state[1]); + store_bigendian(statebytes + 8,state[2]); + store_bigendian(statebytes + 12,state[3]); + store_bigendian(statebytes + 16,state[4]); + store_bigendian(statebytes + 20,state[5]); + store_bigendian(statebytes + 24,state[6]); + store_bigendian(statebytes + 28,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha256/ref/implementors b/src/libnacl/crypto_hashblocks/sha256/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha256/used b/src/libnacl/crypto_hashblocks/sha256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hashblocks/sha512/checksum b/src/libnacl/crypto_hashblocks/sha512/checksum new file mode 100644 index 00000000..ed5245ec --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/checksum @@ -0,0 +1 @@ +f005c91634ae549f0dd4529ddbaf07038cb75a59b818cd1d4eb4e2b4019ab6733556131f320c4a145c735a22594581d454cccb15c18bf198ffcb2da29fe39456 diff --git a/src/libnacl/crypto_hashblocks/sha512/inplace/api.h b/src/libnacl/crypto_hashblocks/sha512/inplace/api.h new file mode 100644 index 00000000..ac45d103 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/inplace/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 64 +#define CRYPTO_BLOCKBYTES 128 diff --git a/src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c b/src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c new file mode 100644 index 00000000..edb9ab05 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c @@ -0,0 +1,256 @@ +#include "crypto_hashblocks.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \ + r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \ + r3 += r7; \ + r7 += Sigma0(r0) + Maj(r0,r1,r2); + +#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15]) + +static const uint64 round[80] = { + 0x428a2f98d728ae22ULL +, 0x7137449123ef65cdULL +, 0xb5c0fbcfec4d3b2fULL +, 0xe9b5dba58189dbbcULL +, 0x3956c25bf348b538ULL +, 0x59f111f1b605d019ULL +, 0x923f82a4af194f9bULL +, 0xab1c5ed5da6d8118ULL +, 0xd807aa98a3030242ULL +, 0x12835b0145706fbeULL +, 0x243185be4ee4b28cULL +, 0x550c7dc3d5ffb4e2ULL +, 0x72be5d74f27b896fULL +, 0x80deb1fe3b1696b1ULL +, 0x9bdc06a725c71235ULL +, 0xc19bf174cf692694ULL +, 0xe49b69c19ef14ad2ULL +, 0xefbe4786384f25e3ULL +, 0x0fc19dc68b8cd5b5ULL +, 0x240ca1cc77ac9c65ULL +, 0x2de92c6f592b0275ULL +, 0x4a7484aa6ea6e483ULL +, 0x5cb0a9dcbd41fbd4ULL +, 0x76f988da831153b5ULL +, 0x983e5152ee66dfabULL +, 0xa831c66d2db43210ULL +, 0xb00327c898fb213fULL +, 0xbf597fc7beef0ee4ULL +, 0xc6e00bf33da88fc2ULL +, 0xd5a79147930aa725ULL +, 0x06ca6351e003826fULL +, 0x142929670a0e6e70ULL +, 0x27b70a8546d22ffcULL +, 0x2e1b21385c26c926ULL +, 0x4d2c6dfc5ac42aedULL +, 0x53380d139d95b3dfULL +, 0x650a73548baf63deULL +, 0x766a0abb3c77b2a8ULL +, 0x81c2c92e47edaee6ULL +, 0x92722c851482353bULL +, 0xa2bfe8a14cf10364ULL +, 0xa81a664bbc423001ULL +, 0xc24b8b70d0f89791ULL +, 0xc76c51a30654be30ULL +, 0xd192e819d6ef5218ULL +, 0xd69906245565a910ULL +, 0xf40e35855771202aULL +, 0x106aa07032bbd1b8ULL +, 0x19a4c116b8d2d0c8ULL +, 0x1e376c085141ab53ULL +, 0x2748774cdf8eeb99ULL +, 0x34b0bcb5e19b48a8ULL +, 0x391c0cb3c5c95a63ULL +, 0x4ed8aa4ae3418acbULL +, 0x5b9cca4f7763e373ULL +, 0x682e6ff3d6b2b8a3ULL +, 0x748f82ee5defb2fcULL +, 0x78a5636f43172f60ULL +, 0x84c87814a1f0ab72ULL +, 0x8cc702081a6439ecULL +, 0x90befffa23631e28ULL +, 0xa4506cebde82bde9ULL +, 0xbef9a3f7b2c67915ULL +, 0xc67178f2e372532bULL +, 0xca273eceea26619cULL +, 0xd186b8c721c0c207ULL +, 0xeada7dd6cde0eb1eULL +, 0xf57d4f7fee6ed178ULL +, 0x06f067aa72176fbaULL +, 0x0a637dc5a2c898a6ULL +, 0x113f9804bef90daeULL +, 0x1b710b35131c471bULL +, 0x28db77f523047d84ULL +, 0x32caab7b40c72493ULL +, 0x3c9ebe0a15c9bebcULL +, 0x431d67c49c100d4cULL +, 0x4cc5d4becb3e42b6ULL +, 0x597f299cfc657e2aULL +, 0x5fcb6fab3ad6faecULL +, 0x6c44198c4a475817ULL +}; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 r0; + uint64 r1; + uint64 r2; + uint64 r3; + uint64 r4; + uint64 r5; + uint64 r6; + uint64 r7; + + r0 = load_bigendian(statebytes + 0); state[0] = r0; + r1 = load_bigendian(statebytes + 8); state[1] = r1; + r2 = load_bigendian(statebytes + 16); state[2] = r2; + r3 = load_bigendian(statebytes + 24); state[3] = r3; + r4 = load_bigendian(statebytes + 32); state[4] = r4; + r5 = load_bigendian(statebytes + 40); state[5] = r5; + r6 = load_bigendian(statebytes + 48); state[6] = r6; + r7 = load_bigendian(statebytes + 56); state[7] = r7; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + G(r0,r1,r2,r3,r4,r5,r6,r7,0) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,16) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,32) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,48) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,64) + + r0 += state[0]; + r1 += state[1]; + r2 += state[2]; + r3 += state[3]; + r4 += state[4]; + r5 += state[5]; + r6 += state[6]; + r7 += state[7]; + + state[0] = r0; + state[1] = r1; + state[2] = r2; + state[3] = r3; + state[4] = r4; + state[5] = r5; + state[6] = r6; + state[7] = r7; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha512/inplace/implementors b/src/libnacl/crypto_hashblocks/sha512/inplace/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/inplace/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha512/ref/api.h b/src/libnacl/crypto_hashblocks/sha512/ref/api.h new file mode 100644 index 00000000..ac45d103 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 64 +#define CRYPTO_BLOCKBYTES 128 diff --git a/src/libnacl/crypto_hashblocks/sha512/ref/blocks.c b/src/libnacl/crypto_hashblocks/sha512/ref/blocks.c new file mode 100644 index 00000000..a340afe5 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/ref/blocks.c @@ -0,0 +1,239 @@ +#include "crypto_hashblocks.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 a; + uint64 b; + uint64 c; + uint64 d; + uint64 e; + uint64 f; + uint64 g; + uint64 h; + uint64 T1; + uint64 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 8); state[1] = b; + c = load_bigendian(statebytes + 16); state[2] = c; + d = load_bigendian(statebytes + 24); state[3] = d; + e = load_bigendian(statebytes + 32); state[4] = e; + f = load_bigendian(statebytes + 40); state[5] = f; + g = load_bigendian(statebytes + 48); state[6] = g; + h = load_bigendian(statebytes + 56); state[7] = h; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + F(w0 ,0x428a2f98d728ae22ULL) + F(w1 ,0x7137449123ef65cdULL) + F(w2 ,0xb5c0fbcfec4d3b2fULL) + F(w3 ,0xe9b5dba58189dbbcULL) + F(w4 ,0x3956c25bf348b538ULL) + F(w5 ,0x59f111f1b605d019ULL) + F(w6 ,0x923f82a4af194f9bULL) + F(w7 ,0xab1c5ed5da6d8118ULL) + F(w8 ,0xd807aa98a3030242ULL) + F(w9 ,0x12835b0145706fbeULL) + F(w10,0x243185be4ee4b28cULL) + F(w11,0x550c7dc3d5ffb4e2ULL) + F(w12,0x72be5d74f27b896fULL) + F(w13,0x80deb1fe3b1696b1ULL) + F(w14,0x9bdc06a725c71235ULL) + F(w15,0xc19bf174cf692694ULL) + + EXPAND + + F(w0 ,0xe49b69c19ef14ad2ULL) + F(w1 ,0xefbe4786384f25e3ULL) + F(w2 ,0x0fc19dc68b8cd5b5ULL) + F(w3 ,0x240ca1cc77ac9c65ULL) + F(w4 ,0x2de92c6f592b0275ULL) + F(w5 ,0x4a7484aa6ea6e483ULL) + F(w6 ,0x5cb0a9dcbd41fbd4ULL) + F(w7 ,0x76f988da831153b5ULL) + F(w8 ,0x983e5152ee66dfabULL) + F(w9 ,0xa831c66d2db43210ULL) + F(w10,0xb00327c898fb213fULL) + F(w11,0xbf597fc7beef0ee4ULL) + F(w12,0xc6e00bf33da88fc2ULL) + F(w13,0xd5a79147930aa725ULL) + F(w14,0x06ca6351e003826fULL) + F(w15,0x142929670a0e6e70ULL) + + EXPAND + + F(w0 ,0x27b70a8546d22ffcULL) + F(w1 ,0x2e1b21385c26c926ULL) + F(w2 ,0x4d2c6dfc5ac42aedULL) + F(w3 ,0x53380d139d95b3dfULL) + F(w4 ,0x650a73548baf63deULL) + F(w5 ,0x766a0abb3c77b2a8ULL) + F(w6 ,0x81c2c92e47edaee6ULL) + F(w7 ,0x92722c851482353bULL) + F(w8 ,0xa2bfe8a14cf10364ULL) + F(w9 ,0xa81a664bbc423001ULL) + F(w10,0xc24b8b70d0f89791ULL) + F(w11,0xc76c51a30654be30ULL) + F(w12,0xd192e819d6ef5218ULL) + F(w13,0xd69906245565a910ULL) + F(w14,0xf40e35855771202aULL) + F(w15,0x106aa07032bbd1b8ULL) + + EXPAND + + F(w0 ,0x19a4c116b8d2d0c8ULL) + F(w1 ,0x1e376c085141ab53ULL) + F(w2 ,0x2748774cdf8eeb99ULL) + F(w3 ,0x34b0bcb5e19b48a8ULL) + F(w4 ,0x391c0cb3c5c95a63ULL) + F(w5 ,0x4ed8aa4ae3418acbULL) + F(w6 ,0x5b9cca4f7763e373ULL) + F(w7 ,0x682e6ff3d6b2b8a3ULL) + F(w8 ,0x748f82ee5defb2fcULL) + F(w9 ,0x78a5636f43172f60ULL) + F(w10,0x84c87814a1f0ab72ULL) + F(w11,0x8cc702081a6439ecULL) + F(w12,0x90befffa23631e28ULL) + F(w13,0xa4506cebde82bde9ULL) + F(w14,0xbef9a3f7b2c67915ULL) + F(w15,0xc67178f2e372532bULL) + + EXPAND + + F(w0 ,0xca273eceea26619cULL) + F(w1 ,0xd186b8c721c0c207ULL) + F(w2 ,0xeada7dd6cde0eb1eULL) + F(w3 ,0xf57d4f7fee6ed178ULL) + F(w4 ,0x06f067aa72176fbaULL) + F(w5 ,0x0a637dc5a2c898a6ULL) + F(w6 ,0x113f9804bef90daeULL) + F(w7 ,0x1b710b35131c471bULL) + F(w8 ,0x28db77f523047d84ULL) + F(w9 ,0x32caab7b40c72493ULL) + F(w10,0x3c9ebe0a15c9bebcULL) + F(w11,0x431d67c49c100d4cULL) + F(w12,0x4cc5d4becb3e42b6ULL) + F(w13,0x597f299cfc657e2aULL) + F(w14,0x5fcb6fab3ad6faecULL) + F(w15,0x6c44198c4a475817ULL) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha512/ref/implementors b/src/libnacl/crypto_hashblocks/sha512/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha512/selected b/src/libnacl/crypto_hashblocks/sha512/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hashblocks/sha512/used b/src/libnacl/crypto_hashblocks/sha512/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hashblocks/try.c b/src/libnacl/crypto_hashblocks/try.c new file mode 100644 index 00000000..50744451 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/try.c @@ -0,0 +1,80 @@ +/* + * crypto_hashblocks/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hashblocks.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION; + +#define MAXTEST_BYTES (10000 + crypto_hashblocks_STATEBYTES) +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *h2; +static unsigned char *m; +static unsigned char *m2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hashblocks_STATEBYTES); + h2 = alignedcalloc(crypto_hashblocks_STATEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_hashblocks(h,m,TUNE_BYTES); +} + +char checksum[crypto_hashblocks_STATEBYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long hlen = crypto_hashblocks_STATEBYTES; + long long mlen = i; + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + if (crypto_hashblocks(h,m,mlen) != 0) return "crypto_hashblocks returns nonzero"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hashblocks writes to input"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes after output"; + for (j = 0;j < hlen;++j) m2[j] = h2[j]; + if (crypto_hashblocks(h2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero"; + if (crypto_hashblocks(m2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h2[j]) return "crypto_hashblocks does not handle overlap"; + for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen]; + m[mlen] = h[0]; + } + if (crypto_hashblocks(h,m,CHECKSUM_BYTES) != 0) return "crypto_hashblocks returns nonzero"; + + for (i = 0;i < crypto_hashblocks_STATEBYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/wrapper-empty.cpp b/src/libnacl/crypto_hashblocks/wrapper-empty.cpp new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_onetimeauth/measure.c b/src/libnacl/crypto_onetimeauth/measure.c new file mode 100644 index 00000000..6d3ddfd5 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/measure.c @@ -0,0 +1,69 @@ +#include "crypto_onetimeauth.h" +#include "randombytes.h" +#include "cpucycles.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION; +const char *implementationversion = crypto_onetimeauth_VERSION; +const char *sizenames[] = { "outputbytes", "keybytes", 0 }; +const long long sizes[] = { crypto_onetimeauth_BYTES, crypto_onetimeauth_KEYBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *m; +static unsigned char *h; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_onetimeauth_KEYBYTES); + m = alignedcalloc(MAXTEST_BYTES); + h = alignedcalloc(crypto_onetimeauth_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_onetimeauth_KEYBYTES); + randombytes(m,mlen); + randombytes(h,crypto_onetimeauth_BYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_onetimeauth(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_onetimeauth_verify(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"verify_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/53/api.h b/src/libnacl/crypto_onetimeauth/poly1305/53/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/53/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/53/auth.c b/src/libnacl/crypto_onetimeauth/poly1305/53/auth.c new file mode 100644 index 00000000..a4a9c3f6 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/53/auth.c @@ -0,0 +1,1616 @@ +/* +20080910 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_onetimeauth.h" + +typedef unsigned char uchar; +typedef int int32; +typedef unsigned int uint32; +typedef long long int64; +typedef unsigned long long uint64; + +static const double poly1305_53_constants[] = { + 0.00000000558793544769287109375 /* alpham80 = 3 2^(-29) */ +, 24.0 /* alpham48 = 3 2^3 */ +, 103079215104.0 /* alpham16 = 3 2^35 */ +, 6755399441055744.0 /* alpha0 = 3 2^51 */ +, 1770887431076116955136.0 /* alpha18 = 3 2^69 */ +, 29014219670751100192948224.0 /* alpha32 = 3 2^83 */ +, 7605903601369376408980219232256.0 /* alpha50 = 3 2^101 */ +, 124615124604835863084731911901282304.0 /* alpha64 = 3 2^115 */ +, 32667107224410092492483962313449748299776.0 /* alpha82 = 3 2^133 */ +, 535217884764734955396857238543560676143529984.0 /* alpha96 = 3 2^147 */ +, 35076039295941670036888435985190792471742381031424.0 /* alpha112 = 3 2^163 */ +, 9194973245195333150150082162901855101712434733101613056.0 /* alpha130 = 3 2^181 */ +, 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 /* scale = 5 2^(-130) */ +, 6755408030990331.0 /* offset0 = alpha0 + 2^33 - 5 */ +, 29014256564239239022116864.0 /* offset1 = alpha32 + 2^65 - 2^33 */ +, 124615283061160854719918951570079744.0 /* offset2 = alpha64 + 2^97 - 2^65 */ +, 535219245894202480694386063513315216128475136.0 /* offset3 = alpha96 + 2^130 - 2^97 */ +} ; + +int crypto_onetimeauth(unsigned char *out,const unsigned char *m,unsigned long long l,const unsigned char *k) +{ + register const unsigned char *r = k; + register const unsigned char *s = k + 16; + double r0high_stack; + double r1high_stack; + double r1low_stack; + double sr1high_stack; + double r2low_stack; + double sr2high_stack; + double r0low_stack; + double sr1low_stack; + double r2high_stack; + double sr2low_stack; + double r3high_stack; + double sr3high_stack; + double r3low_stack; + double sr3low_stack; + int64 d0; + int64 d1; + int64 d2; + int64 d3; + register double scale; + register double alpha0; + register double alpha32; + register double alpha64; + register double alpha96; + register double alpha130; + register double h0; + register double h1; + register double h2; + register double h3; + register double h4; + register double h5; + register double h6; + register double h7; + register double y7; + register double y6; + register double y1; + register double y0; + register double y5; + register double y4; + register double x7; + register double x6; + register double x1; + register double x0; + register double y3; + register double y2; + register double r3low; + register double r0low; + register double r3high; + register double r0high; + register double sr1low; + register double x5; + register double r3lowx0; + register double sr1high; + register double x4; + register double r0lowx6; + register double r1low; + register double x3; + register double r3highx0; + register double r1high; + register double x2; + register double r0highx6; + register double sr2low; + register double r0lowx0; + register double sr2high; + register double sr1lowx6; + register double r2low; + register double r0highx0; + register double r2high; + register double sr1highx6; + register double sr3low; + register double r1lowx0; + register double sr3high; + register double sr2lowx6; + register double r1highx0; + register double sr2highx6; + register double r2lowx0; + register double sr3lowx6; + register double r2highx0; + register double sr3highx6; + register double r1highx4; + register double r1lowx4; + register double r0highx4; + register double r0lowx4; + register double sr3highx4; + register double sr3lowx4; + register double sr2highx4; + register double sr2lowx4; + register double r0lowx2; + register double r0highx2; + register double r1lowx2; + register double r1highx2; + register double r2lowx2; + register double r2highx2; + register double sr3lowx2; + register double sr3highx2; + register double z0; + register double z1; + register double z2; + register double z3; + register int64 r0; + register int64 r1; + register int64 r2; + register int64 r3; + register uint32 r00; + register uint32 r01; + register uint32 r02; + register uint32 r03; + register uint32 r10; + register uint32 r11; + register uint32 r12; + register uint32 r13; + register uint32 r20; + register uint32 r21; + register uint32 r22; + register uint32 r23; + register uint32 r30; + register uint32 r31; + register uint32 r32; + register uint32 r33; + register int64 m0; + register int64 m1; + register int64 m2; + register int64 m3; + register uint32 m00; + register uint32 m01; + register uint32 m02; + register uint32 m03; + register uint32 m10; + register uint32 m11; + register uint32 m12; + register uint32 m13; + register uint32 m20; + register uint32 m21; + register uint32 m22; + register uint32 m23; + register uint32 m30; + register uint32 m31; + register uint32 m32; + register uint64 m33; + register char *constants; + register int32 lbelow2; + register int32 lbelow3; + register int32 lbelow4; + register int32 lbelow5; + register int32 lbelow6; + register int32 lbelow7; + register int32 lbelow8; + register int32 lbelow9; + register int32 lbelow10; + register int32 lbelow11; + register int32 lbelow12; + register int32 lbelow13; + register int32 lbelow14; + register int32 lbelow15; + register double alpham80; + register double alpham48; + register double alpham16; + register double alpha18; + register double alpha50; + register double alpha82; + register double alpha112; + register double offset0; + register double offset1; + register double offset2; + register double offset3; + register uint32 s00; + register uint32 s01; + register uint32 s02; + register uint32 s03; + register uint32 s10; + register uint32 s11; + register uint32 s12; + register uint32 s13; + register uint32 s20; + register uint32 s21; + register uint32 s22; + register uint32 s23; + register uint32 s30; + register uint32 s31; + register uint32 s32; + register uint32 s33; + register uint64 bits32; + register uint64 f; + register uint64 f0; + register uint64 f1; + register uint64 f2; + register uint64 f3; + register uint64 f4; + register uint64 g; + register uint64 g0; + register uint64 g1; + register uint64 g2; + register uint64 g3; + register uint64 g4; + + r00 = *(uchar *) (r + 0); + constants = (char *) &poly1305_53_constants; + + r01 = *(uchar *) (r + 1); + + r02 = *(uchar *) (r + 2); + r0 = 2151; + + r03 = *(uchar *) (r + 3); r03 &= 15; + r0 <<= 51; + + r10 = *(uchar *) (r + 4); r10 &= 252; + r01 <<= 8; + r0 += r00; + + r11 = *(uchar *) (r + 5); + r02 <<= 16; + r0 += r01; + + r12 = *(uchar *) (r + 6); + r03 <<= 24; + r0 += r02; + + r13 = *(uchar *) (r + 7); r13 &= 15; + r1 = 2215; + r0 += r03; + + d0 = r0; + r1 <<= 51; + r2 = 2279; + + r20 = *(uchar *) (r + 8); r20 &= 252; + r11 <<= 8; + r1 += r10; + + r21 = *(uchar *) (r + 9); + r12 <<= 16; + r1 += r11; + + r22 = *(uchar *) (r + 10); + r13 <<= 24; + r1 += r12; + + r23 = *(uchar *) (r + 11); r23 &= 15; + r2 <<= 51; + r1 += r13; + + d1 = r1; + r21 <<= 8; + r2 += r20; + + r30 = *(uchar *) (r + 12); r30 &= 252; + r22 <<= 16; + r2 += r21; + + r31 = *(uchar *) (r + 13); + r23 <<= 24; + r2 += r22; + + r32 = *(uchar *) (r + 14); + r2 += r23; + r3 = 2343; + + d2 = r2; + r3 <<= 51; + alpha32 = *(double *) (constants + 40); + + r33 = *(uchar *) (r + 15); r33 &= 15; + r31 <<= 8; + r3 += r30; + + r32 <<= 16; + r3 += r31; + + r33 <<= 24; + r3 += r32; + + r3 += r33; + h0 = alpha32 - alpha32; + + d3 = r3; + h1 = alpha32 - alpha32; + + alpha0 = *(double *) (constants + 24); + h2 = alpha32 - alpha32; + + alpha64 = *(double *) (constants + 56); + h3 = alpha32 - alpha32; + + alpha18 = *(double *) (constants + 32); + h4 = alpha32 - alpha32; + + r0low = *(double *) &d0; + h5 = alpha32 - alpha32; + + r1low = *(double *) &d1; + h6 = alpha32 - alpha32; + + r2low = *(double *) &d2; + h7 = alpha32 - alpha32; + + alpha50 = *(double *) (constants + 48); + r0low -= alpha0; + + alpha82 = *(double *) (constants + 64); + r1low -= alpha32; + + scale = *(double *) (constants + 96); + r2low -= alpha64; + + alpha96 = *(double *) (constants + 72); + r0high = r0low + alpha18; + + r3low = *(double *) &d3; + + alpham80 = *(double *) (constants + 0); + r1high = r1low + alpha50; + sr1low = scale * r1low; + + alpham48 = *(double *) (constants + 8); + r2high = r2low + alpha82; + sr2low = scale * r2low; + + r0high -= alpha18; + r0high_stack = r0high; + + r3low -= alpha96; + + r1high -= alpha50; + r1high_stack = r1high; + + sr1high = sr1low + alpham80; + + alpha112 = *(double *) (constants + 80); + r0low -= r0high; + + alpham16 = *(double *) (constants + 16); + r2high -= alpha82; + sr3low = scale * r3low; + + alpha130 = *(double *) (constants + 88); + sr2high = sr2low + alpham48; + + r1low -= r1high; + r1low_stack = r1low; + + sr1high -= alpham80; + sr1high_stack = sr1high; + + r2low -= r2high; + r2low_stack = r2low; + + sr2high -= alpham48; + sr2high_stack = sr2high; + + r3high = r3low + alpha112; + r0low_stack = r0low; + + sr1low -= sr1high; + sr1low_stack = sr1low; + + sr3high = sr3low + alpham16; + r2high_stack = r2high; + + sr2low -= sr2high; + sr2low_stack = sr2low; + + r3high -= alpha112; + r3high_stack = r3high; + + + sr3high -= alpham16; + sr3high_stack = sr3high; + + + r3low -= r3high; + r3low_stack = r3low; + + + sr3low -= sr3high; + sr3low_stack = sr3low; + +if (l < 16) goto addatmost15bytes; + + m00 = *(uchar *) (m + 0); + m0 = 2151; + + m0 <<= 51; + m1 = 2215; + m01 = *(uchar *) (m + 1); + + m1 <<= 51; + m2 = 2279; + m02 = *(uchar *) (m + 2); + + m2 <<= 51; + m3 = 2343; + m03 = *(uchar *) (m + 3); + + m10 = *(uchar *) (m + 4); + m01 <<= 8; + m0 += m00; + + m11 = *(uchar *) (m + 5); + m02 <<= 16; + m0 += m01; + + m12 = *(uchar *) (m + 6); + m03 <<= 24; + m0 += m02; + + m13 = *(uchar *) (m + 7); + m3 <<= 51; + m0 += m03; + + m20 = *(uchar *) (m + 8); + m11 <<= 8; + m1 += m10; + + m21 = *(uchar *) (m + 9); + m12 <<= 16; + m1 += m11; + + m22 = *(uchar *) (m + 10); + m13 <<= 24; + m1 += m12; + + m23 = *(uchar *) (m + 11); + m1 += m13; + + m30 = *(uchar *) (m + 12); + m21 <<= 8; + m2 += m20; + + m31 = *(uchar *) (m + 13); + m22 <<= 16; + m2 += m21; + + m32 = *(uchar *) (m + 14); + m23 <<= 24; + m2 += m22; + + m33 = *(uchar *) (m + 15); + m2 += m23; + + d0 = m0; + m31 <<= 8; + m3 += m30; + + d1 = m1; + m32 <<= 16; + m3 += m31; + + d2 = m2; + m33 += 256; + + m33 <<= 24; + m3 += m32; + + m3 += m33; + d3 = m3; + + m += 16; + l -= 16; + + z0 = *(double *) &d0; + + z1 = *(double *) &d1; + + z2 = *(double *) &d2; + + z3 = *(double *) &d3; + + z0 -= alpha0; + + z1 -= alpha32; + + z2 -= alpha64; + + z3 -= alpha96; + + h0 += z0; + + h1 += z1; + + h3 += z2; + + h5 += z3; + +if (l < 16) goto multiplyaddatmost15bytes; + +multiplyaddatleast16bytes:; + + m2 = 2279; + m20 = *(uchar *) (m + 8); + y7 = h7 + alpha130; + + m2 <<= 51; + m3 = 2343; + m21 = *(uchar *) (m + 9); + y6 = h6 + alpha130; + + m3 <<= 51; + m0 = 2151; + m22 = *(uchar *) (m + 10); + y1 = h1 + alpha32; + + m0 <<= 51; + m1 = 2215; + m23 = *(uchar *) (m + 11); + y0 = h0 + alpha32; + + m1 <<= 51; + m30 = *(uchar *) (m + 12); + y7 -= alpha130; + + m21 <<= 8; + m2 += m20; + m31 = *(uchar *) (m + 13); + y6 -= alpha130; + + m22 <<= 16; + m2 += m21; + m32 = *(uchar *) (m + 14); + y1 -= alpha32; + + m23 <<= 24; + m2 += m22; + m33 = *(uchar *) (m + 15); + y0 -= alpha32; + + m2 += m23; + m00 = *(uchar *) (m + 0); + y5 = h5 + alpha96; + + m31 <<= 8; + m3 += m30; + m01 = *(uchar *) (m + 1); + y4 = h4 + alpha96; + + m32 <<= 16; + m02 = *(uchar *) (m + 2); + x7 = h7 - y7; + y7 *= scale; + + m33 += 256; + m03 = *(uchar *) (m + 3); + x6 = h6 - y6; + y6 *= scale; + + m33 <<= 24; + m3 += m31; + m10 = *(uchar *) (m + 4); + x1 = h1 - y1; + + m01 <<= 8; + m3 += m32; + m11 = *(uchar *) (m + 5); + x0 = h0 - y0; + + m3 += m33; + m0 += m00; + m12 = *(uchar *) (m + 6); + y5 -= alpha96; + + m02 <<= 16; + m0 += m01; + m13 = *(uchar *) (m + 7); + y4 -= alpha96; + + m03 <<= 24; + m0 += m02; + d2 = m2; + x1 += y7; + + m0 += m03; + d3 = m3; + x0 += y6; + + m11 <<= 8; + m1 += m10; + d0 = m0; + x7 += y5; + + m12 <<= 16; + m1 += m11; + x6 += y4; + + m13 <<= 24; + m1 += m12; + y3 = h3 + alpha64; + + m1 += m13; + d1 = m1; + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + z2 = *(double *) &d2; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + z3 = *(double *) &d3; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + z2 -= alpha64; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + z3 -= alpha96; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + alpha0 = *(double *) (constants + 24); + + m += 16; + h6 += r2lowx2; + + l -= 16; + h7 += r2highx2; + + z1 = *(double *) &d1; + h0 += sr3lowx2; + + z0 = *(double *) &d0; + h1 += sr3highx2; + + z1 -= alpha32; + + z0 -= alpha0; + + h5 += z3; + + h3 += z2; + + h1 += z1; + + h0 += z0; + +if (l >= 16) goto multiplyaddatleast16bytes; + +multiplyaddatmost15bytes:; + + y7 = h7 + alpha130; + + y6 = h6 + alpha130; + + y1 = h1 + alpha32; + + y0 = h0 + alpha32; + + y7 -= alpha130; + + y6 -= alpha130; + + y1 -= alpha32; + + y0 -= alpha32; + + y5 = h5 + alpha96; + + y4 = h4 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + x6 = h6 - y6; + y6 *= scale; + + x1 = h1 - y1; + + x0 = h0 - y0; + + y5 -= alpha96; + + y4 -= alpha96; + + x1 += y7; + + x0 += y6; + + x7 += y5; + + x6 += y4; + + y3 = h3 + alpha64; + + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + + h6 += r2lowx2; + + h7 += r2highx2; + + h0 += sr3lowx2; + + h1 += sr3highx2; + +addatmost15bytes:; + +if (l == 0) goto nomorebytes; + + lbelow2 = l - 2; + + lbelow3 = l - 3; + + lbelow2 >>= 31; + lbelow4 = l - 4; + + m00 = *(uchar *) (m + 0); + lbelow3 >>= 31; + m += lbelow2; + + m01 = *(uchar *) (m + 1); + lbelow4 >>= 31; + m += lbelow3; + + m02 = *(uchar *) (m + 2); + m += lbelow4; + m0 = 2151; + + m03 = *(uchar *) (m + 3); + m0 <<= 51; + m1 = 2215; + + m0 += m00; + m01 &= ~lbelow2; + + m02 &= ~lbelow3; + m01 -= lbelow2; + + m01 <<= 8; + m03 &= ~lbelow4; + + m0 += m01; + lbelow2 -= lbelow3; + + m02 += lbelow2; + lbelow3 -= lbelow4; + + m02 <<= 16; + m03 += lbelow3; + + m03 <<= 24; + m0 += m02; + + m0 += m03; + lbelow5 = l - 5; + + lbelow6 = l - 6; + lbelow7 = l - 7; + + lbelow5 >>= 31; + lbelow8 = l - 8; + + lbelow6 >>= 31; + m += lbelow5; + + m10 = *(uchar *) (m + 4); + lbelow7 >>= 31; + m += lbelow6; + + m11 = *(uchar *) (m + 5); + lbelow8 >>= 31; + m += lbelow7; + + m12 = *(uchar *) (m + 6); + m1 <<= 51; + m += lbelow8; + + m13 = *(uchar *) (m + 7); + m10 &= ~lbelow5; + lbelow4 -= lbelow5; + + m10 += lbelow4; + lbelow5 -= lbelow6; + + m11 &= ~lbelow6; + m11 += lbelow5; + + m11 <<= 8; + m1 += m10; + + m1 += m11; + m12 &= ~lbelow7; + + lbelow6 -= lbelow7; + m13 &= ~lbelow8; + + m12 += lbelow6; + lbelow7 -= lbelow8; + + m12 <<= 16; + m13 += lbelow7; + + m13 <<= 24; + m1 += m12; + + m1 += m13; + m2 = 2279; + + lbelow9 = l - 9; + m3 = 2343; + + lbelow10 = l - 10; + lbelow11 = l - 11; + + lbelow9 >>= 31; + lbelow12 = l - 12; + + lbelow10 >>= 31; + m += lbelow9; + + m20 = *(uchar *) (m + 8); + lbelow11 >>= 31; + m += lbelow10; + + m21 = *(uchar *) (m + 9); + lbelow12 >>= 31; + m += lbelow11; + + m22 = *(uchar *) (m + 10); + m2 <<= 51; + m += lbelow12; + + m23 = *(uchar *) (m + 11); + m20 &= ~lbelow9; + lbelow8 -= lbelow9; + + m20 += lbelow8; + lbelow9 -= lbelow10; + + m21 &= ~lbelow10; + m21 += lbelow9; + + m21 <<= 8; + m2 += m20; + + m2 += m21; + m22 &= ~lbelow11; + + lbelow10 -= lbelow11; + m23 &= ~lbelow12; + + m22 += lbelow10; + lbelow11 -= lbelow12; + + m22 <<= 16; + m23 += lbelow11; + + m23 <<= 24; + m2 += m22; + + m3 <<= 51; + lbelow13 = l - 13; + + lbelow13 >>= 31; + lbelow14 = l - 14; + + lbelow14 >>= 31; + m += lbelow13; + lbelow15 = l - 15; + + m30 = *(uchar *) (m + 12); + lbelow15 >>= 31; + m += lbelow14; + + m31 = *(uchar *) (m + 13); + m += lbelow15; + m2 += m23; + + m32 = *(uchar *) (m + 14); + m30 &= ~lbelow13; + lbelow12 -= lbelow13; + + m30 += lbelow12; + lbelow13 -= lbelow14; + + m3 += m30; + m31 &= ~lbelow14; + + m31 += lbelow13; + m32 &= ~lbelow15; + + m31 <<= 8; + lbelow14 -= lbelow15; + + m3 += m31; + m32 += lbelow14; + d0 = m0; + + m32 <<= 16; + m33 = lbelow15 + 1; + d1 = m1; + + m33 <<= 24; + m3 += m32; + d2 = m2; + + m3 += m33; + d3 = m3; + + alpha0 = *(double *) (constants + 24); + + z3 = *(double *) &d3; + + z2 = *(double *) &d2; + + z1 = *(double *) &d1; + + z0 = *(double *) &d0; + + z3 -= alpha96; + + z2 -= alpha64; + + z1 -= alpha32; + + z0 -= alpha0; + + h5 += z3; + + h3 += z2; + + h1 += z1; + + h0 += z0; + + y7 = h7 + alpha130; + + y6 = h6 + alpha130; + + y1 = h1 + alpha32; + + y0 = h0 + alpha32; + + y7 -= alpha130; + + y6 -= alpha130; + + y1 -= alpha32; + + y0 -= alpha32; + + y5 = h5 + alpha96; + + y4 = h4 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + x6 = h6 - y6; + y6 *= scale; + + x1 = h1 - y1; + + x0 = h0 - y0; + + y5 -= alpha96; + + y4 -= alpha96; + + x1 += y7; + + x0 += y6; + + x7 += y5; + + x6 += y4; + + y3 = h3 + alpha64; + + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + + h6 += r2lowx2; + + h7 += r2highx2; + + h0 += sr3lowx2; + + h1 += sr3highx2; + + +nomorebytes:; + + offset0 = *(double *) (constants + 104); + y7 = h7 + alpha130; + + offset1 = *(double *) (constants + 112); + y0 = h0 + alpha32; + + offset2 = *(double *) (constants + 120); + y1 = h1 + alpha32; + + offset3 = *(double *) (constants + 128); + y2 = h2 + alpha64; + + y7 -= alpha130; + + y3 = h3 + alpha64; + + y4 = h4 + alpha96; + + y5 = h5 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + y0 -= alpha32; + + y1 -= alpha32; + + y2 -= alpha64; + + h6 += x7; + + y3 -= alpha64; + + y4 -= alpha96; + + y5 -= alpha96; + + y6 = h6 + alpha130; + + x0 = h0 - y0; + + x1 = h1 - y1; + + x2 = h2 - y2; + + y6 -= alpha130; + + x0 += y7; + + x3 = h3 - y3; + + x4 = h4 - y4; + + x5 = h5 - y5; + + x6 = h6 - y6; + + y6 *= scale; + + x2 += y0; + + x3 += y1; + + x4 += y2; + + x0 += y6; + + x5 += y3; + + x6 += y4; + + x2 += x3; + + x0 += x1; + + x4 += x5; + + x6 += y5; + + x2 += offset1; + *(double *) &d1 = x2; + + x0 += offset0; + *(double *) &d0 = x0; + + x4 += offset2; + *(double *) &d2 = x4; + + x6 += offset3; + *(double *) &d3 = x6; + + + + + f0 = d0; + + f1 = d1; + bits32 = -1; + + f2 = d2; + bits32 >>= 32; + + f3 = d3; + f = f0 >> 32; + + f0 &= bits32; + f &= 255; + + f1 += f; + g0 = f0 + 5; + + g = g0 >> 32; + g0 &= bits32; + + f = f1 >> 32; + f1 &= bits32; + + f &= 255; + g1 = f1 + g; + + g = g1 >> 32; + f2 += f; + + f = f2 >> 32; + g1 &= bits32; + + f2 &= bits32; + f &= 255; + + f3 += f; + g2 = f2 + g; + + g = g2 >> 32; + g2 &= bits32; + + f4 = f3 >> 32; + f3 &= bits32; + + f4 &= 255; + g3 = f3 + g; + + g = g3 >> 32; + g3 &= bits32; + + g4 = f4 + g; + + g4 = g4 - 4; + s00 = *(uchar *) (s + 0); + + f = (int64) g4 >> 63; + s01 = *(uchar *) (s + 1); + + f0 &= f; + g0 &= ~f; + s02 = *(uchar *) (s + 2); + + f1 &= f; + f0 |= g0; + s03 = *(uchar *) (s + 3); + + g1 &= ~f; + f2 &= f; + s10 = *(uchar *) (s + 4); + + f3 &= f; + g2 &= ~f; + s11 = *(uchar *) (s + 5); + + g3 &= ~f; + f1 |= g1; + s12 = *(uchar *) (s + 6); + + f2 |= g2; + f3 |= g3; + s13 = *(uchar *) (s + 7); + + s01 <<= 8; + f0 += s00; + s20 = *(uchar *) (s + 8); + + s02 <<= 16; + f0 += s01; + s21 = *(uchar *) (s + 9); + + s03 <<= 24; + f0 += s02; + s22 = *(uchar *) (s + 10); + + s11 <<= 8; + f1 += s10; + s23 = *(uchar *) (s + 11); + + s12 <<= 16; + f1 += s11; + s30 = *(uchar *) (s + 12); + + s13 <<= 24; + f1 += s12; + s31 = *(uchar *) (s + 13); + + f0 += s03; + f1 += s13; + s32 = *(uchar *) (s + 14); + + s21 <<= 8; + f2 += s20; + s33 = *(uchar *) (s + 15); + + s22 <<= 16; + f2 += s21; + + s23 <<= 24; + f2 += s22; + + s31 <<= 8; + f3 += s30; + + s32 <<= 16; + f3 += s31; + + s33 <<= 24; + f3 += s32; + + f2 += s23; + f3 += s33; + + *(uchar *) (out + 0) = f0; + f0 >>= 8; + *(uchar *) (out + 1) = f0; + f0 >>= 8; + *(uchar *) (out + 2) = f0; + f0 >>= 8; + *(uchar *) (out + 3) = f0; + f0 >>= 8; + f1 += f0; + + *(uchar *) (out + 4) = f1; + f1 >>= 8; + *(uchar *) (out + 5) = f1; + f1 >>= 8; + *(uchar *) (out + 6) = f1; + f1 >>= 8; + *(uchar *) (out + 7) = f1; + f1 >>= 8; + f2 += f1; + + *(uchar *) (out + 8) = f2; + f2 >>= 8; + *(uchar *) (out + 9) = f2; + f2 >>= 8; + *(uchar *) (out + 10) = f2; + f2 >>= 8; + *(uchar *) (out + 11) = f2; + f2 >>= 8; + f3 += f2; + + *(uchar *) (out + 12) = f3; + f3 >>= 8; + *(uchar *) (out + 13) = f3; + f3 >>= 8; + *(uchar *) (out + 14) = f3; + f3 >>= 8; + *(uchar *) (out + 15) = f3; + + return 0; +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/53/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/53/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/53/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h b/src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/checksum b/src/libnacl/crypto_onetimeauth/poly1305/checksum new file mode 100644 index 00000000..a713ea40 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/checksum @@ -0,0 +1 @@ +e836d5ca58cf673fca2b4910f23f3990 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/ref/api.h b/src/libnacl/crypto_onetimeauth/poly1305/ref/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c b/src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c new file mode 100644 index 00000000..06cf115d --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c @@ -0,0 +1,104 @@ +/* +20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_onetimeauth.h" + +static void add(unsigned int h[17],const unsigned int c[17]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; } +} + +static void squeeze(unsigned int h[17]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } + u += h[16]; h[16] = u & 3; + u = 5 * (u >> 2); + for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } + u += h[16]; h[16] = u; +} + +static const unsigned int minusp[17] = { + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 +} ; + +static void freeze(unsigned int h[17]) +{ + unsigned int horig[17]; + unsigned int j; + unsigned int negative; + for (j = 0;j < 17;++j) horig[j] = h[j]; + add(h,minusp); + negative = -(h[16] >> 7); + for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]); +} + +static void mulmod(unsigned int h[17],const unsigned int r[17]) +{ + unsigned int hr[17]; + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 17;++i) { + u = 0; + for (j = 0;j <= i;++j) u += h[j] * r[i - j]; + for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j]; + hr[i] = u; + } + for (i = 0;i < 17;++i) h[i] = hr[i]; + squeeze(h); +} + +int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned int j; + unsigned int r[17]; + unsigned int h[17]; + unsigned int c[17]; + + r[0] = k[0]; + r[1] = k[1]; + r[2] = k[2]; + r[3] = k[3] & 15; + r[4] = k[4] & 252; + r[5] = k[5]; + r[6] = k[6]; + r[7] = k[7] & 15; + r[8] = k[8] & 252; + r[9] = k[9]; + r[10] = k[10]; + r[11] = k[11] & 15; + r[12] = k[12] & 252; + r[13] = k[13]; + r[14] = k[14]; + r[15] = k[15] & 15; + r[16] = 0; + + for (j = 0;j < 17;++j) h[j] = 0; + + while (inlen > 0) { + for (j = 0;j < 17;++j) c[j] = 0; + for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j]; + c[j] = 1; + in += j; inlen -= j; + add(h,c); + mulmod(h,r); + } + + freeze(h); + + for (j = 0;j < 16;++j) c[j] = k[j + 16]; + c[16] = 0; + add(h,c); + for (j = 0;j < 16;++j) out[j] = h[j]; + return 0; +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/selected b/src/libnacl/crypto_onetimeauth/poly1305/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_onetimeauth/poly1305/used b/src/libnacl/crypto_onetimeauth/poly1305/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_onetimeauth/poly1305/x86/api.h b/src/libnacl/crypto_onetimeauth/poly1305/x86/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/x86/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/try.c b/src/libnacl/crypto_onetimeauth/try.c new file mode 100644 index 00000000..185d5c7e --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/try.c @@ -0,0 +1,121 @@ +/* + * crypto_onetimeauth/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash_sha256.h" +#include "crypto_onetimeauth.