From 95b9c37cc5c266080eba0dceb9e2574ffbf9ddd1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 19 Jan 2013 16:02:02 -0800 Subject: [PATCH] Import libnacl from dnscrypt-proxy --- AUTHORS | 0 COPYING | 1 + ChangeLog | 0 NEWS | 0 README | 1 + README.markdown | 0 autogen.sh | 11 + configure.ac | 204 +++ m4/ax_check_compile_flag.m4 | 73 + m4/ax_check_gnu_make.m4 | 78 + m4/ax_check_link_flag.m4 | 72 + m4/ax_pthread.m4 | 302 +++ src/Makefile.am | 3 + src/libnacl/MACROS | 56 + src/libnacl/OPERATIONS | 11 + src/libnacl/PROTOTYPES.c | 26 + src/libnacl/PROTOTYPES.cpp | 17 + src/libnacl/commandline/nacl-sha256.c | 64 + src/libnacl/commandline/nacl-sha512.c | 64 + src/libnacl/cpucycles/alpha.c | 80 + src/libnacl/cpucycles/alpha.h | 27 + src/libnacl/cpucycles/amd64cpuinfo.c | 16 + src/libnacl/cpucycles/amd64cpuinfo.h | 27 + src/libnacl/cpucycles/amd64cpuspeed.c | 25 + src/libnacl/cpucycles/amd64cpuspeed.h | 27 + src/libnacl/cpucycles/amd64tscfreq.c | 18 + src/libnacl/cpucycles/amd64tscfreq.h | 27 + src/libnacl/cpucycles/celllinux.c | 83 + src/libnacl/cpucycles/celllinux.h | 27 + src/libnacl/cpucycles/cortex.c | 73 + src/libnacl/cpucycles/cortex.h | 27 + src/libnacl/cpucycles/dev4ns.c | 62 + src/libnacl/cpucycles/dev4ns.h | 27 + src/libnacl/cpucycles/do | 44 + src/libnacl/cpucycles/gettimeofday.c | 32 + src/libnacl/cpucycles/gettimeofday.h | 27 + src/libnacl/cpucycles/hppapstat.c | 26 + src/libnacl/cpucycles/hppapstat.h | 27 + src/libnacl/cpucycles/ia64cpuinfo.c | 15 + src/libnacl/cpucycles/ia64cpuinfo.h | 27 + src/libnacl/cpucycles/mips.c | 65 + src/libnacl/cpucycles/mips.h | 27 + src/libnacl/cpucycles/monotonic.c | 35 + src/libnacl/cpucycles/monotonic.h | 27 + src/libnacl/cpucycles/monotoniccpuinfo.c | 34 + src/libnacl/cpucycles/monotoniccpuinfo.h | 27 + src/libnacl/cpucycles/osfreq.c | 65 + src/libnacl/cpucycles/powerpccpuinfo.c | 95 + src/libnacl/cpucycles/powerpccpuinfo.h | 27 + src/libnacl/cpucycles/powerpcmacos.c | 43 + src/libnacl/cpucycles/powerpcmacos.h | 27 + src/libnacl/cpucycles/sgi.c | 39 + src/libnacl/cpucycles/sgi.h | 27 + src/libnacl/cpucycles/sparc32cpuinfo.c | 16 + src/libnacl/cpucycles/sparc32cpuinfo.h | 27 + src/libnacl/cpucycles/sparccpuinfo.c | 15 + src/libnacl/cpucycles/sparccpuinfo.h | 27 + src/libnacl/cpucycles/test.c | 27 + src/libnacl/cpucycles/x86cpuinfo.c | 15 + src/libnacl/cpucycles/x86cpuinfo.h | 27 + src/libnacl/cpucycles/x86cpuspeed.c | 24 + src/libnacl/cpucycles/x86cpuspeed.h | 27 + src/libnacl/cpucycles/x86estimate.c | 60 + src/libnacl/cpucycles/x86estimate.h | 27 + src/libnacl/cpucycles/x86tscfreq.c | 18 + src/libnacl/cpucycles/x86tscfreq.h | 27 + src/libnacl/cpuid/cbytes.c | 16 + src/libnacl/cpuid/cpuid.c | 41 + src/libnacl/cpuid/do | 37 + src/libnacl/cpuid/unknown.c | 7 + src/libnacl/cpuid/x86.c | 41 + src/libnacl/crypto_auth/hmacsha256/checksum | 1 + src/libnacl/crypto_auth/hmacsha256/ref/api.h | 2 + src/libnacl/crypto_auth/hmacsha256/ref/hmac.c | 83 + .../crypto_auth/hmacsha256/ref/verify.c | 9 + src/libnacl/crypto_auth/hmacsha256/used | 0 .../crypto_auth/hmacsha512256/checksum | 1 + .../crypto_auth/hmacsha512256/ref/api.h | 2 + .../crypto_auth/hmacsha512256/ref/hmac.c | 86 + .../crypto_auth/hmacsha512256/ref/verify.c | 9 + .../crypto_auth/hmacsha512256/selected | 0 src/libnacl/crypto_auth/hmacsha512256/used | 0 src/libnacl/crypto_auth/measure.c | 69 + src/libnacl/crypto_auth/try.c | 121 ++ src/libnacl/crypto_auth/wrapper-auth.cpp | 11 + src/libnacl/crypto_auth/wrapper-verify.cpp | 14 + .../curve25519xsalsa20poly1305/checksum | 1 + .../curve25519xsalsa20poly1305/ref/after.c | 22 + .../curve25519xsalsa20poly1305/ref/api.h | 6 + .../curve25519xsalsa20poly1305/ref/before.c | 17 + .../curve25519xsalsa20poly1305/ref/box.c | 27 + .../curve25519xsalsa20poly1305/ref/keypair.c | 12 + .../curve25519xsalsa20poly1305/selected | 0 .../curve25519xsalsa20poly1305/used | 0 src/libnacl/crypto_box/measure.c | 137 ++ src/libnacl/crypto_box/try.c | 197 ++ src/libnacl/crypto_box/wrapper-box.cpp | 24 + src/libnacl/crypto_box/wrapper-keypair.cpp | 12 + src/libnacl/crypto_box/wrapper-open.cpp | 27 + src/libnacl/crypto_core/hsalsa20/checksum | 1 + src/libnacl/crypto_core/hsalsa20/ref/api.h | 4 + src/libnacl/crypto_core/hsalsa20/ref/core.c | 135 ++ .../crypto_core/hsalsa20/ref/implementors | 1 + src/libnacl/crypto_core/hsalsa20/ref2/api.h | 4 + src/libnacl/crypto_core/hsalsa20/ref2/core.c | 108 ++ .../crypto_core/hsalsa20/ref2/implementors | 1 + src/libnacl/crypto_core/hsalsa20/used | 0 src/libnacl/crypto_core/measure.c | 18 + src/libnacl/crypto_core/salsa20/checksum | 1 + src/libnacl/crypto_core/salsa20/ref/api.h | 4 + src/libnacl/crypto_core/salsa20/ref/core.c | 134 ++ .../crypto_core/salsa20/ref/implementors | 1 + src/libnacl/crypto_core/salsa20/used | 0 src/libnacl/crypto_core/salsa2012/checksum | 1 + src/libnacl/crypto_core/salsa2012/ref/api.h | 4 + src/libnacl/crypto_core/salsa2012/ref/core.c | 134 ++ .../crypto_core/salsa2012/ref/implementors | 1 + src/libnacl/crypto_core/salsa2012/used | 0 src/libnacl/crypto_core/salsa208/checksum | 1 + src/libnacl/crypto_core/salsa208/ref/api.h | 4 + src/libnacl/crypto_core/salsa208/ref/core.c | 134 ++ .../crypto_core/salsa208/ref/implementors | 1 + src/libnacl/crypto_core/salsa208/used | 0 src/libnacl/crypto_core/try.c | 117 ++ src/libnacl/crypto_core/wrapper-empty.cpp | 0 src/libnacl/crypto_hash/measure.c | 66 + src/libnacl/crypto_hash/sha256/checksum | 1 + src/libnacl/crypto_hash/sha256/ref/api.h | 1 + src/libnacl/crypto_hash/sha256/ref/hash.c | 69 + .../crypto_hash/sha256/ref/implementors | 1 + src/libnacl/crypto_hash/sha256/used | 0 src/libnacl/crypto_hash/sha512/checksum | 1 + src/libnacl/crypto_hash/sha512/ref/api.h | 1 + src/libnacl/crypto_hash/sha512/ref/hash.c | 71 + .../crypto_hash/sha512/ref/implementors | 1 + src/libnacl/crypto_hash/sha512/selected | 0 src/libnacl/crypto_hash/sha512/used | 0 src/libnacl/crypto_hash/try.c | 78 + src/libnacl/crypto_hash/wrapper-hash.cpp | 10 + src/libnacl/crypto_hashblocks/measure.c | 18 + src/libnacl/crypto_hashblocks/sha256/checksum | 1 + .../crypto_hashblocks/sha256/inplace/api.h | 2 + .../crypto_hashblocks/sha256/inplace/blocks.c | 228 +++ .../sha256/inplace/implementors | 1 + .../crypto_hashblocks/sha256/ref/api.h | 2 + .../crypto_hashblocks/sha256/ref/blocks.c | 212 +++ .../crypto_hashblocks/sha256/ref/implementors | 1 + src/libnacl/crypto_hashblocks/sha256/used | 0 src/libnacl/crypto_hashblocks/sha512/checksum | 1 + .../crypto_hashblocks/sha512/inplace/api.h | 2 + .../crypto_hashblocks/sha512/inplace/blocks.c | 256 +++ .../sha512/inplace/implementors | 1 + .../crypto_hashblocks/sha512/ref/api.h | 2 + .../crypto_hashblocks/sha512/ref/blocks.c | 239 +++ .../crypto_hashblocks/sha512/ref/implementors | 1 + src/libnacl/crypto_hashblocks/sha512/selected | 0 src/libnacl/crypto_hashblocks/sha512/used | 0 src/libnacl/crypto_hashblocks/try.c | 80 + .../crypto_hashblocks/wrapper-empty.cpp | 0 src/libnacl/crypto_onetimeauth/measure.c | 69 + .../crypto_onetimeauth/poly1305/53/api.h | 2 + .../crypto_onetimeauth/poly1305/53/auth.c | 1616 +++++++++++++++++ .../crypto_onetimeauth/poly1305/53/verify.c | 9 + .../crypto_onetimeauth/poly1305/amd64/api.h | 2 + .../poly1305/amd64/verify.c | 9 + .../crypto_onetimeauth/poly1305/checksum | 1 + .../crypto_onetimeauth/poly1305/ref/api.h | 2 + .../crypto_onetimeauth/poly1305/ref/auth.c | 104 ++ .../crypto_onetimeauth/poly1305/ref/verify.c | 9 + .../crypto_onetimeauth/poly1305/selected | 0 src/libnacl/crypto_onetimeauth/poly1305/used | 0 .../crypto_onetimeauth/poly1305/x86/api.h | 2 + .../crypto_onetimeauth/poly1305/x86/verify.c | 9 + src/libnacl/crypto_onetimeauth/try.c | 121 ++ .../crypto_onetimeauth/wrapper-auth.cpp | 11 + .../crypto_onetimeauth/wrapper-verify.cpp | 14 + .../crypto_scalarmult/curve25519/checksum | 1 + .../curve25519/donna_c64/api.h | 2 + .../curve25519/donna_c64/base.c | 8 + .../curve25519/donna_c64/implementors | 1 + .../curve25519/donna_c64/smult.c | 477 +++++ .../crypto_scalarmult/curve25519/ref/api.h | 2 + .../crypto_scalarmult/curve25519/ref/base.c | 16 + .../curve25519/ref/implementors | 1 + .../crypto_scalarmult/curve25519/ref/smult.c | 265 +++ src/libnacl/crypto_scalarmult/curve25519/used | 0 src/libnacl/crypto_scalarmult/measure.c | 61 + src/libnacl/crypto_scalarmult/try.c | 127 ++ .../crypto_scalarmult/wrapper-base.cpp | 11 + .../crypto_scalarmult/wrapper-mult.cpp | 12 + src/libnacl/crypto_secretbox/measure.c | 75 + src/libnacl/crypto_secretbox/try.c | 131 ++ src/libnacl/crypto_secretbox/wrapper-box.cpp | 19 + src/libnacl/crypto_secretbox/wrapper-open.cpp | 22 + .../xsalsa20poly1305/checksum | 1 + .../xsalsa20poly1305/ref/api.h | 4 + .../xsalsa20poly1305/ref/box.c | 35 + .../xsalsa20poly1305/selected | 0 .../crypto_secretbox/xsalsa20poly1305/used | 0 src/libnacl/crypto_sign/ed25519/description | 1 + src/libnacl/crypto_sign/ed25519/designers | 5 + src/libnacl/crypto_sign/ed25519/ref/api.h | 4 + src/libnacl/crypto_sign/ed25519/ref/ed25519.c | 136 ++ src/libnacl/crypto_sign/ed25519/ref/fe25519.c | 326 ++++ src/libnacl/crypto_sign/ed25519/ref/fe25519.h | 62 + src/libnacl/crypto_sign/ed25519/ref/ge25519.c | 310 ++++ src/libnacl/crypto_sign/ed25519/ref/ge25519.h | 35 + .../crypto_sign/ed25519/ref/ge25519_base.data | 850 +++++++++ .../crypto_sign/ed25519/ref/implementors | 5 + src/libnacl/crypto_sign/ed25519/ref/sc25519.c | 298 +++ src/libnacl/crypto_sign/ed25519/ref/sc25519.h | 72 + src/libnacl/crypto_sign/ed25519/selected | 0 src/libnacl/crypto_sign/ed25519/used | 0 .../edwards25519sha512batch/ref/api.h | 3 + .../edwards25519sha512batch/ref/fe25519.c | 345 ++++ .../edwards25519sha512batch/ref/fe25519.h | 54 + .../edwards25519sha512batch/ref/ge25519.c | 227 +++ .../edwards25519sha512batch/ref/ge25519.h | 34 + .../edwards25519sha512batch/ref/sc25519.c | 146 ++ .../edwards25519sha512batch/ref/sc25519.h | 51 + .../edwards25519sha512batch/ref/sign.c | 103 ++ .../edwards25519sha512batch/selected | 0 .../crypto_sign/edwards25519sha512batch/used | 0 src/libnacl/crypto_sign/measure.c | 83 + src/libnacl/crypto_sign/try.c | 87 + src/libnacl/crypto_sign/wrapper-keypair.cpp | 12 + src/libnacl/crypto_sign/wrapper-sign-open.cpp | 24 + src/libnacl/crypto_sign/wrapper-sign.cpp | 22 + src/libnacl/crypto_stream/aes128ctr/checksum | 1 + .../aes128ctr/portable/afternm.c | 158 ++ .../crypto_stream/aes128ctr/portable/api.h | 3 + .../aes128ctr/portable/beforenm.c | 59 + .../crypto_stream/aes128ctr/portable/common.c | 64 + .../crypto_stream/aes128ctr/portable/common.h | 788 ++++++++ .../crypto_stream/aes128ctr/portable/consts.c | 14 + .../crypto_stream/aes128ctr/portable/consts.h | 28 + .../crypto_stream/aes128ctr/portable/int128.c | 128 ++ .../crypto_stream/aes128ctr/portable/int128.h | 47 + .../crypto_stream/aes128ctr/portable/stream.c | 28 + .../crypto_stream/aes128ctr/portable/types.h | 10 + .../aes128ctr/portable/xor_afternm.c | 180 ++ src/libnacl/crypto_stream/aes128ctr/used | 0 src/libnacl/crypto_stream/measure.c | 73 + src/libnacl/crypto_stream/salsa20/checksum | 1 + src/libnacl/crypto_stream/salsa20/ref/api.h | 2 + .../crypto_stream/salsa20/ref/implementors | 1 + .../crypto_stream/salsa20/ref/stream.c | 49 + src/libnacl/crypto_stream/salsa20/ref/xor.c | 52 + src/libnacl/crypto_stream/salsa20/used | 0 src/libnacl/crypto_stream/salsa2012/checksum | 1 + src/libnacl/crypto_stream/salsa2012/ref/api.h | 2 + .../crypto_stream/salsa2012/ref/implementors | 1 + .../crypto_stream/salsa2012/ref/stream.c | 49 + src/libnacl/crypto_stream/salsa2012/ref/xor.c | 52 + src/libnacl/crypto_stream/salsa2012/used | 0 src/libnacl/crypto_stream/salsa208/checksum | 1 + src/libnacl/crypto_stream/salsa208/ref/api.h | 2 + .../crypto_stream/salsa208/ref/implementors | 1 + .../crypto_stream/salsa208/ref/stream.c | 49 + src/libnacl/crypto_stream/salsa208/ref/xor.c | 52 + src/libnacl/crypto_stream/salsa208/used | 0 src/libnacl/crypto_stream/try.c | 125 ++ src/libnacl/crypto_stream/wrapper-stream.cpp | 12 + src/libnacl/crypto_stream/wrapper-xor.cpp | 17 + src/libnacl/crypto_stream/xsalsa20/checksum | 1 + src/libnacl/crypto_stream/xsalsa20/ref/api.h | 2 + .../crypto_stream/xsalsa20/ref/implementors | 1 + .../crypto_stream/xsalsa20/ref/stream.c | 22 + src/libnacl/crypto_stream/xsalsa20/ref/xor.c | 23 + src/libnacl/crypto_stream/xsalsa20/selected | 0 src/libnacl/crypto_stream/xsalsa20/used | 0 src/libnacl/crypto_verify/16/checksum | 1 + src/libnacl/crypto_verify/16/ref/api.h | 1 + src/libnacl/crypto_verify/16/ref/verify.c | 24 + src/libnacl/crypto_verify/16/used | 0 src/libnacl/crypto_verify/32/checksum | 1 + src/libnacl/crypto_verify/32/ref/api.h | 1 + src/libnacl/crypto_verify/32/ref/verify.c | 40 + src/libnacl/crypto_verify/32/used | 0 src/libnacl/crypto_verify/measure.c | 18 + src/libnacl/crypto_verify/try.c | 76 + src/libnacl/crypto_verify/wrapper-empty.cpp | 0 src/libnacl/dist-dirs | 74 + src/libnacl/dist-files | 422 +++++ src/libnacl/do | 309 ++++ src/libnacl/inttypes/crypto_int16.c | 3 + src/libnacl/inttypes/crypto_int32.c | 3 + src/libnacl/inttypes/crypto_int64.c | 3 + src/libnacl/inttypes/crypto_int8.c | 3 + src/libnacl/inttypes/crypto_uint16.c | 3 + src/libnacl/inttypes/crypto_uint32.c | 3 + src/libnacl/inttypes/crypto_uint64.c | 3 + src/libnacl/inttypes/crypto_uint8.c | 3 + src/libnacl/inttypes/do | 42 + src/libnacl/inttypes/signed.h | 17 + src/libnacl/inttypes/unsigned.h | 17 + src/libnacl/measure-anything.c | 227 +++ src/libnacl/okcompilers/abiname.c | 45 + src/libnacl/okcompilers/abinames | 0 src/libnacl/okcompilers/archivers | 2 + src/libnacl/okcompilers/c.in | 1 + src/libnacl/okcompilers/do.in | 26 + src/libnacl/okcompilers/lib.c | 29 + src/libnacl/okcompilers/lib.cpp | 19 + src/libnacl/okcompilers/main.c | 25 + src/libnacl/okcompilers/main.cpp | 22 + src/libnacl/okcompilers/test-okar | 4 + src/libnacl/okcompilers/test-okc | 4 + src/libnacl/okcompilers/test-okc2 | 4 + src/libnacl/okcompilers/test-okclink | 4 + src/libnacl/okcompilers/test.c | 54 + src/libnacl/okcompilers/test10.c | 29 + src/libnacl/okcompilers/test5.c | 25 + src/libnacl/okcompilers/test5.cpp | 22 + src/libnacl/okcompilers/test6.c | 29 + src/libnacl/okcompilers/test9.c | 25 + src/libnacl/randombytes/devurandom.c | 46 + src/libnacl/randombytes/devurandom.h | 24 + src/libnacl/randombytes/do | 43 + src/libnacl/randombytes/test.c | 15 + src/libnacl/tests/auth.c | 19 + src/libnacl/tests/auth.out | 4 + src/libnacl/tests/auth2.c | 34 + src/libnacl/tests/auth2.out | 4 + src/libnacl/tests/auth3.c | 34 + src/libnacl/tests/auth3.out | 1 + src/libnacl/tests/auth4.cpp | 44 + src/libnacl/tests/auth4.out | 1 + src/libnacl/tests/auth5.c | 37 + src/libnacl/tests/auth5.out | 0 src/libnacl/tests/auth6.cpp | 46 + src/libnacl/tests/auth6.out | 0 src/libnacl/tests/box.c | 63 + src/libnacl/tests/box.out | 19 + src/libnacl/tests/box2.c | 64 + src/libnacl/tests/box2.out | 17 + src/libnacl/tests/box3.cpp | 60 + src/libnacl/tests/box3.out | 19 + src/libnacl/tests/box4.cpp | 66 + src/libnacl/tests/box4.out | 17 + src/libnacl/tests/box5.cpp | 30 + src/libnacl/tests/box5.out | 0 src/libnacl/tests/box6.cpp | 43 + src/libnacl/tests/box6.out | 0 src/libnacl/tests/box7.c | 36 + src/libnacl/tests/box7.out | 0 src/libnacl/tests/box8.c | 43 + src/libnacl/tests/box8.out | 0 src/libnacl/tests/core1.c | 30 + src/libnacl/tests/core1.out | 4 + src/libnacl/tests/core2.c | 33 + src/libnacl/tests/core2.out | 4 + src/libnacl/tests/core3.c | 41 + src/libnacl/tests/core3.out | 1 + src/libnacl/tests/core4.c | 33 + src/libnacl/tests/core4.out | 8 + src/libnacl/tests/core5.c | 32 + src/libnacl/tests/core5.out | 4 + src/libnacl/tests/core6.c | 47 + src/libnacl/tests/core6.out | 4 + src/libnacl/tests/hash.c | 14 + src/libnacl/tests/hash.out | 1 + src/libnacl/tests/hash2.cpp | 18 + src/libnacl/tests/hash2.out | 1 + src/libnacl/tests/hash3.c | 14 + src/libnacl/tests/hash3.out | 1 + src/libnacl/tests/hash4.cpp | 18 + src/libnacl/tests/hash4.out | 1 + src/libnacl/tests/onetimeauth.c | 42 + src/libnacl/tests/onetimeauth.out | 2 + src/libnacl/tests/onetimeauth2.c | 40 + src/libnacl/tests/onetimeauth2.out | 1 + src/libnacl/tests/onetimeauth5.cpp | 46 + src/libnacl/tests/onetimeauth5.out | 2 + src/libnacl/tests/onetimeauth6.cpp | 50 + src/libnacl/tests/onetimeauth6.out | 1 + src/libnacl/tests/onetimeauth7.c | 37 + src/libnacl/tests/onetimeauth7.out | 0 src/libnacl/tests/onetimeauth8.cpp | 46 + src/libnacl/tests/onetimeauth8.out | 0 src/libnacl/tests/scalarmult.c | 23 + src/libnacl/tests/scalarmult.out | 4 + src/libnacl/tests/scalarmult2.c | 23 + src/libnacl/tests/scalarmult2.out | 4 + src/libnacl/tests/scalarmult3.cpp | 31 + src/libnacl/tests/scalarmult3.out | 4 + src/libnacl/tests/scalarmult4.cpp | 31 + src/libnacl/tests/scalarmult4.out | 4 + src/libnacl/tests/scalarmult5.c | 30 + src/libnacl/tests/scalarmult5.out | 4 + src/libnacl/tests/scalarmult6.c | 30 + src/libnacl/tests/scalarmult6.out | 4 + src/libnacl/tests/scalarmult7.cpp | 32 + src/libnacl/tests/scalarmult7.out | 4 + src/libnacl/tests/secretbox.c | 56 + src/libnacl/tests/secretbox.out | 19 + src/libnacl/tests/secretbox2.c | 57 + src/libnacl/tests/secretbox2.out | 17 + src/libnacl/tests/secretbox3.cpp | 52 + src/libnacl/tests/secretbox3.out | 19 + src/libnacl/tests/secretbox4.cpp | 54 + src/libnacl/tests/secretbox4.out | 17 + src/libnacl/tests/secretbox5.cpp | 29 + src/libnacl/tests/secretbox5.out | 0 src/libnacl/tests/secretbox6.cpp | 42 + src/libnacl/tests/secretbox6.out | 0 src/libnacl/tests/secretbox7.c | 32 + src/libnacl/tests/secretbox7.out | 0 src/libnacl/tests/secretbox8.c | 39 + src/libnacl/tests/secretbox8.out | 0 src/libnacl/tests/stream.c | 29 + src/libnacl/tests/stream.out | 1 + src/libnacl/tests/stream2.c | 27 + src/libnacl/tests/stream2.out | 1 + src/libnacl/tests/stream3.c | 28 + src/libnacl/tests/stream3.out | 4 + src/libnacl/tests/stream4.c | 53 + src/libnacl/tests/stream4.out | 17 + src/libnacl/tests/stream5.cpp | 29 + src/libnacl/tests/stream5.out | 1 + src/libnacl/tests/stream6.cpp | 27 + src/libnacl/tests/stream6.out | 1 + src/libnacl/tests/stream7.cpp | 30 + src/libnacl/tests/stream7.out | 4 + src/libnacl/tests/stream8.cpp | 56 + src/libnacl/tests/stream8.out | 17 + src/libnacl/try-anything.c | 177 ++ src/libnacl/version | 1 + src/libnacl/windows/include/windows-quirks.h | 18 + 429 files changed, 18685 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 NEWS create mode 100644 README create mode 100644 README.markdown create mode 100755 autogen.sh create mode 100644 configure.ac create mode 100644 m4/ax_check_compile_flag.m4 create mode 100644 m4/ax_check_gnu_make.m4 create mode 100644 m4/ax_check_link_flag.m4 create mode 100644 m4/ax_pthread.m4 create mode 100644 src/Makefile.am create mode 100644 src/libnacl/MACROS create mode 100644 src/libnacl/OPERATIONS create mode 100644 src/libnacl/PROTOTYPES.c create mode 100644 src/libnacl/PROTOTYPES.cpp create mode 100644 src/libnacl/commandline/nacl-sha256.c create mode 100644 src/libnacl/commandline/nacl-sha512.c create mode 100644 src/libnacl/cpucycles/alpha.c create mode 100644 src/libnacl/cpucycles/alpha.h create mode 100644 src/libnacl/cpucycles/amd64cpuinfo.c create mode 100644 src/libnacl/cpucycles/amd64cpuinfo.h create mode 100644 src/libnacl/cpucycles/amd64cpuspeed.c create mode 100644 src/libnacl/cpucycles/amd64cpuspeed.h create mode 100644 src/libnacl/cpucycles/amd64tscfreq.c create mode 100644 src/libnacl/cpucycles/amd64tscfreq.h create mode 100644 src/libnacl/cpucycles/celllinux.c create mode 100644 src/libnacl/cpucycles/celllinux.h create mode 100644 src/libnacl/cpucycles/cortex.c create mode 100644 src/libnacl/cpucycles/cortex.h create mode 100644 src/libnacl/cpucycles/dev4ns.c create mode 100644 src/libnacl/cpucycles/dev4ns.h create mode 100755 src/libnacl/cpucycles/do create mode 100644 src/libnacl/cpucycles/gettimeofday.c create mode 100644 src/libnacl/cpucycles/gettimeofday.h create mode 100644 src/libnacl/cpucycles/hppapstat.c create mode 100644 src/libnacl/cpucycles/hppapstat.h create mode 100644 src/libnacl/cpucycles/ia64cpuinfo.c create mode 100644 src/libnacl/cpucycles/ia64cpuinfo.h create mode 100644 src/libnacl/cpucycles/mips.c create mode 100644 src/libnacl/cpucycles/mips.h create mode 100644 src/libnacl/cpucycles/monotonic.c create mode 100644 src/libnacl/cpucycles/monotonic.h create mode 100644 src/libnacl/cpucycles/monotoniccpuinfo.c create mode 100644 src/libnacl/cpucycles/monotoniccpuinfo.h create mode 100644 src/libnacl/cpucycles/osfreq.c create mode 100644 src/libnacl/cpucycles/powerpccpuinfo.c create mode 100644 src/libnacl/cpucycles/powerpccpuinfo.h create mode 100644 src/libnacl/cpucycles/powerpcmacos.c create mode 100644 src/libnacl/cpucycles/powerpcmacos.h create mode 100644 src/libnacl/cpucycles/sgi.c create mode 100644 src/libnacl/cpucycles/sgi.h create mode 100644 src/libnacl/cpucycles/sparc32cpuinfo.c create mode 100644 src/libnacl/cpucycles/sparc32cpuinfo.h create mode 100644 src/libnacl/cpucycles/sparccpuinfo.c create mode 100644 src/libnacl/cpucycles/sparccpuinfo.h create mode 100644 src/libnacl/cpucycles/test.c create mode 100644 src/libnacl/cpucycles/x86cpuinfo.c create mode 100644 src/libnacl/cpucycles/x86cpuinfo.h create mode 100644 src/libnacl/cpucycles/x86cpuspeed.c create mode 100644 src/libnacl/cpucycles/x86cpuspeed.h create mode 100644 src/libnacl/cpucycles/x86estimate.c create mode 100644 src/libnacl/cpucycles/x86estimate.h create mode 100644 src/libnacl/cpucycles/x86tscfreq.c create mode 100644 src/libnacl/cpucycles/x86tscfreq.h create mode 100644 src/libnacl/cpuid/cbytes.c create mode 100644 src/libnacl/cpuid/cpuid.c create mode 100755 src/libnacl/cpuid/do create mode 100644 src/libnacl/cpuid/unknown.c create mode 100644 src/libnacl/cpuid/x86.c create mode 100644 src/libnacl/crypto_auth/hmacsha256/checksum create mode 100644 src/libnacl/crypto_auth/hmacsha256/ref/api.h create mode 100644 src/libnacl/crypto_auth/hmacsha256/ref/hmac.c create mode 100644 src/libnacl/crypto_auth/hmacsha256/ref/verify.c create mode 100644 src/libnacl/crypto_auth/hmacsha256/used create mode 100644 src/libnacl/crypto_auth/hmacsha512256/checksum create mode 100644 src/libnacl/crypto_auth/hmacsha512256/ref/api.h create mode 100644 src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c create mode 100644 src/libnacl/crypto_auth/hmacsha512256/ref/verify.c create mode 100644 src/libnacl/crypto_auth/hmacsha512256/selected create mode 100644 src/libnacl/crypto_auth/hmacsha512256/used create mode 100644 src/libnacl/crypto_auth/measure.c create mode 100644 src/libnacl/crypto_auth/try.c create mode 100644 src/libnacl/crypto_auth/wrapper-auth.cpp create mode 100644 src/libnacl/crypto_auth/wrapper-verify.cpp create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/selected create mode 100644 src/libnacl/crypto_box/curve25519xsalsa20poly1305/used create mode 100644 src/libnacl/crypto_box/measure.c create mode 100644 src/libnacl/crypto_box/try.c create mode 100644 src/libnacl/crypto_box/wrapper-box.cpp create mode 100644 src/libnacl/crypto_box/wrapper-keypair.cpp create mode 100644 src/libnacl/crypto_box/wrapper-open.cpp create mode 100644 src/libnacl/crypto_core/hsalsa20/checksum create mode 100644 src/libnacl/crypto_core/hsalsa20/ref/api.h create mode 100644 src/libnacl/crypto_core/hsalsa20/ref/core.c create mode 100644 src/libnacl/crypto_core/hsalsa20/ref/implementors create mode 100644 src/libnacl/crypto_core/hsalsa20/ref2/api.h create mode 100644 src/libnacl/crypto_core/hsalsa20/ref2/core.c create mode 100644 src/libnacl/crypto_core/hsalsa20/ref2/implementors create mode 100644 src/libnacl/crypto_core/hsalsa20/used create mode 100644 src/libnacl/crypto_core/measure.c create mode 100644 src/libnacl/crypto_core/salsa20/checksum create mode 100644 src/libnacl/crypto_core/salsa20/ref/api.h create mode 100644 src/libnacl/crypto_core/salsa20/ref/core.c create mode 100644 src/libnacl/crypto_core/salsa20/ref/implementors create mode 100644 src/libnacl/crypto_core/salsa20/used create mode 100644 src/libnacl/crypto_core/salsa2012/checksum create mode 100644 src/libnacl/crypto_core/salsa2012/ref/api.h create mode 100644 src/libnacl/crypto_core/salsa2012/ref/core.c create mode 100644 src/libnacl/crypto_core/salsa2012/ref/implementors create mode 100644 src/libnacl/crypto_core/salsa2012/used create mode 100644 src/libnacl/crypto_core/salsa208/checksum create mode 100644 src/libnacl/crypto_core/salsa208/ref/api.h create mode 100644 src/libnacl/crypto_core/salsa208/ref/core.c create mode 100644 src/libnacl/crypto_core/salsa208/ref/implementors create mode 100644 src/libnacl/crypto_core/salsa208/used create mode 100644 src/libnacl/crypto_core/try.c create mode 100644 src/libnacl/crypto_core/wrapper-empty.cpp create mode 100644 src/libnacl/crypto_hash/measure.c create mode 100644 src/libnacl/crypto_hash/sha256/checksum create mode 100644 src/libnacl/crypto_hash/sha256/ref/api.h create mode 100644 src/libnacl/crypto_hash/sha256/ref/hash.c create mode 100644 src/libnacl/crypto_hash/sha256/ref/implementors create mode 100644 src/libnacl/crypto_hash/sha256/used create mode 100644 src/libnacl/crypto_hash/sha512/checksum create mode 100644 src/libnacl/crypto_hash/sha512/ref/api.h create mode 100644 src/libnacl/crypto_hash/sha512/ref/hash.c create mode 100644 src/libnacl/crypto_hash/sha512/ref/implementors create mode 100644 src/libnacl/crypto_hash/sha512/selected create mode 100644 src/libnacl/crypto_hash/sha512/used create mode 100644 src/libnacl/crypto_hash/try.c create mode 100644 src/libnacl/crypto_hash/wrapper-hash.cpp create mode 100644 src/libnacl/crypto_hashblocks/measure.c create mode 100644 src/libnacl/crypto_hashblocks/sha256/checksum create mode 100644 src/libnacl/crypto_hashblocks/sha256/inplace/api.h create mode 100644 src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c create mode 100644 src/libnacl/crypto_hashblocks/sha256/inplace/implementors create mode 100644 src/libnacl/crypto_hashblocks/sha256/ref/api.h create mode 100644 src/libnacl/crypto_hashblocks/sha256/ref/blocks.c create mode 100644 src/libnacl/crypto_hashblocks/sha256/ref/implementors create mode 100644 src/libnacl/crypto_hashblocks/sha256/used create mode 100644 src/libnacl/crypto_hashblocks/sha512/checksum create mode 100644 src/libnacl/crypto_hashblocks/sha512/inplace/api.h create mode 100644 src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c create mode 100644 src/libnacl/crypto_hashblocks/sha512/inplace/implementors create mode 100644 src/libnacl/crypto_hashblocks/sha512/ref/api.h create mode 100644 src/libnacl/crypto_hashblocks/sha512/ref/blocks.c create mode 100644 src/libnacl/crypto_hashblocks/sha512/ref/implementors create mode 100644 src/libnacl/crypto_hashblocks/sha512/selected create mode 100644 src/libnacl/crypto_hashblocks/sha512/used create mode 100644 src/libnacl/crypto_hashblocks/try.c create mode 100644 src/libnacl/crypto_hashblocks/wrapper-empty.cpp create mode 100644 src/libnacl/crypto_onetimeauth/measure.c create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/53/api.h create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/53/auth.c create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/53/verify.c create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/checksum create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/ref/api.h create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/selected create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/used create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/x86/api.h create mode 100644 src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c create mode 100644 src/libnacl/crypto_onetimeauth/try.c create mode 100644 src/libnacl/crypto_onetimeauth/wrapper-auth.cpp create mode 100644 src/libnacl/crypto_onetimeauth/wrapper-verify.cpp create mode 100644 src/libnacl/crypto_scalarmult/curve25519/checksum create mode 100644 src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h create mode 100644 src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c create mode 100644 src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors create mode 100644 src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c create mode 100644 src/libnacl/crypto_scalarmult/curve25519/ref/api.h create mode 100644 src/libnacl/crypto_scalarmult/curve25519/ref/base.c create mode 100644 src/libnacl/crypto_scalarmult/curve25519/ref/implementors create mode 100644 src/libnacl/crypto_scalarmult/curve25519/ref/smult.c create mode 100644 src/libnacl/crypto_scalarmult/curve25519/used create mode 100644 src/libnacl/crypto_scalarmult/measure.c create mode 100644 src/libnacl/crypto_scalarmult/try.c create mode 100644 src/libnacl/crypto_scalarmult/wrapper-base.cpp create mode 100644 src/libnacl/crypto_scalarmult/wrapper-mult.cpp create mode 100644 src/libnacl/crypto_secretbox/measure.c create mode 100644 src/libnacl/crypto_secretbox/try.c create mode 100644 src/libnacl/crypto_secretbox/wrapper-box.cpp create mode 100644 src/libnacl/crypto_secretbox/wrapper-open.cpp create mode 100644 src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum create mode 100644 src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h create mode 100644 src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c create mode 100644 src/libnacl/crypto_secretbox/xsalsa20poly1305/selected create mode 100644 src/libnacl/crypto_secretbox/xsalsa20poly1305/used create mode 100644 src/libnacl/crypto_sign/ed25519/description create mode 100644 src/libnacl/crypto_sign/ed25519/designers create mode 100644 src/libnacl/crypto_sign/ed25519/ref/api.h create mode 100644 src/libnacl/crypto_sign/ed25519/ref/ed25519.c create mode 100644 src/libnacl/crypto_sign/ed25519/ref/fe25519.c create mode 100644 src/libnacl/crypto_sign/ed25519/ref/fe25519.h create mode 100644 src/libnacl/crypto_sign/ed25519/ref/ge25519.c create mode 100644 src/libnacl/crypto_sign/ed25519/ref/ge25519.h create mode 100644 src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data create mode 100644 src/libnacl/crypto_sign/ed25519/ref/implementors create mode 100644 src/libnacl/crypto_sign/ed25519/ref/sc25519.c create mode 100644 src/libnacl/crypto_sign/ed25519/ref/sc25519.h create mode 100644 src/libnacl/crypto_sign/ed25519/selected create mode 100644 src/libnacl/crypto_sign/ed25519/used create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/selected create mode 100644 src/libnacl/crypto_sign/edwards25519sha512batch/used create mode 100644 src/libnacl/crypto_sign/measure.c create mode 100644 src/libnacl/crypto_sign/try.c create mode 100644 src/libnacl/crypto_sign/wrapper-keypair.cpp create mode 100644 src/libnacl/crypto_sign/wrapper-sign-open.cpp create mode 100644 src/libnacl/crypto_sign/wrapper-sign.cpp create mode 100644 src/libnacl/crypto_stream/aes128ctr/checksum create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/afternm.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/api.h create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/common.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/common.h create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/consts.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/consts.h create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/int128.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/int128.h create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/stream.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/types.h create mode 100644 src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c create mode 100644 src/libnacl/crypto_stream/aes128ctr/used create mode 100644 src/libnacl/crypto_stream/measure.c create mode 100644 src/libnacl/crypto_stream/salsa20/checksum create mode 100644 src/libnacl/crypto_stream/salsa20/ref/api.h create mode 100644 src/libnacl/crypto_stream/salsa20/ref/implementors create mode 100644 src/libnacl/crypto_stream/salsa20/ref/stream.c create mode 100644 src/libnacl/crypto_stream/salsa20/ref/xor.c create mode 100644 src/libnacl/crypto_stream/salsa20/used create mode 100644 src/libnacl/crypto_stream/salsa2012/checksum create mode 100644 src/libnacl/crypto_stream/salsa2012/ref/api.h create mode 100644 src/libnacl/crypto_stream/salsa2012/ref/implementors create mode 100644 src/libnacl/crypto_stream/salsa2012/ref/stream.c create mode 100644 src/libnacl/crypto_stream/salsa2012/ref/xor.c create mode 100644 src/libnacl/crypto_stream/salsa2012/used create mode 100644 src/libnacl/crypto_stream/salsa208/checksum create mode 100644 src/libnacl/crypto_stream/salsa208/ref/api.h create mode 100644 src/libnacl/crypto_stream/salsa208/ref/implementors create mode 100644 src/libnacl/crypto_stream/salsa208/ref/stream.c create mode 100644 src/libnacl/crypto_stream/salsa208/ref/xor.c create mode 100644 src/libnacl/crypto_stream/salsa208/used create mode 100644 src/libnacl/crypto_stream/try.c create mode 100644 src/libnacl/crypto_stream/wrapper-stream.cpp create mode 100644 src/libnacl/crypto_stream/wrapper-xor.cpp create mode 100644 src/libnacl/crypto_stream/xsalsa20/checksum create mode 100644 src/libnacl/crypto_stream/xsalsa20/ref/api.h create mode 100644 src/libnacl/crypto_stream/xsalsa20/ref/implementors create mode 100644 src/libnacl/crypto_stream/xsalsa20/ref/stream.c create mode 100644 src/libnacl/crypto_stream/xsalsa20/ref/xor.c create mode 100644 src/libnacl/crypto_stream/xsalsa20/selected create mode 100644 src/libnacl/crypto_stream/xsalsa20/used create mode 100644 src/libnacl/crypto_verify/16/checksum create mode 100644 src/libnacl/crypto_verify/16/ref/api.h create mode 100644 src/libnacl/crypto_verify/16/ref/verify.c create mode 100644 src/libnacl/crypto_verify/16/used create mode 100644 src/libnacl/crypto_verify/32/checksum create mode 100644 src/libnacl/crypto_verify/32/ref/api.h create mode 100644 src/libnacl/crypto_verify/32/ref/verify.c create mode 100644 src/libnacl/crypto_verify/32/used create mode 100644 src/libnacl/crypto_verify/measure.c create mode 100644 src/libnacl/crypto_verify/try.c create mode 100644 src/libnacl/crypto_verify/wrapper-empty.cpp create mode 100644 src/libnacl/dist-dirs create mode 100644 src/libnacl/dist-files create mode 100755 src/libnacl/do create mode 100644 src/libnacl/inttypes/crypto_int16.c create mode 100644 src/libnacl/inttypes/crypto_int32.c create mode 100644 src/libnacl/inttypes/crypto_int64.c create mode 100644 src/libnacl/inttypes/crypto_int8.c create mode 100644 src/libnacl/inttypes/crypto_uint16.c create mode 100644 src/libnacl/inttypes/crypto_uint32.c create mode 100644 src/libnacl/inttypes/crypto_uint64.c create mode 100644 src/libnacl/inttypes/crypto_uint8.c create mode 100755 src/libnacl/inttypes/do create mode 100644 src/libnacl/inttypes/signed.h create mode 100644 src/libnacl/inttypes/unsigned.h create mode 100644 src/libnacl/measure-anything.c create mode 100644 src/libnacl/okcompilers/abiname.c create mode 100644 src/libnacl/okcompilers/abinames create mode 100644 src/libnacl/okcompilers/archivers create mode 100755 src/libnacl/okcompilers/c.in create mode 100755 src/libnacl/okcompilers/do.in create mode 100644 src/libnacl/okcompilers/lib.c create mode 100644 src/libnacl/okcompilers/lib.cpp create mode 100644 src/libnacl/okcompilers/main.c create mode 100644 src/libnacl/okcompilers/main.cpp create mode 100755 src/libnacl/okcompilers/test-okar create mode 100755 src/libnacl/okcompilers/test-okc create mode 100755 src/libnacl/okcompilers/test-okc2 create mode 100755 src/libnacl/okcompilers/test-okclink create mode 100644 src/libnacl/okcompilers/test.c create mode 100644 src/libnacl/okcompilers/test10.c create mode 100644 src/libnacl/okcompilers/test5.c create mode 100644 src/libnacl/okcompilers/test5.cpp create mode 100644 src/libnacl/okcompilers/test6.c create mode 100644 src/libnacl/okcompilers/test9.c create mode 100644 src/libnacl/randombytes/devurandom.c create mode 100644 src/libnacl/randombytes/devurandom.h create mode 100755 src/libnacl/randombytes/do create mode 100644 src/libnacl/randombytes/test.c create mode 100644 src/libnacl/tests/auth.c create mode 100644 src/libnacl/tests/auth.out create mode 100644 src/libnacl/tests/auth2.c create mode 100644 src/libnacl/tests/auth2.out create mode 100644 src/libnacl/tests/auth3.c create mode 100644 src/libnacl/tests/auth3.out create mode 100644 src/libnacl/tests/auth4.cpp create mode 100644 src/libnacl/tests/auth4.out create mode 100644 src/libnacl/tests/auth5.c create mode 100644 src/libnacl/tests/auth5.out create mode 100644 src/libnacl/tests/auth6.cpp create mode 100644 src/libnacl/tests/auth6.out create mode 100644 src/libnacl/tests/box.c create mode 100644 src/libnacl/tests/box.out create mode 100644 src/libnacl/tests/box2.c create mode 100644 src/libnacl/tests/box2.out create mode 100644 src/libnacl/tests/box3.cpp create mode 100644 src/libnacl/tests/box3.out create mode 100644 src/libnacl/tests/box4.cpp create mode 100644 src/libnacl/tests/box4.out create mode 100644 src/libnacl/tests/box5.cpp create mode 100644 src/libnacl/tests/box5.out create mode 100644 src/libnacl/tests/box6.cpp create mode 100644 src/libnacl/tests/box6.out create mode 100644 src/libnacl/tests/box7.c create mode 100644 src/libnacl/tests/box7.out create mode 100644 src/libnacl/tests/box8.c create mode 100644 src/libnacl/tests/box8.out create mode 100644 src/libnacl/tests/core1.c create mode 100644 src/libnacl/tests/core1.out create mode 100644 src/libnacl/tests/core2.c create mode 100644 src/libnacl/tests/core2.out create mode 100644 src/libnacl/tests/core3.c create mode 100644 src/libnacl/tests/core3.out create mode 100644 src/libnacl/tests/core4.c create mode 100644 src/libnacl/tests/core4.out create mode 100644 src/libnacl/tests/core5.c create mode 100644 src/libnacl/tests/core5.out create mode 100644 src/libnacl/tests/core6.c create mode 100644 src/libnacl/tests/core6.out create mode 100644 src/libnacl/tests/hash.c create mode 100644 src/libnacl/tests/hash.out create mode 100644 src/libnacl/tests/hash2.cpp create mode 100644 src/libnacl/tests/hash2.out create mode 100644 src/libnacl/tests/hash3.c create mode 100644 src/libnacl/tests/hash3.out create mode 100644 src/libnacl/tests/hash4.cpp create mode 100644 src/libnacl/tests/hash4.out create mode 100644 src/libnacl/tests/onetimeauth.c create mode 100644 src/libnacl/tests/onetimeauth.out create mode 100644 src/libnacl/tests/onetimeauth2.c create mode 100644 src/libnacl/tests/onetimeauth2.out create mode 100644 src/libnacl/tests/onetimeauth5.cpp create mode 100644 src/libnacl/tests/onetimeauth5.out create mode 100644 src/libnacl/tests/onetimeauth6.cpp create mode 100644 src/libnacl/tests/onetimeauth6.out create mode 100644 src/libnacl/tests/onetimeauth7.c create mode 100644 src/libnacl/tests/onetimeauth7.out create mode 100644 src/libnacl/tests/onetimeauth8.cpp create mode 100644 src/libnacl/tests/onetimeauth8.out create mode 100644 src/libnacl/tests/scalarmult.c create mode 100644 src/libnacl/tests/scalarmult.out create mode 100644 src/libnacl/tests/scalarmult2.c create mode 100644 src/libnacl/tests/scalarmult2.out create mode 100644 src/libnacl/tests/scalarmult3.cpp create mode 100644 src/libnacl/tests/scalarmult3.out create mode 100644 src/libnacl/tests/scalarmult4.cpp create mode 100644 src/libnacl/tests/scalarmult4.out create mode 100644 src/libnacl/tests/scalarmult5.c create mode 100644 src/libnacl/tests/scalarmult5.out create mode 100644 src/libnacl/tests/scalarmult6.c create mode 100644 src/libnacl/tests/scalarmult6.out create mode 100644 src/libnacl/tests/scalarmult7.cpp create mode 100644 src/libnacl/tests/scalarmult7.out create mode 100644 src/libnacl/tests/secretbox.c create mode 100644 src/libnacl/tests/secretbox.out create mode 100644 src/libnacl/tests/secretbox2.c create mode 100644 src/libnacl/tests/secretbox2.out create mode 100644 src/libnacl/tests/secretbox3.cpp create mode 100644 src/libnacl/tests/secretbox3.out create mode 100644 src/libnacl/tests/secretbox4.cpp create mode 100644 src/libnacl/tests/secretbox4.out create mode 100644 src/libnacl/tests/secretbox5.cpp create mode 100644 src/libnacl/tests/secretbox5.out create mode 100644 src/libnacl/tests/secretbox6.cpp create mode 100644 src/libnacl/tests/secretbox6.out create mode 100644 src/libnacl/tests/secretbox7.c create mode 100644 src/libnacl/tests/secretbox7.out create mode 100644 src/libnacl/tests/secretbox8.c create mode 100644 src/libnacl/tests/secretbox8.out create mode 100644 src/libnacl/tests/stream.c create mode 100644 src/libnacl/tests/stream.out create mode 100644 src/libnacl/tests/stream2.c create mode 100644 src/libnacl/tests/stream2.out create mode 100644 src/libnacl/tests/stream3.c create mode 100644 src/libnacl/tests/stream3.out create mode 100644 src/libnacl/tests/stream4.c create mode 100644 src/libnacl/tests/stream4.out create mode 100644 src/libnacl/tests/stream5.cpp create mode 100644 src/libnacl/tests/stream5.out create mode 100644 src/libnacl/tests/stream6.cpp create mode 100644 src/libnacl/tests/stream6.out create mode 100644 src/libnacl/tests/stream7.cpp create mode 100644 src/libnacl/tests/stream7.out create mode 100644 src/libnacl/tests/stream8.cpp create mode 100644 src/libnacl/tests/stream8.out create mode 100644 src/libnacl/try-anything.c create mode 100644 src/libnacl/version create mode 100644 src/libnacl/windows/include/windows-quirks.h diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 00000000..e69de29b diff --git a/COPYING b/COPYING new file mode 100644 index 00000000..85265b0a --- /dev/null +++ b/COPYING @@ -0,0 +1 @@ +Public domain diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 00000000..e69de29b diff --git a/NEWS b/NEWS new file mode 100644 index 00000000..e69de29b diff --git a/README b/README new file mode 100644 index 00000000..1dbff7a1 --- /dev/null +++ b/README @@ -0,0 +1 @@ +See README.markdown diff --git a/README.markdown b/README.markdown new file mode 100644 index 00000000..e69de29b diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 00000000..ee77b698 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,11 @@ +#! /bin/sh + +if [ -x "`which autoreconf 2>/dev/null`" ] ; then + exec autoreconf -ivf +fi + +aclocal && \ +autoheader && \ +automake --add-missing --force-missing --include-deps && \ +autoconf + diff --git a/configure.ac b/configure.ac new file mode 100644 index 00000000..c6ebfec8 --- /dev/null +++ b/configure.ac @@ -0,0 +1,204 @@ +AC_PREREQ([2.61]) +AC_INIT([nacl-ref],[0.0.1],[https://github.com/jedisct1/nacl-ref]) +AC_CONFIG_MACRO_DIR([m4]) +AC_CONFIG_SRCDIR([src/libnacl/PROTOTYPES.c]) +AC_CONFIG_HEADER([config.h]) +AC_CANONICAL_HOST +AM_INIT_AUTOMAKE([1.9 dist-bzip2 tar-ustar]) +AM_MAINTAINER_MODE +AM_DEP_TRACK + +AC_SUBST(VERSION) +ISODATE=`date +%Y-%m-%d` +AC_SUBST(ISODATE) + +LX_CFLAGS=${CFLAGS-NONE} +AC_PROG_CC_C99 +AC_USE_SYSTEM_EXTENSIONS +CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + +AS_IF([test "$cross_compiling" != no], + AC_DEFINE(CROSS_COMPILING,,[define if you are cross-compiling]) +) + +AX_CHECK_COMPILE_FLAG([-fPIC], [ + AX_CHECK_LINK_FLAG([-fPIC], + [CFLAGS="$CFLAGS -fPIC"] + ) +]) + +AS_IF([test "$enable_pie" != "no"],[ + AX_CHECK_COMPILE_FLAG([-fPIE], [ + AX_CHECK_LINK_FLAG([-fPIE], + [AX_CHECK_LINK_FLAG([-pie], + [CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -pie"]) + ]) + ]) +]) + +AX_CHECK_COMPILE_FLAG([-fcatch-undefined-c99-behavior], + [CFLAGS="$CFLAGS -fcatch-undefined-c99-behavior"], + [AX_CHECK_COMPILE_FLAG([-fwrapv], [CFLAGS="$CFLAGS -fwrapv"])] +) +AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"]) +AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) + +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"]) + AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"]) + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], + [CFLAGS="$CFLAGS -fstack-protector-all"] + ) + ]) + ;; + dragonfly*) + AX_CHECK_COMPILE_FLAG([-fstack-protector], [ + AX_CHECK_LINK_FLAG([-fstack-protector], + [CFLAGS="$CFLAGS -fstack-protector"] + ) + ]) + ;; + *) + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], + [CFLAGS="$CFLAGS -fstack-protector-all"] + ) + ]) + ;; +esac + +AX_CHECK_COMPILE_FLAG([-Wbounded], [CFLAGS="$CFLAGS -Wbounded"]) +AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"]) +AX_CHECK_COMPILE_FLAG([-Wwrite-strings], [CFLAGS="$CFLAGS -Wwrite-strings"]) +AX_CHECK_COMPILE_FLAG([-Wdiv-by-zero], [CFLAGS="$CFLAGS -Wdiv-by-zero"]) + +AC_ARG_VAR([CWFLAGS], [define to compilation flags for generating extra warnings]) + +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wall], [CWFLAGS="$CWFLAGS -Wall"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wextra], [CWFLAGS="$CWFLAGS -Wextra"]) + +AC_MSG_CHECKING(for clang) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ +#ifndef __clang__ +be sad +#endif +]])], + [AC_MSG_RESULT(yes) + AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wno-unknown-warning-option], + [CWFLAGS="$CWFLAGS -Wno-unknown-warning-option"])], + [AC_MSG_RESULT(no) +]) + +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wbad-function-cast], [CWFLAGS="$CWFLAGS -Wbad-function-cast"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-align], [CWFLAGS="$CWFLAGS -Wcast-align"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-qual], [CWFLAGS="$CWFLAGS -Wcast-qual"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wchar-subscripts], [CWFLAGS="$CWFLAGS -Wchar-subscripts"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcomment], [CWFLAGS="$CWFLAGS -Wcomment"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wfloat-equal], [CWFLAGS="$CWFLAGS -Wfloat-equal"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wformat=2], [CWFLAGS="$CWFLAGS -Wformat=2"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wimplicit], [CWFLAGS="$CWFLAGS -Wimplicit"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-declarations], [CWFLAGS="$CWFLAGS -Wmissing-declarations"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-prototypes], [CWFLAGS="$CWFLAGS -Wmissing-prototypes"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wnormalized=id], [CWFLAGS="$CWFLAGS -Wnormalized=id"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Woverride-init], [CWFLAGS="$CWFLAGS -Woverride-init"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wparentheses], [CWFLAGS="$CWFLAGS -Wparentheses"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wpointer-arith], [CWFLAGS="$CWFLAGS -Wpointer-arith"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wredundant-decls], [CWFLAGS="$CWFLAGS -Wredundant-decls"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wstrict-prototypes], [CWFLAGS="$CWFLAGS -Wstrict-prototypes"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wswitch-enum], [CWFLAGS="$CWFLAGS -Wswitch-enum"]) +AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wvariable-decl], [CWFLAGS="$CWFLAGS -Wvariable-decl"]) + +AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"]) +AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"]) +AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"]) + +AC_ARG_VAR([AR], [path to the ar utility]) +AC_CHECK_TOOL([AR], [ar], [ar]) + +AS_IF([test -d /usr/local/include], [ + CPPFLAGS="$CPPFLAGS -I/usr/local/include" +]) + +AS_IF([test -d /usr/local/lib], [ + LDFLAGS="$LDFLAGS -L/usr/local/lib" +]) + +dnl Checks for typedefs, structures, and compiler characteristics. + +AC_C_BIGENDIAN + +dnl Switches. + +AC_ARG_ENABLE(pie, +[AS_HELP_STRING(--enable-pie,Produce position independent executables @<:@default=yes@:>@)], + enable_pie=$enableval, enable_pie="maybe") + +AC_ARG_ENABLE(ssp, +[AS_HELP_STRING(--disable-ssp,Don't compile with -fstack-protector)], +[AS_IF([test "x$enableval" = "xno"], [ + nxflags="" + for flag in `echo $CFLAGS`; do + case "$flag" in + -fstack-protector*) ;; + *) AS_VAR_APPEND([nxflags], [" $flag"]) ;; + esac + done + CFLAGS="$nxflags" + ]) +]) + +AC_ARG_ENABLE(debug, +[AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)], +[ + AS_IF([test "x$LX_CFLAGS" = "xNONE"], [ + nxflags="" + for flag in `echo $CFLAGS`; do + case "$flag" in + -O*) ;; + -g*) ;; + *) AS_VAR_APPEND([nxflags], [" $flag"]) ;; + esac + done + CFLAGS="$nxflags -O0 -g3" + ]) + CPPFLAGS="$CPPFLAGS -DDEBUG=1" +]) + +AC_ARG_WITH(safecode, +[AS_HELP_STRING(--with-safecode,For maintainers only - please do not use)], +[AS_IF([test "x$withval" = "xyes"], [ + AC_ARG_VAR([SAFECODE_HOME], [set to the safecode base directory]) + : ${SAFECODE_HOME:=/opt/safecode} + LDFLAGS="$LDFLAGS -L${SAFECODE_HOME}/lib" + LIBS="$LIBS -lsc_dbg_rt -lpoolalloc_bitmap -lstdc++" + CFLAGS="$CFLAGS -fmemsafety" + ]) +]) + +NACL_HOSTNAME="localhost" +NACL_PATH=libnacl/build/${NACL_HOSTNAME} + +AC_SUBST([MAINT]) +AC_SUBST([NACL_PATH]) + +dnl Output. + +AH_VERBATIM([NDEBUG], [/* Never ever ignore assertions */ +#ifdef NDEBUG +#/**/undef/**/ NDEBUG +#endif]) + +AC_CONFIG_FILES([Makefile + src/Makefile + src/libnacl/Makefile + src/libnacl/tests/Makefile + src/libnacl/okcompilers/c + src/libnacl/okcompilers/do]) + +AC_OUTPUT + +chmod +x src/libnacl/do +chmod +x src/libnacl/okcompilers/do diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 new file mode 100644 index 00000000..af1b556b --- /dev/null +++ b/m4/ax_check_compile_flag.m4 @@ -0,0 +1,73 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's compiler +# or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the current language's default +# flags (e.g. CFLAGS) when the check is done. The check is thus made with +# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +# force the compiler to issue an error when a bad flag is given. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 2 + +AC_DEFUN([AX_CHECK_COMPILE_FLAG], +[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ + ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[char x[42U], fodder = 0;if (fodder > -1000 && fgets(x,1000,stdin)) puts(x)]])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS diff --git a/m4/ax_check_gnu_make.m4 b/m4/ax_check_gnu_make.m4 new file mode 100644 index 00000000..938aad71 --- /dev/null +++ b/m4/ax_check_gnu_make.m4 @@ -0,0 +1,78 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_gnu_make.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_GNU_MAKE() +# +# DESCRIPTION +# +# This macro searches for a GNU version of make. If a match is found, the +# makefile variable `ifGNUmake' is set to the empty string, otherwise it +# is set to "#". This is useful for including a special features in a +# Makefile, which cannot be handled by other versions of make. The +# variable _cv_gnu_make_command is set to the command to invoke GNU make +# if it exists, the empty string otherwise. +# +# Here is an example of its use: +# +# Makefile.in might contain: +# +# # A failsafe way of putting a dependency rule into a makefile +# $(DEPEND): +# $(CC) -MM $(srcdir)/*.c > $(DEPEND) +# +# @ifGNUmake@ ifeq ($(DEPEND),$(wildcard $(DEPEND))) +# @ifGNUmake@ include $(DEPEND) +# @ifGNUmake@ endif +# +# Then configure.in would normally contain: +# +# AX_CHECK_GNU_MAKE() +# AC_OUTPUT(Makefile) +# +# Then perhaps to cause gnu make to override any other make, we could do +# something like this (note that GNU make always looks for GNUmakefile +# first): +# +# if ! test x$_cv_gnu_make_command = x ; then +# mv Makefile GNUmakefile +# echo .DEFAULT: > Makefile ; +# echo \ $_cv_gnu_make_command \$@ >> Makefile; +# fi +# +# Then, if any (well almost any) other make is called, and GNU make also +# exists, then the other make wraps the GNU make. +# +# LICENSE +# +# Copyright (c) 2008 John Darrington +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 7 + +AC_DEFUN([AX_CHECK_GNU_MAKE], [ AC_CACHE_CHECK( for GNU make,_cv_gnu_make_command, + _cv_gnu_make_command='' ; +dnl Search all the common names for GNU make + for a in "$MAKE" make gmake gnumake ; do + if test -z "$a" ; then continue ; fi ; + if ( sh -c "$a --version" 2> /dev/null | grep GNU 2>&1 > /dev/null ) ; then + _cv_gnu_make_command=$a ; + break; + fi + done ; + ) ; +dnl If there was a GNU version, then set @ifGNUmake@ to the empty string, '#' otherwise + if test "x$_cv_gnu_make_command" != "x" ; then + ifGNUmake='' ; + else + ifGNUmake='#' ; + AC_MSG_RESULT("Not found"); + fi + AC_SUBST(ifGNUmake) +] ) diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4 new file mode 100644 index 00000000..5895fa3d --- /dev/null +++ b/m4/ax_check_link_flag.m4 @@ -0,0 +1,72 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the linker or gives an error. +# (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the linker's default flags +# when the check is done. The check is thus made with the flags: "LDFLAGS +# EXTRA-FLAGS FLAG". This can for example be used to force the linker to +# issue an error when a bad flag is given. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 2 + +AC_DEFUN([AX_CHECK_LINK_FLAG], +[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl +AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS $4 $1" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[char x[42U];if (fgets(x,1000,stdin)) puts(x)]])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + LDFLAGS=$ax_check_save_flags]) +AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_LINK_FLAGS diff --git a/m4/ax_pthread.m4 b/m4/ax_pthread.m4 new file mode 100644 index 00000000..a6bf596c --- /dev/null +++ b/m4/ax_pthread.m4 @@ -0,0 +1,302 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. It +# sets the PTHREAD_LIBS output variable to the threads library and linker +# flags, and the PTHREAD_CFLAGS output variable to any special C compiler +# flags that are needed. (The user can also force certain compiler +# flags/libs to be tested by setting these environment variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). (This +# is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these flags, +# but also link it with them as well. e.g. you should link with +# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# +# If you are only building threads programs, you may wish to use these +# variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant +# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name +# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the +# PTHREAD_PRIO_INHERIT symbol is defined when compiling with +# PTHREAD_CFLAGS. +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads library +# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it +# is not found. If ACTION-IF-FOUND is not specified, the default action +# will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or if +# you have any other suggestions or comments. This macro was based on work +# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help +# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by +# Alejandro Forero Cuervo to the autoconf macro repository. We are also +# grateful for the helpful feedback of numerous users. +# +# Updated for Autoconf 2.68 by Daniel Richard G. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson +# Copyright (c) 2011 Daniel Richard G. +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 16 + +AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) +AC_DEFUN([AX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_PUSH([C]) +ax_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) + AC_MSG_RESULT($ax_pthread_ok) + if test x"$ax_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case "${host_cpu}-${host_os}" in + *solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" + ;; + + *-darwin*) + ax_pthread_flags="-pthread $ax_pthread_flags" + ;; +esac + +if test x"$ax_pthread_ok" = xno; then +for flag in $ax_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) + if test x"$ax_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include + static void routine(void *a) { a = 0; } + static void *start_routine(void *a) { return a; }], + [pthread_t th; pthread_attr_t attr; + pthread_create(&th, 0, start_routine, 0); + pthread_join(th, 0); + pthread_attr_init(&attr); + pthread_cleanup_push(routine, 0); + pthread_cleanup_pop(0) /* ; */])], + [ax_pthread_ok=yes], + []) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($ax_pthread_ok) + if test "x$ax_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$ax_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], + [int attr = $attr; return attr /* ; */])], + [attr_name=$attr; break], + []) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case "${host_cpu}-${host_os}" in + *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; + *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + ax_cv_PTHREAD_PRIO_INHERIT, [ + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[#include ]], [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], + AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: must compile with xlc_r or cc_r + if test x"$GCC" != xyes; then + AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) + else + PTHREAD_CC=$CC + fi +else + PTHREAD_CC="$CC" +fi + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$ax_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + ax_pthread_ok=no + $2 +fi +AC_LANG_POP +])dnl AX_PTHREAD diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 00000000..5e297a3a --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,3 @@ + +SUBDIRS = \ + libnacl diff --git a/src/libnacl/MACROS b/src/libnacl/MACROS new file mode 100644 index 00000000..26f6cd02 --- /dev/null +++ b/src/libnacl/MACROS @@ -0,0 +1,56 @@ +crypto_verify +crypto_verify_BYTES +crypto_core +crypto_core_OUTPUTBYTES +crypto_core_INPUTBYTES +crypto_core_KEYBYTES +crypto_core_CONSTBYTES +crypto_hashblocks +crypto_hashblocks_STATEBYTES +crypto_hashblocks_BLOCKBYTES +crypto_hash +crypto_hash_BYTES +crypto_stream +crypto_stream_xor +crypto_stream_beforenm +crypto_stream_afternm +crypto_stream_xor_afternm +crypto_stream_KEYBYTES +crypto_stream_NONCEBYTES +crypto_stream_BEFORENMBYTES +crypto_onetimeauth +crypto_onetimeauth_verify +crypto_onetimeauth_BYTES +crypto_onetimeauth_KEYBYTES +crypto_auth +crypto_auth_verify +crypto_auth_BYTES +crypto_auth_KEYBYTES +crypto_secretbox +crypto_secretbox_open +crypto_secretbox_KEYBYTES +crypto_secretbox_NONCEBYTES +crypto_secretbox_ZEROBYTES +crypto_secretbox_BOXZEROBYTES +crypto_scalarmult +crypto_scalarmult_base +crypto_scalarmult_BYTES +crypto_scalarmult_SCALARBYTES +crypto_box +crypto_box_open +crypto_box_keypair +crypto_box_beforenm +crypto_box_afternm +crypto_box_open_afternm +crypto_box_PUBLICKEYBYTES +crypto_box_SECRETKEYBYTES +crypto_box_BEFORENMBYTES +crypto_box_NONCEBYTES +crypto_box_ZEROBYTES +crypto_box_BOXZEROBYTES +crypto_sign +crypto_sign_open +crypto_sign_keypair +crypto_sign_BYTES +crypto_sign_PUBLICKEYBYTES +crypto_sign_SECRETKEYBYTES diff --git a/src/libnacl/OPERATIONS b/src/libnacl/OPERATIONS new file mode 100644 index 00000000..5fc25d35 --- /dev/null +++ b/src/libnacl/OPERATIONS @@ -0,0 +1,11 @@ +crypto_verify +crypto_core +crypto_hashblocks +crypto_hash +crypto_stream +crypto_onetimeauth +crypto_auth +crypto_secretbox +crypto_scalarmult +crypto_box +crypto_sign diff --git a/src/libnacl/PROTOTYPES.c b/src/libnacl/PROTOTYPES.c new file mode 100644 index 00000000..bc8ca531 --- /dev/null +++ b/src/libnacl/PROTOTYPES.c @@ -0,0 +1,26 @@ +extern int crypto_verify(const unsigned char *,const unsigned char *); +extern int crypto_core(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_hashblocks(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_hash(unsigned char *,const unsigned char *,unsigned long long); +extern int crypto_stream(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_beforenm(unsigned char *,const unsigned char *); +extern int crypto_stream_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_stream_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_onetimeauth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_onetimeauth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_auth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_secretbox(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_secretbox_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_scalarmult(unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_scalarmult_base(unsigned char *,const unsigned char *); +extern int crypto_box(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_keypair(unsigned char *,unsigned char *); +extern int crypto_box_beforenm(unsigned char *,const unsigned char *,const unsigned char *); +extern int crypto_box_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_box_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); +extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *); +extern int crypto_sign_keypair(unsigned char *,unsigned char *); diff --git a/src/libnacl/PROTOTYPES.cpp b/src/libnacl/PROTOTYPES.cpp new file mode 100644 index 00000000..4318a049 --- /dev/null +++ b/src/libnacl/PROTOTYPES.cpp @@ -0,0 +1,17 @@ +extern std::string crypto_auth(const std::string &,const std::string &); +extern void crypto_auth_verify(const std::string &,const std::string &,const std::string &); +extern std::string crypto_box(const std::string &,const std::string &,const std::string &,const std::string &); +extern std::string crypto_box_open(const std::string &,const std::string &,const std::string &,const std::string &); +extern std::string crypto_box_keypair(std::string *); +extern std::string crypto_hash(const std::string &); +extern std::string crypto_onetimeauth(const std::string &,const std::string &); +extern void crypto_onetimeauth_verify(const std::string &,const std::string &,const std::string &); +extern std::string crypto_scalarmult(const std::string &,const std::string &); +extern std::string crypto_scalarmult_base(const std::string &); +extern std::string crypto_secretbox(const std::string &,const std::string &,const std::string &); +extern std::string crypto_secretbox_open(const std::string &,const std::string &,const std::string &); +extern std::string crypto_stream(size_t,const std::string &,const std::string &); +extern std::string crypto_stream_xor(const std::string &,const std::string &,const std::string &); +extern std::string crypto_sign(const std::string &,const std::string &); +extern std::string crypto_sign_open(const std::string &,const std::string &); +extern std::string crypto_sign_keypair(std::string *); diff --git a/src/libnacl/commandline/nacl-sha256.c b/src/libnacl/commandline/nacl-sha256.c new file mode 100644 index 00000000..8e0df453 --- /dev/null +++ b/src/libnacl/commandline/nacl-sha256.c @@ -0,0 +1,64 @@ +/* +commandline/nacl-sha256.c version 20080713 +D. J. Bernstein +Public domain. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include "crypto_hash_sha256.h" + +unsigned char *input; +unsigned long long inputalloc; +unsigned long long inputlen; + +unsigned char h[crypto_hash_sha256_BYTES]; + +void h_print(void) +{ + int i; + for (i = 0;i < crypto_hash_sha256_BYTES;++i) printf("%02x",255 & (int) h[i]); + printf("\n"); +} + +int main() +{ + struct stat st; + int ch; + + if (fstat(0,&st) == 0) { + input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0); + if (input != MAP_FAILED) { + crypto_hash_sha256(h,input,st.st_size); + h_print(); + return 0; + } + } + + input = 0; + inputalloc = 0; + inputlen = 0; + + while ((ch = getchar()) != EOF) { + if (inputlen >= inputalloc) { + void *newinput; + while (inputlen >= inputalloc) + inputalloc = inputalloc * 2 + 1; + if (posix_memalign(&newinput,16,inputalloc) != 0) return 111; + memcpy(newinput,input,inputlen); + free(input); + input = newinput; + } + input[inputlen++] = ch; + } + + crypto_hash_sha256(h,input,inputlen); + h_print(); + + return 0; +} diff --git a/src/libnacl/commandline/nacl-sha512.c b/src/libnacl/commandline/nacl-sha512.c new file mode 100644 index 00000000..6864c76a --- /dev/null +++ b/src/libnacl/commandline/nacl-sha512.c @@ -0,0 +1,64 @@ +/* +commandline/nacl-sha512.c version 20080713 +D. J. Bernstein +Public domain. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include "crypto_hash_sha512.h" + +unsigned char *input; +unsigned long long inputalloc; +unsigned long long inputlen; + +unsigned char h[crypto_hash_sha512_BYTES]; + +void h_print(void) +{ + int i; + for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",255 & (int) h[i]); + printf("\n"); +} + +int main() +{ + struct stat st; + int ch; + + if (fstat(0,&st) == 0) { + input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0); + if (input != MAP_FAILED) { + crypto_hash_sha512(h,input,st.st_size); + h_print(); + return 0; + } + } + + input = 0; + inputalloc = 0; + inputlen = 0; + + while ((ch = getchar()) != EOF) { + if (inputlen >= inputalloc) { + void *newinput; + while (inputlen >= inputalloc) + inputalloc = inputalloc * 2 + 1; + if (posix_memalign(&newinput,16,inputalloc) != 0) return 111; + memcpy(newinput,input,inputlen); + free(input); + input = newinput; + } + input[inputlen++] = ch; + } + + crypto_hash_sha512(h,input,inputlen); + h_print(); + + return 0; +} diff --git a/src/libnacl/cpucycles/alpha.c b/src/libnacl/cpucycles/alpha.c new file mode 100644 index 00000000..ef497999 --- /dev/null +++ b/src/libnacl/cpucycles/alpha.c @@ -0,0 +1,80 @@ +/* +cpucycles/alpha.c version 20060316 +D. J. Bernstein +Public domain. +*/ + +#include +#include +#include + +static long long tod(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static long long rpcc(void) +{ + unsigned long long t; + asm volatile("rpcc %0" : "=r"(t)); + return t & 0xffffffff; +} + +static long long firstrpcc; +static long long firsttod; +static long long lastrpcc; +static long long lasttod; +static double mhz = 0; + +static void init(void) +{ + firstrpcc = rpcc(); + firsttod = tod(); + + do { + lastrpcc = rpcc(); + lasttod = tod(); + } while (lasttod - firsttod < 10000); + + lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff; + lasttod -= firsttod; + + mhz = (double) lastrpcc / (double) lasttod; +} + +long long cpucycles_alpha(void) +{ + double x; + long long y; + + if (!mhz) init(); + + lastrpcc = rpcc(); + lasttod = tod(); + + lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff; + lasttod -= firsttod; + + /* Number of cycles since firstrpcc is lastrpcc + 2^32 y for unknown y. */ + /* Number of microseconds since firsttod is lasttod. */ + + x = (lasttod * mhz - lastrpcc) * 0.00000000023283064365386962890625; + y = x; + while (x > y + 0.5) y += 1; + while (x < y - 0.5) y -= 1; + + y *= 4294967296ULL; + lastrpcc += y; + + mhz = (double) lastrpcc / (double) lasttod; + + return firstrpcc + lastrpcc; +} + +long long cpucycles_alpha_persecond(void) +{ + if (!mhz) init(); + return 1000000.0 * mhz; +} diff --git a/src/libnacl/cpucycles/alpha.h b/src/libnacl/cpucycles/alpha.h new file mode 100644 index 00000000..c97672af --- /dev/null +++ b/src/libnacl/cpucycles/alpha.h @@ -0,0 +1,27 @@ +/* +cpucycles alpha.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_alpha_h +#define CPUCYCLES_alpha_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_alpha(void); +extern long long cpucycles_alpha_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "alpha" +#define cpucycles cpucycles_alpha +#define cpucycles_persecond cpucycles_alpha_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/amd64cpuinfo.c b/src/libnacl/cpucycles/amd64cpuinfo.c new file mode 100644 index 00000000..729f2612 --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuinfo.c @@ -0,0 +1,16 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_amd64cpuinfo(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/amd64cpuinfo.h b/src/libnacl/cpucycles/amd64cpuinfo.h new file mode 100644 index 00000000..8f858ae7 --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_amd64cpuinfo_h +#define CPUCYCLES_amd64cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64cpuinfo(void); +extern long long cpucycles_amd64cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64cpuinfo" +#define cpucycles cpucycles_amd64cpuinfo +#define cpucycles_persecond cpucycles_amd64cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/amd64cpuspeed.c b/src/libnacl/cpucycles/amd64cpuspeed.c new file mode 100644 index 00000000..7e89511c --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuspeed.c @@ -0,0 +1,25 @@ +#include +#include +#include +#include + +long long cpucycles_amd64cpuspeed(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64cpuspeed_persecond(void) +{ + int oid[2]; + int val; + size_t size; + oid[0] = CTL_HW; + oid[1] = HW_CPUSPEED; + size = sizeof val; + if (sysctl(oid,2,&val,&size,0,0) == -1) return 0; + if (size != sizeof val) return 0; + return val * 1000000LL; +} diff --git a/src/libnacl/cpucycles/amd64cpuspeed.h b/src/libnacl/cpucycles/amd64cpuspeed.h new file mode 100644 index 00000000..1f6ed54d --- /dev/null +++ b/src/libnacl/cpucycles/amd64cpuspeed.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64cpuspeed.h version 20090716 +Matthew Dempsky +Public domain. +*/ + +#ifndef CPUCYCLES_amd64cpuspeed_h +#define CPUCYCLES_amd64cpuspeed_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64cpuspeed(void); +extern long long cpucycles_amd64cpuspeed_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64cpuspeed" +#define cpucycles cpucycles_amd64cpuspeed +#define cpucycles_persecond cpucycles_amd64cpuspeed_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/amd64tscfreq.c b/src/libnacl/cpucycles/amd64tscfreq.c new file mode 100644 index 00000000..ef182c1b --- /dev/null +++ b/src/libnacl/cpucycles/amd64tscfreq.c @@ -0,0 +1,18 @@ +#include +#include + +long long cpucycles_amd64tscfreq(void) +{ + unsigned long long result; + asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" + : "=a" (result) :: "%rdx"); + return result; +} + +long long cpucycles_amd64tscfreq_persecond(void) +{ + long result = 0; + size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + return result; +} diff --git a/src/libnacl/cpucycles/amd64tscfreq.h b/src/libnacl/cpucycles/amd64tscfreq.h new file mode 100644 index 00000000..a3c7aa6f --- /dev/null +++ b/src/libnacl/cpucycles/amd64tscfreq.h @@ -0,0 +1,27 @@ +/* +cpucycles amd64tscfreq.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_amd64tscfreq_h +#define CPUCYCLES_amd64tscfreq_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_amd64tscfreq(void); +extern long long cpucycles_amd64tscfreq_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "amd64tscfreq" +#define cpucycles cpucycles_amd64tscfreq +#define cpucycles_persecond cpucycles_amd64tscfreq_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/celllinux.c b/src/libnacl/cpucycles/celllinux.c new file mode 100644 index 00000000..83a0c38a --- /dev/null +++ b/src/libnacl/cpucycles/celllinux.c @@ -0,0 +1,83 @@ +#include +#include +#include +#include +#include +#include + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static long long timebase(void) +{ + unsigned long long result; + result = -spu_read_decrementer(); + return 0xffffffff & result; +} + +static double cpufrequency = 0; +static long tbcycles = 0; + +static double guesstbcycles(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = timebase(); + us0 = microseconds(); + do { + tb1 = timebase(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return (cpufrequency * 0.000001 * (double) us1) / (double) tb1; +} + +static void init(void) +{ + int loop; + double guess1; + double guess2; + + spu_write_decrementer(0xffffffff); + + cpufrequency = 3192000000.0; + + for (loop = 0;loop < 100;++loop) { + guess1 = guesstbcycles(); + guess2 = guesstbcycles(); + tbcycles = myround(guess1); + if (guess1 - tbcycles > 0.1) continue; + if (tbcycles - guess1 > 0.1) continue; + if (guess2 - tbcycles > 0.1) continue; + if (tbcycles - guess2 > 0.1) continue; + return; + } + tbcycles = 0; +} + +long long cpucycles_celllinux(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_celllinux_persecond(void) +{ + if (!tbcycles) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/celllinux.h b/src/libnacl/cpucycles/celllinux.h new file mode 100644 index 00000000..75a5a3f2 --- /dev/null +++ b/src/libnacl/cpucycles/celllinux.h @@ -0,0 +1,27 @@ +/* +cpucycles celllinux.h version 20081201 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_celllinux_h +#define CPUCYCLES_celllinux_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_celllinux(void); +extern long long cpucycles_celllinux_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "celllinux" +#define cpucycles cpucycles_celllinux +#define cpucycles_persecond cpucycles_celllinux_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/cortex.c b/src/libnacl/cpucycles/cortex.c new file mode 100644 index 00000000..ef1a42cd --- /dev/null +++ b/src/libnacl/cpucycles/cortex.c @@ -0,0 +1,73 @@ +/* +cpucycles/cortex.c version 20101203 +D. J. Bernstein +Public domain. +*/ + +#define SCALE 1 +#include +#include +#include + +static int enabled = 0; + +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readticks(unsigned int *result) +{ + struct timeval t; + unsigned int cc; + if (!enabled) { + asm volatile("mcr p15, 0, %0, c9, c12, 0" :: "r"(17)); + asm volatile("mcr p15, 0, %0, c9, c12, 1" :: "r"(0x8000000f)); + asm volatile("mcr p15, 0, %0, c9, c12, 3" :: "r"(0x8000000f)); + enabled = 1; + } + asm volatile("mrc p15, 0, %0, c9, c13, 0" : "=r"(cc)); + gettimeofday(&t,(struct timezone *) 0); + result[0] = cc; + result[1] = t.tv_usec; + result[2] = t.tv_sec; +} + +long long cpucycles_cortex(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + readticks(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000)) + return (prevcycles + delta4) * SCALE; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles * SCALE; +} + +long long cpucycles_cortex_persecond(void) +{ + while (!cyclespersec) cpucycles_cortex(); + return cyclespersec * SCALE; +} diff --git a/src/libnacl/cpucycles/cortex.h b/src/libnacl/cpucycles/cortex.h new file mode 100644 index 00000000..e622f132 --- /dev/null +++ b/src/libnacl/cpucycles/cortex.h @@ -0,0 +1,27 @@ +/* +cpucycles cortex.h version 20100912 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_cortex_h +#define CPUCYCLES_cortex_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_cortex(void); +extern long long cpucycles_cortex_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "cortex" +#define cpucycles cpucycles_cortex +#define cpucycles_persecond cpucycles_cortex_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/dev4ns.c b/src/libnacl/cpucycles/dev4ns.c new file mode 100644 index 00000000..08dd562b --- /dev/null +++ b/src/libnacl/cpucycles/dev4ns.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include +#include +#include + +static int fddev = -1; +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readdev(unsigned int *result) +{ + if (read(fddev,result,12) == 12) return; + result[0] = result[1] = result[2] = 0; +} + +long long cpucycles_dev4ns(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + if (fddev == -1) { + fddev = open("/dev/cpucycles4ns",O_RDONLY); + readdev(prev); + } + + readdev(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000000) || (deltas == 1 && deltan < -800000000)) + return prevcycles + delta4; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000000) || (deltas == 1 && deltan < -700000000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles; +} + +long long cpucycles_dev4ns_persecond(void) +{ + while (!cyclespersec) cpucycles_dev4ns(); + return cyclespersec; +} diff --git a/src/libnacl/cpucycles/dev4ns.h b/src/libnacl/cpucycles/dev4ns.h new file mode 100644 index 00000000..1d99639a --- /dev/null +++ b/src/libnacl/cpucycles/dev4ns.h @@ -0,0 +1,27 @@ +/* +cpucycles dev4ns.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_dev4ns_h +#define CPUCYCLES_dev4ns_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_dev4ns(void); +extern long long cpucycles_dev4ns_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "dev4ns" +#define cpucycles cpucycles_dev4ns +#define cpucycles_persecond cpucycles_dev4ns_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/do b/src/libnacl/cpucycles/do new file mode 100755 index 00000000..ee25b208 --- /dev/null +++ b/src/libnacl/cpucycles/do @@ -0,0 +1,44 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + + rm -f cpucycles.o cpucycles.h + + ( + echo monotoniccpuinfo + echo monotonic + echo gettimeofday + ) | ( + while read n + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c + cp $n.c cpucycles-impl.c || continue + cp $n.h cpucycles-impl.h || continue + $c -c cpucycles-impl.c || continue + $c -o test test.c cpucycles-impl.o || continue + echo "=== `date` === Success. Using $n.c." >&2 + mkdir -p lib/$abi + mv cpucycles-impl.o lib/$abi/cpucycles.o + mkdir -p include/$abi + mv cpucycles-impl.h include/$abi/cpucycles.h + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) || ( + echo ===== Giving up. >&2 + rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c + exit 111 + ) || exit 0 + + done + exit 0 +) || exit 111 diff --git a/src/libnacl/cpucycles/gettimeofday.c b/src/libnacl/cpucycles/gettimeofday.c new file mode 100644 index 00000000..0bf5e03c --- /dev/null +++ b/src/libnacl/cpucycles/gettimeofday.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include +#include "osfreq.c" + +static double cpufrequency = 0; + +static void init(void) +{ + cpufrequency = osfreq(); +} + +long long cpucycles_gettimeofday(void) +{ + double result; + struct timeval t; + if (!cpufrequency) init(); + gettimeofday(&t,(struct timezone *) 0); + result = t.tv_usec; + result *= 0.000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_gettimeofday_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/gettimeofday.h b/src/libnacl/cpucycles/gettimeofday.h new file mode 100644 index 00000000..147b127b --- /dev/null +++ b/src/libnacl/cpucycles/gettimeofday.h @@ -0,0 +1,27 @@ +/* +cpucycles gettimeofday.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_gettimeofday_h +#define CPUCYCLES_gettimeofday_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_gettimeofday(void); +extern long long cpucycles_gettimeofday_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "gettimeofday" +#define cpucycles cpucycles_gettimeofday +#define cpucycles_persecond cpucycles_gettimeofday_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/hppapstat.c b/src/libnacl/cpucycles/hppapstat.c new file mode 100644 index 00000000..5ae1e843 --- /dev/null +++ b/src/libnacl/cpucycles/hppapstat.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include +#include +#include + +long long cpucycles_hppapstat(void) +{ + register long long result; + _MFCTL(16,result); + return result; +} + +long long cpucycles_hppapstat_persecond(void) +{ + struct pst_processor pst; + union pstun pu; + double result; + + pu.pst_processor = &pst; + if (pstat(PSTAT_PROCESSOR,pu,sizeof(pst),1,0) < 0) return 0; + result = pst.psp_iticksperclktick; + result *= (double) sysconf(_SC_CLK_TCK); + return result; +} diff --git a/src/libnacl/cpucycles/hppapstat.h b/src/libnacl/cpucycles/hppapstat.h new file mode 100644 index 00000000..721814bb --- /dev/null +++ b/src/libnacl/cpucycles/hppapstat.h @@ -0,0 +1,27 @@ +/* +cpucycles hppapstat.h version 20060319 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_hppapstat_h +#define CPUCYCLES_hppapstat_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_hppapstat(void); +extern long long cpucycles_hppapstat_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "hppapstat" +#define cpucycles cpucycles_hppapstat +#define cpucycles_persecond cpucycles_hppapstat_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/ia64cpuinfo.c b/src/libnacl/cpucycles/ia64cpuinfo.c new file mode 100644 index 00000000..580c6cee --- /dev/null +++ b/src/libnacl/cpucycles/ia64cpuinfo.c @@ -0,0 +1,15 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_ia64cpuinfo(void) +{ + long long result; + asm volatile("mov %0=ar.itc" : "=r"(result)); + return result; +} + +long long cpucycles_ia64cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/ia64cpuinfo.h b/src/libnacl/cpucycles/ia64cpuinfo.h new file mode 100644 index 00000000..a6bcf47d --- /dev/null +++ b/src/libnacl/cpucycles/ia64cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles ia64cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_ia64cpuinfo_h +#define CPUCYCLES_ia64cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_ia64cpuinfo(void); +extern long long cpucycles_ia64cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "ia64cpuinfo" +#define cpucycles cpucycles_ia64cpuinfo +#define cpucycles_persecond cpucycles_ia64cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/mips.c b/src/libnacl/cpucycles/mips.c new file mode 100644 index 00000000..d9736f00 --- /dev/null +++ b/src/libnacl/cpucycles/mips.c @@ -0,0 +1,65 @@ +/* +cpucycles/mips.c version 20100803 +D. J. Bernstein +Public domain. +*/ + +#define SCALE 2 +#include +#include +#include + +static int prev[3]; +static unsigned long long prevcycles = 0; +static int now[3]; +static long long cyclespersec = 0; + +static void readticks(unsigned int *result) +{ + struct timeval t; + unsigned int cc; + asm volatile(".byte 59; .byte 16; .byte 2; .byte 124; move %0,$2" : "=r"(cc) : : "$2"); + gettimeofday(&t,(struct timezone *) 0); + result[0] = cc; + result[1] = t.tv_usec; + result[2] = t.tv_sec; +} + +long long cpucycles_mips(void) +{ + unsigned long long delta4; + int deltan; + int deltas; + unsigned long long guesscycles; + + readticks(now); + delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */ + deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */ + deltas = now[2] - prev[2]; /* signed change in number of seconds */ + if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000)) + return (prevcycles + delta4) * SCALE; + + prev[0] = now[0]; + prev[1] = now[1]; + prev[2] = now[2]; + + if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) { + // actual number of cycles cannot have increased by 2^32 in <0.3ms + cyclespersec = 1000000 * (unsigned long long) delta4; + cyclespersec /= deltan + 1000000 * (long long) deltas; + } else { + guesscycles = deltas * cyclespersec; + guesscycles += (deltan * cyclespersec) / 1000000; + while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL; + /* XXX: could do longer-term extrapolation here */ + } + + prevcycles += delta4; + return prevcycles * SCALE; +} + +long long cpucycles_mips_persecond(void) +{ + while (!cyclespersec) cpucycles_mips(); + return cyclespersec * SCALE; +} diff --git a/src/libnacl/cpucycles/mips.h b/src/libnacl/cpucycles/mips.h new file mode 100644 index 00000000..6f1b26c3 --- /dev/null +++ b/src/libnacl/cpucycles/mips.h @@ -0,0 +1,27 @@ +/* +cpucycles mips.h version 20100802 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_mips_h +#define CPUCYCLES_mips_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_mips(void); +extern long long cpucycles_mips_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "mips" +#define cpucycles cpucycles_mips +#define cpucycles_persecond cpucycles_mips_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/monotonic.c b/src/libnacl/cpucycles/monotonic.c new file mode 100644 index 00000000..321afd9a --- /dev/null +++ b/src/libnacl/cpucycles/monotonic.c @@ -0,0 +1,35 @@ +#include +#include +#include +#include +#include +#include +#include + +static double cpufrequency = 0; + +static void init(void) +{ + long result = 0; size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + cpufrequency = result; +} + +long long cpucycles_monotonic(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_MONOTONIC,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_monotonic_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/monotonic.h b/src/libnacl/cpucycles/monotonic.h new file mode 100644 index 00000000..9070860b --- /dev/null +++ b/src/libnacl/cpucycles/monotonic.h @@ -0,0 +1,27 @@ +/* +cpucycles monotonic.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_monotonic_h +#define CPUCYCLES_monotonic_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_monotonic(void); +extern long long cpucycles_monotonic_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "monotonic" +#define cpucycles cpucycles_monotonic +#define cpucycles_persecond cpucycles_monotonic_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/monotoniccpuinfo.c b/src/libnacl/cpucycles/monotoniccpuinfo.c new file mode 100644 index 00000000..890e6b24 --- /dev/null +++ b/src/libnacl/cpucycles/monotoniccpuinfo.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include +#include +#include +#include +#include "osfreq.c" + +static double cpufrequency = 0; + +static void init(void) +{ + cpufrequency = osfreq(); +} + +long long cpucycles_monotoniccpuinfo(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_MONOTONIC,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_monotoniccpuinfo_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/monotoniccpuinfo.h b/src/libnacl/cpucycles/monotoniccpuinfo.h new file mode 100644 index 00000000..d4ba7ea8 --- /dev/null +++ b/src/libnacl/cpucycles/monotoniccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles monotoniccpuinfo.h version 20100804 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_monotoniccpuinfo_h +#define CPUCYCLES_monotoniccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_monotoniccpuinfo(void); +extern long long cpucycles_monotoniccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "monotoniccpuinfo" +#define cpucycles cpucycles_monotoniccpuinfo +#define cpucycles_persecond cpucycles_monotoniccpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/osfreq.c b/src/libnacl/cpucycles/osfreq.c new file mode 100644 index 00000000..4e106a23 --- /dev/null +++ b/src/libnacl/cpucycles/osfreq.c @@ -0,0 +1,65 @@ +static double osfreq(void) +{ + FILE *f; + double result; + int s; + + f = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq", "r"); + if (f) { + s = fscanf(f,"%lf",&result); + fclose(f); + if (s > 0) return 1000.0 * result; + } + + f = fopen("/sys/devices/system/cpu/cpu0/clock_tick", "r"); + if (f) { + s = fscanf(f,"%lf",&result); + fclose(f); + if (s > 0) return result; + } + + f = fopen("/proc/cpuinfo","r"); + if (f) { + for (;;) { + s = fscanf(f,"cpu MHz : %lf",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + fclose(f); + if (result) return 1000000.0 * result; + } + + f = fopen("/proc/cpuinfo","r"); + if (f) { + for (;;) { + s = fscanf(f,"clock : %lf",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + fclose(f); + if (result) return 1000000.0 * result; + } + + f = popen("/usr/sbin/lsattr -E -l proc0 -a frequency 2>/dev/null","r"); + if (f) { + s = fscanf(f,"frequency %lf",&result); + pclose(f); + if (s > 0) return result; + } + + f = popen("/usr/sbin/psrinfo -v 2>/dev/null","r"); + if (f) { + for (;;) { + s = fscanf(f," The %*s processor operates at %lf MHz",&result); + if (s > 0) break; + if (s == 0) s = fscanf(f,"%*[^\n]\n"); + if (s < 0) { result = 0; break; } + } + pclose(f); + if (result) return 1000000.0 * result; + } + + return 0; +} diff --git a/src/libnacl/cpucycles/powerpccpuinfo.c b/src/libnacl/cpucycles/powerpccpuinfo.c new file mode 100644 index 00000000..b70c745a --- /dev/null +++ b/src/libnacl/cpucycles/powerpccpuinfo.c @@ -0,0 +1,95 @@ +#include +#include +#include +#include +#include +#include "osfreq.c" + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static int tbshift = 0; + +static long long timebase(void) +{ + unsigned long high; + unsigned long low; + unsigned long newhigh; + unsigned long long result; + asm volatile( + "7:mftbu %0;mftb %1;mftbu %2;cmpw %0,%2;bne 7b" + : "=r" (high), "=r" (low), "=r" (newhigh) + ); + result = high; + result <<= 32; + result |= low; + return result >> tbshift; +} + +static double cpufrequency = 0; +static long tbcycles = 0; + +static double guesstbcycles(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = timebase(); + us0 = microseconds(); + do { + tb1 = timebase(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return (cpufrequency * 0.000001 * (double) us1) / (double) tb1; +} + +static void init(void) +{ + int loop; + double guess1; + double guess2; + + cpufrequency = osfreq(); + if (!cpufrequency) return; + + for (tbshift = 0;tbshift < 10;++tbshift) { + for (loop = 0;loop < 100;++loop) { + guess1 = guesstbcycles(); + guess2 = guesstbcycles(); + tbcycles = myround(guess1); + if (guess1 - tbcycles > 0.1) continue; + if (tbcycles - guess1 > 0.1) continue; + if (guess2 - tbcycles > 0.1) continue; + if (tbcycles - guess2 > 0.1) continue; + return; + } + } + tbcycles = 0; +} + +long long cpucycles_powerpccpuinfo(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_powerpccpuinfo_persecond(void) +{ + if (!tbcycles) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/powerpccpuinfo.h b/src/libnacl/cpucycles/powerpccpuinfo.h new file mode 100644 index 00000000..c763a1b4 --- /dev/null +++ b/src/libnacl/cpucycles/powerpccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles powerpccpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_powerpccpuinfo_h +#define CPUCYCLES_powerpccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_powerpccpuinfo(void); +extern long long cpucycles_powerpccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "powerpccpuinfo" +#define cpucycles cpucycles_powerpccpuinfo +#define cpucycles_persecond cpucycles_powerpccpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/powerpcmacos.c b/src/libnacl/cpucycles/powerpcmacos.c new file mode 100644 index 00000000..f855b276 --- /dev/null +++ b/src/libnacl/cpucycles/powerpcmacos.c @@ -0,0 +1,43 @@ +#include +#include +#include +#include + +#define timebase mach_absolute_time + +static int cpumib[2] = { CTL_HW, HW_CPU_FREQ } ; +static int tbmib[2] = { CTL_HW, HW_TB_FREQ } ; + +static long myround(double u) +{ + long result = u; + while (result + 0.5 < u) result += 1; + while (result - 0.5 > u) result -= 1; + return result; +} + +static long tbcycles = 0; + +static void init(void) +{ + unsigned int cpufrequency = 0; size_t cpufrequencylen = sizeof(unsigned int); + unsigned int tbfrequency = 0; size_t tbfrequencylen = sizeof(unsigned int); + sysctl(cpumib,2,&cpufrequency,&cpufrequencylen,0,0); + sysctl(tbmib,2,&tbfrequency,&tbfrequencylen,0,0); + if (tbfrequency > 0) + tbcycles = myround((double) (unsigned long long) cpufrequency + / (double) (unsigned long long) tbfrequency); +} + +long long cpucycles_powerpcmacos(void) +{ + if (!tbcycles) init(); + return timebase() * tbcycles; +} + +long long cpucycles_powerpcmacos_persecond(void) +{ + unsigned int result = 0; size_t resultlen = sizeof(unsigned int); + sysctl(cpumib,2,&result,&resultlen,0,0); + return (unsigned long long) result; +} diff --git a/src/libnacl/cpucycles/powerpcmacos.h b/src/libnacl/cpucycles/powerpcmacos.h new file mode 100644 index 00000000..f66c0e36 --- /dev/null +++ b/src/libnacl/cpucycles/powerpcmacos.h @@ -0,0 +1,27 @@ +/* +cpucycles powerpcmacos.h version 20060319 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_powerpcmacos_h +#define CPUCYCLES_powerpcmacos_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_powerpcmacos(void); +extern long long cpucycles_powerpcmacos_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "powerpcmacos" +#define cpucycles cpucycles_powerpcmacos +#define cpucycles_persecond cpucycles_powerpcmacos_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/sgi.c b/src/libnacl/cpucycles/sgi.c new file mode 100644 index 00000000..c0e731f6 --- /dev/null +++ b/src/libnacl/cpucycles/sgi.c @@ -0,0 +1,39 @@ +#include +#include +#include +#include +#include +#include +#include + +static double cpufrequency = 0; + +static void init(void) +{ + FILE *f; + + f = popen("hinv -c processor | awk '{if ($3==\"MHZ\") print $2*1000000}'","r"); + if (!f) return; + if (fscanf(f,"%lf",&cpufrequency) < 1) cpufrequency = 0; + pclose(f); + if (!cpufrequency) return; +} + +long long cpucycles_sgi(void) +{ + double result; + struct timespec t; + if (!cpufrequency) init(); + clock_gettime(CLOCK_SGI_CYCLE,&t); + result = t.tv_nsec; + result *= 0.000000001; + result += (double) t.tv_sec; + result *= cpufrequency; + return result; +} + +long long cpucycles_sgi_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/sgi.h b/src/libnacl/cpucycles/sgi.h new file mode 100644 index 00000000..56bad976 --- /dev/null +++ b/src/libnacl/cpucycles/sgi.h @@ -0,0 +1,27 @@ +/* +cpucycles sgi.h version 20070916 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sgi_h +#define CPUCYCLES_sgi_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sgi(void); +extern long long cpucycles_sgi_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sgi" +#define cpucycles cpucycles_sgi +#define cpucycles_persecond cpucycles_sgi_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/sparc32cpuinfo.c b/src/libnacl/cpucycles/sparc32cpuinfo.c new file mode 100644 index 00000000..1fc53d06 --- /dev/null +++ b/src/libnacl/cpucycles/sparc32cpuinfo.c @@ -0,0 +1,16 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_sparc32cpuinfo(void) +{ + long long result; + asm volatile(".word 2202075136; .word 2570088480; srl %%g1,0,%L0; mov %%o4,%H0" + : "=r" (result) : : "g1","o4"); + return result; +} + +long long cpucycles_sparc32cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/sparc32cpuinfo.h b/src/libnacl/cpucycles/sparc32cpuinfo.h new file mode 100644 index 00000000..9d39dc65 --- /dev/null +++ b/src/libnacl/cpucycles/sparc32cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles sparc32cpuinfo.h version 20100804 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sparc32cpuinfo_h +#define CPUCYCLES_sparc32cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sparc32cpuinfo(void); +extern long long cpucycles_sparc32cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sparc32cpuinfo" +#define cpucycles cpucycles_sparc32cpuinfo +#define cpucycles_persecond cpucycles_sparc32cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/sparccpuinfo.c b/src/libnacl/cpucycles/sparccpuinfo.c new file mode 100644 index 00000000..d07aafec --- /dev/null +++ b/src/libnacl/cpucycles/sparccpuinfo.c @@ -0,0 +1,15 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_sparccpuinfo(void) +{ + long long result; + asm volatile("rd %%tick,%0" : "=r" (result)); + return result; +} + +long long cpucycles_sparccpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/sparccpuinfo.h b/src/libnacl/cpucycles/sparccpuinfo.h new file mode 100644 index 00000000..badb2144 --- /dev/null +++ b/src/libnacl/cpucycles/sparccpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles sparccpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_sparccpuinfo_h +#define CPUCYCLES_sparccpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_sparccpuinfo(void); +extern long long cpucycles_sparccpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "sparccpuinfo" +#define cpucycles cpucycles_sparccpuinfo +#define cpucycles_persecond cpucycles_sparccpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/test.c b/src/libnacl/cpucycles/test.c new file mode 100644 index 00000000..30a37230 --- /dev/null +++ b/src/libnacl/cpucycles/test.c @@ -0,0 +1,27 @@ +#include +#include +#include +#include +#include "cpucycles-impl.h" + +static long long tod(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +long long todstart; +long long todend; +long long cpustart; +long long cpuend; + +long long cyclespersecond; +long long cyclespertod; + +long long t[1001]; + +int main() +{ + return 0; +} diff --git a/src/libnacl/cpucycles/x86cpuinfo.c b/src/libnacl/cpucycles/x86cpuinfo.c new file mode 100644 index 00000000..3fb0a1b0 --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuinfo.c @@ -0,0 +1,15 @@ +#include +#include +#include "osfreq.c" + +long long cpucycles_x86cpuinfo(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86cpuinfo_persecond(void) +{ + return osfreq(); +} diff --git a/src/libnacl/cpucycles/x86cpuinfo.h b/src/libnacl/cpucycles/x86cpuinfo.h new file mode 100644 index 00000000..88f151dd --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuinfo.h @@ -0,0 +1,27 @@ +/* +cpucycles x86cpuinfo.h version 20100803 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86cpuinfo_h +#define CPUCYCLES_x86cpuinfo_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86cpuinfo(void); +extern long long cpucycles_x86cpuinfo_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86cpuinfo" +#define cpucycles cpucycles_x86cpuinfo +#define cpucycles_persecond cpucycles_x86cpuinfo_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/x86cpuspeed.c b/src/libnacl/cpucycles/x86cpuspeed.c new file mode 100644 index 00000000..34222565 --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuspeed.c @@ -0,0 +1,24 @@ +#include +#include +#include +#include + +long long cpucycles_x86cpuspeed(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86cpuspeed_persecond(void) +{ + int oid[2]; + int val; + size_t size; + oid[0] = CTL_HW; + oid[1] = HW_CPUSPEED; + size = sizeof val; + if (sysctl(oid,2,&val,&size,0,0) == -1) return 0; + if (size != sizeof val) return 0; + return val * 1000000LL; +} diff --git a/src/libnacl/cpucycles/x86cpuspeed.h b/src/libnacl/cpucycles/x86cpuspeed.h new file mode 100644 index 00000000..43005cda --- /dev/null +++ b/src/libnacl/cpucycles/x86cpuspeed.h @@ -0,0 +1,27 @@ +/* +cpucycles x86cpuspeed.h version 20090716 +Matthew Dempsky +Public domain. +*/ + +#ifndef CPUCYCLES_x86cpuspeed_h +#define CPUCYCLES_x86cpuspeed_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86cpuspeed(void); +extern long long cpucycles_x86cpuspeed_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86cpuspeed" +#define cpucycles cpucycles_x86cpuspeed +#define cpucycles_persecond cpucycles_x86cpuspeed_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/x86estimate.c b/src/libnacl/cpucycles/x86estimate.c new file mode 100644 index 00000000..cd8e1c4b --- /dev/null +++ b/src/libnacl/cpucycles/x86estimate.c @@ -0,0 +1,60 @@ +#include +#include +#include +#include +#include + +long long cpucycles_x86estimate(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +static long long microseconds(void) +{ + struct timeval t; + gettimeofday(&t,(struct timezone *) 0); + return t.tv_sec * (long long) 1000000 + t.tv_usec; +} + +static double guessfreq(void) +{ + long long tb0; long long us0; + long long tb1; long long us1; + + tb0 = cpucycles_x86estimate(); + us0 = microseconds(); + do { + tb1 = cpucycles_x86estimate(); + us1 = microseconds(); + } while (us1 - us0 < 10000 || tb1 - tb0 < 1000); + if (tb1 <= tb0) return 0; + tb1 -= tb0; + us1 -= us0; + return ((double) tb1) / (0.000001 * (double) us1); +} + +static double cpufrequency = 0; + +static void init(void) +{ + double guess1; + double guess2; + int loop; + + for (loop = 0;loop < 100;++loop) { + guess1 = guessfreq(); + guess2 = guessfreq(); + if (guess1 > 1.01 * guess2) continue; + if (guess2 > 1.01 * guess1) continue; + cpufrequency = 0.5 * (guess1 + guess2); + break; + } +} + +long long cpucycles_x86estimate_persecond(void) +{ + if (!cpufrequency) init(); + return cpufrequency; +} diff --git a/src/libnacl/cpucycles/x86estimate.h b/src/libnacl/cpucycles/x86estimate.h new file mode 100644 index 00000000..98f2dd15 --- /dev/null +++ b/src/libnacl/cpucycles/x86estimate.h @@ -0,0 +1,27 @@ +/* +cpucycles x86estimate.h version 20070121 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86estimate_h +#define CPUCYCLES_x86estimate_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86estimate(void); +extern long long cpucycles_x86estimate_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86estimate" +#define cpucycles cpucycles_x86estimate +#define cpucycles_persecond cpucycles_x86estimate_persecond +#endif + +#endif diff --git a/src/libnacl/cpucycles/x86tscfreq.c b/src/libnacl/cpucycles/x86tscfreq.c new file mode 100644 index 00000000..400da941 --- /dev/null +++ b/src/libnacl/cpucycles/x86tscfreq.c @@ -0,0 +1,18 @@ +#include +#include +#include + +long long cpucycles_x86tscfreq(void) +{ + long long result; + asm volatile(".byte 15;.byte 49" : "=A" (result)); + return result; +} + +long long cpucycles_x86tscfreq_persecond(void) +{ + long result = 0; + size_t resultlen = sizeof(long); + sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0); + return result; +} diff --git a/src/libnacl/cpucycles/x86tscfreq.h b/src/libnacl/cpucycles/x86tscfreq.h new file mode 100644 index 00000000..abf616e5 --- /dev/null +++ b/src/libnacl/cpucycles/x86tscfreq.h @@ -0,0 +1,27 @@ +/* +cpucycles x86tscfreq.h version 20060318 +D. J. Bernstein +Public domain. +*/ + +#ifndef CPUCYCLES_x86tscfreq_h +#define CPUCYCLES_x86tscfreq_h + +#ifdef __cplusplus +extern "C" { +#endif + +extern long long cpucycles_x86tscfreq(void); +extern long long cpucycles_x86tscfreq_persecond(void); + +#ifdef __cplusplus +} +#endif + +#ifndef cpucycles_implementation +#define cpucycles_implementation "x86tscfreq" +#define cpucycles cpucycles_x86tscfreq +#define cpucycles_persecond cpucycles_x86tscfreq_persecond +#endif + +#endif diff --git a/src/libnacl/cpuid/cbytes.c b/src/libnacl/cpuid/cbytes.c new file mode 100644 index 00000000..bd5d1444 --- /dev/null +++ b/src/libnacl/cpuid/cbytes.c @@ -0,0 +1,16 @@ +#include + +int main() +{ + char ch; + int loop = 0; + while (scanf("%c",&ch) == 1) { + printf("0x%02x,",255 & (int) ch); + if (++loop == 16) { + loop = 0; + printf("\n"); + } + } + printf("0x00\n"); + return 0; +} diff --git a/src/libnacl/cpuid/cpuid.c b/src/libnacl/cpuid/cpuid.c new file mode 100644 index 00000000..1a5c6b8e --- /dev/null +++ b/src/libnacl/cpuid/cpuid.c @@ -0,0 +1,41 @@ +#include +#include +#include +#include + +void nope() +{ + exit(1); +} + +int main() +{ + unsigned long x[4]; + unsigned long y[4]; + int i; + int j; + char c; + + signal(SIGILL,nope); + + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + + asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) ); + if (!x[0]) return 0; + asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) ); + + for (i = 1;i < 4;++i) + for (j = 0;j < 4;++j) { + c = x[i] >> (8 * j); + if (c < 32) c = 32; + if (c > 126) c = 126; + putchar(c); + } + + printf("-%08x-%08x\n",y[0],y[3]); + + return 0; +} diff --git a/src/libnacl/cpuid/do b/src/libnacl/cpuid/do new file mode 100755 index 00000000..8a3a6f7b --- /dev/null +++ b/src/libnacl/cpuid/do @@ -0,0 +1,37 @@ +#!/bin/sh -e + +mkdir include + +( + echo x86 + echo unknown +) | ( + while read n + do + okabi | ( + while read abi + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f cpuid.c + cp $n.c cpuid.c || continue + $c -o cpuid cpuid.c || continue + $c -o cbytes cbytes.c || continue + ./cpuid > cpuid.out || continue + echo 'static const char cpuid[] = {' > cpuid.h || continue + ./cbytes < cpuid.out >> cpuid.h || continue + echo '} ;' >> cpuid.h || continue + cp cpuid.h include/cpuid.h || continue + cat cpuid.out + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 +) diff --git a/src/libnacl/cpuid/unknown.c b/src/libnacl/cpuid/unknown.c new file mode 100644 index 00000000..786a5e72 --- /dev/null +++ b/src/libnacl/cpuid/unknown.c @@ -0,0 +1,7 @@ +#include + +main() +{ + printf("unknown CPU ID\n"); + return 0; +} diff --git a/src/libnacl/cpuid/x86.c b/src/libnacl/cpuid/x86.c new file mode 100644 index 00000000..99e6a0c4 --- /dev/null +++ b/src/libnacl/cpuid/x86.c @@ -0,0 +1,41 @@ +#include +#include +#include +#include + +void nope() +{ + exit(1); +} + +int main() +{ + unsigned long x[4]; + unsigned long y[4]; + int i; + int j; + char c; + + signal(SIGILL,nope); + + x[0] = 0; + x[1] = 0; + x[2] = 0; + x[3] = 0; + + asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) ); + if (!x[0]) return 0; + asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) ); + + for (i = 1;i < 4;++i) + for (j = 0;j < 4;++j) { + c = x[i] >> (8 * j); + if (c < 32) c = 32; + if (c > 126) c = 126; + putchar(c); + } + + printf("-%08x-%08x\n",(unsigned int) y[0],(unsigned int) y[3]); + + return 0; +} diff --git a/src/libnacl/crypto_auth/hmacsha256/checksum b/src/libnacl/crypto_auth/hmacsha256/checksum new file mode 100644 index 00000000..2fa9604b --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/checksum @@ -0,0 +1 @@ +3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632 diff --git a/src/libnacl/crypto_auth/hmacsha256/ref/api.h b/src/libnacl/crypto_auth/hmacsha256/ref/api.h new file mode 100644 index 00000000..c224d9d5 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_auth/hmacsha256/ref/hmac.c b/src/libnacl/crypto_auth/hmacsha256/ref/hmac.c new file mode 100644 index 00000000..8ab30bb4 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/ref/hmac.c @@ -0,0 +1,83 @@ +/* + * 20080913 + * D. J. Bernstein + * Public domain. + * */ + +#include "crypto_hashblocks_sha256.h" +#include "crypto_auth.h" + +#define blocks crypto_hashblocks_sha256 + +typedef unsigned int uint32; + +static const char iv[32] = { + 0x6a,0x09,0xe6,0x67, + 0xbb,0x67,0xae,0x85, + 0x3c,0x6e,0xf3,0x72, + 0xa5,0x4f,0xf5,0x3a, + 0x51,0x0e,0x52,0x7f, + 0x9b,0x05,0x68,0x8c, + 0x1f,0x83,0xd9,0xab, + 0x5b,0xe0,0xcd,0x19, +} ; + +int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char h[32]; + unsigned char padded[128]; + int i; + unsigned long long bits = 512 + (inlen << 3); + + for (i = 0;i < 32;++i) h[i] = iv[i]; + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36; + for (i = 32;i < 64;++i) padded[i] = 0x36; + + blocks(h,padded,64); + blocks(h,in,inlen); + in += inlen; + inlen &= 63; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 56) { + for (i = inlen + 1;i < 56;++i) padded[i] = 0; + padded[56] = bits >> 56; + padded[57] = bits >> 48; + padded[58] = bits >> 40; + padded[59] = bits >> 32; + padded[60] = bits >> 24; + padded[61] = bits >> 16; + padded[62] = bits >> 8; + padded[63] = bits; + blocks(h,padded,64); + } else { + for (i = inlen + 1;i < 120;++i) padded[i] = 0; + padded[120] = bits >> 56; + padded[121] = bits >> 48; + padded[122] = bits >> 40; + padded[123] = bits >> 32; + padded[124] = bits >> 24; + padded[125] = bits >> 16; + padded[126] = bits >> 8; + padded[127] = bits; + blocks(h,padded,128); + } + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c; + for (i = 32;i < 64;++i) padded[i] = 0x5c; + for (i = 0;i < 32;++i) padded[64 + i] = h[i]; + + for (i = 0;i < 32;++i) out[i] = iv[i]; + + for (i = 32;i < 64;++i) padded[64 + i] = 0; + padded[64 + 32] = 0x80; + padded[64 + 62] = 3; + + blocks(out,padded,128); + + return 0; +} diff --git a/src/libnacl/crypto_auth/hmacsha256/ref/verify.c b/src/libnacl/crypto_auth/hmacsha256/ref/verify.c new file mode 100644 index 00000000..96ff0ea8 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha256/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_32.h" +#include "crypto_auth.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/src/libnacl/crypto_auth/hmacsha256/used b/src/libnacl/crypto_auth/hmacsha256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_auth/hmacsha512256/checksum b/src/libnacl/crypto_auth/hmacsha512256/checksum new file mode 100644 index 00000000..1c037f2d --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/checksum @@ -0,0 +1 @@ +2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886 diff --git a/src/libnacl/crypto_auth/hmacsha512256/ref/api.h b/src/libnacl/crypto_auth/hmacsha512256/ref/api.h new file mode 100644 index 00000000..c224d9d5 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c b/src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c new file mode 100644 index 00000000..56ebfa6b --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c @@ -0,0 +1,86 @@ +/* + * 20080913 + * D. J. Bernstein + * Public domain. + * */ + +#include "crypto_hashblocks_sha512.h" +#include "crypto_auth.h" + +#define blocks crypto_hashblocks_sha512 + +typedef unsigned long long uint64; + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char h[64]; + unsigned char padded[256]; + int i; + unsigned long long bytes = 128 + inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36; + for (i = 32;i < 128;++i) padded[i] = 0x36; + + blocks(h,padded,128); + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c; + for (i = 32;i < 128;++i) padded[i] = 0x5c; + + for (i = 0;i < 64;++i) padded[128 + i] = h[i]; + for (i = 0;i < 64;++i) h[i] = iv[i]; + + for (i = 64;i < 128;++i) padded[128 + i] = 0; + padded[128 + 64] = 0x80; + padded[128 + 126] = 6; + + blocks(h,padded,256); + for (i = 0;i < 32;++i) out[i] = h[i]; + + return 0; +} diff --git a/src/libnacl/crypto_auth/hmacsha512256/ref/verify.c b/src/libnacl/crypto_auth/hmacsha512256/ref/verify.c new file mode 100644 index 00000000..96ff0ea8 --- /dev/null +++ b/src/libnacl/crypto_auth/hmacsha512256/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_32.h" +#include "crypto_auth.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/src/libnacl/crypto_auth/hmacsha512256/selected b/src/libnacl/crypto_auth/hmacsha512256/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_auth/hmacsha512256/used b/src/libnacl/crypto_auth/hmacsha512256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_auth/measure.c b/src/libnacl/crypto_auth/measure.c new file mode 100644 index 00000000..e5209903 --- /dev/null +++ b/src/libnacl/crypto_auth/measure.c @@ -0,0 +1,69 @@ +#include "crypto_auth.h" +#include "randombytes.h" +#include "cpucycles.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; +const char *implementationversion = crypto_auth_VERSION; +const char *sizenames[] = { "outputbytes", "keybytes", 0 }; +const long long sizes[] = { crypto_auth_BYTES, crypto_auth_KEYBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *m; +static unsigned char *h; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_auth_KEYBYTES); + m = alignedcalloc(MAXTEST_BYTES); + h = alignedcalloc(crypto_auth_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_auth_KEYBYTES); + randombytes(m,mlen); + randombytes(h,crypto_auth_BYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_auth(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_auth_verify(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"verify_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_auth/try.c b/src/libnacl/crypto_auth/try.c new file mode 100644 index 00000000..0ea1f7ba --- /dev/null +++ b/src/libnacl/crypto_auth/try.c @@ -0,0 +1,121 @@ +/* + * crypto_auth/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash_sha256.h" +#include "crypto_auth.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *m; +static unsigned char *k; +static unsigned char *h2; +static unsigned char *m2; +static unsigned char *k2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_auth_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + k = alignedcalloc(crypto_auth_KEYBYTES); + h2 = alignedcalloc(crypto_auth_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES); + k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_auth(h,m,TUNE_BYTES,k); + crypto_auth_verify(h,m,TUNE_BYTES,k); +} + +char checksum[crypto_auth_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long klen = crypto_auth_KEYBYTES; + long long hlen = crypto_auth_BYTES; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output"; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap"; + for (j = 0;j < hlen;++j) m2[j] = m[j]; + if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; + m[mlen] = h2[0]; + } + if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (i = 0;i < crypto_auth_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_auth/wrapper-auth.cpp b/src/libnacl/crypto_auth/wrapper-auth.cpp new file mode 100644 index 00000000..2108aa31 --- /dev/null +++ b/src/libnacl/crypto_auth/wrapper-auth.cpp @@ -0,0 +1,11 @@ +#include +using std::string; +#include "crypto_auth.h" + +string crypto_auth(const string &m,const string &k) +{ + if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length"; + unsigned char a[crypto_auth_BYTES]; + crypto_auth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str()); + return string((char *) a,crypto_auth_BYTES); +} diff --git a/src/libnacl/crypto_auth/wrapper-verify.cpp b/src/libnacl/crypto_auth/wrapper-verify.cpp new file mode 100644 index 00000000..57e25a26 --- /dev/null +++ b/src/libnacl/crypto_auth/wrapper-verify.cpp @@ -0,0 +1,14 @@ +#include +using std::string; +#include "crypto_auth.h" + +void crypto_auth_verify(const string &a,const string &m,const string &k) +{ + if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length"; + if (a.size() != crypto_auth_BYTES) throw "incorrect authenticator length"; + if (crypto_auth_verify( + (const unsigned char *) a.c_str(), + (const unsigned char *) m.c_str(),m.size(), + (const unsigned char *) k.c_str()) == 0) return; + throw "invalid authenticator"; +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum new file mode 100644 index 00000000..56a20083 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum @@ -0,0 +1 @@ +5fac7400caabc14a99c5c0bc13fb1df5e468e870382a3a1c diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c new file mode 100644 index 00000000..eb243e22 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c @@ -0,0 +1,22 @@ +#include "crypto_secretbox_xsalsa20poly1305.h" +#include "crypto_box.h" + +int crypto_box_afternm( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + return crypto_secretbox_xsalsa20poly1305(c,m,mlen,n,k); +} + +int crypto_box_open_afternm( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + return crypto_secretbox_xsalsa20poly1305_open(m,c,clen,n,k); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h new file mode 100644 index 00000000..ce7762df --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h @@ -0,0 +1,6 @@ +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_SECRETKEYBYTES 32 +#define CRYPTO_BEFORENMBYTES 32 +#define CRYPTO_NONCEBYTES 24 +#define CRYPTO_ZEROBYTES 32 +#define CRYPTO_BOXZEROBYTES 16 diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c new file mode 100644 index 00000000..279bb12a --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c @@ -0,0 +1,17 @@ +#include "crypto_core_hsalsa20.h" +#include "crypto_scalarmult_curve25519.h" +#include "crypto_box.