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *m; +static unsigned char *k; +static unsigned char *h2; +static unsigned char *m2; +static unsigned char *k2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_onetimeauth_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + k = alignedcalloc(crypto_onetimeauth_KEYBYTES); + h2 = alignedcalloc(crypto_onetimeauth_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES); + k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_onetimeauth(h,m,TUNE_BYTES,k); + crypto_onetimeauth_verify(h,m,TUNE_BYTES,k); +} + +char checksum[crypto_onetimeauth_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long klen = crypto_onetimeauth_KEYBYTES; + long long hlen = crypto_onetimeauth_BYTES; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero"; + + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m"; + for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output"; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap"; + for (j = 0;j < hlen;++j) m2[j] = m[j]; + if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero"; + for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + + if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero"; + + for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; + if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero"; + if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; + m[mlen] = h2[0]; + } + if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero"; + if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero"; + + for (i = 0;i < crypto_onetimeauth_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_onetimeauth/wrapper-auth.cpp b/src/libnacl/crypto_onetimeauth/wrapper-auth.cpp new file mode 100644 index 00000000..f4279607 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/wrapper-auth.cpp @@ -0,0 +1,11 @@ +#include +using std::string; +#include "crypto_onetimeauth.h" + +string crypto_onetimeauth(const string &m,const string &k) +{ + if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length"; + unsigned char a[crypto_onetimeauth_BYTES]; + crypto_onetimeauth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str()); + return string((char *) a,crypto_onetimeauth_BYTES); +} diff --git a/src/libnacl/crypto_onetimeauth/wrapper-verify.cpp b/src/libnacl/crypto_onetimeauth/wrapper-verify.cpp new file mode 100644 index 00000000..248239ee --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/wrapper-verify.cpp @@ -0,0 +1,14 @@ +#include +using std::string; +#include "crypto_onetimeauth.h" + +void crypto_onetimeauth_verify(const string &a,const string &m,const string &k) +{ + if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length"; + if (a.size() != crypto_onetimeauth_BYTES) throw "incorrect authenticator length"; + if (crypto_onetimeauth_verify( + (const unsigned char *) a.c_str(), + (const unsigned char *) m.c_str(),m.size(), + (const unsigned char *) k.c_str()) == 0) return; + throw "invalid authenticator"; +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/checksum b/src/libnacl/crypto_scalarmult/curve25519/checksum new file mode 100644 index 00000000..ce2d395b --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/checksum @@ -0,0 +1 @@ +dacdae4a0f12353dfc66757f2fd1fff538fe6616115dace9afb8016a55be2a52 diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h new file mode 100644 index 00000000..60339596 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_SCALARBYTES 32 diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c new file mode 100644 index 00000000..f33419e8 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c @@ -0,0 +1,8 @@ +#include "crypto_scalarmult.h" + +static const unsigned char basepoint[32] = {9}; + +int crypto_scalarmult_base(unsigned char *q,const unsigned char *n) +{ + return crypto_scalarmult(q, n, basepoint); +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors new file mode 100644 index 00000000..0ce43280 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors @@ -0,0 +1 @@ +Adam Langley (Google) diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c new file mode 100644 index 00000000..6d26956b --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c @@ -0,0 +1,477 @@ +/* Copyright 2008, Google Inc. + * All rights reserved. + * + * Code released into the public domain. + * + * curve25519-donna: Curve25519 elliptic curve, public key function + * + * http://code.google.com/p/curve25519-donna/ + * + * Adam Langley + * + * Derived from public domain C code by Daniel J. Bernstein + * + * More information about curve25519 can be found here + * http://cr.yp.to/ecdh.html + * + * djb's sample implementation of curve25519 is written in a special assembly + * language called qhasm and uses the floating point registers. + * + * This is, almost, a clean room reimplementation from the curve25519 paper. It + * uses many of the tricks described therein. Only the crecip function is taken + * from the sample implementation. + */ + +#include +#include +#include "crypto_scalarmult.h" + +typedef uint8_t u8; +typedef uint64_t felem; +// This is a special gcc mode for 128-bit integers. It's implemented on 64-bit +// platforms only as far as I know. +typedef unsigned uint128_t __attribute__((mode(TI))); + +/* Sum two numbers: output += in */ +static void fsum(felem *output, const felem *in) { + unsigned i; + for (i = 0; i < 5; ++i) output[i] += in[i]; +} + +/* Find the difference of two numbers: output = in - output + * (note the order of the arguments!) + */ +static void fdifference_backwards(felem *ioutput, const felem *iin) { + static const int64_t twotothe51 = (1l << 51); + const int64_t *in = (const int64_t *) iin; + int64_t *out = (int64_t *) ioutput; + + out[0] = in[0] - out[0]; + out[1] = in[1] - out[1]; + out[2] = in[2] - out[2]; + out[3] = in[3] - out[3]; + out[4] = in[4] - out[4]; + + // An arithmetic shift right of 63 places turns a positive number to 0 and a + // negative number to all 1's. This gives us a bitmask that lets us avoid + // side-channel prone branches. + int64_t t; + +#define NEGCHAIN(a,b) \ + t = out[a] >> 63; \ + out[a] += twotothe51 & t; \ + out[b] -= 1 & t; + +#define NEGCHAIN19(a,b) \ + t = out[a] >> 63; \ + out[a] += twotothe51 & t; \ + out[b] -= 19 & t; + + NEGCHAIN(0, 1); + NEGCHAIN(1, 2); + NEGCHAIN(2, 3); + NEGCHAIN(3, 4); + NEGCHAIN19(4, 0); + NEGCHAIN(0, 1); + NEGCHAIN(1, 2); + NEGCHAIN(2, 3); + NEGCHAIN(3, 4); +} + +/* Multiply a number by a scalar: output = in * scalar */ +static void fscalar_product(felem *output, const felem *in, const felem scalar) { + uint128_t a; + + a = ((uint128_t) in[0]) * scalar; + output[0] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[1]) * scalar + (a >> 51); + output[1] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[2]) * scalar + (a >> 51); + output[2] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[3]) * scalar + (a >> 51); + output[3] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[4]) * scalar + (a >> 51); + output[4] = a & 0x7ffffffffffff; + + output[0] += (a >> 51) * 19; +} + +/* Multiply two numbers: output = in2 * in + * + * output must be distinct to both inputs. The inputs are reduced coefficient + * form, the output is not. + */ +static void fmul(felem *output, const felem *in2, const felem *in) { + uint128_t t[9]; + + t[0] = ((uint128_t) in[0]) * in2[0]; + t[1] = ((uint128_t) in[0]) * in2[1] + + ((uint128_t) in[1]) * in2[0]; + t[2] = ((uint128_t) in[0]) * in2[2] + + ((uint128_t) in[2]) * in2[0] + + ((uint128_t) in[1]) * in2[1]; + t[3] = ((uint128_t) in[0]) * in2[3] + + ((uint128_t) in[3]) * in2[0] + + ((uint128_t) in[1]) * in2[2] + + ((uint128_t) in[2]) * in2[1]; + t[4] = ((uint128_t) in[0]) * in2[4] + + ((uint128_t) in[4]) * in2[0] + + ((uint128_t) in[3]) * in2[1] + + ((uint128_t) in[1]) * in2[3] + + ((uint128_t) in[2]) * in2[2]; + t[5] = ((uint128_t) in[4]) * in2[1] + + ((uint128_t) in[1]) * in2[4] + + ((uint128_t) in[2]) * in2[3] + + ((uint128_t) in[3]) * in2[2]; + t[6] = ((uint128_t) in[4]) * in2[2] + + ((uint128_t) in[2]) * in2[4] + + ((uint128_t) in[3]) * in2[3]; + t[7] = ((uint128_t) in[3]) * in2[4] + + ((uint128_t) in[4]) * in2[3]; + t[8] = ((uint128_t) in[4]) * in2[4]; + + t[0] += t[5] * 19; + t[1] += t[6] * 19; + t[2] += t[7] * 19; + t[3] += t[8] * 19; + + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; + t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; + t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; + t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); + t[4] &= 0x7ffffffffffff; + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; + t[1] &= 0x7ffffffffffff; + + output[0] = t[0]; + output[1] = t[1]; + output[2] = t[2]; + output[3] = t[3]; + output[4] = t[4]; +} + +static void +fsquare(felem *output, const felem *in) { + uint128_t t[9]; + + t[0] = ((uint128_t) in[0]) * in[0]; + t[1] = ((uint128_t) in[0]) * in[1] * 2; + t[2] = ((uint128_t) in[0]) * in[2] * 2 + + ((uint128_t) in[1]) * in[1]; + t[3] = ((uint128_t) in[0]) * in[3] * 2 + + ((uint128_t) in[1]) * in[2] * 2; + t[4] = ((uint128_t) in[0]) * in[4] * 2 + + ((uint128_t) in[3]) * in[1] * 2 + + ((uint128_t) in[2]) * in[2]; + t[5] = ((uint128_t) in[4]) * in[1] * 2 + + ((uint128_t) in[2]) * in[3] * 2; + t[6] = ((uint128_t) in[4]) * in[2] * 2 + + ((uint128_t) in[3]) * in[3]; + t[7] = ((uint128_t) in[3]) * in[4] * 2; + t[8] = ((uint128_t) in[4]) * in[4]; + + t[0] += t[5] * 19; + t[1] += t[6] * 19; + t[2] += t[7] * 19; + t[3] += t[8] * 19; + + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; + t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; + t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; + t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); + t[4] &= 0x7ffffffffffff; + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + + output[0] = t[0]; + output[1] = t[1]; + output[2] = t[2]; + output[3] = t[3]; + output[4] = t[4]; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +static void +fexpand(felem *output, const u8 *in) { + output[0] = *((const uint64_t *)(in)) & 0x7ffffffffffff; + output[1] = (*((const uint64_t *)(in+6)) >> 3) & 0x7ffffffffffff; + output[2] = (*((const uint64_t *)(in+12)) >> 6) & 0x7ffffffffffff; + output[3] = (*((const uint64_t *)(in+19)) >> 1) & 0x7ffffffffffff; + output[4] = (*((const uint64_t *)(in+25)) >> 4) & 0x7ffffffffffff; +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +static void +fcontract(u8 *output, const felem *input) { + uint128_t t[5]; + + t[0] = input[0]; + t[1] = input[1]; + t[2] = input[2]; + t[3] = input[3]; + t[4] = input[4]; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + + t[0] += 19; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + + t[0] += 0x8000000000000 - 19; + t[1] += 0x8000000000000 - 1; + t[2] += 0x8000000000000 - 1; + t[3] += 0x8000000000000 - 1; + t[4] += 0x8000000000000 - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[4] &= 0x7ffffffffffff; + + *((uint64_t *)(output)) = t[0] | (t[1] << 51); + *((uint64_t *)(output+8)) = (t[1] >> 13) | (t[2] << 38); + *((uint64_t *)(output+16)) = (t[2] >> 26) | (t[3] << 25); + *((uint64_t *)(output+24)) = (t[3] >> 39) | (t[4] << 12); +} + +/* Input: Q, Q', Q-Q' + * Output: 2Q, Q+Q' + * + * x2 z3: long form + * x3 z3: long form + * x z: short form, destroyed + * xprime zprime: short form, destroyed + * qmqp: short form, preserved + */ +static void +fmonty(felem *x2, felem *z2, /* output 2Q */ + felem *x3, felem *z3, /* output Q + Q' */ + felem *x, felem *z, /* input Q */ + felem *xprime, felem *zprime, /* input Q' */ + const felem *qmqp /* input Q - Q' */) { + felem origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5], + zzprime[5], zzzprime[5]; + + memcpy(origx, x, 5 * sizeof(felem)); + fsum(x, z); + fdifference_backwards(z, origx); // does x - z + + memcpy(origxprime, xprime, sizeof(felem) * 5); + fsum(xprime, zprime); + fdifference_backwards(zprime, origxprime); + fmul(xxprime, xprime, z); + fmul(zzprime, x, zprime); + memcpy(origxprime, xxprime, sizeof(felem) * 5); + fsum(xxprime, zzprime); + fdifference_backwards(zzprime, origxprime); + fsquare(x3, xxprime); + fsquare(zzzprime, zzprime); + fmul(z3, zzzprime, qmqp); + + fsquare(xx, x); + fsquare(zz, z); + fmul(x2, xx, zz); + fdifference_backwards(zz, xx); // does zz = xx - zz + fscalar_product(zzz, zz, 121665); + fsum(zzz, xx); + fmul(z2, zz, zzz); +} + +// ----------------------------------------------------------------------------- +// Maybe swap the contents of two felem arrays (@a and @b), each @len elements +// long. Perform the swap iff @swap is non-zero. +// +// This function performs the swap without leaking any side-channel +// information. +// ----------------------------------------------------------------------------- +static void +swap_conditional(felem *a, felem *b, unsigned len, felem iswap) { + unsigned i; + const felem swap = -iswap; + + for (i = 0; i < len; ++i) { + const felem x = swap & (a[i] ^ b[i]); + a[i] ^= x; + b[i] ^= x; + } +} + +/* Calculates nQ where Q is the x-coordinate of a point on the curve + * + * resultx/resultz: the x coordinate of the resulting curve point (short form) + * n: a little endian, 32-byte number + * q: a point of the curve (short form) + */ +static void +cmult(felem *resultx, felem *resultz, const u8 *n, const felem *q) { + felem a[5] = {0}, b[5] = {1}, c[5] = {1}, d[5] = {0}; + felem *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t; + felem e[5] = {0}, f[5] = {1}, g[5] = {0}, h[5] = {1}; + felem *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h; + + unsigned i, j; + + memcpy(nqpqx, q, sizeof(felem) * 5); + + for (i = 0; i < 32; ++i) { + u8 byte = n[31 - i]; + for (j = 0; j < 8; ++j) { + const felem bit = byte >> 7; + + swap_conditional(nqx, nqpqx, 5, bit); + swap_conditional(nqz, nqpqz, 5, bit); + fmonty(nqx2, nqz2, + nqpqx2, nqpqz2, + nqx, nqz, + nqpqx, nqpqz, + q); + swap_conditional(nqx2, nqpqx2, 5, bit); + swap_conditional(nqz2, nqpqz2, 5, bit); + + t = nqx; + nqx = nqx2; + nqx2 = t; + t = nqz; + nqz = nqz2; + nqz2 = t; + t = nqpqx; + nqpqx = nqpqx2; + nqpqx2 = t; + t = nqpqz; + nqpqz = nqpqz2; + nqpqz2 = t; + + byte <<= 1; + } + } + + memcpy(resultx, nqx, sizeof(felem) * 5); + memcpy(resultz, nqz, sizeof(felem) * 5); +} + +// ----------------------------------------------------------------------------- +// Shamelessly copied from djb's code +// ----------------------------------------------------------------------------- +static void +crecip(felem *out, const felem *z) { + felem z2[5]; + felem z9[5]; + felem z11[5]; + felem z2_5_0[5]; + felem z2_10_0[5]; + felem z2_20_0[5]; + felem z2_50_0[5]; + felem z2_100_0[5]; + felem t0[5]; + felem t1[5]; + int i; + + /* 2 */ fsquare(z2,z); + /* 4 */ fsquare(t1,z2); + /* 8 */ fsquare(t0,t1); + /* 9 */ fmul(z9,t0,z); + /* 11 */ fmul(z11,z9,z2); + /* 22 */ fsquare(t0,z11); + /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ fsquare(t0,z2_5_0); + /* 2^7 - 2^2 */ fsquare(t1,t0); + /* 2^8 - 2^3 */ fsquare(t0,t1); + /* 2^9 - 2^4 */ fsquare(t1,t0); + /* 2^10 - 2^5 */ fsquare(t0,t1); + /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ fsquare(t0,z2_10_0); + /* 2^12 - 2^2 */ fsquare(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ fsquare(t0,z2_20_0); + /* 2^22 - 2^2 */ fsquare(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ fsquare(t1,t0); + /* 2^42 - 2^2 */ fsquare(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); } + /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ fsquare(t0,z2_50_0); + /* 2^52 - 2^2 */ fsquare(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ fsquare(t1,z2_100_0); + /* 2^102 - 2^2 */ fsquare(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); } + /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ fsquare(t0,t1); + /* 2^202 - 2^2 */ fsquare(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ fsquare(t1,t0); + /* 2^252 - 2^2 */ fsquare(t0,t1); + /* 2^253 - 2^3 */ fsquare(t1,t0); + /* 2^254 - 2^4 */ fsquare(t0,t1); + /* 2^255 - 2^5 */ fsquare(t1,t0); + /* 2^255 - 21 */ fmul(out,t1,z11); +} + +int +crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoint) { + felem bp[5], x[5], z[5], zmone[5]; + unsigned char e[32]; + int i; + for (i = 0;i < 32;++i) e[i] = secret[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + fexpand(bp, basepoint); + cmult(x, z, e, bp); + crecip(zmone, z); + fmul(z, x, zmone); + fcontract(mypublic, z); + return 0; +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/api.h b/src/libnacl/crypto_scalarmult/curve25519/ref/api.h new file mode 100644 index 00000000..60339596 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_SCALARBYTES 32 diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/base.c b/src/libnacl/crypto_scalarmult/curve25519/ref/base.c new file mode 100644 index 00000000..ac2d7eb4 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/base.c @@ -0,0 +1,16 @@ +/* +version 20081011 +Matthew Dempsky +Public domain. +Derived from public domain code by D. J. Bernstein. +*/ + +#include "crypto_scalarmult.h" + +const unsigned char base[32] = {9}; + +int crypto_scalarmult_base(unsigned char *q, + const unsigned char *n) +{ + return crypto_scalarmult(q,n,base); +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/implementors b/src/libnacl/crypto_scalarmult/curve25519/ref/implementors new file mode 100644 index 00000000..aa551790 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/implementors @@ -0,0 +1 @@ +Matthew Dempsky (Mochi Media) diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/smult.c b/src/libnacl/crypto_scalarmult/curve25519/ref/smult.c new file mode 100644 index 00000000..6a479558 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/smult.c @@ -0,0 +1,265 @@ +/* +version 20081011 +Matthew Dempsky +Public domain. +Derived from public domain code by D. J. Bernstein. +*/ + +#include "crypto_scalarmult.h" + +static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; } + u += a[31] + b[31]; out[31] = u; +} + +static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 218; + for (j = 0;j < 31;++j) { + u += a[j] + 65280 - b[j]; + out[j] = u & 255; + u >>= 8; + } + u += a[31] - b[31]; + out[31] = u; +} + +static void squeeze(unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u; +} + +static const unsigned int minusp[32] = { + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128 +} ; + +static void freeze(unsigned int a[32]) +{ + unsigned int aorig[32]; + unsigned int j; + unsigned int negative; + + for (j = 0;j < 32;++j) aorig[j] = a[j]; + add(a,a,minusp); + negative = -((a[31] >> 7) & 1); + for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]); +} + +static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j <= i;++j) u += a[j] * b[i - j]; + for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j]; + out[i] = u; + } + squeeze(out); +} + +static void mult121665(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + + u = 0; + for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; } + u += 121665 * a[31]; out[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; } + u += out[j]; out[j] = u; +} + +static void square(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j < i - j;++j) u += a[j] * a[i - j]; + for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j]; + u *= 2; + if ((i & 1) == 0) { + u += a[i / 2] * a[i / 2]; + u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; + } + out[i] = u; + } + squeeze(out); +} + +static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b) +{ + unsigned int j; + unsigned int t; + unsigned int bminus1; + + bminus1 = b - 1; + for (j = 0;j < 64;++j) { + t = bminus1 & (r[j] ^ s[j]); + p[j] = s[j] ^ t; + q[j] = r[j] ^ t; + } +} + +static void mainloop(unsigned int work[64],const unsigned char e[32]) +{ + unsigned int xzm1[64]; + unsigned int xzm[64]; + unsigned int xzmb[64]; + unsigned int xzm1b[64]; + unsigned int xznb[64]; + unsigned int xzn1b[64]; + unsigned int a0[64]; + unsigned int a1[64]; + unsigned int b0[64]; + unsigned int b1[64]; + unsigned int c1[64]; + unsigned int r[32]; + unsigned int s[32]; + unsigned int t[32]; + unsigned int u[32]; + unsigned int i; + unsigned int j; + unsigned int b; + int pos; + + for (j = 0;j < 32;++j) xzm1[j] = work[j]; + xzm1[32] = 1; + for (j = 33;j < 64;++j) xzm1[j] = 0; + + xzm[0] = 1; + for (j = 1;j < 64;++j) xzm[j] = 0; + + for (pos = 254;pos >= 0;--pos) { + b = e[pos / 8] >> (pos & 7); + b &= 1; + select(xzmb,xzm1b,xzm,xzm1,b); + add(a0,xzmb,xzmb + 32); + sub(a0 + 32,xzmb,xzmb + 32); + add(a1,xzm1b,xzm1b + 32); + sub(a1 + 32,xzm1b,xzm1b + 32); + square(b0,a0); + square(b0 + 32,a0 + 32); + mult(b1,a1,a0 + 32); + mult(b1 + 32,a1 + 32,a0); + add(c1,b1,b1 + 32); + sub(c1 + 32,b1,b1 + 32); + square(r,c1 + 32); + sub(s,b0,b0 + 32); + mult121665(t,s); + add(u,t,b0); + mult(xznb,b0,b0 + 32); + mult(xznb + 32,s,u); + square(xzn1b,c1); + mult(xzn1b + 32,r,work); + select(xzm,xzm1,xznb,xzn1b,b); + } + + for (j = 0;j < 64;++j) work[j] = xzm[j]; +} + +static void recip(unsigned int out[32],const unsigned int z[32]) +{ + unsigned int z2[32]; + unsigned int z9[32]; + unsigned int z11[32]; + unsigned int z2_5_0[32]; + unsigned int z2_10_0[32]; + unsigned int z2_20_0[32]; + unsigned int z2_50_0[32]; + unsigned int z2_100_0[32]; + unsigned int t0[32]; + unsigned int t1[32]; + int i; + + /* 2 */ square(z2,z); + /* 4 */ square(t1,z2); + /* 8 */ square(t0,t1); + /* 9 */ mult(z9,t0,z); + /* 11 */ mult(z11,z9,z2); + /* 22 */ square(t0,z11); + /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ square(t0,z2_5_0); + /* 2^7 - 2^2 */ square(t1,t0); + /* 2^8 - 2^3 */ square(t0,t1); + /* 2^9 - 2^4 */ square(t1,t0); + /* 2^10 - 2^5 */ square(t0,t1); + /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ square(t0,z2_10_0); + /* 2^12 - 2^2 */ square(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ square(t0,z2_20_0); + /* 2^22 - 2^2 */ square(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ square(t1,t0); + /* 2^42 - 2^2 */ square(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ square(t0,z2_50_0); + /* 2^52 - 2^2 */ square(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ square(t1,z2_100_0); + /* 2^102 - 2^2 */ square(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ square(t0,t1); + /* 2^202 - 2^2 */ square(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ square(t1,t0); + /* 2^252 - 2^2 */ square(t0,t1); + /* 2^253 - 2^3 */ square(t1,t0); + /* 2^254 - 2^4 */ square(t0,t1); + /* 2^255 - 2^5 */ square(t1,t0); + /* 2^255 - 21 */ mult(out,t1,z11); +} + +int crypto_scalarmult(unsigned char *q, + const unsigned char *n, + const unsigned char *p) +{ + unsigned int work[96]; + unsigned char e[32]; + unsigned int i; + for (i = 0;i < 32;++i) e[i] = n[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + for (i = 0;i < 32;++i) work[i] = p[i]; + mainloop(work,e); + recip(work + 32,work + 32); + mult(work + 64,work,work + 32); + freeze(work + 64); + for (i = 0;i < 32;++i) q[i] = work[64 + i]; + return 0; +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/used b/src/libnacl/crypto_scalarmult/curve25519/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_scalarmult/measure.c b/src/libnacl/crypto_scalarmult/measure.c new file mode 100644 index 00000000..0c7265d5 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/measure.c @@ -0,0 +1,61 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_scalarmult.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION; +const char *implementationversion = crypto_scalarmult_VERSION; +const char *sizenames[] = { "outputbytes", "scalarbytes", 0 }; +const long long sizes[] = { crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES }; + +static unsigned char *m; +static unsigned char *n; +static unsigned char *p; +static unsigned char *q; + +void preallocate(void) +{ +} + +void allocate(void) +{ + m = alignedcalloc(crypto_scalarmult_SCALARBYTES); + n = alignedcalloc(crypto_scalarmult_SCALARBYTES); + p = alignedcalloc(crypto_scalarmult_BYTES); + q = alignedcalloc(crypto_scalarmult_BYTES); +} + +#define TIMINGS 63 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + + for (loop = 0;loop < LOOPS;++loop) { + randombytes(m,crypto_scalarmult_SCALARBYTES); + randombytes(n,crypto_scalarmult_SCALARBYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_scalarmult_base(p,m); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"base_cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_scalarmult(q,n,p); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"cycles",cycles,TIMINGS); + } +} diff --git a/src/libnacl/crypto_scalarmult/try.c b/src/libnacl/crypto_scalarmult/try.c new file mode 100644 index 00000000..1ec97b6b --- /dev/null +++ b/src/libnacl/crypto_scalarmult/try.c @@ -0,0 +1,127 @@ +/* + * crypto_scalarmult/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_scalarmult.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION; + +#define mlen crypto_scalarmult_SCALARBYTES +#define nlen crypto_scalarmult_SCALARBYTES +#define plen crypto_scalarmult_BYTES +#define qlen crypto_scalarmult_BYTES +#define rlen crypto_scalarmult_BYTES + +static unsigned char *m; +static unsigned char *n; +static unsigned char *p; +static unsigned char *q; +static unsigned char *r; + +static unsigned char *m2; +static unsigned char *n2; +static unsigned char *p2; +static unsigned char *q2; +static unsigned char *r2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + m = alignedcalloc(mlen); + n = alignedcalloc(nlen); + p = alignedcalloc(plen); + q = alignedcalloc(qlen); + r = alignedcalloc(rlen); + m2 = alignedcalloc(mlen + crypto_scalarmult_BYTES); + n2 = alignedcalloc(nlen + crypto_scalarmult_BYTES); + p2 = alignedcalloc(plen + crypto_scalarmult_BYTES); + q2 = alignedcalloc(qlen + crypto_scalarmult_BYTES); + r2 = alignedcalloc(rlen + crypto_scalarmult_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_scalarmult(q,n,p); + crypto_scalarmult_base(r,n); +} + +char checksum[crypto_scalarmult_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + long long tests; + + for (i = 0;i < mlen;++i) m[i] = i; + for (i = 0;i < nlen;++i) n[i] = i + 1; + for (i = 0;i < plen;++i) p[i] = i + 2; + for (i = 0;i < qlen;++i) q[i] = i + 3; + for (i = 0;i < rlen;++i) r[i] = i + 4; + + for (i = -16;i < 0;++i) p[i] = random(); + for (i = -16;i < 0;++i) n[i] = random(); + for (i = plen;i < plen + 16;++i) p[i] = random(); + for (i = nlen;i < nlen + 16;++i) n[i] = random(); + for (i = -16;i < plen + 16;++i) p2[i] = p[i]; + for (i = -16;i < nlen + 16;++i) n2[i] = n[i]; + + if (crypto_scalarmult_base(p,n) != 0) return "crypto_scalarmult_base returns nonzero"; + + for (i = -16;i < nlen + 16;++i) if (n2[i] != n[i]) return "crypto_scalarmult_base overwrites input"; + for (i = -16;i < 0;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes before output"; + for (i = plen;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes after output"; + + for (tests = 0;tests < 100;++tests) { + for (i = -16;i < 0;++i) q[i] = random(); + for (i = -16;i < 0;++i) p[i] = random(); + for (i = -16;i < 0;++i) m[i] = random(); + for (i = qlen;i < qlen + 16;++i) q[i] = random(); + for (i = plen;i < plen + 16;++i) p[i] = random(); + for (i = mlen;i < mlen + 16;++i) m[i] = random(); + for (i = -16;i < qlen + 16;++i) q2[i] = q[i]; + for (i = -16;i < plen + 16;++i) p2[i] = p[i]; + for (i = -16;i < mlen + 16;++i) m2[i] = m[i]; + + if (crypto_scalarmult(q,m,p) != 0) return "crypto_scalarmult returns nonzero"; + + for (i = -16;i < mlen + 16;++i) if (m2[i] != m[i]) return "crypto_scalarmult overwrites n input"; + for (i = -16;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult overwrites p input"; + for (i = -16;i < 0;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes before output"; + for (i = qlen;i < qlen + 16;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes after output"; + + if (crypto_scalarmult(m2,m2,p) != 0) return "crypto_scalarmult returns nonzero"; + for (i = 0;i < qlen;++i) if (q[i] != m2[i]) return "crypto_scalarmult does not handle n overlap"; + for (i = 0;i < qlen;++i) m2[i] = m[i]; + + if (crypto_scalarmult(p2,m2,p2) != 0) return "crypto_scalarmult returns nonzero"; + for (i = 0;i < qlen;++i) if (q[i] != p2[i]) return "crypto_scalarmult does not handle p overlap"; + + if (crypto_scalarmult(r,n,q) != 0) return "crypto_scalarmult returns nonzero"; + if (crypto_scalarmult(q,n,p) != 0) return "crypto_scalarmult returns nonzero"; + if (crypto_scalarmult(p,m,q) != 0) return "crypto_scalarmult returns nonzero"; + for (j = 0;j < plen;++j) if (p[j] != r[j]) return "crypto_scalarmult not associative"; + for (j = 0;j < mlen;++j) m[j] ^= q[j % qlen]; + for (j = 0;j < nlen;++j) n[j] ^= p[j % plen]; + } + + for (i = 0;i < crypto_scalarmult_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (p[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & p[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_scalarmult/wrapper-base.cpp b/src/libnacl/crypto_scalarmult/wrapper-base.cpp new file mode 100644 index 00000000..f71ce19a --- /dev/null +++ b/src/libnacl/crypto_scalarmult/wrapper-base.cpp @@ -0,0 +1,11 @@ +#include +using std::string; +#include "crypto_scalarmult.h" + +string crypto_scalarmult_base(const string &n) +{ + unsigned char q[crypto_scalarmult_BYTES]; + if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length"; + crypto_scalarmult_base(q,(const unsigned char *) n.c_str()); + return string((char *) q,sizeof q); +} diff --git a/src/libnacl/crypto_scalarmult/wrapper-mult.cpp b/src/libnacl/crypto_scalarmult/wrapper-mult.cpp new file mode 100644 index 00000000..fc693cf0 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/wrapper-mult.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_scalarmult.h" + +string crypto_scalarmult(const string &n,const string &p) +{ + unsigned char q[crypto_scalarmult_BYTES]; + if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length"; + if (p.size() != crypto_scalarmult_BYTES) throw "incorrect element length"; + crypto_scalarmult(q,(const unsigned char *) n.c_str(),(const unsigned char *) p.c_str()); + return string((char *) q,sizeof q); +} diff --git a/src/libnacl/crypto_secretbox/measure.c b/src/libnacl/crypto_secretbox/measure.c new file mode 100644 index 00000000..6cb0692f --- /dev/null +++ b/src/libnacl/crypto_secretbox/measure.c @@ -0,0 +1,75 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_secretbox.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION; +const char *implementationversion = crypto_secretbox_VERSION; +const char *sizenames[] = { "keybytes", "noncebytes", "zerobytes", "boxzerobytes", 0 }; +const long long sizes[] = { crypto_secretbox_KEYBYTES, crypto_secretbox_NONCEBYTES, crypto_secretbox_ZEROBYTES, crypto_secretbox_BOXZEROBYTES }; + +#define MAXTEST_BYTES 4096 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_secretbox_KEYBYTES); + n = alignedcalloc(crypto_secretbox_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) { + randombytes(k,crypto_secretbox_KEYBYTES); + randombytes(n,crypto_secretbox_NONCEBYTES); + randombytes(m + crypto_secretbox_ZEROBYTES,mlen); + randombytes(c,mlen + crypto_secretbox_ZEROBYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + ++c[crypto_secretbox_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_secretbox/try.c b/src/libnacl/crypto_secretbox/try.c new file mode 100644 index 00000000..012b28ea --- /dev/null +++ b/src/libnacl/crypto_secretbox/try.c @@ -0,0 +1,131 @@ +/* + * crypto_secretbox/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_secretbox.