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; +static const unsigned char n[16] = {0}; + +int crypto_box_beforenm( + unsigned char *k, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char s[32]; + crypto_scalarmult_curve25519(s,sk,pk); + return crypto_core_hsalsa20(k,n,s,sigma); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c new file mode 100644 index 00000000..81ff72e2 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c @@ -0,0 +1,27 @@ +#include "crypto_box.h" + +int crypto_box( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + crypto_box_beforenm(k,pk,sk); + return crypto_box_afternm(c,m,mlen,n,k); +} + +int crypto_box_open( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *pk, + const unsigned char *sk +) +{ + unsigned char k[crypto_box_BEFORENMBYTES]; + crypto_box_beforenm(k,pk,sk); + return crypto_box_open_afternm(m,c,clen,n,k); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c new file mode 100644 index 00000000..233bc950 --- /dev/null +++ b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c @@ -0,0 +1,12 @@ +#include "crypto_scalarmult_curve25519.h" +#include "crypto_box.h" +#include "randombytes.h" + +int crypto_box_keypair( + unsigned char *pk, + unsigned char *sk +) +{ + randombytes(sk,32); + return crypto_scalarmult_curve25519_base(pk,sk); +} diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/selected b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_box/curve25519xsalsa20poly1305/used b/src/libnacl/crypto_box/curve25519xsalsa20poly1305/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_box/measure.c b/src/libnacl/crypto_box/measure.c new file mode 100644 index 00000000..08df1e39 --- /dev/null +++ b/src/libnacl/crypto_box/measure.c @@ -0,0 +1,137 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_box.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_box_IMPLEMENTATION; +const char *implementationversion = crypto_box_VERSION; +const char *sizenames[] = { "publickeybytes", "secretkeybytes", "beforenmbytes", "noncebytes", "zerobytes", "boxzerobytes", 0 }; +const long long sizes[] = { crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES, crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES, crypto_box_ZEROBYTES, crypto_box_BOXZEROBYTES }; + +#define MAXTEST_BYTES 4096 + +static unsigned char *ska; +static unsigned char *pka; +static unsigned char *skb; +static unsigned char *pkb; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *sa; +static unsigned char *sb; + +void preallocate(void) +{ +} + +void allocate(void) +{ + ska = alignedcalloc(crypto_box_SECRETKEYBYTES); + pka = alignedcalloc(crypto_box_PUBLICKEYBYTES); + skb = alignedcalloc(crypto_box_SECRETKEYBYTES); + pkb = alignedcalloc(crypto_box_PUBLICKEYBYTES); + n = alignedcalloc(crypto_box_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + sa = alignedcalloc(crypto_box_BEFORENMBYTES); + sb = alignedcalloc(crypto_box_BEFORENMBYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_keypair(pka,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_keypair(pkb,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_beforenm(sa,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"beforenm_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_beforenm(sb,pka,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"beforenm_cycles",cycles,TIMINGS); + + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) { + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + randombytes(c,mlen + crypto_box_ZEROBYTES); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,pka,skb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + + ++c[crypto_box_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_afternm(c,m,mlen + crypto_box_ZEROBYTES,n,sb); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"afternm_cycles",cycles,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_afternm_cycles",cycles,TIMINGS); + + ++c[crypto_box_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_afternm_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_box/try.c b/src/libnacl/crypto_box/try.c new file mode 100644 index 00000000..9e1e5079 --- /dev/null +++ b/src/libnacl/crypto_box/try.c @@ -0,0 +1,197 @@ +/* + * crypto_box/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_box.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_box_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *ska; +static unsigned char *pka; +static unsigned char *skb; +static unsigned char *pkb; +static unsigned char *s; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *t; +static unsigned char *ska2; +static unsigned char *pka2; +static unsigned char *skb2; +static unsigned char *pkb2; +static unsigned char *s2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *t2; + +#define sklen crypto_box_SECRETKEYBYTES +#define pklen crypto_box_PUBLICKEYBYTES +#define nlen crypto_box_NONCEBYTES +#define slen crypto_box_BEFORENMBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + ska = alignedcalloc(sklen); + pka = alignedcalloc(pklen); + skb = alignedcalloc(sklen); + pkb = alignedcalloc(pklen); + n = alignedcalloc(nlen); + m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + s = alignedcalloc(slen); + ska2 = alignedcalloc(sklen); + pka2 = alignedcalloc(pklen); + skb2 = alignedcalloc(sklen); + pkb2 = alignedcalloc(pklen); + n2 = alignedcalloc(nlen); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + c2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + t2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES); + s2 = alignedcalloc(slen); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_box(c,m,TUNE_BYTES + crypto_box_ZEROBYTES,n,pka,skb); + crypto_box_open(t,c,TUNE_BYTES + crypto_box_ZEROBYTES,n,pkb,ska); +} + +char checksum[nlen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + if (crypto_box_keypair(pka,ska) != 0) return "crypto_box_keypair returns nonzero"; + if (crypto_box_keypair(pkb,skb) != 0) return "crypto_box_keypair returns nonzero"; + + for (j = 0;j < crypto_box_ZEROBYTES;++j) m[j] = 0; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i + crypto_box_ZEROBYTES; + long long tlen = i + crypto_box_ZEROBYTES; + long long clen = i + crypto_box_ZEROBYTES; + + for (j = -16;j < 0;++j) ska[j] = random(); + for (j = -16;j < 0;++j) skb[j] = random(); + for (j = -16;j < 0;++j) pka[j] = random(); + for (j = -16;j < 0;++j) pkb[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + + for (j = sklen;j < sklen + 16;++j) ska[j] = random(); + for (j = sklen;j < sklen + 16;++j) skb[j] = random(); + for (j = pklen;j < pklen + 16;++j) pka[j] = random(); + for (j = pklen;j < pklen + 16;++j) pkb[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + + for (j = -16;j < sklen + 16;++j) ska2[j] = ska[j]; + for (j = -16;j < sklen + 16;++j) skb2[j] = skb[j]; + for (j = -16;j < pklen + 16;++j) pka2[j] = pka[j]; + for (j = -16;j < pklen + 16;++j) pkb2[j] = pkb[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random(); + + if (crypto_box(c,m,mlen,n,pkb,ska) != 0) return "crypto_box returns nonzero"; + + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box overwrites n"; + for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_box writes before output"; + for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box writes after output"; + for (j = 0;j < crypto_box_BOXZEROBYTES;++j) + if (c[j] != 0) return "crypto_box does not clear extra bytes"; + + for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box overwrites ska"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box overwrites skb"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box overwrites pka"; + for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box overwrites pkb"; + + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + + if (crypto_box_open(t,c,clen,n,pka,skb) != 0) return "crypto_box_open returns nonzero"; + + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box_open overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open writes after output"; + for (j = 0;j < crypto_box_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_open does not clear extra bytes"; + + for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box_open overwrites ska"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites skb"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pka"; + for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box_open overwrites pkb"; + + for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "plaintext does not match"; + + for (j = -16;j < slen + 16;++j) s2[j] = s[j] = random(); + if (crypto_box_beforenm(s,pkb,ska) != 0) return "crypto_box_beforenm returns nonzero"; + for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pk"; + for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites sk"; + for (j = -16;j < 0;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes before output"; + for (j = slen;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes after output"; + + for (j = -16;j < slen + 16;++j) s2[j] = s[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + if (crypto_box_afternm(t,m,mlen,n,s) != 0) return "crypto_box_afternm returns nonzero"; + for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_afternm overwrites s"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_afternm overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_afternm overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes after output"; + for (j = 0;j < crypto_box_BOXZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_afternm does not clear extra bytes"; + for (j = 0;j < mlen;++j) if (t[j] != c[j]) return "crypto_box_afternm does not match crypto_box"; + + if (crypto_box_beforenm(s,pka,skb) != 0) return "crypto_box_beforenm returns nonzero"; + + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + if (crypto_box_open_afternm(t,c,clen,n,s) != 0) return "crypto_box_open_afternm returns nonzero"; + for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_open_afternm overwrites s"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_open_afternm overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open_afternm overwrites n"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes after output"; + for (j = 0;j < crypto_box_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_box_open_afternm does not clear extra bytes"; + for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "crypto_box_open_afternm does not match crypto_box_open"; + + for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_box_BOXZEROBYTES]; + if (i == 0) m[crypto_box_ZEROBYTES] = 0; + m[i + crypto_box_ZEROBYTES] = m[crypto_box_ZEROBYTES]; + for (j = 0;j < i;++j) m[j + crypto_box_ZEROBYTES] ^= c[j + crypto_box_BOXZEROBYTES]; + } + + for (i = 0;i < nlen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (n[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & n[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_box/wrapper-box.cpp b/src/libnacl/crypto_box/wrapper-box.cpp new file mode 100644 index 00000000..f0429295 --- /dev/null +++ b/src/libnacl/crypto_box/wrapper-box.cpp @@ -0,0 +1,24 @@ +#include +using std::string; +#include "crypto_box.h" + +string crypto_box(const string &m,const string &n,const string &pk,const string &sk) +{ + if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length"; + if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length"; + if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length"; + size_t mlen = m.size() + crypto_box_ZEROBYTES; + unsigned char mpad[mlen]; + for (int i = 0;i < crypto_box_ZEROBYTES;++i) mpad[i] = 0; + for (int i = crypto_box_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_box_ZEROBYTES]; + unsigned char cpad[mlen]; + crypto_box(cpad,mpad,mlen, + (const unsigned char *) n.c_str(), + (const unsigned char *) pk.c_str(), + (const unsigned char *) sk.c_str() + ); + return string( + (char *) cpad + crypto_box_BOXZEROBYTES, + mlen - crypto_box_BOXZEROBYTES + ); +} diff --git a/src/libnacl/crypto_box/wrapper-keypair.cpp b/src/libnacl/crypto_box/wrapper-keypair.cpp new file mode 100644 index 00000000..b59f92d9 --- /dev/null +++ b/src/libnacl/crypto_box/wrapper-keypair.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_box.h" + +string crypto_box_keypair(string *sk_string) +{ + unsigned char pk[crypto_box_PUBLICKEYBYTES]; + unsigned char sk[crypto_box_SECRETKEYBYTES]; + crypto_box_keypair(pk,sk); + *sk_string = string((char *) sk,sizeof sk); + return string((char *) pk,sizeof pk); +} diff --git a/src/libnacl/crypto_box/wrapper-open.cpp b/src/libnacl/crypto_box/wrapper-open.cpp new file mode 100644 index 00000000..67663a21 --- /dev/null +++ b/src/libnacl/crypto_box/wrapper-open.cpp @@ -0,0 +1,27 @@ +#include +using std::string; +#include "crypto_box.h" + +string crypto_box_open(const string &c,const string &n,const string &pk,const string &sk) +{ + if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length"; + if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length"; + if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length"; + size_t clen = c.size() + crypto_box_BOXZEROBYTES; + unsigned char cpad[clen]; + for (int i = 0;i < crypto_box_BOXZEROBYTES;++i) cpad[i] = 0; + for (int i = crypto_box_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_box_BOXZEROBYTES]; + unsigned char mpad[clen]; + if (crypto_box_open(mpad,cpad,clen, + (const unsigned char *) n.c_str(), + (const unsigned char *) pk.c_str(), + (const unsigned char *) sk.c_str() + ) != 0) + throw "ciphertext fails verification"; + if (clen < crypto_box_ZEROBYTES) + throw "ciphertext too short"; // should have been caught by _open + return string( + (char *) mpad + crypto_box_ZEROBYTES, + clen - crypto_box_ZEROBYTES + ); +} diff --git a/src/libnacl/crypto_core/hsalsa20/checksum b/src/libnacl/crypto_core/hsalsa20/checksum new file mode 100644 index 00000000..f67bb2e2 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/checksum @@ -0,0 +1 @@ +28ebe700b5878570702a68740aa131e6fa907e58a3f6915cd183c6db3f7afd7a diff --git a/src/libnacl/crypto_core/hsalsa20/ref/api.h b/src/libnacl/crypto_core/hsalsa20/ref/api.h new file mode 100644 index 00000000..73bd8541 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 32 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/hsalsa20/ref/core.c b/src/libnacl/crypto_core/hsalsa20/ref/core.c new file mode 100644 index 00000000..36118da0 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref/core.c @@ -0,0 +1,135 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + x0 -= load_littleendian(c + 0); + x5 -= load_littleendian(c + 4); + x10 -= load_littleendian(c + 8); + x15 -= load_littleendian(c + 12); + x6 -= load_littleendian(in + 0); + x7 -= load_littleendian(in + 4); + x8 -= load_littleendian(in + 8); + x9 -= load_littleendian(in + 12); + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x5); + store_littleendian(out + 8,x10); + store_littleendian(out + 12,x15); + store_littleendian(out + 16,x6); + store_littleendian(out + 20,x7); + store_littleendian(out + 24,x8); + store_littleendian(out + 28,x9); + + return 0; +} diff --git a/src/libnacl/crypto_core/hsalsa20/ref/implementors b/src/libnacl/crypto_core/hsalsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/hsalsa20/ref2/api.h b/src/libnacl/crypto_core/hsalsa20/ref2/api.h new file mode 100644 index 00000000..73bd8541 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref2/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 32 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/hsalsa20/ref2/core.c b/src/libnacl/crypto_core/hsalsa20/ref2/core.c new file mode 100644 index 00000000..9a9a8c7c --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref2/core.c @@ -0,0 +1,108 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + int i; + + x0 = load_littleendian(c + 0); + x1 = load_littleendian(k + 0); + x2 = load_littleendian(k + 4); + x3 = load_littleendian(k + 8); + x4 = load_littleendian(k + 12); + x5 = load_littleendian(c + 4); + x6 = load_littleendian(in + 0); + x7 = load_littleendian(in + 4); + x8 = load_littleendian(in + 8); + x9 = load_littleendian(in + 12); + x10 = load_littleendian(c + 8); + x11 = load_littleendian(k + 16); + x12 = load_littleendian(k + 20); + x13 = load_littleendian(k + 24); + x14 = load_littleendian(k + 28); + x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x5); + store_littleendian(out + 8,x10); + store_littleendian(out + 12,x15); + store_littleendian(out + 16,x6); + store_littleendian(out + 20,x7); + store_littleendian(out + 24,x8); + store_littleendian(out + 28,x9); + + return 0; +} diff --git a/src/libnacl/crypto_core/hsalsa20/ref2/implementors b/src/libnacl/crypto_core/hsalsa20/ref2/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/hsalsa20/ref2/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/hsalsa20/used b/src/libnacl/crypto_core/hsalsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/measure.c b/src/libnacl/crypto_core/measure.c new file mode 100644 index 00000000..dd7bac81 --- /dev/null +++ b/src/libnacl/crypto_core/measure.c @@ -0,0 +1,18 @@ +#include "crypto_core.h" + +const char *primitiveimplementation = crypto_core_IMPLEMENTATION; +const char *implementationversion = crypto_core_VERSION; +const char *sizenames[] = { "outputbytes", "inputbytes", "keybytes", "constbytes", 0 }; +const long long sizes[] = { crypto_core_OUTPUTBYTES, crypto_core_INPUTBYTES, crypto_core_KEYBYTES, crypto_core_CONSTBYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/src/libnacl/crypto_core/salsa20/checksum b/src/libnacl/crypto_core/salsa20/checksum new file mode 100644 index 00000000..fcf56186 --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/checksum @@ -0,0 +1 @@ +9d1ee8d84b974e648507ffd93829376c5b4420751710e44f6593abd8769378011d85ecda51ceb8f43661d3c65ef5b57c4f5bf8df76c8202784c8df8def61e6a6 diff --git a/src/libnacl/crypto_core/salsa20/ref/api.h b/src/libnacl/crypto_core/salsa20/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/salsa20/ref/core.c b/src/libnacl/crypto_core/salsa20/ref/core.c new file mode 100644 index 00000000..910a0056 --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 20 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/src/libnacl/crypto_core/salsa20/ref/implementors b/src/libnacl/crypto_core/salsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/salsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/salsa20/used b/src/libnacl/crypto_core/salsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/salsa2012/checksum b/src/libnacl/crypto_core/salsa2012/checksum new file mode 100644 index 00000000..2f99a8d6 --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/checksum @@ -0,0 +1 @@ +f36d643f798efc0fca888d3ac4bdcc54c98a968c2da16bd5b8bfe9fe9025a6ca3a207e9362dc7cf17ddfc7477ee754d3f521b1df91640093754f7275b1a54293 diff --git a/src/libnacl/crypto_core/salsa2012/ref/api.h b/src/libnacl/crypto_core/salsa2012/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/salsa2012/ref/core.c b/src/libnacl/crypto_core/salsa2012/ref/core.c new file mode 100644 index 00000000..d4b59e48 --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 12 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/src/libnacl/crypto_core/salsa2012/ref/implementors b/src/libnacl/crypto_core/salsa2012/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/salsa2012/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/salsa2012/used b/src/libnacl/crypto_core/salsa2012/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/salsa208/checksum b/src/libnacl/crypto_core/salsa208/checksum new file mode 100644 index 00000000..a16cb52f --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/checksum @@ -0,0 +1 @@ +1e13ea9e74cb36989f7cbf4abc80b29154e1a8b150bd5244951318abea002a93ae9fe2abbcf7217526ac2a85b66c256ba9374b1257eda0c01816da328edfa11a diff --git a/src/libnacl/crypto_core/salsa208/ref/api.h b/src/libnacl/crypto_core/salsa208/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_OUTPUTBYTES 64 +#define CRYPTO_INPUTBYTES 16 +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_CONSTBYTES 16 diff --git a/src/libnacl/crypto_core/salsa208/ref/core.c b/src/libnacl/crypto_core/salsa208/ref/core.c new file mode 100644 index 00000000..921e7a86 --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/ref/core.c @@ -0,0 +1,134 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core.h" + +#define ROUNDS 8 + +typedef unsigned int uint32; + +static uint32 rotate(uint32 u,int c) +{ + return (u << c) | (u >> (32 - c)); +} + +static uint32 load_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +static void store_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + +int crypto_core( + unsigned char *out, + const unsigned char *in, + const unsigned char *k, + const unsigned char *c +) +{ + uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + int i; + + j0 = x0 = load_littleendian(c + 0); + j1 = x1 = load_littleendian(k + 0); + j2 = x2 = load_littleendian(k + 4); + j3 = x3 = load_littleendian(k + 8); + j4 = x4 = load_littleendian(k + 12); + j5 = x5 = load_littleendian(c + 4); + j6 = x6 = load_littleendian(in + 0); + j7 = x7 = load_littleendian(in + 4); + j8 = x8 = load_littleendian(in + 8); + j9 = x9 = load_littleendian(in + 12); + j10 = x10 = load_littleendian(c + 8); + j11 = x11 = load_littleendian(k + 16); + j12 = x12 = load_littleendian(k + 20); + j13 = x13 = load_littleendian(k + 24); + j14 = x14 = load_littleendian(k + 28); + j15 = x15 = load_littleendian(c + 12); + + for (i = ROUNDS;i > 0;i -= 2) { + x4 ^= rotate( x0+x12, 7); + x8 ^= rotate( x4+ x0, 9); + x12 ^= rotate( x8+ x4,13); + x0 ^= rotate(x12+ x8,18); + x9 ^= rotate( x5+ x1, 7); + x13 ^= rotate( x9+ x5, 9); + x1 ^= rotate(x13+ x9,13); + x5 ^= rotate( x1+x13,18); + x14 ^= rotate(x10+ x6, 7); + x2 ^= rotate(x14+x10, 9); + x6 ^= rotate( x2+x14,13); + x10 ^= rotate( x6+ x2,18); + x3 ^= rotate(x15+x11, 7); + x7 ^= rotate( x3+x15, 9); + x11 ^= rotate( x7+ x3,13); + x15 ^= rotate(x11+ x7,18); + x1 ^= rotate( x0+ x3, 7); + x2 ^= rotate( x1+ x0, 9); + x3 ^= rotate( x2+ x1,13); + x0 ^= rotate( x3+ x2,18); + x6 ^= rotate( x5+ x4, 7); + x7 ^= rotate( x6+ x5, 9); + x4 ^= rotate( x7+ x6,13); + x5 ^= rotate( x4+ x7,18); + x11 ^= rotate(x10+ x9, 7); + x8 ^= rotate(x11+x10, 9); + x9 ^= rotate( x8+x11,13); + x10 ^= rotate( x9+ x8,18); + x12 ^= rotate(x15+x14, 7); + x13 ^= rotate(x12+x15, 9); + x14 ^= rotate(x13+x12,13); + x15 ^= rotate(x14+x13,18); + } + + x0 += j0; + x1 += j1; + x2 += j2; + x3 += j3; + x4 += j4; + x5 += j5; + x6 += j6; + x7 += j7; + x8 += j8; + x9 += j9; + x10 += j10; + x11 += j11; + x12 += j12; + x13 += j13; + x14 += j14; + x15 += j15; + + store_littleendian(out + 0,x0); + store_littleendian(out + 4,x1); + store_littleendian(out + 8,x2); + store_littleendian(out + 12,x3); + store_littleendian(out + 16,x4); + store_littleendian(out + 20,x5); + store_littleendian(out + 24,x6); + store_littleendian(out + 28,x7); + store_littleendian(out + 32,x8); + store_littleendian(out + 36,x9); + store_littleendian(out + 40,x10); + store_littleendian(out + 44,x11); + store_littleendian(out + 48,x12); + store_littleendian(out + 52,x13); + store_littleendian(out + 56,x14); + store_littleendian(out + 60,x15); + + return 0; +} diff --git a/src/libnacl/crypto_core/salsa208/ref/implementors b/src/libnacl/crypto_core/salsa208/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_core/salsa208/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_core/salsa208/used b/src/libnacl/crypto_core/salsa208/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_core/try.c b/src/libnacl/crypto_core/try.c new file mode 100644 index 00000000..6f5534e7 --- /dev/null +++ b/src/libnacl/crypto_core/try.c @@ -0,0 +1,117 @@ +/* + * crypto_core/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_core.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_core_IMPLEMENTATION; + +static unsigned char *h; +static unsigned char *n; +static unsigned char *k; +static unsigned char *c; +static unsigned char *h2; +static unsigned char *n2; +static unsigned char *k2; +static unsigned char *c2; + +#define hlen crypto_core_OUTPUTBYTES +#define nlen crypto_core_INPUTBYTES +#define klen crypto_core_KEYBYTES +#define clen crypto_core_CONSTBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(hlen); + n = alignedcalloc(nlen); + k = alignedcalloc(klen); + c = alignedcalloc(clen); + h2 = alignedcalloc(hlen); + n2 = alignedcalloc(nlen + crypto_core_OUTPUTBYTES); + k2 = alignedcalloc(klen + crypto_core_OUTPUTBYTES); + c2 = alignedcalloc(clen + crypto_core_OUTPUTBYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_core(h,n,k,c); +} + +static unsigned char newbyte(void) +{ + unsigned long long x; + long long j; + x = 8675309; + for (j = 0;j < hlen;++j) { x += h[j]; x *= x; x += (x >> 31); } + for (j = 0;j < nlen;++j) { x += n[j]; x *= x; x += (x >> 31); } + for (j = 0;j < klen;++j) { x += k[j]; x *= x; x += (x >> 31); } + for (j = 0;j < clen;++j) { x += c[j]; x *= x; x += (x >> 31); } + for (j = 0;j < 100;++j) { x += j ; x *= x; x += (x >> 31); } + return x; +} + +char checksum[hlen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < 100;++i) { + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) n[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < 0;++j) k[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_core writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_core writes after output"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_core writes to k"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_core writes to n"; + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_core writes to c"; + + if (crypto_core(n2,n2,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != n2[j]) return "crypto_core does not handle n overlap"; + for (j = 0;j < hlen;++j) n2[j] = n[j]; + if (crypto_core(k2,n2,k2,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != k2[j]) return "crypto_core does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + if (crypto_core(c2,n2,k2,c2) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < hlen;++j) if (h[j] != c2[j]) return "crypto_core does not handle c overlap"; + for (j = 0;j < hlen;++j) c2[j] = c[j]; + + for (j = 0;j < nlen;++j) n[j] = newbyte(); + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < klen;++j) k[j] = newbyte(); + if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero"; + for (j = 0;j < clen;++j) c[j] = newbyte(); + } + + for (i = 0;i < hlen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_core/wrapper-empty.cpp b/src/libnacl/crypto_core/wrapper-empty.cpp new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/measure.c b/src/libnacl/crypto_hash/measure.c new file mode 100644 index 00000000..cec0404d --- /dev/null +++ b/src/libnacl/crypto_hash/measure.c @@ -0,0 +1,66 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_hash.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; +const char *implementationversion = crypto_hash_VERSION; +const char *sizenames[] = { "outputbytes", 0 }; +const long long sizes[] = { crypto_hash_BYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *h; +static unsigned char *m; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hash_BYTES); + m = alignedcalloc(MAXTEST_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +static void printcycles(long long mlen) +{ + int i; + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); +} + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(m,mlen); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_hash(h,m,mlen); + } + printcycles(mlen); + } + } +} diff --git a/src/libnacl/crypto_hash/sha256/checksum b/src/libnacl/crypto_hash/sha256/checksum new file mode 100644 index 00000000..ee52aa30 --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/checksum @@ -0,0 +1 @@ +86df8bd202b2a2b5fdc04a7f50a591e43a345849c12fef08d487109648a08e05 diff --git a/src/libnacl/crypto_hash/sha256/ref/api.h b/src/libnacl/crypto_hash/sha256/ref/api.h new file mode 100644 index 00000000..ae8c7f6a --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 32 diff --git a/src/libnacl/crypto_hash/sha256/ref/hash.c b/src/libnacl/crypto_hash/sha256/ref/hash.c new file mode 100644 index 00000000..21ce68a0 --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/ref/hash.c @@ -0,0 +1,69 @@ +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_hashblocks_sha256.h" +#include "crypto_hash.h" + +#define blocks crypto_hashblocks_sha256 + +typedef unsigned int uint32; + +static const char iv[32] = { + 0x6a,0x09,0xe6,0x67, + 0xbb,0x67,0xae,0x85, + 0x3c,0x6e,0xf3,0x72, + 0xa5,0x4f,0xf5,0x3a, + 0x51,0x0e,0x52,0x7f, + 0x9b,0x05,0x68,0x8c, + 0x1f,0x83,0xd9,0xab, + 0x5b,0xe0,0xcd,0x19, +} ; + +int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[32]; + unsigned char padded[128]; + int i; + unsigned long long bits = inlen << 3; + + for (i = 0;i < 32;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 63; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 56) { + for (i = inlen + 1;i < 56;++i) padded[i] = 0; + padded[56] = bits >> 56; + padded[57] = bits >> 48; + padded[58] = bits >> 40; + padded[59] = bits >> 32; + padded[60] = bits >> 24; + padded[61] = bits >> 16; + padded[62] = bits >> 8; + padded[63] = bits; + blocks(h,padded,64); + } else { + for (i = inlen + 1;i < 120;++i) padded[i] = 0; + padded[120] = bits >> 56; + padded[121] = bits >> 48; + padded[122] = bits >> 40; + padded[123] = bits >> 32; + padded[124] = bits >> 24; + padded[125] = bits >> 16; + padded[126] = bits >> 8; + padded[127] = bits; + blocks(h,padded,128); + } + + for (i = 0;i < 32;++i) out[i] = h[i]; + + return 0; +} diff --git a/src/libnacl/crypto_hash/sha256/ref/implementors b/src/libnacl/crypto_hash/sha256/ref/implementors new file mode 100644 index 00000000..962e7d8e --- /dev/null +++ b/src/libnacl/crypto_hash/sha256/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein (wrapper around crypto_hashblocks/sha256) diff --git a/src/libnacl/crypto_hash/sha256/used b/src/libnacl/crypto_hash/sha256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/sha512/checksum b/src/libnacl/crypto_hash/sha512/checksum new file mode 100644 index 00000000..edf714e9 --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/checksum @@ -0,0 +1 @@ +9a2a989e136a02c3362c98e6e1e0b52fab980a1dafbebe4dd5e44d15d061742e35fb686befd4e33c608d251c96e26c020f90d92bb7ec8a657f79bb8e0b00a473 diff --git a/src/libnacl/crypto_hash/sha512/ref/api.h b/src/libnacl/crypto_hash/sha512/ref/api.h new file mode 100644 index 00000000..de9380d7 --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 64 diff --git a/src/libnacl/crypto_hash/sha512/ref/hash.c b/src/libnacl/crypto_hash/sha512/ref/hash.c new file mode 100644 index 00000000..fc4347bb --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/ref/hash.c @@ -0,0 +1,71 @@ +/* +20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_hashblocks_sha512.h" +#include "crypto_hash.h" + +#define blocks crypto_hashblocks_sha512 + +static const unsigned char iv[64] = { + 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, + 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, + 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, + 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, + 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, + 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, + 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, + 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 +} ; + +typedef unsigned long long uint64; + +int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) +{ + unsigned char h[64]; + unsigned char padded[256]; + int i; + unsigned long long bytes = inlen; + + for (i = 0;i < 64;++i) h[i] = iv[i]; + + blocks(h,in,inlen); + in += inlen; + inlen &= 127; + in -= inlen; + + for (i = 0;i < inlen;++i) padded[i] = in[i]; + padded[inlen] = 0x80; + + if (inlen < 112) { + for (i = inlen + 1;i < 119;++i) padded[i] = 0; + padded[119] = bytes >> 61; + padded[120] = bytes >> 53; + padded[121] = bytes >> 45; + padded[122] = bytes >> 37; + padded[123] = bytes >> 29; + padded[124] = bytes >> 21; + padded[125] = bytes >> 13; + padded[126] = bytes >> 5; + padded[127] = bytes << 3; + blocks(h,padded,128); + } else { + for (i = inlen + 1;i < 247;++i) padded[i] = 0; + padded[247] = bytes >> 61; + padded[248] = bytes >> 53; + padded[249] = bytes >> 45; + padded[250] = bytes >> 37; + padded[251] = bytes >> 29; + padded[252] = bytes >> 21; + padded[253] = bytes >> 13; + padded[254] = bytes >> 5; + padded[255] = bytes << 3; + blocks(h,padded,256); + } + + for (i = 0;i < 64;++i) out[i] = h[i]; + + return 0; +} diff --git a/src/libnacl/crypto_hash/sha512/ref/implementors b/src/libnacl/crypto_hash/sha512/ref/implementors new file mode 100644 index 00000000..40afca09 --- /dev/null +++ b/src/libnacl/crypto_hash/sha512/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein (wrapper around crypto_hashblocks/sha512) diff --git a/src/libnacl/crypto_hash/sha512/selected b/src/libnacl/crypto_hash/sha512/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/sha512/used b/src/libnacl/crypto_hash/sha512/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hash/try.c b/src/libnacl/crypto_hash/try.c new file mode 100644 index 00000000..c98beacc --- /dev/null +++ b/src/libnacl/crypto_hash/try.c @@ -0,0 +1,78 @@ +/* + * crypto_hash/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; + +#define MAXTEST_BYTES (10000 + crypto_hash_BYTES) +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *h2; +static unsigned char *m; +static unsigned char *m2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hash_BYTES); + h2 = alignedcalloc(crypto_hash_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_hash(h,m,TUNE_BYTES); +} + +char checksum[crypto_hash_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long hlen = crypto_hash_BYTES; + long long mlen = i; + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + if (crypto_hash(h,m,mlen) != 0) return "crypto_hash returns nonzero"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hash writes to input"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hash writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hash writes after output"; + if (crypto_hash(m2,m2,mlen) != 0) return "crypto_hash returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_hash does not handle overlap"; + for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen]; + m[mlen] = h[0]; + } + if (crypto_hash(h,m,CHECKSUM_BYTES) != 0) return "crypto_hash returns nonzero"; + + for (i = 0;i < crypto_hash_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_hash/wrapper-hash.cpp b/src/libnacl/crypto_hash/wrapper-hash.cpp new file mode 100644 index 00000000..4c0fb590 --- /dev/null +++ b/src/libnacl/crypto_hash/wrapper-hash.cpp @@ -0,0 +1,10 @@ +#include +using std::string; +#include "crypto_hash.h" + +string crypto_hash(const string &m) +{ + unsigned char h[crypto_hash_BYTES]; + crypto_hash(h,(const unsigned char *) m.c_str(),m.size()); + return string((char *) h,sizeof h); +} diff --git a/src/libnacl/crypto_hashblocks/measure.c b/src/libnacl/crypto_hashblocks/measure.c new file mode 100644 index 00000000..145fbbc4 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/measure.c @@ -0,0 +1,18 @@ +#include "crypto_hashblocks.h" + +const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION; +const char *implementationversion = crypto_hashblocks_VERSION; +const char *sizenames[] = { "statebytes", 0 }; +const long long sizes[] = { crypto_hashblocks_STATEBYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/src/libnacl/crypto_hashblocks/sha256/checksum b/src/libnacl/crypto_hashblocks/sha256/checksum new file mode 100644 index 00000000..edde1d4f --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/checksum @@ -0,0 +1 @@ +69a9dc2464f9593161e462d3dbb634b84f1d68d67d26df29aaa805f9dcd8f656 diff --git a/src/libnacl/crypto_hashblocks/sha256/inplace/api.h b/src/libnacl/crypto_hashblocks/sha256/inplace/api.h new file mode 100644 index 00000000..005a4f47 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/inplace/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 32 +#define CRYPTO_BLOCKBYTES 64 diff --git a/src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c b/src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c new file mode 100644 index 00000000..3364dc03 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c @@ -0,0 +1,228 @@ +#include "crypto_hashblocks.h" + +typedef unsigned int uint32; + +static uint32 load_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +static void store_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define M(w0,w14,w9,w1) w0 += sigma1(w14) + w9 + sigma0(w1); + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \ + r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \ + r3 += r7; \ + r7 += Sigma0(r0) + Maj(r0,r1,r2); + +#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15]) + +static const uint32 round[64] = { + 0x428a2f98 +, 0x71374491 +, 0xb5c0fbcf +, 0xe9b5dba5 +, 0x3956c25b +, 0x59f111f1 +, 0x923f82a4 +, 0xab1c5ed5 +, 0xd807aa98 +, 0x12835b01 +, 0x243185be +, 0x550c7dc3 +, 0x72be5d74 +, 0x80deb1fe +, 0x9bdc06a7 +, 0xc19bf174 +, 0xe49b69c1 +, 0xefbe4786 +, 0x0fc19dc6 +, 0x240ca1cc +, 0x2de92c6f +, 0x4a7484aa +, 0x5cb0a9dc +, 0x76f988da +, 0x983e5152 +, 0xa831c66d +, 0xb00327c8 +, 0xbf597fc7 +, 0xc6e00bf3 +, 0xd5a79147 +, 0x06ca6351 +, 0x14292967 +, 0x27b70a85 +, 0x2e1b2138 +, 0x4d2c6dfc +, 0x53380d13 +, 0x650a7354 +, 0x766a0abb +, 0x81c2c92e +, 0x92722c85 +, 0xa2bfe8a1 +, 0xa81a664b +, 0xc24b8b70 +, 0xc76c51a3 +, 0xd192e819 +, 0xd6990624 +, 0xf40e3585 +, 0x106aa070 +, 0x19a4c116 +, 0x1e376c08 +, 0x2748774c +, 0x34b0bcb5 +, 0x391c0cb3 +, 0x4ed8aa4a +, 0x5b9cca4f +, 0x682e6ff3 +, 0x748f82ee +, 0x78a5636f +, 0x84c87814 +, 0x8cc70208 +, 0x90befffa +, 0xa4506ceb +, 0xbef9a3f7 +, 0xc67178f2 +} ; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint32 state[8]; + uint32 r0; + uint32 r1; + uint32 r2; + uint32 r3; + uint32 r4; + uint32 r5; + uint32 r6; + uint32 r7; + + r0 = load_bigendian(statebytes + 0); state[0] = r0; + r1 = load_bigendian(statebytes + 4); state[1] = r1; + r2 = load_bigendian(statebytes + 8); state[2] = r2; + r3 = load_bigendian(statebytes + 12); state[3] = r3; + r4 = load_bigendian(statebytes + 16); state[4] = r4; + r5 = load_bigendian(statebytes + 20); state[5] = r5; + r6 = load_bigendian(statebytes + 24); state[6] = r6; + r7 = load_bigendian(statebytes + 28); state[7] = r7; + + while (inlen >= 64) { + uint32 w0 = load_bigendian(in + 0); + uint32 w1 = load_bigendian(in + 4); + uint32 w2 = load_bigendian(in + 8); + uint32 w3 = load_bigendian(in + 12); + uint32 w4 = load_bigendian(in + 16); + uint32 w5 = load_bigendian(in + 20); + uint32 w6 = load_bigendian(in + 24); + uint32 w7 = load_bigendian(in + 28); + uint32 w8 = load_bigendian(in + 32); + uint32 w9 = load_bigendian(in + 36); + uint32 w10 = load_bigendian(in + 40); + uint32 w11 = load_bigendian(in + 44); + uint32 w12 = load_bigendian(in + 48); + uint32 w13 = load_bigendian(in + 52); + uint32 w14 = load_bigendian(in + 56); + uint32 w15 = load_bigendian(in + 60); + + G(r0,r1,r2,r3,r4,r5,r6,r7,0) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,16) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,32) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,48) + + r0 += state[0]; + r1 += state[1]; + r2 += state[2]; + r3 += state[3]; + r4 += state[4]; + r5 += state[5]; + r6 += state[6]; + r7 += state[7]; + + state[0] = r0; + state[1] = r1; + state[2] = r2; + state[3] = r3; + state[4] = r4; + state[5] = r5; + state[6] = r6; + state[7] = r7; + + in += 64; + inlen -= 64; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 4,state[1]); + store_bigendian(statebytes + 8,state[2]); + store_bigendian(statebytes + 12,state[3]); + store_bigendian(statebytes + 16,state[4]); + store_bigendian(statebytes + 20,state[5]); + store_bigendian(statebytes + 24,state[6]); + store_bigendian(statebytes + 28,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha256/inplace/implementors b/src/libnacl/crypto_hashblocks/sha256/inplace/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/inplace/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha256/ref/api.h b/src/libnacl/crypto_hashblocks/sha256/ref/api.h new file mode 100644 index 00000000..005a4f47 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 32 +#define CRYPTO_BLOCKBYTES 64 diff --git a/src/libnacl/crypto_hashblocks/sha256/ref/blocks.c b/src/libnacl/crypto_hashblocks/sha256/ref/blocks.c new file mode 100644 index 00000000..95670754 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/ref/blocks.c @@ -0,0 +1,212 @@ +#include "crypto_hashblocks.h" + +typedef unsigned int uint32; + +static uint32 load_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +static void store_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint32 state[8]; + uint32 a; + uint32 b; + uint32 c; + uint32 d; + uint32 e; + uint32 f; + uint32 g; + uint32 h; + uint32 T1; + uint32 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 4); state[1] = b; + c = load_bigendian(statebytes + 8); state[2] = c; + d = load_bigendian(statebytes + 12); state[3] = d; + e = load_bigendian(statebytes + 16); state[4] = e; + f = load_bigendian(statebytes + 20); state[5] = f; + g = load_bigendian(statebytes + 24); state[6] = g; + h = load_bigendian(statebytes + 28); state[7] = h; + + while (inlen >= 64) { + uint32 w0 = load_bigendian(in + 0); + uint32 w1 = load_bigendian(in + 4); + uint32 w2 = load_bigendian(in + 8); + uint32 w3 = load_bigendian(in + 12); + uint32 w4 = load_bigendian(in + 16); + uint32 w5 = load_bigendian(in + 20); + uint32 w6 = load_bigendian(in + 24); + uint32 w7 = load_bigendian(in + 28); + uint32 w8 = load_bigendian(in + 32); + uint32 w9 = load_bigendian(in + 36); + uint32 w10 = load_bigendian(in + 40); + uint32 w11 = load_bigendian(in + 44); + uint32 w12 = load_bigendian(in + 48); + uint32 w13 = load_bigendian(in + 52); + uint32 w14 = load_bigendian(in + 56); + uint32 w15 = load_bigendian(in + 60); + + F(w0 ,0x428a2f98) + F(w1 ,0x71374491) + F(w2 ,0xb5c0fbcf) + F(w3 ,0xe9b5dba5) + F(w4 ,0x3956c25b) + F(w5 ,0x59f111f1) + F(w6 ,0x923f82a4) + F(w7 ,0xab1c5ed5) + F(w8 ,0xd807aa98) + F(w9 ,0x12835b01) + F(w10,0x243185be) + F(w11,0x550c7dc3) + F(w12,0x72be5d74) + F(w13,0x80deb1fe) + F(w14,0x9bdc06a7) + F(w15,0xc19bf174) + + EXPAND + + F(w0 ,0xe49b69c1) + F(w1 ,0xefbe4786) + F(w2 ,0x0fc19dc6) + F(w3 ,0x240ca1cc) + F(w4 ,0x2de92c6f) + F(w5 ,0x4a7484aa) + F(w6 ,0x5cb0a9dc) + F(w7 ,0x76f988da) + F(w8 ,0x983e5152) + F(w9 ,0xa831c66d) + F(w10,0xb00327c8) + F(w11,0xbf597fc7) + F(w12,0xc6e00bf3) + F(w13,0xd5a79147) + F(w14,0x06ca6351) + F(w15,0x14292967) + + EXPAND + + F(w0 ,0x27b70a85) + F(w1 ,0x2e1b2138) + F(w2 ,0x4d2c6dfc) + F(w3 ,0x53380d13) + F(w4 ,0x650a7354) + F(w5 ,0x766a0abb) + F(w6 ,0x81c2c92e) + F(w7 ,0x92722c85) + F(w8 ,0xa2bfe8a1) + F(w9 ,0xa81a664b) + F(w10,0xc24b8b70) + F(w11,0xc76c51a3) + F(w12,0xd192e819) + F(w13,0xd6990624) + F(w14,0xf40e3585) + F(w15,0x106aa070) + + EXPAND + + F(w0 ,0x19a4c116) + F(w1 ,0x1e376c08) + F(w2 ,0x2748774c) + F(w3 ,0x34b0bcb5) + F(w4 ,0x391c0cb3) + F(w5 ,0x4ed8aa4a) + F(w6 ,0x5b9cca4f) + F(w7 ,0x682e6ff3) + F(w8 ,0x748f82ee) + F(w9 ,0x78a5636f) + F(w10,0x84c87814) + F(w11,0x8cc70208) + F(w12,0x90befffa) + F(w13,0xa4506ceb) + F(w14,0xbef9a3f7) + F(w15,0xc67178f2) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 64; + inlen -= 64; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 4,state[1]); + store_bigendian(statebytes + 8,state[2]); + store_bigendian(statebytes + 12,state[3]); + store_bigendian(statebytes + 16,state[4]); + store_bigendian(statebytes + 20,state[5]); + store_bigendian(statebytes + 24,state[6]); + store_bigendian(statebytes + 28,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha256/ref/implementors b/src/libnacl/crypto_hashblocks/sha256/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha256/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha256/used b/src/libnacl/crypto_hashblocks/sha256/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hashblocks/sha512/checksum b/src/libnacl/crypto_hashblocks/sha512/checksum new file mode 100644 index 00000000..ed5245ec --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/checksum @@ -0,0 +1 @@ +f005c91634ae549f0dd4529ddbaf07038cb75a59b818cd1d4eb4e2b4019ab6733556131f320c4a145c735a22594581d454cccb15c18bf198ffcb2da29fe39456 diff --git a/src/libnacl/crypto_hashblocks/sha512/inplace/api.h b/src/libnacl/crypto_hashblocks/sha512/inplace/api.h new file mode 100644 index 00000000..ac45d103 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/inplace/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 64 +#define CRYPTO_BLOCKBYTES 128 diff --git a/src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c b/src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c new file mode 100644 index 00000000..edb9ab05 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c @@ -0,0 +1,256 @@ +#include "crypto_hashblocks.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \ + r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \ + r3 += r7; \ + r7 += Sigma0(r0) + Maj(r0,r1,r2); + +#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \ + F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \ + F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \ + F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \ + F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \ + F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \ + F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \ + F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \ + F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15]) + +static const uint64 round[80] = { + 0x428a2f98d728ae22ULL +, 0x7137449123ef65cdULL +, 0xb5c0fbcfec4d3b2fULL +, 0xe9b5dba58189dbbcULL +, 0x3956c25bf348b538ULL +, 0x59f111f1b605d019ULL +, 0x923f82a4af194f9bULL +, 0xab1c5ed5da6d8118ULL +, 0xd807aa98a3030242ULL +, 0x12835b0145706fbeULL +, 0x243185be4ee4b28cULL +, 0x550c7dc3d5ffb4e2ULL +, 0x72be5d74f27b896fULL +, 0x80deb1fe3b1696b1ULL +, 0x9bdc06a725c71235ULL +, 0xc19bf174cf692694ULL +, 0xe49b69c19ef14ad2ULL +, 0xefbe4786384f25e3ULL +, 0x0fc19dc68b8cd5b5ULL +, 0x240ca1cc77ac9c65ULL +, 0x2de92c6f592b0275ULL +, 0x4a7484aa6ea6e483ULL +, 0x5cb0a9dcbd41fbd4ULL +, 0x76f988da831153b5ULL +, 0x983e5152ee66dfabULL +, 0xa831c66d2db43210ULL +, 0xb00327c898fb213fULL +, 0xbf597fc7beef0ee4ULL +, 0xc6e00bf33da88fc2ULL +, 0xd5a79147930aa725ULL +, 0x06ca6351e003826fULL +, 0x142929670a0e6e70ULL +, 0x27b70a8546d22ffcULL +, 0x2e1b21385c26c926ULL +, 0x4d2c6dfc5ac42aedULL +, 0x53380d139d95b3dfULL +, 0x650a73548baf63deULL +, 0x766a0abb3c77b2a8ULL +, 0x81c2c92e47edaee6ULL +, 0x92722c851482353bULL +, 0xa2bfe8a14cf10364ULL +, 0xa81a664bbc423001ULL +, 0xc24b8b70d0f89791ULL +, 0xc76c51a30654be30ULL +, 0xd192e819d6ef5218ULL +, 0xd69906245565a910ULL +, 0xf40e35855771202aULL +, 0x106aa07032bbd1b8ULL +, 0x19a4c116b8d2d0c8ULL +, 0x1e376c085141ab53ULL +, 0x2748774cdf8eeb99ULL +, 0x34b0bcb5e19b48a8ULL +, 0x391c0cb3c5c95a63ULL +, 0x4ed8aa4ae3418acbULL +, 0x5b9cca4f7763e373ULL +, 0x682e6ff3d6b2b8a3ULL +, 0x748f82ee5defb2fcULL +, 0x78a5636f43172f60ULL +, 0x84c87814a1f0ab72ULL +, 0x8cc702081a6439ecULL +, 0x90befffa23631e28ULL +, 0xa4506cebde82bde9ULL +, 0xbef9a3f7b2c67915ULL +, 0xc67178f2e372532bULL +, 0xca273eceea26619cULL +, 0xd186b8c721c0c207ULL +, 0xeada7dd6cde0eb1eULL +, 0xf57d4f7fee6ed178ULL +, 0x06f067aa72176fbaULL +, 0x0a637dc5a2c898a6ULL +, 0x113f9804bef90daeULL +, 0x1b710b35131c471bULL +, 0x28db77f523047d84ULL +, 0x32caab7b40c72493ULL +, 0x3c9ebe0a15c9bebcULL +, 0x431d67c49c100d4cULL +, 0x4cc5d4becb3e42b6ULL +, 0x597f299cfc657e2aULL +, 0x5fcb6fab3ad6faecULL +, 0x6c44198c4a475817ULL +}; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 r0; + uint64 r1; + uint64 r2; + uint64 r3; + uint64 r4; + uint64 r5; + uint64 r6; + uint64 r7; + + r0 = load_bigendian(statebytes + 0); state[0] = r0; + r1 = load_bigendian(statebytes + 8); state[1] = r1; + r2 = load_bigendian(statebytes + 16); state[2] = r2; + r3 = load_bigendian(statebytes + 24); state[3] = r3; + r4 = load_bigendian(statebytes + 32); state[4] = r4; + r5 = load_bigendian(statebytes + 40); state[5] = r5; + r6 = load_bigendian(statebytes + 48); state[6] = r6; + r7 = load_bigendian(statebytes + 56); state[7] = r7; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + G(r0,r1,r2,r3,r4,r5,r6,r7,0) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,16) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,32) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,48) + + EXPAND + + G(r0,r1,r2,r3,r4,r5,r6,r7,64) + + r0 += state[0]; + r1 += state[1]; + r2 += state[2]; + r3 += state[3]; + r4 += state[4]; + r5 += state[5]; + r6 += state[6]; + r7 += state[7]; + + state[0] = r0; + state[1] = r1; + state[2] = r2; + state[3] = r3; + state[4] = r4; + state[5] = r5; + state[6] = r6; + state[7] = r7; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha512/inplace/implementors b/src/libnacl/crypto_hashblocks/sha512/inplace/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/inplace/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha512/ref/api.h b/src/libnacl/crypto_hashblocks/sha512/ref/api.h new file mode 100644 index 00000000..ac45d103 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_STATEBYTES 64 +#define CRYPTO_BLOCKBYTES 128 diff --git a/src/libnacl/crypto_hashblocks/sha512/ref/blocks.c b/src/libnacl/crypto_hashblocks/sha512/ref/blocks.c new file mode 100644 index 00000000..a340afe5 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/ref/blocks.c @@ -0,0 +1,239 @@ +#include "crypto_hashblocks.h" + +typedef unsigned long long uint64; + +static uint64 load_bigendian(const unsigned char *x) +{ + return + (uint64) (x[7]) \ + | (((uint64) (x[6])) << 8) \ + | (((uint64) (x[5])) << 16) \ + | (((uint64) (x[4])) << 24) \ + | (((uint64) (x[3])) << 32) \ + | (((uint64) (x[2])) << 40) \ + | (((uint64) (x[1])) << 48) \ + | (((uint64) (x[0])) << 56) + ; +} + +static void store_bigendian(unsigned char *x,uint64 u) +{ + x[7] = u; u >>= 8; + x[6] = u; u >>= 8; + x[5] = u; u >>= 8; + x[4] = u; u >>= 8; + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +#define SHR(x,c) ((x) >> (c)) +#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) + +#define Ch(x,y,z) ((x & y) ^ (~x & z)) +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) +#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) +#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) + +#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; + +#define EXPAND \ + M(w0 ,w14,w9 ,w1 ) \ + M(w1 ,w15,w10,w2 ) \ + M(w2 ,w0 ,w11,w3 ) \ + M(w3 ,w1 ,w12,w4 ) \ + M(w4 ,w2 ,w13,w5 ) \ + M(w5 ,w3 ,w14,w6 ) \ + M(w6 ,w4 ,w15,w7 ) \ + M(w7 ,w5 ,w0 ,w8 ) \ + M(w8 ,w6 ,w1 ,w9 ) \ + M(w9 ,w7 ,w2 ,w10) \ + M(w10,w8 ,w3 ,w11) \ + M(w11,w9 ,w4 ,w12) \ + M(w12,w10,w5 ,w13) \ + M(w13,w11,w6 ,w14) \ + M(w14,w12,w7 ,w15) \ + M(w15,w13,w8 ,w0 ) + +#define F(w,k) \ + T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ + T2 = Sigma0(a) + Maj(a,b,c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + T1; \ + d = c; \ + c = b; \ + b = a; \ + a = T1 + T2; + +int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +{ + uint64 state[8]; + uint64 a; + uint64 b; + uint64 c; + uint64 d; + uint64 e; + uint64 f; + uint64 g; + uint64 h; + uint64 T1; + uint64 T2; + + a = load_bigendian(statebytes + 0); state[0] = a; + b = load_bigendian(statebytes + 8); state[1] = b; + c = load_bigendian(statebytes + 16); state[2] = c; + d = load_bigendian(statebytes + 24); state[3] = d; + e = load_bigendian(statebytes + 32); state[4] = e; + f = load_bigendian(statebytes + 40); state[5] = f; + g = load_bigendian(statebytes + 48); state[6] = g; + h = load_bigendian(statebytes + 56); state[7] = h; + + while (inlen >= 128) { + uint64 w0 = load_bigendian(in + 0); + uint64 w1 = load_bigendian(in + 8); + uint64 w2 = load_bigendian(in + 16); + uint64 w3 = load_bigendian(in + 24); + uint64 w4 = load_bigendian(in + 32); + uint64 w5 = load_bigendian(in + 40); + uint64 w6 = load_bigendian(in + 48); + uint64 w7 = load_bigendian(in + 56); + uint64 w8 = load_bigendian(in + 64); + uint64 w9 = load_bigendian(in + 72); + uint64 w10 = load_bigendian(in + 80); + uint64 w11 = load_bigendian(in + 88); + uint64 w12 = load_bigendian(in + 96); + uint64 w13 = load_bigendian(in + 104); + uint64 w14 = load_bigendian(in + 112); + uint64 w15 = load_bigendian(in + 120); + + F(w0 ,0x428a2f98d728ae22ULL) + F(w1 ,0x7137449123ef65cdULL) + F(w2 ,0xb5c0fbcfec4d3b2fULL) + F(w3 ,0xe9b5dba58189dbbcULL) + F(w4 ,0x3956c25bf348b538ULL) + F(w5 ,0x59f111f1b605d019ULL) + F(w6 ,0x923f82a4af194f9bULL) + F(w7 ,0xab1c5ed5da6d8118ULL) + F(w8 ,0xd807aa98a3030242ULL) + F(w9 ,0x12835b0145706fbeULL) + F(w10,0x243185be4ee4b28cULL) + F(w11,0x550c7dc3d5ffb4e2ULL) + F(w12,0x72be5d74f27b896fULL) + F(w13,0x80deb1fe3b1696b1ULL) + F(w14,0x9bdc06a725c71235ULL) + F(w15,0xc19bf174cf692694ULL) + + EXPAND + + F(w0 ,0xe49b69c19ef14ad2ULL) + F(w1 ,0xefbe4786384f25e3ULL) + F(w2 ,0x0fc19dc68b8cd5b5ULL) + F(w3 ,0x240ca1cc77ac9c65ULL) + F(w4 ,0x2de92c6f592b0275ULL) + F(w5 ,0x4a7484aa6ea6e483ULL) + F(w6 ,0x5cb0a9dcbd41fbd4ULL) + F(w7 ,0x76f988da831153b5ULL) + F(w8 ,0x983e5152ee66dfabULL) + F(w9 ,0xa831c66d2db43210ULL) + F(w10,0xb00327c898fb213fULL) + F(w11,0xbf597fc7beef0ee4ULL) + F(w12,0xc6e00bf33da88fc2ULL) + F(w13,0xd5a79147930aa725ULL) + F(w14,0x06ca6351e003826fULL) + F(w15,0x142929670a0e6e70ULL) + + EXPAND + + F(w0 ,0x27b70a8546d22ffcULL) + F(w1 ,0x2e1b21385c26c926ULL) + F(w2 ,0x4d2c6dfc5ac42aedULL) + F(w3 ,0x53380d139d95b3dfULL) + F(w4 ,0x650a73548baf63deULL) + F(w5 ,0x766a0abb3c77b2a8ULL) + F(w6 ,0x81c2c92e47edaee6ULL) + F(w7 ,0x92722c851482353bULL) + F(w8 ,0xa2bfe8a14cf10364ULL) + F(w9 ,0xa81a664bbc423001ULL) + F(w10,0xc24b8b70d0f89791ULL) + F(w11,0xc76c51a30654be30ULL) + F(w12,0xd192e819d6ef5218ULL) + F(w13,0xd69906245565a910ULL) + F(w14,0xf40e35855771202aULL) + F(w15,0x106aa07032bbd1b8ULL) + + EXPAND + + F(w0 ,0x19a4c116b8d2d0c8ULL) + F(w1 ,0x1e376c085141ab53ULL) + F(w2 ,0x2748774cdf8eeb99ULL) + F(w3 ,0x34b0bcb5e19b48a8ULL) + F(w4 ,0x391c0cb3c5c95a63ULL) + F(w5 ,0x4ed8aa4ae3418acbULL) + F(w6 ,0x5b9cca4f7763e373ULL) + F(w7 ,0x682e6ff3d6b2b8a3ULL) + F(w8 ,0x748f82ee5defb2fcULL) + F(w9 ,0x78a5636f43172f60ULL) + F(w10,0x84c87814a1f0ab72ULL) + F(w11,0x8cc702081a6439ecULL) + F(w12,0x90befffa23631e28ULL) + F(w13,0xa4506cebde82bde9ULL) + F(w14,0xbef9a3f7b2c67915ULL) + F(w15,0xc67178f2e372532bULL) + + EXPAND + + F(w0 ,0xca273eceea26619cULL) + F(w1 ,0xd186b8c721c0c207ULL) + F(w2 ,0xeada7dd6cde0eb1eULL) + F(w3 ,0xf57d4f7fee6ed178ULL) + F(w4 ,0x06f067aa72176fbaULL) + F(w5 ,0x0a637dc5a2c898a6ULL) + F(w6 ,0x113f9804bef90daeULL) + F(w7 ,0x1b710b35131c471bULL) + F(w8 ,0x28db77f523047d84ULL) + F(w9 ,0x32caab7b40c72493ULL) + F(w10,0x3c9ebe0a15c9bebcULL) + F(w11,0x431d67c49c100d4cULL) + F(w12,0x4cc5d4becb3e42b6ULL) + F(w13,0x597f299cfc657e2aULL) + F(w14,0x5fcb6fab3ad6faecULL) + F(w15,0x6c44198c4a475817ULL) + + a += state[0]; + b += state[1]; + c += state[2]; + d += state[3]; + e += state[4]; + f += state[5]; + g += state[6]; + h += state[7]; + + state[0] = a; + state[1] = b; + state[2] = c; + state[3] = d; + state[4] = e; + state[5] = f; + state[6] = g; + state[7] = h; + + in += 128; + inlen -= 128; + } + + store_bigendian(statebytes + 0,state[0]); + store_bigendian(statebytes + 8,state[1]); + store_bigendian(statebytes + 16,state[2]); + store_bigendian(statebytes + 24,state[3]); + store_bigendian(statebytes + 32,state[4]); + store_bigendian(statebytes + 40,state[5]); + store_bigendian(statebytes + 48,state[6]); + store_bigendian(statebytes + 56,state[7]); + + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/sha512/ref/implementors b/src/libnacl/crypto_hashblocks/sha512/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/sha512/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_hashblocks/sha512/selected b/src/libnacl/crypto_hashblocks/sha512/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hashblocks/sha512/used b/src/libnacl/crypto_hashblocks/sha512/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_hashblocks/try.c b/src/libnacl/crypto_hashblocks/try.c new file mode 100644 index 00000000..50744451 --- /dev/null +++ b/src/libnacl/crypto_hashblocks/try.c @@ -0,0 +1,80 @@ +/* + * crypto_hashblocks/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hashblocks.