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *t; +static unsigned char *k2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *t2; + +#define klen crypto_secretbox_KEYBYTES +#define nlen crypto_secretbox_NONCEBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(klen); + n = alignedcalloc(nlen); + m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + k2 = alignedcalloc(klen); + n2 = alignedcalloc(nlen); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + t2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_secretbox(c,m,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); + crypto_secretbox_open(t,c,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); +} + +char checksum[klen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) m[j] = 0; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i + crypto_secretbox_ZEROBYTES; + long long tlen = i + crypto_secretbox_ZEROBYTES; + long long clen = i + crypto_secretbox_ZEROBYTES; + + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random(); + + if (crypto_secretbox(c,m,mlen,n,k) != 0) return "crypto_secretbox returns nonzero"; + + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_secretbox overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox overwrites n"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox overwrites k"; + for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_secretbox writes before output"; + for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox writes after output"; + for (j = 0;j < crypto_secretbox_BOXZEROBYTES;++j) + if (c[j] != 0) return "crypto_secretbox does not clear extra bytes"; + + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + + if (crypto_secretbox_open(t,c,clen,n,k) != 0) return "crypto_secretbox_open returns nonzero"; + + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox_open overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox_open overwrites n"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox_open overwrites k"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes after output"; + for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_secretbox_open does not clear extra bytes"; + + for (j = 0;j < i;++j) if (t[j] != m[j]) return "plaintext does not match"; + + for (j = 0;j < i;++j) + k[j % klen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + crypto_secretbox(c,m,mlen,n,k); + for (j = 0;j < i;++j) + n[j % nlen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + crypto_secretbox(c,m,mlen,n,k); + if (i == 0) m[crypto_secretbox_ZEROBYTES + 0] = 0; + m[crypto_secretbox_ZEROBYTES + i] = m[crypto_secretbox_ZEROBYTES + 0]; + for (j = 0;j < i;++j) + m[j + crypto_secretbox_ZEROBYTES] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + } + + for (i = 0;i < klen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (k[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & k[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_secretbox/wrapper-box.cpp b/src/libnacl/crypto_secretbox/wrapper-box.cpp new file mode 100644 index 00000000..fb8b1784 --- /dev/null +++ b/src/libnacl/crypto_secretbox/wrapper-box.cpp @@ -0,0 +1,19 @@ +#include +using std::string; +#include "crypto_secretbox.h" + +string crypto_secretbox(const string &m,const string &n,const string &k) +{ + if (k.size() != crypto_secretbox_KEYBYTES) throw "incorrect key length"; + if (n.size() != crypto_secretbox_NONCEBYTES) throw "incorrect nonce length"; + size_t mlen = m.size() + crypto_secretbox_ZEROBYTES; + unsigned char mpad[mlen]; + for (int i = 0;i < crypto_secretbox_ZEROBYTES;++i) mpad[i] = 0; + for (int i = crypto_secretbox_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_secretbox_ZEROBYTES]; + unsigned char cpad[mlen]; + crypto_secretbox(cpad,mpad,mlen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()); + return string( + (char *) cpad + crypto_secretbox_BOXZEROBYTES, + mlen - crypto_secretbox_BOXZEROBYTES + ); +} diff --git a/src/libnacl/crypto_secretbox/wrapper-open.cpp b/src/libnacl/crypto_secretbox/wrapper-open.cpp new file mode 100644 index 00000000..07989813 --- /dev/null +++ b/src/libnacl/crypto_secretbox/wrapper-open.cpp @@ -0,0 +1,22 @@ +#include +using std::string; +#include "crypto_secretbox.h" + +string crypto_secretbox_open(const string &c,const string &n,const string &k) +{ + if (k.size() != crypto_secretbox_KEYBYTES) throw "incorrect key length"; + if (n.size() != crypto_secretbox_NONCEBYTES) throw "incorrect nonce length"; + size_t clen = c.size() + crypto_secretbox_BOXZEROBYTES; + unsigned char cpad[clen]; + for (int i = 0;i < crypto_secretbox_BOXZEROBYTES;++i) cpad[i] = 0; + for (int i = crypto_secretbox_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_secretbox_BOXZEROBYTES]; + unsigned char mpad[clen]; + if (crypto_secretbox_open(mpad,cpad,clen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()) != 0) + throw "ciphertext fails verification"; + if (clen < crypto_secretbox_ZEROBYTES) + throw "ciphertext too short"; // should have been caught by _open + return string( + (char *) mpad + crypto_secretbox_ZEROBYTES, + clen - crypto_secretbox_ZEROBYTES + ); +} diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum b/src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum new file mode 100644 index 00000000..af3c6897 --- /dev/null +++ b/src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum @@ -0,0 +1 @@ +df372f95dd87381b7c9ceb6f340ccaa03d19bed5d9e4ab004d99d847675a9658 diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h new file mode 100644 index 00000000..f5aeb356 --- /dev/null +++ b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 24 +#define CRYPTO_ZEROBYTES 32 +#define CRYPTO_BOXZEROBYTES 16 diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c new file mode 100644 index 00000000..f1abb06f --- /dev/null +++ b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c @@ -0,0 +1,35 @@ +#include "crypto_onetimeauth_poly1305.h" +#include "crypto_stream_xsalsa20.h" +#include "crypto_secretbox.h" + +int crypto_secretbox( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + int i; + if (mlen < 32) return -1; + crypto_stream_xsalsa20_xor(c,m,mlen,n,k); + crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c); + for (i = 0;i < 16;++i) c[i] = 0; + return 0; +} + +int crypto_secretbox_open( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + int i; + unsigned char subkey[32]; + if (clen < 32) return -1; + crypto_stream_xsalsa20(subkey,32,n,k); + if (crypto_onetimeauth_poly1305_verify(c + 16,c + 32,clen - 32,subkey) != 0) return -1; + crypto_stream_xsalsa20_xor(m,c,clen,n,k); + for (i = 0;i < 32;++i) m[i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/selected b/src/libnacl/crypto_secretbox/xsalsa20poly1305/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/used b/src/libnacl/crypto_secretbox/xsalsa20poly1305/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_sign/ed25519/description b/src/libnacl/crypto_sign/ed25519/description new file mode 100644 index 00000000..0dba8c46 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/description @@ -0,0 +1 @@ +EdDSA signatures using Curve25519 diff --git a/src/libnacl/crypto_sign/ed25519/designers b/src/libnacl/crypto_sign/ed25519/designers new file mode 100644 index 00000000..2a3a93a8 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/designers @@ -0,0 +1,5 @@ +Daniel J. Bernstein +Niels Duif +Tanja Lange +Peter Schwabe +Bo-Yin Yang diff --git a/src/libnacl/crypto_sign/ed25519/ref/api.h b/src/libnacl/crypto_sign/ed25519/ref/api.h new file mode 100644 index 00000000..1d0c9889 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_SECRETKEYBYTES 64 +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_BYTES 64 + diff --git a/src/libnacl/crypto_sign/ed25519/ref/ed25519.c b/src/libnacl/crypto_sign/ed25519/ref/ed25519.c new file mode 100644 index 00000000..125582aa --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ed25519.c @@ -0,0 +1,136 @@ +#include "crypto_sign.h" + +#include "crypto_verify_32.h" +#include "crypto_hash_sha512.h" +#include "randombytes.h" + +#include "ge25519.h" + +static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) +{ + unsigned long long i; + + for (i = 0;i < 32;++i) playground[i] = sm[i]; + for (i = 32;i < 64;++i) playground[i] = pk[i-32]; + for (i = 64;i < smlen;++i) playground[i] = sm[i]; + + crypto_hash_sha512(hram,playground,smlen); +} + + +int crypto_sign_keypair( + unsigned char *pk, + unsigned char *sk + ) +{ + sc25519 scsk; + ge25519 gepk; + unsigned char extsk[64]; + int i; + + randombytes(sk, 32); + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + sc25519_from32bytes(&scsk,extsk); + + ge25519_scalarmult_base(&gepk, &scsk); + ge25519_pack(pk, &gepk); + for(i=0;i<32;i++) + sk[32 + i] = pk[i]; + return 0; +} + +int crypto_sign( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk + ) +{ + sc25519 sck, scs, scsk; + ge25519 ger; + unsigned char r[32]; + unsigned char s[32]; + unsigned char extsk[64]; + unsigned long long i; + unsigned char hmg[crypto_hash_sha512_BYTES]; + unsigned char hram[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + *smlen = mlen+64; + for(i=0;i>= 31; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ + x >>= 31; /* 0: yes; 1: no */ + x ^= 1; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 times19(crypto_uint32 a) +{ + return (a << 4) + (a << 1) + a; +} + +static crypto_uint32 times38(crypto_uint32 a) +{ + return (a << 5) + (a << 2) + (a << 1); +} + +static void reduce_add_sub(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<4;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +void fe25519_freeze(fe25519 *r) +{ + int i; + crypto_uint32 m = equal(r->v[31],127); + for(i=30;i>0;i--) + m &= equal(r->v[i],255); + m &= ge(r->v[0],237); + + m = -m; + + r->v[31] -= m&127; + for(i=30;i>0;i--) + r->v[i] -= m&255; + r->v[0] -= m&237; +} + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced below 2^255 */ +void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + fe25519 y = *x; + fe25519_freeze(&y); + for(i=0;i<32;i++) + r[i] = y.v[i]; +} + +int fe25519_iszero(const fe25519 *x) +{ + int i; + fe25519 t = *x; + fe25519_freeze(&t); + int r = equal(t.v[0],0); + for(i=1;i<32;i++) + r &= equal(t.v[i],0); + return r; +} + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) +{ + fe25519 t1 = *x; + fe25519 t2 = *y; + fe25519_freeze(&t1); + fe25519_freeze(&t2); + int i; + for(i=0;i<32;i++) + if(t1.v[i] != t2.v[i]) return 0; + return 1; +} + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + int i; + crypto_uint32 mask = b; + mask = -mask; + for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t = *x; + fe25519_freeze(&t); + return t.v[0] & 1; +} + +void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + reduce_add_sub(r); +} + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + reduce_add_sub(r); +} + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + times38(t[i]); + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} + +void fe25519_pow2523(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t,&z2); + /* 8 */ fe25519_square(&t,&t); + /* 9 */ fe25519_mul(&z9,&t,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); + /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); + /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); + /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } + /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t,&t); + /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); + /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); + /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } + /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t,&t); + /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t,&t); + /* 2^252 - 2^2 */ fe25519_square(&t,&t); + /* 2^252 - 3 */ fe25519_mul(r,&t,x); +} diff --git a/src/libnacl/crypto_sign/ed25519/ref/fe25519.h b/src/libnacl/crypto_sign/ed25519/ref/fe25519.h new file mode 100644 index 00000000..4a449142 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/fe25519.h @@ -0,0 +1,62 @@ +#ifndef FE25519_H +#define FE25519_H + +#include "crypto_uint32.h" + +#define fe25519 crypto_sign_ed25519_ref_fe25519 +#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze +#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack +#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack +#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero +#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime +#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov +#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone +#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero +#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg +#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity +#define fe25519_add crypto_sign_ed25519_ref_fe25519_add +#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub +#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul +#define fe25519_square crypto_sign_ed25519_ref_fe25519_square +#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert +#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 + +typedef struct +{ + crypto_uint32 v[32]; +} +fe25519; + +void fe25519_freeze(fe25519 *r); + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +void fe25519_pack(unsigned char r[32], const fe25519 *x); + +int fe25519_iszero(const fe25519 *x); + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +void fe25519_setone(fe25519 *r); + +void fe25519_setzero(fe25519 *r); + +void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_square(fe25519 *r, const fe25519 *x); + +void fe25519_invert(fe25519 *r, const fe25519 *x); + +void fe25519_pow2523(fe25519 *r, const fe25519 *x); + +#endif diff --git a/src/libnacl/crypto_sign/ed25519/ref/ge25519.c b/src/libnacl/crypto_sign/ed25519/ref/ge25519.c new file mode 100644 index 00000000..7bc6c48b --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ge25519.c @@ -0,0 +1,310 @@ +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +/* d */ +static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, + 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; +/* 2*d */ +static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, + 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; +/* sqrt(-1) */ +static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, + 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; + +#define ge25519_p3 ge25519 + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +typedef struct +{ + fe25519 x; + fe25519 y; +} ge25519_aff; + + +/* Packed coordinates of the base point */ +const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, + 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, + 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; + +/* Multiples of the base point in affine representation */ +static const ge25519_aff ge25519_base_multiples_affine[425] = { +#include "ge25519_base.data" +}; + +static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(&r->x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) +{ + fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; + fe25519_mul(&qt, &q->x, &q->y); + fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_sub(&t1, &q->y, &q->x); + fe25519_add(&t2, &q->y, &q->x); + fe25519_mul(&a, &a, &t1); + fe25519_mul(&b, &b, &t2); + fe25519_sub(&e, &b, &a); /* E = B-A */ + fe25519_add(&h, &b, &a); /* H = B+A */ + fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ + fe25519_sub(&f, &d, &c); /* F = D-C */ + fe25519_add(&g, &d, &c); /* G = D+C */ + fe25519_mul(&r->x, &e, &f); + fe25519_mul(&r->y, &h, &g); + fe25519_mul(&r->z, &g, &f); + fe25519_mul(&r->t, &e, &h); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t; + + fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); /* E = B-A */ + fe25519_sub(&r->t, &d, &c); /* F = D-C */ + fe25519_add(&r->z, &d, &c); /* G = D+C */ + fe25519_add(&r->y, &b, &a); /* H = B+A */ +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); +} + +static unsigned char equal(signed char b,signed char c) +{ + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + crypto_uint32 y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; +} + +static unsigned char negative(signed char b) +{ + unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + x >>= 63; /* 1: yes; 0: no */ + return x; +} + +static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) +{ + /* constant time */ + fe25519 v; + *t = ge25519_base_multiples_affine[5*pos+0]; + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); + fe25519_neg(&v, &t->x); + fe25519_cmov(&t->x, &v, negative(b)); +} + +static void setneutral(ge25519 *r) +{ + fe25519_setzero(&r->x); + fe25519_setone(&r->y); + fe25519_setone(&r->z); + fe25519_setzero(&r->t); +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + fe25519 t, chk, num, den, den2, den4, den6; + fe25519_setone(&r->z); + unsigned char par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&num, &r->y); /* x = y^2 */ + fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ + fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ + fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + fe25519_square(&den2, &den); + fe25519_square(&den4, &den2); + fe25519_mul(&den6, &den4, &den2); + fe25519_mul(&t, &den6, &num); + fe25519_mul(&t, &t, &den); + + fe25519_pow2523(&t, &t); + /* 2. computation of r->x = t * num * den^3 */ + fe25519_mul(&t, &t, &num); + fe25519_mul(&t, &t, &den); + fe25519_mul(&t, &t, &den); + fe25519_mul(&r->x, &t, &den); + + /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); + + /* 4. Now we have one of the two square roots, except if input was not a square */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + return -1; + + /* 5. Choose the desired square root according to parity: */ + if(fe25519_getparity(&r->x) != (1-par)) + fe25519_neg(&r->x, &r->x); + + fe25519_mul(&r->t, &r->x, &r->y); + return 0; +} + +void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +int ge25519_isneutral_vartime(const ge25519_p3 *p) +{ + int ret = 1; + if(!fe25519_iszero(&p->x)) ret = 0; + if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; + return ret; +} + +/* computes [s1]p1 + [s2]p2 */ +void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) +{ + ge25519_p1p1 tp1p1; + ge25519_p3 pre[16]; + unsigned char b[127]; + + /* precomputation s2 s1 */ + setneutral(pre); /* 00 00 */ + pre[1] = *p1; /* 00 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ + add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ + pre[4] = *p2; /* 01 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ + add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ + add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ + add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ + add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ + add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ + + sc25519_2interleave2(b,s1,s2); + + /* scalar multiplication */ + *r = pre[b[126]]; + int i; + for(i=125;i>=0;i--) + { + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + p1p1_to_p2((ge25519_p2 *) r, &tp1p1); + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + if(b[i]!=0) + { + p1p1_to_p3(r, &tp1p1); + add_p1p1(&tp1p1, r, &pre[b[i]]); + } + if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + else p1p1_to_p3(r, &tp1p1); + } +} + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + signed char b[85]; + int i; + ge25519_aff t; + sc25519_window3(b,s); + + choose_t((ge25519_aff *)r, 0, b[0]); + fe25519_setone(&r->z); + fe25519_mul(&r->t, &r->x, &r->y); + for(i=1;i<85;i++) + { + choose_t(&t, (unsigned long long) i, b[i]); + ge25519_mixadd2(r, &t); + } +} diff --git a/src/libnacl/crypto_sign/ed25519/ref/ge25519.h b/src/libnacl/crypto_sign/ed25519/ref/ge25519.h new file mode 100644 index 00000000..3820492b --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ge25519.h @@ -0,0 +1,35 @@ +#ifndef GE25519_H +#define GE25519_H + +#include "fe25519.h" +#include "sc25519.h" + +#define ge25519 crypto_sign_ed25519_ref_ge25519 +#define ge25519_base crypto_sign_ed25519_ref_ge25519_base +#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime +#define ge25519_pack crypto_sign_ed25519_ref_pack +#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime +#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime +#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +const ge25519 ge25519_base; + +int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); + +void ge25519_pack(unsigned char r[32], const ge25519 *p); + +int ge25519_isneutral_vartime(const ge25519 *p); + +void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); + +void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif diff --git a/src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data b/src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data new file mode 100644 index 00000000..d2ef2c13 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data @@ -0,0 +1,850 @@ +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, +{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , + {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, +{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , + {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, +{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , + {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , + {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, +{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , + {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, +{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , + {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, +{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , + {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , + {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, +{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , + {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, +{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , + {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, +{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , + {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , + {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, +{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , + {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, +{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , + {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, +{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , + {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , + {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, +{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , + {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, +{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , + {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, +{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , + {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , + {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, +{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , + {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, +{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , + {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, +{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , + {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , + {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, +{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , + {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, +{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , + {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, +{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , + {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , + {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, +{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , + {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, +{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , + {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, +{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , + {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , + {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, +{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , + {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, +{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , + {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, +{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , + {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , + {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, +{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , + {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, +{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , + {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, +{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , + {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , + {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, +{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , + {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, +{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , + {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, +{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , + {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , + {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, +{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , + {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, +{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , + {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, +{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , + {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , + {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, +{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , + {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, +{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , + {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, +{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , + {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , + {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, +{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , + {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, +{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , + {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, +{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , + {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , + {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, +{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , + {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, +{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , + {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, +{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , + {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , + {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, +{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , + {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, +{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , + {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, +{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , + {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , + {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, +{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , + {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, +{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , + {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, +{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , + {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , + {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, +{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , + {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, +{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , + {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, +{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , + {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , + {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, +{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , + {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, +{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , + {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, +{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , + {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , + {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, +{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , + {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, +{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , + {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, +{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , + {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , + {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, +{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , + {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, +{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , + {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, +{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , + {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , + {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, +{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , + {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, +{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , + {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, +{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , + {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , + {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, +{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , + {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, +{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , + {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, +{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , + {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , + {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, +{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , + {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, +{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , + {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, +{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , + {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , + {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, +{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , + {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, +{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , + {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, +{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , + {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , + {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, +{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , + {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, +{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , + {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, +{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , + {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , + {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, +{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , + {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, +{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , + {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, +{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , + {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , + {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, +{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , + {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, +{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , + {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, +{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , + {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , + {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, +{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , + {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, +{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , + {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, +{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , + {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , + {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, +{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , + {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, +{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , + {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, +{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , + {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , + {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, +{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , + {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, +{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , + {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, +{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , + {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , + {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, +{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , + {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, +{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , + {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, +{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , + {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , + {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, +{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , + {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, +{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , + {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, +{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , + {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , + {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, +{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , + {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, +{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , + {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, +{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , + {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , + {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, +{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , + {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, +{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , + {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, +{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , + {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , + {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, +{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , + {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, +{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , + {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, +{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , + {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , + {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, +{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , + {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, +{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , + {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, +{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , + {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , + {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, +{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , + {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, +{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , + {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, +{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , + {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , + {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, +{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , + {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, +{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , + {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, +{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , + {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , + {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, +{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , + {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, +{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , + {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, +{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , + {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , + {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, +{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , + {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, +{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , + {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, +{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , + {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , + {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, +{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , + {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, +{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , + {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, +{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , + {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , + {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, +{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , + {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, +{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , + {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, +{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , + {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , + {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, +{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , + {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, +{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , + {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, +{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , + {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , + {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, +{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , + {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, +{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , + {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, +{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , + {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , + {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, +{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , + {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, +{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , + {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, +{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , + {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , + {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, +{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , + {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, +{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , + {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, +{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , + {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , + {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, +{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , + {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, +{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , + {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, +{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , + {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , + {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, +{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , + {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, +{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , + {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, +{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , + {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , + {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, +{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , + {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, +{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , + {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, +{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , + {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , + {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, +{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , + {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, +{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , + {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, +{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , + {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , + {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, +{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , + {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, +{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , + {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, +{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , + {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , + {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, +{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , + {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, +{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , + {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, +{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , + {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , + {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, +{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , + {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, +{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , + {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, +{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , + {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , + {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, +{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , + {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, +{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , + {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, +{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , + {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , + {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, +{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , + {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, +{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , + {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, +{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , + {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , + {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, +{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , + {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, +{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , + {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, +{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , + {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , + {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, +{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , + {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, +{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , + {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, +{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , + {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , + {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, +{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , + {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, +{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , + {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, +{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , + {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , + {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, +{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , + {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, +{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , + {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, +{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , + {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , + {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, +{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , + {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, +{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , + {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, +{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , + {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , + {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, +{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , + {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, +{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , + {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, +{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , + {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , + {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, +{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , + {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, +{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , + {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, +{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , + {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , + {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, +{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , + {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, +{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , + {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, +{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , + {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , + {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, +{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , + {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, +{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , + {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, +{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , + {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , + {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, +{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , + {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, +{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , + {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, +{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , + {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , + {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, +{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , + {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, +{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , + {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, +{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , + {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , + {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, +{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , + {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, +{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , + {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, +{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , + {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , + {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, +{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , + {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, +{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , + {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, +{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , + {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , + {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, +{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , + {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, +{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , + {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, +{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , + {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , + {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, +{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , + {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, +{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , + {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, +{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , + {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , + {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, +{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , + {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, +{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , + {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, +{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , + {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , + {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, +{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , + {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, +{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , + {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, +{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , + {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , + {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, +{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , + {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, +{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , + {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, +{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , + {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , + {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, +{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , + {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, +{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , + {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, +{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , + {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , + {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, +{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , + {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, +{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , + {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, +{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , + {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , + {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, +{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , + {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, +{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , + {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, +{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , + {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , + {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, +{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , + {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, +{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , + {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, +{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , + {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , + {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, +{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , + {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, +{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , + {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, +{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , + {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , + {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, +{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , + {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, +{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , + {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, +{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , + {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , + {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, +{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , + {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, +{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , + {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, +{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , + {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , + {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, +{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , + {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, +{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , + {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, +{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , + {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , + {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, +{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , + {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, +{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , + {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, +{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , + {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , + {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, +{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , + {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, +{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , + {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, +{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , + {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , + {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, +{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , + {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, +{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , + {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, +{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , + {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} diff --git a/src/libnacl/crypto_sign/ed25519/ref/implementors b/src/libnacl/crypto_sign/ed25519/ref/implementors new file mode 100644 index 00000000..9b5399a3 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/implementors @@ -0,0 +1,5 @@ +Daniel J. Bernstein +Niels Duif +Tanja Lange +lead: Peter Schwabe +Bo-Yin Yang diff --git a/src/libnacl/crypto_sign/ed25519/ref/sc25519.c b/src/libnacl/crypto_sign/ed25519/ref/sc25519.c new file mode 100644 index 00000000..4c304307 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/sc25519.c @@ -0,0 +1,298 @@ +#include "sc25519.h" + +/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ + x >>= 31; /* 0: no; 1: yes */ + return x; +} + +/* Reduce coefficients of r before calling reduce_add_sub */ +static void reduce_add_sub(sc25519 *r) +{ + crypto_uint32 pb = 0; + crypto_uint32 b; + crypto_uint32 mask; + int i; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + pb += m[i]; + b = lt(r->v[i],pb); + t[i] = r->v[i]-pb+(b<<8); + pb = b; + } + mask = b - 1; + for(i=0;i<32;i++) + r->v[i] ^= mask & (r->v[i] ^ t[i]); +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66]; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33]; + crypto_uint32 carry; + crypto_uint32 pb = 0; + crypto_uint32 b; + + for (i = 0;i < 66;++i) q2[i] = 0; + for (i = 0;i < 33;++i) r2[i] = 0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + pb += r2[i]; + b = lt(r1[i],pb); + r->v[i] = r1[i]-pb+(b<<8); + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + reduce_add_sub(r); + reduce_add_sub(r); +} + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<32;i++) t[i] = x[i]; + for(i=32;i<64;++i) t[i] = 0; + barrett_reduce(r, t); +} + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) +{ + int i; + for(i=0;i<16;i++) r->v[i] = x[i]; +} + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) +{ + int i; + for(i=0;i<16;i++) + r->v[i] = x->v[i]; + for(i=0;i<16;i++) + r->v[16+i] = 0; +} + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + +int sc25519_iszero_vartime(const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_isshort_vartime(const sc25519 *x) +{ + int i; + for(i=31;i>15;i--) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) +{ + int i; + for(i=31;i>=0;i--) + { + if(x->v[i] < y->v[i]) return 1; + if(x->v[i] > y->v[i]) return 0; + } + return 0; +} + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + reduce_add_sub(r); +} + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + crypto_uint32 b = 0; + crypto_uint32 t; + int i; + for(i=0;i<32;i++) + { + t = x->v[i] - y->v[i] - b; + r->v[i] = t & 255; + b = (t >> 8) & 1; + } +} + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y) +{ + sc25519 t; + sc25519_from_shortsc(&t, y); + sc25519_mul(r, x, &t); +} + +void sc25519_window3(signed char r[85], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<10;i++) + { + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + r[8*i+5] = (s->v[3*i+1] >> 7) & 7; + r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; + r[8*i+6] = (s->v[3*i+2] >> 2) & 7; + r[8*i+7] = (s->v[3*i+2] >> 5) & 7; + } + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + + /* Making it signed */ + carry = 0; + for(i=0;i<84;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 3; + r[i] &= 7; + carry = r[i] >> 2; + r[i] -= carry<<3; + } + r[84] += carry; +} + +void sc25519_window5(signed char r[51], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<6;i++) + { + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + r[8*i+3] = (s->v[5*i+1] >> 7) & 31; + r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; + r[8*i+4] = (s->v[5*i+2] >> 4) & 31; + r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; + r[8*i+5] = (s->v[5*i+3] >> 1) & 31; + r[8*i+6] = (s->v[5*i+3] >> 6) & 31; + r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; + r[8*i+7] = (s->v[5*i+4] >> 3) & 31; + } + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + + /* Making it signed */ + carry = 0; + for(i=0;i<50;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 5; + r[i] &= 31; + carry = r[i] >> 4; + r[i] -= carry<<5; + } + r[50] += carry; +} + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) +{ + int i; + for(i=0;i<31;i++) + { + r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); + r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); + r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); + r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); + } + r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); + r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); + r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); +} diff --git a/src/libnacl/crypto_sign/ed25519/ref/sc25519.h b/src/libnacl/crypto_sign/ed25519/ref/sc25519.h new file mode 100644 index 00000000..29622ef0 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/sc25519.h @@ -0,0 +1,72 @@ +#ifndef SC25519_H +#define SC25519_H + +#include "crypto_uint32.h" + +#define sc25519 crypto_sign_ed25519_ref_sc25519 +#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 +#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes +#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes +#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes +#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc +#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes +#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime +#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime +#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime +#define sc25519_add crypto_sign_ed25519_ref_sc25519_add +#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored +#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul +#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc +#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 +#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 +#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 + +typedef struct +{ + crypto_uint32 v[32]; +} +sc25519; + +typedef struct +{ + crypto_uint32 v[16]; +} +shortsc25519; + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + +int sc25519_iszero_vartime(const sc25519 *x); + +int sc25519_isshort_vartime(const sc25519 *x); + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); + +/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 + * with r[i] in {-4,...,3} + */ +void sc25519_window3(signed char r[85], const sc25519 *s); + +/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 + * with r[i] in {-16,...,15} + */ +void sc25519_window5(signed char r[51], const sc25519 *s); + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); + +#endif diff --git a/src/libnacl/crypto_sign/ed25519/selected b/src/libnacl/crypto_sign/ed25519/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_sign/ed25519/used b/src/libnacl/crypto_sign/ed25519/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h new file mode 100644 index 00000000..352240c0 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h @@ -0,0 +1,3 @@ +#define CRYPTO_SECRETKEYBYTES 64 +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_BYTES 64 diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c new file mode 100644 index 00000000..276b514d --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c @@ -0,0 +1,345 @@ +#include "fe25519.h" + +#define WINDOWSIZE 4 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<v[31] >> 7; + r->v[31] &= 127; + t *= 19; + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t *= 19; + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +static void freeze(fe25519 *r) +{ + int i; + unsigned int m = (r->v[31] == 127); + for(i=30;i>1;i--) + m *= (r->v[i] == 255); + m *= (r->v[0] >= 237); + + r->v[31] -= m*127; + for(i=30;i>0;i--) + r->v[i] -= m*255; + r->v[0] -= m*237; +} + +/*freeze input before calling isone*/ +static int isone(const fe25519 *x) +{ + int i; + int r = (x->v[0] == 1); + for(i=1;i<32;i++) + r *= (x->v[i] == 0); + return r; +} + +/*freeze input before calling iszero*/ +static int iszero(const fe25519 *x) +{ + int i; + int r = (x->v[0] == 0); + for(i=1;i<32;i++) + r *= (x->v[i] == 0); + return r; +} + + +static int issquare(const fe25519 *x) +{ + unsigned char e[32] = {0xf6,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3f}; /* (p-1)/2 */ + fe25519 t; + + fe25519_pow(&t,x,e); + freeze(&t); + return isone(&t) || iszero(&t); +} + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced mod 2^255 */ +void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + for(i=0;i<32;i++) + r[i] = x->v[i]; + + /* freeze byte array */ + unsigned int m = (r[31] == 127); /* XXX: some compilers might use branches; fix */ + for(i=30;i>1;i--) + m *= (r[i] == 255); + m *= (r[0] >= 237); + r[31] -= m*127; + for(i=30;i>0;i--) + r[i] -= m*255; + r[0] -= m*237; +} + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + unsigned char nb = 1-b; + int i; + for(i=0;i<32;i++) r->v[i] = nb * r->v[i] + b * x->v[i]; +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i] = x->v[i]; + freeze(&t); + return t.v[0] & 1; +} + +void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + reduce_add_sub(r); +} + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + reduce_add_sub(r); +} + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + 38*t[i]; + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +/*XXX: Make constant time! */ +void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e) +{ + /* + fe25519 g; + fe25519_setone(&g); + int i; + unsigned char j; + for(i=32;i>0;i--) + { + for(j=128;j>0;j>>=1) + { + fe25519_square(&g,&g); + if(e[i-1] & j) + fe25519_mul(&g,&g,x); + } + } + for(i=0;i<32;i++) r->v[i] = g.v[i]; + */ + fe25519 g; + fe25519_setone(&g); + int i,j,k; + fe25519 pre[(1 << WINDOWSIZE)]; + fe25519 t; + unsigned char w; + + // Precomputation + fe25519_setone(pre); + pre[1] = *x; + for(i=2;i<(1<0;i--) + { + for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE) + { + for(k=0;k>j) & WINDOWMASK; + t = pre[0]; + for(k=1;k<(1<v[i]; + fe25519_pow(&d,&d,e3); + for(i=0;i<32;i++) + r->v[i] = 2*x->v[i]; + fe25519_mul(r,r,&d); + } + freeze(r); + if((r->v[0] & 1) != (parity & 1)) + { + fe25519_sub(r,&p,r); + } + return 0; +} + +void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h new file mode 100644 index 00000000..98c613fa --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h @@ -0,0 +1,54 @@ +#ifndef FE25519_H +#define FE25519_H + +#define fe25519 crypto_sign_edwards25519sha512batch_fe25519 +#define fe25519_unpack crypto_sign_edwards25519sha512batch_fe25519_unpack +#define fe25519_pack crypto_sign_edwards25519sha512batch_fe25519_pack +#define fe25519_cmov crypto_sign_edwards25519sha512batch_fe25519_cmov +#define fe25519_setone crypto_sign_edwards25519sha512batch_fe25519_setone +#define fe25519_setzero crypto_sign_edwards25519sha512batch_fe25519_setzero +#define fe25519_neg crypto_sign_edwards25519sha512batch_fe25519_neg +#define fe25519_getparity crypto_sign_edwards25519sha512batch_fe25519_getparity +#define fe25519_add crypto_sign_edwards25519sha512batch_fe25519_add +#define fe25519_sub crypto_sign_edwards25519sha512batch_fe25519_sub +#define fe25519_mul crypto_sign_edwards25519sha512batch_fe25519_mul +#define fe25519_square crypto_sign_edwards25519sha512batch_fe25519_square +#define fe25519_pow crypto_sign_edwards25519sha512batch_fe25519_pow +#define fe25519_sqrt_vartime crypto_sign_edwards25519sha512batch_fe25519_sqrt_vartime +#define fe25519_invert crypto_sign_edwards25519sha512batch_fe25519_invert + +#include "crypto_uint32.h" + +typedef struct { + crypto_uint32 v[32]; +} fe25519; + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +void fe25519_pack(unsigned char r[32], const fe25519 *x); + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +void fe25519_setone(fe25519 *r); + +void fe25519_setzero(fe25519 *r); + +void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_square(fe25519 *r, const fe25519 *x); + +void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); + +int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity); + +void fe25519_invert(fe25519 *r, const fe25519 *x); + +#endif diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c new file mode 100644 index 00000000..917798ac --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c @@ -0,0 +1,227 @@ +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +#define ge25519_p3 ge25519 + +/* Windowsize for fixed-window scalar multiplication */ +#define WINDOWSIZE 2 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_p3(ge25519_p3 *r, const ge25519_p3 *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); + fe25519_cmov(&r->z, &p->z, b); + fe25519_cmov(&r->t, &p->t, b); +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t, fd; + fe25519_unpack(&fd, ecd); + + fe25519_sub(&a, &p->y, &p->x); // A = (Y1-X1)*(Y2-X2) + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); // B = (Y1+X1)*(Y2+X2) + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); //C = T1*k*T2 + fe25519_mul(&c, &c, &fd); + fe25519_add(&c, &c, &c); //XXX: Can save this addition by precomputing 2*ecd + fe25519_mul(&d, &p->z, &q->z); //D = Z1*2*Z2 + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); // E = B-A + fe25519_sub(&r->t, &d, &c); // F = D-C + fe25519_add(&r->z, &d, &c); // G = D+C + fe25519_add(&r->y, &b, &a); // H = B+A +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpack_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + int ret; + fe25519 t, fd; + fe25519_setone(&r->z); + fe25519_unpack(&fd, ecd); + unsigned char par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&r->x, &r->y); + fe25519_mul(&t, &r->x, &fd); + fe25519_sub(&r->x, &r->x, &r->z); + fe25519_add(&t, &r->z, &t); + fe25519_invert(&t, &t); + fe25519_mul(&r->x, &r->x, &t); + ret = fe25519_sqrt_vartime(&r->x, &r->x, par); + fe25519_mul(&r->t, &r->x, &r->y); + return ret; +} + +void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +void ge25519_add(ge25519_p3 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + ge25519_p1p1 grp1p1; + add_p1p1(&grp1p1, p, q); + p1p1_to_p3(r, &grp1p1); +} + +void ge25519_double(ge25519_p3 *r, const ge25519_p3 *p) +{ + ge25519_p1p1 grp1p1; + dbl_p1p1(&grp1p1, (ge25519_p2 *)p); + p1p1_to_p3(r, &grp1p1); +} + +void ge25519_scalarmult(ge25519_p3 *r, const ge25519_p3 *p, const sc25519 *s) +{ + int i,j,k; + ge25519_p3 g; + fe25519_unpack(&g.x, ge25519_neutral_x); + fe25519_unpack(&g.y, ge25519_neutral_y); + fe25519_unpack(&g.z, ge25519_neutral_z); + fe25519_unpack(&g.t, ge25519_neutral_t); + + ge25519_p3 pre[(1 << WINDOWSIZE)]; + ge25519_p3 t; + ge25519_p1p1 tp1p1; + unsigned char w; + unsigned char sb[32]; + sc25519_to32bytes(sb, s); + + // Precomputation + pre[0] = g; + pre[1] = *p; + for(i=2;i<(1<0;i--) + { + for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE) + { + for(k=0;k>j) & WINDOWMASK; + t = pre[0]; + for(k=1;k<(1<x = g.x; + r->y = g.y; + r->z = g.z; + r->t = g.t; +} + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + /* XXX: Better algorithm for known-base-point scalar multiplication */ + ge25519_p3 t; + fe25519_unpack(&t.x, ge25519_base_x); + fe25519_unpack(&t.y, ge25519_base_y); + fe25519_unpack(&t.z, ge25519_base_z); + fe25519_unpack(&t.t, ge25519_base_t); + ge25519_scalarmult(r, &t, s); +} diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h new file mode 100644 index 00000000..49ad163a --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h @@ -0,0 +1,34 @@ +#ifndef GE25519_H +#define GE25519_H + +#include "fe25519.h" +#include "sc25519.h" + +#define ge25519 crypto_sign_edwards25519sha512batch_ge25519 +#define ge25519_unpack_vartime crypto_sign_edwards25519sha512batch_ge25519_unpack_vartime +#define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack +#define ge25519_add crypto_sign_edwards25519sha512batch_ge25519_add +#define ge25519_double crypto_sign_edwards25519sha512batch_ge25519_double +#define ge25519_scalarmult crypto_sign_edwards25519sha512batch_ge25519_scalarmult +#define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base + +typedef struct { + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +int ge25519_unpack_vartime(ge25519 *r, const unsigned char p[32]); + +void ge25519_pack(unsigned char r[32], const ge25519 *p); + +void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q); + +void ge25519_double(ge25519 *r, const ge25519 *p); + +void ge25519_scalarmult(ge25519 *r, const ge25519 *p, const sc25519 *s); + +void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c new file mode 100644 index 00000000..ad232d78 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c @@ -0,0 +1,146 @@ +#include "sc25519.h" + +/*Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +/* Reduce coefficients of r before calling reduce_add_sub */ +static void reduce_add_sub(sc25519 *r) +{ + int i, b, pb=0, nb; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + b = (r->v[i]v[i]-pb-m[i]+b*256; + pb = b; + } + nb = 1-b; + for(i=0;i<32;i++) + r->v[i] = r->v[i]*b + t[i]*nb; +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66] = {0}; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33] = {0}; + crypto_uint32 carry; + int b, pb=0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + b = (r1[i]v[i] = r1[i]-pb-r2[i]+b*256; + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + reduce_add_sub(r); + reduce_add_sub(r); +} + +/* +static int iszero(const sc25519 *x) +{ + // Implement + return 0; +} +*/ + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64] = {0}; + for(i=0;i<32;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64] = {0}; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +/* XXX: What we actually want for crypto_group is probably just something like + * void sc25519_frombytes(sc25519 *r, const unsigned char *x, size_t xlen) + */ + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + reduce_add_sub(r); +} + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + +void sc25519_square(sc25519 *r, const sc25519 *x) +{ + sc25519_mul(r, x, x); +} diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h new file mode 100644 index 00000000..f791dea4 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h @@ -0,0 +1,51 @@ +#ifndef SC25519_H +#define SC25519_H + +#define sc25519 crypto_sign_edwards25519sha512batch_sc25519 +#define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes +#define sc25519_from64bytes crypto_sign_edwards25519sha512batch_sc25519_from64bytes +#define sc25519_to32bytes crypto_sign_edwards25519sha512batch_sc25519_to32bytes +#define sc25519_pack crypto_sign_edwards25519sha512batch_sc25519_pack +#define sc25519_getparity crypto_sign_edwards25519sha512batch_sc25519_getparity +#define sc25519_setone crypto_sign_edwards25519sha512batch_sc25519_setone +#define sc25519_setzero crypto_sign_edwards25519sha512batch_sc25519_setzero +#define sc25519_neg crypto_sign_edwards25519sha512batch_sc25519_neg +#define sc25519_add crypto_sign_edwards25519sha512batch_sc25519_add +#define sc25519_sub crypto_sign_edwards25519sha512batch_sc25519_sub +#define sc25519_mul crypto_sign_edwards25519sha512batch_sc25519_mul +#define sc25519_square crypto_sign_edwards25519sha512batch_sc25519_square +#define sc25519_invert crypto_sign_edwards25519sha512batch_sc25519_invert + +#include "crypto_uint32.h" + +typedef struct { + crypto_uint32 v[32]; +} sc25519; + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + +void sc25519_pack(unsigned char r[32], const sc25519 *x); + +unsigned char sc25519_getparity(const sc25519 *x); + +void sc25519_setone(sc25519 *r); + +void sc25519_setzero(sc25519 *r); + +void sc25519_neg(sc25519 *r, const sc25519 *x); + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_sub(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_square(sc25519 *r, const sc25519 *x); + +void sc25519_invert(sc25519 *r, const sc25519 *x); + +#endif diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c new file mode 100644 index 00000000..eb2740a1 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c @@ -0,0 +1,103 @@ +#include "api.h" +#include "crypto_sign.h" +#include "crypto_hash_sha512.h" +#include "randombytes.h" +#include "crypto_verify_32.h" + +#include "ge25519.h" + +int crypto_sign_keypair( + unsigned char *pk, + unsigned char *sk + ) +{ + sc25519 scsk; + ge25519 gepk; + + randombytes(sk, 32); + crypto_hash_sha512(sk, sk, 32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + sc25519_from32bytes(&scsk,sk); + + ge25519_scalarmult_base(&gepk, &scsk); + ge25519_pack(pk, &gepk); + return 0; +} + +int crypto_sign( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk + ) +{ + sc25519 sck, scs, scsk; + ge25519 ger; + unsigned char r[32]; + unsigned char s[32]; + unsigned long long i; + unsigned char hmg[crypto_hash_sha512_BYTES]; + unsigned char hmr[crypto_hash_sha512_BYTES]; + + *smlen = mlen+64; + for(i=0;i +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_sign.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_sign_IMPLEMENTATION; +const char *implementationversion = crypto_sign_VERSION; +const char *sizenames[] = { "outputbytes", "publickeybytes", "secretkeybytes", 0 }; +const long long sizes[] = { crypto_sign_BYTES, crypto_sign_PUBLICKEYBYTES, crypto_sign_SECRETKEYBYTES }; + +#define MAXTEST_BYTES 100000 + +static unsigned char *pk; +static unsigned char *sk; +static unsigned char *m; unsigned long long mlen; +static unsigned char *sm; unsigned long long smlen; +static unsigned char *t; unsigned long long tlen; + +void preallocate(void) +{ +#ifdef RAND_R_PRNG_NOT_SEEDED + RAND_status(); +#endif +} + +void allocate(void) +{ + pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES); + sk = alignedcalloc(crypto_sign_SECRETKEYBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); +} + +#define TIMINGS 31 +static long long cycles[TIMINGS + 1]; +static long long bytes[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + + for (loop = 0;loop < LOOPS;++loop) { + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_sign_keypair(pk,sk); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 4) { + randombytes(m,mlen); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + bytes[i] = crypto_sign(sm,&smlen,m,mlen,sk); + if (bytes[i] == 0) bytes[i] = smlen; + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + printentry(mlen,"bytes",bytes,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + bytes[i] = crypto_sign_open(t,&tlen,sm,smlen,pk); + if (bytes[i] == 0) bytes[i] = tlen; + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + printentry(mlen,"open_bytes",bytes,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_sign/try.c b/src/libnacl/crypto_sign/try.c new file mode 100644 index 00000000..961a93ff --- /dev/null +++ b/src/libnacl/crypto_sign/try.c @@ -0,0 +1,87 @@ +/* + * crypto_sign/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "randombytes.h" +#include "crypto_sign.h" +#include "windows/windows-quirks.h" + +#define MAXTEST_BYTES 10000 +#define TUNE_BYTES 1536 + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_sign_IMPLEMENTATION; + +static unsigned char *pk; +static unsigned char *sk; +static unsigned char *m; unsigned long long mlen; +static unsigned char *sm; unsigned long long smlen; +static unsigned char *t; unsigned long long tlen; + +void preallocate(void) +{ +#ifdef RAND_R_PRNG_NOT_SEEDED + RAND_status(); +#endif +} + +void allocate(void) +{ + pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES); + sk = alignedcalloc(crypto_sign_SECRETKEYBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); +} + +void predoit(void) +{ + crypto_sign_keypair(pk,sk); + mlen = TUNE_BYTES; + smlen = 0; + randombytes(m,mlen); + crypto_sign(sm,&smlen,m,mlen,sk); +} + +void doit(void) +{ + crypto_sign_open(t,&tlen,sm,smlen,pk); +} + +char checksum[crypto_sign_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long mlen; + long long i; + long long j; + + if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero"; + for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) { + if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero"; + if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero"; + if (tlen != mlen) return "crypto_sign_open does not match length"; + for (i = 0;i < tlen;++i) + if (t[i] != m[i]) + return "crypto_sign_open does not match contents"; + + j = random() % smlen; + sm[j] ^= 1; + if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) { + if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length"; + for (i = 0;i < tlen;++i) + if (t[i] != m[i]) + return "crypto_sign_open allows trivial forgery of contents"; + } + sm[j] ^= 1; + + } + + /* do some long-term checksum */ + checksum[0] = 0; + return 0; +} diff --git a/src/libnacl/crypto_sign/wrapper-keypair.cpp b/src/libnacl/crypto_sign/wrapper-keypair.cpp new file mode 100644 index 00000000..3687465d --- /dev/null +++ b/src/libnacl/crypto_sign/wrapper-keypair.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_sign.h" + +string crypto_sign_keypair(string *sk_string) +{ + unsigned char pk[crypto_sign_PUBLICKEYBYTES]; + unsigned char sk[crypto_sign_SECRETKEYBYTES]; + crypto_sign_keypair(pk,sk); + *sk_string = string((char *) sk,sizeof sk); + return string((char *) pk,sizeof pk); +} diff --git a/src/libnacl/crypto_sign/wrapper-sign-open.cpp b/src/libnacl/crypto_sign/wrapper-sign-open.cpp new file mode 100644 index 00000000..346e9400 --- /dev/null +++ b/src/libnacl/crypto_sign/wrapper-sign-open.cpp @@ -0,0 +1,24 @@ +#include +using std::string; +#include "crypto_sign.h" + +string crypto_sign_open(const string &sm_string, const string &pk_string) +{ + if (pk_string.size() != crypto_sign_PUBLICKEYBYTES) throw "incorrect public-key length"; + size_t smlen = sm_string.size(); + unsigned char m[smlen]; + unsigned long long mlen; + for (int i = 0;i < smlen;++i) m[i] = sm_string[i]; + if (crypto_sign_open( + m, + &mlen, + m, + smlen, + (const unsigned char *) pk_string.c_str() + ) != 0) + throw "ciphertext fails verification"; + return string( + (char *) m, + mlen + ); +} diff --git a/src/libnacl/crypto_sign/wrapper-sign.cpp b/src/libnacl/crypto_sign/wrapper-sign.cpp new file mode 100644 index 00000000..e5234ae6 --- /dev/null +++ b/src/libnacl/crypto_sign/wrapper-sign.cpp @@ -0,0 +1,22 @@ +#include +using std::string; +#include "crypto_sign.h" + +string crypto_sign(const string &m_string, const string &sk_string) +{ + if (sk_string.size() != crypto_sign_SECRETKEYBYTES) throw "incorrect secret-key length"; + size_t mlen = m_string.size(); + unsigned char sm[mlen+crypto_sign_BYTES]; + unsigned long long smlen; + crypto_sign( + sm, + &smlen, + (const unsigned char *) m_string.data(), + mlen, + (const unsigned char *) sk_string.data() + ); + return string( + (char *) sm, + smlen + ); +} diff --git a/src/libnacl/crypto_stream/aes128ctr/checksum b/src/libnacl/crypto_stream/aes128ctr/checksum new file mode 100644 index 00000000..92865436 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/checksum @@ -0,0 +1 @@ +6e9966897837aae181e93261ae88fdf0 diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/afternm.c b/src/libnacl/crypto_stream/aes128ctr/portable/afternm.c new file mode 100644 index 00000000..93c96e42 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/afternm.c @@ -0,0 +1,158 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + * Date: 2009-03-19 + * Public domain */ + +#include "int128.h" +#include "common.h" +#include "consts.h" +#include "crypto_stream.h" + +int crypto_stream_afternm(unsigned char *outp, unsigned long long len, const unsigned char *noncep, const unsigned char *c) +{ + + int128 xmm0; + int128 xmm1; + int128 xmm2; + int128 xmm3; + int128 xmm4; + int128 xmm5; + int128 xmm6; + int128 xmm7; + + int128 xmm8; + int128 xmm9; + int128 xmm10; + int128 xmm11; + int128 xmm12; + int128 xmm13; + int128 xmm14; + int128 xmm15; + + int128 nonce_stack; + unsigned long long lensav; + unsigned char bl[128]; + unsigned char *blp; + unsigned char b; + + uint32 tmp; + + /* Copy nonce on the stack */ + copy2(&nonce_stack, (int128 *) (noncep + 0)); + unsigned char *np = (unsigned char *)&nonce_stack; + + enc_block: + + xmm0 = *(int128 *) (np + 0); + copy2(&xmm1, &xmm0); + shufb(&xmm1, SWAP32); + copy2(&xmm2, &xmm1); + copy2(&xmm3, &xmm1); + copy2(&xmm4, &xmm1); + copy2(&xmm5, &xmm1); + copy2(&xmm6, &xmm1); + copy2(&xmm7, &xmm1); + + add_uint32_big(&xmm1, 1); + add_uint32_big(&xmm2, 2); + add_uint32_big(&xmm3, 3); + add_uint32_big(&xmm4, 4); + add_uint32_big(&xmm5, 5); + add_uint32_big(&xmm6, 6); + add_uint32_big(&xmm7, 7); + + shufb(&xmm0, M0); + shufb(&xmm1, M0SWAP); + shufb(&xmm2, M0SWAP); + shufb(&xmm3, M0SWAP); + shufb(&xmm4, M0SWAP); + shufb(&xmm5, M0SWAP); + shufb(&xmm6, M0SWAP); + shufb(&xmm7, M0SWAP); + + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8) + + aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + + bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0) + + if(len < 128) goto partial; + if(len == 128) goto full; + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + len -= 128; + outp += 128; + + goto enc_block; + + partial: + + lensav = len; + len >>= 4; + + tmp = load32_bigendian(np + 12); + tmp += len; + store32_bigendian(np + 12, tmp); + + blp = bl; + *(int128 *)(blp + 0) = xmm8; + *(int128 *)(blp + 16) = xmm9; + *(int128 *)(blp + 32) = xmm12; + *(int128 *)(blp + 48) = xmm14; + *(int128 *)(blp + 64) = xmm11; + *(int128 *)(blp + 80) = xmm15; + *(int128 *)(blp + 96) = xmm10; + *(int128 *)(blp + 112) = xmm13; + + bytes: + + if(lensav == 0) goto end; + + b = blp[0]; + *(unsigned char *)(outp + 0) = b; + + blp += 1; + outp +=1; + lensav -= 1; + + goto bytes; + + full: + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + end: + return 0; + +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/api.h b/src/libnacl/crypto_stream/aes128ctr/portable/api.h new file mode 100644 index 00000000..62fc8d88 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/api.h @@ -0,0 +1,3 @@ +#define CRYPTO_KEYBYTES 16 +#define CRYPTO_NONCEBYTES 16 +#define CRYPTO_BEFORENMBYTES 1408 diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c b/src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c new file mode 100644 index 00000000..8fa2673d --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c @@ -0,0 +1,59 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + * Date: 2009-03-19 + * Public domain */ + +#include "consts.h" +#include "int128.h" +#include "common.h" +#include "crypto_stream.h" + +int crypto_stream_beforenm(unsigned char *c, const unsigned char *k) +{ + + /* + int64 x0; + int64 x1; + int64 x2; + int64 x3; + int64 e; + int64 q0; + int64 q1; + int64 q2; + int64 q3; + */ + + int128 xmm0; + int128 xmm1; + int128 xmm2; + int128 xmm3; + int128 xmm4; + int128 xmm5; + int128 xmm6; + int128 xmm7; + int128 xmm8; + int128 xmm9; + int128 xmm10; + int128 xmm11; + int128 xmm12; + int128 xmm13; + int128 xmm14; + int128 xmm15; + int128 t; + + bitslicekey0(k, c) + + keyexpbs1(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm1);, 2,c) + keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm6);, 3,c) + keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 4,c) + + keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 5,c) + keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm5);, 6,c) + keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 7,c) + keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm7);, 8,c) + + keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm0); xor_rcon(&xmm1); xor_rcon(&xmm6); xor_rcon(&xmm3);, 9,c) + keyexpbs10(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + + return 0; +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/common.c b/src/libnacl/crypto_stream/aes128ctr/portable/common.c new file mode 100644 index 00000000..14a28cc6 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/common.c @@ -0,0 +1,64 @@ +#include "common.h" + +uint32 load32_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +void store32_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +uint32 load32_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +void store32_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + + +uint64 load64_littleendian(const unsigned char *x) +{ + return + (uint64) (x[0]) \ + | (((uint64) (x[1])) << 8) \ + | (((uint64) (x[2])) << 16) \ + | (((uint64) (x[3])) << 24) + | (((uint64) (x[4])) << 32) + | (((uint64) (x[5])) << 40) + | (((uint64) (x[6])) << 48) + | (((uint64) (x[7])) << 56) + ; +} + +void store64_littleendian(unsigned char *x,uint64 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; u >>= 8; + x[4] = u; u >>= 8; + x[5] = u; u >>= 8; + x[6] = u; u >>= 8; + x[7] = u; +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/common.h b/src/libnacl/crypto_stream/aes128ctr/portable/common.h new file mode 100644 index 00000000..e6e60dc2 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/common.h @@ -0,0 +1,788 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + Date: 2009-03-19 + Public domain */ +#ifndef COMMON_H +#define COMMON_H + +#include "types.h" + +#define load32_bigendian crypto_stream_aes128ctr_portable_load32_bigendian +uint32 load32_bigendian(const unsigned char *x); + +#define store32_bigendian crypto_stream_aes128ctr_portable_store32_bigendian +void store32_bigendian(unsigned char *x,uint32 u); + +#define load32_littleendian crypto_stream_aes128ctr_portable_load32_littleendian +uint32 load32_littleendian(const unsigned char *x); + +#define store32_littleendian crypto_stream_aes128ctr_portable_store32_littleendian +void store32_littleendian(unsigned char *x,uint32 u); + +#define load64_littleendian crypto_stream_aes128ctr_portable_load64_littleendian +uint64 load64_littleendian(const unsigned char *x); + +#define store64_littleendian crypto_stream_aes128ctr_portable_store64_littleendian +void store64_littleendian(unsigned char *x,uint64 u); + +/* Macros required only for key expansion */ + +#define keyexpbs1(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \ + rotbyte(&b0);\ + rotbyte(&b1);\ + rotbyte(&b2);\ + rotbyte(&b3);\ + rotbyte(&b4);\ + rotbyte(&b5);\ + rotbyte(&b6);\ + rotbyte(&b7);\ + ;\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + ;\ + xor_rcon(&b0);\ + shufb(&b0, EXPB0);\ + shufb(&b1, EXPB0);\ + shufb(&b4, EXPB0);\ + shufb(&b6, EXPB0);\ + shufb(&b3, EXPB0);\ + shufb(&b7, EXPB0);\ + shufb(&b2, EXPB0);\ + shufb(&b5, EXPB0);\ + shufb(&b0, EXPB0);\ + ;\ + t0 = *(int128 *)(bskey + 0);\ + t1 = *(int128 *)(bskey + 16);\ + t2 = *(int128 *)(bskey + 32);\ + t3 = *(int128 *)(bskey + 48);\ + t4 = *(int128 *)(bskey + 64);\ + t5 = *(int128 *)(bskey + 80);\ + t6 = *(int128 *)(bskey + 96);\ + t7 = *(int128 *)(bskey + 112);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + *(int128 *)(bskey + 128) = b0;\ + *(int128 *)(bskey + 144) = b1;\ + *(int128 *)(bskey + 160) = b4;\ + *(int128 *)(bskey + 176) = b6;\ + *(int128 *)(bskey + 192) = b3;\ + *(int128 *)(bskey + 208) = b7;\ + *(int128 *)(bskey + 224) = b2;\ + *(int128 *)(bskey + 240) = b5;\ + +#define keyexpbs10(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) ;\ + toggle(&b0);\ + toggle(&b1);\ + toggle(&b5);\ + toggle(&b6);\ + rotbyte(&b0);\ + rotbyte(&b1);\ + rotbyte(&b2);\ + rotbyte(&b3);\ + rotbyte(&b4);\ + rotbyte(&b5);\ + rotbyte(&b6);\ + rotbyte(&b7);\ + ;\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + ;\ + xor_rcon(&b1);\ + xor_rcon(&b4);\ + xor_rcon(&b3);\ + xor_rcon(&b7);\ + shufb(&b0, EXPB0);\ + shufb(&b1, EXPB0);\ + shufb(&b4, EXPB0);\ + shufb(&b6, EXPB0);\ + shufb(&b3, EXPB0);\ + shufb(&b7, EXPB0);\ + shufb(&b2, EXPB0);\ + shufb(&b5, EXPB0);\ + ;\ + t0 = *(int128 *)(bskey + 9 * 128 + 0);\ + t1 = *(int128 *)(bskey + 9 * 128 + 16);\ + t2 = *(int128 *)(bskey + 9 * 128 + 32);\ + t3 = *(int128 *)(bskey + 9 * 128 + 48);\ + t4 = *(int128 *)(bskey + 9 * 128 + 64);\ + t5 = *(int128 *)(bskey + 9 * 128 + 80);\ + t6 = *(int128 *)(bskey + 9 * 128 + 96);\ + t7 = *(int128 *)(bskey + 9 * 128 + 112);\ + ;\ + toggle(&t0);\ + toggle(&t1);\ + toggle(&t5);\ + toggle(&t6);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + shufb(&b0, M0);\ + shufb(&b1, M0);\ + shufb(&b2, M0);\ + shufb(&b3, M0);\ + shufb(&b4, M0);\ + shufb(&b5, M0);\ + shufb(&b6, M0);\ + shufb(&b7, M0);\ + ;\ + *(int128 *)(bskey + 1280) = b0;\ + *(int128 *)(bskey + 1296) = b1;\ + *(int128 *)(bskey + 1312) = b4;\ + *(int128 *)(bskey + 1328) = b6;\ + *(int128 *)(bskey + 1344) = b3;\ + *(int128 *)(bskey + 1360) = b7;\ + *(int128 *)(bskey + 1376) = b2;\ + *(int128 *)(bskey + 1392) = b5;\ + + +#define keyexpbs(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, rcon, i, bskey) \ + toggle(&b0);\ + toggle(&b1);\ + toggle(&b5);\ + toggle(&b6);\ + rotbyte(&b0);\ + rotbyte(&b1);\ + rotbyte(&b2);\ + rotbyte(&b3);\ + rotbyte(&b4);\ + rotbyte(&b5);\ + rotbyte(&b6);\ + rotbyte(&b7);\ + ;\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + ;\ + rcon;\ + shufb(&b0, EXPB0);\ + shufb(&b1, EXPB0);\ + shufb(&b4, EXPB0);\ + shufb(&b6, EXPB0);\ + shufb(&b3, EXPB0);\ + shufb(&b7, EXPB0);\ + shufb(&b2, EXPB0);\ + shufb(&b5, EXPB0);\ + ;\ + t0 = *(int128 *)(bskey + (i-1) * 128 + 0);\ + t1 = *(int128 *)(bskey + (i-1) * 128 + 16);\ + t2 = *(int128 *)(bskey + (i-1) * 128 + 32);\ + t3 = *(int128 *)(bskey + (i-1) * 128 + 48);\ + t4 = *(int128 *)(bskey + (i-1) * 128 + 64);\ + t5 = *(int128 *)(bskey + (i-1) * 128 + 80);\ + t6 = *(int128 *)(bskey + (i-1) * 128 + 96);\ + t7 = *(int128 *)(bskey + (i-1) * 128 + 112);\ + ;\ + toggle(&t0);\ + toggle(&t1);\ + toggle(&t5);\ + toggle(&t6);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + *(int128 *)(bskey + i*128 + 0) = b0;\ + *(int128 *)(bskey + i*128 + 16) = b1;\ + *(int128 *)(bskey + i*128 + 32) = b4;\ + *(int128 *)(bskey + i*128 + 48) = b6;\ + *(int128 *)(bskey + i*128 + 64) = b3;\ + *(int128 *)(bskey + i*128 + 80) = b7;\ + *(int128 *)(bskey + i*128 + 96) = b2;\ + *(int128 *)(bskey + i*128 + 112) = b5;\ + +/* Macros used in multiple contexts */ + +#define bitslicekey0(key, bskey) \ + xmm0 = *(int128 *) (key + 0);\ + shufb(&xmm0, M0);\ + copy2(&xmm1, &xmm0);\ + copy2(&xmm2, &xmm0);\ + copy2(&xmm3, &xmm0);\ + copy2(&xmm4, &xmm0);\ + copy2(&xmm5, &xmm0);\ + copy2(&xmm6, &xmm0);\ + copy2(&xmm7, &xmm0);\ + ;\ + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\ + ;\ + *(int128 *) (bskey + 0) = xmm0;\ + *(int128 *) (bskey + 16) = xmm1;\ + *(int128 *) (bskey + 32) = xmm2;\ + *(int128 *) (bskey + 48) = xmm3;\ + *(int128 *) (bskey + 64) = xmm4;\ + *(int128 *) (bskey + 80) = xmm5;\ + *(int128 *) (bskey + 96) = xmm6;\ + *(int128 *) (bskey + 112) = xmm7;\ + + +#define bitslicekey10(key, bskey) \ + xmm0 = *(int128 *) (key + 0);\ + copy2(xmm1, xmm0);\ + copy2(xmm2, xmm0);\ + copy2(xmm3, xmm0);\ + copy2(xmm4, xmm0);\ + copy2(xmm5, xmm0);\ + copy2(xmm6, xmm0);\ + copy2(xmm7, xmm0);\ + ;\ + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\ + ;\ + toggle(&xmm6);\ + toggle(&xmm5);\ + toggle(&xmm1);\ + toggle(&xmm0);\ + ;\ + *(int128 *) (bskey + 0 + 1280) = xmm0;\ + *(int128 *) (bskey + 16 + 1280) = xmm1;\ + *(int128 *) (bskey + 32 + 1280) = xmm2;\ + *(int128 *) (bskey + 48 + 1280) = xmm3;\ + *(int128 *) (bskey + 64 + 1280) = xmm4;\ + *(int128 *) (bskey + 80 + 1280) = xmm5;\ + *(int128 *) (bskey + 96 + 1280) = xmm6;\ + *(int128 *) (bskey + 112 + 1280) = xmm7;\ + + +#define bitslicekey(i,key,bskey) \ + xmm0 = *(int128 *) (key + 0);\ + shufb(&xmm0, M0);\ + copy2(&xmm1, &xmm0);\ + copy2(&xmm2, &xmm0);\ + copy2(&xmm3, &xmm0);\ + copy2(&xmm4, &xmm0);\ + copy2(&xmm5, &xmm0);\ + copy2(&xmm6, &xmm0);\ + copy2(&xmm7, &xmm0);\ + ;\ + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\ + ;\ + toggle(&xmm6);\ + toggle(&xmm5);\ + toggle(&xmm1);\ + toggle(&xmm0);\ + ;\ + *(int128 *) (bskey + 0 + 128*i) = xmm0;\ + *(int128 *) (bskey + 16 + 128*i) = xmm1;\ + *(int128 *) (bskey + 32 + 128*i) = xmm2;\ + *(int128 *) (bskey + 48 + 128*i) = xmm3;\ + *(int128 *) (bskey + 64 + 128*i) = xmm4;\ + *(int128 *) (bskey + 80 + 128*i) = xmm5;\ + *(int128 *) (bskey + 96 + 128*i) = xmm6;\ + *(int128 *) (bskey + 112 + 128*i) = xmm7;\ + + +#define bitslice(x0, x1, x2, x3, x4, x5, x6, x7, t) \ + swapmove(x0, x1, 1, BS0, t);\ + swapmove(x2, x3, 1, BS0, t);\ + swapmove(x4, x5, 1, BS0, t);\ + swapmove(x6, x7, 1, BS0, t);\ + ;\ + swapmove(x0, x2, 2, BS1, t);\ + swapmove(x1, x3, 2, BS1, t);\ + swapmove(x4, x6, 2, BS1, t);\ + swapmove(x5, x7, 2, BS1, t);\ + ;\ + swapmove(x0, x4, 4, BS2, t);\ + swapmove(x1, x5, 4, BS2, t);\ + swapmove(x2, x6, 4, BS2, t);\ + swapmove(x3, x7, 4, BS2, t);\ + + +#define swapmove(a, b, n, m, t) \ + copy2(&t, &b);\ + rshift64_littleendian(&t, n);\ + xor2(&t, &a);\ + and2(&t, &m);\ + xor2(&a, &t);\ + lshift64_littleendian(&t, n);\ + xor2(&b, &t); + +#define rotbyte(x) \ + shufb(x, ROTB) /* TODO: Make faster */ + + +/* Macros used for encryption (and decryption) */ + +#define shiftrows(x0, x1, x2, x3, x4, x5, x6, x7, i, M, bskey) \ + xor2(&x0, (int128 *)(bskey + 128*(i-1) + 0));\ + shufb(&x0, M);\ + xor2(&x1, (int128 *)(bskey + 128*(i-1) + 16));\ + shufb(&x1, M);\ + xor2(&x2, (int128 *)(bskey + 128*(i-1) + 32));\ + shufb(&x2, M);\ + xor2(&x3, (int128 *)(bskey + 128*(i-1) + 48));\ + shufb(&x3, M);\ + xor2(&x4, (int128 *)(bskey + 128*(i-1) + 64));\ + shufb(&x4, M);\ + xor2(&x5, (int128 *)(bskey + 128*(i-1) + 80));\ + shufb(&x5, M);\ + xor2(&x6, (int128 *)(bskey + 128*(i-1) + 96));\ + shufb(&x6, M);\ + xor2(&x7, (int128 *)(bskey + 128*(i-1) + 112));\ + shufb(&x7, M);\ + + +#define mixcolumns(x0, x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, t4, t5, t6, t7) \ + shufd(&t0, &x0, 0x93);\ + shufd(&t1, &x1, 0x93);\ + shufd(&t2, &x2, 0x93);\ + shufd(&t3, &x3, 0x93);\ + shufd(&t4, &x4, 0x93);\ + shufd(&t5, &x5, 0x93);\ + shufd(&t6, &x6, 0x93);\ + shufd(&t7, &x7, 0x93);\ + ;\ + xor2(&x0, &t0);\ + xor2(&x1, &t1);\ + xor2(&x2, &t2);\ + xor2(&x3, &t3);\ + xor2(&x4, &t4);\ + xor2(&x5, &t5);\ + xor2(&x6, &t6);\ + xor2(&x7, &t7);\ + ;\ + xor2(&t0, &x7);\ + xor2(&t1, &x0);\ + xor2(&t2, &x1);\ + xor2(&t1, &x7);\ + xor2(&t3, &x2);\ + xor2(&t4, &x3);\ + xor2(&t5, &x4);\ + xor2(&t3, &x7);\ + xor2(&t6, &x5);\ + xor2(&t7, &x6);\ + xor2(&t4, &x7);\ + ;\ + shufd(&x0, &x0, 0x4e);\ + shufd(&x1, &x1, 0x4e);\ + shufd(&x2, &x2, 0x4e);\ + shufd(&x3, &x3, 0x4e);\ + shufd(&x4, &x4, 0x4e);\ + shufd(&x5, &x5, 0x4e);\ + shufd(&x6, &x6, 0x4e);\ + shufd(&x7, &x7, 0x4e);\ + ;\ + xor2(&t0, &x0);\ + xor2(&t1, &x1);\ + xor2(&t2, &x2);\ + xor2(&t3, &x3);\ + xor2(&t4, &x4);\ + xor2(&t5, &x5);\ + xor2(&t6, &x6);\ + xor2(&t7, &x7);\ + + +#define aesround(i, b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \ + shiftrows(b0, b1, b2, b3, b4, b5, b6, b7, i, SR, bskey);\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + mixcolumns(b0, b1, b4, b6, b3, b7, b2, b5, t0, t1, t2, t3, t4, t5, t6, t7);\ + + +#define lastround(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \ + shiftrows(b0, b1, b2, b3, b4, b5, b6, b7, 10, SRM0, bskey);\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + xor2(&b0,(int128 *)(bskey + 128*10));\ + xor2(&b1,(int128 *)(bskey + 128*10+16));\ + xor2(&b4,(int128 *)(bskey + 128*10+32));\ + xor2(&b6,(int128 *)(bskey + 128*10+48));\ + xor2(&b3,(int128 *)(bskey + 128*10+64));\ + xor2(&b7,(int128 *)(bskey + 128*10+80));\ + xor2(&b2,(int128 *)(bskey + 128*10+96));\ + xor2(&b5,(int128 *)(bskey + 128*10+112));\ + + +#define sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, s0, s1, s2, s3) \ + InBasisChange(b0, b1, b2, b3, b4, b5, b6, b7); \ + Inv_GF256(b6, b5, b0, b3, b7, b1, b4, b2, t0, t1, t2, t3, s0, s1, s2, s3); \ + OutBasisChange(b7, b1, b4, b2, b6, b5, b0, b3); \ + + +#define InBasisChange(b0, b1, b2, b3, b4, b5, b6, b7) \ + xor2(&b5, &b6);\ + xor2(&b2, &b1);\ + xor2(&b5, &b0);\ + xor2(&b6, &b2);\ + xor2(&b3, &b0);\ + ;\ + xor2(&b6, &b3);\ + xor2(&b3, &b7);\ + xor2(&b3, &b4);\ + xor2(&b7, &b5);\ + xor2(&b3, &b1);\ + ;\ + xor2(&b4, &b5);\ + xor2(&b2, &b7);\ + xor2(&b1, &b5);\ + +#define OutBasisChange(b0, b1, b2, b3, b4, b5, b6, b7) \ + xor2(&b0, &b6);\ + xor2(&b1, &b4);\ + xor2(&b2, &b0);\ + xor2(&b4, &b6);\ + xor2(&b6, &b1);\ + ;\ + xor2(&b1, &b5);\ + xor2(&b5, &b3);\ + xor2(&b2, &b5);\ + xor2(&b3, &b7);\ + xor2(&b7, &b5);\ + ;\ + xor2(&b4, &b7);\ + +#define Mul_GF4(x0, x1, y0, y1, t0) \ + copy2(&t0, &y0);\ + xor2(&t0, &y1);\ + and2(&t0, &x0);\ + xor2(&x0, &x1);\ + and2(&x0, &y1);\ + and2(&x1, &y0);\ + xor2(&x0, &x1);\ + xor2(&x1, &t0);\ + +#define Mul_GF4_N(x0, x1, y0, y1, t0) \ + copy2(&t0, &y0);\ + xor2(&t0, &y1);\ + and2(&t0, &x0);\ + xor2(&x0, &x1);\ + and2(&x0, &y1);\ + and2(&x1, &y0);\ + xor2(&x1, &x0);\ + xor2(&x0, &t0);\ + +#define Mul_GF4_2(x0, x1, x2, x3, y0, y1, t0, t1) \ + copy2(&t0, = y0);\ + xor2(&t0, &y1);\ + copy2(&t1, &t0);\ + and2(&t0, &x0);\ + and2(&t1, &x2);\ + xor2(&x0, &x1);\ + xor2(&x2, &x3);\ + and2(&x0, &y1);\ + and2(&x2, &y1);\ + and2(&x1, &y0);\ + and2(&x3, &y0);\ + xor2(&x0, &x1);\ + xor2(&x2, &x3);\ + xor2(&x1, &t0);\ + xor2(&x3, &t1);\ + +#define Mul_GF16(x0, x1, x2, x3, y0, y1, y2, y3, t0, t1, t2, t3) \ + copy2(&t0, &x0);\ + copy2(&t1, &x1);\ + Mul_GF4(x0, x1, y0, y1, t2);\ + xor2(&t0, &x2);\ + xor2(&t1, &x3);\ + xor2(&y0, &y2);\ + xor2(&y1, &y3);\ + Mul_GF4_N(t0, t1, y0, y1, t2);\ + Mul_GF4(x2, x3, y2, y3, t3);\ + ;\ + xor2(&x0, &t0);\ + xor2(&x2, &t0);\ + xor2(&x1, &t1);\ + xor2(&x3, &t1);\ + +#define Mul_GF16_2(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, t0, t1, t2, t3) \ + copy2(&t0, &x0);\ + copy2(&t1, &x1);\ + Mul_GF4(x0, x1, y0, y1, t2);\ + xor2(&t0, &x2);\ + xor2(&t1, &x3);\ + xor2(&y0, &y2);\ + xor2(&y1, &y3);\ + Mul_GF4_N(t0, t1, y0, y1, t3);\ + Mul_GF4(x2, x3, y2, y3, t2);\ + ;\ + xor2(&x0, &t0);\ + xor2(&x2, &t0);\ + xor2(&x1, &t1);\ + xor2(&x3, &t1);\ + ;\ + copy2(&t0, &x4);\ + copy2(&t1, &x5);\ + xor2(&t0, &x6);\ + xor2(&t1, &x7);\ + Mul_GF4_N(t0, t1, y0, y1, t3);\ + Mul_GF4(x6, x7, y2, y3, t2);\ + xor2(&y0, &y2);\ + xor2(&y1, &y3);\ + Mul_GF4(x4, x5, y0, y1, t3);\ + ;\ + xor2(&x4, &t0);\ + xor2(&x6, &t0);\ + xor2(&x5, &t1);\ + xor2(&x7, &t1);\ + +#define Inv_GF16(x0, x1, x2, x3, t0, t1, t2, t3) \ + copy2(&t0, &x1);\ + copy2(&t1, &x0);\ + and2(&t0, &x3);\ + or2(&t1, &x2);\ + copy2(&t2, &x1);\ + copy2(&t3, &x0);\ + or2(&t2, &x2);\ + or2(&t3, &x3);\ + xor2(&t2, &t3);\ + ;\ + xor2(&t0, &t2);\ + xor2(&t1, &t2);\ + ;\ + Mul_GF4_2(x0, x1, x2, x3, t1, t0, t2, t3);\ + + +#define Inv_GF256(x0, x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, s0, s1, s2, s3) \ + copy2(&t3, &x4);\ + copy2(&t2, &x5);\ + copy2(&t1, &x1);\ + copy2(&s1, &x7);\ + copy2(&s0, &x0);\ + ;\ + xor2(&t3, &x6);\ + xor2(&t2, &x7);\ + xor2(&t1, &x3);\ + xor2(&s1, &x6);\ + xor2(&s0, &x2);\ + ;\ + copy2(&s2, &t3);\ + copy2(&t0, &t2);\ + copy2(&s3, &t3);\ + ;\ + or2(&t2, &t1);\ + or2(&t3, &s0);\ + xor2(&s3, &t0);\ + and2(&s2, &s0);\ + and2(&t0, &t1);\ + xor2(&s0, &t1);\ + and2(&s3, &s0);\ + copy2(&s0, &x3);\ + xor2(&s0, &x2);\ + and2(&s1, &s0);\ + xor2(&t3, &s1);\ + xor2(&t2, &s1);\ + copy2(&s1, &x4);\ + xor2(&s1, &x5);\ + copy2(&s0, &x1);\ + copy2(&t1, &s1);\ + xor2(&s0, &x0);\ + or2(&t1, &s0);\ + and2(&s1, &s0);\ + xor2(&t0, &s1);\ + xor2(&t3, &s3);\ + xor2(&t2, &s2);\ + xor2(&t1, &s3);\ + xor2(&t0, &s2);\ + xor2(&t1, &s2);\ + copy2(&s0, &x7);\ + copy2(&s1, &x6);\ + copy2(&s2, &x5);\ + copy2(&s3, &x4);\ + and2(&s0, &x3);\ + and2(&s1, &x2);\ + and2(&s2, &x1);\ + or2(&s3, &x0);\ + xor2(&t3, &s0);\ + xor2(&t2, &s1);\ + xor2(&t1, &s2);\ + xor2(&t0, &s3);\ + ;\ + copy2(&s0, &t3);\ + xor2(&s0, &t2);\ + and2(&t3, &t1);\ + copy2(&s2, &t0);\ + xor2(&s2, &t3);\ + copy2(&s3, &s0);\ + and2(&s3, &s2);\ + xor2(&s3, &t2);\ + copy2(&s1, &t1);\ + xor2(&s1, &t0);\ + xor2(&t3, &t2);\ + and2(&s1, &t3);\ + xor2(&s1, &t0);\ + xor2(&t1, &s1);\ + copy2(&t2, &s2);\ + xor2(&t2, &s1);\ + and2(&t2, &t0);\ + xor2(&t1, &t2);\ + xor2(&s2, &t2);\ + and2(&s2, &s3);\ + xor2(&s2, &s0);\ + ;\ + Mul_GF16_2(x0, x1, x2, x3, x4, x5, x6, x7, s3, s2, s1, t1, s0, t0, t2, t3);\ + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/consts.c b/src/libnacl/crypto_stream/aes128ctr/portable/consts.c new file mode 100644 index 00000000..72296c04 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/consts.c @@ -0,0 +1,14 @@ +#include "consts.h" + +const unsigned char ROTB[16] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08}; +const unsigned char M0[16] = {0x0f, 0x0b, 0x07, 0x03, 0x0e, 0x0a, 0x06, 0x02, 0x0d, 0x09, 0x05, 0x01, 0x0c, 0x08, 0x04, 0x00}; +const unsigned char EXPB0[16] = {0x03, 0x03, 0x03, 0x03, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x0b, 0x0b, 0x0b, 0x0f, 0x0f, 0x0f, 0x0f}; + +const unsigned char SWAP32[16] = {0x03, 0x02, 0x01, 0x00, 0x07, 0x06, 0x05, 0x04, 0x0b, 0x0a, 0x09, 0x08, 0x0f, 0x0e, 0x0d, 0x0c}; +const unsigned char M0SWAP[16] = {0x0c, 0x08, 0x04, 0x00, 0x0d, 0x09, 0x05, 0x01, 0x0e, 0x0a, 0x06, 0x02, 0x0f, 0x0b, 0x07, 0x03}; +const unsigned char SR[16] = {0x01, 0x02, 0x03, 0x00, 0x06, 0x07, 0x04, 0x05, 0x0b, 0x08, 0x09, 0x0a, 0x0c, 0x0d, 0x0e, 0x0f}; +const unsigned char SRM0[16] = {0x0f, 0x0a, 0x05, 0x00, 0x0e, 0x09, 0x04, 0x03, 0x0d, 0x08, 0x07, 0x02, 0x0c, 0x0b, 0x06, 0x01}; + +const int128 BS0 = {0x5555555555555555ULL, 0x5555555555555555ULL}; +const int128 BS1 = {0x3333333333333333ULL, 0x3333333333333333ULL}; +const int128 BS2 = {0x0f0f0f0f0f0f0f0fULL, 0x0f0f0f0f0f0f0f0fULL}; diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/consts.h b/src/libnacl/crypto_stream/aes128ctr/portable/consts.h new file mode 100644 index 00000000..4c50360b --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/consts.h @@ -0,0 +1,28 @@ +#ifndef CONSTS_H +#define CONSTS_H + +#include "int128.h" + +#define ROTB crypto_stream_aes128ctr_portable_ROTB +#define M0 crypto_stream_aes128ctr_portable_M0 +#define EXPB0 crypto_stream_aes128ctr_portable_EXPB0 +#define SWAP32 crypto_stream_aes128ctr_portable_SWAP32 +#define M0SWAP crypto_stream_aes128ctr_portable_M0SWAP +#define SR crypto_stream_aes128ctr_portable_SR +#define SRM0 crypto_stream_aes128ctr_portable_SRM0 +#define BS0 crypto_stream_aes128ctr_portable_BS0 +#define BS1 crypto_stream_aes128ctr_portable_BS1 +#define BS2 crypto_stream_aes128ctr_portable_BS2 + +extern const unsigned char ROTB[16]; +extern const unsigned char M0[16]; +extern const unsigned char EXPB0[16]; +extern const unsigned char SWAP32[16]; +extern const unsigned char M0SWAP[16]; +extern const unsigned char SR[16]; +extern const unsigned char SRM0[16]; +extern const int128 BS0; +extern const int128 BS1; +extern const int128 BS2; + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/int128.c b/src/libnacl/crypto_stream/aes128ctr/portable/int128.c new file mode 100644 index 00000000..25894d42 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/int128.c @@ -0,0 +1,128 @@ +#include "int128.h" +#include "common.h" + +void xor2(int128 *r, const int128 *x) +{ + r->a ^= x->a; + r->b ^= x->b; +} + +void and2(int128 *r, const int128 *x) +{ + r->a &= x->a; + r->b &= x->b; +} + +void or2(int128 *r, const int128 *x) +{ + r->a |= x->a; + r->b |= x->b; +} + +void copy2(int128 *r, const int128 *x) +{ + r->a = x->a; + r->b = x->b; +} + +void shufb(int128 *r, const unsigned char *l) +{ + int128 t; + copy2(&t,r); + unsigned char *cr = (unsigned char *)r; + unsigned char *ct = (unsigned char *)&t; + cr[0] = ct[l[0]]; + cr[1] = ct[l[1]]; + cr[2] = ct[l[2]]; + cr[3] = ct[l[3]]; + cr[4] = ct[l[4]]; + cr[5] = ct[l[5]]; + cr[6] = ct[l[6]]; + cr[7] = ct[l[7]]; + cr[8] = ct[l[8]]; + cr[9] = ct[l[9]]; + cr[10] = ct[l[10]]; + cr[11] = ct[l[11]]; + cr[12] = ct[l[12]]; + cr[13] = ct[l[13]]; + cr[14] = ct[l[14]]; + cr[15] = ct[l[15]]; +} + +void shufd(int128 *r, const int128 *x, const unsigned int c) +{ + int128 t; + uint32 *tp = (uint32 *)&t; + uint32 *xp = (uint32 *)x; + tp[0] = xp[c&3]; + tp[1] = xp[(c>>2)&3]; + tp[2] = xp[(c>>4)&3]; + tp[3] = xp[(c>>6)&3]; + copy2(r,&t); +} + +void rshift32_littleendian(int128 *r, const unsigned int n) +{ + unsigned char *rp = (unsigned char *)r; + uint32 t; + t = load32_littleendian(rp); + t >>= n; + store32_littleendian(rp, t); + t = load32_littleendian(rp+4); + t >>= n; + store32_littleendian(rp+4, t); + t = load32_littleendian(rp+8); + t >>= n; + store32_littleendian(rp+8, t); + t = load32_littleendian(rp+12); + t >>= n; + store32_littleendian(rp+12, t); +} + +void rshift64_littleendian(int128 *r, const unsigned int n) +{ + unsigned char *rp = (unsigned char *)r; + uint64 t; + t = load64_littleendian(rp); + t >>= n; + store64_littleendian(rp, t); + t = load64_littleendian(rp+8); + t >>= n; + store64_littleendian(rp+8, t); +} + +void lshift64_littleendian(int128 *r, const unsigned int n) +{ + unsigned char *rp = (unsigned char *)r; + uint64 t; + t = load64_littleendian(rp); + t <<= n; + store64_littleendian(rp, t); + t = load64_littleendian(rp+8); + t <<= n; + store64_littleendian(rp+8, t); +} + +void toggle(int128 *r) +{ + r->a ^= 0xffffffffffffffffULL; + r->b ^= 0xffffffffffffffffULL; +} + +void xor_rcon(int128 *r) +{ + unsigned char *rp = (unsigned char *)r; + uint32 t; + t = load32_littleendian(rp+12); + t ^= 0xffffffff; + store32_littleendian(rp+12, t); +} + +void add_uint32_big(int128 *r, uint32 x) +{ + unsigned char *rp = (unsigned char *)r; + uint32 t; + t = load32_littleendian(rp+12); + t += x; + store32_littleendian(rp+12, t); +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/int128.h b/src/libnacl/crypto_stream/aes128ctr/portable/int128.h new file mode 100644 index 00000000..7099e5b1 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/int128.h @@ -0,0 +1,47 @@ +#ifndef INT128_H +#define INT128_H + +#include "common.h" + +typedef struct{ + unsigned long long a; + unsigned long long b; +} int128; + +#define xor2 crypto_stream_aes128ctr_portable_xor2 +void xor2(int128 *r, const int128 *x); + +#define and2 crypto_stream_aes128ctr_portable_and2 +void and2(int128 *r, const int128 *x); + +#define or2 crypto_stream_aes128ctr_portable_or2 +void or2(int128 *r, const int128 *x); + +#define copy2 crypto_stream_aes128ctr_portable_copy2 +void copy2(int128 *r, const int128 *x); + +#define shufb crypto_stream_aes128ctr_portable_shufb +void shufb(int128 *r, const unsigned char *l); + +#define shufd crypto_stream_aes128ctr_portable_shufd +void shufd(int128 *r, const int128 *x, const unsigned int c); + +#define rshift32_littleendian crypto_stream_aes128ctr_portable_rshift32_littleendian +void rshift32_littleendian(int128 *r, const unsigned int n); + +#define rshift64_littleendian crypto_stream_aes128ctr_portable_rshift64_littleendian +void rshift64_littleendian(int128 *r, const unsigned int n); + +#define lshift64_littleendian crypto_stream_aes128ctr_portable_lshift64_littleendian +void lshift64_littleendian(int128 *r, const unsigned int n); + +#define toggle crypto_stream_aes128ctr_portable_toggle +void toggle(int128 *r); + +#define xor_rcon crypto_stream_aes128ctr_portable_xor_rcon +void xor_rcon(int128 *r); + +#define add_uint32_big crypto_stream_aes128ctr_portable_add_uint32_big +void add_uint32_big(int128 *r, uint32 x); + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/stream.c b/src/libnacl/crypto_stream/aes128ctr/portable/stream.c new file mode 100644 index 00000000..963fa8c1 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/stream.c @@ -0,0 +1,28 @@ +#include "crypto_stream.h" + +int crypto_stream( + unsigned char *out, + unsigned long long outlen, + const unsigned char *n, + const unsigned char *k + ) +{ + unsigned char d[crypto_stream_BEFORENMBYTES]; + crypto_stream_beforenm(d, k); + crypto_stream_afternm(out, outlen, n, d); + return 0; +} + +int crypto_stream_xor( + unsigned char *out, + const unsigned char *in, + unsigned long long inlen, + const unsigned char *n, + const unsigned char *k + ) +{ + unsigned char d[crypto_stream_BEFORENMBYTES]; + crypto_stream_beforenm(d, k); + crypto_stream_xor_afternm(out, in, inlen, n, d); + return 0; +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/types.h b/src/libnacl/crypto_stream/aes128ctr/portable/types.h new file mode 100644 index 00000000..6aa502fc --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/types.h @@ -0,0 +1,10 @@ +#ifndef TYPES_H +#define TYPES_H + +#include "crypto_uint32.h" +typedef crypto_uint32 uint32; + +#include "crypto_uint64.h" +typedef crypto_uint64 uint64; + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c b/src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c new file mode 100644 index 00000000..f2ff8ff6 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c @@ -0,0 +1,180 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + * Date: 2009-03-19 + * Public domain */ + +#include +#include "int128.h" +#include "common.h" +#include "consts.h" +#include "crypto_stream.h" + +int crypto_stream_xor_afternm(unsigned char *outp, const unsigned char *inp, unsigned long long len, const unsigned char *noncep, const unsigned char *c) +{ + + int128 xmm0; + int128 xmm1; + int128 xmm2; + int128 xmm3; + int128 xmm4; + int128 xmm5; + int128 xmm6; + int128 xmm7; + + int128 xmm8; + int128 xmm9; + int128 xmm10; + int128 xmm11; + int128 xmm12; + int128 xmm13; + int128 xmm14; + int128 xmm15; + + int128 nonce_stack; + unsigned long long lensav; + unsigned char bl[128]; + unsigned char *blp; + unsigned char b; + + uint32 tmp; + + /* Copy nonce on the stack */ + copy2(&nonce_stack, (int128 *) (noncep + 0)); + unsigned char *np = (unsigned char *)&nonce_stack; + + enc_block: + + xmm0 = *(int128 *) (np + 0); + copy2(&xmm1, &xmm0); + shufb(&xmm1, SWAP32); + copy2(&xmm2, &xmm1); + copy2(&xmm3, &xmm1); + copy2(&xmm4, &xmm1); + copy2(&xmm5, &xmm1); + copy2(&xmm6, &xmm1); + copy2(&xmm7, &xmm1); + + add_uint32_big(&xmm1, 1); + add_uint32_big(&xmm2, 2); + add_uint32_big(&xmm3, 3); + add_uint32_big(&xmm4, 4); + add_uint32_big(&xmm5, 5); + add_uint32_big(&xmm6, 6); + add_uint32_big(&xmm7, 7); + + shufb(&xmm0, M0); + shufb(&xmm1, M0SWAP); + shufb(&xmm2, M0SWAP); + shufb(&xmm3, M0SWAP); + shufb(&xmm4, M0SWAP); + shufb(&xmm5, M0SWAP); + shufb(&xmm6, M0SWAP); + shufb(&xmm7, M0SWAP); + + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8) + + aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + + bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0) + + if(len < 128) goto partial; + if(len == 128) goto full; + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + xor2(&xmm8, (int128 *)(inp + 0)); + xor2(&xmm9, (int128 *)(inp + 16)); + xor2(&xmm12, (int128 *)(inp + 32)); + xor2(&xmm14, (int128 *)(inp + 48)); + xor2(&xmm11, (int128 *)(inp + 64)); + xor2(&xmm15, (int128 *)(inp + 80)); + xor2(&xmm10, (int128 *)(inp + 96)); + xor2(&xmm13, (int128 *)(inp + 112)); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + len -= 128; + inp += 128; + outp += 128; + + goto enc_block; + + partial: + + lensav = len; + len >>= 4; + + tmp = load32_bigendian(np + 12); + tmp += len; + store32_bigendian(np + 12, tmp); + + blp = bl; + *(int128 *)(blp + 0) = xmm8; + *(int128 *)(blp + 16) = xmm9; + *(int128 *)(blp + 32) = xmm12; + *(int128 *)(blp + 48) = xmm14; + *(int128 *)(blp + 64) = xmm11; + *(int128 *)(blp + 80) = xmm15; + *(int128 *)(blp + 96) = xmm10; + *(int128 *)(blp + 112) = xmm13; + + bytes: + + if(lensav == 0) goto end; + + b = blp[0]; + b ^= *(unsigned char *)(inp + 0); + *(unsigned char *)(outp + 0) = b; + + blp += 1; + inp +=1; + outp +=1; + lensav -= 1; + + goto bytes; + + full: + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + xor2(&xmm8, (int128 *)(inp + 0)); + xor2(&xmm9, (int128 *)(inp + 16)); + xor2(&xmm12, (int128 *)(inp + 32)); + xor2(&xmm14, (int128 *)(inp + 48)); + xor2(&xmm11, (int128 *)(inp + 64)); + xor2(&xmm15, (int128 *)(inp + 80)); + xor2(&xmm10, (int128 *)(inp + 96)); + xor2(&xmm13, (int128 *)(inp + 112)); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + end: + return 0; + +} diff --git a/src/libnacl/crypto_stream/aes128ctr/used b/src/libnacl/crypto_stream/aes128ctr/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/measure.c b/src/libnacl/crypto_stream/measure.c new file mode 100644 index 00000000..ff3ab610 --- /dev/null +++ b/src/libnacl/crypto_stream/measure.c @@ -0,0 +1,73 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_stream.