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION; + +#define MAXTEST_BYTES (10000 + crypto_hashblocks_STATEBYTES) +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *h2; +static unsigned char *m; +static unsigned char *m2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_hashblocks_STATEBYTES); + h2 = alignedcalloc(crypto_hashblocks_STATEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_hashblocks(h,m,TUNE_BYTES); +} + +char checksum[crypto_hashblocks_STATEBYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long hlen = crypto_hashblocks_STATEBYTES; + long long mlen = i; + for (j = -16;j < 0;++j) h[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + if (crypto_hashblocks(h,m,mlen) != 0) return "crypto_hashblocks returns nonzero"; + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hashblocks writes to input"; + for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes after output"; + for (j = 0;j < hlen;++j) m2[j] = h2[j]; + if (crypto_hashblocks(h2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero"; + if (crypto_hashblocks(m2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h2[j]) return "crypto_hashblocks does not handle overlap"; + for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen]; + m[mlen] = h[0]; + } + if (crypto_hashblocks(h,m,CHECKSUM_BYTES) != 0) return "crypto_hashblocks returns nonzero"; + + for (i = 0;i < crypto_hashblocks_STATEBYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_hashblocks/wrapper-empty.cpp b/src/libnacl/crypto_hashblocks/wrapper-empty.cpp new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_onetimeauth/measure.c b/src/libnacl/crypto_onetimeauth/measure.c new file mode 100644 index 00000000..6d3ddfd5 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/measure.c @@ -0,0 +1,69 @@ +#include "crypto_onetimeauth.h" +#include "randombytes.h" +#include "cpucycles.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION; +const char *implementationversion = crypto_onetimeauth_VERSION; +const char *sizenames[] = { "outputbytes", "keybytes", 0 }; +const long long sizes[] = { crypto_onetimeauth_BYTES, crypto_onetimeauth_KEYBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *m; +static unsigned char *h; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_onetimeauth_KEYBYTES); + m = alignedcalloc(MAXTEST_BYTES); + h = alignedcalloc(crypto_onetimeauth_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_onetimeauth_KEYBYTES); + randombytes(m,mlen); + randombytes(h,crypto_onetimeauth_BYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_onetimeauth(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_onetimeauth_verify(h,m,mlen,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"verify_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/53/api.h b/src/libnacl/crypto_onetimeauth/poly1305/53/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/53/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/53/auth.c b/src/libnacl/crypto_onetimeauth/poly1305/53/auth.c new file mode 100644 index 00000000..a4a9c3f6 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/53/auth.c @@ -0,0 +1,1616 @@ +/* +20080910 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_onetimeauth.h" + +typedef unsigned char uchar; +typedef int int32; +typedef unsigned int uint32; +typedef long long int64; +typedef unsigned long long uint64; + +static const double poly1305_53_constants[] = { + 0.00000000558793544769287109375 /* alpham80 = 3 2^(-29) */ +, 24.0 /* alpham48 = 3 2^3 */ +, 103079215104.0 /* alpham16 = 3 2^35 */ +, 6755399441055744.0 /* alpha0 = 3 2^51 */ +, 1770887431076116955136.0 /* alpha18 = 3 2^69 */ +, 29014219670751100192948224.0 /* alpha32 = 3 2^83 */ +, 7605903601369376408980219232256.0 /* alpha50 = 3 2^101 */ +, 124615124604835863084731911901282304.0 /* alpha64 = 3 2^115 */ +, 32667107224410092492483962313449748299776.0 /* alpha82 = 3 2^133 */ +, 535217884764734955396857238543560676143529984.0 /* alpha96 = 3 2^147 */ +, 35076039295941670036888435985190792471742381031424.0 /* alpha112 = 3 2^163 */ +, 9194973245195333150150082162901855101712434733101613056.0 /* alpha130 = 3 2^181 */ +, 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 /* scale = 5 2^(-130) */ +, 6755408030990331.0 /* offset0 = alpha0 + 2^33 - 5 */ +, 29014256564239239022116864.0 /* offset1 = alpha32 + 2^65 - 2^33 */ +, 124615283061160854719918951570079744.0 /* offset2 = alpha64 + 2^97 - 2^65 */ +, 535219245894202480694386063513315216128475136.0 /* offset3 = alpha96 + 2^130 - 2^97 */ +} ; + +int crypto_onetimeauth(unsigned char *out,const unsigned char *m,unsigned long long l,const unsigned char *k) +{ + register const unsigned char *r = k; + register const unsigned char *s = k + 16; + double r0high_stack; + double r1high_stack; + double r1low_stack; + double sr1high_stack; + double r2low_stack; + double sr2high_stack; + double r0low_stack; + double sr1low_stack; + double r2high_stack; + double sr2low_stack; + double r3high_stack; + double sr3high_stack; + double r3low_stack; + double sr3low_stack; + int64 d0; + int64 d1; + int64 d2; + int64 d3; + register double scale; + register double alpha0; + register double alpha32; + register double alpha64; + register double alpha96; + register double alpha130; + register double h0; + register double h1; + register double h2; + register double h3; + register double h4; + register double h5; + register double h6; + register double h7; + register double y7; + register double y6; + register double y1; + register double y0; + register double y5; + register double y4; + register double x7; + register double x6; + register double x1; + register double x0; + register double y3; + register double y2; + register double r3low; + register double r0low; + register double r3high; + register double r0high; + register double sr1low; + register double x5; + register double r3lowx0; + register double sr1high; + register double x4; + register double r0lowx6; + register double r1low; + register double x3; + register double r3highx0; + register double r1high; + register double x2; + register double r0highx6; + register double sr2low; + register double r0lowx0; + register double sr2high; + register double sr1lowx6; + register double r2low; + register double r0highx0; + register double r2high; + register double sr1highx6; + register double sr3low; + register double r1lowx0; + register double sr3high; + register double sr2lowx6; + register double r1highx0; + register double sr2highx6; + register double r2lowx0; + register double sr3lowx6; + register double r2highx0; + register double sr3highx6; + register double r1highx4; + register double r1lowx4; + register double r0highx4; + register double r0lowx4; + register double sr3highx4; + register double sr3lowx4; + register double sr2highx4; + register double sr2lowx4; + register double r0lowx2; + register double r0highx2; + register double r1lowx2; + register double r1highx2; + register double r2lowx2; + register double r2highx2; + register double sr3lowx2; + register double sr3highx2; + register double z0; + register double z1; + register double z2; + register double z3; + register int64 r0; + register int64 r1; + register int64 r2; + register int64 r3; + register uint32 r00; + register uint32 r01; + register uint32 r02; + register uint32 r03; + register uint32 r10; + register uint32 r11; + register uint32 r12; + register uint32 r13; + register uint32 r20; + register uint32 r21; + register uint32 r22; + register uint32 r23; + register uint32 r30; + register uint32 r31; + register uint32 r32; + register uint32 r33; + register int64 m0; + register int64 m1; + register int64 m2; + register int64 m3; + register uint32 m00; + register uint32 m01; + register uint32 m02; + register uint32 m03; + register uint32 m10; + register uint32 m11; + register uint32 m12; + register uint32 m13; + register uint32 m20; + register uint32 m21; + register uint32 m22; + register uint32 m23; + register uint32 m30; + register uint32 m31; + register uint32 m32; + register uint64 m33; + register char *constants; + register int32 lbelow2; + register int32 lbelow3; + register int32 lbelow4; + register int32 lbelow5; + register int32 lbelow6; + register int32 lbelow7; + register int32 lbelow8; + register int32 lbelow9; + register int32 lbelow10; + register int32 lbelow11; + register int32 lbelow12; + register int32 lbelow13; + register int32 lbelow14; + register int32 lbelow15; + register double alpham80; + register double alpham48; + register double alpham16; + register double alpha18; + register double alpha50; + register double alpha82; + register double alpha112; + register double offset0; + register double offset1; + register double offset2; + register double offset3; + register uint32 s00; + register uint32 s01; + register uint32 s02; + register uint32 s03; + register uint32 s10; + register uint32 s11; + register uint32 s12; + register uint32 s13; + register uint32 s20; + register uint32 s21; + register uint32 s22; + register uint32 s23; + register uint32 s30; + register uint32 s31; + register uint32 s32; + register uint32 s33; + register uint64 bits32; + register uint64 f; + register uint64 f0; + register uint64 f1; + register uint64 f2; + register uint64 f3; + register uint64 f4; + register uint64 g; + register uint64 g0; + register uint64 g1; + register uint64 g2; + register uint64 g3; + register uint64 g4; + + r00 = *(uchar *) (r + 0); + constants = (char *) &poly1305_53_constants; + + r01 = *(uchar *) (r + 1); + + r02 = *(uchar *) (r + 2); + r0 = 2151; + + r03 = *(uchar *) (r + 3); r03 &= 15; + r0 <<= 51; + + r10 = *(uchar *) (r + 4); r10 &= 252; + r01 <<= 8; + r0 += r00; + + r11 = *(uchar *) (r + 5); + r02 <<= 16; + r0 += r01; + + r12 = *(uchar *) (r + 6); + r03 <<= 24; + r0 += r02; + + r13 = *(uchar *) (r + 7); r13 &= 15; + r1 = 2215; + r0 += r03; + + d0 = r0; + r1 <<= 51; + r2 = 2279; + + r20 = *(uchar *) (r + 8); r20 &= 252; + r11 <<= 8; + r1 += r10; + + r21 = *(uchar *) (r + 9); + r12 <<= 16; + r1 += r11; + + r22 = *(uchar *) (r + 10); + r13 <<= 24; + r1 += r12; + + r23 = *(uchar *) (r + 11); r23 &= 15; + r2 <<= 51; + r1 += r13; + + d1 = r1; + r21 <<= 8; + r2 += r20; + + r30 = *(uchar *) (r + 12); r30 &= 252; + r22 <<= 16; + r2 += r21; + + r31 = *(uchar *) (r + 13); + r23 <<= 24; + r2 += r22; + + r32 = *(uchar *) (r + 14); + r2 += r23; + r3 = 2343; + + d2 = r2; + r3 <<= 51; + alpha32 = *(double *) (constants + 40); + + r33 = *(uchar *) (r + 15); r33 &= 15; + r31 <<= 8; + r3 += r30; + + r32 <<= 16; + r3 += r31; + + r33 <<= 24; + r3 += r32; + + r3 += r33; + h0 = alpha32 - alpha32; + + d3 = r3; + h1 = alpha32 - alpha32; + + alpha0 = *(double *) (constants + 24); + h2 = alpha32 - alpha32; + + alpha64 = *(double *) (constants + 56); + h3 = alpha32 - alpha32; + + alpha18 = *(double *) (constants + 32); + h4 = alpha32 - alpha32; + + r0low = *(double *) &d0; + h5 = alpha32 - alpha32; + + r1low = *(double *) &d1; + h6 = alpha32 - alpha32; + + r2low = *(double *) &d2; + h7 = alpha32 - alpha32; + + alpha50 = *(double *) (constants + 48); + r0low -= alpha0; + + alpha82 = *(double *) (constants + 64); + r1low -= alpha32; + + scale = *(double *) (constants + 96); + r2low -= alpha64; + + alpha96 = *(double *) (constants + 72); + r0high = r0low + alpha18; + + r3low = *(double *) &d3; + + alpham80 = *(double *) (constants + 0); + r1high = r1low + alpha50; + sr1low = scale * r1low; + + alpham48 = *(double *) (constants + 8); + r2high = r2low + alpha82; + sr2low = scale * r2low; + + r0high -= alpha18; + r0high_stack = r0high; + + r3low -= alpha96; + + r1high -= alpha50; + r1high_stack = r1high; + + sr1high = sr1low + alpham80; + + alpha112 = *(double *) (constants + 80); + r0low -= r0high; + + alpham16 = *(double *) (constants + 16); + r2high -= alpha82; + sr3low = scale * r3low; + + alpha130 = *(double *) (constants + 88); + sr2high = sr2low + alpham48; + + r1low -= r1high; + r1low_stack = r1low; + + sr1high -= alpham80; + sr1high_stack = sr1high; + + r2low -= r2high; + r2low_stack = r2low; + + sr2high -= alpham48; + sr2high_stack = sr2high; + + r3high = r3low + alpha112; + r0low_stack = r0low; + + sr1low -= sr1high; + sr1low_stack = sr1low; + + sr3high = sr3low + alpham16; + r2high_stack = r2high; + + sr2low -= sr2high; + sr2low_stack = sr2low; + + r3high -= alpha112; + r3high_stack = r3high; + + + sr3high -= alpham16; + sr3high_stack = sr3high; + + + r3low -= r3high; + r3low_stack = r3low; + + + sr3low -= sr3high; + sr3low_stack = sr3low; + +if (l < 16) goto addatmost15bytes; + + m00 = *(uchar *) (m + 0); + m0 = 2151; + + m0 <<= 51; + m1 = 2215; + m01 = *(uchar *) (m + 1); + + m1 <<= 51; + m2 = 2279; + m02 = *(uchar *) (m + 2); + + m2 <<= 51; + m3 = 2343; + m03 = *(uchar *) (m + 3); + + m10 = *(uchar *) (m + 4); + m01 <<= 8; + m0 += m00; + + m11 = *(uchar *) (m + 5); + m02 <<= 16; + m0 += m01; + + m12 = *(uchar *) (m + 6); + m03 <<= 24; + m0 += m02; + + m13 = *(uchar *) (m + 7); + m3 <<= 51; + m0 += m03; + + m20 = *(uchar *) (m + 8); + m11 <<= 8; + m1 += m10; + + m21 = *(uchar *) (m + 9); + m12 <<= 16; + m1 += m11; + + m22 = *(uchar *) (m + 10); + m13 <<= 24; + m1 += m12; + + m23 = *(uchar *) (m + 11); + m1 += m13; + + m30 = *(uchar *) (m + 12); + m21 <<= 8; + m2 += m20; + + m31 = *(uchar *) (m + 13); + m22 <<= 16; + m2 += m21; + + m32 = *(uchar *) (m + 14); + m23 <<= 24; + m2 += m22; + + m33 = *(uchar *) (m + 15); + m2 += m23; + + d0 = m0; + m31 <<= 8; + m3 += m30; + + d1 = m1; + m32 <<= 16; + m3 += m31; + + d2 = m2; + m33 += 256; + + m33 <<= 24; + m3 += m32; + + m3 += m33; + d3 = m3; + + m += 16; + l -= 16; + + z0 = *(double *) &d0; + + z1 = *(double *) &d1; + + z2 = *(double *) &d2; + + z3 = *(double *) &d3; + + z0 -= alpha0; + + z1 -= alpha32; + + z2 -= alpha64; + + z3 -= alpha96; + + h0 += z0; + + h1 += z1; + + h3 += z2; + + h5 += z3; + +if (l < 16) goto multiplyaddatmost15bytes; + +multiplyaddatleast16bytes:; + + m2 = 2279; + m20 = *(uchar *) (m + 8); + y7 = h7 + alpha130; + + m2 <<= 51; + m3 = 2343; + m21 = *(uchar *) (m + 9); + y6 = h6 + alpha130; + + m3 <<= 51; + m0 = 2151; + m22 = *(uchar *) (m + 10); + y1 = h1 + alpha32; + + m0 <<= 51; + m1 = 2215; + m23 = *(uchar *) (m + 11); + y0 = h0 + alpha32; + + m1 <<= 51; + m30 = *(uchar *) (m + 12); + y7 -= alpha130; + + m21 <<= 8; + m2 += m20; + m31 = *(uchar *) (m + 13); + y6 -= alpha130; + + m22 <<= 16; + m2 += m21; + m32 = *(uchar *) (m + 14); + y1 -= alpha32; + + m23 <<= 24; + m2 += m22; + m33 = *(uchar *) (m + 15); + y0 -= alpha32; + + m2 += m23; + m00 = *(uchar *) (m + 0); + y5 = h5 + alpha96; + + m31 <<= 8; + m3 += m30; + m01 = *(uchar *) (m + 1); + y4 = h4 + alpha96; + + m32 <<= 16; + m02 = *(uchar *) (m + 2); + x7 = h7 - y7; + y7 *= scale; + + m33 += 256; + m03 = *(uchar *) (m + 3); + x6 = h6 - y6; + y6 *= scale; + + m33 <<= 24; + m3 += m31; + m10 = *(uchar *) (m + 4); + x1 = h1 - y1; + + m01 <<= 8; + m3 += m32; + m11 = *(uchar *) (m + 5); + x0 = h0 - y0; + + m3 += m33; + m0 += m00; + m12 = *(uchar *) (m + 6); + y5 -= alpha96; + + m02 <<= 16; + m0 += m01; + m13 = *(uchar *) (m + 7); + y4 -= alpha96; + + m03 <<= 24; + m0 += m02; + d2 = m2; + x1 += y7; + + m0 += m03; + d3 = m3; + x0 += y6; + + m11 <<= 8; + m1 += m10; + d0 = m0; + x7 += y5; + + m12 <<= 16; + m1 += m11; + x6 += y4; + + m13 <<= 24; + m1 += m12; + y3 = h3 + alpha64; + + m1 += m13; + d1 = m1; + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + z2 = *(double *) &d2; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + z3 = *(double *) &d3; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + z2 -= alpha64; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + z3 -= alpha96; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + alpha0 = *(double *) (constants + 24); + + m += 16; + h6 += r2lowx2; + + l -= 16; + h7 += r2highx2; + + z1 = *(double *) &d1; + h0 += sr3lowx2; + + z0 = *(double *) &d0; + h1 += sr3highx2; + + z1 -= alpha32; + + z0 -= alpha0; + + h5 += z3; + + h3 += z2; + + h1 += z1; + + h0 += z0; + +if (l >= 16) goto multiplyaddatleast16bytes; + +multiplyaddatmost15bytes:; + + y7 = h7 + alpha130; + + y6 = h6 + alpha130; + + y1 = h1 + alpha32; + + y0 = h0 + alpha32; + + y7 -= alpha130; + + y6 -= alpha130; + + y1 -= alpha32; + + y0 -= alpha32; + + y5 = h5 + alpha96; + + y4 = h4 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + x6 = h6 - y6; + y6 *= scale; + + x1 = h1 - y1; + + x0 = h0 - y0; + + y5 -= alpha96; + + y4 -= alpha96; + + x1 += y7; + + x0 += y6; + + x7 += y5; + + x6 += y4; + + y3 = h3 + alpha64; + + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + + h6 += r2lowx2; + + h7 += r2highx2; + + h0 += sr3lowx2; + + h1 += sr3highx2; + +addatmost15bytes:; + +if (l == 0) goto nomorebytes; + + lbelow2 = l - 2; + + lbelow3 = l - 3; + + lbelow2 >>= 31; + lbelow4 = l - 4; + + m00 = *(uchar *) (m + 0); + lbelow3 >>= 31; + m += lbelow2; + + m01 = *(uchar *) (m + 1); + lbelow4 >>= 31; + m += lbelow3; + + m02 = *(uchar *) (m + 2); + m += lbelow4; + m0 = 2151; + + m03 = *(uchar *) (m + 3); + m0 <<= 51; + m1 = 2215; + + m0 += m00; + m01 &= ~lbelow2; + + m02 &= ~lbelow3; + m01 -= lbelow2; + + m01 <<= 8; + m03 &= ~lbelow4; + + m0 += m01; + lbelow2 -= lbelow3; + + m02 += lbelow2; + lbelow3 -= lbelow4; + + m02 <<= 16; + m03 += lbelow3; + + m03 <<= 24; + m0 += m02; + + m0 += m03; + lbelow5 = l - 5; + + lbelow6 = l - 6; + lbelow7 = l - 7; + + lbelow5 >>= 31; + lbelow8 = l - 8; + + lbelow6 >>= 31; + m += lbelow5; + + m10 = *(uchar *) (m + 4); + lbelow7 >>= 31; + m += lbelow6; + + m11 = *(uchar *) (m + 5); + lbelow8 >>= 31; + m += lbelow7; + + m12 = *(uchar *) (m + 6); + m1 <<= 51; + m += lbelow8; + + m13 = *(uchar *) (m + 7); + m10 &= ~lbelow5; + lbelow4 -= lbelow5; + + m10 += lbelow4; + lbelow5 -= lbelow6; + + m11 &= ~lbelow6; + m11 += lbelow5; + + m11 <<= 8; + m1 += m10; + + m1 += m11; + m12 &= ~lbelow7; + + lbelow6 -= lbelow7; + m13 &= ~lbelow8; + + m12 += lbelow6; + lbelow7 -= lbelow8; + + m12 <<= 16; + m13 += lbelow7; + + m13 <<= 24; + m1 += m12; + + m1 += m13; + m2 = 2279; + + lbelow9 = l - 9; + m3 = 2343; + + lbelow10 = l - 10; + lbelow11 = l - 11; + + lbelow9 >>= 31; + lbelow12 = l - 12; + + lbelow10 >>= 31; + m += lbelow9; + + m20 = *(uchar *) (m + 8); + lbelow11 >>= 31; + m += lbelow10; + + m21 = *(uchar *) (m + 9); + lbelow12 >>= 31; + m += lbelow11; + + m22 = *(uchar *) (m + 10); + m2 <<= 51; + m += lbelow12; + + m23 = *(uchar *) (m + 11); + m20 &= ~lbelow9; + lbelow8 -= lbelow9; + + m20 += lbelow8; + lbelow9 -= lbelow10; + + m21 &= ~lbelow10; + m21 += lbelow9; + + m21 <<= 8; + m2 += m20; + + m2 += m21; + m22 &= ~lbelow11; + + lbelow10 -= lbelow11; + m23 &= ~lbelow12; + + m22 += lbelow10; + lbelow11 -= lbelow12; + + m22 <<= 16; + m23 += lbelow11; + + m23 <<= 24; + m2 += m22; + + m3 <<= 51; + lbelow13 = l - 13; + + lbelow13 >>= 31; + lbelow14 = l - 14; + + lbelow14 >>= 31; + m += lbelow13; + lbelow15 = l - 15; + + m30 = *(uchar *) (m + 12); + lbelow15 >>= 31; + m += lbelow14; + + m31 = *(uchar *) (m + 13); + m += lbelow15; + m2 += m23; + + m32 = *(uchar *) (m + 14); + m30 &= ~lbelow13; + lbelow12 -= lbelow13; + + m30 += lbelow12; + lbelow13 -= lbelow14; + + m3 += m30; + m31 &= ~lbelow14; + + m31 += lbelow13; + m32 &= ~lbelow15; + + m31 <<= 8; + lbelow14 -= lbelow15; + + m3 += m31; + m32 += lbelow14; + d0 = m0; + + m32 <<= 16; + m33 = lbelow15 + 1; + d1 = m1; + + m33 <<= 24; + m3 += m32; + d2 = m2; + + m3 += m33; + d3 = m3; + + alpha0 = *(double *) (constants + 24); + + z3 = *(double *) &d3; + + z2 = *(double *) &d2; + + z1 = *(double *) &d1; + + z0 = *(double *) &d0; + + z3 -= alpha96; + + z2 -= alpha64; + + z1 -= alpha32; + + z0 -= alpha0; + + h5 += z3; + + h3 += z2; + + h1 += z1; + + h0 += z0; + + y7 = h7 + alpha130; + + y6 = h6 + alpha130; + + y1 = h1 + alpha32; + + y0 = h0 + alpha32; + + y7 -= alpha130; + + y6 -= alpha130; + + y1 -= alpha32; + + y0 -= alpha32; + + y5 = h5 + alpha96; + + y4 = h4 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + x6 = h6 - y6; + y6 *= scale; + + x1 = h1 - y1; + + x0 = h0 - y0; + + y5 -= alpha96; + + y4 -= alpha96; + + x1 += y7; + + x0 += y6; + + x7 += y5; + + x6 += y4; + + y3 = h3 + alpha64; + + y2 = h2 + alpha64; + + x0 += x1; + + x6 += x7; + + y3 -= alpha64; + r3low = r3low_stack; + + y2 -= alpha64; + r0low = r0low_stack; + + x5 = h5 - y5; + r3lowx0 = r3low * x0; + r3high = r3high_stack; + + x4 = h4 - y4; + r0lowx6 = r0low * x6; + r0high = r0high_stack; + + x3 = h3 - y3; + r3highx0 = r3high * x0; + sr1low = sr1low_stack; + + x2 = h2 - y2; + r0highx6 = r0high * x6; + sr1high = sr1high_stack; + + x5 += y3; + r0lowx0 = r0low * x0; + r1low = r1low_stack; + + h6 = r3lowx0 + r0lowx6; + sr1lowx6 = sr1low * x6; + r1high = r1high_stack; + + x4 += y2; + r0highx0 = r0high * x0; + sr2low = sr2low_stack; + + h7 = r3highx0 + r0highx6; + sr1highx6 = sr1high * x6; + sr2high = sr2high_stack; + + x3 += y1; + r1lowx0 = r1low * x0; + r2low = r2low_stack; + + h0 = r0lowx0 + sr1lowx6; + sr2lowx6 = sr2low * x6; + r2high = r2high_stack; + + x2 += y0; + r1highx0 = r1high * x0; + sr3low = sr3low_stack; + + h1 = r0highx0 + sr1highx6; + sr2highx6 = sr2high * x6; + sr3high = sr3high_stack; + + x4 += x5; + r2lowx0 = r2low * x0; + + h2 = r1lowx0 + sr2lowx6; + sr3lowx6 = sr3low * x6; + + x2 += x3; + r2highx0 = r2high * x0; + + h3 = r1highx0 + sr2highx6; + sr3highx6 = sr3high * x6; + + r1highx4 = r1high * x4; + + h4 = r2lowx0 + sr3lowx6; + r1lowx4 = r1low * x4; + + r0highx4 = r0high * x4; + + h5 = r2highx0 + sr3highx6; + r0lowx4 = r0low * x4; + + h7 += r1highx4; + sr3highx4 = sr3high * x4; + + h6 += r1lowx4; + sr3lowx4 = sr3low * x4; + + h5 += r0highx4; + sr2highx4 = sr2high * x4; + + h4 += r0lowx4; + sr2lowx4 = sr2low * x4; + + h3 += sr3highx4; + r0lowx2 = r0low * x2; + + h2 += sr3lowx4; + r0highx2 = r0high * x2; + + h1 += sr2highx4; + r1lowx2 = r1low * x2; + + h0 += sr2lowx4; + r1highx2 = r1high * x2; + + h2 += r0lowx2; + r2lowx2 = r2low * x2; + + h3 += r0highx2; + r2highx2 = r2high * x2; + + h4 += r1lowx2; + sr3lowx2 = sr3low * x2; + + h5 += r1highx2; + sr3highx2 = sr3high * x2; + + h6 += r2lowx2; + + h7 += r2highx2; + + h0 += sr3lowx2; + + h1 += sr3highx2; + + +nomorebytes:; + + offset0 = *(double *) (constants + 104); + y7 = h7 + alpha130; + + offset1 = *(double *) (constants + 112); + y0 = h0 + alpha32; + + offset2 = *(double *) (constants + 120); + y1 = h1 + alpha32; + + offset3 = *(double *) (constants + 128); + y2 = h2 + alpha64; + + y7 -= alpha130; + + y3 = h3 + alpha64; + + y4 = h4 + alpha96; + + y5 = h5 + alpha96; + + x7 = h7 - y7; + y7 *= scale; + + y0 -= alpha32; + + y1 -= alpha32; + + y2 -= alpha64; + + h6 += x7; + + y3 -= alpha64; + + y4 -= alpha96; + + y5 -= alpha96; + + y6 = h6 + alpha130; + + x0 = h0 - y0; + + x1 = h1 - y1; + + x2 = h2 - y2; + + y6 -= alpha130; + + x0 += y7; + + x3 = h3 - y3; + + x4 = h4 - y4; + + x5 = h5 - y5; + + x6 = h6 - y6; + + y6 *= scale; + + x2 += y0; + + x3 += y1; + + x4 += y2; + + x0 += y6; + + x5 += y3; + + x6 += y4; + + x2 += x3; + + x0 += x1; + + x4 += x5; + + x6 += y5; + + x2 += offset1; + *(double *) &d1 = x2; + + x0 += offset0; + *(double *) &d0 = x0; + + x4 += offset2; + *(double *) &d2 = x4; + + x6 += offset3; + *(double *) &d3 = x6; + + + + + f0 = d0; + + f1 = d1; + bits32 = -1; + + f2 = d2; + bits32 >>= 32; + + f3 = d3; + f = f0 >> 32; + + f0 &= bits32; + f &= 255; + + f1 += f; + g0 = f0 + 5; + + g = g0 >> 32; + g0 &= bits32; + + f = f1 >> 32; + f1 &= bits32; + + f &= 255; + g1 = f1 + g; + + g = g1 >> 32; + f2 += f; + + f = f2 >> 32; + g1 &= bits32; + + f2 &= bits32; + f &= 255; + + f3 += f; + g2 = f2 + g; + + g = g2 >> 32; + g2 &= bits32; + + f4 = f3 >> 32; + f3 &= bits32; + + f4 &= 255; + g3 = f3 + g; + + g = g3 >> 32; + g3 &= bits32; + + g4 = f4 + g; + + g4 = g4 - 4; + s00 = *(uchar *) (s + 0); + + f = (int64) g4 >> 63; + s01 = *(uchar *) (s + 1); + + f0 &= f; + g0 &= ~f; + s02 = *(uchar *) (s + 2); + + f1 &= f; + f0 |= g0; + s03 = *(uchar *) (s + 3); + + g1 &= ~f; + f2 &= f; + s10 = *(uchar *) (s + 4); + + f3 &= f; + g2 &= ~f; + s11 = *(uchar *) (s + 5); + + g3 &= ~f; + f1 |= g1; + s12 = *(uchar *) (s + 6); + + f2 |= g2; + f3 |= g3; + s13 = *(uchar *) (s + 7); + + s01 <<= 8; + f0 += s00; + s20 = *(uchar *) (s + 8); + + s02 <<= 16; + f0 += s01; + s21 = *(uchar *) (s + 9); + + s03 <<= 24; + f0 += s02; + s22 = *(uchar *) (s + 10); + + s11 <<= 8; + f1 += s10; + s23 = *(uchar *) (s + 11); + + s12 <<= 16; + f1 += s11; + s30 = *(uchar *) (s + 12); + + s13 <<= 24; + f1 += s12; + s31 = *(uchar *) (s + 13); + + f0 += s03; + f1 += s13; + s32 = *(uchar *) (s + 14); + + s21 <<= 8; + f2 += s20; + s33 = *(uchar *) (s + 15); + + s22 <<= 16; + f2 += s21; + + s23 <<= 24; + f2 += s22; + + s31 <<= 8; + f3 += s30; + + s32 <<= 16; + f3 += s31; + + s33 <<= 24; + f3 += s32; + + f2 += s23; + f3 += s33; + + *(uchar *) (out + 0) = f0; + f0 >>= 8; + *(uchar *) (out + 1) = f0; + f0 >>= 8; + *(uchar *) (out + 2) = f0; + f0 >>= 8; + *(uchar *) (out + 3) = f0; + f0 >>= 8; + f1 += f0; + + *(uchar *) (out + 4) = f1; + f1 >>= 8; + *(uchar *) (out + 5) = f1; + f1 >>= 8; + *(uchar *) (out + 6) = f1; + f1 >>= 8; + *(uchar *) (out + 7) = f1; + f1 >>= 8; + f2 += f1; + + *(uchar *) (out + 8) = f2; + f2 >>= 8; + *(uchar *) (out + 9) = f2; + f2 >>= 8; + *(uchar *) (out + 10) = f2; + f2 >>= 8; + *(uchar *) (out + 11) = f2; + f2 >>= 8; + f3 += f2; + + *(uchar *) (out + 12) = f3; + f3 >>= 8; + *(uchar *) (out + 13) = f3; + f3 >>= 8; + *(uchar *) (out + 14) = f3; + f3 >>= 8; + *(uchar *) (out + 15) = f3; + + return 0; +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/53/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/53/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/53/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h b/src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/checksum b/src/libnacl/crypto_onetimeauth/poly1305/checksum new file mode 100644 index 00000000..a713ea40 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/checksum @@ -0,0 +1 @@ +e836d5ca58cf673fca2b4910f23f3990 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/ref/api.h b/src/libnacl/crypto_onetimeauth/poly1305/ref/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c b/src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c new file mode 100644 index 00000000..06cf115d --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c @@ -0,0 +1,104 @@ +/* +20080912 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_onetimeauth.h" + +static void add(unsigned int h[17],const unsigned int c[17]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; } +} + +static void squeeze(unsigned int h[17]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } + u += h[16]; h[16] = u & 3; + u = 5 * (u >> 2); + for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } + u += h[16]; h[16] = u; +} + +static const unsigned int minusp[17] = { + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 +} ; + +static void freeze(unsigned int h[17]) +{ + unsigned int horig[17]; + unsigned int j; + unsigned int negative; + for (j = 0;j < 17;++j) horig[j] = h[j]; + add(h,minusp); + negative = -(h[16] >> 7); + for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]); +} + +static void mulmod(unsigned int h[17],const unsigned int r[17]) +{ + unsigned int hr[17]; + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 17;++i) { + u = 0; + for (j = 0;j <= i;++j) u += h[j] * r[i - j]; + for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j]; + hr[i] = u; + } + for (i = 0;i < 17;++i) h[i] = hr[i]; + squeeze(h); +} + +int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned int j; + unsigned int r[17]; + unsigned int h[17]; + unsigned int c[17]; + + r[0] = k[0]; + r[1] = k[1]; + r[2] = k[2]; + r[3] = k[3] & 15; + r[4] = k[4] & 252; + r[5] = k[5]; + r[6] = k[6]; + r[7] = k[7] & 15; + r[8] = k[8] & 252; + r[9] = k[9]; + r[10] = k[10]; + r[11] = k[11] & 15; + r[12] = k[12] & 252; + r[13] = k[13]; + r[14] = k[14]; + r[15] = k[15] & 15; + r[16] = 0; + + for (j = 0;j < 17;++j) h[j] = 0; + + while (inlen > 0) { + for (j = 0;j < 17;++j) c[j] = 0; + for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j]; + c[j] = 1; + in += j; inlen -= j; + add(h,c); + mulmod(h,r); + } + + freeze(h); + + for (j = 0;j < 16;++j) c[j] = k[j + 16]; + c[16] = 0; + add(h,c); + for (j = 0;j < 16;++j) out[j] = h[j]; + return 0; +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/poly1305/selected b/src/libnacl/crypto_onetimeauth/poly1305/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_onetimeauth/poly1305/used b/src/libnacl/crypto_onetimeauth/poly1305/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_onetimeauth/poly1305/x86/api.h b/src/libnacl/crypto_onetimeauth/poly1305/x86/api.h new file mode 100644 index 00000000..acc133ed --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/x86/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 16 +#define CRYPTO_KEYBYTES 32 diff --git a/src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c b/src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c new file mode 100644 index 00000000..c7e063f1 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c @@ -0,0 +1,9 @@ +#include "crypto_verify_16.h" +#include "crypto_onetimeauth.h" + +int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[16]; + crypto_onetimeauth(correct,in,inlen,k); + return crypto_verify_16(h,correct); +} diff --git a/src/libnacl/crypto_onetimeauth/try.c b/src/libnacl/crypto_onetimeauth/try.c new file mode 100644 index 00000000..185d5c7e --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/try.c @@ -0,0 +1,121 @@ +/* + * crypto_onetimeauth/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash_sha256.h" +#include "crypto_onetimeauth.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *m; +static unsigned char *k; +static unsigned char *h2; +static unsigned char *m2; +static unsigned char *k2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_onetimeauth_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + k = alignedcalloc(crypto_onetimeauth_KEYBYTES); + h2 = alignedcalloc(crypto_onetimeauth_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES); + k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_onetimeauth(h,m,TUNE_BYTES,k); + crypto_onetimeauth_verify(h,m,TUNE_BYTES,k); +} + +char checksum[crypto_onetimeauth_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long klen = crypto_onetimeauth_KEYBYTES; + long long hlen = crypto_onetimeauth_BYTES; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero"; + + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m"; + for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output"; + + for (j = -16;j < 0;++j) h[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = hlen;j < hlen + 16;++j) h[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap"; + for (j = 0;j < hlen;++j) m2[j] = m[j]; + if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero"; + for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + + if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero"; + + for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; + if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero"; + if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; + m[mlen] = h2[0]; + } + if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero"; + if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero"; + + for (i = 0;i < crypto_onetimeauth_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_onetimeauth/wrapper-auth.cpp b/src/libnacl/crypto_onetimeauth/wrapper-auth.cpp new file mode 100644 index 00000000..f4279607 --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/wrapper-auth.cpp @@ -0,0 +1,11 @@ +#include +using std::string; +#include "crypto_onetimeauth.h" + +string crypto_onetimeauth(const string &m,const string &k) +{ + if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length"; + unsigned char a[crypto_onetimeauth_BYTES]; + crypto_onetimeauth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str()); + return string((char *) a,crypto_onetimeauth_BYTES); +} diff --git a/src/libnacl/crypto_onetimeauth/wrapper-verify.cpp b/src/libnacl/crypto_onetimeauth/wrapper-verify.cpp new file mode 100644 index 00000000..248239ee --- /dev/null +++ b/src/libnacl/crypto_onetimeauth/wrapper-verify.cpp @@ -0,0 +1,14 @@ +#include +using std::string; +#include "crypto_onetimeauth.h" + +void crypto_onetimeauth_verify(const string &a,const string &m,const string &k) +{ + if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length"; + if (a.size() != crypto_onetimeauth_BYTES) throw "incorrect authenticator length"; + if (crypto_onetimeauth_verify( + (const unsigned char *) a.c_str(), + (const unsigned char *) m.c_str(),m.size(), + (const unsigned char *) k.c_str()) == 0) return; + throw "invalid authenticator"; +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/checksum b/src/libnacl/crypto_scalarmult/curve25519/checksum new file mode 100644 index 00000000..ce2d395b --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/checksum @@ -0,0 +1 @@ +dacdae4a0f12353dfc66757f2fd1fff538fe6616115dace9afb8016a55be2a52 diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h new file mode 100644 index 00000000..60339596 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_SCALARBYTES 32 diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c new file mode 100644 index 00000000..f33419e8 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c @@ -0,0 +1,8 @@ +#include "crypto_scalarmult.h" + +static const unsigned char basepoint[32] = {9}; + +int crypto_scalarmult_base(unsigned char *q,const unsigned char *n) +{ + return crypto_scalarmult(q, n, basepoint); +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors new file mode 100644 index 00000000..0ce43280 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors @@ -0,0 +1 @@ +Adam Langley (Google) diff --git a/src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c new file mode 100644 index 00000000..6d26956b --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c @@ -0,0 +1,477 @@ +/* Copyright 2008, Google Inc. + * All rights reserved. + * + * Code released into the public domain. + * + * curve25519-donna: Curve25519 elliptic curve, public key function + * + * http://code.google.com/p/curve25519-donna/ + * + * Adam Langley + * + * Derived from public domain C code by Daniel J. Bernstein + * + * More information about curve25519 can be found here + * http://cr.yp.to/ecdh.html + * + * djb's sample implementation of curve25519 is written in a special assembly + * language called qhasm and uses the floating point registers. + * + * This is, almost, a clean room reimplementation from the curve25519 paper. It + * uses many of the tricks described therein. Only the crecip function is taken + * from the sample implementation. + */ + +#include +#include +#include "crypto_scalarmult.h" + +typedef uint8_t u8; +typedef uint64_t felem; +// This is a special gcc mode for 128-bit integers. It's implemented on 64-bit +// platforms only as far as I know. +typedef unsigned uint128_t __attribute__((mode(TI))); + +/* Sum two numbers: output += in */ +static void fsum(felem *output, const felem *in) { + unsigned i; + for (i = 0; i < 5; ++i) output[i] += in[i]; +} + +/* Find the difference of two numbers: output = in - output + * (note the order of the arguments!) + */ +static void fdifference_backwards(felem *ioutput, const felem *iin) { + static const int64_t twotothe51 = (1l << 51); + const int64_t *in = (const int64_t *) iin; + int64_t *out = (int64_t *) ioutput; + + out[0] = in[0] - out[0]; + out[1] = in[1] - out[1]; + out[2] = in[2] - out[2]; + out[3] = in[3] - out[3]; + out[4] = in[4] - out[4]; + + // An arithmetic shift right of 63 places turns a positive number to 0 and a + // negative number to all 1's. This gives us a bitmask that lets us avoid + // side-channel prone branches. + int64_t t; + +#define NEGCHAIN(a,b) \ + t = out[a] >> 63; \ + out[a] += twotothe51 & t; \ + out[b] -= 1 & t; + +#define NEGCHAIN19(a,b) \ + t = out[a] >> 63; \ + out[a] += twotothe51 & t; \ + out[b] -= 19 & t; + + NEGCHAIN(0, 1); + NEGCHAIN(1, 2); + NEGCHAIN(2, 3); + NEGCHAIN(3, 4); + NEGCHAIN19(4, 0); + NEGCHAIN(0, 1); + NEGCHAIN(1, 2); + NEGCHAIN(2, 3); + NEGCHAIN(3, 4); +} + +/* Multiply a number by a scalar: output = in * scalar */ +static void fscalar_product(felem *output, const felem *in, const felem scalar) { + uint128_t a; + + a = ((uint128_t) in[0]) * scalar; + output[0] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[1]) * scalar + (a >> 51); + output[1] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[2]) * scalar + (a >> 51); + output[2] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[3]) * scalar + (a >> 51); + output[3] = a & 0x7ffffffffffff; + + a = ((uint128_t) in[4]) * scalar + (a >> 51); + output[4] = a & 0x7ffffffffffff; + + output[0] += (a >> 51) * 19; +} + +/* Multiply two numbers: output = in2 * in + * + * output must be distinct to both inputs. The inputs are reduced coefficient + * form, the output is not. + */ +static void fmul(felem *output, const felem *in2, const felem *in) { + uint128_t t[9]; + + t[0] = ((uint128_t) in[0]) * in2[0]; + t[1] = ((uint128_t) in[0]) * in2[1] + + ((uint128_t) in[1]) * in2[0]; + t[2] = ((uint128_t) in[0]) * in2[2] + + ((uint128_t) in[2]) * in2[0] + + ((uint128_t) in[1]) * in2[1]; + t[3] = ((uint128_t) in[0]) * in2[3] + + ((uint128_t) in[3]) * in2[0] + + ((uint128_t) in[1]) * in2[2] + + ((uint128_t) in[2]) * in2[1]; + t[4] = ((uint128_t) in[0]) * in2[4] + + ((uint128_t) in[4]) * in2[0] + + ((uint128_t) in[3]) * in2[1] + + ((uint128_t) in[1]) * in2[3] + + ((uint128_t) in[2]) * in2[2]; + t[5] = ((uint128_t) in[4]) * in2[1] + + ((uint128_t) in[1]) * in2[4] + + ((uint128_t) in[2]) * in2[3] + + ((uint128_t) in[3]) * in2[2]; + t[6] = ((uint128_t) in[4]) * in2[2] + + ((uint128_t) in[2]) * in2[4] + + ((uint128_t) in[3]) * in2[3]; + t[7] = ((uint128_t) in[3]) * in2[4] + + ((uint128_t) in[4]) * in2[3]; + t[8] = ((uint128_t) in[4]) * in2[4]; + + t[0] += t[5] * 19; + t[1] += t[6] * 19; + t[2] += t[7] * 19; + t[3] += t[8] * 19; + + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; + t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; + t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; + t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); + t[4] &= 0x7ffffffffffff; + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; + t[1] &= 0x7ffffffffffff; + + output[0] = t[0]; + output[1] = t[1]; + output[2] = t[2]; + output[3] = t[3]; + output[4] = t[4]; +} + +static void +fsquare(felem *output, const felem *in) { + uint128_t t[9]; + + t[0] = ((uint128_t) in[0]) * in[0]; + t[1] = ((uint128_t) in[0]) * in[1] * 2; + t[2] = ((uint128_t) in[0]) * in[2] * 2 + + ((uint128_t) in[1]) * in[1]; + t[3] = ((uint128_t) in[0]) * in[3] * 2 + + ((uint128_t) in[1]) * in[2] * 2; + t[4] = ((uint128_t) in[0]) * in[4] * 2 + + ((uint128_t) in[3]) * in[1] * 2 + + ((uint128_t) in[2]) * in[2]; + t[5] = ((uint128_t) in[4]) * in[1] * 2 + + ((uint128_t) in[2]) * in[3] * 2; + t[6] = ((uint128_t) in[4]) * in[2] * 2 + + ((uint128_t) in[3]) * in[3]; + t[7] = ((uint128_t) in[3]) * in[4] * 2; + t[8] = ((uint128_t) in[4]) * in[4]; + + t[0] += t[5] * 19; + t[1] += t[6] * 19; + t[2] += t[7] * 19; + t[3] += t[8] * 19; + + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; + t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; + t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; + t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); + t[4] &= 0x7ffffffffffff; + t[1] += t[0] >> 51; + t[0] &= 0x7ffffffffffff; + + output[0] = t[0]; + output[1] = t[1]; + output[2] = t[2]; + output[3] = t[3]; + output[4] = t[4]; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +static void +fexpand(felem *output, const u8 *in) { + output[0] = *((const uint64_t *)(in)) & 0x7ffffffffffff; + output[1] = (*((const uint64_t *)(in+6)) >> 3) & 0x7ffffffffffff; + output[2] = (*((const uint64_t *)(in+12)) >> 6) & 0x7ffffffffffff; + output[3] = (*((const uint64_t *)(in+19)) >> 1) & 0x7ffffffffffff; + output[4] = (*((const uint64_t *)(in+25)) >> 4) & 0x7ffffffffffff; +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +static void +fcontract(u8 *output, const felem *input) { + uint128_t t[5]; + + t[0] = input[0]; + t[1] = input[1]; + t[2] = input[2]; + t[3] = input[3]; + t[4] = input[4]; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + + t[0] += 19; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + + t[0] += 0x8000000000000 - 19; + t[1] += 0x8000000000000 - 1; + t[2] += 0x8000000000000 - 1; + t[3] += 0x8000000000000 - 1; + t[4] += 0x8000000000000 - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[4] &= 0x7ffffffffffff; + + *((uint64_t *)(output)) = t[0] | (t[1] << 51); + *((uint64_t *)(output+8)) = (t[1] >> 13) | (t[2] << 38); + *((uint64_t *)(output+16)) = (t[2] >> 26) | (t[3] << 25); + *((uint64_t *)(output+24)) = (t[3] >> 39) | (t[4] << 12); +} + +/* Input: Q, Q', Q-Q' + * Output: 2Q, Q+Q' + * + * x2 z3: long form + * x3 z3: long form + * x z: short form, destroyed + * xprime zprime: short form, destroyed + * qmqp: short form, preserved + */ +static void +fmonty(felem *x2, felem *z2, /* output 2Q */ + felem *x3, felem *z3, /* output Q + Q' */ + felem *x, felem *z, /* input Q */ + felem *xprime, felem *zprime, /* input Q' */ + const felem *qmqp /* input Q - Q' */) { + felem origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5], + zzprime[5], zzzprime[5]; + + memcpy(origx, x, 5 * sizeof(felem)); + fsum(x, z); + fdifference_backwards(z, origx); // does x - z + + memcpy(origxprime, xprime, sizeof(felem) * 5); + fsum(xprime, zprime); + fdifference_backwards(zprime, origxprime); + fmul(xxprime, xprime, z); + fmul(zzprime, x, zprime); + memcpy(origxprime, xxprime, sizeof(felem) * 5); + fsum(xxprime, zzprime); + fdifference_backwards(zzprime, origxprime); + fsquare(x3, xxprime); + fsquare(zzzprime, zzprime); + fmul(z3, zzzprime, qmqp); + + fsquare(xx, x); + fsquare(zz, z); + fmul(x2, xx, zz); + fdifference_backwards(zz, xx); // does zz = xx - zz + fscalar_product(zzz, zz, 121665); + fsum(zzz, xx); + fmul(z2, zz, zzz); +} + +// ----------------------------------------------------------------------------- +// Maybe swap the contents of two felem arrays (@a and @b), each @len elements +// long. Perform the swap iff @swap is non-zero. +// +// This function performs the swap without leaking any side-channel +// information. +// ----------------------------------------------------------------------------- +static void +swap_conditional(felem *a, felem *b, unsigned len, felem iswap) { + unsigned i; + const felem swap = -iswap; + + for (i = 0; i < len; ++i) { + const felem x = swap & (a[i] ^ b[i]); + a[i] ^= x; + b[i] ^= x; + } +} + +/* Calculates nQ where Q is the x-coordinate of a point on the curve + * + * resultx/resultz: the x coordinate of the resulting curve point (short form) + * n: a little endian, 32-byte number + * q: a point of the curve (short form) + */ +static void +cmult(felem *resultx, felem *resultz, const u8 *n, const felem *q) { + felem a[5] = {0}, b[5] = {1}, c[5] = {1}, d[5] = {0}; + felem *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t; + felem e[5] = {0}, f[5] = {1}, g[5] = {0}, h[5] = {1}; + felem *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h; + + unsigned i, j; + + memcpy(nqpqx, q, sizeof(felem) * 5); + + for (i = 0; i < 32; ++i) { + u8 byte = n[31 - i]; + for (j = 0; j < 8; ++j) { + const felem bit = byte >> 7; + + swap_conditional(nqx, nqpqx, 5, bit); + swap_conditional(nqz, nqpqz, 5, bit); + fmonty(nqx2, nqz2, + nqpqx2, nqpqz2, + nqx, nqz, + nqpqx, nqpqz, + q); + swap_conditional(nqx2, nqpqx2, 5, bit); + swap_conditional(nqz2, nqpqz2, 5, bit); + + t = nqx; + nqx = nqx2; + nqx2 = t; + t = nqz; + nqz = nqz2; + nqz2 = t; + t = nqpqx; + nqpqx = nqpqx2; + nqpqx2 = t; + t = nqpqz; + nqpqz = nqpqz2; + nqpqz2 = t; + + byte <<= 1; + } + } + + memcpy(resultx, nqx, sizeof(felem) * 5); + memcpy(resultz, nqz, sizeof(felem) * 5); +} + +// ----------------------------------------------------------------------------- +// Shamelessly copied from djb's code +// ----------------------------------------------------------------------------- +static void +crecip(felem *out, const felem *z) { + felem z2[5]; + felem z9[5]; + felem z11[5]; + felem z2_5_0[5]; + felem z2_10_0[5]; + felem z2_20_0[5]; + felem z2_50_0[5]; + felem z2_100_0[5]; + felem t0[5]; + felem t1[5]; + int i; + + /* 2 */ fsquare(z2,z); + /* 4 */ fsquare(t1,z2); + /* 8 */ fsquare(t0,t1); + /* 9 */ fmul(z9,t0,z); + /* 11 */ fmul(z11,z9,z2); + /* 22 */ fsquare(t0,z11); + /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ fsquare(t0,z2_5_0); + /* 2^7 - 2^2 */ fsquare(t1,t0); + /* 2^8 - 2^3 */ fsquare(t0,t1); + /* 2^9 - 2^4 */ fsquare(t1,t0); + /* 2^10 - 2^5 */ fsquare(t0,t1); + /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ fsquare(t0,z2_10_0); + /* 2^12 - 2^2 */ fsquare(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ fsquare(t0,z2_20_0); + /* 2^22 - 2^2 */ fsquare(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ fsquare(t1,t0); + /* 2^42 - 2^2 */ fsquare(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); } + /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ fsquare(t0,z2_50_0); + /* 2^52 - 2^2 */ fsquare(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ fsquare(t1,z2_100_0); + /* 2^102 - 2^2 */ fsquare(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); } + /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ fsquare(t0,t1); + /* 2^202 - 2^2 */ fsquare(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ fsquare(t1,t0); + /* 2^252 - 2^2 */ fsquare(t0,t1); + /* 2^253 - 2^3 */ fsquare(t1,t0); + /* 2^254 - 2^4 */ fsquare(t0,t1); + /* 2^255 - 2^5 */ fsquare(t1,t0); + /* 2^255 - 21 */ fmul(out,t1,z11); +} + +int +crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoint) { + felem bp[5], x[5], z[5], zmone[5]; + unsigned char e[32]; + int i; + for (i = 0;i < 32;++i) e[i] = secret[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + fexpand(bp, basepoint); + cmult(x, z, e, bp); + crecip(zmone, z); + fmul(z, x, zmone); + fcontract(mypublic, z); + return 0; +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/api.h b/src/libnacl/crypto_scalarmult/curve25519/ref/api.h new file mode 100644 index 00000000..60339596 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_BYTES 32 +#define CRYPTO_SCALARBYTES 32 diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/base.c b/src/libnacl/crypto_scalarmult/curve25519/ref/base.c new file mode 100644 index 00000000..ac2d7eb4 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/base.c @@ -0,0 +1,16 @@ +/* +version 20081011 +Matthew Dempsky +Public domain. +Derived from public domain code by D. J. Bernstein. +*/ + +#include "crypto_scalarmult.h" + +const unsigned char base[32] = {9}; + +int crypto_scalarmult_base(unsigned char *q, + const unsigned char *n) +{ + return crypto_scalarmult(q,n,base); +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/implementors b/src/libnacl/crypto_scalarmult/curve25519/ref/implementors new file mode 100644 index 00000000..aa551790 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/implementors @@ -0,0 +1 @@ +Matthew Dempsky (Mochi Media) diff --git a/src/libnacl/crypto_scalarmult/curve25519/ref/smult.c b/src/libnacl/crypto_scalarmult/curve25519/ref/smult.c new file mode 100644 index 00000000..6a479558 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/curve25519/ref/smult.c @@ -0,0 +1,265 @@ +/* +version 20081011 +Matthew Dempsky +Public domain. +Derived from public domain code by D. J. Bernstein. +*/ + +#include "crypto_scalarmult.h" + +static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; } + u += a[31] + b[31]; out[31] = u; +} + +static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int j; + unsigned int u; + u = 218; + for (j = 0;j < 31;++j) { + u += a[j] + 65280 - b[j]; + out[j] = u & 255; + u >>= 8; + } + u += a[31] - b[31]; + out[31] = u; +} + +static void squeeze(unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + u = 0; + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } + u += a[31]; a[31] = u; +} + +static const unsigned int minusp[32] = { + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128 +} ; + +static void freeze(unsigned int a[32]) +{ + unsigned int aorig[32]; + unsigned int j; + unsigned int negative; + + for (j = 0;j < 32;++j) aorig[j] = a[j]; + add(a,a,minusp); + negative = -((a[31] >> 7) & 1); + for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]); +} + +static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j <= i;++j) u += a[j] * b[i - j]; + for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j]; + out[i] = u; + } + squeeze(out); +} + +static void mult121665(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int j; + unsigned int u; + + u = 0; + for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; } + u += 121665 * a[31]; out[31] = u & 127; + u = 19 * (u >> 7); + for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; } + u += out[j]; out[j] = u; +} + +static void square(unsigned int out[32],const unsigned int a[32]) +{ + unsigned int i; + unsigned int j; + unsigned int u; + + for (i = 0;i < 32;++i) { + u = 0; + for (j = 0;j < i - j;++j) u += a[j] * a[i - j]; + for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j]; + u *= 2; + if ((i & 1) == 0) { + u += a[i / 2] * a[i / 2]; + u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; + } + out[i] = u; + } + squeeze(out); +} + +static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b) +{ + unsigned int j; + unsigned int t; + unsigned int bminus1; + + bminus1 = b - 1; + for (j = 0;j < 64;++j) { + t = bminus1 & (r[j] ^ s[j]); + p[j] = s[j] ^ t; + q[j] = r[j] ^ t; + } +} + +static void mainloop(unsigned int work[64],const unsigned char e[32]) +{ + unsigned int xzm1[64]; + unsigned int xzm[64]; + unsigned int xzmb[64]; + unsigned int xzm1b[64]; + unsigned int xznb[64]; + unsigned int xzn1b[64]; + unsigned int a0[64]; + unsigned int a1[64]; + unsigned int b0[64]; + unsigned int b1[64]; + unsigned int c1[64]; + unsigned int r[32]; + unsigned int s[32]; + unsigned int t[32]; + unsigned int u[32]; + unsigned int i; + unsigned int j; + unsigned int b; + int pos; + + for (j = 0;j < 32;++j) xzm1[j] = work[j]; + xzm1[32] = 1; + for (j = 33;j < 64;++j) xzm1[j] = 0; + + xzm[0] = 1; + for (j = 1;j < 64;++j) xzm[j] = 0; + + for (pos = 254;pos >= 0;--pos) { + b = e[pos / 8] >> (pos & 7); + b &= 1; + select(xzmb,xzm1b,xzm,xzm1,b); + add(a0,xzmb,xzmb + 32); + sub(a0 + 32,xzmb,xzmb + 32); + add(a1,xzm1b,xzm1b + 32); + sub(a1 + 32,xzm1b,xzm1b + 32); + square(b0,a0); + square(b0 + 32,a0 + 32); + mult(b1,a1,a0 + 32); + mult(b1 + 32,a1 + 32,a0); + add(c1,b1,b1 + 32); + sub(c1 + 32,b1,b1 + 32); + square(r,c1 + 32); + sub(s,b0,b0 + 32); + mult121665(t,s); + add(u,t,b0); + mult(xznb,b0,b0 + 32); + mult(xznb + 32,s,u); + square(xzn1b,c1); + mult(xzn1b + 32,r,work); + select(xzm,xzm1,xznb,xzn1b,b); + } + + for (j = 0;j < 64;++j) work[j] = xzm[j]; +} + +static void recip(unsigned int out[32],const unsigned int z[32]) +{ + unsigned int z2[32]; + unsigned int z9[32]; + unsigned int z11[32]; + unsigned int z2_5_0[32]; + unsigned int z2_10_0[32]; + unsigned int z2_20_0[32]; + unsigned int z2_50_0[32]; + unsigned int z2_100_0[32]; + unsigned int t0[32]; + unsigned int t1[32]; + int i; + + /* 2 */ square(z2,z); + /* 4 */ square(t1,z2); + /* 8 */ square(t0,t1); + /* 9 */ mult(z9,t0,z); + /* 11 */ mult(z11,z9,z2); + /* 22 */ square(t0,z11); + /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ square(t0,z2_5_0); + /* 2^7 - 2^2 */ square(t1,t0); + /* 2^8 - 2^3 */ square(t0,t1); + /* 2^9 - 2^4 */ square(t1,t0); + /* 2^10 - 2^5 */ square(t0,t1); + /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ square(t0,z2_10_0); + /* 2^12 - 2^2 */ square(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ square(t0,z2_20_0); + /* 2^22 - 2^2 */ square(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ square(t1,t0); + /* 2^42 - 2^2 */ square(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ square(t0,z2_50_0); + /* 2^52 - 2^2 */ square(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ square(t1,z2_100_0); + /* 2^102 - 2^2 */ square(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); } + /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ square(t0,t1); + /* 2^202 - 2^2 */ square(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } + /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ square(t1,t0); + /* 2^252 - 2^2 */ square(t0,t1); + /* 2^253 - 2^3 */ square(t1,t0); + /* 2^254 - 2^4 */ square(t0,t1); + /* 2^255 - 2^5 */ square(t1,t0); + /* 2^255 - 21 */ mult(out,t1,z11); +} + +int crypto_scalarmult(unsigned char *q, + const unsigned char *n, + const unsigned char *p) +{ + unsigned int work[96]; + unsigned char e[32]; + unsigned int i; + for (i = 0;i < 32;++i) e[i] = n[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + for (i = 0;i < 32;++i) work[i] = p[i]; + mainloop(work,e); + recip(work + 32,work + 32); + mult(work + 64,work,work + 32); + freeze(work + 64); + for (i = 0;i < 32;++i) q[i] = work[64 + i]; + return 0; +} diff --git a/src/libnacl/crypto_scalarmult/curve25519/used b/src/libnacl/crypto_scalarmult/curve25519/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_scalarmult/measure.c b/src/libnacl/crypto_scalarmult/measure.c new file mode 100644 index 00000000..0c7265d5 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/measure.c @@ -0,0 +1,61 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_scalarmult.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION; +const char *implementationversion = crypto_scalarmult_VERSION; +const char *sizenames[] = { "outputbytes", "scalarbytes", 0 }; +const long long sizes[] = { crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES }; + +static unsigned char *m; +static unsigned char *n; +static unsigned char *p; +static unsigned char *q; + +void preallocate(void) +{ +} + +void allocate(void) +{ + m = alignedcalloc(crypto_scalarmult_SCALARBYTES); + n = alignedcalloc(crypto_scalarmult_SCALARBYTES); + p = alignedcalloc(crypto_scalarmult_BYTES); + q = alignedcalloc(crypto_scalarmult_BYTES); +} + +#define TIMINGS 63 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + + for (loop = 0;loop < LOOPS;++loop) { + randombytes(m,crypto_scalarmult_SCALARBYTES); + randombytes(n,crypto_scalarmult_SCALARBYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_scalarmult_base(p,m); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"base_cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_scalarmult(q,n,p); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"cycles",cycles,TIMINGS); + } +} diff --git a/src/libnacl/crypto_scalarmult/try.c b/src/libnacl/crypto_scalarmult/try.c new file mode 100644 index 00000000..1ec97b6b --- /dev/null +++ b/src/libnacl/crypto_scalarmult/try.c @@ -0,0 +1,127 @@ +/* + * crypto_scalarmult/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_scalarmult.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION; + +#define mlen crypto_scalarmult_SCALARBYTES +#define nlen crypto_scalarmult_SCALARBYTES +#define plen crypto_scalarmult_BYTES +#define qlen crypto_scalarmult_BYTES +#define rlen crypto_scalarmult_BYTES + +static unsigned char *m; +static unsigned char *n; +static unsigned char *p; +static unsigned char *q; +static unsigned char *r; + +static unsigned char *m2; +static unsigned char *n2; +static unsigned char *p2; +static unsigned char *q2; +static unsigned char *r2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + m = alignedcalloc(mlen); + n = alignedcalloc(nlen); + p = alignedcalloc(plen); + q = alignedcalloc(qlen); + r = alignedcalloc(rlen); + m2 = alignedcalloc(mlen + crypto_scalarmult_BYTES); + n2 = alignedcalloc(nlen + crypto_scalarmult_BYTES); + p2 = alignedcalloc(plen + crypto_scalarmult_BYTES); + q2 = alignedcalloc(qlen + crypto_scalarmult_BYTES); + r2 = alignedcalloc(rlen + crypto_scalarmult_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_scalarmult(q,n,p); + crypto_scalarmult_base(r,n); +} + +char checksum[crypto_scalarmult_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + long long tests; + + for (i = 0;i < mlen;++i) m[i] = i; + for (i = 0;i < nlen;++i) n[i] = i + 1; + for (i = 0;i < plen;++i) p[i] = i + 2; + for (i = 0;i < qlen;++i) q[i] = i + 3; + for (i = 0;i < rlen;++i) r[i] = i + 4; + + for (i = -16;i < 0;++i) p[i] = random(); + for (i = -16;i < 0;++i) n[i] = random(); + for (i = plen;i < plen + 16;++i) p[i] = random(); + for (i = nlen;i < nlen + 16;++i) n[i] = random(); + for (i = -16;i < plen + 16;++i) p2[i] = p[i]; + for (i = -16;i < nlen + 16;++i) n2[i] = n[i]; + + if (crypto_scalarmult_base(p,n) != 0) return "crypto_scalarmult_base returns nonzero"; + + for (i = -16;i < nlen + 16;++i) if (n2[i] != n[i]) return "crypto_scalarmult_base overwrites input"; + for (i = -16;i < 0;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes before output"; + for (i = plen;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes after output"; + + for (tests = 0;tests < 100;++tests) { + for (i = -16;i < 0;++i) q[i] = random(); + for (i = -16;i < 0;++i) p[i] = random(); + for (i = -16;i < 0;++i) m[i] = random(); + for (i = qlen;i < qlen + 16;++i) q[i] = random(); + for (i = plen;i < plen + 16;++i) p[i] = random(); + for (i = mlen;i < mlen + 16;++i) m[i] = random(); + for (i = -16;i < qlen + 16;++i) q2[i] = q[i]; + for (i = -16;i < plen + 16;++i) p2[i] = p[i]; + for (i = -16;i < mlen + 16;++i) m2[i] = m[i]; + + if (crypto_scalarmult(q,m,p) != 0) return "crypto_scalarmult returns nonzero"; + + for (i = -16;i < mlen + 16;++i) if (m2[i] != m[i]) return "crypto_scalarmult overwrites n input"; + for (i = -16;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult overwrites p input"; + for (i = -16;i < 0;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes before output"; + for (i = qlen;i < qlen + 16;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes after output"; + + if (crypto_scalarmult(m2,m2,p) != 0) return "crypto_scalarmult returns nonzero"; + for (i = 0;i < qlen;++i) if (q[i] != m2[i]) return "crypto_scalarmult does not handle n overlap"; + for (i = 0;i < qlen;++i) m2[i] = m[i]; + + if (crypto_scalarmult(p2,m2,p2) != 0) return "crypto_scalarmult returns nonzero"; + for (i = 0;i < qlen;++i) if (q[i] != p2[i]) return "crypto_scalarmult does not handle p overlap"; + + if (crypto_scalarmult(r,n,q) != 0) return "crypto_scalarmult returns nonzero"; + if (crypto_scalarmult(q,n,p) != 0) return "crypto_scalarmult returns nonzero"; + if (crypto_scalarmult(p,m,q) != 0) return "crypto_scalarmult returns nonzero"; + for (j = 0;j < plen;++j) if (p[j] != r[j]) return "crypto_scalarmult not associative"; + for (j = 0;j < mlen;++j) m[j] ^= q[j % qlen]; + for (j = 0;j < nlen;++j) n[j] ^= p[j % plen]; + } + + for (i = 0;i < crypto_scalarmult_BYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (p[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & p[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_scalarmult/wrapper-base.cpp b/src/libnacl/crypto_scalarmult/wrapper-base.cpp new file mode 100644 index 00000000..f71ce19a --- /dev/null +++ b/src/libnacl/crypto_scalarmult/wrapper-base.cpp @@ -0,0 +1,11 @@ +#include +using std::string; +#include "crypto_scalarmult.h" + +string crypto_scalarmult_base(const string &n) +{ + unsigned char q[crypto_scalarmult_BYTES]; + if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length"; + crypto_scalarmult_base(q,(const unsigned char *) n.c_str()); + return string((char *) q,sizeof q); +} diff --git a/src/libnacl/crypto_scalarmult/wrapper-mult.cpp b/src/libnacl/crypto_scalarmult/wrapper-mult.cpp new file mode 100644 index 00000000..fc693cf0 --- /dev/null +++ b/src/libnacl/crypto_scalarmult/wrapper-mult.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_scalarmult.h" + +string crypto_scalarmult(const string &n,const string &p) +{ + unsigned char q[crypto_scalarmult_BYTES]; + if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length"; + if (p.size() != crypto_scalarmult_BYTES) throw "incorrect element length"; + crypto_scalarmult(q,(const unsigned char *) n.c_str(),(const unsigned char *) p.c_str()); + return string((char *) q,sizeof q); +} diff --git a/src/libnacl/crypto_secretbox/measure.c b/src/libnacl/crypto_secretbox/measure.c new file mode 100644 index 00000000..6cb0692f --- /dev/null +++ b/src/libnacl/crypto_secretbox/measure.c @@ -0,0 +1,75 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_secretbox.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION; +const char *implementationversion = crypto_secretbox_VERSION; +const char *sizenames[] = { "keybytes", "noncebytes", "zerobytes", "boxzerobytes", 0 }; +const long long sizes[] = { crypto_secretbox_KEYBYTES, crypto_secretbox_NONCEBYTES, crypto_secretbox_ZEROBYTES, crypto_secretbox_BOXZEROBYTES }; + +#define MAXTEST_BYTES 4096 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_secretbox_KEYBYTES); + n = alignedcalloc(crypto_secretbox_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) { + randombytes(k,crypto_secretbox_KEYBYTES); + randombytes(n,crypto_secretbox_NONCEBYTES); + randombytes(m + crypto_secretbox_ZEROBYTES,mlen); + randombytes(c,mlen + crypto_secretbox_ZEROBYTES); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + ++c[crypto_secretbox_ZEROBYTES]; + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"forgery_open_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_secretbox/try.c b/src/libnacl/crypto_secretbox/try.c new file mode 100644 index 00000000..012b28ea --- /dev/null +++ b/src/libnacl/crypto_secretbox/try.c @@ -0,0 +1,131 @@ +/* + * crypto_secretbox/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_secretbox.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *t; +static unsigned char *k2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *t2; + +#define klen crypto_secretbox_KEYBYTES +#define nlen crypto_secretbox_NONCEBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(klen); + n = alignedcalloc(nlen); + m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + k2 = alignedcalloc(klen); + n2 = alignedcalloc(nlen); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + t2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_secretbox(c,m,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); + crypto_secretbox_open(t,c,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); +} + +char checksum[klen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) m[j] = 0; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i + crypto_secretbox_ZEROBYTES; + long long tlen = i + crypto_secretbox_ZEROBYTES; + long long clen = i + crypto_secretbox_ZEROBYTES; + + for (j = -16;j < 0;++j) k[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + for (j = -16;j < 0;++j) m[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random(); + + if (crypto_secretbox(c,m,mlen,n,k) != 0) return "crypto_secretbox returns nonzero"; + + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_secretbox overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox overwrites n"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox overwrites k"; + for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_secretbox writes before output"; + for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox writes after output"; + for (j = 0;j < crypto_secretbox_BOXZEROBYTES;++j) + if (c[j] != 0) return "crypto_secretbox does not clear extra bytes"; + + for (j = -16;j < 0;++j) c[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random(); + + if (crypto_secretbox_open(t,c,clen,n,k) != 0) return "crypto_secretbox_open returns nonzero"; + + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox_open overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox_open overwrites n"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox_open overwrites k"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes after output"; + for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_secretbox_open does not clear extra bytes"; + + for (j = 0;j < i;++j) if (t[j] != m[j]) return "plaintext does not match"; + + for (j = 0;j < i;++j) + k[j % klen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + crypto_secretbox(c,m,mlen,n,k); + for (j = 0;j < i;++j) + n[j % nlen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + crypto_secretbox(c,m,mlen,n,k); + if (i == 0) m[crypto_secretbox_ZEROBYTES + 0] = 0; + m[crypto_secretbox_ZEROBYTES + i] = m[crypto_secretbox_ZEROBYTES + 0]; + for (j = 0;j < i;++j) + m[j + crypto_secretbox_ZEROBYTES] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + } + + for (i = 0;i < klen;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (k[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & k[i]]; + } + checksum[2 * i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_secretbox/wrapper-box.cpp b/src/libnacl/crypto_secretbox/wrapper-box.cpp new file mode 100644 index 00000000..fb8b1784 --- /dev/null +++ b/src/libnacl/crypto_secretbox/wrapper-box.cpp @@ -0,0 +1,19 @@ +#include +using std::string; +#include "crypto_secretbox.h" + +string crypto_secretbox(const string &m,const string &n,const string &k) +{ + if (k.size() != crypto_secretbox_KEYBYTES) throw "incorrect key length"; + if (n.size() != crypto_secretbox_NONCEBYTES) throw "incorrect nonce length"; + size_t mlen = m.size() + crypto_secretbox_ZEROBYTES; + unsigned char mpad[mlen]; + for (int i = 0;i < crypto_secretbox_ZEROBYTES;++i) mpad[i] = 0; + for (int i = crypto_secretbox_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_secretbox_ZEROBYTES]; + unsigned char cpad[mlen]; + crypto_secretbox(cpad,mpad,mlen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()); + return string( + (char *) cpad + crypto_secretbox_BOXZEROBYTES, + mlen - crypto_secretbox_BOXZEROBYTES + ); +} diff --git a/src/libnacl/crypto_secretbox/wrapper-open.cpp b/src/libnacl/crypto_secretbox/wrapper-open.cpp new file mode 100644 index 00000000..07989813 --- /dev/null +++ b/src/libnacl/crypto_secretbox/wrapper-open.cpp @@ -0,0 +1,22 @@ +#include +using std::string; +#include "crypto_secretbox.h" + +string crypto_secretbox_open(const string &c,const string &n,const string &k) +{ + if (k.size() != crypto_secretbox_KEYBYTES) throw "incorrect key length"; + if (n.size() != crypto_secretbox_NONCEBYTES) throw "incorrect nonce length"; + size_t clen = c.size() + crypto_secretbox_BOXZEROBYTES; + unsigned char cpad[clen]; + for (int i = 0;i < crypto_secretbox_BOXZEROBYTES;++i) cpad[i] = 0; + for (int i = crypto_secretbox_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_secretbox_BOXZEROBYTES]; + unsigned char mpad[clen]; + if (crypto_secretbox_open(mpad,cpad,clen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()) != 0) + throw "ciphertext fails verification"; + if (clen < crypto_secretbox_ZEROBYTES) + throw "ciphertext too short"; // should have been caught by _open + return string( + (char *) mpad + crypto_secretbox_ZEROBYTES, + clen - crypto_secretbox_ZEROBYTES + ); +} diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum b/src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum new file mode 100644 index 00000000..af3c6897 --- /dev/null +++ b/src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum @@ -0,0 +1 @@ +df372f95dd87381b7c9ceb6f340ccaa03d19bed5d9e4ab004d99d847675a9658 diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h new file mode 100644 index 00000000..f5aeb356 --- /dev/null +++ b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 24 +#define CRYPTO_ZEROBYTES 32 +#define CRYPTO_BOXZEROBYTES 16 diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c new file mode 100644 index 00000000..f1abb06f --- /dev/null +++ b/src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c @@ -0,0 +1,35 @@ +#include "crypto_onetimeauth_poly1305.h" +#include "crypto_stream_xsalsa20.h" +#include "crypto_secretbox.h" + +int crypto_secretbox( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + int i; + if (mlen < 32) return -1; + crypto_stream_xsalsa20_xor(c,m,mlen,n,k); + crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c); + for (i = 0;i < 16;++i) c[i] = 0; + return 0; +} + +int crypto_secretbox_open( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + int i; + unsigned char subkey[32]; + if (clen < 32) return -1; + crypto_stream_xsalsa20(subkey,32,n,k); + if (crypto_onetimeauth_poly1305_verify(c + 16,c + 32,clen - 32,subkey) != 0) return -1; + crypto_stream_xsalsa20_xor(m,c,clen,n,k); + for (i = 0;i < 32;++i) m[i] = 0; + return 0; +} diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/selected b/src/libnacl/crypto_secretbox/xsalsa20poly1305/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_secretbox/xsalsa20poly1305/used b/src/libnacl/crypto_secretbox/xsalsa20poly1305/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_sign/ed25519/description b/src/libnacl/crypto_sign/ed25519/description new file mode 100644 index 00000000..0dba8c46 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/description @@ -0,0 +1 @@ +EdDSA signatures using Curve25519 diff --git a/src/libnacl/crypto_sign/ed25519/designers b/src/libnacl/crypto_sign/ed25519/designers new file mode 100644 index 00000000..2a3a93a8 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/designers @@ -0,0 +1,5 @@ +Daniel J. Bernstein +Niels Duif +Tanja Lange +Peter Schwabe +Bo-Yin Yang diff --git a/src/libnacl/crypto_sign/ed25519/ref/api.h b/src/libnacl/crypto_sign/ed25519/ref/api.h new file mode 100644 index 00000000..1d0c9889 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/api.h @@ -0,0 +1,4 @@ +#define CRYPTO_SECRETKEYBYTES 64 +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_BYTES 64 + diff --git a/src/libnacl/crypto_sign/ed25519/ref/ed25519.c b/src/libnacl/crypto_sign/ed25519/ref/ed25519.c new file mode 100644 index 00000000..125582aa --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ed25519.c @@ -0,0 +1,136 @@ +#include "crypto_sign.h" + +#include "crypto_verify_32.h" +#include "crypto_hash_sha512.h" +#include "randombytes.h" + +#include "ge25519.h" + +static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) +{ + unsigned long long i; + + for (i = 0;i < 32;++i) playground[i] = sm[i]; + for (i = 32;i < 64;++i) playground[i] = pk[i-32]; + for (i = 64;i < smlen;++i) playground[i] = sm[i]; + + crypto_hash_sha512(hram,playground,smlen); +} + + +int crypto_sign_keypair( + unsigned char *pk, + unsigned char *sk + ) +{ + sc25519 scsk; + ge25519 gepk; + unsigned char extsk[64]; + int i; + + randombytes(sk, 32); + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + sc25519_from32bytes(&scsk,extsk); + + ge25519_scalarmult_base(&gepk, &scsk); + ge25519_pack(pk, &gepk); + for(i=0;i<32;i++) + sk[32 + i] = pk[i]; + return 0; +} + +int crypto_sign( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk + ) +{ + sc25519 sck, scs, scsk; + ge25519 ger; + unsigned char r[32]; + unsigned char s[32]; + unsigned char extsk[64]; + unsigned long long i; + unsigned char hmg[crypto_hash_sha512_BYTES]; + unsigned char hram[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; + + *smlen = mlen+64; + for(i=0;i>= 31; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ + x >>= 31; /* 0: yes; 1: no */ + x ^= 1; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 times19(crypto_uint32 a) +{ + return (a << 4) + (a << 1) + a; +} + +static crypto_uint32 times38(crypto_uint32 a) +{ + return (a << 5) + (a << 2) + (a << 1); +} + +static void reduce_add_sub(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<4;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +void fe25519_freeze(fe25519 *r) +{ + int i; + crypto_uint32 m = equal(r->v[31],127); + for(i=30;i>0;i--) + m &= equal(r->v[i],255); + m &= ge(r->v[0],237); + + m = -m; + + r->v[31] -= m&127; + for(i=30;i>0;i--) + r->v[i] -= m&255; + r->v[0] -= m&237; +} + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced below 2^255 */ +void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + fe25519 y = *x; + fe25519_freeze(&y); + for(i=0;i<32;i++) + r[i] = y.v[i]; +} + +int fe25519_iszero(const fe25519 *x) +{ + int i; + fe25519 t = *x; + fe25519_freeze(&t); + int r = equal(t.v[0],0); + for(i=1;i<32;i++) + r &= equal(t.v[i],0); + return r; +} + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) +{ + fe25519 t1 = *x; + fe25519 t2 = *y; + fe25519_freeze(&t1); + fe25519_freeze(&t2); + int i; + for(i=0;i<32;i++) + if(t1.v[i] != t2.v[i]) return 0; + return 1; +} + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + int i; + crypto_uint32 mask = b; + mask = -mask; + for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t = *x; + fe25519_freeze(&t); + return t.v[0] & 1; +} + +void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + reduce_add_sub(r); +} + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + reduce_add_sub(r); +} + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + times38(t[i]); + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} + +void fe25519_pow2523(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t,&z2); + /* 8 */ fe25519_square(&t,&t); + /* 9 */ fe25519_mul(&z9,&t,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); + /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); + /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); + /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } + /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t,&t); + /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); + /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); + /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } + /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t,&t); + /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t,&t); + /* 2^252 - 2^2 */ fe25519_square(&t,&t); + /* 2^252 - 3 */ fe25519_mul(r,&t,x); +} diff --git a/src/libnacl/crypto_sign/ed25519/ref/fe25519.h b/src/libnacl/crypto_sign/ed25519/ref/fe25519.h new file mode 100644 index 00000000..4a449142 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/fe25519.h @@ -0,0 +1,62 @@ +#ifndef FE25519_H +#define FE25519_H + +#include "crypto_uint32.h" + +#define fe25519 crypto_sign_ed25519_ref_fe25519 +#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze +#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack +#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack +#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero +#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime +#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov +#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone +#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero +#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg +#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity +#define fe25519_add crypto_sign_ed25519_ref_fe25519_add +#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub +#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul +#define fe25519_square crypto_sign_ed25519_ref_fe25519_square +#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert +#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 + +typedef struct +{ + crypto_uint32 v[32]; +} +fe25519; + +void fe25519_freeze(fe25519 *r); + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +void fe25519_pack(unsigned char r[32], const fe25519 *x); + +int fe25519_iszero(const fe25519 *x); + +int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +void fe25519_setone(fe25519 *r); + +void fe25519_setzero(fe25519 *r); + +void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_square(fe25519 *r, const fe25519 *x); + +void fe25519_invert(fe25519 *r, const fe25519 *x); + +void fe25519_pow2523(fe25519 *r, const fe25519 *x); + +#endif diff --git a/src/libnacl/crypto_sign/ed25519/ref/ge25519.c b/src/libnacl/crypto_sign/ed25519/ref/ge25519.c new file mode 100644 index 00000000..7bc6c48b --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ge25519.c @@ -0,0 +1,310 @@ +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +/* d */ +static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, + 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; +/* 2*d */ +static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, + 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; +/* sqrt(-1) */ +static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, + 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; + +#define ge25519_p3 ge25519 + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +typedef struct +{ + fe25519 x; + fe25519 y; +} ge25519_aff; + + +/* Packed coordinates of the base point */ +const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, + 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, + 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; + +/* Multiples of the base point in affine representation */ +static const ge25519_aff ge25519_base_multiples_affine[425] = { +#include "ge25519_base.data" +}; + +static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(&r->x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) +{ + fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; + fe25519_mul(&qt, &q->x, &q->y); + fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_sub(&t1, &q->y, &q->x); + fe25519_add(&t2, &q->y, &q->x); + fe25519_mul(&a, &a, &t1); + fe25519_mul(&b, &b, &t2); + fe25519_sub(&e, &b, &a); /* E = B-A */ + fe25519_add(&h, &b, &a); /* H = B+A */ + fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ + fe25519_sub(&f, &d, &c); /* F = D-C */ + fe25519_add(&g, &d, &c); /* G = D+C */ + fe25519_mul(&r->x, &e, &f); + fe25519_mul(&r->y, &h, &g); + fe25519_mul(&r->z, &g, &f); + fe25519_mul(&r->t, &e, &h); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t; + + fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); /* E = B-A */ + fe25519_sub(&r->t, &d, &c); /* F = D-C */ + fe25519_add(&r->z, &d, &c); /* G = D+C */ + fe25519_add(&r->y, &b, &a); /* H = B+A */ +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); +} + +static unsigned char equal(signed char b,signed char c) +{ + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + crypto_uint32 y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; +} + +static unsigned char negative(signed char b) +{ + unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + x >>= 63; /* 1: yes; 0: no */ + return x; +} + +static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) +{ + /* constant time */ + fe25519 v; + *t = ge25519_base_multiples_affine[5*pos+0]; + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); + fe25519_neg(&v, &t->x); + fe25519_cmov(&t->x, &v, negative(b)); +} + +static void setneutral(ge25519 *r) +{ + fe25519_setzero(&r->x); + fe25519_setone(&r->y); + fe25519_setone(&r->z); + fe25519_setzero(&r->t); +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + fe25519 t, chk, num, den, den2, den4, den6; + fe25519_setone(&r->z); + unsigned char par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&num, &r->y); /* x = y^2 */ + fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ + fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ + fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + fe25519_square(&den2, &den); + fe25519_square(&den4, &den2); + fe25519_mul(&den6, &den4, &den2); + fe25519_mul(&t, &den6, &num); + fe25519_mul(&t, &t, &den); + + fe25519_pow2523(&t, &t); + /* 2. computation of r->x = t * num * den^3 */ + fe25519_mul(&t, &t, &num); + fe25519_mul(&t, &t, &den); + fe25519_mul(&t, &t, &den); + fe25519_mul(&r->x, &t, &den); + + /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); + + /* 4. Now we have one of the two square roots, except if input was not a square */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + return -1; + + /* 5. Choose the desired square root according to parity: */ + if(fe25519_getparity(&r->x) != (1-par)) + fe25519_neg(&r->x, &r->x); + + fe25519_mul(&r->t, &r->x, &r->y); + return 0; +} + +void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +int ge25519_isneutral_vartime(const ge25519_p3 *p) +{ + int ret = 1; + if(!fe25519_iszero(&p->x)) ret = 0; + if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; + return ret; +} + +/* computes [s1]p1 + [s2]p2 */ +void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) +{ + ge25519_p1p1 tp1p1; + ge25519_p3 pre[16]; + unsigned char b[127]; + + /* precomputation s2 s1 */ + setneutral(pre); /* 00 00 */ + pre[1] = *p1; /* 00 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ + add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ + pre[4] = *p2; /* 01 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ + add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ + add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ + add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ + add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ + add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ + + sc25519_2interleave2(b,s1,s2); + + /* scalar multiplication */ + *r = pre[b[126]]; + int i; + for(i=125;i>=0;i--) + { + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + p1p1_to_p2((ge25519_p2 *) r, &tp1p1); + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + if(b[i]!=0) + { + p1p1_to_p3(r, &tp1p1); + add_p1p1(&tp1p1, r, &pre[b[i]]); + } + if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + else p1p1_to_p3(r, &tp1p1); + } +} + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + signed char b[85]; + int i; + ge25519_aff t; + sc25519_window3(b,s); + + choose_t((ge25519_aff *)r, 0, b[0]); + fe25519_setone(&r->z); + fe25519_mul(&r->t, &r->x, &r->y); + for(i=1;i<85;i++) + { + choose_t(&t, (unsigned long long) i, b[i]); + ge25519_mixadd2(r, &t); + } +} diff --git a/src/libnacl/crypto_sign/ed25519/ref/ge25519.h b/src/libnacl/crypto_sign/ed25519/ref/ge25519.h new file mode 100644 index 00000000..3820492b --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ge25519.h @@ -0,0 +1,35 @@ +#ifndef GE25519_H +#define GE25519_H + +#include "fe25519.h" +#include "sc25519.h" + +#define ge25519 crypto_sign_ed25519_ref_ge25519 +#define ge25519_base crypto_sign_ed25519_ref_ge25519_base +#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime +#define ge25519_pack crypto_sign_ed25519_ref_pack +#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime +#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime +#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +const ge25519 ge25519_base; + +int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); + +void ge25519_pack(unsigned char r[32], const ge25519 *p); + +int ge25519_isneutral_vartime(const ge25519 *p); + +void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); + +void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif diff --git a/src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data b/src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data new file mode 100644 index 00000000..d2ef2c13 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data @@ -0,0 +1,850 @@ +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, +{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , + {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, +{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , + {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, +{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , + {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , + {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, +{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , + {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, +{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , + {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, +{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , + {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , + {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, +{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , + {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, +{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , + {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, +{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , + {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , + {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, +{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , + {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, +{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , + {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, +{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , + {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , + {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, +{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , + {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, +{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , + {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, +{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , + {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , + {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, +{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , + {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, +{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , + {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, +{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , + {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , + {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, +{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , + {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, +{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , + {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, +{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , + {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , + {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, +{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , + {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, +{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , + {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, +{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , + {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , + {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, +{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , + {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, +{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , + {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, +{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , + {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , + {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, +{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , + {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, +{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , + {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, +{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , + {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , + {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, +{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , + {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, +{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , + {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, +{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , + {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , + {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, +{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , + {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, +{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , + {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, +{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , + {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , + {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, +{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , + {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, +{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , + {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, +{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , + {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , + {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, +{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , + {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, +{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , + {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, +{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , + {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , + {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, +{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , + {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, +{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , + {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, +{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , + {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , + {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, +{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , + {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, +{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , + {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, +{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , + {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , + {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, +{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , + {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, +{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , + {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, +{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , + {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , + {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, +{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , + {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, +{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , + {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, +{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , + {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , + {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, +{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , + {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, +{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , + {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, +{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , + {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , + {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, +{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , + {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, +{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , + {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, +{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , + {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , + {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, +{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , + {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, +{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , + {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, +{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , + {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , + {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, +{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , + {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, +{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , + {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, +{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , + {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , + {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, +{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , + {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, +{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , + {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, +{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , + {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , + {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, +{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , + {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, +{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , + {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, +{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , + {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , + {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, +{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , + {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, +{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , + {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, +{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , + {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , + {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, +{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , + {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, +{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , + {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, +{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , + {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , + {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, +{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , + {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, +{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , + {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, +{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , + {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , + {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, +{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , + {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, +{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , + {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, +{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , + {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , + {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, +{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , + {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, +{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , + {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, +{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , + {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , + {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, +{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , + {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, +{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , + {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, +{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , + {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , + {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, +{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , + {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, +{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , + {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, +{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , + {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , + {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, +{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , + {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, +{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , + {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, +{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , + {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , + {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, +{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , + {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, +{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , + {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, +{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , + {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , + {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, +{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , + {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, +{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , + {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, +{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , + {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , + {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, +{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , + {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, +{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , + {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, +{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , + {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , + {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, +{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , + {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, +{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , + {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, +{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , + {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , + {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, +{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , + {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, +{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , + {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, +{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , + {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , + {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, +{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , + {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, +{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , + {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, +{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , + {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , + {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, +{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , + {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, +{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , + {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, +{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , + {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , + {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, +{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , + {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, +{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , + {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, +{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , + {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , + {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, +{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , + {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, +{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , + {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, +{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , + {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , + {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, +{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , + {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, +{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , + {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, +{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , + {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , + {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, +{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , + {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, +{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , + {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, +{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , + {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , + {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, +{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , + {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, +{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , + {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, +{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , + {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , + {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, +{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , + {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, +{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , + {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, +{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , + {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , + {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, +{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , + {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, +{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , + {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, +{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , + {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , + {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, +{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , + {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, +{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , + {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, +{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , + {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , + {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, +{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , + {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, +{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , + {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, +{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , + {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , + {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, +{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , + {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, +{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , + {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, +{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , + {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , + {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, +{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , + {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, +{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , + {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, +{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , + {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , + {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, +{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , + {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, +{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , + {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, +{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , + {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , + {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, +{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , + {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, +{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , + {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, +{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , + {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , + {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, +{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , + {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, +{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , + {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, +{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , + {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , + {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, +{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , + {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, +{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , + {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, +{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , + {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , + {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, +{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , + {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, +{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , + {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, +{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , + {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , + {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, +{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , + {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, +{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , + {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, +{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , + {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , + {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, +{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , + {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, +{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , + {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, +{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , + {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , + {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, +{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , + {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, +{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , + {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, +{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , + {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , + {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, +{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , + {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, +{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , + {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, +{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , + {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , + {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, +{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , + {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, +{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , + {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, +{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , + {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , + {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, +{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , + {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, +{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , + {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, +{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , + {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , + {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, +{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , + {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, +{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , + {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, +{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , + {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , + {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, +{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , + {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, +{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , + {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, +{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , + {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , + {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, +{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , + {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, +{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , + {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, +{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , + {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , + {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, +{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , + {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, +{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , + {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, +{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , + {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , + {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, +{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , + {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, +{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , + {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, +{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , + {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , + {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, +{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , + {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, +{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , + {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, +{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , + {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , + {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, +{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , + {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, +{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , + {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, +{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , + {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , + {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, +{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , + {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, +{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , + {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, +{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , + {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , + {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, +{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , + {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, +{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , + {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, +{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , + {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , + {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, +{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , + {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, +{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , + {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, +{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , + {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , + {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, +{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , + {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, +{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , + {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, +{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , + {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , + {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, +{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , + {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, +{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , + {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, +{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , + {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , + {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, +{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , + {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, +{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , + {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, +{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , + {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , + {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, +{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , + {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, +{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , + {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, +{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , + {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , + {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, +{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , + {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, +{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , + {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, +{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , + {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , + {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, +{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , + {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, +{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , + {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, +{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , + {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , + {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, +{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , + {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, +{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , + {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, +{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , + {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , + {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, +{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , + {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, +{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , + {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, +{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , + {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , + {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, +{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , + {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, +{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , + {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, +{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , + {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , + {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, +{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , + {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, +{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , + {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, +{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , + {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , + {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, +{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , + {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, +{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , + {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, +{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , + {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , + {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, +{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , + {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, +{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , + {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, +{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , + {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , + {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, +{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , + {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, +{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , + {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, +{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , + {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , + {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, +{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , + {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, +{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , + {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, +{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , + {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} diff --git a/src/libnacl/crypto_sign/ed25519/ref/implementors b/src/libnacl/crypto_sign/ed25519/ref/implementors new file mode 100644 index 00000000..9b5399a3 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/implementors @@ -0,0 +1,5 @@ +Daniel J. Bernstein +Niels Duif +Tanja Lange +lead: Peter Schwabe +Bo-Yin Yang diff --git a/src/libnacl/crypto_sign/ed25519/ref/sc25519.c b/src/libnacl/crypto_sign/ed25519/ref/sc25519.c new file mode 100644 index 00000000..4c304307 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/sc25519.c @@ -0,0 +1,298 @@ +#include "sc25519.h" + +/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ + x >>= 31; /* 0: no; 1: yes */ + return x; +} + +/* Reduce coefficients of r before calling reduce_add_sub */ +static void reduce_add_sub(sc25519 *r) +{ + crypto_uint32 pb = 0; + crypto_uint32 b; + crypto_uint32 mask; + int i; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + pb += m[i]; + b = lt(r->v[i],pb); + t[i] = r->v[i]-pb+(b<<8); + pb = b; + } + mask = b - 1; + for(i=0;i<32;i++) + r->v[i] ^= mask & (r->v[i] ^ t[i]); +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66]; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33]; + crypto_uint32 carry; + crypto_uint32 pb = 0; + crypto_uint32 b; + + for (i = 0;i < 66;++i) q2[i] = 0; + for (i = 0;i < 33;++i) r2[i] = 0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + pb += r2[i]; + b = lt(r1[i],pb); + r->v[i] = r1[i]-pb+(b<<8); + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + reduce_add_sub(r); + reduce_add_sub(r); +} + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<32;i++) t[i] = x[i]; + for(i=32;i<64;++i) t[i] = 0; + barrett_reduce(r, t); +} + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) +{ + int i; + for(i=0;i<16;i++) r->v[i] = x[i]; +} + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) +{ + int i; + for(i=0;i<16;i++) + r->v[i] = x->v[i]; + for(i=0;i<16;i++) + r->v[16+i] = 0; +} + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + +int sc25519_iszero_vartime(const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_isshort_vartime(const sc25519 *x) +{ + int i; + for(i=31;i>15;i--) + if(x->v[i] != 0) return 0; + return 1; +} + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) +{ + int i; + for(i=31;i>=0;i--) + { + if(x->v[i] < y->v[i]) return 1; + if(x->v[i] > y->v[i]) return 0; + } + return 0; +} + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + reduce_add_sub(r); +} + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + crypto_uint32 b = 0; + crypto_uint32 t; + int i; + for(i=0;i<32;i++) + { + t = x->v[i] - y->v[i] - b; + r->v[i] = t & 255; + b = (t >> 8) & 1; + } +} + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y) +{ + sc25519 t; + sc25519_from_shortsc(&t, y); + sc25519_mul(r, x, &t); +} + +void sc25519_window3(signed char r[85], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<10;i++) + { + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + r[8*i+5] = (s->v[3*i+1] >> 7) & 7; + r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; + r[8*i+6] = (s->v[3*i+2] >> 2) & 7; + r[8*i+7] = (s->v[3*i+2] >> 5) & 7; + } + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + + /* Making it signed */ + carry = 0; + for(i=0;i<84;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 3; + r[i] &= 7; + carry = r[i] >> 2; + r[i] -= carry<<3; + } + r[84] += carry; +} + +void sc25519_window5(signed char r[51], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<6;i++) + { + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + r[8*i+3] = (s->v[5*i+1] >> 7) & 31; + r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; + r[8*i+4] = (s->v[5*i+2] >> 4) & 31; + r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; + r[8*i+5] = (s->v[5*i+3] >> 1) & 31; + r[8*i+6] = (s->v[5*i+3] >> 6) & 31; + r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; + r[8*i+7] = (s->v[5*i+4] >> 3) & 31; + } + r[8*i+0] = s->v[5*i+0] & 31; + r[8*i+1] = (s->v[5*i+0] >> 5) & 31; + r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; + r[8*i+2] = (s->v[5*i+1] >> 2) & 31; + + /* Making it signed */ + carry = 0; + for(i=0;i<50;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 5; + r[i] &= 31; + carry = r[i] >> 4; + r[i] -= carry<<5; + } + r[50] += carry; +} + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) +{ + int i; + for(i=0;i<31;i++) + { + r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); + r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); + r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); + r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); + } + r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); + r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); + r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); +} diff --git a/src/libnacl/crypto_sign/ed25519/ref/sc25519.h b/src/libnacl/crypto_sign/ed25519/ref/sc25519.h new file mode 100644 index 00000000..29622ef0 --- /dev/null +++ b/src/libnacl/crypto_sign/ed25519/ref/sc25519.h @@ -0,0 +1,72 @@ +#ifndef SC25519_H +#define SC25519_H + +#include "crypto_uint32.h" + +#define sc25519 crypto_sign_ed25519_ref_sc25519 +#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 +#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes +#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes +#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes +#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc +#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes +#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime +#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime +#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime +#define sc25519_add crypto_sign_ed25519_ref_sc25519_add +#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored +#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul +#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc +#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 +#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 +#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 + +typedef struct +{ + crypto_uint32 v[32]; +} +sc25519; + +typedef struct +{ + crypto_uint32 v[16]; +} +shortsc25519; + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + +void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + +void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + +int sc25519_iszero_vartime(const sc25519 *x); + +int sc25519_isshort_vartime(const sc25519 *x); + +int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); + +/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 + * with r[i] in {-4,...,3} + */ +void sc25519_window3(signed char r[85], const sc25519 *s); + +/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 + * with r[i] in {-16,...,15} + */ +void sc25519_window5(signed char r[51], const sc25519 *s); + +void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); + +#endif diff --git a/src/libnacl/crypto_sign/ed25519/selected b/src/libnacl/crypto_sign/ed25519/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_sign/ed25519/used b/src/libnacl/crypto_sign/ed25519/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h new file mode 100644 index 00000000..352240c0 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h @@ -0,0 +1,3 @@ +#define CRYPTO_SECRETKEYBYTES 64 +#define CRYPTO_PUBLICKEYBYTES 32 +#define CRYPTO_BYTES 64 diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c new file mode 100644 index 00000000..276b514d --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c @@ -0,0 +1,345 @@ +#include "fe25519.h" + +#define WINDOWSIZE 4 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<v[31] >> 7; + r->v[31] &= 127; + t *= 19; + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t *= 19; + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +static void freeze(fe25519 *r) +{ + int i; + unsigned int m = (r->v[31] == 127); + for(i=30;i>1;i--) + m *= (r->v[i] == 255); + m *= (r->v[0] >= 237); + + r->v[31] -= m*127; + for(i=30;i>0;i--) + r->v[i] -= m*255; + r->v[0] -= m*237; +} + +/*freeze input before calling isone*/ +static int isone(const fe25519 *x) +{ + int i; + int r = (x->v[0] == 1); + for(i=1;i<32;i++) + r *= (x->v[i] == 0); + return r; +} + +/*freeze input before calling iszero*/ +static int iszero(const fe25519 *x) +{ + int i; + int r = (x->v[0] == 0); + for(i=1;i<32;i++) + r *= (x->v[i] == 0); + return r; +} + + +static int issquare(const fe25519 *x) +{ + unsigned char e[32] = {0xf6,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3f}; /* (p-1)/2 */ + fe25519 t; + + fe25519_pow(&t,x,e); + freeze(&t); + return isone(&t) || iszero(&t); +} + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced mod 2^255 */ +void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + for(i=0;i<32;i++) + r[i] = x->v[i]; + + /* freeze byte array */ + unsigned int m = (r[31] == 127); /* XXX: some compilers might use branches; fix */ + for(i=30;i>1;i--) + m *= (r[i] == 255); + m *= (r[0] >= 237); + r[31] -= m*127; + for(i=30;i>0;i--) + r[i] -= m*255; + r[0] -= m*237; +} + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + unsigned char nb = 1-b; + int i; + for(i=0;i<32;i++) r->v[i] = nb * r->v[i] + b * x->v[i]; +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i] = x->v[i]; + freeze(&t); + return t.v[0] & 1; +} + +void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + reduce_add_sub(r); +} + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + reduce_add_sub(r); +} + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + 38*t[i]; + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +/*XXX: Make constant time! */ +void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e) +{ + /* + fe25519 g; + fe25519_setone(&g); + int i; + unsigned char j; + for(i=32;i>0;i--) + { + for(j=128;j>0;j>>=1) + { + fe25519_square(&g,&g); + if(e[i-1] & j) + fe25519_mul(&g,&g,x); + } + } + for(i=0;i<32;i++) r->v[i] = g.v[i]; + */ + fe25519 g; + fe25519_setone(&g); + int i,j,k; + fe25519 pre[(1 << WINDOWSIZE)]; + fe25519 t; + unsigned char w; + + // Precomputation + fe25519_setone(pre); + pre[1] = *x; + for(i=2;i<(1<0;i--) + { + for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE) + { + for(k=0;k>j) & WINDOWMASK; + t = pre[0]; + for(k=1;k<(1<v[i]; + fe25519_pow(&d,&d,e3); + for(i=0;i<32;i++) + r->v[i] = 2*x->v[i]; + fe25519_mul(r,r,&d); + } + freeze(r); + if((r->v[0] & 1) != (parity & 1)) + { + fe25519_sub(r,&p,r); + } + return 0; +} + +void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h new file mode 100644 index 00000000..98c613fa --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h @@ -0,0 +1,54 @@ +#ifndef FE25519_H +#define FE25519_H + +#define fe25519 crypto_sign_edwards25519sha512batch_fe25519 +#define fe25519_unpack crypto_sign_edwards25519sha512batch_fe25519_unpack +#define fe25519_pack crypto_sign_edwards25519sha512batch_fe25519_pack +#define fe25519_cmov crypto_sign_edwards25519sha512batch_fe25519_cmov +#define fe25519_setone crypto_sign_edwards25519sha512batch_fe25519_setone +#define fe25519_setzero crypto_sign_edwards25519sha512batch_fe25519_setzero +#define fe25519_neg crypto_sign_edwards25519sha512batch_fe25519_neg +#define fe25519_getparity crypto_sign_edwards25519sha512batch_fe25519_getparity +#define fe25519_add crypto_sign_edwards25519sha512batch_fe25519_add +#define fe25519_sub crypto_sign_edwards25519sha512batch_fe25519_sub +#define fe25519_mul crypto_sign_edwards25519sha512batch_fe25519_mul +#define fe25519_square crypto_sign_edwards25519sha512batch_fe25519_square +#define fe25519_pow crypto_sign_edwards25519sha512batch_fe25519_pow +#define fe25519_sqrt_vartime crypto_sign_edwards25519sha512batch_fe25519_sqrt_vartime +#define fe25519_invert crypto_sign_edwards25519sha512batch_fe25519_invert + +#include "crypto_uint32.h" + +typedef struct { + crypto_uint32 v[32]; +} fe25519; + +void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +void fe25519_pack(unsigned char r[32], const fe25519 *x); + +void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +void fe25519_setone(fe25519 *r); + +void fe25519_setzero(fe25519 *r); + +void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +void fe25519_square(fe25519 *r, const fe25519 *x); + +void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e); + +int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity); + +void fe25519_invert(fe25519 *r, const fe25519 *x); + +#endif diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c new file mode 100644 index 00000000..917798ac --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c @@ -0,0 +1,227 @@ +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +#define ge25519_p3 ge25519 + +/* Windowsize for fixed-window scalar multiplication */ +#define WINDOWSIZE 2 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_p3(ge25519_p3 *r, const ge25519_p3 *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); + fe25519_cmov(&r->z, &p->z, b); + fe25519_cmov(&r->t, &p->t, b); +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t, fd; + fe25519_unpack(&fd, ecd); + + fe25519_sub(&a, &p->y, &p->x); // A = (Y1-X1)*(Y2-X2) + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); // B = (Y1+X1)*(Y2+X2) + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); //C = T1*k*T2 + fe25519_mul(&c, &c, &fd); + fe25519_add(&c, &c, &c); //XXX: Can save this addition by precomputing 2*ecd + fe25519_mul(&d, &p->z, &q->z); //D = Z1*2*Z2 + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); // E = B-A + fe25519_sub(&r->t, &d, &c); // F = D-C + fe25519_add(&r->z, &d, &c); // G = D+C + fe25519_add(&r->y, &b, &a); // H = B+A +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpack_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + int ret; + fe25519 t, fd; + fe25519_setone(&r->z); + fe25519_unpack(&fd, ecd); + unsigned char par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&r->x, &r->y); + fe25519_mul(&t, &r->x, &fd); + fe25519_sub(&r->x, &r->x, &r->z); + fe25519_add(&t, &r->z, &t); + fe25519_invert(&t, &t); + fe25519_mul(&r->x, &r->x, &t); + ret = fe25519_sqrt_vartime(&r->x, &r->x, par); + fe25519_mul(&r->t, &r->x, &r->y); + return ret; +} + +void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +void ge25519_add(ge25519_p3 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + ge25519_p1p1 grp1p1; + add_p1p1(&grp1p1, p, q); + p1p1_to_p3(r, &grp1p1); +} + +void ge25519_double(ge25519_p3 *r, const ge25519_p3 *p) +{ + ge25519_p1p1 grp1p1; + dbl_p1p1(&grp1p1, (ge25519_p2 *)p); + p1p1_to_p3(r, &grp1p1); +} + +void ge25519_scalarmult(ge25519_p3 *r, const ge25519_p3 *p, const sc25519 *s) +{ + int i,j,k; + ge25519_p3 g; + fe25519_unpack(&g.x, ge25519_neutral_x); + fe25519_unpack(&g.y, ge25519_neutral_y); + fe25519_unpack(&g.z, ge25519_neutral_z); + fe25519_unpack(&g.t, ge25519_neutral_t); + + ge25519_p3 pre[(1 << WINDOWSIZE)]; + ge25519_p3 t; + ge25519_p1p1 tp1p1; + unsigned char w; + unsigned char sb[32]; + sc25519_to32bytes(sb, s); + + // Precomputation + pre[0] = g; + pre[1] = *p; + for(i=2;i<(1<0;i--) + { + for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE) + { + for(k=0;k>j) & WINDOWMASK; + t = pre[0]; + for(k=1;k<(1<x = g.x; + r->y = g.y; + r->z = g.z; + r->t = g.t; +} + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + /* XXX: Better algorithm for known-base-point scalar multiplication */ + ge25519_p3 t; + fe25519_unpack(&t.x, ge25519_base_x); + fe25519_unpack(&t.y, ge25519_base_y); + fe25519_unpack(&t.z, ge25519_base_z); + fe25519_unpack(&t.t, ge25519_base_t); + ge25519_scalarmult(r, &t, s); +} diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h new file mode 100644 index 00000000..49ad163a --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h @@ -0,0 +1,34 @@ +#ifndef GE25519_H +#define GE25519_H + +#include "fe25519.h" +#include "sc25519.h" + +#define ge25519 crypto_sign_edwards25519sha512batch_ge25519 +#define ge25519_unpack_vartime crypto_sign_edwards25519sha512batch_ge25519_unpack_vartime +#define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack +#define ge25519_add crypto_sign_edwards25519sha512batch_ge25519_add +#define ge25519_double crypto_sign_edwards25519sha512batch_ge25519_double +#define ge25519_scalarmult crypto_sign_edwards25519sha512batch_ge25519_scalarmult +#define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base + +typedef struct { + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +int ge25519_unpack_vartime(ge25519 *r, const unsigned char p[32]); + +void ge25519_pack(unsigned char r[32], const ge25519 *p); + +void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q); + +void ge25519_double(ge25519 *r, const ge25519 *p); + +void ge25519_scalarmult(ge25519 *r, const ge25519 *p, const sc25519 *s); + +void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c new file mode 100644 index 00000000..ad232d78 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c @@ -0,0 +1,146 @@ +#include "sc25519.h" + +/*Arithmetic modulo the group order n = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +/* Reduce coefficients of r before calling reduce_add_sub */ +static void reduce_add_sub(sc25519 *r) +{ + int i, b, pb=0, nb; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + b = (r->v[i]v[i]-pb-m[i]+b*256; + pb = b; + } + nb = 1-b; + for(i=0;i<32;i++) + r->v[i] = r->v[i]*b + t[i]*nb; +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66] = {0}; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33] = {0}; + crypto_uint32 carry; + int b, pb=0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + b = (r1[i]v[i] = r1[i]-pb-r2[i]+b*256; + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + reduce_add_sub(r); + reduce_add_sub(r); +} + +/* +static int iszero(const sc25519 *x) +{ + // Implement + return 0; +} +*/ + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64] = {0}; + for(i=0;i<32;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64] = {0}; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + +/* XXX: What we actually want for crypto_group is probably just something like + * void sc25519_frombytes(sc25519 *r, const unsigned char *x, size_t xlen) + */ + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + reduce_add_sub(r); +} + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + +void sc25519_square(sc25519 *r, const sc25519 *x) +{ + sc25519_mul(r, x, x); +} diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h new file mode 100644 index 00000000..f791dea4 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h @@ -0,0 +1,51 @@ +#ifndef SC25519_H +#define SC25519_H + +#define sc25519 crypto_sign_edwards25519sha512batch_sc25519 +#define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes +#define sc25519_from64bytes crypto_sign_edwards25519sha512batch_sc25519_from64bytes +#define sc25519_to32bytes crypto_sign_edwards25519sha512batch_sc25519_to32bytes +#define sc25519_pack crypto_sign_edwards25519sha512batch_sc25519_pack +#define sc25519_getparity crypto_sign_edwards25519sha512batch_sc25519_getparity +#define sc25519_setone crypto_sign_edwards25519sha512batch_sc25519_setone +#define sc25519_setzero crypto_sign_edwards25519sha512batch_sc25519_setzero +#define sc25519_neg crypto_sign_edwards25519sha512batch_sc25519_neg +#define sc25519_add crypto_sign_edwards25519sha512batch_sc25519_add +#define sc25519_sub crypto_sign_edwards25519sha512batch_sc25519_sub +#define sc25519_mul crypto_sign_edwards25519sha512batch_sc25519_mul +#define sc25519_square crypto_sign_edwards25519sha512batch_sc25519_square +#define sc25519_invert crypto_sign_edwards25519sha512batch_sc25519_invert + +#include "crypto_uint32.h" + +typedef struct { + crypto_uint32 v[32]; +} sc25519; + +void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + +void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + +void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + +void sc25519_pack(unsigned char r[32], const sc25519 *x); + +unsigned char sc25519_getparity(const sc25519 *x); + +void sc25519_setone(sc25519 *r); + +void sc25519_setzero(sc25519 *r); + +void sc25519_neg(sc25519 *r, const sc25519 *x); + +void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_sub(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + +void sc25519_square(sc25519 *r, const sc25519 *x); + +void sc25519_invert(sc25519 *r, const sc25519 *x); + +#endif diff --git a/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c new file mode 100644 index 00000000..eb2740a1 --- /dev/null +++ b/src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c @@ -0,0 +1,103 @@ +#include "api.h" +#include "crypto_sign.h" +#include "crypto_hash_sha512.h" +#include "randombytes.h" +#include "crypto_verify_32.h" + +#include "ge25519.h" + +int crypto_sign_keypair( + unsigned char *pk, + unsigned char *sk + ) +{ + sc25519 scsk; + ge25519 gepk; + + randombytes(sk, 32); + crypto_hash_sha512(sk, sk, 32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + + sc25519_from32bytes(&scsk,sk); + + ge25519_scalarmult_base(&gepk, &scsk); + ge25519_pack(pk, &gepk); + return 0; +} + +int crypto_sign( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk + ) +{ + sc25519 sck, scs, scsk; + ge25519 ger; + unsigned char r[32]; + unsigned char s[32]; + unsigned long long i; + unsigned char hmg[crypto_hash_sha512_BYTES]; + unsigned char hmr[crypto_hash_sha512_BYTES]; + + *smlen = mlen+64; + for(i=0;i +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_sign.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_sign_IMPLEMENTATION; +const char *implementationversion = crypto_sign_VERSION; +const char *sizenames[] = { "outputbytes", "publickeybytes", "secretkeybytes", 0 }; +const long long sizes[] = { crypto_sign_BYTES, crypto_sign_PUBLICKEYBYTES, crypto_sign_SECRETKEYBYTES }; + +#define MAXTEST_BYTES 100000 + +static unsigned char *pk; +static unsigned char *sk; +static unsigned char *m; unsigned long long mlen; +static unsigned char *sm; unsigned long long smlen; +static unsigned char *t; unsigned long long tlen; + +void preallocate(void) +{ +#ifdef RAND_R_PRNG_NOT_SEEDED + RAND_status(); +#endif +} + +void allocate(void) +{ + pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES); + sk = alignedcalloc(crypto_sign_SECRETKEYBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); +} + +#define TIMINGS 31 +static long long cycles[TIMINGS + 1]; +static long long bytes[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + + for (loop = 0;loop < LOOPS;++loop) { + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_sign_keypair(pk,sk); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(-1,"keypair_cycles",cycles,TIMINGS); + + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 4) { + randombytes(m,mlen); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + bytes[i] = crypto_sign(sm,&smlen,m,mlen,sk); + if (bytes[i] == 0) bytes[i] = smlen; + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + printentry(mlen,"bytes",bytes,TIMINGS); + + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + bytes[i] = crypto_sign_open(t,&tlen,sm,smlen,pk); + if (bytes[i] == 0) bytes[i] = tlen; + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"open_cycles",cycles,TIMINGS); + printentry(mlen,"open_bytes",bytes,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_sign/try.c b/src/libnacl/crypto_sign/try.c new file mode 100644 index 00000000..961a93ff --- /dev/null +++ b/src/libnacl/crypto_sign/try.c @@ -0,0 +1,87 @@ +/* + * crypto_sign/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "randombytes.h" +#include "crypto_sign.h" +#include "windows/windows-quirks.h" + +#define MAXTEST_BYTES 10000 +#define TUNE_BYTES 1536 + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_sign_IMPLEMENTATION; + +static unsigned char *pk; +static unsigned char *sk; +static unsigned char *m; unsigned long long mlen; +static unsigned char *sm; unsigned long long smlen; +static unsigned char *t; unsigned long long tlen; + +void preallocate(void) +{ +#ifdef RAND_R_PRNG_NOT_SEEDED + RAND_status(); +#endif +} + +void allocate(void) +{ + pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES); + sk = alignedcalloc(crypto_sign_SECRETKEYBYTES); + m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES); +} + +void predoit(void) +{ + crypto_sign_keypair(pk,sk); + mlen = TUNE_BYTES; + smlen = 0; + randombytes(m,mlen); + crypto_sign(sm,&smlen,m,mlen,sk); +} + +void doit(void) +{ + crypto_sign_open(t,&tlen,sm,smlen,pk); +} + +char checksum[crypto_sign_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long mlen; + long long i; + long long j; + + if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero"; + for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) { + if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero"; + if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero"; + if (tlen != mlen) return "crypto_sign_open does not match length"; + for (i = 0;i < tlen;++i) + if (t[i] != m[i]) + return "crypto_sign_open does not match contents"; + + j = random() % smlen; + sm[j] ^= 1; + if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) { + if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length"; + for (i = 0;i < tlen;++i) + if (t[i] != m[i]) + return "crypto_sign_open allows trivial forgery of contents"; + } + sm[j] ^= 1; + + } + + /* do some long-term checksum */ + checksum[0] = 0; + return 0; +} diff --git a/src/libnacl/crypto_sign/wrapper-keypair.cpp b/src/libnacl/crypto_sign/wrapper-keypair.cpp new file mode 100644 index 00000000..3687465d --- /dev/null +++ b/src/libnacl/crypto_sign/wrapper-keypair.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_sign.h" + +string crypto_sign_keypair(string *sk_string) +{ + unsigned char pk[crypto_sign_PUBLICKEYBYTES]; + unsigned char sk[crypto_sign_SECRETKEYBYTES]; + crypto_sign_keypair(pk,sk); + *sk_string = string((char *) sk,sizeof sk); + return string((char *) pk,sizeof pk); +} diff --git a/src/libnacl/crypto_sign/wrapper-sign-open.cpp b/src/libnacl/crypto_sign/wrapper-sign-open.cpp new file mode 100644 index 00000000..346e9400 --- /dev/null +++ b/src/libnacl/crypto_sign/wrapper-sign-open.cpp @@ -0,0 +1,24 @@ +#include +using std::string; +#include "crypto_sign.h" + +string crypto_sign_open(const string &sm_string, const string &pk_string) +{ + if (pk_string.size() != crypto_sign_PUBLICKEYBYTES) throw "incorrect public-key length"; + size_t smlen = sm_string.size(); + unsigned char m[smlen]; + unsigned long long mlen; + for (int i = 0;i < smlen;++i) m[i] = sm_string[i]; + if (crypto_sign_open( + m, + &mlen, + m, + smlen, + (const unsigned char *) pk_string.c_str() + ) != 0) + throw "ciphertext fails verification"; + return string( + (char *) m, + mlen + ); +} diff --git a/src/libnacl/crypto_sign/wrapper-sign.cpp b/src/libnacl/crypto_sign/wrapper-sign.cpp new file mode 100644 index 00000000..e5234ae6 --- /dev/null +++ b/src/libnacl/crypto_sign/wrapper-sign.cpp @@ -0,0 +1,22 @@ +#include +using std::string; +#include "crypto_sign.h" + +string crypto_sign(const string &m_string, const string &sk_string) +{ + if (sk_string.size() != crypto_sign_SECRETKEYBYTES) throw "incorrect secret-key length"; + size_t mlen = m_string.size(); + unsigned char sm[mlen+crypto_sign_BYTES]; + unsigned long long smlen; + crypto_sign( + sm, + &smlen, + (const unsigned char *) m_string.data(), + mlen, + (const unsigned char *) sk_string.data() + ); + return string( + (char *) sm, + smlen + ); +} diff --git a/src/libnacl/crypto_stream/aes128ctr/checksum b/src/libnacl/crypto_stream/aes128ctr/checksum new file mode 100644 index 00000000..92865436 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/checksum @@ -0,0 +1 @@ +6e9966897837aae181e93261ae88fdf0 diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/afternm.c b/src/libnacl/crypto_stream/aes128ctr/portable/afternm.c new file mode 100644 index 00000000..93c96e42 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/afternm.c @@ -0,0 +1,158 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + * Date: 2009-03-19 + * Public domain */ + +#include "int128.h" +#include "common.h" +#include "consts.h" +#include "crypto_stream.h" + +int crypto_stream_afternm(unsigned char *outp, unsigned long long len, const unsigned char *noncep, const unsigned char *c) +{ + + int128 xmm0; + int128 xmm1; + int128 xmm2; + int128 xmm3; + int128 xmm4; + int128 xmm5; + int128 xmm6; + int128 xmm7; + + int128 xmm8; + int128 xmm9; + int128 xmm10; + int128 xmm11; + int128 xmm12; + int128 xmm13; + int128 xmm14; + int128 xmm15; + + int128 nonce_stack; + unsigned long long lensav; + unsigned char bl[128]; + unsigned char *blp; + unsigned char b; + + uint32 tmp; + + /* Copy nonce on the stack */ + copy2(&nonce_stack, (int128 *) (noncep + 0)); + unsigned char *np = (unsigned char *)&nonce_stack; + + enc_block: + + xmm0 = *(int128 *) (np + 0); + copy2(&xmm1, &xmm0); + shufb(&xmm1, SWAP32); + copy2(&xmm2, &xmm1); + copy2(&xmm3, &xmm1); + copy2(&xmm4, &xmm1); + copy2(&xmm5, &xmm1); + copy2(&xmm6, &xmm1); + copy2(&xmm7, &xmm1); + + add_uint32_big(&xmm1, 1); + add_uint32_big(&xmm2, 2); + add_uint32_big(&xmm3, 3); + add_uint32_big(&xmm4, 4); + add_uint32_big(&xmm5, 5); + add_uint32_big(&xmm6, 6); + add_uint32_big(&xmm7, 7); + + shufb(&xmm0, M0); + shufb(&xmm1, M0SWAP); + shufb(&xmm2, M0SWAP); + shufb(&xmm3, M0SWAP); + shufb(&xmm4, M0SWAP); + shufb(&xmm5, M0SWAP); + shufb(&xmm6, M0SWAP); + shufb(&xmm7, M0SWAP); + + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8) + + aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + + bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0) + + if(len < 128) goto partial; + if(len == 128) goto full; + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + len -= 128; + outp += 128; + + goto enc_block; + + partial: + + lensav = len; + len >>= 4; + + tmp = load32_bigendian(np + 12); + tmp += len; + store32_bigendian(np + 12, tmp); + + blp = bl; + *(int128 *)(blp + 0) = xmm8; + *(int128 *)(blp + 16) = xmm9; + *(int128 *)(blp + 32) = xmm12; + *(int128 *)(blp + 48) = xmm14; + *(int128 *)(blp + 64) = xmm11; + *(int128 *)(blp + 80) = xmm15; + *(int128 *)(blp + 96) = xmm10; + *(int128 *)(blp + 112) = xmm13; + + bytes: + + if(lensav == 0) goto end; + + b = blp[0]; + *(unsigned char *)(outp + 0) = b; + + blp += 1; + outp +=1; + lensav -= 1; + + goto bytes; + + full: + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + end: + return 0; + +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/api.h b/src/libnacl/crypto_stream/aes128ctr/portable/api.h new file mode 100644 index 00000000..62fc8d88 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/api.h @@ -0,0 +1,3 @@ +#define CRYPTO_KEYBYTES 16 +#define CRYPTO_NONCEBYTES 16 +#define CRYPTO_BEFORENMBYTES 1408 diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c b/src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c new file mode 100644 index 00000000..8fa2673d --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c @@ -0,0 +1,59 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + * Date: 2009-03-19 + * Public domain */ + +#include "consts.h" +#include "int128.h" +#include "common.h" +#include "crypto_stream.h" + +int crypto_stream_beforenm(unsigned char *c, const unsigned char *k) +{ + + /* + int64 x0; + int64 x1; + int64 x2; + int64 x3; + int64 e; + int64 q0; + int64 q1; + int64 q2; + int64 q3; + */ + + int128 xmm0; + int128 xmm1; + int128 xmm2; + int128 xmm3; + int128 xmm4; + int128 xmm5; + int128 xmm6; + int128 xmm7; + int128 xmm8; + int128 xmm9; + int128 xmm10; + int128 xmm11; + int128 xmm12; + int128 xmm13; + int128 xmm14; + int128 xmm15; + int128 t; + + bitslicekey0(k, c) + + keyexpbs1(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm1);, 2,c) + keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm6);, 3,c) + keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 4,c) + + keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 5,c) + keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm5);, 6,c) + keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 7,c) + keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm7);, 8,c) + + keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm0); xor_rcon(&xmm1); xor_rcon(&xmm6); xor_rcon(&xmm3);, 9,c) + keyexpbs10(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + + return 0; +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/common.c b/src/libnacl/crypto_stream/aes128ctr/portable/common.c new file mode 100644 index 00000000..14a28cc6 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/common.c @@ -0,0 +1,64 @@ +#include "common.h" + +uint32 load32_bigendian(const unsigned char *x) +{ + return + (uint32) (x[3]) \ + | (((uint32) (x[2])) << 8) \ + | (((uint32) (x[1])) << 16) \ + | (((uint32) (x[0])) << 24) + ; +} + +void store32_bigendian(unsigned char *x,uint32 u) +{ + x[3] = u; u >>= 8; + x[2] = u; u >>= 8; + x[1] = u; u >>= 8; + x[0] = u; +} + +uint32 load32_littleendian(const unsigned char *x) +{ + return + (uint32) (x[0]) \ + | (((uint32) (x[1])) << 8) \ + | (((uint32) (x[2])) << 16) \ + | (((uint32) (x[3])) << 24) + ; +} + +void store32_littleendian(unsigned char *x,uint32 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; +} + + +uint64 load64_littleendian(const unsigned char *x) +{ + return + (uint64) (x[0]) \ + | (((uint64) (x[1])) << 8) \ + | (((uint64) (x[2])) << 16) \ + | (((uint64) (x[3])) << 24) + | (((uint64) (x[4])) << 32) + | (((uint64) (x[5])) << 40) + | (((uint64) (x[6])) << 48) + | (((uint64) (x[7])) << 56) + ; +} + +void store64_littleendian(unsigned char *x,uint64 u) +{ + x[0] = u; u >>= 8; + x[1] = u; u >>= 8; + x[2] = u; u >>= 8; + x[3] = u; u >>= 8; + x[4] = u; u >>= 8; + x[5] = u; u >>= 8; + x[6] = u; u >>= 8; + x[7] = u; +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/common.h b/src/libnacl/crypto_stream/aes128ctr/portable/common.h new file mode 100644 index 00000000..e6e60dc2 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/common.h @@ -0,0 +1,788 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + Date: 2009-03-19 + Public domain */ +#ifndef COMMON_H +#define COMMON_H + +#include "types.h" + +#define load32_bigendian crypto_stream_aes128ctr_portable_load32_bigendian +uint32 load32_bigendian(const unsigned char *x); + +#define store32_bigendian crypto_stream_aes128ctr_portable_store32_bigendian +void store32_bigendian(unsigned char *x,uint32 u); + +#define load32_littleendian crypto_stream_aes128ctr_portable_load32_littleendian +uint32 load32_littleendian(const unsigned char *x); + +#define store32_littleendian crypto_stream_aes128ctr_portable_store32_littleendian +void store32_littleendian(unsigned char *x,uint32 u); + +#define load64_littleendian crypto_stream_aes128ctr_portable_load64_littleendian +uint64 load64_littleendian(const unsigned char *x); + +#define store64_littleendian crypto_stream_aes128ctr_portable_store64_littleendian +void store64_littleendian(unsigned char *x,uint64 u); + +/* Macros required only for key expansion */ + +#define keyexpbs1(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \ + rotbyte(&b0);\ + rotbyte(&b1);\ + rotbyte(&b2);\ + rotbyte(&b3);\ + rotbyte(&b4);\ + rotbyte(&b5);\ + rotbyte(&b6);\ + rotbyte(&b7);\ + ;\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + ;\ + xor_rcon(&b0);\ + shufb(&b0, EXPB0);\ + shufb(&b1, EXPB0);\ + shufb(&b4, EXPB0);\ + shufb(&b6, EXPB0);\ + shufb(&b3, EXPB0);\ + shufb(&b7, EXPB0);\ + shufb(&b2, EXPB0);\ + shufb(&b5, EXPB0);\ + shufb(&b0, EXPB0);\ + ;\ + t0 = *(int128 *)(bskey + 0);\ + t1 = *(int128 *)(bskey + 16);\ + t2 = *(int128 *)(bskey + 32);\ + t3 = *(int128 *)(bskey + 48);\ + t4 = *(int128 *)(bskey + 64);\ + t5 = *(int128 *)(bskey + 80);\ + t6 = *(int128 *)(bskey + 96);\ + t7 = *(int128 *)(bskey + 112);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + *(int128 *)(bskey + 128) = b0;\ + *(int128 *)(bskey + 144) = b1;\ + *(int128 *)(bskey + 160) = b4;\ + *(int128 *)(bskey + 176) = b6;\ + *(int128 *)(bskey + 192) = b3;\ + *(int128 *)(bskey + 208) = b7;\ + *(int128 *)(bskey + 224) = b2;\ + *(int128 *)(bskey + 240) = b5;\ + +#define keyexpbs10(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) ;\ + toggle(&b0);\ + toggle(&b1);\ + toggle(&b5);\ + toggle(&b6);\ + rotbyte(&b0);\ + rotbyte(&b1);\ + rotbyte(&b2);\ + rotbyte(&b3);\ + rotbyte(&b4);\ + rotbyte(&b5);\ + rotbyte(&b6);\ + rotbyte(&b7);\ + ;\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + ;\ + xor_rcon(&b1);\ + xor_rcon(&b4);\ + xor_rcon(&b3);\ + xor_rcon(&b7);\ + shufb(&b0, EXPB0);\ + shufb(&b1, EXPB0);\ + shufb(&b4, EXPB0);\ + shufb(&b6, EXPB0);\ + shufb(&b3, EXPB0);\ + shufb(&b7, EXPB0);\ + shufb(&b2, EXPB0);\ + shufb(&b5, EXPB0);\ + ;\ + t0 = *(int128 *)(bskey + 9 * 128 + 0);\ + t1 = *(int128 *)(bskey + 9 * 128 + 16);\ + t2 = *(int128 *)(bskey + 9 * 128 + 32);\ + t3 = *(int128 *)(bskey + 9 * 128 + 48);\ + t4 = *(int128 *)(bskey + 9 * 128 + 64);\ + t5 = *(int128 *)(bskey + 9 * 128 + 80);\ + t6 = *(int128 *)(bskey + 9 * 128 + 96);\ + t7 = *(int128 *)(bskey + 9 * 128 + 112);\ + ;\ + toggle(&t0);\ + toggle(&t1);\ + toggle(&t5);\ + toggle(&t6);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + shufb(&b0, M0);\ + shufb(&b1, M0);\ + shufb(&b2, M0);\ + shufb(&b3, M0);\ + shufb(&b4, M0);\ + shufb(&b5, M0);\ + shufb(&b6, M0);\ + shufb(&b7, M0);\ + ;\ + *(int128 *)(bskey + 1280) = b0;\ + *(int128 *)(bskey + 1296) = b1;\ + *(int128 *)(bskey + 1312) = b4;\ + *(int128 *)(bskey + 1328) = b6;\ + *(int128 *)(bskey + 1344) = b3;\ + *(int128 *)(bskey + 1360) = b7;\ + *(int128 *)(bskey + 1376) = b2;\ + *(int128 *)(bskey + 1392) = b5;\ + + +#define keyexpbs(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, rcon, i, bskey) \ + toggle(&b0);\ + toggle(&b1);\ + toggle(&b5);\ + toggle(&b6);\ + rotbyte(&b0);\ + rotbyte(&b1);\ + rotbyte(&b2);\ + rotbyte(&b3);\ + rotbyte(&b4);\ + rotbyte(&b5);\ + rotbyte(&b6);\ + rotbyte(&b7);\ + ;\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + ;\ + rcon;\ + shufb(&b0, EXPB0);\ + shufb(&b1, EXPB0);\ + shufb(&b4, EXPB0);\ + shufb(&b6, EXPB0);\ + shufb(&b3, EXPB0);\ + shufb(&b7, EXPB0);\ + shufb(&b2, EXPB0);\ + shufb(&b5, EXPB0);\ + ;\ + t0 = *(int128 *)(bskey + (i-1) * 128 + 0);\ + t1 = *(int128 *)(bskey + (i-1) * 128 + 16);\ + t2 = *(int128 *)(bskey + (i-1) * 128 + 32);\ + t3 = *(int128 *)(bskey + (i-1) * 128 + 48);\ + t4 = *(int128 *)(bskey + (i-1) * 128 + 64);\ + t5 = *(int128 *)(bskey + (i-1) * 128 + 80);\ + t6 = *(int128 *)(bskey + (i-1) * 128 + 96);\ + t7 = *(int128 *)(bskey + (i-1) * 128 + 112);\ + ;\ + toggle(&t0);\ + toggle(&t1);\ + toggle(&t5);\ + toggle(&t6);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + rshift32_littleendian(&t0, 8);\ + rshift32_littleendian(&t1, 8);\ + rshift32_littleendian(&t2, 8);\ + rshift32_littleendian(&t3, 8);\ + rshift32_littleendian(&t4, 8);\ + rshift32_littleendian(&t5, 8);\ + rshift32_littleendian(&t6, 8);\ + rshift32_littleendian(&t7, 8);\ + ;\ + xor2(&b0, &t0);\ + xor2(&b1, &t1);\ + xor2(&b4, &t2);\ + xor2(&b6, &t3);\ + xor2(&b3, &t4);\ + xor2(&b7, &t5);\ + xor2(&b2, &t6);\ + xor2(&b5, &t7);\ + ;\ + *(int128 *)(bskey + i*128 + 0) = b0;\ + *(int128 *)(bskey + i*128 + 16) = b1;\ + *(int128 *)(bskey + i*128 + 32) = b4;\ + *(int128 *)(bskey + i*128 + 48) = b6;\ + *(int128 *)(bskey + i*128 + 64) = b3;\ + *(int128 *)(bskey + i*128 + 80) = b7;\ + *(int128 *)(bskey + i*128 + 96) = b2;\ + *(int128 *)(bskey + i*128 + 112) = b5;\ + +/* Macros used in multiple contexts */ + +#define bitslicekey0(key, bskey) \ + xmm0 = *(int128 *) (key + 0);\ + shufb(&xmm0, M0);\ + copy2(&xmm1, &xmm0);\ + copy2(&xmm2, &xmm0);\ + copy2(&xmm3, &xmm0);\ + copy2(&xmm4, &xmm0);\ + copy2(&xmm5, &xmm0);\ + copy2(&xmm6, &xmm0);\ + copy2(&xmm7, &xmm0);\ + ;\ + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\ + ;\ + *(int128 *) (bskey + 0) = xmm0;\ + *(int128 *) (bskey + 16) = xmm1;\ + *(int128 *) (bskey + 32) = xmm2;\ + *(int128 *) (bskey + 48) = xmm3;\ + *(int128 *) (bskey + 64) = xmm4;\ + *(int128 *) (bskey + 80) = xmm5;\ + *(int128 *) (bskey + 96) = xmm6;\ + *(int128 *) (bskey + 112) = xmm7;\ + + +#define bitslicekey10(key, bskey) \ + xmm0 = *(int128 *) (key + 0);\ + copy2(xmm1, xmm0);\ + copy2(xmm2, xmm0);\ + copy2(xmm3, xmm0);\ + copy2(xmm4, xmm0);\ + copy2(xmm5, xmm0);\ + copy2(xmm6, xmm0);\ + copy2(xmm7, xmm0);\ + ;\ + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\ + ;\ + toggle(&xmm6);\ + toggle(&xmm5);\ + toggle(&xmm1);\ + toggle(&xmm0);\ + ;\ + *(int128 *) (bskey + 0 + 1280) = xmm0;\ + *(int128 *) (bskey + 16 + 1280) = xmm1;\ + *(int128 *) (bskey + 32 + 1280) = xmm2;\ + *(int128 *) (bskey + 48 + 1280) = xmm3;\ + *(int128 *) (bskey + 64 + 1280) = xmm4;\ + *(int128 *) (bskey + 80 + 1280) = xmm5;\ + *(int128 *) (bskey + 96 + 1280) = xmm6;\ + *(int128 *) (bskey + 112 + 1280) = xmm7;\ + + +#define bitslicekey(i,key,bskey) \ + xmm0 = *(int128 *) (key + 0);\ + shufb(&xmm0, M0);\ + copy2(&xmm1, &xmm0);\ + copy2(&xmm2, &xmm0);\ + copy2(&xmm3, &xmm0);\ + copy2(&xmm4, &xmm0);\ + copy2(&xmm5, &xmm0);\ + copy2(&xmm6, &xmm0);\ + copy2(&xmm7, &xmm0);\ + ;\ + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\ + ;\ + toggle(&xmm6);\ + toggle(&xmm5);\ + toggle(&xmm1);\ + toggle(&xmm0);\ + ;\ + *(int128 *) (bskey + 0 + 128*i) = xmm0;\ + *(int128 *) (bskey + 16 + 128*i) = xmm1;\ + *(int128 *) (bskey + 32 + 128*i) = xmm2;\ + *(int128 *) (bskey + 48 + 128*i) = xmm3;\ + *(int128 *) (bskey + 64 + 128*i) = xmm4;\ + *(int128 *) (bskey + 80 + 128*i) = xmm5;\ + *(int128 *) (bskey + 96 + 128*i) = xmm6;\ + *(int128 *) (bskey + 112 + 128*i) = xmm7;\ + + +#define bitslice(x0, x1, x2, x3, x4, x5, x6, x7, t) \ + swapmove(x0, x1, 1, BS0, t);\ + swapmove(x2, x3, 1, BS0, t);\ + swapmove(x4, x5, 1, BS0, t);\ + swapmove(x6, x7, 1, BS0, t);\ + ;\ + swapmove(x0, x2, 2, BS1, t);\ + swapmove(x1, x3, 2, BS1, t);\ + swapmove(x4, x6, 2, BS1, t);\ + swapmove(x5, x7, 2, BS1, t);\ + ;\ + swapmove(x0, x4, 4, BS2, t);\ + swapmove(x1, x5, 4, BS2, t);\ + swapmove(x2, x6, 4, BS2, t);\ + swapmove(x3, x7, 4, BS2, t);\ + + +#define swapmove(a, b, n, m, t) \ + copy2(&t, &b);\ + rshift64_littleendian(&t, n);\ + xor2(&t, &a);\ + and2(&t, &m);\ + xor2(&a, &t);\ + lshift64_littleendian(&t, n);\ + xor2(&b, &t); + +#define rotbyte(x) \ + shufb(x, ROTB) /* TODO: Make faster */ + + +/* Macros used for encryption (and decryption) */ + +#define shiftrows(x0, x1, x2, x3, x4, x5, x6, x7, i, M, bskey) \ + xor2(&x0, (int128 *)(bskey + 128*(i-1) + 0));\ + shufb(&x0, M);\ + xor2(&x1, (int128 *)(bskey + 128*(i-1) + 16));\ + shufb(&x1, M);\ + xor2(&x2, (int128 *)(bskey + 128*(i-1) + 32));\ + shufb(&x2, M);\ + xor2(&x3, (int128 *)(bskey + 128*(i-1) + 48));\ + shufb(&x3, M);\ + xor2(&x4, (int128 *)(bskey + 128*(i-1) + 64));\ + shufb(&x4, M);\ + xor2(&x5, (int128 *)(bskey + 128*(i-1) + 80));\ + shufb(&x5, M);\ + xor2(&x6, (int128 *)(bskey + 128*(i-1) + 96));\ + shufb(&x6, M);\ + xor2(&x7, (int128 *)(bskey + 128*(i-1) + 112));\ + shufb(&x7, M);\ + + +#define mixcolumns(x0, x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, t4, t5, t6, t7) \ + shufd(&t0, &x0, 0x93);\ + shufd(&t1, &x1, 0x93);\ + shufd(&t2, &x2, 0x93);\ + shufd(&t3, &x3, 0x93);\ + shufd(&t4, &x4, 0x93);\ + shufd(&t5, &x5, 0x93);\ + shufd(&t6, &x6, 0x93);\ + shufd(&t7, &x7, 0x93);\ + ;\ + xor2(&x0, &t0);\ + xor2(&x1, &t1);\ + xor2(&x2, &t2);\ + xor2(&x3, &t3);\ + xor2(&x4, &t4);\ + xor2(&x5, &t5);\ + xor2(&x6, &t6);\ + xor2(&x7, &t7);\ + ;\ + xor2(&t0, &x7);\ + xor2(&t1, &x0);\ + xor2(&t2, &x1);\ + xor2(&t1, &x7);\ + xor2(&t3, &x2);\ + xor2(&t4, &x3);\ + xor2(&t5, &x4);\ + xor2(&t3, &x7);\ + xor2(&t6, &x5);\ + xor2(&t7, &x6);\ + xor2(&t4, &x7);\ + ;\ + shufd(&x0, &x0, 0x4e);\ + shufd(&x1, &x1, 0x4e);\ + shufd(&x2, &x2, 0x4e);\ + shufd(&x3, &x3, 0x4e);\ + shufd(&x4, &x4, 0x4e);\ + shufd(&x5, &x5, 0x4e);\ + shufd(&x6, &x6, 0x4e);\ + shufd(&x7, &x7, 0x4e);\ + ;\ + xor2(&t0, &x0);\ + xor2(&t1, &x1);\ + xor2(&t2, &x2);\ + xor2(&t3, &x3);\ + xor2(&t4, &x4);\ + xor2(&t5, &x5);\ + xor2(&t6, &x6);\ + xor2(&t7, &x7);\ + + +#define aesround(i, b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \ + shiftrows(b0, b1, b2, b3, b4, b5, b6, b7, i, SR, bskey);\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + mixcolumns(b0, b1, b4, b6, b3, b7, b2, b5, t0, t1, t2, t3, t4, t5, t6, t7);\ + + +#define lastround(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \ + shiftrows(b0, b1, b2, b3, b4, b5, b6, b7, 10, SRM0, bskey);\ + sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\ + xor2(&b0,(int128 *)(bskey + 128*10));\ + xor2(&b1,(int128 *)(bskey + 128*10+16));\ + xor2(&b4,(int128 *)(bskey + 128*10+32));\ + xor2(&b6,(int128 *)(bskey + 128*10+48));\ + xor2(&b3,(int128 *)(bskey + 128*10+64));\ + xor2(&b7,(int128 *)(bskey + 128*10+80));\ + xor2(&b2,(int128 *)(bskey + 128*10+96));\ + xor2(&b5,(int128 *)(bskey + 128*10+112));\ + + +#define sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, s0, s1, s2, s3) \ + InBasisChange(b0, b1, b2, b3, b4, b5, b6, b7); \ + Inv_GF256(b6, b5, b0, b3, b7, b1, b4, b2, t0, t1, t2, t3, s0, s1, s2, s3); \ + OutBasisChange(b7, b1, b4, b2, b6, b5, b0, b3); \ + + +#define InBasisChange(b0, b1, b2, b3, b4, b5, b6, b7) \ + xor2(&b5, &b6);\ + xor2(&b2, &b1);\ + xor2(&b5, &b0);\ + xor2(&b6, &b2);\ + xor2(&b3, &b0);\ + ;\ + xor2(&b6, &b3);\ + xor2(&b3, &b7);\ + xor2(&b3, &b4);\ + xor2(&b7, &b5);\ + xor2(&b3, &b1);\ + ;\ + xor2(&b4, &b5);\ + xor2(&b2, &b7);\ + xor2(&b1, &b5);\ + +#define OutBasisChange(b0, b1, b2, b3, b4, b5, b6, b7) \ + xor2(&b0, &b6);\ + xor2(&b1, &b4);\ + xor2(&b2, &b0);\ + xor2(&b4, &b6);\ + xor2(&b6, &b1);\ + ;\ + xor2(&b1, &b5);\ + xor2(&b5, &b3);\ + xor2(&b2, &b5);\ + xor2(&b3, &b7);\ + xor2(&b7, &b5);\ + ;\ + xor2(&b4, &b7);\ + +#define Mul_GF4(x0, x1, y0, y1, t0) \ + copy2(&t0, &y0);\ + xor2(&t0, &y1);\ + and2(&t0, &x0);\ + xor2(&x0, &x1);\ + and2(&x0, &y1);\ + and2(&x1, &y0);\ + xor2(&x0, &x1);\ + xor2(&x1, &t0);\ + +#define Mul_GF4_N(x0, x1, y0, y1, t0) \ + copy2(&t0, &y0);\ + xor2(&t0, &y1);\ + and2(&t0, &x0);\ + xor2(&x0, &x1);\ + and2(&x0, &y1);\ + and2(&x1, &y0);\ + xor2(&x1, &x0);\ + xor2(&x0, &t0);\ + +#define Mul_GF4_2(x0, x1, x2, x3, y0, y1, t0, t1) \ + copy2(&t0, = y0);\ + xor2(&t0, &y1);\ + copy2(&t1, &t0);\ + and2(&t0, &x0);\ + and2(&t1, &x2);\ + xor2(&x0, &x1);\ + xor2(&x2, &x3);\ + and2(&x0, &y1);\ + and2(&x2, &y1);\ + and2(&x1, &y0);\ + and2(&x3, &y0);\ + xor2(&x0, &x1);\ + xor2(&x2, &x3);\ + xor2(&x1, &t0);\ + xor2(&x3, &t1);\ + +#define Mul_GF16(x0, x1, x2, x3, y0, y1, y2, y3, t0, t1, t2, t3) \ + copy2(&t0, &x0);\ + copy2(&t1, &x1);\ + Mul_GF4(x0, x1, y0, y1, t2);\ + xor2(&t0, &x2);\ + xor2(&t1, &x3);\ + xor2(&y0, &y2);\ + xor2(&y1, &y3);\ + Mul_GF4_N(t0, t1, y0, y1, t2);\ + Mul_GF4(x2, x3, y2, y3, t3);\ + ;\ + xor2(&x0, &t0);\ + xor2(&x2, &t0);\ + xor2(&x1, &t1);\ + xor2(&x3, &t1);\ + +#define Mul_GF16_2(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, t0, t1, t2, t3) \ + copy2(&t0, &x0);\ + copy2(&t1, &x1);\ + Mul_GF4(x0, x1, y0, y1, t2);\ + xor2(&t0, &x2);\ + xor2(&t1, &x3);\ + xor2(&y0, &y2);\ + xor2(&y1, &y3);\ + Mul_GF4_N(t0, t1, y0, y1, t3);\ + Mul_GF4(x2, x3, y2, y3, t2);\ + ;\ + xor2(&x0, &t0);\ + xor2(&x2, &t0);\ + xor2(&x1, &t1);\ + xor2(&x3, &t1);\ + ;\ + copy2(&t0, &x4);\ + copy2(&t1, &x5);\ + xor2(&t0, &x6);\ + xor2(&t1, &x7);\ + Mul_GF4_N(t0, t1, y0, y1, t3);\ + Mul_GF4(x6, x7, y2, y3, t2);\ + xor2(&y0, &y2);\ + xor2(&y1, &y3);\ + Mul_GF4(x4, x5, y0, y1, t3);\ + ;\ + xor2(&x4, &t0);\ + xor2(&x6, &t0);\ + xor2(&x5, &t1);\ + xor2(&x7, &t1);\ + +#define Inv_GF16(x0, x1, x2, x3, t0, t1, t2, t3) \ + copy2(&t0, &x1);\ + copy2(&t1, &x0);\ + and2(&t0, &x3);\ + or2(&t1, &x2);\ + copy2(&t2, &x1);\ + copy2(&t3, &x0);\ + or2(&t2, &x2);\ + or2(&t3, &x3);\ + xor2(&t2, &t3);\ + ;\ + xor2(&t0, &t2);\ + xor2(&t1, &t2);\ + ;\ + Mul_GF4_2(x0, x1, x2, x3, t1, t0, t2, t3);\ + + +#define Inv_GF256(x0, x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, s0, s1, s2, s3) \ + copy2(&t3, &x4);\ + copy2(&t2, &x5);\ + copy2(&t1, &x1);\ + copy2(&s1, &x7);\ + copy2(&s0, &x0);\ + ;\ + xor2(&t3, &x6);\ + xor2(&t2, &x7);\ + xor2(&t1, &x3);\ + xor2(&s1, &x6);\ + xor2(&s0, &x2);\ + ;\ + copy2(&s2, &t3);\ + copy2(&t0, &t2);\ + copy2(&s3, &t3);\ + ;\ + or2(&t2, &t1);\ + or2(&t3, &s0);\ + xor2(&s3, &t0);\ + and2(&s2, &s0);\ + and2(&t0, &t1);\ + xor2(&s0, &t1);\ + and2(&s3, &s0);\ + copy2(&s0, &x3);\ + xor2(&s0, &x2);\ + and2(&s1, &s0);\ + xor2(&t3, &s1);\ + xor2(&t2, &s1);\ + copy2(&s1, &x4);\ + xor2(&s1, &x5);\ + copy2(&s0, &x1);\ + copy2(&t1, &s1);\ + xor2(&s0, &x0);\ + or2(&t1, &s0);\ + and2(&s1, &s0);\ + xor2(&t0, &s1);\ + xor2(&t3, &s3);\ + xor2(&t2, &s2);\ + xor2(&t1, &s3);\ + xor2(&t0, &s2);\ + xor2(&t1, &s2);\ + copy2(&s0, &x7);\ + copy2(&s1, &x6);\ + copy2(&s2, &x5);\ + copy2(&s3, &x4);\ + and2(&s0, &x3);\ + and2(&s1, &x2);\ + and2(&s2, &x1);\ + or2(&s3, &x0);\ + xor2(&t3, &s0);\ + xor2(&t2, &s1);\ + xor2(&t1, &s2);\ + xor2(&t0, &s3);\ + ;\ + copy2(&s0, &t3);\ + xor2(&s0, &t2);\ + and2(&t3, &t1);\ + copy2(&s2, &t0);\ + xor2(&s2, &t3);\ + copy2(&s3, &s0);\ + and2(&s3, &s2);\ + xor2(&s3, &t2);\ + copy2(&s1, &t1);\ + xor2(&s1, &t0);\ + xor2(&t3, &t2);\ + and2(&s1, &t3);\ + xor2(&s1, &t0);\ + xor2(&t1, &s1);\ + copy2(&t2, &s2);\ + xor2(&t2, &s1);\ + and2(&t2, &t0);\ + xor2(&t1, &t2);\ + xor2(&s2, &t2);\ + and2(&s2, &s3);\ + xor2(&s2, &s0);\ + ;\ + Mul_GF16_2(x0, x1, x2, x3, x4, x5, x6, x7, s3, s2, s1, t1, s0, t0, t2, t3);\ + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/consts.c b/src/libnacl/crypto_stream/aes128ctr/portable/consts.c new file mode 100644 index 00000000..72296c04 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/consts.c @@ -0,0 +1,14 @@ +#include "consts.h" + +const unsigned char ROTB[16] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08}; +const unsigned char M0[16] = {0x0f, 0x0b, 0x07, 0x03, 0x0e, 0x0a, 0x06, 0x02, 0x0d, 0x09, 0x05, 0x01, 0x0c, 0x08, 0x04, 0x00}; +const unsigned char EXPB0[16] = {0x03, 0x03, 0x03, 0x03, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x0b, 0x0b, 0x0b, 0x0f, 0x0f, 0x0f, 0x0f}; + +const unsigned char SWAP32[16] = {0x03, 0x02, 0x01, 0x00, 0x07, 0x06, 0x05, 0x04, 0x0b, 0x0a, 0x09, 0x08, 0x0f, 0x0e, 0x0d, 0x0c}; +const unsigned char M0SWAP[16] = {0x0c, 0x08, 0x04, 0x00, 0x0d, 0x09, 0x05, 0x01, 0x0e, 0x0a, 0x06, 0x02, 0x0f, 0x0b, 0x07, 0x03}; +const unsigned char SR[16] = {0x01, 0x02, 0x03, 0x00, 0x06, 0x07, 0x04, 0x05, 0x0b, 0x08, 0x09, 0x0a, 0x0c, 0x0d, 0x0e, 0x0f}; +const unsigned char SRM0[16] = {0x0f, 0x0a, 0x05, 0x00, 0x0e, 0x09, 0x04, 0x03, 0x0d, 0x08, 0x07, 0x02, 0x0c, 0x0b, 0x06, 0x01}; + +const int128 BS0 = {0x5555555555555555ULL, 0x5555555555555555ULL}; +const int128 BS1 = {0x3333333333333333ULL, 0x3333333333333333ULL}; +const int128 BS2 = {0x0f0f0f0f0f0f0f0fULL, 0x0f0f0f0f0f0f0f0fULL}; diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/consts.h b/src/libnacl/crypto_stream/aes128ctr/portable/consts.h new file mode 100644 index 00000000..4c50360b --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/consts.h @@ -0,0 +1,28 @@ +#ifndef CONSTS_H +#define CONSTS_H + +#include "int128.h" + +#define ROTB crypto_stream_aes128ctr_portable_ROTB +#define M0 crypto_stream_aes128ctr_portable_M0 +#define EXPB0 crypto_stream_aes128ctr_portable_EXPB0 +#define SWAP32 crypto_stream_aes128ctr_portable_SWAP32 +#define M0SWAP crypto_stream_aes128ctr_portable_M0SWAP +#define SR crypto_stream_aes128ctr_portable_SR +#define SRM0 crypto_stream_aes128ctr_portable_SRM0 +#define BS0 crypto_stream_aes128ctr_portable_BS0 +#define BS1 crypto_stream_aes128ctr_portable_BS1 +#define BS2 crypto_stream_aes128ctr_portable_BS2 + +extern const unsigned char ROTB[16]; +extern const unsigned char M0[16]; +extern const unsigned char EXPB0[16]; +extern const unsigned char SWAP32[16]; +extern const unsigned char M0SWAP[16]; +extern const unsigned char SR[16]; +extern const unsigned char SRM0[16]; +extern const int128 