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_stream_IMPLEMENTATION; +const char *implementationversion = crypto_stream_VERSION; +const char *sizenames[] = { "keybytes", "noncebytes", 0 }; +const long long sizes[] = { crypto_stream_KEYBYTES, crypto_stream_NONCEBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_stream_KEYBYTES); + n = alignedcalloc(crypto_stream_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + c = alignedcalloc(MAXTEST_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_stream_KEYBYTES); + randombytes(n,crypto_stream_NONCEBYTES); + randombytes(m,mlen); + randombytes(c,mlen); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_stream(c,mlen,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_stream_xor(c,m,mlen,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"xor_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_stream/salsa20/checksum b/src/libnacl/crypto_stream/salsa20/checksum new file mode 100644 index 00000000..78ff05f4 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/checksum @@ -0,0 +1 @@ +44a3966eabcd3a2b13faca2150e38f2b7e6bac187d626618f50a9f875158ae78 diff --git a/src/libnacl/crypto_stream/salsa20/ref/api.h b/src/libnacl/crypto_stream/salsa20/ref/api.h new file mode 100644 index 00000000..c2b18461 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 8 diff --git a/src/libnacl/crypto_stream/salsa20/ref/implementors b/src/libnacl/crypto_stream/salsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/salsa20/ref/stream.c b/src/libnacl/crypto_stream/salsa20/ref/stream.c new file mode 100644 index 00000000..2f0262eb --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/stream.c @@ -0,0 +1,49 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa20.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!clen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (clen >= 64) { + crypto_core_salsa20(c,in,k,sigma); + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + clen -= 64; + c += 64; + } + + if (clen) { + crypto_core_salsa20(block,in,k,sigma); + for (i = 0;i < clen;++i) c[i] = block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa20/ref/xor.c b/src/libnacl/crypto_stream/salsa20/ref/xor.c new file mode 100644 index 00000000..11c7e9f0 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/xor.c @@ -0,0 +1,52 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa20.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!mlen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (mlen >= 64) { + crypto_core_salsa20(block,in,k,sigma); + for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + mlen -= 64; + c += 64; + m += 64; + } + + if (mlen) { + crypto_core_salsa20(block,in,k,sigma); + for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa20/used b/src/libnacl/crypto_stream/salsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/salsa2012/checksum b/src/libnacl/crypto_stream/salsa2012/checksum new file mode 100644 index 00000000..f801d9e3 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/checksum @@ -0,0 +1 @@ +ecc758f200061c3cc770b25797da73583548d4f90f69a967fbbe1a6d94d1705c diff --git a/src/libnacl/crypto_stream/salsa2012/ref/api.h b/src/libnacl/crypto_stream/salsa2012/ref/api.h new file mode 100644 index 00000000..c2b18461 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 8 diff --git a/src/libnacl/crypto_stream/salsa2012/ref/implementors b/src/libnacl/crypto_stream/salsa2012/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/salsa2012/ref/stream.c b/src/libnacl/crypto_stream/salsa2012/ref/stream.c new file mode 100644 index 00000000..86053337 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/stream.c @@ -0,0 +1,49 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa2012.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!clen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (clen >= 64) { + crypto_core_salsa2012(c,in,k,sigma); + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + clen -= 64; + c += 64; + } + + if (clen) { + crypto_core_salsa2012(block,in,k,sigma); + for (i = 0;i < clen;++i) c[i] = block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa2012/ref/xor.c b/src/libnacl/crypto_stream/salsa2012/ref/xor.c new file mode 100644 index 00000000..90206426 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/xor.c @@ -0,0 +1,52 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa2012.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!mlen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (mlen >= 64) { + crypto_core_salsa2012(block,in,k,sigma); + for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + mlen -= 64; + c += 64; + m += 64; + } + + if (mlen) { + crypto_core_salsa2012(block,in,k,sigma); + for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa2012/used b/src/libnacl/crypto_stream/salsa2012/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/salsa208/checksum b/src/libnacl/crypto_stream/salsa208/checksum new file mode 100644 index 00000000..c87364e6 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/checksum @@ -0,0 +1 @@ +05f32b0647417aaa446b0b3127318133cf9af32b771869eab267000bf02710cd diff --git a/src/libnacl/crypto_stream/salsa208/ref/api.h b/src/libnacl/crypto_stream/salsa208/ref/api.h new file mode 100644 index 00000000..c2b18461 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 8 diff --git a/src/libnacl/crypto_stream/salsa208/ref/implementors b/src/libnacl/crypto_stream/salsa208/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/salsa208/ref/stream.c b/src/libnacl/crypto_stream/salsa208/ref/stream.c new file mode 100644 index 00000000..cdcfbc0e --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/stream.c @@ -0,0 +1,49 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa208.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!clen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (clen >= 64) { + crypto_core_salsa208(c,in,k,sigma); + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + clen -= 64; + c += 64; + } + + if (clen) { + crypto_core_salsa208(block,in,k,sigma); + for (i = 0;i < clen;++i) c[i] = block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa208/ref/xor.c b/src/libnacl/crypto_stream/salsa208/ref/xor.c new file mode 100644 index 00000000..c017ac42 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/xor.c @@ -0,0 +1,52 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa208.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!mlen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (mlen >= 64) { + crypto_core_salsa208(block,in,k,sigma); + for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + mlen -= 64; + c += 64; + m += 64; + } + + if (mlen) { + crypto_core_salsa208(block,in,k,sigma); + for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa208/used b/src/libnacl/crypto_stream/salsa208/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/try.c b/src/libnacl/crypto_stream/try.c new file mode 100644 index 00000000..184d0cec --- /dev/null +++ b/src/libnacl/crypto_stream/try.c @@ -0,0 +1,125 @@ +/* + * crypto_stream/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_stream.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_stream_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *s; +static unsigned char *k2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *s2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_stream_KEYBYTES); + n = alignedcalloc(crypto_stream_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + c = alignedcalloc(MAXTEST_BYTES); + s = alignedcalloc(MAXTEST_BYTES); + k2 = alignedcalloc(crypto_stream_KEYBYTES); + n2 = alignedcalloc(crypto_stream_NONCEBYTES); + m2 = alignedcalloc(MAXTEST_BYTES); + c2 = alignedcalloc(MAXTEST_BYTES); + s2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_stream_xor(c,m,TUNE_BYTES,n,k); +} + +char checksum[crypto_stream_KEYBYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long clen = i; + long long slen = i; + long long klen = crypto_stream_KEYBYTES; + long long nlen = crypto_stream_NONCEBYTES; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = -16;j < 0;++j) c[j] = random(); + for (j = -16;j < 0;++j) s[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = slen;j < slen + 16;++j) s[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < slen + 16;++j) s2[j] = s[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + + crypto_stream_xor(c,m,mlen,n,k); + + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream_xor overwrites m"; + for (j = -16;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream_xor overwrites s"; + for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream_xor overwrites n"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream_xor overwrites k"; + for (j = -16;j < 0;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes before output"; + for (j = clen;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes after output"; + + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + + crypto_stream(s,slen,n,k); + + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream overwrites m"; + for (j = -16;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream overwrites n"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream overwrites k"; + for (j = -16;j < 0;++j) if (s[j] != s2[j]) return "crypto_stream writes before output"; + for (j = slen;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream writes after output"; + + for (j = 0;j < mlen;++j) + if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream"; + + for (j = 0;j < clen;++j) k[j % klen] ^= c[j]; + crypto_stream_xor(m,c,clen,n,k); + crypto_stream(s,slen,n,k); + for (j = 0;j < mlen;++j) + if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream"; + for (j = 0;j < mlen;++j) n[j % nlen] ^= m[j]; + m[mlen] = 0; + } + + for (i = 0;i < crypto_stream_KEYBYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (k[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & k[i]]; + } + checksum[2 * i] = 0; + + return 0; +} diff --git a/src/libnacl/crypto_stream/wrapper-stream.cpp b/src/libnacl/crypto_stream/wrapper-stream.cpp new file mode 100644 index 00000000..dd10c2f6 --- /dev/null +++ b/src/libnacl/crypto_stream/wrapper-stream.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_stream.h" + +string crypto_stream(size_t clen,const string &n,const string &k) +{ + if (n.size() != crypto_stream_NONCEBYTES) throw "incorrect nonce length"; + if (k.size() != crypto_stream_KEYBYTES) throw "incorrect key length"; + unsigned char c[clen]; + crypto_stream(c,clen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()); + return string((char *) c,clen); +} diff --git a/src/libnacl/crypto_stream/wrapper-xor.cpp b/src/libnacl/crypto_stream/wrapper-xor.cpp new file mode 100644 index 00000000..8d770d1e --- /dev/null +++ b/src/libnacl/crypto_stream/wrapper-xor.cpp @@ -0,0 +1,17 @@ +#include +using std::string; +#include "crypto_stream.h" + +string crypto_stream_xor(const string &m,const string &n,const string &k) +{ + if (n.size() != crypto_stream_NONCEBYTES) throw "incorrect nonce length"; + if (k.size() != crypto_stream_KEYBYTES) throw "incorrect key length"; + size_t mlen = m.size(); + unsigned char c[mlen]; + crypto_stream_xor(c, + (const unsigned char *) m.c_str(),mlen, + (const unsigned char *) n.c_str(), + (const unsigned char *) k.c_str() + ); + return string((char *) c,mlen); +} diff --git a/src/libnacl/crypto_stream/xsalsa20/checksum b/src/libnacl/crypto_stream/xsalsa20/checksum new file mode 100644 index 00000000..cae64c0d --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/checksum @@ -0,0 +1 @@ +201bc58a96adcb6ed339ca33c188af8ca04a4ce68be1e0953309ee09a0cf8e7a diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/api.h b/src/libnacl/crypto_stream/xsalsa20/ref/api.h new file mode 100644 index 00000000..6910a7dc --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 24 diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/implementors b/src/libnacl/crypto_stream/xsalsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/stream.c b/src/libnacl/crypto_stream/xsalsa20/ref/stream.c new file mode 100644 index 00000000..2d710709 --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/stream.c @@ -0,0 +1,22 @@ +/* +version 20080914 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_hsalsa20.h" +#include "crypto_stream_salsa20.h" +#include "crypto_stream.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char subkey[32]; + crypto_core_hsalsa20(subkey,n,k,sigma); + return crypto_stream_salsa20(c,clen,n + 16,subkey); +} diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/xor.c b/src/libnacl/crypto_stream/xsalsa20/ref/xor.c new file mode 100644 index 00000000..13f3134a --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/xor.c @@ -0,0 +1,23 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_hsalsa20.h" +#include "crypto_stream_salsa20.h" +#include "crypto_stream.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char subkey[32]; + crypto_core_hsalsa20(subkey,n,k,sigma); + return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey); +} diff --git a/src/libnacl/crypto_stream/xsalsa20/selected b/src/libnacl/crypto_stream/xsalsa20/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/xsalsa20/used b/src/libnacl/crypto_stream/xsalsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_verify/16/checksum b/src/libnacl/crypto_verify/16/checksum new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/crypto_verify/16/checksum @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/crypto_verify/16/ref/api.h b/src/libnacl/crypto_verify/16/ref/api.h new file mode 100644 index 00000000..32be2f97 --- /dev/null +++ b/src/libnacl/crypto_verify/16/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 16 diff --git a/src/libnacl/crypto_verify/16/ref/verify.c b/src/libnacl/crypto_verify/16/ref/verify.c new file mode 100644 index 00000000..d356060c --- /dev/null +++ b/src/libnacl/crypto_verify/16/ref/verify.c @@ -0,0 +1,24 @@ +#include "crypto_verify.h" + +int crypto_verify(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + return (1 & ((differentbits - 1) >> 8)) - 1; +} diff --git a/src/libnacl/crypto_verify/16/used b/src/libnacl/crypto_verify/16/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_verify/32/checksum b/src/libnacl/crypto_verify/32/checksum new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/crypto_verify/32/checksum @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/crypto_verify/32/ref/api.h b/src/libnacl/crypto_verify/32/ref/api.h new file mode 100644 index 00000000..ae8c7f6a --- /dev/null +++ b/src/libnacl/crypto_verify/32/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 32 diff --git a/src/libnacl/crypto_verify/32/ref/verify.c b/src/libnacl/crypto_verify/32/ref/verify.c new file mode 100644 index 00000000..a0e23afe --- /dev/null +++ b/src/libnacl/crypto_verify/32/ref/verify.c @@ -0,0 +1,40 @@ +#include "crypto_verify.h" + +int crypto_verify(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + F(16) + F(17) + F(18) + F(19) + F(20) + F(21) + F(22) + F(23) + F(24) + F(25) + F(26) + F(27) + F(28) + F(29) + F(30) + F(31) + return (1 & ((differentbits - 1) >> 8)) - 1; +} diff --git a/src/libnacl/crypto_verify/32/used b/src/libnacl/crypto_verify/32/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_verify/measure.c b/src/libnacl/crypto_verify/measure.c new file mode 100644 index 00000000..bbfac4f1 --- /dev/null +++ b/src/libnacl/crypto_verify/measure.c @@ -0,0 +1,18 @@ +#include "crypto_verify.h" + +const char *primitiveimplementation = crypto_verify_IMPLEMENTATION; +const char *implementationversion = crypto_verify_VERSION; +const char *sizenames[] = { "inputbytes", 0 }; +const long long sizes[] = { crypto_verify_BYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/src/libnacl/crypto_verify/try.c b/src/libnacl/crypto_verify/try.c new file mode 100644 index 00000000..93cfe7a7 --- /dev/null +++ b/src/libnacl/crypto_verify/try.c @@ -0,0 +1,76 @@ +/* + * crypto_verify/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_verify.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_verify_IMPLEMENTATION; + +static unsigned char *x; +static unsigned char *y; + +void preallocate(void) +{ +} + +void allocate(void) +{ + x = alignedcalloc(crypto_verify_BYTES); + y = alignedcalloc(crypto_verify_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_verify(x,y); +} + +static const char *check(void) +{ + int r = crypto_verify(x,y); + if (r == 0) { + if (memcmp(x,y,crypto_verify_BYTES)) return "different strings pass verify"; + } else if (r == -1) { + if (!memcmp(x,y,crypto_verify_BYTES)) return "equal strings fail verify"; + } else { + return "weird return value from verify"; + } + return 0; +} + +char checksum[2]; + +const char *checksum_compute(void) +{ + long long tests; + long long i; + long long j; + const char *c; + + for (tests = 0;tests < 100000;++tests) { + for (i = 0;i < crypto_verify_BYTES;++i) x[i] = random(); + for (i = 0;i < crypto_verify_BYTES;++i) y[i] = random(); + c = check(); if (c) return c; + for (i = 0;i < crypto_verify_BYTES;++i) y[i] = x[i]; + c = check(); if (c) return c; + y[random() % crypto_verify_BYTES] = random(); + c = check(); if (c) return c; + y[random() % crypto_verify_BYTES] = random(); + c = check(); if (c) return c; + y[random() % crypto_verify_BYTES] = random(); + c = check(); if (c) return c; + } + + checksum[0] = '0'; + checksum[1] = 0; + return 0; +} diff --git a/src/libnacl/crypto_verify/wrapper-empty.cpp b/src/libnacl/crypto_verify/wrapper-empty.cpp new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/dist-dirs b/src/libnacl/dist-dirs new file mode 100644 index 00000000..e22060fc --- /dev/null +++ b/src/libnacl/dist-dirs @@ -0,0 +1,74 @@ +. +./commandline +./cpucycles +./cpuid +./crypto_auth +./crypto_auth/hmacsha256 +./crypto_auth/hmacsha256/ref +./crypto_auth/hmacsha512256 +./crypto_auth/hmacsha512256/ref +./crypto_box +./crypto_box/curve25519xsalsa20poly1305 +./crypto_box/curve25519xsalsa20poly1305/ref +./crypto_core +./crypto_core/hsalsa20 +./crypto_core/hsalsa20/ref +./crypto_core/hsalsa20/ref2 +./crypto_core/salsa20 +./crypto_core/salsa20/ref +./crypto_core/salsa2012 +./crypto_core/salsa2012/ref +./crypto_core/salsa208 +./crypto_core/salsa208/ref +./crypto_hash +./crypto_hash/sha256 +./crypto_hash/sha256/ref +./crypto_hash/sha512 +./crypto_hash/sha512/ref +./crypto_hashblocks +./crypto_hashblocks/sha256 +./crypto_hashblocks/sha256/inplace +./crypto_hashblocks/sha256/ref +./crypto_hashblocks/sha512 +./crypto_hashblocks/sha512/inplace +./crypto_hashblocks/sha512/ref +./crypto_onetimeauth +./crypto_onetimeauth/poly1305 +./crypto_onetimeauth/poly1305/53 +./crypto_onetimeauth/poly1305/amd64 +./crypto_onetimeauth/poly1305/ref +./crypto_onetimeauth/poly1305/x86 +./crypto_scalarmult +./crypto_scalarmult/curve25519 +./crypto_scalarmult/curve25519/donna_c64 +./crypto_scalarmult/curve25519/ref +./crypto_secretbox +./crypto_secretbox/xsalsa20poly1305 +./crypto_secretbox/xsalsa20poly1305/ref +./crypto_sign +./crypto_sign/ed25519 +./crypto_sign/ed25519/ref +./crypto_sign/edwards25519sha512batch +./crypto_sign/edwards25519sha512batch/ref +./crypto_stream +./crypto_stream/aes128ctr +./crypto_stream/aes128ctr/portable +./crypto_stream/salsa20 +./crypto_stream/salsa20/ref +./crypto_stream/salsa2012 +./crypto_stream/salsa2012/ref +./crypto_stream/salsa208 +./crypto_stream/salsa208/ref +./crypto_stream/xsalsa20 +./crypto_stream/xsalsa20/ref +./crypto_verify +./crypto_verify/16 +./crypto_verify/16/ref +./crypto_verify/32 +./crypto_verify/32/ref +./inttypes +./okcompilers +./randombytes +./tests +./windows +./windows/include diff --git a/src/libnacl/dist-files b/src/libnacl/dist-files new file mode 100644 index 00000000..80b682b2 --- /dev/null +++ b/src/libnacl/dist-files @@ -0,0 +1,422 @@ +./commandline/nacl-sha256.c +./commandline/nacl-sha512.c +./cpucycles/alpha.c +./cpucycles/alpha.h +./cpucycles/amd64cpuinfo.c +./cpucycles/amd64cpuinfo.h +./cpucycles/amd64cpuspeed.c +./cpucycles/amd64cpuspeed.h +./cpucycles/amd64tscfreq.c +./cpucycles/amd64tscfreq.h +./cpucycles/celllinux.c +./cpucycles/celllinux.h +./cpucycles/cortex.c +./cpucycles/cortex.h +./cpucycles/dev4ns.c +./cpucycles/dev4ns.h +./cpucycles/do +./cpucycles/gettimeofday.c +./cpucycles/gettimeofday.h +./cpucycles/hppapstat.c +./cpucycles/hppapstat.h +./cpucycles/ia64cpuinfo.c +./cpucycles/ia64cpuinfo.h +./cpucycles/mips.c +./cpucycles/mips.h +./cpucycles/monotonic.c +./cpucycles/monotonic.h +./cpucycles/monotoniccpuinfo.c +./cpucycles/monotoniccpuinfo.h +./cpucycles/osfreq.c +./cpucycles/powerpccpuinfo.c +./cpucycles/powerpccpuinfo.h +./cpucycles/powerpcmacos.c +./cpucycles/powerpcmacos.h +./cpucycles/sgi.c +./cpucycles/sgi.h +./cpucycles/sparc32cpuinfo.c +./cpucycles/sparc32cpuinfo.h +./cpucycles/sparccpuinfo.c +./cpucycles/sparccpuinfo.h +./cpucycles/test.c +./cpucycles/x86cpuinfo.c +./cpucycles/x86cpuinfo.h +./cpucycles/x86cpuspeed.c +./cpucycles/x86cpuspeed.h +./cpucycles/x86estimate.c +./cpucycles/x86estimate.h +./cpucycles/x86tscfreq.c +./cpucycles/x86tscfreq.h +./cpuid/cbytes.c +./cpuid/cpuid.c +./cpuid/do +./cpuid/unknown.c +./cpuid/x86.c +./crypto_auth/hmacsha256/checksum +./crypto_auth/hmacsha256/ref/api.h +./crypto_auth/hmacsha256/ref/hmac.c +./crypto_auth/hmacsha256/ref/verify.c +./crypto_auth/hmacsha256/used +./crypto_auth/hmacsha512256/checksum +./crypto_auth/hmacsha512256/ref/api.h +./crypto_auth/hmacsha512256/ref/hmac.c +./crypto_auth/hmacsha512256/ref/verify.c +./crypto_auth/hmacsha512256/selected +./crypto_auth/hmacsha512256/used +./crypto_auth/measure.c +./crypto_auth/try.c +./crypto_auth/wrapper-auth.cpp +./crypto_auth/wrapper-verify.cpp +./crypto_box/curve25519xsalsa20poly1305/checksum +./crypto_box/curve25519xsalsa20poly1305/ref/after.c +./crypto_box/curve25519xsalsa20poly1305/ref/api.h +./crypto_box/curve25519xsalsa20poly1305/ref/before.c +./crypto_box/curve25519xsalsa20poly1305/ref/box.c +./crypto_box/curve25519xsalsa20poly1305/ref/keypair.c +./crypto_box/curve25519xsalsa20poly1305/selected +./crypto_box/curve25519xsalsa20poly1305/used +./crypto_box/measure.c +./crypto_box/try.c +./crypto_box/wrapper-box.cpp +./crypto_box/wrapper-keypair.cpp +./crypto_box/wrapper-open.cpp +./crypto_core/hsalsa20/checksum +./crypto_core/hsalsa20/ref/api.h +./crypto_core/hsalsa20/ref/core.c +./crypto_core/hsalsa20/ref/implementors +./crypto_core/hsalsa20/ref2/api.h +./crypto_core/hsalsa20/ref2/core.c +./crypto_core/hsalsa20/ref2/implementors +./crypto_core/hsalsa20/used +./crypto_core/measure.c +./crypto_core/salsa20/checksum +./crypto_core/salsa20/ref/api.h +./crypto_core/salsa20/ref/core.c +./crypto_core/salsa20/ref/implementors +./crypto_core/salsa20/used +./crypto_core/salsa2012/checksum +./crypto_core/salsa2012/ref/api.h +./crypto_core/salsa2012/ref/core.c +./crypto_core/salsa2012/ref/implementors +./crypto_core/salsa2012/used +./crypto_core/salsa208/checksum +./crypto_core/salsa208/ref/api.h +./crypto_core/salsa208/ref/core.c +./crypto_core/salsa208/ref/implementors +./crypto_core/salsa208/used +./crypto_core/try.c +./crypto_core/wrapper-empty.cpp +./crypto_hash/measure.c +./crypto_hash/sha256/checksum +./crypto_hash/sha256/ref/api.h +./crypto_hash/sha256/ref/hash.c +./crypto_hash/sha256/ref/implementors +./crypto_hash/sha256/used +./crypto_hash/sha512/checksum +./crypto_hash/sha512/ref/api.h +./crypto_hash/sha512/ref/hash.c +./crypto_hash/sha512/ref/implementors +./crypto_hash/sha512/selected +./crypto_hash/sha512/used +./crypto_hash/try.c +./crypto_hash/wrapper-hash.cpp +./crypto_hashblocks/measure.c +./crypto_hashblocks/sha256/checksum +./crypto_hashblocks/sha256/inplace/api.h +./crypto_hashblocks/sha256/inplace/blocks.c +./crypto_hashblocks/sha256/inplace/implementors +./crypto_hashblocks/sha256/ref/api.h +./crypto_hashblocks/sha256/ref/blocks.c +./crypto_hashblocks/sha256/ref/implementors +./crypto_hashblocks/sha256/used +./crypto_hashblocks/sha512/checksum +./crypto_hashblocks/sha512/inplace/api.h +./crypto_hashblocks/sha512/inplace/blocks.c +./crypto_hashblocks/sha512/inplace/implementors +./crypto_hashblocks/sha512/ref/api.h +./crypto_hashblocks/sha512/ref/blocks.c +./crypto_hashblocks/sha512/ref/implementors +./crypto_hashblocks/sha512/selected +./crypto_hashblocks/sha512/used +./crypto_hashblocks/try.c +./crypto_hashblocks/wrapper-empty.cpp +./crypto_onetimeauth/measure.c +./crypto_onetimeauth/poly1305/53/api.h +./crypto_onetimeauth/poly1305/53/auth.c +./crypto_onetimeauth/poly1305/53/verify.c +./crypto_onetimeauth/poly1305/amd64/api.h +./crypto_onetimeauth/poly1305/amd64/auth.s +./crypto_onetimeauth/poly1305/amd64/constants.s +./crypto_onetimeauth/poly1305/amd64/verify.c +./crypto_onetimeauth/poly1305/checksum +./crypto_onetimeauth/poly1305/ref/api.h +./crypto_onetimeauth/poly1305/ref/auth.c +./crypto_onetimeauth/poly1305/ref/verify.c +./crypto_onetimeauth/poly1305/selected +./crypto_onetimeauth/poly1305/used +./crypto_onetimeauth/poly1305/x86/api.h +./crypto_onetimeauth/poly1305/x86/auth.s +./crypto_onetimeauth/poly1305/x86/constants.s +./crypto_onetimeauth/poly1305/x86/verify.c +./crypto_onetimeauth/try.c +./crypto_onetimeauth/wrapper-auth.cpp +./crypto_onetimeauth/wrapper-verify.cpp +./crypto_scalarmult/curve25519/checksum +./crypto_scalarmult/curve25519/donna_c64/api.h +./crypto_scalarmult/curve25519/donna_c64/base.c +./crypto_scalarmult/curve25519/donna_c64/implementors +./crypto_scalarmult/curve25519/donna_c64/smult.c +./crypto_scalarmult/curve25519/ref/api.h +./crypto_scalarmult/curve25519/ref/base.c +./crypto_scalarmult/curve25519/ref/implementors +./crypto_scalarmult/curve25519/ref/smult.c +./crypto_scalarmult/curve25519/used +./crypto_scalarmult/measure.c +./crypto_scalarmult/try.c +./crypto_scalarmult/wrapper-base.cpp +./crypto_scalarmult/wrapper-mult.cpp +./crypto_secretbox/measure.c +./crypto_secretbox/try.c +./crypto_secretbox/wrapper-box.cpp +./crypto_secretbox/wrapper-open.cpp +./crypto_secretbox/xsalsa20poly1305/checksum +./crypto_secretbox/xsalsa20poly1305/ref/api.h +./crypto_secretbox/xsalsa20poly1305/ref/box.c +./crypto_secretbox/xsalsa20poly1305/selected +./crypto_secretbox/xsalsa20poly1305/used +./crypto_sign/ed25519/description +./crypto_sign/ed25519/designers +./crypto_sign/ed25519/ref/api.h +./crypto_sign/ed25519/ref/ed25519.c +./crypto_sign/ed25519/ref/fe25519.c +./crypto_sign/ed25519/ref/fe25519.h +./crypto_sign/ed25519/ref/ge25519.c +./crypto_sign/ed25519/ref/ge25519.h +./crypto_sign/ed25519/ref/ge25519_base.data +./crypto_sign/ed25519/ref/implementors +./crypto_sign/ed25519/ref/sc25519.c +./crypto_sign/ed25519/ref/sc25519.h +./crypto_sign/ed25519/selected +./crypto_sign/ed25519/used +./crypto_sign/edwards25519sha512batch/ref/api.h +./crypto_sign/edwards25519sha512batch/ref/fe25519.c +./crypto_sign/edwards25519sha512batch/ref/fe25519.h +./crypto_sign/edwards25519sha512batch/ref/ge25519.c +./crypto_sign/edwards25519sha512batch/ref/ge25519.h +./crypto_sign/edwards25519sha512batch/ref/sc25519.c +./crypto_sign/edwards25519sha512batch/ref/sc25519.h +./crypto_sign/edwards25519sha512batch/ref/sign.c +./crypto_sign/edwards25519sha512batch/selected +./crypto_sign/edwards25519sha512batch/used +./crypto_sign/measure.c +./crypto_sign/try.c +./crypto_sign/wrapper-keypair.cpp +./crypto_sign/wrapper-sign-open.cpp +./crypto_sign/wrapper-sign.cpp +./crypto_stream/aes128ctr/checksum +./crypto_stream/aes128ctr/portable/afternm.c +./crypto_stream/aes128ctr/portable/api.h +./crypto_stream/aes128ctr/portable/beforenm.c +./crypto_stream/aes128ctr/portable/common.c +./crypto_stream/aes128ctr/portable/common.h +./crypto_stream/aes128ctr/portable/consts.c +./crypto_stream/aes128ctr/portable/consts.h +./crypto_stream/aes128ctr/portable/int128.c +./crypto_stream/aes128ctr/portable/int128.h +./crypto_stream/aes128ctr/portable/stream.c +./crypto_stream/aes128ctr/portable/types.h +./crypto_stream/aes128ctr/portable/xor_afternm.c +./crypto_stream/aes128ctr/used +./crypto_stream/measure.c +./crypto_stream/salsa20/checksum +./crypto_stream/salsa20/ref/api.h +./crypto_stream/salsa20/ref/implementors +./crypto_stream/salsa20/ref/stream.c +./crypto_stream/salsa20/ref/xor.c +./crypto_stream/salsa20/used +./crypto_stream/salsa2012/checksum +./crypto_stream/salsa2012/ref/api.h +./crypto_stream/salsa2012/ref/implementors +./crypto_stream/salsa2012/ref/stream.c +./crypto_stream/salsa2012/ref/xor.c +./crypto_stream/salsa2012/used +./crypto_stream/salsa208/checksum +./crypto_stream/salsa208/ref/api.h +./crypto_stream/salsa208/ref/implementors +./crypto_stream/salsa208/ref/stream.c +./crypto_stream/salsa208/ref/xor.c +./crypto_stream/salsa208/used +./crypto_stream/try.c +./crypto_stream/wrapper-stream.cpp +./crypto_stream/wrapper-xor.cpp +./crypto_stream/xsalsa20/checksum +./crypto_stream/xsalsa20/ref/api.h +./crypto_stream/xsalsa20/ref/implementors +./crypto_stream/xsalsa20/ref/stream.c +./crypto_stream/xsalsa20/ref/xor.c +./crypto_stream/xsalsa20/selected +./crypto_stream/xsalsa20/used +./crypto_verify/16/checksum +./crypto_verify/16/ref/api.h +./crypto_verify/16/ref/verify.c +./crypto_verify/16/used +./crypto_verify/32/checksum +./crypto_verify/32/ref/api.h +./crypto_verify/32/ref/verify.c +./crypto_verify/32/used +./crypto_verify/measure.c +./crypto_verify/try.c +./crypto_verify/wrapper-empty.cpp +./dist-dirs +./dist-files +./do +./inttypes/crypto_int16.c +./inttypes/crypto_int32.c +./inttypes/crypto_int64.c +./inttypes/crypto_int8.c +./inttypes/crypto_uint16.c +./inttypes/crypto_uint32.c +./inttypes/crypto_uint64.c +./inttypes/crypto_uint8.c +./inttypes/do +./inttypes/signed.h +./inttypes/unsigned.h +./MACROS +./Makefile.in +./measure-anything.c +./okcompilers/abiname.c +./okcompilers/abinames +./okcompilers/archivers +./okcompilers/c.in +./okcompilers/do.in +./okcompilers/lib.c +./okcompilers/lib.cpp +./okcompilers/main.c +./okcompilers/main.cpp +./okcompilers/test-okar +./okcompilers/test-okc +./okcompilers/test-okc2 +./okcompilers/test-okclink +./okcompilers/test.c +./okcompilers/test10.c +./okcompilers/test5.c +./okcompilers/test5.cpp +./okcompilers/test6.c +./okcompilers/test9.c +./OPERATIONS +./PROTOTYPES.c +./PROTOTYPES.cpp +./randombytes/devurandom.c +./randombytes/devurandom.h +./randombytes/do +./randombytes/test.c +./tests/auth.c +./tests/auth.out +./tests/auth2.c +./tests/auth2.out +./tests/auth3.c +./tests/auth3.out +./tests/auth4.cpp +./tests/auth4.out +./tests/auth5.c +./tests/auth5.out +./tests/auth6.cpp +./tests/auth6.out +./tests/box.c +./tests/box.out +./tests/box2.c +./tests/box2.out +./tests/box3.cpp +./tests/box3.out +./tests/box4.cpp +./tests/box4.out +./tests/box5.cpp +./tests/box5.out +./tests/box6.cpp +./tests/box6.out +./tests/box7.c +./tests/box7.out +./tests/box8.c +./tests/box8.out +./tests/core1.c +./tests/core1.out +./tests/core2.c +./tests/core2.out +./tests/core3.c +./tests/core3.out +./tests/core4.c +./tests/core4.out +./tests/core5.c +./tests/core5.out +./tests/core6.c +./tests/core6.out +./tests/hash.c +./tests/hash.out +./tests/hash2.cpp +./tests/hash2.out +./tests/hash3.c +./tests/hash3.out +./tests/hash4.cpp +./tests/hash4.out +./tests/Makefile.in +./tests/onetimeauth.c +./tests/onetimeauth.out +./tests/onetimeauth2.c +./tests/onetimeauth2.out +./tests/onetimeauth5.cpp +./tests/onetimeauth5.out +./tests/onetimeauth6.cpp +./tests/onetimeauth6.out +./tests/onetimeauth7.c +./tests/onetimeauth7.out +./tests/onetimeauth8.cpp +./tests/onetimeauth8.out +./tests/scalarmult.c +./tests/scalarmult.out +./tests/scalarmult2.c +./tests/scalarmult2.out +./tests/scalarmult3.cpp +./tests/scalarmult3.out +./tests/scalarmult4.cpp +./tests/scalarmult4.out +./tests/scalarmult5.c +./tests/scalarmult5.out +./tests/scalarmult6.c +./tests/scalarmult6.out +./tests/scalarmult7.cpp +./tests/scalarmult7.out +./tests/secretbox.c +./tests/secretbox.out +./tests/secretbox2.c +./tests/secretbox2.out +./tests/secretbox3.cpp +./tests/secretbox3.out +./tests/secretbox4.cpp +./tests/secretbox4.out +./tests/secretbox5.cpp +./tests/secretbox5.out +./tests/secretbox6.cpp +./tests/secretbox6.out +./tests/secretbox7.c +./tests/secretbox7.out +./tests/secretbox8.c +./tests/secretbox8.out +./tests/stream.c +./tests/stream.out +./tests/stream2.c +./tests/stream2.out +./tests/stream3.c +./tests/stream3.out +./tests/stream4.c +./tests/stream4.out +./tests/stream5.cpp +./tests/stream5.out +./tests/stream6.cpp +./tests/stream6.out +./tests/stream7.cpp +./tests/stream7.out +./tests/stream8.cpp +./tests/stream8.out +./try-anything.c +./version +./windows/include/windows-quirks.h diff --git a/src/libnacl/do b/src/libnacl/do new file mode 100755 index 00000000..bb1200f1 --- /dev/null +++ b/src/libnacl/do @@ -0,0 +1,309 @@ +#!/bin/sh + +# nacl/do +# D. J. Bernstein +# Public domain. + +version=`cat version` +project=nacl +shorthostname="localhost" + +top="`pwd`/build/$shorthostname" +bin="$top/bin" +lib="$top/lib" +include="$top/include" +work="$top/work" + +PATH="/usr/local/bin:$PATH" +PATH="/usr/sfw/bin:$PATH" +PATH="$bin:$PATH" +export PATH + +LD_LIBRARY_PATH="/usr/local/lib/sparcv9:/usr/local/lib:$LD_LIBRARY_PATH" +LD_LIBRARY_PATH="/usr/sfw/lib/sparcv9:/usr/sfw/lib:$LD_LIBRARY_PATH" +export LD_LIBRARY_PATH + +# and wacky MacOS X +DYLD_LIBRARY_PATH="/usr/local/lib/sparcv9:/usr/local/lib:$DYLD_LIBRARY_PATH" +DYLD_LIBRARY_PATH="/usr/sfw/lib/sparcv9:/usr/sfw/lib:$DYLD_LIBRARY_PATH" +export DYLD_LIBRARY_PATH + +# and work around bug in GNU sort +LANG=C +export LANG + +rm -rf "$top" +mkdir -p "$top" +mkdir -p "$bin" +mkdir -p "$lib" +mkdir -p "$include" + +exec 5>"$top/data" +exec 2>"$top/errors" +exec "$work/${project}_base.c" + okc-$abi \ + | while read compiler + do + ( cd "$work" && $compiler -c ${project}_base.c ) && break + done + okar-$abi cr "$lib/$abi/lib${project}.a" "$work/${project}_base.o" + ( okranlib-$abi "$lib/$abi/lib${project}.a" || exit 0 ) +done + +ulimit -c 0 + +# loop over operations +cat OPERATIONS \ +| while read o +do + [ -d "$o" ] || continue + + selected='' + [ -f "$o/selected" ] && selected=`cat "$o/selected"` + + # for each operation, loop over primitives + ls "$o" \ + | sort \ + | while read p + do + [ -d "$o/$p" ] || continue + expectedchecksum='' + [ -f "$o/$p/checksum" ] && expectedchecksum=`cat "$o/$p/checksum"` + op="${o}_${p}" + + startdate=`date +%Y%m%d` + + # for each operation primitive, loop over abis + okabi \ + | while read abi + do + echo "=== `date` === $abi $o/$p" + libs=`"oklibs-$abi"` + libs="$lib/$abi/cpucycles.o $libs" + [ -f "$lib/$abi/lib${project}.a" ] && libs="$lib/$abi/lib${project}.a $libs" + + rm -rf "$work" + mkdir -p "$work" + mkdir -p "$work/best" + + # for each operation primitive abi, loop over implementations + find "$o/$p" -follow -name "api.h" \ + | sort \ + | while read doth + do + implementationdir=`dirname $doth` + opi=`echo "$implementationdir" | tr ./- ___` + + echo "=== `date` === $abi $implementationdir" + + rm -rf "$work/compile" + mkdir -p "$work/compile" + + cfiles=`ls "$implementationdir" | grep '\.c$' || :` + sfiles=`ls "$implementationdir" | grep '\.