BS0; +extern const int128 BS1; +extern const int128 BS2; + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/int128.c b/src/libnacl/crypto_stream/aes128ctr/portable/int128.c new file mode 100644 index 00000000..25894d42 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/int128.c @@ -0,0 +1,128 @@ +#include "int128.h" +#include "common.h" + +void xor2(int128 *r, const int128 *x) +{ + r->a ^= x->a; + r->b ^= x->b; +} + +void and2(int128 *r, const int128 *x) +{ + r->a &= x->a; + r->b &= x->b; +} + +void or2(int128 *r, const int128 *x) +{ + r->a |= x->a; + r->b |= x->b; +} + +void copy2(int128 *r, const int128 *x) +{ + r->a = x->a; + r->b = x->b; +} + +void shufb(int128 *r, const unsigned char *l) +{ + int128 t; + copy2(&t,r); + unsigned char *cr = (unsigned char *)r; + unsigned char *ct = (unsigned char *)&t; + cr[0] = ct[l[0]]; + cr[1] = ct[l[1]]; + cr[2] = ct[l[2]]; + cr[3] = ct[l[3]]; + cr[4] = ct[l[4]]; + cr[5] = ct[l[5]]; + cr[6] = ct[l[6]]; + cr[7] = ct[l[7]]; + cr[8] = ct[l[8]]; + cr[9] = ct[l[9]]; + cr[10] = ct[l[10]]; + cr[11] = ct[l[11]]; + cr[12] = ct[l[12]]; + cr[13] = ct[l[13]]; + cr[14] = ct[l[14]]; + cr[15] = ct[l[15]]; +} + +void shufd(int128 *r, const int128 *x, const unsigned int c) +{ + int128 t; + uint32 *tp = (uint32 *)&t; + uint32 *xp = (uint32 *)x; + tp[0] = xp[c&3]; + tp[1] = xp[(c>>2)&3]; + tp[2] = xp[(c>>4)&3]; + tp[3] = xp[(c>>6)&3]; + copy2(r,&t); +} + +void rshift32_littleendian(int128 *r, const unsigned int n) +{ + unsigned char *rp = (unsigned char *)r; + uint32 t; + t = load32_littleendian(rp); + t >>= n; + store32_littleendian(rp, t); + t = load32_littleendian(rp+4); + t >>= n; + store32_littleendian(rp+4, t); + t = load32_littleendian(rp+8); + t >>= n; + store32_littleendian(rp+8, t); + t = load32_littleendian(rp+12); + t >>= n; + store32_littleendian(rp+12, t); +} + +void rshift64_littleendian(int128 *r, const unsigned int n) +{ + unsigned char *rp = (unsigned char *)r; + uint64 t; + t = load64_littleendian(rp); + t >>= n; + store64_littleendian(rp, t); + t = load64_littleendian(rp+8); + t >>= n; + store64_littleendian(rp+8, t); +} + +void lshift64_littleendian(int128 *r, const unsigned int n) +{ + unsigned char *rp = (unsigned char *)r; + uint64 t; + t = load64_littleendian(rp); + t <<= n; + store64_littleendian(rp, t); + t = load64_littleendian(rp+8); + t <<= n; + store64_littleendian(rp+8, t); +} + +void toggle(int128 *r) +{ + r->a ^= 0xffffffffffffffffULL; + r->b ^= 0xffffffffffffffffULL; +} + +void xor_rcon(int128 *r) +{ + unsigned char *rp = (unsigned char *)r; + uint32 t; + t = load32_littleendian(rp+12); + t ^= 0xffffffff; + store32_littleendian(rp+12, t); +} + +void add_uint32_big(int128 *r, uint32 x) +{ + unsigned char *rp = (unsigned char *)r; + uint32 t; + t = load32_littleendian(rp+12); + t += x; + store32_littleendian(rp+12, t); +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/int128.h b/src/libnacl/crypto_stream/aes128ctr/portable/int128.h new file mode 100644 index 00000000..7099e5b1 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/int128.h @@ -0,0 +1,47 @@ +#ifndef INT128_H +#define INT128_H + +#include "common.h" + +typedef struct{ + unsigned long long a; + unsigned long long b; +} int128; + +#define xor2 crypto_stream_aes128ctr_portable_xor2 +void xor2(int128 *r, const int128 *x); + +#define and2 crypto_stream_aes128ctr_portable_and2 +void and2(int128 *r, const int128 *x); + +#define or2 crypto_stream_aes128ctr_portable_or2 +void or2(int128 *r, const int128 *x); + +#define copy2 crypto_stream_aes128ctr_portable_copy2 +void copy2(int128 *r, const int128 *x); + +#define shufb crypto_stream_aes128ctr_portable_shufb +void shufb(int128 *r, const unsigned char *l); + +#define shufd crypto_stream_aes128ctr_portable_shufd +void shufd(int128 *r, const int128 *x, const unsigned int c); + +#define rshift32_littleendian crypto_stream_aes128ctr_portable_rshift32_littleendian +void rshift32_littleendian(int128 *r, const unsigned int n); + +#define rshift64_littleendian crypto_stream_aes128ctr_portable_rshift64_littleendian +void rshift64_littleendian(int128 *r, const unsigned int n); + +#define lshift64_littleendian crypto_stream_aes128ctr_portable_lshift64_littleendian +void lshift64_littleendian(int128 *r, const unsigned int n); + +#define toggle crypto_stream_aes128ctr_portable_toggle +void toggle(int128 *r); + +#define xor_rcon crypto_stream_aes128ctr_portable_xor_rcon +void xor_rcon(int128 *r); + +#define add_uint32_big crypto_stream_aes128ctr_portable_add_uint32_big +void add_uint32_big(int128 *r, uint32 x); + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/stream.c b/src/libnacl/crypto_stream/aes128ctr/portable/stream.c new file mode 100644 index 00000000..963fa8c1 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/stream.c @@ -0,0 +1,28 @@ +#include "crypto_stream.h" + +int crypto_stream( + unsigned char *out, + unsigned long long outlen, + const unsigned char *n, + const unsigned char *k + ) +{ + unsigned char d[crypto_stream_BEFORENMBYTES]; + crypto_stream_beforenm(d, k); + crypto_stream_afternm(out, outlen, n, d); + return 0; +} + +int crypto_stream_xor( + unsigned char *out, + const unsigned char *in, + unsigned long long inlen, + const unsigned char *n, + const unsigned char *k + ) +{ + unsigned char d[crypto_stream_BEFORENMBYTES]; + crypto_stream_beforenm(d, k); + crypto_stream_xor_afternm(out, in, inlen, n, d); + return 0; +} diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/types.h b/src/libnacl/crypto_stream/aes128ctr/portable/types.h new file mode 100644 index 00000000..6aa502fc --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/types.h @@ -0,0 +1,10 @@ +#ifndef TYPES_H +#define TYPES_H + +#include "crypto_uint32.h" +typedef crypto_uint32 uint32; + +#include "crypto_uint64.h" +typedef crypto_uint64 uint64; + +#endif diff --git a/src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c b/src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c new file mode 100644 index 00000000..f2ff8ff6 --- /dev/null +++ b/src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c @@ -0,0 +1,180 @@ +/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper + * Date: 2009-03-19 + * Public domain */ + +#include +#include "int128.h" +#include "common.h" +#include "consts.h" +#include "crypto_stream.h" + +int crypto_stream_xor_afternm(unsigned char *outp, const unsigned char *inp, unsigned long long len, const unsigned char *noncep, const unsigned char *c) +{ + + int128 xmm0; + int128 xmm1; + int128 xmm2; + int128 xmm3; + int128 xmm4; + int128 xmm5; + int128 xmm6; + int128 xmm7; + + int128 xmm8; + int128 xmm9; + int128 xmm10; + int128 xmm11; + int128 xmm12; + int128 xmm13; + int128 xmm14; + int128 xmm15; + + int128 nonce_stack; + unsigned long long lensav; + unsigned char bl[128]; + unsigned char *blp; + unsigned char b; + + uint32 tmp; + + /* Copy nonce on the stack */ + copy2(&nonce_stack, (int128 *) (noncep + 0)); + unsigned char *np = (unsigned char *)&nonce_stack; + + enc_block: + + xmm0 = *(int128 *) (np + 0); + copy2(&xmm1, &xmm0); + shufb(&xmm1, SWAP32); + copy2(&xmm2, &xmm1); + copy2(&xmm3, &xmm1); + copy2(&xmm4, &xmm1); + copy2(&xmm5, &xmm1); + copy2(&xmm6, &xmm1); + copy2(&xmm7, &xmm1); + + add_uint32_big(&xmm1, 1); + add_uint32_big(&xmm2, 2); + add_uint32_big(&xmm3, 3); + add_uint32_big(&xmm4, 4); + add_uint32_big(&xmm5, 5); + add_uint32_big(&xmm6, 6); + add_uint32_big(&xmm7, 7); + + shufb(&xmm0, M0); + shufb(&xmm1, M0SWAP); + shufb(&xmm2, M0SWAP); + shufb(&xmm3, M0SWAP); + shufb(&xmm4, M0SWAP); + shufb(&xmm5, M0SWAP); + shufb(&xmm6, M0SWAP); + shufb(&xmm7, M0SWAP); + + bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8) + + aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c) + lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c) + + bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0) + + if(len < 128) goto partial; + if(len == 128) goto full; + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + xor2(&xmm8, (int128 *)(inp + 0)); + xor2(&xmm9, (int128 *)(inp + 16)); + xor2(&xmm12, (int128 *)(inp + 32)); + xor2(&xmm14, (int128 *)(inp + 48)); + xor2(&xmm11, (int128 *)(inp + 64)); + xor2(&xmm15, (int128 *)(inp + 80)); + xor2(&xmm10, (int128 *)(inp + 96)); + xor2(&xmm13, (int128 *)(inp + 112)); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + len -= 128; + inp += 128; + outp += 128; + + goto enc_block; + + partial: + + lensav = len; + len >>= 4; + + tmp = load32_bigendian(np + 12); + tmp += len; + store32_bigendian(np + 12, tmp); + + blp = bl; + *(int128 *)(blp + 0) = xmm8; + *(int128 *)(blp + 16) = xmm9; + *(int128 *)(blp + 32) = xmm12; + *(int128 *)(blp + 48) = xmm14; + *(int128 *)(blp + 64) = xmm11; + *(int128 *)(blp + 80) = xmm15; + *(int128 *)(blp + 96) = xmm10; + *(int128 *)(blp + 112) = xmm13; + + bytes: + + if(lensav == 0) goto end; + + b = blp[0]; + b ^= *(unsigned char *)(inp + 0); + *(unsigned char *)(outp + 0) = b; + + blp += 1; + inp +=1; + outp +=1; + lensav -= 1; + + goto bytes; + + full: + + tmp = load32_bigendian(np + 12); + tmp += 8; + store32_bigendian(np + 12, tmp); + + xor2(&xmm8, (int128 *)(inp + 0)); + xor2(&xmm9, (int128 *)(inp + 16)); + xor2(&xmm12, (int128 *)(inp + 32)); + xor2(&xmm14, (int128 *)(inp + 48)); + xor2(&xmm11, (int128 *)(inp + 64)); + xor2(&xmm15, (int128 *)(inp + 80)); + xor2(&xmm10, (int128 *)(inp + 96)); + xor2(&xmm13, (int128 *)(inp + 112)); + + *(int128 *) (outp + 0) = xmm8; + *(int128 *) (outp + 16) = xmm9; + *(int128 *) (outp + 32) = xmm12; + *(int128 *) (outp + 48) = xmm14; + *(int128 *) (outp + 64) = xmm11; + *(int128 *) (outp + 80) = xmm15; + *(int128 *) (outp + 96) = xmm10; + *(int128 *) (outp + 112) = xmm13; + + end: + return 0; + +} diff --git a/src/libnacl/crypto_stream/aes128ctr/used b/src/libnacl/crypto_stream/aes128ctr/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/measure.c b/src/libnacl/crypto_stream/measure.c new file mode 100644 index 00000000..ff3ab610 --- /dev/null +++ b/src/libnacl/crypto_stream/measure.c @@ -0,0 +1,73 @@ +#include +#include "randombytes.h" +#include "cpucycles.h" +#include "crypto_stream.h" + +extern void printentry(long long,const char *,long long *,long long); +extern unsigned char *alignedcalloc(unsigned long long); +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void allocate(void); +extern void measure(void); + +const char *primitiveimplementation = crypto_stream_IMPLEMENTATION; +const char *implementationversion = crypto_stream_VERSION; +const char *sizenames[] = { "keybytes", "noncebytes", 0 }; +const long long sizes[] = { crypto_stream_KEYBYTES, crypto_stream_NONCEBYTES }; + +#define MAXTEST_BYTES 4096 +#ifdef SUPERCOP +#define MGAP 8192 +#else +#define MGAP 8 +#endif + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_stream_KEYBYTES); + n = alignedcalloc(crypto_stream_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + c = alignedcalloc(MAXTEST_BYTES); +} + +#define TIMINGS 15 +static long long cycles[TIMINGS + 1]; + +void measure(void) +{ + int i; + int loop; + int mlen; + + for (loop = 0;loop < LOOPS;++loop) { + for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) { + randombytes(k,crypto_stream_KEYBYTES); + randombytes(n,crypto_stream_NONCEBYTES); + randombytes(m,mlen); + randombytes(c,mlen); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_stream(c,mlen,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"cycles",cycles,TIMINGS); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + crypto_stream_xor(c,m,mlen,n,k); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + printentry(mlen,"xor_cycles",cycles,TIMINGS); + } + } +} diff --git a/src/libnacl/crypto_stream/salsa20/checksum b/src/libnacl/crypto_stream/salsa20/checksum new file mode 100644 index 00000000..78ff05f4 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/checksum @@ -0,0 +1 @@ +44a3966eabcd3a2b13faca2150e38f2b7e6bac187d626618f50a9f875158ae78 diff --git a/src/libnacl/crypto_stream/salsa20/ref/api.h b/src/libnacl/crypto_stream/salsa20/ref/api.h new file mode 100644 index 00000000..c2b18461 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 8 diff --git a/src/libnacl/crypto_stream/salsa20/ref/implementors b/src/libnacl/crypto_stream/salsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/salsa20/ref/stream.c b/src/libnacl/crypto_stream/salsa20/ref/stream.c new file mode 100644 index 00000000..2f0262eb --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/stream.c @@ -0,0 +1,49 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa20.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!clen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (clen >= 64) { + crypto_core_salsa20(c,in,k,sigma); + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + clen -= 64; + c += 64; + } + + if (clen) { + crypto_core_salsa20(block,in,k,sigma); + for (i = 0;i < clen;++i) c[i] = block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa20/ref/xor.c b/src/libnacl/crypto_stream/salsa20/ref/xor.c new file mode 100644 index 00000000..11c7e9f0 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa20/ref/xor.c @@ -0,0 +1,52 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa20.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!mlen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (mlen >= 64) { + crypto_core_salsa20(block,in,k,sigma); + for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + mlen -= 64; + c += 64; + m += 64; + } + + if (mlen) { + crypto_core_salsa20(block,in,k,sigma); + for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa20/used b/src/libnacl/crypto_stream/salsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/salsa2012/checksum b/src/libnacl/crypto_stream/salsa2012/checksum new file mode 100644 index 00000000..f801d9e3 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/checksum @@ -0,0 +1 @@ +ecc758f200061c3cc770b25797da73583548d4f90f69a967fbbe1a6d94d1705c diff --git a/src/libnacl/crypto_stream/salsa2012/ref/api.h b/src/libnacl/crypto_stream/salsa2012/ref/api.h new file mode 100644 index 00000000..c2b18461 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 8 diff --git a/src/libnacl/crypto_stream/salsa2012/ref/implementors b/src/libnacl/crypto_stream/salsa2012/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/salsa2012/ref/stream.c b/src/libnacl/crypto_stream/salsa2012/ref/stream.c new file mode 100644 index 00000000..86053337 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/stream.c @@ -0,0 +1,49 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa2012.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!clen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (clen >= 64) { + crypto_core_salsa2012(c,in,k,sigma); + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + clen -= 64; + c += 64; + } + + if (clen) { + crypto_core_salsa2012(block,in,k,sigma); + for (i = 0;i < clen;++i) c[i] = block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa2012/ref/xor.c b/src/libnacl/crypto_stream/salsa2012/ref/xor.c new file mode 100644 index 00000000..90206426 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa2012/ref/xor.c @@ -0,0 +1,52 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa2012.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!mlen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (mlen >= 64) { + crypto_core_salsa2012(block,in,k,sigma); + for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + mlen -= 64; + c += 64; + m += 64; + } + + if (mlen) { + crypto_core_salsa2012(block,in,k,sigma); + for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa2012/used b/src/libnacl/crypto_stream/salsa2012/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/salsa208/checksum b/src/libnacl/crypto_stream/salsa208/checksum new file mode 100644 index 00000000..c87364e6 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/checksum @@ -0,0 +1 @@ +05f32b0647417aaa446b0b3127318133cf9af32b771869eab267000bf02710cd diff --git a/src/libnacl/crypto_stream/salsa208/ref/api.h b/src/libnacl/crypto_stream/salsa208/ref/api.h new file mode 100644 index 00000000..c2b18461 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 8 diff --git a/src/libnacl/crypto_stream/salsa208/ref/implementors b/src/libnacl/crypto_stream/salsa208/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/salsa208/ref/stream.c b/src/libnacl/crypto_stream/salsa208/ref/stream.c new file mode 100644 index 00000000..cdcfbc0e --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/stream.c @@ -0,0 +1,49 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa208.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!clen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (clen >= 64) { + crypto_core_salsa208(c,in,k,sigma); + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + clen -= 64; + c += 64; + } + + if (clen) { + crypto_core_salsa208(block,in,k,sigma); + for (i = 0;i < clen;++i) c[i] = block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa208/ref/xor.c b/src/libnacl/crypto_stream/salsa208/ref/xor.c new file mode 100644 index 00000000..c017ac42 --- /dev/null +++ b/src/libnacl/crypto_stream/salsa208/ref/xor.c @@ -0,0 +1,52 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_salsa208.h" +#include "crypto_stream.h" + +typedef unsigned int uint32; + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char in[16]; + unsigned char block[64]; + int i; + unsigned int u; + + if (!mlen) return 0; + + for (i = 0;i < 8;++i) in[i] = n[i]; + for (i = 8;i < 16;++i) in[i] = 0; + + while (mlen >= 64) { + crypto_core_salsa208(block,in,k,sigma); + for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; + + u = 1; + for (i = 8;i < 16;++i) { + u += (unsigned int) in[i]; + in[i] = u; + u >>= 8; + } + + mlen -= 64; + c += 64; + m += 64; + } + + if (mlen) { + crypto_core_salsa208(block,in,k,sigma); + for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; + } + return 0; +} diff --git a/src/libnacl/crypto_stream/salsa208/used b/src/libnacl/crypto_stream/salsa208/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/try.c b/src/libnacl/crypto_stream/try.c new file mode 100644 index 00000000..184d0cec --- /dev/null +++ b/src/libnacl/crypto_stream/try.c @@ -0,0 +1,125 @@ +/* + * crypto_stream/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_stream.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_stream_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *s; +static unsigned char *k2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *s2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(crypto_stream_KEYBYTES); + n = alignedcalloc(crypto_stream_NONCEBYTES); + m = alignedcalloc(MAXTEST_BYTES); + c = alignedcalloc(MAXTEST_BYTES); + s = alignedcalloc(MAXTEST_BYTES); + k2 = alignedcalloc(crypto_stream_KEYBYTES); + n2 = alignedcalloc(crypto_stream_NONCEBYTES); + m2 = alignedcalloc(MAXTEST_BYTES); + c2 = alignedcalloc(MAXTEST_BYTES); + s2 = alignedcalloc(MAXTEST_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_stream_xor(c,m,TUNE_BYTES,n,k); +} + +char checksum[crypto_stream_KEYBYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long clen = i; + long long slen = i; + long long klen = crypto_stream_KEYBYTES; + long long nlen = crypto_stream_NONCEBYTES; + for (j = -16;j < 0;++j) m[j] = random(); + for (j = -16;j < 0;++j) c[j] = random(); + for (j = -16;j < 0;++j) s[j] = random(); + for (j = -16;j < 0;++j) n[j] = random(); + for (j = -16;j < 0;++j) k[j] = random(); + for (j = mlen;j < mlen + 16;++j) m[j] = random(); + for (j = clen;j < clen + 16;++j) c[j] = random(); + for (j = slen;j < slen + 16;++j) s[j] = random(); + for (j = nlen;j < nlen + 16;++j) n[j] = random(); + for (j = klen;j < klen + 16;++j) k[j] = random(); + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < slen + 16;++j) s2[j] = s[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + + crypto_stream_xor(c,m,mlen,n,k); + + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream_xor overwrites m"; + for (j = -16;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream_xor overwrites s"; + for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream_xor overwrites n"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream_xor overwrites k"; + for (j = -16;j < 0;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes before output"; + for (j = clen;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes after output"; + + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + + crypto_stream(s,slen,n,k); + + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream overwrites m"; + for (j = -16;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream overwrites n"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream overwrites k"; + for (j = -16;j < 0;++j) if (s[j] != s2[j]) return "crypto_stream writes before output"; + for (j = slen;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream writes after output"; + + for (j = 0;j < mlen;++j) + if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream"; + + for (j = 0;j < clen;++j) k[j % klen] ^= c[j]; + crypto_stream_xor(m,c,clen,n,k); + crypto_stream(s,slen,n,k); + for (j = 0;j < mlen;++j) + if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream"; + for (j = 0;j < mlen;++j) n[j % nlen] ^= m[j]; + m[mlen] = 0; + } + + for (i = 0;i < crypto_stream_KEYBYTES;++i) { + checksum[2 * i] = "0123456789abcdef"[15 & (k[i] >> 4)]; + checksum[2 * i + 1] = "0123456789abcdef"[15 & k[i]]; + } + checksum[2 * i] = 0; + + return 0; +} diff --git a/src/libnacl/crypto_stream/wrapper-stream.cpp b/src/libnacl/crypto_stream/wrapper-stream.cpp new file mode 100644 index 00000000..dd10c2f6 --- /dev/null +++ b/src/libnacl/crypto_stream/wrapper-stream.cpp @@ -0,0 +1,12 @@ +#include +using std::string; +#include "crypto_stream.h" + +string crypto_stream(size_t clen,const string &n,const string &k) +{ + if (n.size() != crypto_stream_NONCEBYTES) throw "incorrect nonce length"; + if (k.size() != crypto_stream_KEYBYTES) throw "incorrect key length"; + unsigned char c[clen]; + crypto_stream(c,clen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()); + return string((char *) c,clen); +} diff --git a/src/libnacl/crypto_stream/wrapper-xor.cpp b/src/libnacl/crypto_stream/wrapper-xor.cpp new file mode 100644 index 00000000..8d770d1e --- /dev/null +++ b/src/libnacl/crypto_stream/wrapper-xor.cpp @@ -0,0 +1,17 @@ +#include +using std::string; +#include "crypto_stream.h" + +string crypto_stream_xor(const string &m,const string &n,const string &k) +{ + if (n.size() != crypto_stream_NONCEBYTES) throw "incorrect nonce length"; + if (k.size() != crypto_stream_KEYBYTES) throw "incorrect key length"; + size_t mlen = m.size(); + unsigned char c[mlen]; + crypto_stream_xor(c, + (const unsigned char *) m.c_str(),mlen, + (const unsigned char *) n.c_str(), + (const unsigned char *) k.c_str() + ); + return string((char *) c,mlen); +} diff --git a/src/libnacl/crypto_stream/xsalsa20/checksum b/src/libnacl/crypto_stream/xsalsa20/checksum new file mode 100644 index 00000000..cae64c0d --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/checksum @@ -0,0 +1 @@ +201bc58a96adcb6ed339ca33c188af8ca04a4ce68be1e0953309ee09a0cf8e7a diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/api.h b/src/libnacl/crypto_stream/xsalsa20/ref/api.h new file mode 100644 index 00000000..6910a7dc --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/api.h @@ -0,0 +1,2 @@ +#define CRYPTO_KEYBYTES 32 +#define CRYPTO_NONCEBYTES 24 diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/implementors b/src/libnacl/crypto_stream/xsalsa20/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/implementors @@ -0,0 +1 @@ +Daniel J. Bernstein diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/stream.c b/src/libnacl/crypto_stream/xsalsa20/ref/stream.c new file mode 100644 index 00000000..2d710709 --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/stream.c @@ -0,0 +1,22 @@ +/* +version 20080914 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_hsalsa20.h" +#include "crypto_stream_salsa20.h" +#include "crypto_stream.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream( + unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char subkey[32]; + crypto_core_hsalsa20(subkey,n,k,sigma); + return crypto_stream_salsa20(c,clen,n + 16,subkey); +} diff --git a/src/libnacl/crypto_stream/xsalsa20/ref/xor.c b/src/libnacl/crypto_stream/xsalsa20/ref/xor.c new file mode 100644 index 00000000..13f3134a --- /dev/null +++ b/src/libnacl/crypto_stream/xsalsa20/ref/xor.c @@ -0,0 +1,23 @@ +/* +version 20080913 +D. J. Bernstein +Public domain. +*/ + +#include "crypto_core_hsalsa20.h" +#include "crypto_stream_salsa20.h" +#include "crypto_stream.h" + +static const unsigned char sigma[16] = "expand 32-byte k"; + +int crypto_stream_xor( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + unsigned char subkey[32]; + crypto_core_hsalsa20(subkey,n,k,sigma); + return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey); +} diff --git a/src/libnacl/crypto_stream/xsalsa20/selected b/src/libnacl/crypto_stream/xsalsa20/selected new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_stream/xsalsa20/used b/src/libnacl/crypto_stream/xsalsa20/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_verify/16/checksum b/src/libnacl/crypto_verify/16/checksum new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/crypto_verify/16/checksum @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/crypto_verify/16/ref/api.h b/src/libnacl/crypto_verify/16/ref/api.h new file mode 100644 index 00000000..32be2f97 --- /dev/null +++ b/src/libnacl/crypto_verify/16/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 16 diff --git a/src/libnacl/crypto_verify/16/ref/verify.c b/src/libnacl/crypto_verify/16/ref/verify.c new file mode 100644 index 00000000..d356060c --- /dev/null +++ b/src/libnacl/crypto_verify/16/ref/verify.c @@ -0,0 +1,24 @@ +#include "crypto_verify.h" + +int crypto_verify(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + return (1 & ((differentbits - 1) >> 8)) - 1; +} diff --git a/src/libnacl/crypto_verify/16/used b/src/libnacl/crypto_verify/16/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_verify/32/checksum b/src/libnacl/crypto_verify/32/checksum new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/crypto_verify/32/checksum @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/crypto_verify/32/ref/api.h b/src/libnacl/crypto_verify/32/ref/api.h new file mode 100644 index 00000000..ae8c7f6a --- /dev/null +++ b/src/libnacl/crypto_verify/32/ref/api.h @@ -0,0 +1 @@ +#define CRYPTO_BYTES 32 diff --git a/src/libnacl/crypto_verify/32/ref/verify.c b/src/libnacl/crypto_verify/32/ref/verify.c new file mode 100644 index 00000000..a0e23afe --- /dev/null +++ b/src/libnacl/crypto_verify/32/ref/verify.c @@ -0,0 +1,40 @@ +#include "crypto_verify.h" + +int crypto_verify(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + F(16) + F(17) + F(18) + F(19) + F(20) + F(21) + F(22) + F(23) + F(24) + F(25) + F(26) + F(27) + F(28) + F(29) + F(30) + F(31) + return (1 & ((differentbits - 1) >> 8)) - 1; +} diff --git a/src/libnacl/crypto_verify/32/used b/src/libnacl/crypto_verify/32/used new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/crypto_verify/measure.c b/src/libnacl/crypto_verify/measure.c new file mode 100644 index 00000000..bbfac4f1 --- /dev/null +++ b/src/libnacl/crypto_verify/measure.c @@ -0,0 +1,18 @@ +#include "crypto_verify.h" + +const char *primitiveimplementation = crypto_verify_IMPLEMENTATION; +const char *implementationversion = crypto_verify_VERSION; +const char *sizenames[] = { "inputbytes", 0 }; +const long long sizes[] = { crypto_verify_BYTES }; + +void preallocate(void) +{ +} + +void allocate(void) +{ +} + +void measure(void) +{ +} diff --git a/src/libnacl/crypto_verify/try.c b/src/libnacl/crypto_verify/try.c new file mode 100644 index 00000000..93cfe7a7 --- /dev/null +++ b/src/libnacl/crypto_verify/try.c @@ -0,0 +1,76 @@ +/* + * crypto_verify/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_verify.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_verify_IMPLEMENTATION; + +static unsigned char *x; +static unsigned char *y; + +void preallocate(void) +{ +} + +void allocate(void) +{ + x = alignedcalloc(crypto_verify_BYTES); + y = alignedcalloc(crypto_verify_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_verify(x,y); +} + +static const char *check(void) +{ + int r = crypto_verify(x,y); + if (r == 0) { + if (memcmp(x,y,crypto_verify_BYTES)) return "different strings pass verify"; + } else if (r == -1) { + if (!memcmp(x,y,crypto_verify_BYTES)) return "equal strings fail verify"; + } else { + return "weird return value from verify"; + } + return 0; +} + +char checksum[2]; + +const char *checksum_compute(void) +{ + long long tests; + long long i; + long long j; + const char *c; + + for (tests = 0;tests < 100000;++tests) { + for (i = 0;i < crypto_verify_BYTES;++i) x[i] = random(); + for (i = 0;i < crypto_verify_BYTES;++i) y[i] = random(); + c = check(); if (c) return c; + for (i = 0;i < crypto_verify_BYTES;++i) y[i] = x[i]; + c = check(); if (c) return c; + y[random() % crypto_verify_BYTES] = random(); + c = check(); if (c) return c; + y[random() % crypto_verify_BYTES] = random(); + c = check(); if (c) return c; + y[random() % crypto_verify_BYTES] = random(); + c = check(); if (c) return c; + } + + checksum[0] = '0'; + checksum[1] = 0; + return 0; +} diff --git a/src/libnacl/crypto_verify/wrapper-empty.cpp b/src/libnacl/crypto_verify/wrapper-empty.cpp new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/dist-dirs b/src/libnacl/dist-dirs new file mode 100644 index 00000000..e22060fc --- /dev/null +++ b/src/libnacl/dist-dirs @@ -0,0 +1,74 @@ +. +./commandline +./cpucycles +./cpuid +./crypto_auth +./crypto_auth/hmacsha256 +./crypto_auth/hmacsha256/ref +./crypto_auth/hmacsha512256 +./crypto_auth/hmacsha512256/ref +./crypto_box +./crypto_box/curve25519xsalsa20poly1305 +./crypto_box/curve25519xsalsa20poly1305/ref +./crypto_core +./crypto_core/hsalsa20 +./crypto_core/hsalsa20/ref +./crypto_core/hsalsa20/ref2 +./crypto_core/salsa20 +./crypto_core/salsa20/ref +./crypto_core/salsa2012 +./crypto_core/salsa2012/ref +./crypto_core/salsa208 +./crypto_core/salsa208/ref +./crypto_hash +./crypto_hash/sha256 +./crypto_hash/sha256/ref +./crypto_hash/sha512 +./crypto_hash/sha512/ref +./crypto_hashblocks +./crypto_hashblocks/sha256 +./crypto_hashblocks/sha256/inplace +./crypto_hashblocks/sha256/ref +./crypto_hashblocks/sha512 +./crypto_hashblocks/sha512/inplace +./crypto_hashblocks/sha512/ref +./crypto_onetimeauth +./crypto_onetimeauth/poly1305 +./crypto_onetimeauth/poly1305/53 +./crypto_onetimeauth/poly1305/amd64 +./crypto_onetimeauth/poly1305/ref +./crypto_onetimeauth/poly1305/x86 +./crypto_scalarmult +./crypto_scalarmult/curve25519 +./crypto_scalarmult/curve25519/donna_c64 +./crypto_scalarmult/curve25519/ref +./crypto_secretbox +./crypto_secretbox/xsalsa20poly1305 +./crypto_secretbox/xsalsa20poly1305/ref +./crypto_sign +./crypto_sign/ed25519 +./crypto_sign/ed25519/ref +./crypto_sign/edwards25519sha512batch +./crypto_sign/edwards25519sha512batch/ref +./crypto_stream +./crypto_stream/aes128ctr +./crypto_stream/aes128ctr/portable +./crypto_stream/salsa20 +./crypto_stream/salsa20/ref +./crypto_stream/salsa2012 +./crypto_stream/salsa2012/ref +./crypto_stream/salsa208 +./crypto_stream/salsa208/ref +./crypto_stream/xsalsa20 +./crypto_stream/xsalsa20/ref +./crypto_verify +./crypto_verify/16 +./crypto_verify/16/ref +./crypto_verify/32 +./crypto_verify/32/ref +./inttypes +./okcompilers +./randombytes +./tests +./windows +./windows/include diff --git a/src/libnacl/dist-files b/src/libnacl/dist-files new file mode 100644 index 00000000..80b682b2 --- /dev/null +++ b/src/libnacl/dist-files @@ -0,0 +1,422 @@ +./commandline/nacl-sha256.c +./commandline/nacl-sha512.c +./cpucycles/alpha.c +./cpucycles/alpha.h +./cpucycles/amd64cpuinfo.c +./cpucycles/amd64cpuinfo.h +./cpucycles/amd64cpuspeed.c +./cpucycles/amd64cpuspeed.h +./cpucycles/amd64tscfreq.c +./cpucycles/amd64tscfreq.h +./cpucycles/celllinux.c +./cpucycles/celllinux.h +./cpucycles/cortex.c +./cpucycles/cortex.h +./cpucycles/dev4ns.c +./cpucycles/dev4ns.h +./cpucycles/do +./cpucycles/gettimeofday.c +./cpucycles/gettimeofday.h +./cpucycles/hppapstat.c +./cpucycles/hppapstat.h +./cpucycles/ia64cpuinfo.c +./cpucycles/ia64cpuinfo.h +./cpucycles/mips.c +./cpucycles/mips.h +./cpucycles/monotonic.c +./cpucycles/monotonic.h +./cpucycles/monotoniccpuinfo.c +./cpucycles/monotoniccpuinfo.h +./cpucycles/osfreq.c +./cpucycles/powerpccpuinfo.c +./cpucycles/powerpccpuinfo.h +./cpucycles/powerpcmacos.c +./cpucycles/powerpcmacos.h +./cpucycles/sgi.c +./cpucycles/sgi.h +./cpucycles/sparc32cpuinfo.c +./cpucycles/sparc32cpuinfo.h +./cpucycles/sparccpuinfo.c +./cpucycles/sparccpuinfo.h +./cpucycles/test.c +./cpucycles/x86cpuinfo.c +./cpucycles/x86cpuinfo.h +./cpucycles/x86cpuspeed.c +./cpucycles/x86cpuspeed.h +./cpucycles/x86estimate.c +./cpucycles/x86estimate.h +./cpucycles/x86tscfreq.c +./cpucycles/x86tscfreq.h +./cpuid/cbytes.c +./cpuid/cpuid.c +./cpuid/do +./cpuid/unknown.c +./cpuid/x86.c +./crypto_auth/hmacsha256/checksum +./crypto_auth/hmacsha256/ref/api.h +./crypto_auth/hmacsha256/ref/hmac.c +./crypto_auth/hmacsha256/ref/verify.c +./crypto_auth/hmacsha256/used +./crypto_auth/hmacsha512256/checksum +./crypto_auth/hmacsha512256/ref/api.h +./crypto_auth/hmacsha512256/ref/hmac.c +./crypto_auth/hmacsha512256/ref/verify.c +./crypto_auth/hmacsha512256/selected +./crypto_auth/hmacsha512256/used +./crypto_auth/measure.c +./crypto_auth/try.c +./crypto_auth/wrapper-auth.cpp +./crypto_auth/wrapper-verify.cpp +./crypto_box/curve25519xsalsa20poly1305/checksum +./crypto_box/curve25519xsalsa20poly1305/ref/after.c +./crypto_box/curve25519xsalsa20poly1305/ref/api.h +./crypto_box/curve25519xsalsa20poly1305/ref/before.c +./crypto_box/curve25519xsalsa20poly1305/ref/box.c +./crypto_box/curve25519xsalsa20poly1305/ref/keypair.c +./crypto_box/curve25519xsalsa20poly1305/selected +./crypto_box/curve25519xsalsa20poly1305/used +./crypto_box/measure.c +./crypto_box/try.c +./crypto_box/wrapper-box.cpp +./crypto_box/wrapper-keypair.cpp +./crypto_box/wrapper-open.cpp +./crypto_core/hsalsa20/checksum +./crypto_core/hsalsa20/ref/api.h +./crypto_core/hsalsa20/ref/core.c +./crypto_core/hsalsa20/ref/implementors +./crypto_core/hsalsa20/ref2/api.h +./crypto_core/hsalsa20/ref2/core.c +./crypto_core/hsalsa20/ref2/implementors +./crypto_core/hsalsa20/used +./crypto_core/measure.c +./crypto_core/salsa20/checksum +./crypto_core/salsa20/ref/api.h +./crypto_core/salsa20/ref/core.c +./crypto_core/salsa20/ref/implementors +./crypto_core/salsa20/used +./crypto_core/salsa2012/checksum +./crypto_core/salsa2012/ref/api.h +./crypto_core/salsa2012/ref/core.c +./crypto_core/salsa2012/ref/implementors +./crypto_core/salsa2012/used +./crypto_core/salsa208/checksum +./crypto_core/salsa208/ref/api.h +./crypto_core/salsa208/ref/core.c +./crypto_core/salsa208/ref/implementors +./crypto_core/salsa208/used +./crypto_core/try.c +./crypto_core/wrapper-empty.cpp +./crypto_hash/measure.c +./crypto_hash/sha256/checksum +./crypto_hash/sha256/ref/api.h +./crypto_hash/sha256/ref/hash.c +./crypto_hash/sha256/ref/implementors +./crypto_hash/sha256/used +./crypto_hash/sha512/checksum +./crypto_hash/sha512/ref/api.h +./crypto_hash/sha512/ref/hash.c +./crypto_hash/sha512/ref/implementors +./crypto_hash/sha512/selected +./crypto_hash/sha512/used +./crypto_hash/try.c +./crypto_hash/wrapper-hash.cpp +./crypto_hashblocks/measure.c +./crypto_hashblocks/sha256/checksum +./crypto_hashblocks/sha256/inplace/api.h +./crypto_hashblocks/sha256/inplace/blocks.c +./crypto_hashblocks/sha256/inplace/implementors +./crypto_hashblocks/sha256/ref/api.h +./crypto_hashblocks/sha256/ref/blocks.c +./crypto_hashblocks/sha256/ref/implementors +./crypto_hashblocks/sha256/used +./crypto_hashblocks/sha512/checksum +./crypto_hashblocks/sha512/inplace/api.h +./crypto_hashblocks/sha512/inplace/blocks.c +./crypto_hashblocks/sha512/inplace/implementors +./crypto_hashblocks/sha512/ref/api.h +./crypto_hashblocks/sha512/ref/blocks.c +./crypto_hashblocks/sha512/ref/implementors +./crypto_hashblocks/sha512/selected +./crypto_hashblocks/sha512/used +./crypto_hashblocks/try.c +./crypto_hashblocks/wrapper-empty.cpp +./crypto_onetimeauth/measure.c +./crypto_onetimeauth/poly1305/53/api.h +./crypto_onetimeauth/poly1305/53/auth.c +./crypto_onetimeauth/poly1305/53/verify.c +./crypto_onetimeauth/poly1305/amd64/api.h +./crypto_onetimeauth/poly1305/amd64/auth.s +./crypto_onetimeauth/poly1305/amd64/constants.s +./crypto_onetimeauth/poly1305/amd64/verify.c +./crypto_onetimeauth/poly1305/checksum +./crypto_onetimeauth/poly1305/ref/api.h +./crypto_onetimeauth/poly1305/ref/auth.c +./crypto_onetimeauth/poly1305/ref/verify.c +./crypto_onetimeauth/poly1305/selected +./crypto_onetimeauth/poly1305/used +./crypto_onetimeauth/poly1305/x86/api.h +./crypto_onetimeauth/poly1305/x86/auth.s +./crypto_onetimeauth/poly1305/x86/constants.s +./crypto_onetimeauth/poly1305/x86/verify.c +./crypto_onetimeauth/try.c +./crypto_onetimeauth/wrapper-auth.cpp +./crypto_onetimeauth/wrapper-verify.cpp +./crypto_scalarmult/curve25519/checksum +./crypto_scalarmult/curve25519/donna_c64/api.h +./crypto_scalarmult/curve25519/donna_c64/base.c +./crypto_scalarmult/curve25519/donna_c64/implementors +./crypto_scalarmult/curve25519/donna_c64/smult.c +./crypto_scalarmult/curve25519/ref/api.h +./crypto_scalarmult/curve25519/ref/base.c +./crypto_scalarmult/curve25519/ref/implementors +./crypto_scalarmult/curve25519/ref/smult.c +./crypto_scalarmult/curve25519/used +./crypto_scalarmult/measure.c +./crypto_scalarmult/try.c +./crypto_scalarmult/wrapper-base.cpp +./crypto_scalarmult/wrapper-mult.cpp +./crypto_secretbox/measure.c +./crypto_secretbox/try.c +./crypto_secretbox/wrapper-box.cpp +./crypto_secretbox/wrapper-open.cpp +./crypto_secretbox/xsalsa20poly1305/checksum +./crypto_secretbox/xsalsa20poly1305/ref/api.h +./crypto_secretbox/xsalsa20poly1305/ref/box.c +./crypto_secretbox/xsalsa20poly1305/selected +./crypto_secretbox/xsalsa20poly1305/used +./crypto_sign/ed25519/description +./crypto_sign/ed25519/designers +./crypto_sign/ed25519/ref/api.h +./crypto_sign/ed25519/ref/ed25519.c +./crypto_sign/ed25519/ref/fe25519.c +./crypto_sign/ed25519/ref/fe25519.h +./crypto_sign/ed25519/ref/ge25519.c +./crypto_sign/ed25519/ref/ge25519.h +./crypto_sign/ed25519/ref/ge25519_base.data +./crypto_sign/ed25519/ref/implementors +./crypto_sign/ed25519/ref/sc25519.c +./crypto_sign/ed25519/ref/sc25519.h +./crypto_sign/ed25519/selected +./crypto_sign/ed25519/used +./crypto_sign/edwards25519sha512batch/ref/api.h +./crypto_sign/edwards25519sha512batch/ref/fe25519.c +./crypto_sign/edwards25519sha512batch/ref/fe25519.h +./crypto_sign/edwards25519sha512batch/ref/ge25519.c +./crypto_sign/edwards25519sha512batch/ref/ge25519.h +./crypto_sign/edwards25519sha512batch/ref/sc25519.c +./crypto_sign/edwards25519sha512batch/ref/sc25519.h +./crypto_sign/edwards25519sha512batch/ref/sign.c +./crypto_sign/edwards25519sha512batch/selected +./crypto_sign/edwards25519sha512batch/used +./crypto_sign/measure.c +./crypto_sign/try.c +./crypto_sign/wrapper-keypair.cpp +./crypto_sign/wrapper-sign-open.cpp +./crypto_sign/wrapper-sign.cpp +./crypto_stream/aes128ctr/checksum +./crypto_stream/aes128ctr/portable/afternm.c +./crypto_stream/aes128ctr/portable/api.h +./crypto_stream/aes128ctr/portable/beforenm.c +./crypto_stream/aes128ctr/portable/common.c +./crypto_stream/aes128ctr/portable/common.h +./crypto_stream/aes128ctr/portable/consts.c +./crypto_stream/aes128ctr/portable/consts.h +./crypto_stream/aes128ctr/portable/int128.c +./crypto_stream/aes128ctr/portable/int128.h +./crypto_stream/aes128ctr/portable/stream.c +./crypto_stream/aes128ctr/portable/types.h +./crypto_stream/aes128ctr/portable/xor_afternm.c +./crypto_stream/aes128ctr/used +./crypto_stream/measure.c +./crypto_stream/salsa20/checksum +./crypto_stream/salsa20/ref/api.h +./crypto_stream/salsa20/ref/implementors +./crypto_stream/salsa20/ref/stream.c +./crypto_stream/salsa20/ref/xor.c +./crypto_stream/salsa20/used +./crypto_stream/salsa2012/checksum +./crypto_stream/salsa2012/ref/api.h +./crypto_stream/salsa2012/ref/implementors +./crypto_stream/salsa2012/ref/stream.c +./crypto_stream/salsa2012/ref/xor.c +./crypto_stream/salsa2012/used +./crypto_stream/salsa208/checksum +./crypto_stream/salsa208/ref/api.h +./crypto_stream/salsa208/ref/implementors +./crypto_stream/salsa208/ref/stream.c +./crypto_stream/salsa208/ref/xor.c +./crypto_stream/salsa208/used +./crypto_stream/try.c +./crypto_stream/wrapper-stream.cpp +./crypto_stream/wrapper-xor.cpp +./crypto_stream/xsalsa20/checksum +./crypto_stream/xsalsa20/ref/api.h +./crypto_stream/xsalsa20/ref/implementors +./crypto_stream/xsalsa20/ref/stream.c +./crypto_stream/xsalsa20/ref/xor.c +./crypto_stream/xsalsa20/selected +./crypto_stream/xsalsa20/used +./crypto_verify/16/checksum +./crypto_verify/16/ref/api.h +./crypto_verify/16/ref/verify.c +./crypto_verify/16/used +./crypto_verify/32/checksum +./crypto_verify/32/ref/api.h +./crypto_verify/32/ref/verify.c +./crypto_verify/32/used +./crypto_verify/measure.c +./crypto_verify/try.c +./crypto_verify/wrapper-empty.cpp +./dist-dirs +./dist-files +./do +./inttypes/crypto_int16.c +./inttypes/crypto_int32.c +./inttypes/crypto_int64.c +./inttypes/crypto_int8.c +./inttypes/crypto_uint16.c +./inttypes/crypto_uint32.c +./inttypes/crypto_uint64.c +./inttypes/crypto_uint8.c +./inttypes/do +./inttypes/signed.h +./inttypes/unsigned.h +./MACROS +./Makefile.in +./measure-anything.c +./okcompilers/abiname.c +./okcompilers/abinames +./okcompilers/archivers +./okcompilers/c.in +./okcompilers/do.in +./okcompilers/lib.c +./okcompilers/lib.cpp +./okcompilers/main.c +./okcompilers/main.cpp +./okcompilers/test-okar +./okcompilers/test-okc +./okcompilers/test-okc2 +./okcompilers/test-okclink +./okcompilers/test.c +./okcompilers/test10.c +./okcompilers/test5.c +./okcompilers/test5.cpp +./okcompilers/test6.c +./okcompilers/test9.c +./OPERATIONS +./PROTOTYPES.c +./PROTOTYPES.cpp +./randombytes/devurandom.c +./randombytes/devurandom.h +./randombytes/do +./randombytes/test.c +./tests/auth.c +./tests/auth.out +./tests/auth2.c +./tests/auth2.out +./tests/auth3.c +./tests/auth3.out +./tests/auth4.cpp +./tests/auth4.out +./tests/auth5.c +./tests/auth5.out +./tests/auth6.cpp +./tests/auth6.out +./tests/box.c +./tests/box.out +./tests/box2.c +./tests/box2.out +./tests/box3.cpp +./tests/box3.out +./tests/box4.cpp +./tests/box4.out +./tests/box5.cpp +./tests/box5.out +./tests/box6.cpp +./tests/box6.out +./tests/box7.c +./tests/box7.out +./tests/box8.c +./tests/box8.out +./tests/core1.c +./tests/core1.out +./tests/core2.c +./tests/core2.out +./tests/core3.c +./tests/core3.out +./tests/core4.c +./tests/core4.out +./tests/core5.c +./tests/core5.out +./tests/core6.c +./tests/core6.out +./tests/hash.c +./tests/hash.out +./tests/hash2.cpp +./tests/hash2.out +./tests/hash3.c +./tests/hash3.out +./tests/hash4.cpp +./tests/hash4.out +./tests/Makefile.in +./tests/onetimeauth.c +./tests/onetimeauth.out +./tests/onetimeauth2.c +./tests/onetimeauth2.out +./tests/onetimeauth5.cpp +./tests/onetimeauth5.out +./tests/onetimeauth6.cpp +./tests/onetimeauth6.out +./tests/onetimeauth7.c +./tests/onetimeauth7.out +./tests/onetimeauth8.cpp +./tests/onetimeauth8.out +./tests/scalarmult.c +./tests/scalarmult.out +./tests/scalarmult2.c +./tests/scalarmult2.out +./tests/scalarmult3.cpp +./tests/scalarmult3.out +./tests/scalarmult4.cpp +./tests/scalarmult4.out +./tests/scalarmult5.c +./tests/scalarmult5.out +./tests/scalarmult6.c +./tests/scalarmult6.out +./tests/scalarmult7.cpp +./tests/scalarmult7.out +./tests/secretbox.c +./tests/secretbox.out +./tests/secretbox2.c +./tests/secretbox2.out +./tests/secretbox3.cpp +./tests/secretbox3.out +./tests/secretbox4.cpp +./tests/secretbox4.out +./tests/secretbox5.cpp +./tests/secretbox5.out +./tests/secretbox6.cpp +./tests/secretbox6.out +./tests/secretbox7.c +./tests/secretbox7.out +./tests/secretbox8.c +./tests/secretbox8.out +./tests/stream.c +./tests/stream.out +./tests/stream2.c +./tests/stream2.out +./tests/stream3.c +./tests/stream3.out +./tests/stream4.c +./tests/stream4.out +./tests/stream5.cpp +./tests/stream5.out +./tests/stream6.cpp +./tests/stream6.out +./tests/stream7.cpp +./tests/stream7.out +./tests/stream8.cpp +./tests/stream8.out +./try-anything.c +./version +./windows/include/windows-quirks.h diff --git a/src/libnacl/do b/src/libnacl/do new file mode 100755 index 00000000..bb1200f1 --- /dev/null +++ b/src/libnacl/do @@ -0,0 +1,309 @@ +#!/bin/sh + +# nacl/do +# D. J. Bernstein +# Public domain. + +version=`cat version` +project=nacl +shorthostname="localhost" + +top="`pwd`/build/$shorthostname" +bin="$top/bin" +lib="$top/lib" +include="$top/include" +work="$top/work" + +PATH="/usr/local/bin:$PATH" +PATH="/usr/sfw/bin:$PATH" +PATH="$bin:$PATH" +export PATH + +LD_LIBRARY_PATH="/usr/local/lib/sparcv9:/usr/local/lib:$LD_LIBRARY_PATH" +LD_LIBRARY_PATH="/usr/sfw/lib/sparcv9:/usr/sfw/lib:$LD_LIBRARY_PATH" +export LD_LIBRARY_PATH + +# and wacky MacOS X +DYLD_LIBRARY_PATH="/usr/local/lib/sparcv9:/usr/local/lib:$DYLD_LIBRARY_PATH" +DYLD_LIBRARY_PATH="/usr/sfw/lib/sparcv9:/usr/sfw/lib:$DYLD_LIBRARY_PATH" +export DYLD_LIBRARY_PATH + +# and work around bug in GNU sort +LANG=C +export LANG + +rm -rf "$top" +mkdir -p "$top" +mkdir -p "$bin" +mkdir -p "$lib" +mkdir -p "$include" + +exec 5>"$top/data" +exec 2>"$top/errors" +exec "$work/${project}_base.c" + okc-$abi \ + | while read compiler + do + ( cd "$work" && $compiler -c ${project}_base.c ) && break + done + okar-$abi cr "$lib/$abi/lib${project}.a" "$work/${project}_base.o" + ( okranlib-$abi "$lib/$abi/lib${project}.a" || exit 0 ) +done + +ulimit -c 0 + +# loop over operations +cat OPERATIONS \ +| while read o +do + [ -d "$o" ] || continue + + selected='' + [ -f "$o/selected" ] && selected=`cat "$o/selected"` + + # for each operation, loop over primitives + ls "$o" \ + | sort \ + | while read p + do + [ -d "$o/$p" ] || continue + expectedchecksum='' + [ -f "$o/$p/checksum" ] && expectedchecksum=`cat "$o/$p/checksum"` + op="${o}_${p}" + + startdate=`date +%Y%m%d` + + # for each operation primitive, loop over abis + okabi \ + | while read abi + do + echo "=== `date` === $abi $o/$p" + libs=`"oklibs-$abi"` + libs="$lib/$abi/cpucycles.o $libs" + [ -f "$lib/$abi/lib${project}.a" ] && libs="$lib/$abi/lib${project}.a $libs" + + rm -rf "$work" + mkdir -p "$work" + mkdir -p "$work/best" + + # for each operation primitive abi, loop over implementations + find "$o/$p" -follow -name "api.h" \ + | sort \ + | while read doth + do + implementationdir=`dirname $doth` + opi=`echo "$implementationdir" | tr ./- ___` + + echo "=== `date` === $abi $implementationdir" + + rm -rf "$work/compile" + mkdir -p "$work/compile" + + cfiles=`ls "$implementationdir" | grep '\.c$' || :` + sfiles=`ls "$implementationdir" | grep '\.[sS]$' || :` + + cp -p "$o"/*.c "$work/compile/" + + cp -pr "$implementationdir"/* "$work/compile" + + cp -p "try-anything.c" "$work/compile/try-anything.c" + + cp -p MACROS "$work/compile/MACROS" + cp -p PROTOTYPES.c "$work/compile/PROTOTYPES.c" + + ( + cd "$work/compile" + ( + echo "#ifndef ${o}_H" + echo "#define ${o}_H" + echo "" + echo "#include \"${op}.h\"" + echo "" + egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < MACROS \ + | sed "s/$o/$op/" | while read mop + do + echo "#define ${mop} ${mop}" | sed "s/$op/$o/" + done + echo "#define ${o}_PRIMITIVE \"${p}\"" + echo "#define ${o}_IMPLEMENTATION ${op}_IMPLEMENTATION" + echo "#define ${o}_VERSION ${op}_VERSION" + echo "" + echo "#endif" + ) > "$o.h" + ( + echo "#ifndef ${op}_H" + echo "#define ${op}_H" + echo "" + sed 's/[ ]CRYPTO_/ '"${opi}"'_/g' < api.h + echo '#ifdef __cplusplus' + echo '#include ' + echo 'extern "C" {' + echo '#endif' + egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < PROTOTYPES.c \ + | sed "s/$o/$opi/" + echo '#ifdef __cplusplus' + echo '}' + echo '#endif' + echo "" + egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < MACROS \ + | sed "s/$o/$opi/" | while read mopi + do + echo "#define ${mopi} ${mopi}" | sed "s/$opi/$op/" + done + echo "#define ${op}_IMPLEMENTATION \"${implementationdir}\"" + echo "#ifndef ${opi}_VERSION" + echo "#define ${opi}_VERSION \"-\"" + echo "#endif" + echo "#define ${op}_VERSION ${opi}_VERSION" + echo "" + echo "#endif" + ) > "$op.h" + + okc-$abi \ + | while read compiler + do + echo "=== `date` === $abi $implementationdir $compiler" + compilerword=`echo "$compiler" | tr ' ' '_'` + ok=1 + for f in $cfiles $sfiles + do + if [ "$ok" = 1 ] + then + $compiler \ + -I. -I"$include" -I"$include/$abi" \ + -c "$f" >../errors 2>&1 || ok=0 + ( if [ `wc -l < ../errors` -lt 25 ] + then + cat ../errors + else + head ../errors + echo ... + tail ../errors + fi + ) \ + | while read err + do + echo "$version $shorthostname $abi $startdate $o $p fromcompiler $implementationdir $compilerword $f $err" >&5 + done + fi + done + + [ "$ok" = 1 ] || continue + okar-$abi cr "$op.a" *.o || continue + okranlib-$abi "$op.a" + + $compiler \ + -I. -I"$include" -I"$include/$abi" \ + -o try try.c try-anything.c \ + "$op.a" $libs >../errors 2>&1 || ok=0 + cat ../errors \ + | while read err + do + echo "$version $shorthostname $abi $startdate $o $p fromcompiler $implementationdir $compilerword try.c $err" >&5 + done + [ "$ok" = 1 ] || continue + + rm -f ../best/*.o || continue + for f in *.o + do + cp -p "$f" "../best/${opi}-$f" + done + cp -p "$op.h" "../$op.h" + cp -p "$o.h" "../$o.h" + done + ) + done + + [ -f "$o/$p/used" ] \ + && okar-$abi cr "$lib/$abi/lib${project}.a" "$work/best"/*.o \ + && ( okranlib-$abi "$lib/$abi/lib${project}.a" || exit 0 ) \ + && cp -p "$work/$op.h" "$include/$abi/$op.h" \ + && [ -f "$o/$p/selected" ] \ + && cp -p "$work/$o.h" "$include/$abi/$o.h" \ + || : + done + done +done + +echo "=== `date` === finishing" + +touch .done diff --git a/src/libnacl/inttypes/crypto_int16.c b/src/libnacl/inttypes/crypto_int16.c new file mode 100644 index 00000000..bc160669 --- /dev/null +++ b/src/libnacl/inttypes/crypto_int16.c @@ -0,0 +1,3 @@ +#include "crypto_int16.h" +#include "signed.h" +DOIT(16,crypto_int16) diff --git a/src/libnacl/inttypes/crypto_int32.c b/src/libnacl/inttypes/crypto_int32.c new file mode 100644 index 00000000..520e6822 --- /dev/null +++ b/src/libnacl/inttypes/crypto_int32.c @@ -0,0 +1,3 @@ +#include "crypto_int32.h" +#include "signed.h" +DOIT(32,crypto_int32) diff --git a/src/libnacl/inttypes/crypto_int64.c b/src/libnacl/inttypes/crypto_int64.c new file mode 100644 index 00000000..77e815bf --- /dev/null +++ b/src/libnacl/inttypes/crypto_int64.c @@ -0,0 +1,3 @@ +#include "crypto_int64.h" +#include "signed.h" +DOIT(64,crypto_int64) diff --git a/src/libnacl/inttypes/crypto_int8.c b/src/libnacl/inttypes/crypto_int8.c new file mode 100644 index 00000000..5966c62e --- /dev/null +++ b/src/libnacl/inttypes/crypto_int8.c @@ -0,0 +1,3 @@ +#include "crypto_int8.h" +#include "signed.h" +DOIT(8,crypto_int8) diff --git a/src/libnacl/inttypes/crypto_uint16.c b/src/libnacl/inttypes/crypto_uint16.c new file mode 100644 index 00000000..16ce4a69 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint16.c @@ -0,0 +1,3 @@ +#include "crypto_uint16.h" +#include "unsigned.h" +DOIT(16,crypto_uint16) diff --git a/src/libnacl/inttypes/crypto_uint32.c b/src/libnacl/inttypes/crypto_uint32.c new file mode 100644 index 00000000..7050b573 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint32.c @@ -0,0 +1,3 @@ +#include "crypto_uint32.h" +#include "unsigned.h" +DOIT(32,crypto_uint32) diff --git a/src/libnacl/inttypes/crypto_uint64.c b/src/libnacl/inttypes/crypto_uint64.c new file mode 100644 index 00000000..808055c7 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint64.c @@ -0,0 +1,3 @@ +#include "crypto_uint64.h" +#include "unsigned.h" +DOIT(64,crypto_uint64) diff --git a/src/libnacl/inttypes/crypto_uint8.c b/src/libnacl/inttypes/crypto_uint8.c new file mode 100644 index 00000000..61683391 --- /dev/null +++ b/src/libnacl/inttypes/crypto_uint8.c @@ -0,0 +1,3 @@ +#include "crypto_uint8.h" +#include "unsigned.h" +DOIT(8,crypto_uint8) diff --git a/src/libnacl/inttypes/do b/src/libnacl/inttypes/do new file mode 100755 index 00000000..f0028e3d --- /dev/null +++ b/src/libnacl/inttypes/do @@ -0,0 +1,42 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + ( + echo 'int8 int8_t' + echo 'int16 int16_t' + echo 'int32 int32_t' + echo 'int64 int64_t' + echo 'uint8 uint8_t' + echo 'uint16 uint16_t' + echo 'uint32 uint32_t' + echo 'uint64 uint64_t' + ) | ( + while read target source + do + okc-$abi | ( + while read c + do + [ -f include/$abi/crypto_$target.h ] && continue + echo "=== `date` === $abi trying $source as $target under $c..." >&2 + rm -f crypto_$target crypto_$target.h + ( + echo "#ifndef crypto_${target}_h" + echo "#define crypto_${target}_h" + echo "" + echo "#include " + echo "" + echo "typedef ${source} crypto_${target};" + echo "" + echo "#endif" + ) > crypto_$target.h + $c -o crypto_$target crypto_$target.c || continue + mkdir -p include/$abi + cp crypto_$target.h include/$abi/crypto_$target.h + done + ) + done + ) + done +) diff --git a/src/libnacl/inttypes/signed.h b/src/libnacl/inttypes/signed.h new file mode 100644 index 00000000..92689ff8 --- /dev/null +++ b/src/libnacl/inttypes/signed.h @@ -0,0 +1,17 @@ +#define DOIT(bits,target) \ +int main() \ +{ \ + target x; \ + int i; \ + \ + x = 1; \ + for (i = 0;i < bits;++i) { \ + if (x == 0) return 100; \ + x += x; \ + } \ + if (x != 0) return 100; \ + x -= 1; \ + if (x > 0) return 100; \ + \ + return 0; \ +} diff --git a/src/libnacl/inttypes/unsigned.h b/src/libnacl/inttypes/unsigned.h new file mode 100644 index 00000000..31a7a6ea --- /dev/null +++ b/src/libnacl/inttypes/unsigned.h @@ -0,0 +1,17 @@ +#define DOIT(bits,target) \ +int main() \ +{ \ + target x; \ + int i; \ + \ + x = 1; \ + for (i = 0;i < bits;++i) { \ + if (x == 0) return 100; \ + x += x; \ + } \ + if (x != 0) return 100; \ + x -= 1; \ + if (x < 0) return 100; \ + \ + return 0; \ +} diff --git a/src/libnacl/measure-anything.c b/src/libnacl/measure-anything.c new file mode 100644 index 00000000..93941aa5 --- /dev/null +++ b/src/libnacl/measure-anything.c @@ -0,0 +1,227 @@ +/* + * measure-anything.c version 20090223 + * D. J. Bernstein + * Public domain. + */ + +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +#endif +#include "cpucycles.h" +#include "cpuid.h" + +typedef int uint32; + +static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ; +static uint32 in[12]; +static uint32 out[8]; +static int outleft = 0; + +#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) +#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); + +static void surf(void) +{ + uint32 t[12]; uint32 x; uint32 sum = 0; + int r; int i; int loop; + + for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; + for (i = 0;i < 8;++i) out[i] = seed[24 + i]; + x = t[11]; + for (loop = 0;loop < 2;++loop) { + for (r = 0;r < 16;++r) { + sum += 0x9e3779b9; + MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) + MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) + MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) + } + for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; + } +} + +void randombytes(unsigned char *x,unsigned long long xlen) +{ + while (xlen > 0) { + if (!outleft) { + if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; + surf(); + outleft = 8; + } + *x = out[--outleft]; + ++x; + --xlen; + } +} + +extern const char *primitiveimplementation; +extern const char *implementationversion; +extern const char *sizenames[]; +extern const long long sizes[]; +extern void preallocate(void); +extern void allocate(void); +extern void measure(void); + +static void printword(const char *s) +{ + if (!