[sS]$' || :` + + cp -p "$o"/*.c "$work/compile/" + + cp -pr "$implementationdir"/* "$work/compile" + + cp -p "try-anything.c" "$work/compile/try-anything.c" + + cp -p MACROS "$work/compile/MACROS" + cp -p PROTOTYPES.c "$work/compile/PROTOTYPES.c" + + ( + cd "$work/compile" + ( + echo "#ifndef ${o}_H" + echo "#define ${o}_H" + echo "" + echo "#include \"${op}.h\"" + echo "" + egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < MACROS \ + | sed "s/$o/$op/" | while read mop + do + echo "#define ${mop} ${mop}" | sed "s/$op/$o/" + done + echo "#define ${o}_PRIMITIVE \"${p}\"" + echo "#define ${o}_IMPLEMENTATION ${op}_IMPLEMENTATION" + echo "#define ${o}_VERSION ${op}_VERSION" + echo "" + echo "#endif" + ) > "$o.h" + ( + echo "#ifndef ${op}_H" + echo "#define ${op}_H" + echo "" + sed 's/[ ]CRYPTO_/ '"${opi}"'_/g' < api.h + echo '#ifdef __cplusplus' + echo '#include ' + echo 'extern "C" {' + echo '#endif' + egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < PROTOTYPES.c \ + | sed "s/$o/$opi/" + echo '#ifdef __cplusplus' + echo '}' + echo '#endif' + echo "" + egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < MACROS \ + | sed "s/$o/$opi/" | while read mopi + do + echo "#define ${mopi} ${mopi}" | sed "s/$opi/$op/" + done + echo "#define ${op}_IMPLEMENTATION \"${implementationdir}\"" + echo "#ifndef ${opi}_VERSION" + echo "#define ${opi}_VERSION \"-\"" + echo "#endif" + echo "#define ${op}_VERSION ${opi}_VERSION" + echo "" + echo "#endif" + ) > "$op.h" + + okc-$abi \ + | while read compiler + do + echo "=== `date` === $abi $implementationdir $compiler" + compilerword=`echo "$compiler" | tr ' ' '_'` + ok=1 + for f in $cfiles $sfiles + do + if [ "$ok" = 1 ] + then + $compiler \ + -I. -I"$include" -I"$include/$abi" \ + -c "$f" >../errors 2>&1 || ok=0 + ( if [ `wc -l < ../errors` -lt 25 ] + then + cat ../errors + else + head ../errors + echo ... + tail ../errors + fi + ) \ + | while read err + do + echo "$version $shorthostname $abi $startdate $o $p fromcompiler $implementationdir $compilerword $f $err" >&5 + done + fi + done + + [ "$ok" = 1 ] || continue + okar-$abi cr "$op.a" *.o || continue + okranlib-$abi "$op.a" + + $compiler \ + -I. -I"$include" -I"$include/$abi" \ + -o try try.c try-anything.c \ + "$op.a" $libs >../errors 2>&1 || ok=0 + cat ../errors \ + | while read err + do + echo "$version $shorthostname $abi $startdate $o $p fromcompiler $implementationdir $compilerword try.c $err" >&5 + done + [ "$ok" = 1 ] || continue + + rm -f ../best/*.o || continue + for f in *.o + do + cp -p "$f" "../best/${opi}-$f" + done + cp -p "$op.h" "../$op.h" + cp -p "$o.h" "../$o.h" + done + ) + done + + [ -f "$o/$p/used" ] \ + && okar-$abi cr "$lib/$abi/lib${project}.a" "$work/best"/*.o \ + && ( okranlib-$abi "$lib/$abi/lib${project}.a" || exit 0 ) \ + && cp -p "$work/$op.h" "$include/$abi/$op.h" \ + && [ -f "$o/$p/selected" ] \ + && cp -p "$work/$o.h" "$include/$abi/$o.h" \ + || : + done + done +done + +echo "=== `date` === finishing" + +touch .done diff --git a/src/libnacl/inttypes/crypto_int16.c b/src/libnacl/inttypes/crypto_int16.c new file mode 100644 index 00000000..bc160669 --- /dev/null +++ b/src/libnacl/inttypes/crypto_int16.c @@ -0,0 +1,3 @@ +#include "crypto_int16.h" +#include "signed.h" +DOIT(16,crypto_int16) diff --git a/src/libnacl/inttypes/crypto_int32.c b/src/libnacl/inttypes/crypto_int32.c new file mode 100644 index 00000000..520e6822 --- /dev/null +++ b/src/libnacl/inttypes/crypto_int32.c @@ -0,0 +1,3 @@ +#include "crypto_int32.h" +#include "signed.h" +DOIT(32,crypto_int32) diff --git a/src/libnacl/inttypes/crypto_int64.c b/src/libnacl/inttypes/crypto_int64.c new file mode 100644 index 00000000..77e815bf --- /dev/null +++ b/src/libnacl/inttypes/crypto_int64.c @@ -0,0 +1,3 @@ +#include "crypto_int64.h" +#include "signed.h" +DOIT(64,crypto_int64) diff --git a/src/libnacl/inttypes/crypto_int8.c b/src/libnacl/inttypes/crypto_int8.c new file mode 100644 index 00000000..5966c62e --- /dev/null +++ b/src/libnacl/inttypes/crypto_int8.c @@ -0,0 +1,3 @@ +#include "crypto_int8.h" +#include "signed.h" +DOIT(8,crypto_int8) diff --git a/src/libnacl/inttypes/crypto_uint16.c b/src/libnacl/inttypes/crypto_uint16.c new file mode 100644 index 00000000..16ce4a69 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint16.c @@ -0,0 +1,3 @@ +#include "crypto_uint16.h" +#include "unsigned.h" +DOIT(16,crypto_uint16) diff --git a/src/libnacl/inttypes/crypto_uint32.c b/src/libnacl/inttypes/crypto_uint32.c new file mode 100644 index 00000000..7050b573 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint32.c @@ -0,0 +1,3 @@ +#include "crypto_uint32.h" +#include "unsigned.h" +DOIT(32,crypto_uint32) diff --git a/src/libnacl/inttypes/crypto_uint64.c b/src/libnacl/inttypes/crypto_uint64.c new file mode 100644 index 00000000..808055c7 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint64.c @@ -0,0 +1,3 @@ +#include "crypto_uint64.h" +#include "unsigned.h" +DOIT(64,crypto_uint64) diff --git a/src/libnacl/inttypes/crypto_uint8.c b/src/libnacl/inttypes/crypto_uint8.c new file mode 100644 index 00000000..61683391 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint8.c @@ -0,0 +1,3 @@ +#include "crypto_uint8.h" +#include "unsigned.h" +DOIT(8,crypto_uint8) diff --git a/src/libnacl/inttypes/do b/src/libnacl/inttypes/do new file mode 100755 index 00000000..f0028e3d --- /dev/null +++ b/src/libnacl/inttypes/do @@ -0,0 +1,42 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + ( + echo 'int8 int8_t' + echo 'int16 int16_t' + echo 'int32 int32_t' + echo 'int64 int64_t' + echo 'uint8 uint8_t' + echo 'uint16 uint16_t' + echo 'uint32 uint32_t' + echo 'uint64 uint64_t' + ) | ( + while read target source + do + okc-$abi | ( + while read c + do + [ -f include/$abi/crypto_$target.h ] && continue + echo "=== `date` === $abi trying $source as $target under $c..." >&2 + rm -f crypto_$target crypto_$target.h + ( + echo "#ifndef crypto_${target}_h" + echo "#define crypto_${target}_h" + echo "" + echo "#include " + echo "" + echo "typedef ${source} crypto_${target};" + echo "" + echo "#endif" + ) > crypto_$target.h + $c -o crypto_$target crypto_$target.c || continue + mkdir -p include/$abi + cp crypto_$target.h include/$abi/crypto_$target.h + done + ) + done + ) + done +) diff --git a/src/libnacl/inttypes/signed.h b/src/libnacl/inttypes/signed.h new file mode 100644 index 00000000..92689ff8 --- /dev/null +++ b/src/libnacl/inttypes/signed.h @@ -0,0 +1,17 @@ +#define DOIT(bits,target) \ +int main() \ +{ \ + target x; \ + int i; \ + \ + x = 1; \ + for (i = 0;i < bits;++i) { \ + if (x == 0) return 100; \ + x += x; \ + } \ + if (x != 0) return 100; \ + x -= 1; \ + if (x > 0) return 100; \ + \ + return 0; \ +} diff --git a/src/libnacl/inttypes/unsigned.h b/src/libnacl/inttypes/unsigned.h new file mode 100644 index 00000000..31a7a6ea --- /dev/null +++ b/src/libnacl/inttypes/unsigned.h @@ -0,0 +1,17 @@ +#define DOIT(bits,target) \ +int main() \ +{ \ + target x; \ + int i; \ + \ + x = 1; \ + for (i = 0;i < bits;++i) { \ + if (x == 0) return 100; \ + x += x; \ + } \ + if (x != 0) return 100; \ + x -= 1; \ + if (x < 0) return 100; \ + \ + return 0; \ +} diff --git a/src/libnacl/measure-anything.c b/src/libnacl/measure-anything.c new file mode 100644 index 00000000..93941aa5 --- /dev/null +++ b/src/libnacl/measure-anything.c @@ -0,0 +1,227 @@ +/* + * measure-anything.c version 20090223 + * D. J. Bernstein + * Public domain. + */ + +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +#endif +#include "cpucycles.h" +#include "cpuid.h" + +typedef int uint32; + +static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ; +static uint32 in[12]; +static uint32 out[8]; +static int outleft = 0; + +#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) +#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); + +static void surf(void) +{ + uint32 t[12]; uint32 x; uint32 sum = 0; + int r; int i; int loop; + + for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; + for (i = 0;i < 8;++i) out[i] = seed[24 + i]; + x = t[11]; + for (loop = 0;loop < 2;++loop) { + for (r = 0;r < 16;++r) { + sum += 0x9e3779b9; + MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) + MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) + MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) + } + for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; + } +} + +void randombytes(unsigned char *x,unsigned long long xlen) +{ + while (xlen > 0) { + if (!outleft) { + if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; + surf(); + outleft = 8; + } + *x = out[--outleft]; + ++x; + --xlen; + } +} + +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void preallocate(void); +extern void allocate(void); +extern void measure(void); + +static void printword(const char *s) +{ + if (!*s) putchar('-'); + while (*s) { + if (*s == ' ') putchar('_'); + else if (*s == '\t') putchar('_'); + else if (*s == '\r') putchar('_'); + else if (*s == '\n') putchar('_'); + else putchar(*s); + ++s; + } + putchar(' '); +} + +static void printnum(long long x) +{ + printf("%lld ",x); +} + +static void fail(const char *why) +{ + fprintf(stderr,"measure: fatal: %s\n",why); + exit(111); +} + +unsigned char *alignedcalloc(unsigned long long len) +{ + unsigned char *x = (unsigned char *) calloc(1,len + 128); + if (!x) fail("out of memory"); + /* will never deallocate so shifting is ok */ + x += 63 & (-(unsigned long) x); + return x; +} + +static long long cyclespersecond; + +static void printimplementations(void) +{ + int i; + + printword("implementation"); + printword(primitiveimplementation); + printword(implementationversion); + printf("\n"); fflush(stdout); + + for (i = 0;sizenames[i];++i) { + printword(sizenames[i]); + printnum(sizes[i]); + printf("\n"); fflush(stdout); + } + + printword("cpuid"); + printword(cpuid); + printf("\n"); fflush(stdout); + + printword("cpucycles_persecond"); + printnum(cyclespersecond); + printf("\n"); fflush(stdout); + + printword("cpucycles_implementation"); + printword(cpucycles_implementation); + printf("\n"); fflush(stdout); + + printword("compiler"); + printword(COMPILER); +#if defined(__VERSION__) && !defined(__ICC) + printword(__VERSION__); +#elif defined(__xlc__) + printword(__xlc__); +#elif defined(__ICC) + { + char buf[256]; + + sprintf(buf, "%d.%d.%d", __ICC/100, __ICC%100, + __INTEL_COMPILER_BUILD_DATE); + printword(buf); + } +#elif defined(__PGIC__) + { + char buf[256]; + + sprintf(buf, "%d.%d.%d", __PGIC__, __PGIC_MINOR__, __PGIC_PATCHLEVEL__); + printword(buf); + } +#elif defined(__SUNPRO_C) + { + char buf[256]; + int major, minor, micro; + + micro = __SUNPRO_C & 0xf; + minor = (__SUNPRO_C >> 4) & 0xf; + major = (__SUNPRO_C >> 8) & 0xf; + + if (micro) + sprintf(buf, "%d.%d.%d", major, minor, micro); + else + sprintf(buf, "%d.%d", major, minor); + printword(buf); + } +#else + printword("unknown compiler version"); +#endif + printf("\n"); fflush(stdout); +} + +void printentry(long long mbytes,const char *measuring,long long *m,long long mlen) +{ + long long i; + long long j; + long long belowj; + long long abovej; + + printword(measuring); + if (mbytes >= 0) printnum(mbytes); else printword(""); + if (mlen > 0) { + for (j = 0;j + 1 < mlen;++j) { + belowj = 0; + for (i = 0;i < mlen;++i) if (m[i] < m[j]) ++belowj; + abovej = 0; + for (i = 0;i < mlen;++i) if (m[i] > m[j]) ++abovej; + if (belowj * 2 < mlen && abovej * 2 < mlen) break; + } + printnum(m[j]); + if (mlen > 1) { + for (i = 0;i < mlen;++i) printnum(m[i]); + } + } + printf("\n"); fflush(stdout); +} + +void limits() +{ +#ifdef RLIM_INFINITY + struct rlimit r; + r.rlim_cur = 0; + r.rlim_max = 0; +#ifdef RLIMIT_NOFILE + setrlimit(RLIMIT_NOFILE,&r); +#endif +#ifdef RLIMIT_NPROC + setrlimit(RLIMIT_NPROC,&r); +#endif +#ifdef RLIMIT_CORE + setrlimit(RLIMIT_CORE,&r); +#endif +#endif +} + +int main() +{ + cyclespersecond = cpucycles_persecond(); + preallocate(); + limits(); + printimplementations(); + allocate(); + measure(); + return 0; +} diff --git a/src/libnacl/okcompilers/abiname.c b/src/libnacl/okcompilers/abiname.c new file mode 100644 index 00000000..38373201 --- /dev/null +++ b/src/libnacl/okcompilers/abiname.c @@ -0,0 +1,45 @@ +#include + +const char *abi(void) +{ +#if defined(__amd64__) || defined(__x86_64__) || defined(__AMD64__) || defined(_M_X64) || defined(__amd64) + return "amd64"; +#elif defined(__i386__) || defined(__x86__) || defined(__X86__) || defined(_M_IX86) || defined(__i386) + return "x86"; +#elif defined(__ia64__) || defined(__IA64__) || defined(__M_IA64) + return "ia64"; +#elif defined(__SPU__) + return "cellspu"; +#elif defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || defined(_ARCH_PPC64) + return "ppc64"; +#elif defined(__powerpc__) || defined(__ppc__) || defined(__PPC__) || defined(_ARCH_PPC) + return "ppc32"; +#elif defined(__sparcv9__) || defined(__sparcv9) + return "sparcv9"; +#elif defined(__sparc_v8__) + return "sparcv8"; +#elif defined(__sparc__) || defined(__sparc) + if (sizeof(long) == 4) return "sparcv8"; + return "sparcv9"; +#elif defined(__ARM_EABI__) + return "armeabi"; +#elif defined(__arm__) + return "arm"; +#elif defined(__mips__) || defined(__mips) || defined(__MIPS__) +# if defined(_ABIO32) + return "mipso32"; +# elif defined(_ABIN32) + return "mips32"; +# else + return "mips64"; +# endif +#else + return "default"; +#endif +} + +int main(int argc,char **argv) +{ + printf("%s %s\n",argv[1],abi()); + return 0; +} diff --git a/src/libnacl/okcompilers/abinames b/src/libnacl/okcompilers/abinames new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/okcompilers/archivers b/src/libnacl/okcompilers/archivers new file mode 100644 index 00000000..d5851c37 --- /dev/null +++ b/src/libnacl/okcompilers/archivers @@ -0,0 +1,2 @@ +ar +ar -X64 diff --git a/src/libnacl/okcompilers/c.in b/src/libnacl/okcompilers/c.in new file mode 100755 index 00000000..51a83e1f --- /dev/null +++ b/src/libnacl/okcompilers/c.in @@ -0,0 +1 @@ +@CC@ @CPPFLAGS@ @CFLAGS@ diff --git a/src/libnacl/okcompilers/do.in b/src/libnacl/okcompilers/do.in new file mode 100755 index 00000000..2cd9e0c4 --- /dev/null +++ b/src/libnacl/okcompilers/do.in @@ -0,0 +1,26 @@ +#!/bin/sh -e + +mkdir -p bin + +echo '#!/bin/sh' > bin/okabi +echo 'echo local' >> bin/okabi + +exec < c +echo '#!/bin/sh' > bin/okc-local +while read compiler; do + $compiler lib.c main.c -o test-c || continue + echo "echo $compiler" >> bin/okc-local +done + +echo '#!/bin/sh' > bin/okcpp-local + +echo '#!/bin/sh' > bin/oklibs-local +echo 'echo " @LDFLAGS@ @LIBS@"' >> bin/oklibs-local + +echo '#!/bin/sh' > bin/okar-local +echo 'exec @AR@ "$@"' >> bin/okar-local + +echo '#!/bin/sh' > bin/okranlib-local +echo 'exec @RANLIB@ "$@"' >> bin/okranlib-local + +chmod +x bin/ok* diff --git a/src/libnacl/okcompilers/lib.c b/src/libnacl/okcompilers/lib.c new file mode 100644 index 00000000..cf2e3790 --- /dev/null +++ b/src/libnacl/okcompilers/lib.c @@ -0,0 +1,29 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} diff --git a/src/libnacl/okcompilers/lib.cpp b/src/libnacl/okcompilers/lib.cpp new file mode 100644 index 00000000..ea956244 --- /dev/null +++ b/src/libnacl/okcompilers/lib.cpp @@ -0,0 +1,19 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} diff --git a/src/libnacl/okcompilers/main.c b/src/libnacl/okcompilers/main.c new file mode 100644 index 00000000..3b7efa25 --- /dev/null +++ b/src/libnacl/okcompilers/main.c @@ -0,0 +1,25 @@ +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/main.cpp b/src/libnacl/okcompilers/main.cpp new file mode 100644 index 00000000..6255102c --- /dev/null +++ b/src/libnacl/okcompilers/main.cpp @@ -0,0 +1,22 @@ +extern "C" { + extern int not3(int); + extern int bytes(int); + extern long long shr32(long long); + extern double double5(void); +} + +int main(int argc,char **argv) +{ + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test-okar b/src/libnacl/okcompilers/test-okar new file mode 100755 index 00000000..8b82a5ff --- /dev/null +++ b/src/libnacl/okcompilers/test-okar @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +ar "$@" diff --git a/src/libnacl/okcompilers/test-okc b/src/libnacl/okcompilers/test-okc new file mode 100755 index 00000000..45a48aed --- /dev/null +++ b/src/libnacl/okcompilers/test-okc @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +gcc -O2 -fomit-frame-pointer "$@" diff --git a/src/libnacl/okcompilers/test-okc2 b/src/libnacl/okcompilers/test-okc2 new file mode 100755 index 00000000..b18ee307 --- /dev/null +++ b/src/libnacl/okcompilers/test-okc2 @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +g++ -O2 -fomit-frame-pointer "$@" diff --git a/src/libnacl/okcompilers/test-okclink b/src/libnacl/okcompilers/test-okclink new file mode 100755 index 00000000..c4b2bca8 --- /dev/null +++ b/src/libnacl/okcompilers/test-okclink @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +gcc -O2 -fomit-frame-pointer "$@" -lrt -lm diff --git a/src/libnacl/okcompilers/test.c b/src/libnacl/okcompilers/test.c new file mode 100644 index 00000000..973a5c48 --- /dev/null +++ b/src/libnacl/okcompilers/test.c @@ -0,0 +1,54 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test10.c b/src/libnacl/okcompilers/test10.c new file mode 100644 index 00000000..cf2e3790 --- /dev/null +++ b/src/libnacl/okcompilers/test10.c @@ -0,0 +1,29 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} diff --git a/src/libnacl/okcompilers/test5.c b/src/libnacl/okcompilers/test5.c new file mode 100644 index 00000000..3b7efa25 --- /dev/null +++ b/src/libnacl/okcompilers/test5.c @@ -0,0 +1,25 @@ +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test5.cpp b/src/libnacl/okcompilers/test5.cpp new file mode 100644 index 00000000..6255102c --- /dev/null +++ b/src/libnacl/okcompilers/test5.cpp @@ -0,0 +1,22 @@ +extern "C" { + extern int not3(int); + extern int bytes(int); + extern long long shr32(long long); + extern double double5(void); +} + +int main(int argc,char **argv) +{ + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test6.c b/src/libnacl/okcompilers/test6.c new file mode 100644 index 00000000..cf2e3790 --- /dev/null +++ b/src/libnacl/okcompilers/test6.c @@ -0,0 +1,29 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} diff --git a/src/libnacl/okcompilers/test9.c b/src/libnacl/okcompilers/test9.c new file mode 100644 index 00000000..3b7efa25 --- /dev/null +++ b/src/libnacl/okcompilers/test9.c @@ -0,0 +1,25 @@ +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/randombytes/devurandom.c b/src/libnacl/randombytes/devurandom.c new file mode 100644 index 00000000..d8b24db5 --- /dev/null +++ b/src/libnacl/randombytes/devurandom.c @@ -0,0 +1,46 @@ +#include +#include +#include +#include +#ifdef _WIN32 +# include +#endif + +/* it's really stupid that there isn't a syscall for this */ +/* -> Y U NO USE OPENBSD? */ + +static int fd = -1; + +void randombytes(unsigned char *x,unsigned long long xlen) +{ + int i; + + if (fd == -1) { + for (;;) { + fd = open("/dev/urandom",O_RDONLY); + if (fd != -1) break; +#ifdef _WIN32 + Sleep(1000); +#else + sleep(1); +#endif + } + } + + while (xlen > 0) { + if (xlen < 1048576) i = xlen; else i = 1048576; + + i = read(fd,x,i); + if (i < 1) { +#ifdef _WIN32 + Sleep(1000); +#else + sleep(1); +#endif + continue; + } + + x += i; + xlen -= i; + } +} diff --git a/src/libnacl/randombytes/devurandom.h b/src/libnacl/randombytes/devurandom.h new file mode 100644 index 00000000..2e0caf8a --- /dev/null +++ b/src/libnacl/randombytes/devurandom.h @@ -0,0 +1,24 @@ +/* +randombytes/devurandom.h version 20080713 +D. J. Bernstein +Public domain. +*/ + +#ifndef randombytes_devurandom_H +#define randombytes_devurandom_H + +#ifdef __cplusplus +extern "C" { +#endif + +extern void randombytes(unsigned char *,unsigned long long); + +#ifdef __cplusplus +} +#endif + +#ifndef randombytes_implementation +#define randombytes_implementation "devurandom" +#endif + +#endif diff --git a/src/libnacl/randombytes/do b/src/libnacl/randombytes/do new file mode 100755 index 00000000..b2db184a --- /dev/null +++ b/src/libnacl/randombytes/do @@ -0,0 +1,43 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + + rm -f randombytes.o randombytes.h + + ( + echo devurandom + ) | ( + while read n + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f test randombytes-impl.o randombytes-impl.h randombytes-impl.c + cp $n.c randombytes-impl.c || continue + cp $n.h randombytes-impl.h || continue + $c -c randombytes-impl.c || continue + $c -o test test.c randombytes-impl.o || continue + [ -r /dev/urandom ] || continue + echo "=== `date` === Success. Using $n.c." >&2 + mkdir -p lib/$abi + mv randombytes-impl.o lib/$abi/randombytes.o + mkdir -p include/$abi + mv randombytes-impl.h include/$abi/randombytes.h + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) || ( + echo ===== Giving up. >&2 + rm -f test randombytes-impl.o randombytes-impl.h randombytes-impl.c + exit 111 + ) || exit 111 + + done + exit 0 +) || exit 111 diff --git a/src/libnacl/randombytes/test.c b/src/libnacl/randombytes/test.c new file mode 100644 index 00000000..646811ca --- /dev/null +++ b/src/libnacl/randombytes/test.c @@ -0,0 +1,15 @@ +#include "randombytes-impl.h" + +unsigned char x[65536]; +unsigned long long freq[256]; + +int main() +{ + unsigned long long i; + + randombytes(x,sizeof x); + for (i = 0;i < 256;++i) freq[i] = 0; + for (i = 0;i < sizeof x;++i) ++freq[255 & (int) x[i]]; + for (i = 0;i < 256;++i) if (!freq[i]) return 111; + return 0; +} diff --git a/src/libnacl/tests/auth.c b/src/libnacl/tests/auth.c new file mode 100644 index 00000000..5086624e --- /dev/null +++ b/src/libnacl/tests/auth.c @@ -0,0 +1,19 @@ +#include +#include "crypto_auth_hmacsha512256.h" + +/* "Test Case 2" from RFC 4231 */ +unsigned char key[32] = "Jefe"; +unsigned char c[28] = "what do ya want for nothing?"; + +unsigned char a[32]; + +main() +{ + int i; + crypto_auth_hmacsha512256(a,c,sizeof c,key); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/auth.out b/src/libnacl/tests/auth.out new file mode 100644 index 00000000..35e5909d --- /dev/null +++ b/src/libnacl/tests/auth.out @@ -0,0 +1,4 @@ +,0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2 +,0xe3,0x95,0xfb,0xe7,0x3b,0x56,0xe0,0xa3 +,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6 +,0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54 diff --git a/src/libnacl/tests/auth2.c b/src/libnacl/tests/auth2.c new file mode 100644 index 00000000..ba191de4 --- /dev/null +++ b/src/libnacl/tests/auth2.c @@ -0,0 +1,34 @@ +/* "Test Case AUTH256-4" from RFC 4868 */ + +#include +#include "crypto_auth_hmacsha256.h" + +unsigned char key[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 +,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 +,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20 +} ; + +unsigned char c[50] = { + 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd +} ; + +unsigned char a[32]; + +main() +{ + int i; + crypto_auth_hmacsha256(a,c,sizeof c,key); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/auth2.out b/src/libnacl/tests/auth2.out new file mode 100644 index 00000000..955951a2 --- /dev/null +++ b/src/libnacl/tests/auth2.out @@ -0,0 +1,4 @@ +,0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2 +,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4 +,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25 +,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f diff --git a/src/libnacl/tests/auth3.c b/src/libnacl/tests/auth3.c new file mode 100644 index 00000000..b713b388 --- /dev/null +++ b/src/libnacl/tests/auth3.c @@ -0,0 +1,34 @@ +/* "Test Case AUTH256-4" from RFC 4868 */ + +#include +#include "crypto_auth_hmacsha256.h" + +unsigned char key[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 +,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 +,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20 +} ; + +unsigned char c[50] = { + 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd +} ; + +unsigned char a[32] = { + 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2 +,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4 +,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25 +,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f +} ; + +main() +{ + printf("%d\n",crypto_auth_hmacsha256_verify(a,c,sizeof c,key)); + return 0; +} diff --git a/src/libnacl/tests/auth3.out b/src/libnacl/tests/auth3.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/auth3.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/auth4.cpp b/src/libnacl/tests/auth4.cpp new file mode 100644 index 00000000..a94837d2 --- /dev/null +++ b/src/libnacl/tests/auth4.cpp @@ -0,0 +1,44 @@ +/* "Test Case AUTH256-4" from RFC 4868 */ + +#include +using std::string; +#include +#include "crypto_auth_hmacsha256.h" + +char key_bytes[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 +,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 +,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20 +} ; + +char c_bytes[50] = { + 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd +} ; + +char a_bytes[32] = { + 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2 +,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4 +,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25 +,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f +} ; + +main() +{ + string key(key_bytes,sizeof key_bytes); + string c(c_bytes,sizeof c_bytes); + string a(a_bytes,sizeof a_bytes); + try { + crypto_auth_hmacsha256_verify(a,c,key); + printf("0\n"); + } catch(const char *s) { + printf("%s\n",s); + } + return 0; +} diff --git a/src/libnacl/tests/auth4.out b/src/libnacl/tests/auth4.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/auth4.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/auth5.c b/src/libnacl/tests/auth5.c new file mode 100644 index 00000000..92d8fea3 --- /dev/null +++ b/src/libnacl/tests/auth5.c @@ -0,0 +1,37 @@ +#include +#include +#include "crypto_auth_hmacsha512256.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char key[32]; +unsigned char c[10000]; +unsigned char a[32]; + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + randombytes(key,sizeof key); + randombytes(c,clen); + crypto_auth_hmacsha512256(a,c,clen,key); + if (crypto_auth_hmacsha512256_verify(a,c,clen,key) != 0) { + printf("fail %d\n",clen); + return 100; + } + if (clen > 0) { + c[random() % clen] += 1 + (random() % 255); + if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + a[random() % sizeof a] += 1 + (random() % 255); + if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/auth5.out b/src/libnacl/tests/auth5.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/auth6.cpp b/src/libnacl/tests/auth6.cpp new file mode 100644 index 00000000..dffb6388 --- /dev/null +++ b/src/libnacl/tests/auth6.cpp @@ -0,0 +1,46 @@ +#include +using std::string; +#include +#include +#include "crypto_auth_hmacsha512256.h" +#include "randombytes.h" + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + unsigned char key_bytes[32]; + randombytes(key_bytes,sizeof key_bytes); + string key((char *) key_bytes,sizeof key_bytes); + unsigned char c_bytes[clen]; + randombytes(c_bytes,sizeof c_bytes); + string c((char *) c_bytes,sizeof c_bytes); + string a = crypto_auth_hmacsha512256(c,key); + try { + crypto_auth_hmacsha512256_verify(a,c,key); + } catch(const char *s) { + printf("fail %d %s\n",clen,s); + return 100; + } + if (clen > 0) { + size_t pos = random() % clen; + c.replace(pos,1,1,c[pos] + 1 + (random() % 255)); + try { + crypto_auth_hmacsha512256_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + pos = random() % a.size(); + a.replace(pos,1,1,a[pos] + 1 + (random() % 255)); + try { + crypto_auth_hmacsha512256_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/auth6.out b/src/libnacl/tests/auth6.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box.c b/src/libnacl/tests/box.c new file mode 100644 index 00000000..b57a9883 --- /dev/null +++ b/src/libnacl/tests/box.c @@ -0,0 +1,63 @@ +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +unsigned char alicesk[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +unsigned char bobpk[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 32 bytes to be 0 +unsigned char m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +unsigned char c[163]; + +main() +{ + int i; + crypto_box_curve25519xsalsa20poly1305( + c,m,163,nonce,bobpk,alicesk + ); + for (i = 16;i < 163;++i) { + printf(",0x%02x",(unsigned int) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/box.out b/src/libnacl/tests/box.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/box.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/box2.c b/src/libnacl/tests/box2.c new file mode 100644 index 00000000..0a531142 --- /dev/null +++ b/src/libnacl/tests/box2.c @@ -0,0 +1,64 @@ +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +unsigned char bobsk[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +unsigned char alicepk[32] = { + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 16 bytes to be 0 +unsigned char c[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char m[163]; + +main() +{ + int i; + if (crypto_box_curve25519xsalsa20poly1305_open( + m,c,163,nonce,alicepk,bobsk + ) == 0) { + for (i = 32;i < 163;++i) { + printf(",0x%02x",(unsigned int) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/box2.out b/src/libnacl/tests/box2.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/box2.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/box3.cpp b/src/libnacl/tests/box3.cpp new file mode 100644 index 00000000..db89dd03 --- /dev/null +++ b/src/libnacl/tests/box3.cpp @@ -0,0 +1,60 @@ +#include +using std::string; +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +char alicesk_bytes[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +char bobpk_bytes[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char m_bytes[131] = { + 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +main() +{ + int i; + string m(m_bytes,sizeof m_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string bobpk(bobpk_bytes,sizeof bobpk_bytes); + string alicesk(alicesk_bytes,sizeof alicesk_bytes); + string c = crypto_box_curve25519xsalsa20poly1305(m,nonce,bobpk,alicesk); + for (i = 0;i < c.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/box3.out b/src/libnacl/tests/box3.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/box3.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/box4.cpp b/src/libnacl/tests/box4.cpp new file mode 100644 index 00000000..7f48fcd6 --- /dev/null +++ b/src/libnacl/tests/box4.cpp @@ -0,0 +1,66 @@ +#include +using std::string; +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +char bobsk_bytes[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +char alicepk_bytes[32] = { + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char c_bytes[147] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +main() +{ + int i; + string c(c_bytes,sizeof c_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string alicepk(alicepk_bytes,sizeof alicepk_bytes); + string bobsk(bobsk_bytes,sizeof bobsk_bytes); + try { + string m = crypto_box_curve25519xsalsa20poly1305_open(c,nonce,alicepk,bobsk); + for (i = 0;i < m.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + } catch(const char *s) { + printf("%s\n",s); + } + return 0; +} diff --git a/src/libnacl/tests/box4.out b/src/libnacl/tests/box4.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/box4.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/box5.cpp b/src/libnacl/tests/box5.cpp new file mode 100644 index 00000000..366e2e30 --- /dev/null +++ b/src/libnacl/tests/box5.cpp @@ -0,0 +1,30 @@ +#include +using std::string; +#include +#include "crypto_box.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + string alicesk; + string alicepk = crypto_box_keypair(&alicesk); + string bobsk; + string bobpk = crypto_box_keypair(&bobsk); + unsigned char nbytes[crypto_box_NONCEBYTES]; + randombytes(nbytes,crypto_box_NONCEBYTES); + string n((char *) nbytes,crypto_box_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_box(m,n,bobpk,alicesk); + try { + string m2 = crypto_box_open(c,n,alicepk,bobsk); + if (m != m2) printf("bad decryption\n"); + } catch(const char *s) { + printf("%s\n",s); + } + } + return 0; +} diff --git a/src/libnacl/tests/box5.out b/src/libnacl/tests/box5.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box6.cpp b/src/libnacl/tests/box6.cpp new file mode 100644 index 00000000..bab18105 --- /dev/null +++ b/src/libnacl/tests/box6.cpp @@ -0,0 +1,43 @@ +#include +using std::string; +#include +#include +#include "crypto_box.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + string alicesk; + string alicepk = crypto_box_keypair(&alicesk); + string bobsk; + string bobpk = crypto_box_keypair(&bobsk); + unsigned char nbytes[crypto_box_NONCEBYTES]; + randombytes(nbytes,crypto_box_NONCEBYTES); + string n((char *) nbytes,crypto_box_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_box(m,n,bobpk,alicesk); + int caught = 0; + while (caught < 10) { + c.replace(random() % c.size(),1,1,random()); + try { + string m2 = crypto_box_open(c,n,alicepk,bobsk); + if (m != m2) { + printf("forgery\n"); + return 100; + } + } catch(const char *s) { + if (string(s) == string("ciphertext fails verification")) + ++caught; + else { + printf("%s\n",s); + return 111; + } + } + } + } + return 0; +} diff --git a/src/libnacl/tests/box6.out b/src/libnacl/tests/box6.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box7.c b/src/libnacl/tests/box7.c new file mode 100644 index 00000000..809301c1 --- /dev/null +++ b/src/libnacl/tests/box7.c @@ -0,0 +1,36 @@ +#include +#include "crypto_box.h" +#include "randombytes.h" + +unsigned char alicesk[crypto_box_SECRETKEYBYTES]; +unsigned char alicepk[crypto_box_PUBLICKEYBYTES]; +unsigned char bobsk[crypto_box_SECRETKEYBYTES]; +unsigned char bobpk[crypto_box_PUBLICKEYBYTES]; +unsigned char n[crypto_box_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + + for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) { + crypto_box_keypair(alicepk,alicesk); + crypto_box_keypair(bobpk,bobsk); + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk); + if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) { + for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("bad decryption\n"); + break; + } + } else { + printf("ciphertext fails verification\n"); + } + } + return 0; +} diff --git a/src/libnacl/tests/box7.out b/src/libnacl/tests/box7.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box8.c b/src/libnacl/tests/box8.c new file mode 100644 index 00000000..8f2b919a --- /dev/null +++ b/src/libnacl/tests/box8.c @@ -0,0 +1,43 @@ +#include +#include +#include "crypto_box.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char alicesk[crypto_box_SECRETKEYBYTES]; +unsigned char alicepk[crypto_box_PUBLICKEYBYTES]; +unsigned char bobsk[crypto_box_SECRETKEYBYTES]; +unsigned char bobpk[crypto_box_PUBLICKEYBYTES]; +unsigned char n[crypto_box_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + int caught; + + for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) { + crypto_box_keypair(alicepk,alicesk); + crypto_box_keypair(bobpk,bobsk); + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk); + caught = 0; + while (caught < 10) { + c[random() % (mlen + crypto_box_ZEROBYTES)] = random(); + if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) { + for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("forgery\n"); + return 100; + } + } else { + ++caught; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/box8.out b/src/libnacl/tests/box8.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/core1.c b/src/libnacl/tests/core1.c new file mode 100644 index 00000000..9a8fc51d --- /dev/null +++ b/src/libnacl/tests/core1.c @@ -0,0 +1,30 @@ +#include +#include "crypto_core_hsalsa20.h" + +unsigned char shared[32] = { + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 +} ; + +unsigned char zero[32] = { 0 }; + +unsigned char c[16] = { + 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 +,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b +} ; + +unsigned char firstkey[32]; + +main() +{ + int i; + crypto_core_hsalsa20(firstkey,zero,shared,c); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) firstkey[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core1.out b/src/libnacl/tests/core1.out new file mode 100644 index 00000000..715a489d --- /dev/null +++ b/src/libnacl/tests/core1.out @@ -0,0 +1,4 @@ + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 diff --git a/src/libnacl/tests/core2.c b/src/libnacl/tests/core2.c new file mode 100644 index 00000000..08402285 --- /dev/null +++ b/src/libnacl/tests/core2.c @@ -0,0 +1,33 @@ +#include +#include "crypto_core_hsalsa20.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonceprefix[16] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +} ; + +unsigned char c[16] = { + 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 +,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b +} ; + +unsigned char secondkey[32]; + +main() +{ + int i; + crypto_core_hsalsa20(secondkey,nonceprefix,firstkey,c); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) secondkey[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core2.out b/src/libnacl/tests/core2.out new file mode 100644 index 00000000..f4682af0 --- /dev/null +++ b/src/libnacl/tests/core2.out @@ -0,0 +1,4 @@ + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 diff --git a/src/libnacl/tests/core3.c b/src/libnacl/tests/core3.c new file mode 100644 index 00000000..4c759a5b --- /dev/null +++ b/src/libnacl/tests/core3.c @@ -0,0 +1,41 @@ +#include +#include "crypto_core_salsa20.h" +#include "crypto_hash_sha256.h" + +unsigned char secondkey[32] = { + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 +} ; + +unsigned char noncesuffix[8] = { + 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char c[16] = { + 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 +,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b +} ; + +unsigned char in[16] = { 0 } ; + +unsigned char output[64 * 256 * 256]; + +unsigned char h[32]; + +main() +{ + int i; + long long pos = 0; + for (i = 0;i < 8;++i) in[i] = noncesuffix[i]; + do { + do { + crypto_core_salsa20(output + pos,in,secondkey,c); + pos += 64; + } while (++in[8]); + } while (++in[9]); + crypto_hash_sha256(h,output,sizeof output); + for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/core3.out b/src/libnacl/tests/core3.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/core3.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/core4.c b/src/libnacl/tests/core4.c new file mode 100644 index 00000000..1f238c5e --- /dev/null +++ b/src/libnacl/tests/core4.c @@ -0,0 +1,33 @@ +#include +#include "crypto_core_salsa20.h" + +unsigned char k[32] = { + 1, 2, 3, 4, 5, 6, 7, 8 +, 9, 10, 11, 12, 13, 14, 15, 16 +,201,202,203,204,205,206,207,208 +,209,210,211,212,213,214,215,216 +} ; + +unsigned char in[16] = { + 101,102,103,104,105,106,107,108 +,109,110,111,112,113,114,115,116 +} ; + +unsigned char c[16] = { + 101,120,112, 97,110,100, 32, 51 +, 50, 45, 98,121,116,101, 32,107 +} ; + +unsigned char out[64]; + +main() +{ + int i; + crypto_core_salsa20(out,in,k,c); + for (i = 0;i < 64;++i) { + if (i > 0) printf(","); else printf(" "); + printf("%3d",(unsigned int) out[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core4.out b/src/libnacl/tests/core4.out new file mode 100644 index 00000000..d04e5b5e --- /dev/null +++ b/src/libnacl/tests/core4.out @@ -0,0 +1,8 @@ + 69, 37, 68, 39, 41, 15,107,193 +,255,139,122, 6,170,233,217, 98 +, 89,144,182,106, 21, 51,200, 65 +,239, 49,222, 34,215,114, 40,126 +,104,197, 7,225,197,153, 31, 2 +,102, 78, 76,176, 84,245,246,184 +,177,160,133,130, 6, 72,149,119 +,192,195,132,236,234,103,246, 74 diff --git a/src/libnacl/tests/core5.c b/src/libnacl/tests/core5.c new file mode 100644 index 00000000..6353477d --- /dev/null +++ b/src/libnacl/tests/core5.c @@ -0,0 +1,32 @@ +#include +#include "crypto_core_hsalsa20.h" + +unsigned char k[32] = { + 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c +,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f +,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b +,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77 +} ; + +unsigned char in[16] = { + 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b +,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52 +} ; + +unsigned char c[16] = { + 101,120,112, 97,110,100, 32, 51 +, 50, 45, 98,121,116,101, 32,107 +} ; + +unsigned char out[32]; + +main() +{ + int i; + crypto_core_hsalsa20(out,in,k,c); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) out[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core5.out b/src/libnacl/tests/core5.out new file mode 100644 index 00000000..562cf717 --- /dev/null +++ b/src/libnacl/tests/core5.out @@ -0,0 +1,4 @@ +,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40 +,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45 +,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94 +,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd diff --git a/src/libnacl/tests/core6.c b/src/libnacl/tests/core6.c new file mode 100644 index 00000000..67f35df9 --- /dev/null +++ b/src/libnacl/tests/core6.c @@ -0,0 +1,47 @@ +#include +#include "crypto_core_salsa20.h" + +unsigned char k[32] = { + 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c +,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f +,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b +,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77 +} ; + +unsigned char in[16] = { + 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b +,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52 +} ; + +unsigned char c[16] = { + 101,120,112, 97,110,100, 32, 51 +, 50, 45, 98,121,116,101, 32,107 +} ; + +unsigned char out[64]; + +void print(unsigned char *x,unsigned char *y) +{ + int i; + unsigned int borrow = 0; + for (i = 0;i < 4;++i) { + unsigned int xi = x[i]; + unsigned int yi = y[i]; + printf(",0x%02x",255 & (xi - yi - borrow)); + borrow = (xi < yi + borrow); + } +} + +main() +{ + crypto_core_salsa20(out,in,k,c); + print(out,c); + print(out + 20,c + 4); printf("\n"); + print(out + 40,c + 8); + print(out + 60,c + 12); printf("\n"); + print(out + 24,in); + print(out + 28,in + 4); printf("\n"); + print(out + 32,in + 8); + print(out + 36,in + 12); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/core6.out b/src/libnacl/tests/core6.out new file mode 100644 index 00000000..562cf717 --- /dev/null +++ b/src/libnacl/tests/core6.out @@ -0,0 +1,4 @@ +,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40 +,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45 +,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94 +,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd diff --git a/src/libnacl/tests/hash.c b/src/libnacl/tests/hash.c new file mode 100644 index 00000000..8de470aa --- /dev/null +++ b/src/libnacl/tests/hash.c @@ -0,0 +1,14 @@ +#include +#include "crypto_hash.h" + +unsigned char x[8] = "testing\n"; +unsigned char h[crypto_hash_BYTES]; + +int main() +{ + int i; + crypto_hash(h,x,sizeof x); + for (i = 0;i < crypto_hash_BYTES;++i) printf("%02x",(unsigned int) h[i]); + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/hash.out b/src/libnacl/tests/hash.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/hash2.cpp b/src/libnacl/tests/hash2.cpp new file mode 100644 index 00000000..6594620d --- /dev/null +++ b/src/libnacl/tests/hash2.cpp @@ -0,0 +1,18 @@ +#include +#include +using std::string; +using std::cout; +using std::hex; +#include "crypto_hash.h" + +int main() +{ + string x = "testing\n"; + string h = crypto_hash(x); + for (int i = 0;i < h.size();++i) { + cout << hex << (15 & (int) (h[i] >> 4)); + cout << hex << (15 & (int) h[i]); + } + cout << "\n"; + return 0; +} diff --git a/src/libnacl/tests/hash2.out b/src/libnacl/tests/hash2.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash2.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/hash3.c b/src/libnacl/tests/hash3.c new file mode 100644 index 00000000..10b89b90 --- /dev/null +++ b/src/libnacl/tests/hash3.c @@ -0,0 +1,14 @@ +#include +#include "crypto_hash_sha512.h" + +unsigned char x[8] = "testing\n"; +unsigned char h[crypto_hash_sha512_BYTES]; + +int main() +{ + int i; + crypto_hash_sha512(h,x,sizeof x); + for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",(unsigned int) h[i]); + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/hash3.out b/src/libnacl/tests/hash3.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash3.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/hash4.cpp b/src/libnacl/tests/hash4.cpp new file mode 100644 index 00000000..1d0a3f37 --- /dev/null +++ b/src/libnacl/tests/hash4.cpp @@ -0,0 +1,18 @@ +#include +#include +using std::string; +using std::cout; +using std::hex; +#include "crypto_hash_sha512.h" + +int main() +{ + string x = "testing\n"; + string h = crypto_hash_sha512(x); + for (int i = 0;i < h.size();++i) { + cout << hex << (15 & (int) (h[i] >> 4)); + cout << hex << (15 & (int) h[i]); + } + cout << "\n"; + return 0; +} diff --git a/src/libnacl/tests/hash4.out b/src/libnacl/tests/hash4.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash4.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/onetimeauth.c b/src/libnacl/tests/onetimeauth.c new file mode 100644 index 00000000..60a2df14 --- /dev/null +++ b/src/libnacl/tests/onetimeauth.c @@ -0,0 +1,42 @@ +#include +#include "crypto_onetimeauth_poly1305.h" + +unsigned char rs[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +unsigned char c[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char a[16]; + +main() +{ + int i; + crypto_onetimeauth_poly1305(a,c,131,rs); + for (i = 0;i < 16;++i) { + printf(",0x%02x",(unsigned int) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth.out b/src/libnacl/tests/onetimeauth.out new file mode 100644 index 00000000..6d914615 --- /dev/null +++ b/src/libnacl/tests/onetimeauth.out @@ -0,0 +1,2 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 diff --git a/src/libnacl/tests/onetimeauth2.c b/src/libnacl/tests/onetimeauth2.c new file mode 100644 index 00000000..64c1a9cd --- /dev/null +++ b/src/libnacl/tests/onetimeauth2.c @@ -0,0 +1,40 @@ +#include +#include "crypto_onetimeauth_poly1305.h" + +unsigned char rs[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +unsigned char c[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char a[16] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +} ; + +main() +{ + printf("%d\n",crypto_onetimeauth_poly1305_verify(a,c,131,rs)); + return 0; +} diff --git a/src/libnacl/tests/onetimeauth2.out b/src/libnacl/tests/onetimeauth2.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/onetimeauth2.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/onetimeauth5.cpp b/src/libnacl/tests/onetimeauth5.cpp new file mode 100644 index 00000000..884892ac --- /dev/null +++ b/src/libnacl/tests/onetimeauth5.cpp @@ -0,0 +1,46 @@ +#include +using std::string; +#include +#include "crypto_onetimeauth_poly1305.h" + +char rs_bytes[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +char c_bytes[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char a[16]; + +main() +{ + int i; + string c(c_bytes,sizeof c_bytes); + string rs(rs_bytes,sizeof rs_bytes); + string a = crypto_onetimeauth_poly1305(c,rs); + for (i = 0;i < a.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth5.out b/src/libnacl/tests/onetimeauth5.out new file mode 100644 index 00000000..6d914615 --- /dev/null +++ b/src/libnacl/tests/onetimeauth5.out @@ -0,0 +1,2 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 diff --git a/src/libnacl/tests/onetimeauth6.cpp b/src/libnacl/tests/onetimeauth6.cpp new file mode 100644 index 00000000..d79d4613 --- /dev/null +++ b/src/libnacl/tests/onetimeauth6.cpp @@ -0,0 +1,50 @@ +#include +using std::string; +#include +#include "crypto_onetimeauth_poly1305.h" + +char rs_bytes[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +char c_bytes[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +char a_bytes[16] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +} ; + +main() +{ + string rs(rs_bytes,sizeof rs_bytes); + string c(c_bytes,sizeof c_bytes); + string a(a_bytes,sizeof a_bytes); + try { + crypto_onetimeauth_poly1305_verify(a,c,rs); + printf("0\n"); + } catch(const char *s) { + printf("%s\n",s); + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth6.out b/src/libnacl/tests/onetimeauth6.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/onetimeauth6.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/onetimeauth7.c b/src/libnacl/tests/onetimeauth7.c new file mode 100644 index 00000000..e4b38618 --- /dev/null +++ b/src/libnacl/tests/onetimeauth7.c @@ -0,0 +1,37 @@ +#include +#include +#include "crypto_onetimeauth_poly1305.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char key[32]; +unsigned char c[10000]; +unsigned char a[16]; + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + randombytes(key,sizeof key); + randombytes(c,clen); + crypto_onetimeauth_poly1305(a,c,clen,key); + if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) != 0) { + printf("fail %d\n",clen); + return 100; + } + if (clen > 0) { + c[random() % clen] += 1 + (random() % 255); + if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + a[random() % sizeof a] += 1 + (random() % 255); + if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth7.out b/src/libnacl/tests/onetimeauth7.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/onetimeauth8.cpp b/src/libnacl/tests/onetimeauth8.cpp new file mode 100644 index 00000000..ce554fb4 --- /dev/null +++ b/src/libnacl/tests/onetimeauth8.cpp @@ -0,0 +1,46 @@ +#include +using std::string; +#include +#include +#include "crypto_onetimeauth_poly1305.h" +#include "randombytes.h" + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + unsigned char key_bytes[32]; + randombytes(key_bytes,sizeof key_bytes); + string key((char *) key_bytes,sizeof key_bytes); + unsigned char c_bytes[clen]; + randombytes(c_bytes,sizeof c_bytes); + string c((char *) c_bytes,sizeof c_bytes); + string a = crypto_onetimeauth_poly1305(c,key); + try { + crypto_onetimeauth_poly1305_verify(a,c,key); + } catch(const char *s) { + printf("fail %d %s\n",clen,s); + return 100; + } + if (clen > 0) { + size_t pos = random() % clen; + c.replace(pos,1,1,c[pos] + 1 + (random() % 255)); + try { + crypto_onetimeauth_poly1305_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + pos = random() % a.size(); + a.replace(pos,1,1,a[pos] + 1 + (random() % 255)); + try { + crypto_onetimeauth_poly1305_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth8.out b/src/libnacl/tests/onetimeauth8.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/scalarmult.c b/src/libnacl/tests/scalarmult.c new file mode 100644 index 00000000..d9265954 --- /dev/null +++ b/src/libnacl/tests/scalarmult.c @@ -0,0 +1,23 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char alicesk[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +unsigned char alicepk[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519_base(alicepk,alicesk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) alicepk[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult.out b/src/libnacl/tests/scalarmult.out new file mode 100644 index 00000000..ddd130d6 --- /dev/null +++ b/src/libnacl/tests/scalarmult.out @@ -0,0 +1,4 @@ + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a diff --git a/src/libnacl/tests/scalarmult2.c b/src/libnacl/tests/scalarmult2.c new file mode 100644 index 00000000..90e6360d --- /dev/null +++ b/src/libnacl/tests/scalarmult2.c @@ -0,0 +1,23 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char bobsk[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +unsigned char bobpk[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519_base(bobpk,bobsk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) bobpk[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult2.out b/src/libnacl/tests/scalarmult2.out new file mode 100644 index 00000000..b5391865 --- /dev/null +++ b/src/libnacl/tests/scalarmult2.out @@ -0,0 +1,4 @@ + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f diff --git a/src/libnacl/tests/scalarmult3.cpp b/src/libnacl/tests/scalarmult3.cpp new file mode 100644 index 00000000..4e8fef3d --- /dev/null +++ b/src/libnacl/tests/scalarmult3.cpp @@ -0,0 +1,31 @@ +#include +#include +#include +using std::string; +using std::cout; +using std::setfill; +using std::setw; +using std::hex; +#include "crypto_scalarmult_curve25519.h" + +char alicesk_bytes[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +main() +{ + int i; + cout << setfill('0'); + string alicesk(alicesk_bytes,sizeof alicesk_bytes); + string alicepk = crypto_scalarmult_curve25519_base(alicesk); + for (i = 0;i < alicepk.size();++i) { + unsigned char c = alicepk[i]; + if (i > 0) cout << ","; else cout << " "; + cout << "0x" << hex << setw(2) << (unsigned int) c; + if (i % 8 == 7) cout << "\n"; + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult3.out b/src/libnacl/tests/scalarmult3.out new file mode 100644 index 00000000..ddd130d6 --- /dev/null +++ b/src/libnacl/tests/scalarmult3.out @@ -0,0 +1,4 @@ + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a diff --git a/src/libnacl/tests/scalarmult4.cpp b/src/libnacl/tests/scalarmult4.cpp new file mode 100644 index 00000000..8e4d64e9 --- /dev/null +++ b/src/libnacl/tests/scalarmult4.cpp @@ -0,0 +1,31 @@ +#include +#include +#include +using std::string; +using std::cout; +using std::setfill; +using std::setw; +using std::hex; +#include "crypto_scalarmult_curve25519.h" + +char bobsk_bytes[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +main() +{ + int i; + cout << setfill('0'); + string bobsk(bobsk_bytes,sizeof bobsk_bytes); + string bobpk = crypto_scalarmult_curve25519_base(bobsk); + for (i = 0;i < bobpk.size();++i) { + unsigned char c = bobpk[i]; + if (i > 0) cout << ","; else cout << " "; + cout << "0x" << hex << setw(2) << (unsigned int) c; + if (i % 8 == 7) cout << "\n"; + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult4.out b/src/libnacl/tests/scalarmult4.out new file mode 100644 index 00000000..b5391865 --- /dev/null +++ b/src/libnacl/tests/scalarmult4.out @@ -0,0 +1,4 @@ + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f diff --git a/src/libnacl/tests/scalarmult5.c b/src/libnacl/tests/scalarmult5.c new file mode 100644 index 00000000..14f8159d --- /dev/null +++ b/src/libnacl/tests/scalarmult5.c @@ -0,0 +1,30 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char alicesk[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +unsigned char bobpk[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +unsigned char k[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519(k,alicesk,bobpk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) k[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult5.out b/src/libnacl/tests/scalarmult5.out new file mode 100644 index 00000000..bec21130 --- /dev/null +++ b/src/libnacl/tests/scalarmult5.out @@ -0,0 +1,4 @@ + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 diff --git a/src/libnacl/tests/scalarmult6.c b/src/libnacl/tests/scalarmult6.c new file mode 100644 index 00000000..89bf9bdd --- /dev/null +++ b/src/libnacl/tests/scalarmult6.c @@ -0,0 +1,30 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char bobsk[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +unsigned char alicepk[32] = { + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a +} ; + +unsigned char k[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519(k,bobsk,alicepk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) k[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult6.out b/src/libnacl/tests/scalarmult6.out new file mode 100644 index 00000000..bec21130 --- /dev/null +++ b/src/libnacl/tests/scalarmult6.out @@ -0,0 +1,4 @@ + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 diff --git a/src/libnacl/tests/scalarmult7.cpp b/src/libnacl/tests/scalarmult7.cpp new file mode 100644 index 00000000..8382d747 --- /dev/null +++ b/src/libnacl/tests/scalarmult7.cpp @@ -0,0 +1,32 @@ +#include +using std::string; +#include +#include "crypto_scalarmult_curve25519.h" + +char alicesk_bytes[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +char bobpk_bytes[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +main() +{ + int i; + string alicesk(alicesk_bytes,sizeof alicesk_bytes); + string bobpk(bobpk_bytes,sizeof bobpk_bytes); + string k = crypto_scalarmult_curve25519(alicesk,bobpk); + for (i = 0;i < k.size();++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) (unsigned char) k[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult7.out b/src/libnacl/tests/scalarmult7.out new file mode 100644 index 00000000..bec21130 --- /dev/null +++ b/src/libnacl/tests/scalarmult7.out @@ -0,0 +1,4 @@ + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 diff --git a/src/libnacl/tests/secretbox.c b/src/libnacl/tests/secretbox.c new file mode 100644 index 00000000..773f5b62 --- /dev/null +++ b/src/libnacl/tests/secretbox.c @@ -0,0 +1,56 @@ +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 32 bytes to be 0 +unsigned char m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +unsigned char c[163]; + +main() +{ + int i; + crypto_secretbox_xsalsa20poly1305( + c,m,163,nonce,firstkey + ); + for (i = 16;i < 163;++i) { + printf(",0x%02x",(unsigned int) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/secretbox.out b/src/libnacl/tests/secretbox.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/secretbox.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/secretbox2.c b/src/libnacl/tests/secretbox2.c new file mode 100644 index 00000000..b6a2a937 --- /dev/null +++ b/src/libnacl/tests/secretbox2.c @@ -0,0 +1,57 @@ +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 16 bytes to be 0 +unsigned char c[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char m[163]; + +main() +{ + int i; + if (crypto_secretbox_xsalsa20poly1305_open( + m,c,163,nonce,firstkey + ) == 0) { + for (i = 32;i < 163;++i) { + printf(",0x%02x",(unsigned int) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/secretbox2.out b/src/libnacl/tests/secretbox2.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/secretbox2.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/secretbox3.cpp b/src/libnacl/tests/secretbox3.cpp new file mode 100644 index 00000000..39ca7c53 --- /dev/null +++ b/src/libnacl/tests/secretbox3.cpp @@ -0,0 +1,52 @@ +#include +using std::string; +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char m_bytes[131] = { + 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +main() +{ + int i; + string m(m_bytes,sizeof m_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string c = crypto_secretbox_xsalsa20poly1305(m,nonce,firstkey); + for (i = 0;i < c.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/secretbox3.out b/src/libnacl/tests/secretbox3.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/secretbox3.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/secretbox4.cpp b/src/libnacl/tests/secretbox4.cpp new file mode 100644 index 00000000..416e4d9e --- /dev/null +++ b/src/libnacl/tests/secretbox4.cpp @@ -0,0 +1,54 @@ +#include +using std::string; +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char c_bytes[147] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string c(c_bytes,sizeof c_bytes); + string m = crypto_secretbox_xsalsa20poly1305_open(c,nonce,firstkey); + for (i = 0;i < m.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/secretbox4.out b/src/libnacl/tests/secretbox4.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/secretbox4.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/secretbox5.cpp b/src/libnacl/tests/secretbox5.cpp new file mode 100644 index 00000000..e8cc0eeb --- /dev/null +++ b/src/libnacl/tests/secretbox5.cpp @@ -0,0 +1,29 @@ +#include +using std::string; +#include +#include "crypto_secretbox.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + unsigned char kbytes[crypto_secretbox_KEYBYTES]; + randombytes(kbytes,crypto_secretbox_KEYBYTES); + string k((char *) kbytes,crypto_secretbox_KEYBYTES); + unsigned char nbytes[crypto_secretbox_NONCEBYTES]; + randombytes(nbytes,crypto_secretbox_NONCEBYTES); + string n((char *) nbytes,crypto_secretbox_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_secretbox(m,n,k); + try { + string m2 = crypto_secretbox_open(c,n,k); + if (m != m2) printf("bad decryption\n"); + } catch(const char *s) { + printf("%s\n",s); + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox5.out b/src/libnacl/tests/secretbox5.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/secretbox6.cpp b/src/libnacl/tests/secretbox6.cpp new file mode 100644 index 00000000..e8274006 --- /dev/null +++ b/src/libnacl/tests/secretbox6.cpp @@ -0,0 +1,42 @@ +#include +using std::string; +#include +#include +#include "crypto_secretbox.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + unsigned char kbytes[crypto_secretbox_KEYBYTES]; + randombytes(kbytes,crypto_secretbox_KEYBYTES); + string k((char *) kbytes,crypto_secretbox_KEYBYTES); + unsigned char nbytes[crypto_secretbox_NONCEBYTES]; + randombytes(nbytes,crypto_secretbox_NONCEBYTES); + string n((char *) nbytes,crypto_secretbox_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_secretbox(m,n,k); + int caught = 0; + while (caught < 10) { + c.replace(random() % c.size(),1,1,random()); + try { + string m2 = crypto_secretbox_open(c,n,k); + if (m != m2) { + printf("forgery\n"); + return 100; + } + } catch(const char *s) { + if (string(s) == string("ciphertext fails verification")) + ++caught; + else { + printf("%s\n",s); + return 111; + } + } + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox6.out b/src/libnacl/tests/secretbox6.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/secretbox7.c b/src/libnacl/tests/secretbox7.c new file mode 100644 index 00000000..d4be9b49 --- /dev/null +++ b/src/libnacl/tests/secretbox7.c @@ -0,0 +1,32 @@ +#include +#include "crypto_secretbox.h" +#include "randombytes.h" + +unsigned char k[crypto_secretbox_KEYBYTES]; +unsigned char n[crypto_secretbox_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + + for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) { + randombytes(k,crypto_secretbox_KEYBYTES); + randombytes(n,crypto_secretbox_NONCEBYTES); + randombytes(m + crypto_secretbox_ZEROBYTES,mlen); + crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); + if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) { + for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("bad decryption\n"); + break; + } + } else { + printf("ciphertext fails verification\n"); + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox7.out b/src/libnacl/tests/secretbox7.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/secretbox8.c b/src/libnacl/tests/secretbox8.c new file mode 100644 index 00000000..3e0e8f80 --- /dev/null +++ b/src/libnacl/tests/secretbox8.c @@ -0,0 +1,39 @@ +#include +#include +#include "crypto_secretbox.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char k[crypto_secretbox_KEYBYTES]; +unsigned char n[crypto_secretbox_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + int caught; + + for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) { + randombytes(k,crypto_secretbox_KEYBYTES); + randombytes(n,crypto_secretbox_NONCEBYTES); + randombytes(m + crypto_secretbox_ZEROBYTES,mlen); + crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); + caught = 0; + while (caught < 10) { + c[random() % (mlen + crypto_secretbox_ZEROBYTES)] = random(); + if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) { + for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("forgery\n"); + return 100; + } + } else { + ++caught; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox8.out b/src/libnacl/tests/secretbox8.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/stream.c b/src/libnacl/tests/stream.c new file mode 100644 index 00000000..ebb39398 --- /dev/null +++ b/src/libnacl/tests/stream.c @@ -0,0 +1,29 @@ +#include +#include "crypto_stream_xsalsa20.h" +#include "crypto_hash_sha256.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char output[4194304]; + +unsigned char h[32]; + +main() +{ + int i; + crypto_stream_xsalsa20(output,4194304,nonce,firstkey); + crypto_hash_sha256(h,output,sizeof output); + for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream.out b/src/libnacl/tests/stream.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream2.c b/src/libnacl/tests/stream2.c new file mode 100644 index 00000000..12f13de4 --- /dev/null +++ b/src/libnacl/tests/stream2.c @@ -0,0 +1,27 @@ +#include +#include "crypto_stream_salsa20.h" +#include "crypto_hash_sha256.h" + +unsigned char secondkey[32] = { + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 +} ; + +unsigned char noncesuffix[8] = { + 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char output[4194304]; + +unsigned char h[32]; + +main() +{ + int i; + crypto_stream_salsa20(output,4194304,noncesuffix,secondkey); + crypto_hash_sha256(h,output,sizeof output); + for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream2.out b/src/libnacl/tests/stream2.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream2.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream3.c b/src/libnacl/tests/stream3.c new file mode 100644 index 00000000..7798dc18 --- /dev/null +++ b/src/libnacl/tests/stream3.c @@ -0,0 +1,28 @@ +#include +#include "crypto_stream_xsalsa20.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char rs[32]; + +main() +{ + int i; + crypto_stream_xsalsa20(rs,32,nonce,firstkey); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) rs[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/stream3.out b/src/libnacl/tests/stream3.out new file mode 100644 index 00000000..9cd78798 --- /dev/null +++ b/src/libnacl/tests/stream3.out @@ -0,0 +1,4 @@ +,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 diff --git a/src/libnacl/tests/stream4.c b/src/libnacl/tests/stream4.c new file mode 100644 index 00000000..84d8c523 --- /dev/null +++ b/src/libnacl/tests/stream4.c @@ -0,0 +1,53 @@ +#include +#include "crypto_stream_xsalsa20.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +unsigned char c[163]; + +main() +{ + int i; + crypto_stream_xsalsa20_xor(c,m,163,nonce,firstkey); + for (i = 32;i < 163;++i) { + printf(",0x%02x",(unsigned int) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream4.out b/src/libnacl/tests/stream4.out new file mode 100644 index 00000000..0d3d8e94 --- /dev/null +++ b/src/libnacl/tests/stream4.out @@ -0,0 +1,17 @@ +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/stream5.cpp b/src/libnacl/tests/stream5.cpp new file mode 100644 index 00000000..66f3839b --- /dev/null +++ b/src/libnacl/tests/stream5.cpp @@ -0,0 +1,29 @@ +#include +using std::string; +#include +#include "crypto_stream_xsalsa20.h" +#include "crypto_hash_sha256.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string output = crypto_stream_xsalsa20(4194304,nonce,firstkey); + string h = crypto_hash_sha256(output); + for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream5.out b/src/libnacl/tests/stream5.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream5.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream6.cpp b/src/libnacl/tests/stream6.cpp new file mode 100644 index 00000000..d9ed61f7 --- /dev/null +++ b/src/libnacl/tests/stream6.cpp @@ -0,0 +1,27 @@ +#include +using std::string; +#include +#include "crypto_stream_salsa20.h" +#include "crypto_hash_sha256.h" + +char secondkey_bytes[32] = { + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 +} ; + +char noncesuffix_bytes[8] = { + 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +main() +{ + int i; + string secondkey(secondkey_bytes,sizeof secondkey_bytes); + string noncesuffix(noncesuffix_bytes,sizeof noncesuffix_bytes); + string output = crypto_stream_salsa20(4194304,noncesuffix,secondkey); + string h = crypto_hash_sha256(output); + for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream6.out b/src/libnacl/tests/stream6.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream6.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream7.cpp b/src/libnacl/tests/stream7.cpp new file mode 100644 index 00000000..d2f106e5 --- /dev/null +++ b/src/libnacl/tests/stream7.cpp @@ -0,0 +1,30 @@ +#include +using std::string; +#include +#include "crypto_stream_xsalsa20.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string rs = crypto_stream_xsalsa20(32,nonce,firstkey); + for (i = 0;i < rs.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) rs[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/stream7.out b/src/libnacl/tests/stream7.out new file mode 100644 index 00000000..9cd78798 --- /dev/null +++ b/src/libnacl/tests/stream7.out @@ -0,0 +1,4 @@ +,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 diff --git a/src/libnacl/tests/stream8.cpp b/src/libnacl/tests/stream8.cpp new file mode 100644 index 00000000..ea95d68f --- /dev/null +++ b/src/libnacl/tests/stream8.cpp @@ -0,0 +1,56 @@ +#include +using std::string; +#include +#include "crypto_stream_xsalsa20.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char m_bytes[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string m(m_bytes,sizeof m_bytes); + string c = crypto_stream_xsalsa20_xor(m,nonce,firstkey); + for (i = 32;i < c.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream8.out b/src/libnacl/tests/stream8.out new file mode 100644 index 00000000..0d3d8e94 --- /dev/null +++ b/src/libnacl/tests/stream8.out @@ -0,0 +1,17 @@ +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/try-anything.c b/src/libnacl/try-anything.c new file mode 100644 index 00000000..aa6a2851 --- /dev/null +++ b/src/libnacl/try-anything.c @@ -0,0 +1,177 @@ +/* + * try-anything.c version 20090215 + * D. J. Bernstein + * Public domain. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +#endif +#include "cpucycles.h" +#include "windows/windows-quirks.h" + +typedef uint32_t uint32; + +static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ; +static uint32 in[12]; +static uint32 out[8]; +static int outleft = 0; + +#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) +#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); + +static void surf(void) +{ + uint32 t[12]; uint32 x; uint32 sum = 0; + int r; int i; int loop; + + for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; + for (i = 0;i < 8;++i) out[i] = seed[24 + i]; + x = t[11]; + for (loop = 0;loop < 2;++loop) { + for (r = 0;r < 16;++r) { + sum += 0x9e3779b9; + MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) + MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) + MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) + } + for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; + } +} + +void randombytes(unsigned char *x,unsigned long long xlen) +{ + while (xlen > 0) { + if (!outleft) { + if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; + surf(); + outleft = 8; + } + *x = out[--outleft]; + ++x; + --xlen; + } +} + +extern void preallocate(void); +extern void allocate(void); +extern void predoit(void); +extern void doit(void); +extern char checksum[]; +extern const char *checksum_compute(void); +extern const char *primitiveimplementation; + +static void printword(const char *s) +{ + if (!*s) putchar('-'); + while (*s) { + if (*s == ' ') putchar('_'); + else if (*s == '\t') putchar('_'); + else if (*s == '\r') putchar('_'); + else if (*s == '\n') putchar('_'); + else putchar(*s); + ++s; + } + putchar(' '); +} + +static void printnum(long long x) +{ + printf("%lld ",x); +} + +static void fail(const char *why) +{ + printf("%s\n",why); + exit(111); +} + +unsigned char *alignedcalloc(unsigned long long len) +{ + unsigned char *x = (unsigned char *) calloc(1,len + 256); + long long i; + if (!x) fail("out of memory"); + /* will never deallocate so shifting is ok */ + for (i = 0;i < len + 256;++i) x[i] = random(); + x += 64; + x += 63 & (-(unsigned long) x); + for (i = 0;i < len;++i) x[i] = 0; + return x; +} + +#define TIMINGS 63 +static long long cycles[TIMINGS + 1]; + +void limits() +{ +#ifdef RLIM_INFINITY + struct rlimit r; + r.rlim_cur = 0; + r.rlim_max = 0; +#ifdef RLIMIT_NOFILE + setrlimit(RLIMIT_NOFILE,&r); +#endif +#ifdef RLIMIT_NPROC + setrlimit(RLIMIT_NPROC,&r); +#endif +#ifdef RLIMIT_CORE + setrlimit(RLIMIT_CORE,&r); +#endif +#endif +} + +int main() +{ + long long i; + long long j; + long long abovej; + long long belowj; + long long checksumcycles; + long long cyclespersecond; + const char *problem; + + cyclespersecond = cpucycles_persecond(); + preallocate(); + limits(); + + allocate(); + srandom(getpid()); + + cycles[0] = cpucycles(); + problem = checksum_compute(); if (problem) fail(problem); + cycles[1] = cpucycles(); + checksumcycles = cycles[1] - cycles[0]; + + predoit(); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + } + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + doit(); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + for (j = 0;j < TIMINGS;++j) { + belowj = 0; + for (i = 0;i < TIMINGS;++i) if (cycles[i] < cycles[j]) ++belowj; + abovej = 0; + for (i = 0;i < TIMINGS;++i) if (cycles[i] > cycles[j]) ++abovej; + if (belowj * 2 < TIMINGS && abovej * 2 < TIMINGS) break; + } + + printword(checksum); + printnum(cycles[j]); + printnum(checksumcycles); + printnum(cyclespersecond); + printword(primitiveimplementation); + printf("\n"); + return 0; +} diff --git a/src/libnacl/version b/src/libnacl/version new file mode 100644 index 00000000..97840598 --- /dev/null +++ b/src/libnacl/version @@ -0,0 +1 @@ +20110221 diff --git a/src/libnacl/windows/include/windows-quirks.h b/src/libnacl/windows/include/windows-quirks.h new file mode 100644 index 00000000..11d82bf9 --- /dev/null +++ b/src/libnacl/windows/include/windows-quirks.h @@ -0,0 +1,18 @@ + +#include + +#ifdef _WIN32 + +static void +srandom(unsigned seed) +{ + srand(seed); +} + +static long +random(void) +{ + return (long) rand(); +} + +#endif