*s) putchar('-'); + while (*s) { + if (*s == ' ') putchar('_'); + else if (*s == '\t') putchar('_'); + else if (*s == '\r') putchar('_'); + else if (*s == '\n') putchar('_'); + else putchar(*s); + ++s; + } + putchar(' '); +} + +static void printnum(long long x) +{ + printf("%lld ",x); +} + +static void fail(const char *why) +{ + fprintf(stderr,"measure: fatal: %s\n",why); + exit(111); +} + +unsigned char *alignedcalloc(unsigned long long len) +{ + unsigned char *x = (unsigned char *) calloc(1,len + 128); + if (!x) fail("out of memory"); + /* will never deallocate so shifting is ok */ + x += 63 & (-(unsigned long) x); + return x; +} + +static long long cyclespersecond; + +static void printimplementations(void) +{ + int i; + + printword("implementation"); + printword(primitiveimplementation); + printword(implementationversion); + printf("\n"); fflush(stdout); + + for (i = 0;sizenames[i];++i) { + printword(sizenames[i]); + printnum(sizes[i]); + printf("\n"); fflush(stdout); + } + + printword("cpuid"); + printword(cpuid); + printf("\n"); fflush(stdout); + + printword("cpucycles_persecond"); + printnum(cyclespersecond); + printf("\n"); fflush(stdout); + + printword("cpucycles_implementation"); + printword(cpucycles_implementation); + printf("\n"); fflush(stdout); + + printword("compiler"); + printword(COMPILER); +#if defined(__VERSION__) && !defined(__ICC) + printword(__VERSION__); +#elif defined(__xlc__) + printword(__xlc__); +#elif defined(__ICC) + { + char buf[256]; + + sprintf(buf, "%d.%d.%d", __ICC/100, __ICC%100, + __INTEL_COMPILER_BUILD_DATE); + printword(buf); + } +#elif defined(__PGIC__) + { + char buf[256]; + + sprintf(buf, "%d.%d.%d", __PGIC__, __PGIC_MINOR__, __PGIC_PATCHLEVEL__); + printword(buf); + } +#elif defined(__SUNPRO_C) + { + char buf[256]; + int major, minor, micro; + + micro = __SUNPRO_C & 0xf; + minor = (__SUNPRO_C >> 4) & 0xf; + major = (__SUNPRO_C >> 8) & 0xf; + + if (micro) + sprintf(buf, "%d.%d.%d", major, minor, micro); + else + sprintf(buf, "%d.%d", major, minor); + printword(buf); + } +#else + printword("unknown compiler version"); +#endif + printf("\n"); fflush(stdout); +} + +void printentry(long long mbytes,const char *measuring,long long *m,long long mlen) +{ + long long i; + long long j; + long long belowj; + long long abovej; + + printword(measuring); + if (mbytes >= 0) printnum(mbytes); else printword(""); + if (mlen > 0) { + for (j = 0;j + 1 < mlen;++j) { + belowj = 0; + for (i = 0;i < mlen;++i) if (m[i] < m[j]) ++belowj; + abovej = 0; + for (i = 0;i < mlen;++i) if (m[i] > m[j]) ++abovej; + if (belowj * 2 < mlen && abovej * 2 < mlen) break; + } + printnum(m[j]); + if (mlen > 1) { + for (i = 0;i < mlen;++i) printnum(m[i]); + } + } + printf("\n"); fflush(stdout); +} + +void limits() +{ +#ifdef RLIM_INFINITY + struct rlimit r; + r.rlim_cur = 0; + r.rlim_max = 0; +#ifdef RLIMIT_NOFILE + setrlimit(RLIMIT_NOFILE,&r); +#endif +#ifdef RLIMIT_NPROC + setrlimit(RLIMIT_NPROC,&r); +#endif +#ifdef RLIMIT_CORE + setrlimit(RLIMIT_CORE,&r); +#endif +#endif +} + +int main() +{ + cyclespersecond = cpucycles_persecond(); + preallocate(); + limits(); + printimplementations(); + allocate(); + measure(); + return 0; +} diff --git a/src/libnacl/okcompilers/abiname.c b/src/libnacl/okcompilers/abiname.c new file mode 100644 index 00000000..38373201 --- /dev/null +++ b/src/libnacl/okcompilers/abiname.c @@ -0,0 +1,45 @@ +#include + +const char *abi(void) +{ +#if defined(__amd64__) || defined(__x86_64__) || defined(__AMD64__) || defined(_M_X64) || defined(__amd64) + return "amd64"; +#elif defined(__i386__) || defined(__x86__) || defined(__X86__) || defined(_M_IX86) || defined(__i386) + return "x86"; +#elif defined(__ia64__) || defined(__IA64__) || defined(__M_IA64) + return "ia64"; +#elif defined(__SPU__) + return "cellspu"; +#elif defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || defined(_ARCH_PPC64) + return "ppc64"; +#elif defined(__powerpc__) || defined(__ppc__) || defined(__PPC__) || defined(_ARCH_PPC) + return "ppc32"; +#elif defined(__sparcv9__) || defined(__sparcv9) + return "sparcv9"; +#elif defined(__sparc_v8__) + return "sparcv8"; +#elif defined(__sparc__) || defined(__sparc) + if (sizeof(long) == 4) return "sparcv8"; + return "sparcv9"; +#elif defined(__ARM_EABI__) + return "armeabi"; +#elif defined(__arm__) + return "arm"; +#elif defined(__mips__) || defined(__mips) || defined(__MIPS__) +# if defined(_ABIO32) + return "mipso32"; +# elif defined(_ABIN32) + return "mips32"; +# else + return "mips64"; +# endif +#else + return "default"; +#endif +} + +int main(int argc,char **argv) +{ + printf("%s %s\n",argv[1],abi()); + return 0; +} diff --git a/src/libnacl/okcompilers/abinames b/src/libnacl/okcompilers/abinames new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/okcompilers/archivers b/src/libnacl/okcompilers/archivers new file mode 100644 index 00000000..d5851c37 --- /dev/null +++ b/src/libnacl/okcompilers/archivers @@ -0,0 +1,2 @@ +ar +ar -X64 diff --git a/src/libnacl/okcompilers/c.in b/src/libnacl/okcompilers/c.in new file mode 100755 index 00000000..51a83e1f --- /dev/null +++ b/src/libnacl/okcompilers/c.in @@ -0,0 +1 @@ +@CC@ @CPPFLAGS@ @CFLAGS@ diff --git a/src/libnacl/okcompilers/do.in b/src/libnacl/okcompilers/do.in new file mode 100755 index 00000000..2cd9e0c4 --- /dev/null +++ b/src/libnacl/okcompilers/do.in @@ -0,0 +1,26 @@ +#!/bin/sh -e + +mkdir -p bin + +echo '#!/bin/sh' > bin/okabi +echo 'echo local' >> bin/okabi + +exec < c +echo '#!/bin/sh' > bin/okc-local +while read compiler; do + $compiler lib.c main.c -o test-c || continue + echo "echo $compiler" >> bin/okc-local +done + +echo '#!/bin/sh' > bin/okcpp-local + +echo '#!/bin/sh' > bin/oklibs-local +echo 'echo " @LDFLAGS@ @LIBS@"' >> bin/oklibs-local + +echo '#!/bin/sh' > bin/okar-local +echo 'exec @AR@ "$@"' >> bin/okar-local + +echo '#!/bin/sh' > bin/okranlib-local +echo 'exec @RANLIB@ "$@"' >> bin/okranlib-local + +chmod +x bin/ok* diff --git a/src/libnacl/okcompilers/lib.c b/src/libnacl/okcompilers/lib.c new file mode 100644 index 00000000..cf2e3790 --- /dev/null +++ b/src/libnacl/okcompilers/lib.c @@ -0,0 +1,29 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} diff --git a/src/libnacl/okcompilers/lib.cpp b/src/libnacl/okcompilers/lib.cpp new file mode 100644 index 00000000..ea956244 --- /dev/null +++ b/src/libnacl/okcompilers/lib.cpp @@ -0,0 +1,19 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} diff --git a/src/libnacl/okcompilers/main.c b/src/libnacl/okcompilers/main.c new file mode 100644 index 00000000..3b7efa25 --- /dev/null +++ b/src/libnacl/okcompilers/main.c @@ -0,0 +1,25 @@ +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/main.cpp b/src/libnacl/okcompilers/main.cpp new file mode 100644 index 00000000..6255102c --- /dev/null +++ b/src/libnacl/okcompilers/main.cpp @@ -0,0 +1,22 @@ +extern "C" { + extern int not3(int); + extern int bytes(int); + extern long long shr32(long long); + extern double double5(void); +} + +int main(int argc,char **argv) +{ + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test-okar b/src/libnacl/okcompilers/test-okar new file mode 100755 index 00000000..8b82a5ff --- /dev/null +++ b/src/libnacl/okcompilers/test-okar @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +ar "$@" diff --git a/src/libnacl/okcompilers/test-okc b/src/libnacl/okcompilers/test-okc new file mode 100755 index 00000000..45a48aed --- /dev/null +++ b/src/libnacl/okcompilers/test-okc @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +gcc -O2 -fomit-frame-pointer "$@" diff --git a/src/libnacl/okcompilers/test-okc2 b/src/libnacl/okcompilers/test-okc2 new file mode 100755 index 00000000..b18ee307 --- /dev/null +++ b/src/libnacl/okcompilers/test-okc2 @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +g++ -O2 -fomit-frame-pointer "$@" diff --git a/src/libnacl/okcompilers/test-okclink b/src/libnacl/okcompilers/test-okclink new file mode 100755 index 00000000..c4b2bca8 --- /dev/null +++ b/src/libnacl/okcompilers/test-okclink @@ -0,0 +1,4 @@ +#!/bin/sh +PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin" +export PATH +gcc -O2 -fomit-frame-pointer "$@" -lrt -lm diff --git a/src/libnacl/okcompilers/test.c b/src/libnacl/okcompilers/test.c new file mode 100644 index 00000000..973a5c48 --- /dev/null +++ b/src/libnacl/okcompilers/test.c @@ -0,0 +1,54 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test10.c b/src/libnacl/okcompilers/test10.c new file mode 100644 index 00000000..cf2e3790 --- /dev/null +++ b/src/libnacl/okcompilers/test10.c @@ -0,0 +1,29 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} diff --git a/src/libnacl/okcompilers/test5.c b/src/libnacl/okcompilers/test5.c new file mode 100644 index 00000000..3b7efa25 --- /dev/null +++ b/src/libnacl/okcompilers/test5.c @@ -0,0 +1,25 @@ +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test5.cpp b/src/libnacl/okcompilers/test5.cpp new file mode 100644 index 00000000..6255102c --- /dev/null +++ b/src/libnacl/okcompilers/test5.cpp @@ -0,0 +1,22 @@ +extern "C" { + extern int not3(int); + extern int bytes(int); + extern long long shr32(long long); + extern double double5(void); +} + +int main(int argc,char **argv) +{ + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/okcompilers/test6.c b/src/libnacl/okcompilers/test6.c new file mode 100644 index 00000000..cf2e3790 --- /dev/null +++ b/src/libnacl/okcompilers/test6.c @@ -0,0 +1,29 @@ +int not3(int n) +{ + return n != 3; +} + +int bytes(int n) +{ + return (n + 7) / 8; +} + +long long shr32(long long n) +{ + return n >> 32; +} + +double double5(void) +{ + return 5.0; +} + +int intbytes(void) +{ + return sizeof(int); +} + +int longbytes(void) +{ + return sizeof(long); +} diff --git a/src/libnacl/okcompilers/test9.c b/src/libnacl/okcompilers/test9.c new file mode 100644 index 00000000..3b7efa25 --- /dev/null +++ b/src/libnacl/okcompilers/test9.c @@ -0,0 +1,25 @@ +extern int not3(int); +extern int bytes(int); +extern long long shr32(long long); +extern double double5(void); +extern int longbytes(void); +extern int intbytes(void); + +int main(int argc,char **argv) +{ + if (intbytes() != sizeof(int)) return 100; + if (longbytes() != sizeof(long)) return 100; + + if (not3(3)) return 100; + + /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */ + if (!not3(shr32(1))) return 100; + + /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */ + if (bytes(not3(1)) != 1) return 100; + + /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */ + if (double5() < 0) return 100; + + return 0; +} diff --git a/src/libnacl/randombytes/devurandom.c b/src/libnacl/randombytes/devurandom.c new file mode 100644 index 00000000..d8b24db5 --- /dev/null +++ b/src/libnacl/randombytes/devurandom.c @@ -0,0 +1,46 @@ +#include +#include +#include +#include +#ifdef _WIN32 +# include +#endif + +/* it's really stupid that there isn't a syscall for this */ +/* -> Y U NO USE OPENBSD? */ + +static int fd = -1; + +void randombytes(unsigned char *x,unsigned long long xlen) +{ + int i; + + if (fd == -1) { + for (;;) { + fd = open("/dev/urandom",O_RDONLY); + if (fd != -1) break; +#ifdef _WIN32 + Sleep(1000); +#else + sleep(1); +#endif + } + } + + while (xlen > 0) { + if (xlen < 1048576) i = xlen; else i = 1048576; + + i = read(fd,x,i); + if (i < 1) { +#ifdef _WIN32 + Sleep(1000); +#else + sleep(1); +#endif + continue; + } + + x += i; + xlen -= i; + } +} diff --git a/src/libnacl/randombytes/devurandom.h b/src/libnacl/randombytes/devurandom.h new file mode 100644 index 00000000..2e0caf8a --- /dev/null +++ b/src/libnacl/randombytes/devurandom.h @@ -0,0 +1,24 @@ +/* +randombytes/devurandom.h version 20080713 +D. J. Bernstein +Public domain. +*/ + +#ifndef randombytes_devurandom_H +#define randombytes_devurandom_H + +#ifdef __cplusplus +extern "C" { +#endif + +extern void randombytes(unsigned char *,unsigned long long); + +#ifdef __cplusplus +} +#endif + +#ifndef randombytes_implementation +#define randombytes_implementation "devurandom" +#endif + +#endif diff --git a/src/libnacl/randombytes/do b/src/libnacl/randombytes/do new file mode 100755 index 00000000..b2db184a --- /dev/null +++ b/src/libnacl/randombytes/do @@ -0,0 +1,43 @@ +#!/bin/sh -e + +okabi | ( + while read abi + do + + rm -f randombytes.o randombytes.h + + ( + echo devurandom + ) | ( + while read n + do + okc-$abi | ( + while read c + do + echo "=== `date` === Trying $n.c with $c..." >&2 + rm -f test randombytes-impl.o randombytes-impl.h randombytes-impl.c + cp $n.c randombytes-impl.c || continue + cp $n.h randombytes-impl.h || continue + $c -c randombytes-impl.c || continue + $c -o test test.c randombytes-impl.o || continue + [ -r /dev/urandom ] || continue + echo "=== `date` === Success. Using $n.c." >&2 + mkdir -p lib/$abi + mv randombytes-impl.o lib/$abi/randombytes.o + mkdir -p include/$abi + mv randombytes-impl.h include/$abi/randombytes.h + exit 0 + done + exit 111 + ) && exit 0 + done + exit 111 + ) || ( + echo ===== Giving up. >&2 + rm -f test randombytes-impl.o randombytes-impl.h randombytes-impl.c + exit 111 + ) || exit 111 + + done + exit 0 +) || exit 111 diff --git a/src/libnacl/randombytes/test.c b/src/libnacl/randombytes/test.c new file mode 100644 index 00000000..646811ca --- /dev/null +++ b/src/libnacl/randombytes/test.c @@ -0,0 +1,15 @@ +#include "randombytes-impl.h" + +unsigned char x[65536]; +unsigned long long freq[256]; + +int main() +{ + unsigned long long i; + + randombytes(x,sizeof x); + for (i = 0;i < 256;++i) freq[i] = 0; + for (i = 0;i < sizeof x;++i) ++freq[255 & (int) x[i]]; + for (i = 0;i < 256;++i) if (!freq[i]) return 111; + return 0; +} diff --git a/src/libnacl/tests/auth.c b/src/libnacl/tests/auth.c new file mode 100644 index 00000000..5086624e --- /dev/null +++ b/src/libnacl/tests/auth.c @@ -0,0 +1,19 @@ +#include +#include "crypto_auth_hmacsha512256.h" + +/* "Test Case 2" from RFC 4231 */ +unsigned char key[32] = "Jefe"; +unsigned char c[28] = "what do ya want for nothing?"; + +unsigned char a[32]; + +main() +{ + int i; + crypto_auth_hmacsha512256(a,c,sizeof c,key); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/auth.out b/src/libnacl/tests/auth.out new file mode 100644 index 00000000..35e5909d --- /dev/null +++ b/src/libnacl/tests/auth.out @@ -0,0 +1,4 @@ +,0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2 +,0xe3,0x95,0xfb,0xe7,0x3b,0x56,0xe0,0xa3 +,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6 +,0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54 diff --git a/src/libnacl/tests/auth2.c b/src/libnacl/tests/auth2.c new file mode 100644 index 00000000..ba191de4 --- /dev/null +++ b/src/libnacl/tests/auth2.c @@ -0,0 +1,34 @@ +/* "Test Case AUTH256-4" from RFC 4868 */ + +#include +#include "crypto_auth_hmacsha256.h" + +unsigned char key[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 +,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 +,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20 +} ; + +unsigned char c[50] = { + 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd +} ; + +unsigned char a[32]; + +main() +{ + int i; + crypto_auth_hmacsha256(a,c,sizeof c,key); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/auth2.out b/src/libnacl/tests/auth2.out new file mode 100644 index 00000000..955951a2 --- /dev/null +++ b/src/libnacl/tests/auth2.out @@ -0,0 +1,4 @@ +,0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2 +,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4 +,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25 +,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f diff --git a/src/libnacl/tests/auth3.c b/src/libnacl/tests/auth3.c new file mode 100644 index 00000000..b713b388 --- /dev/null +++ b/src/libnacl/tests/auth3.c @@ -0,0 +1,34 @@ +/* "Test Case AUTH256-4" from RFC 4868 */ + +#include +#include "crypto_auth_hmacsha256.h" + +unsigned char key[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 +,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 +,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20 +} ; + +unsigned char c[50] = { + 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd +} ; + +unsigned char a[32] = { + 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2 +,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4 +,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25 +,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f +} ; + +main() +{ + printf("%d\n",crypto_auth_hmacsha256_verify(a,c,sizeof c,key)); + return 0; +} diff --git a/src/libnacl/tests/auth3.out b/src/libnacl/tests/auth3.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/auth3.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/auth4.cpp b/src/libnacl/tests/auth4.cpp new file mode 100644 index 00000000..a94837d2 --- /dev/null +++ b/src/libnacl/tests/auth4.cpp @@ -0,0 +1,44 @@ +/* "Test Case AUTH256-4" from RFC 4868 */ + +#include +using std::string; +#include +#include "crypto_auth_hmacsha256.h" + +char key_bytes[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 +,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 +,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20 +} ; + +char c_bytes[50] = { + 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd +,0xcd,0xcd +} ; + +char a_bytes[32] = { + 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2 +,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4 +,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25 +,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f +} ; + +main() +{ + string key(key_bytes,sizeof key_bytes); + string c(c_bytes,sizeof c_bytes); + string a(a_bytes,sizeof a_bytes); + try { + crypto_auth_hmacsha256_verify(a,c,key); + printf("0\n"); + } catch(const char *s) { + printf("%s\n",s); + } + return 0; +} diff --git a/src/libnacl/tests/auth4.out b/src/libnacl/tests/auth4.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/auth4.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/auth5.c b/src/libnacl/tests/auth5.c new file mode 100644 index 00000000..92d8fea3 --- /dev/null +++ b/src/libnacl/tests/auth5.c @@ -0,0 +1,37 @@ +#include +#include +#include "crypto_auth_hmacsha512256.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char key[32]; +unsigned char c[10000]; +unsigned char a[32]; + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + randombytes(key,sizeof key); + randombytes(c,clen); + crypto_auth_hmacsha512256(a,c,clen,key); + if (crypto_auth_hmacsha512256_verify(a,c,clen,key) != 0) { + printf("fail %d\n",clen); + return 100; + } + if (clen > 0) { + c[random() % clen] += 1 + (random() % 255); + if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + a[random() % sizeof a] += 1 + (random() % 255); + if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/auth5.out b/src/libnacl/tests/auth5.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/auth6.cpp b/src/libnacl/tests/auth6.cpp new file mode 100644 index 00000000..dffb6388 --- /dev/null +++ b/src/libnacl/tests/auth6.cpp @@ -0,0 +1,46 @@ +#include +using std::string; +#include +#include +#include "crypto_auth_hmacsha512256.h" +#include "randombytes.h" + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + unsigned char key_bytes[32]; + randombytes(key_bytes,sizeof key_bytes); + string key((char *) key_bytes,sizeof key_bytes); + unsigned char c_bytes[clen]; + randombytes(c_bytes,sizeof c_bytes); + string c((char *) c_bytes,sizeof c_bytes); + string a = crypto_auth_hmacsha512256(c,key); + try { + crypto_auth_hmacsha512256_verify(a,c,key); + } catch(const char *s) { + printf("fail %d %s\n",clen,s); + return 100; + } + if (clen > 0) { + size_t pos = random() % clen; + c.replace(pos,1,1,c[pos] + 1 + (random() % 255)); + try { + crypto_auth_hmacsha512256_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + pos = random() % a.size(); + a.replace(pos,1,1,a[pos] + 1 + (random() % 255)); + try { + crypto_auth_hmacsha512256_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/auth6.out b/src/libnacl/tests/auth6.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box.c b/src/libnacl/tests/box.c new file mode 100644 index 00000000..b57a9883 --- /dev/null +++ b/src/libnacl/tests/box.c @@ -0,0 +1,63 @@ +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +unsigned char alicesk[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +unsigned char bobpk[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 32 bytes to be 0 +unsigned char m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +unsigned char c[163]; + +main() +{ + int i; + crypto_box_curve25519xsalsa20poly1305( + c,m,163,nonce,bobpk,alicesk + ); + for (i = 16;i < 163;++i) { + printf(",0x%02x",(unsigned int) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/box.out b/src/libnacl/tests/box.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/box.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/box2.c b/src/libnacl/tests/box2.c new file mode 100644 index 00000000..0a531142 --- /dev/null +++ b/src/libnacl/tests/box2.c @@ -0,0 +1,64 @@ +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +unsigned char bobsk[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +unsigned char alicepk[32] = { + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 16 bytes to be 0 +unsigned char c[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char m[163]; + +main() +{ + int i; + if (crypto_box_curve25519xsalsa20poly1305_open( + m,c,163,nonce,alicepk,bobsk + ) == 0) { + for (i = 32;i < 163;++i) { + printf(",0x%02x",(unsigned int) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/box2.out b/src/libnacl/tests/box2.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/box2.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/box3.cpp b/src/libnacl/tests/box3.cpp new file mode 100644 index 00000000..db89dd03 --- /dev/null +++ b/src/libnacl/tests/box3.cpp @@ -0,0 +1,60 @@ +#include +using std::string; +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +char alicesk_bytes[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +char bobpk_bytes[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char m_bytes[131] = { + 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +main() +{ + int i; + string m(m_bytes,sizeof m_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string bobpk(bobpk_bytes,sizeof bobpk_bytes); + string alicesk(alicesk_bytes,sizeof alicesk_bytes); + string c = crypto_box_curve25519xsalsa20poly1305(m,nonce,bobpk,alicesk); + for (i = 0;i < c.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/box3.out b/src/libnacl/tests/box3.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/box3.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/box4.cpp b/src/libnacl/tests/box4.cpp new file mode 100644 index 00000000..7f48fcd6 --- /dev/null +++ b/src/libnacl/tests/box4.cpp @@ -0,0 +1,66 @@ +#include +using std::string; +#include +#include "crypto_box_curve25519xsalsa20poly1305.h" + +char bobsk_bytes[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +char alicepk_bytes[32] = { + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char c_bytes[147] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +main() +{ + int i; + string c(c_bytes,sizeof c_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string alicepk(alicepk_bytes,sizeof alicepk_bytes); + string bobsk(bobsk_bytes,sizeof bobsk_bytes); + try { + string m = crypto_box_curve25519xsalsa20poly1305_open(c,nonce,alicepk,bobsk); + for (i = 0;i < m.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + } catch(const char *s) { + printf("%s\n",s); + } + return 0; +} diff --git a/src/libnacl/tests/box4.out b/src/libnacl/tests/box4.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/box4.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/box5.cpp b/src/libnacl/tests/box5.cpp new file mode 100644 index 00000000..366e2e30 --- /dev/null +++ b/src/libnacl/tests/box5.cpp @@ -0,0 +1,30 @@ +#include +using std::string; +#include +#include "crypto_box.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + string alicesk; + string alicepk = crypto_box_keypair(&alicesk); + string bobsk; + string bobpk = crypto_box_keypair(&bobsk); + unsigned char nbytes[crypto_box_NONCEBYTES]; + randombytes(nbytes,crypto_box_NONCEBYTES); + string n((char *) nbytes,crypto_box_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_box(m,n,bobpk,alicesk); + try { + string m2 = crypto_box_open(c,n,alicepk,bobsk); + if (m != m2) printf("bad decryption\n"); + } catch(const char *s) { + printf("%s\n",s); + } + } + return 0; +} diff --git a/src/libnacl/tests/box5.out b/src/libnacl/tests/box5.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box6.cpp b/src/libnacl/tests/box6.cpp new file mode 100644 index 00000000..bab18105 --- /dev/null +++ b/src/libnacl/tests/box6.cpp @@ -0,0 +1,43 @@ +#include +using std::string; +#include +#include +#include "crypto_box.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + string alicesk; + string alicepk = crypto_box_keypair(&alicesk); + string bobsk; + string bobpk = crypto_box_keypair(&bobsk); + unsigned char nbytes[crypto_box_NONCEBYTES]; + randombytes(nbytes,crypto_box_NONCEBYTES); + string n((char *) nbytes,crypto_box_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_box(m,n,bobpk,alicesk); + int caught = 0; + while (caught < 10) { + c.replace(random() % c.size(),1,1,random()); + try { + string m2 = crypto_box_open(c,n,alicepk,bobsk); + if (m != m2) { + printf("forgery\n"); + return 100; + } + } catch(const char *s) { + if (string(s) == string("ciphertext fails verification")) + ++caught; + else { + printf("%s\n",s); + return 111; + } + } + } + } + return 0; +} diff --git a/src/libnacl/tests/box6.out b/src/libnacl/tests/box6.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box7.c b/src/libnacl/tests/box7.c new file mode 100644 index 00000000..809301c1 --- /dev/null +++ b/src/libnacl/tests/box7.c @@ -0,0 +1,36 @@ +#include +#include "crypto_box.h" +#include "randombytes.h" + +unsigned char alicesk[crypto_box_SECRETKEYBYTES]; +unsigned char alicepk[crypto_box_PUBLICKEYBYTES]; +unsigned char bobsk[crypto_box_SECRETKEYBYTES]; +unsigned char bobpk[crypto_box_PUBLICKEYBYTES]; +unsigned char n[crypto_box_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + + for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) { + crypto_box_keypair(alicepk,alicesk); + crypto_box_keypair(bobpk,bobsk); + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk); + if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) { + for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("bad decryption\n"); + break; + } + } else { + printf("ciphertext fails verification\n"); + } + } + return 0; +} diff --git a/src/libnacl/tests/box7.out b/src/libnacl/tests/box7.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/box8.c b/src/libnacl/tests/box8.c new file mode 100644 index 00000000..8f2b919a --- /dev/null +++ b/src/libnacl/tests/box8.c @@ -0,0 +1,43 @@ +#include +#include +#include "crypto_box.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char alicesk[crypto_box_SECRETKEYBYTES]; +unsigned char alicepk[crypto_box_PUBLICKEYBYTES]; +unsigned char bobsk[crypto_box_SECRETKEYBYTES]; +unsigned char bobpk[crypto_box_PUBLICKEYBYTES]; +unsigned char n[crypto_box_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + int caught; + + for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) { + crypto_box_keypair(alicepk,alicesk); + crypto_box_keypair(bobpk,bobsk); + randombytes(n,crypto_box_NONCEBYTES); + randombytes(m + crypto_box_ZEROBYTES,mlen); + crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk); + caught = 0; + while (caught < 10) { + c[random() % (mlen + crypto_box_ZEROBYTES)] = random(); + if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) { + for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("forgery\n"); + return 100; + } + } else { + ++caught; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/box8.out b/src/libnacl/tests/box8.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/core1.c b/src/libnacl/tests/core1.c new file mode 100644 index 00000000..9a8fc51d --- /dev/null +++ b/src/libnacl/tests/core1.c @@ -0,0 +1,30 @@ +#include +#include "crypto_core_hsalsa20.h" + +unsigned char shared[32] = { + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 +} ; + +unsigned char zero[32] = { 0 }; + +unsigned char c[16] = { + 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 +,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b +} ; + +unsigned char firstkey[32]; + +main() +{ + int i; + crypto_core_hsalsa20(firstkey,zero,shared,c); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) firstkey[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core1.out b/src/libnacl/tests/core1.out new file mode 100644 index 00000000..715a489d --- /dev/null +++ b/src/libnacl/tests/core1.out @@ -0,0 +1,4 @@ + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 diff --git a/src/libnacl/tests/core2.c b/src/libnacl/tests/core2.c new file mode 100644 index 00000000..08402285 --- /dev/null +++ b/src/libnacl/tests/core2.c @@ -0,0 +1,33 @@ +#include +#include "crypto_core_hsalsa20.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonceprefix[16] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +} ; + +unsigned char c[16] = { + 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 +,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b +} ; + +unsigned char secondkey[32]; + +main() +{ + int i; + crypto_core_hsalsa20(secondkey,nonceprefix,firstkey,c); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) secondkey[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core2.out b/src/libnacl/tests/core2.out new file mode 100644 index 00000000..f4682af0 --- /dev/null +++ b/src/libnacl/tests/core2.out @@ -0,0 +1,4 @@ + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 diff --git a/src/libnacl/tests/core3.c b/src/libnacl/tests/core3.c new file mode 100644 index 00000000..4c759a5b --- /dev/null +++ b/src/libnacl/tests/core3.c @@ -0,0 +1,41 @@ +#include +#include "crypto_core_salsa20.h" +#include "crypto_hash_sha256.h" + +unsigned char secondkey[32] = { + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 +} ; + +unsigned char noncesuffix[8] = { + 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char c[16] = { + 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 +,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b +} ; + +unsigned char in[16] = { 0 } ; + +unsigned char output[64 * 256 * 256]; + +unsigned char h[32]; + +main() +{ + int i; + long long pos = 0; + for (i = 0;i < 8;++i) in[i] = noncesuffix[i]; + do { + do { + crypto_core_salsa20(output + pos,in,secondkey,c); + pos += 64; + } while (++in[8]); + } while (++in[9]); + crypto_hash_sha256(h,output,sizeof output); + for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/core3.out b/src/libnacl/tests/core3.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/core3.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/core4.c b/src/libnacl/tests/core4.c new file mode 100644 index 00000000..1f238c5e --- /dev/null +++ b/src/libnacl/tests/core4.c @@ -0,0 +1,33 @@ +#include +#include "crypto_core_salsa20.h" + +unsigned char k[32] = { + 1, 2, 3, 4, 5, 6, 7, 8 +, 9, 10, 11, 12, 13, 14, 15, 16 +,201,202,203,204,205,206,207,208 +,209,210,211,212,213,214,215,216 +} ; + +unsigned char in[16] = { + 101,102,103,104,105,106,107,108 +,109,110,111,112,113,114,115,116 +} ; + +unsigned char c[16] = { + 101,120,112, 97,110,100, 32, 51 +, 50, 45, 98,121,116,101, 32,107 +} ; + +unsigned char out[64]; + +main() +{ + int i; + crypto_core_salsa20(out,in,k,c); + for (i = 0;i < 64;++i) { + if (i > 0) printf(","); else printf(" "); + printf("%3d",(unsigned int) out[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core4.out b/src/libnacl/tests/core4.out new file mode 100644 index 00000000..d04e5b5e --- /dev/null +++ b/src/libnacl/tests/core4.out @@ -0,0 +1,8 @@ + 69, 37, 68, 39, 41, 15,107,193 +,255,139,122, 6,170,233,217, 98 +, 89,144,182,106, 21, 51,200, 65 +,239, 49,222, 34,215,114, 40,126 +,104,197, 7,225,197,153, 31, 2 +,102, 78, 76,176, 84,245,246,184 +,177,160,133,130, 6, 72,149,119 +,192,195,132,236,234,103,246, 74 diff --git a/src/libnacl/tests/core5.c b/src/libnacl/tests/core5.c new file mode 100644 index 00000000..6353477d --- /dev/null +++ b/src/libnacl/tests/core5.c @@ -0,0 +1,32 @@ +#include +#include "crypto_core_hsalsa20.h" + +unsigned char k[32] = { + 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c +,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f +,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b +,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77 +} ; + +unsigned char in[16] = { + 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b +,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52 +} ; + +unsigned char c[16] = { + 101,120,112, 97,110,100, 32, 51 +, 50, 45, 98,121,116,101, 32,107 +} ; + +unsigned char out[32]; + +main() +{ + int i; + crypto_core_hsalsa20(out,in,k,c); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) out[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/core5.out b/src/libnacl/tests/core5.out new file mode 100644 index 00000000..562cf717 --- /dev/null +++ b/src/libnacl/tests/core5.out @@ -0,0 +1,4 @@ +,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40 +,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45 +,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94 +,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd diff --git a/src/libnacl/tests/core6.c b/src/libnacl/tests/core6.c new file mode 100644 index 00000000..67f35df9 --- /dev/null +++ b/src/libnacl/tests/core6.c @@ -0,0 +1,47 @@ +#include +#include "crypto_core_salsa20.h" + +unsigned char k[32] = { + 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c +,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f +,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b +,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77 +} ; + +unsigned char in[16] = { + 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b +,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52 +} ; + +unsigned char c[16] = { + 101,120,112, 97,110,100, 32, 51 +, 50, 45, 98,121,116,101, 32,107 +} ; + +unsigned char out[64]; + +void print(unsigned char *x,unsigned char *y) +{ + int i; + unsigned int borrow = 0; + for (i = 0;i < 4;++i) { + unsigned int xi = x[i]; + unsigned int yi = y[i]; + printf(",0x%02x",255 & (xi - yi - borrow)); + borrow = (xi < yi + borrow); + } +} + +main() +{ + crypto_core_salsa20(out,in,k,c); + print(out,c); + print(out + 20,c + 4); printf("\n"); + print(out + 40,c + 8); + print(out + 60,c + 12); printf("\n"); + print(out + 24,in); + print(out + 28,in + 4); printf("\n"); + print(out + 32,in + 8); + print(out + 36,in + 12); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/core6.out b/src/libnacl/tests/core6.out new file mode 100644 index 00000000..562cf717 --- /dev/null +++ b/src/libnacl/tests/core6.out @@ -0,0 +1,4 @@ +,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40 +,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45 +,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94 +,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd diff --git a/src/libnacl/tests/hash.c b/src/libnacl/tests/hash.c new file mode 100644 index 00000000..8de470aa --- /dev/null +++ b/src/libnacl/tests/hash.c @@ -0,0 +1,14 @@ +#include +#include "crypto_hash.h" + +unsigned char x[8] = "testing\n"; +unsigned char h[crypto_hash_BYTES]; + +int main() +{ + int i; + crypto_hash(h,x,sizeof x); + for (i = 0;i < crypto_hash_BYTES;++i) printf("%02x",(unsigned int) h[i]); + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/hash.out b/src/libnacl/tests/hash.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/hash2.cpp b/src/libnacl/tests/hash2.cpp new file mode 100644 index 00000000..6594620d --- /dev/null +++ b/src/libnacl/tests/hash2.cpp @@ -0,0 +1,18 @@ +#include +#include +using std::string; +using std::cout; +using std::hex; +#include "crypto_hash.h" + +int main() +{ + string x = "testing\n"; + string h = crypto_hash(x); + for (int i = 0;i < h.size();++i) { + cout << hex << (15 & (int) (h[i] >> 4)); + cout << hex << (15 & (int) h[i]); + } + cout << "\n"; + return 0; +} diff --git a/src/libnacl/tests/hash2.out b/src/libnacl/tests/hash2.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash2.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/hash3.c b/src/libnacl/tests/hash3.c new file mode 100644 index 00000000..10b89b90 --- /dev/null +++ b/src/libnacl/tests/hash3.c @@ -0,0 +1,14 @@ +#include +#include "crypto_hash_sha512.h" + +unsigned char x[8] = "testing\n"; +unsigned char h[crypto_hash_sha512_BYTES]; + +int main() +{ + int i; + crypto_hash_sha512(h,x,sizeof x); + for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",(unsigned int) h[i]); + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/hash3.out b/src/libnacl/tests/hash3.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash3.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/hash4.cpp b/src/libnacl/tests/hash4.cpp new file mode 100644 index 00000000..1d0a3f37 --- /dev/null +++ b/src/libnacl/tests/hash4.cpp @@ -0,0 +1,18 @@ +#include +#include +using std::string; +using std::cout; +using std::hex; +#include "crypto_hash_sha512.h" + +int main() +{ + string x = "testing\n"; + string h = crypto_hash_sha512(x); + for (int i = 0;i < h.size();++i) { + cout << hex << (15 & (int) (h[i] >> 4)); + cout << hex << (15 & (int) h[i]); + } + cout << "\n"; + return 0; +} diff --git a/src/libnacl/tests/hash4.out b/src/libnacl/tests/hash4.out new file mode 100644 index 00000000..df582172 --- /dev/null +++ b/src/libnacl/tests/hash4.out @@ -0,0 +1 @@ +24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28 diff --git a/src/libnacl/tests/onetimeauth.c b/src/libnacl/tests/onetimeauth.c new file mode 100644 index 00000000..60a2df14 --- /dev/null +++ b/src/libnacl/tests/onetimeauth.c @@ -0,0 +1,42 @@ +#include +#include "crypto_onetimeauth_poly1305.h" + +unsigned char rs[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +unsigned char c[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char a[16]; + +main() +{ + int i; + crypto_onetimeauth_poly1305(a,c,131,rs); + for (i = 0;i < 16;++i) { + printf(",0x%02x",(unsigned int) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth.out b/src/libnacl/tests/onetimeauth.out new file mode 100644 index 00000000..6d914615 --- /dev/null +++ b/src/libnacl/tests/onetimeauth.out @@ -0,0 +1,2 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 diff --git a/src/libnacl/tests/onetimeauth2.c b/src/libnacl/tests/onetimeauth2.c new file mode 100644 index 00000000..64c1a9cd --- /dev/null +++ b/src/libnacl/tests/onetimeauth2.c @@ -0,0 +1,40 @@ +#include +#include "crypto_onetimeauth_poly1305.h" + +unsigned char rs[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +unsigned char c[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char a[16] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +} ; + +main() +{ + printf("%d\n",crypto_onetimeauth_poly1305_verify(a,c,131,rs)); + return 0; +} diff --git a/src/libnacl/tests/onetimeauth2.out b/src/libnacl/tests/onetimeauth2.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/onetimeauth2.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/onetimeauth5.cpp b/src/libnacl/tests/onetimeauth5.cpp new file mode 100644 index 00000000..884892ac --- /dev/null +++ b/src/libnacl/tests/onetimeauth5.cpp @@ -0,0 +1,46 @@ +#include +using std::string; +#include +#include "crypto_onetimeauth_poly1305.h" + +char rs_bytes[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +char c_bytes[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char a[16]; + +main() +{ + int i; + string c(c_bytes,sizeof c_bytes); + string rs(rs_bytes,sizeof rs_bytes); + string a = crypto_onetimeauth_poly1305(c,rs); + for (i = 0;i < a.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) a[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth5.out b/src/libnacl/tests/onetimeauth5.out new file mode 100644 index 00000000..6d914615 --- /dev/null +++ b/src/libnacl/tests/onetimeauth5.out @@ -0,0 +1,2 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 diff --git a/src/libnacl/tests/onetimeauth6.cpp b/src/libnacl/tests/onetimeauth6.cpp new file mode 100644 index 00000000..d79d4613 --- /dev/null +++ b/src/libnacl/tests/onetimeauth6.cpp @@ -0,0 +1,50 @@ +#include +using std::string; +#include +#include "crypto_onetimeauth_poly1305.h" + +char rs_bytes[32] = { + 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 +} ; + +char c_bytes[131] = { + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +char a_bytes[16] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +} ; + +main() +{ + string rs(rs_bytes,sizeof rs_bytes); + string c(c_bytes,sizeof c_bytes); + string a(a_bytes,sizeof a_bytes); + try { + crypto_onetimeauth_poly1305_verify(a,c,rs); + printf("0\n"); + } catch(const char *s) { + printf("%s\n",s); + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth6.out b/src/libnacl/tests/onetimeauth6.out new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/src/libnacl/tests/onetimeauth6.out @@ -0,0 +1 @@ +0 diff --git a/src/libnacl/tests/onetimeauth7.c b/src/libnacl/tests/onetimeauth7.c new file mode 100644 index 00000000..e4b38618 --- /dev/null +++ b/src/libnacl/tests/onetimeauth7.c @@ -0,0 +1,37 @@ +#include +#include +#include "crypto_onetimeauth_poly1305.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char key[32]; +unsigned char c[10000]; +unsigned char a[16]; + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + randombytes(key,sizeof key); + randombytes(c,clen); + crypto_onetimeauth_poly1305(a,c,clen,key); + if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) != 0) { + printf("fail %d\n",clen); + return 100; + } + if (clen > 0) { + c[random() % clen] += 1 + (random() % 255); + if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + a[random() % sizeof a] += 1 + (random() % 255); + if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) { + printf("forgery %d\n",clen); + return 100; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth7.out b/src/libnacl/tests/onetimeauth7.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/onetimeauth8.cpp b/src/libnacl/tests/onetimeauth8.cpp new file mode 100644 index 00000000..ce554fb4 --- /dev/null +++ b/src/libnacl/tests/onetimeauth8.cpp @@ -0,0 +1,46 @@ +#include +using std::string; +#include +#include +#include "crypto_onetimeauth_poly1305.h" +#include "randombytes.h" + +main() +{ + int clen; + int i; + for (clen = 0;clen < 10000;++clen) { + unsigned char key_bytes[32]; + randombytes(key_bytes,sizeof key_bytes); + string key((char *) key_bytes,sizeof key_bytes); + unsigned char c_bytes[clen]; + randombytes(c_bytes,sizeof c_bytes); + string c((char *) c_bytes,sizeof c_bytes); + string a = crypto_onetimeauth_poly1305(c,key); + try { + crypto_onetimeauth_poly1305_verify(a,c,key); + } catch(const char *s) { + printf("fail %d %s\n",clen,s); + return 100; + } + if (clen > 0) { + size_t pos = random() % clen; + c.replace(pos,1,1,c[pos] + 1 + (random() % 255)); + try { + crypto_onetimeauth_poly1305_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + pos = random() % a.size(); + a.replace(pos,1,1,a[pos] + 1 + (random() % 255)); + try { + crypto_onetimeauth_poly1305_verify(a,c,key); + printf("forgery %d\n",clen); + } catch(const char *s) { + ; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/onetimeauth8.out b/src/libnacl/tests/onetimeauth8.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/scalarmult.c b/src/libnacl/tests/scalarmult.c new file mode 100644 index 00000000..d9265954 --- /dev/null +++ b/src/libnacl/tests/scalarmult.c @@ -0,0 +1,23 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char alicesk[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +unsigned char alicepk[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519_base(alicepk,alicesk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) alicepk[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult.out b/src/libnacl/tests/scalarmult.out new file mode 100644 index 00000000..ddd130d6 --- /dev/null +++ b/src/libnacl/tests/scalarmult.out @@ -0,0 +1,4 @@ + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a diff --git a/src/libnacl/tests/scalarmult2.c b/src/libnacl/tests/scalarmult2.c new file mode 100644 index 00000000..90e6360d --- /dev/null +++ b/src/libnacl/tests/scalarmult2.c @@ -0,0 +1,23 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char bobsk[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +unsigned char bobpk[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519_base(bobpk,bobsk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) bobpk[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult2.out b/src/libnacl/tests/scalarmult2.out new file mode 100644 index 00000000..b5391865 --- /dev/null +++ b/src/libnacl/tests/scalarmult2.out @@ -0,0 +1,4 @@ + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f diff --git a/src/libnacl/tests/scalarmult3.cpp b/src/libnacl/tests/scalarmult3.cpp new file mode 100644 index 00000000..4e8fef3d --- /dev/null +++ b/src/libnacl/tests/scalarmult3.cpp @@ -0,0 +1,31 @@ +#include +#include +#include +using std::string; +using std::cout; +using std::setfill; +using std::setw; +using std::hex; +#include "crypto_scalarmult_curve25519.h" + +char alicesk_bytes[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +main() +{ + int i; + cout << setfill('0'); + string alicesk(alicesk_bytes,sizeof alicesk_bytes); + string alicepk = crypto_scalarmult_curve25519_base(alicesk); + for (i = 0;i < alicepk.size();++i) { + unsigned char c = alicepk[i]; + if (i > 0) cout << ","; else cout << " "; + cout << "0x" << hex << setw(2) << (unsigned int) c; + if (i % 8 == 7) cout << "\n"; + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult3.out b/src/libnacl/tests/scalarmult3.out new file mode 100644 index 00000000..ddd130d6 --- /dev/null +++ b/src/libnacl/tests/scalarmult3.out @@ -0,0 +1,4 @@ + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a diff --git a/src/libnacl/tests/scalarmult4.cpp b/src/libnacl/tests/scalarmult4.cpp new file mode 100644 index 00000000..8e4d64e9 --- /dev/null +++ b/src/libnacl/tests/scalarmult4.cpp @@ -0,0 +1,31 @@ +#include +#include +#include +using std::string; +using std::cout; +using std::setfill; +using std::setw; +using std::hex; +#include "crypto_scalarmult_curve25519.h" + +char bobsk_bytes[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +main() +{ + int i; + cout << setfill('0'); + string bobsk(bobsk_bytes,sizeof bobsk_bytes); + string bobpk = crypto_scalarmult_curve25519_base(bobsk); + for (i = 0;i < bobpk.size();++i) { + unsigned char c = bobpk[i]; + if (i > 0) cout << ","; else cout << " "; + cout << "0x" << hex << setw(2) << (unsigned int) c; + if (i % 8 == 7) cout << "\n"; + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult4.out b/src/libnacl/tests/scalarmult4.out new file mode 100644 index 00000000..b5391865 --- /dev/null +++ b/src/libnacl/tests/scalarmult4.out @@ -0,0 +1,4 @@ + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f diff --git a/src/libnacl/tests/scalarmult5.c b/src/libnacl/tests/scalarmult5.c new file mode 100644 index 00000000..14f8159d --- /dev/null +++ b/src/libnacl/tests/scalarmult5.c @@ -0,0 +1,30 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char alicesk[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +unsigned char bobpk[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +unsigned char k[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519(k,alicesk,bobpk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) k[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult5.out b/src/libnacl/tests/scalarmult5.out new file mode 100644 index 00000000..bec21130 --- /dev/null +++ b/src/libnacl/tests/scalarmult5.out @@ -0,0 +1,4 @@ + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 diff --git a/src/libnacl/tests/scalarmult6.c b/src/libnacl/tests/scalarmult6.c new file mode 100644 index 00000000..89bf9bdd --- /dev/null +++ b/src/libnacl/tests/scalarmult6.c @@ -0,0 +1,30 @@ +#include +#include "crypto_scalarmult_curve25519.h" + +unsigned char bobsk[32] = { + 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b +,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6 +,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd +,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb +} ; + +unsigned char alicepk[32] = { + 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 +,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a +,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 +,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a +} ; + +unsigned char k[32]; + +main() +{ + int i; + crypto_scalarmult_curve25519(k,bobsk,alicepk); + for (i = 0;i < 32;++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) k[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult6.out b/src/libnacl/tests/scalarmult6.out new file mode 100644 index 00000000..bec21130 --- /dev/null +++ b/src/libnacl/tests/scalarmult6.out @@ -0,0 +1,4 @@ + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 diff --git a/src/libnacl/tests/scalarmult7.cpp b/src/libnacl/tests/scalarmult7.cpp new file mode 100644 index 00000000..8382d747 --- /dev/null +++ b/src/libnacl/tests/scalarmult7.cpp @@ -0,0 +1,32 @@ +#include +using std::string; +#include +#include "crypto_scalarmult_curve25519.h" + +char alicesk_bytes[32] = { + 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d +,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45 +,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a +,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a +} ; + +char bobpk_bytes[32] = { + 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4 +,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37 +,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d +,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f +} ; + +main() +{ + int i; + string alicesk(alicesk_bytes,sizeof alicesk_bytes); + string bobpk(bobpk_bytes,sizeof bobpk_bytes); + string k = crypto_scalarmult_curve25519(alicesk,bobpk); + for (i = 0;i < k.size();++i) { + if (i > 0) printf(","); else printf(" "); + printf("0x%02x",(unsigned int) (unsigned char) k[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/scalarmult7.out b/src/libnacl/tests/scalarmult7.out new file mode 100644 index 00000000..bec21130 --- /dev/null +++ b/src/libnacl/tests/scalarmult7.out @@ -0,0 +1,4 @@ + 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1 +,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25 +,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33 +,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42 diff --git a/src/libnacl/tests/secretbox.c b/src/libnacl/tests/secretbox.c new file mode 100644 index 00000000..773f5b62 --- /dev/null +++ b/src/libnacl/tests/secretbox.c @@ -0,0 +1,56 @@ +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 32 bytes to be 0 +unsigned char m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +unsigned char c[163]; + +main() +{ + int i; + crypto_secretbox_xsalsa20poly1305( + c,m,163,nonce,firstkey + ); + for (i = 16;i < 163;++i) { + printf(",0x%02x",(unsigned int) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/secretbox.out b/src/libnacl/tests/secretbox.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/secretbox.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/secretbox2.c b/src/libnacl/tests/secretbox2.c new file mode 100644 index 00000000..b6a2a937 --- /dev/null +++ b/src/libnacl/tests/secretbox2.c @@ -0,0 +1,57 @@ +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +// API requires first 16 bytes to be 0 +unsigned char c[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +unsigned char m[163]; + +main() +{ + int i; + if (crypto_secretbox_xsalsa20poly1305_open( + m,c,163,nonce,firstkey + ) == 0) { + for (i = 32;i < 163;++i) { + printf(",0x%02x",(unsigned int) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/secretbox2.out b/src/libnacl/tests/secretbox2.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/secretbox2.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/secretbox3.cpp b/src/libnacl/tests/secretbox3.cpp new file mode 100644 index 00000000..39ca7c53 --- /dev/null +++ b/src/libnacl/tests/secretbox3.cpp @@ -0,0 +1,52 @@ +#include +using std::string; +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char m_bytes[131] = { + 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +main() +{ + int i; + string m(m_bytes,sizeof m_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string c = crypto_secretbox_xsalsa20poly1305(m,nonce,firstkey); + for (i = 0;i < c.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/secretbox3.out b/src/libnacl/tests/secretbox3.out new file mode 100644 index 00000000..2b6c51ea --- /dev/null +++ b/src/libnacl/tests/secretbox3.out @@ -0,0 +1,19 @@ +,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/secretbox4.cpp b/src/libnacl/tests/secretbox4.cpp new file mode 100644 index 00000000..416e4d9e --- /dev/null +++ b/src/libnacl/tests/secretbox4.cpp @@ -0,0 +1,54 @@ +#include +using std::string; +#include +#include "crypto_secretbox_xsalsa20poly1305.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char c_bytes[147] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 +,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9 +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string c(c_bytes,sizeof c_bytes); + string m = crypto_secretbox_xsalsa20poly1305_open(c,nonce,firstkey); + for (i = 0;i < m.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) m[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/secretbox4.out b/src/libnacl/tests/secretbox4.out new file mode 100644 index 00000000..c61d4557 --- /dev/null +++ b/src/libnacl/tests/secretbox4.out @@ -0,0 +1,17 @@ +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 diff --git a/src/libnacl/tests/secretbox5.cpp b/src/libnacl/tests/secretbox5.cpp new file mode 100644 index 00000000..e8cc0eeb --- /dev/null +++ b/src/libnacl/tests/secretbox5.cpp @@ -0,0 +1,29 @@ +#include +using std::string; +#include +#include "crypto_secretbox.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + unsigned char kbytes[crypto_secretbox_KEYBYTES]; + randombytes(kbytes,crypto_secretbox_KEYBYTES); + string k((char *) kbytes,crypto_secretbox_KEYBYTES); + unsigned char nbytes[crypto_secretbox_NONCEBYTES]; + randombytes(nbytes,crypto_secretbox_NONCEBYTES); + string n((char *) nbytes,crypto_secretbox_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_secretbox(m,n,k); + try { + string m2 = crypto_secretbox_open(c,n,k); + if (m != m2) printf("bad decryption\n"); + } catch(const char *s) { + printf("%s\n",s); + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox5.out b/src/libnacl/tests/secretbox5.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/secretbox6.cpp b/src/libnacl/tests/secretbox6.cpp new file mode 100644 index 00000000..e8274006 --- /dev/null +++ b/src/libnacl/tests/secretbox6.cpp @@ -0,0 +1,42 @@ +#include +using std::string; +#include +#include +#include "crypto_secretbox.h" +#include "randombytes.h" + +main() +{ + int mlen; + for (mlen = 0;mlen < 1000;++mlen) { + unsigned char kbytes[crypto_secretbox_KEYBYTES]; + randombytes(kbytes,crypto_secretbox_KEYBYTES); + string k((char *) kbytes,crypto_secretbox_KEYBYTES); + unsigned char nbytes[crypto_secretbox_NONCEBYTES]; + randombytes(nbytes,crypto_secretbox_NONCEBYTES); + string n((char *) nbytes,crypto_secretbox_NONCEBYTES); + unsigned char mbytes[mlen]; + randombytes(mbytes,mlen); + string m((char *) mbytes,mlen); + string c = crypto_secretbox(m,n,k); + int caught = 0; + while (caught < 10) { + c.replace(random() % c.size(),1,1,random()); + try { + string m2 = crypto_secretbox_open(c,n,k); + if (m != m2) { + printf("forgery\n"); + return 100; + } + } catch(const char *s) { + if (string(s) == string("ciphertext fails verification")) + ++caught; + else { + printf("%s\n",s); + return 111; + } + } + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox6.out b/src/libnacl/tests/secretbox6.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/secretbox7.c b/src/libnacl/tests/secretbox7.c new file mode 100644 index 00000000..d4be9b49 --- /dev/null +++ b/src/libnacl/tests/secretbox7.c @@ -0,0 +1,32 @@ +#include +#include "crypto_secretbox.h" +#include "randombytes.h" + +unsigned char k[crypto_secretbox_KEYBYTES]; +unsigned char n[crypto_secretbox_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + + for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) { + randombytes(k,crypto_secretbox_KEYBYTES); + randombytes(n,crypto_secretbox_NONCEBYTES); + randombytes(m + crypto_secretbox_ZEROBYTES,mlen); + crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); + if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) { + for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("bad decryption\n"); + break; + } + } else { + printf("ciphertext fails verification\n"); + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox7.out b/src/libnacl/tests/secretbox7.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/secretbox8.c b/src/libnacl/tests/secretbox8.c new file mode 100644 index 00000000..3e0e8f80 --- /dev/null +++ b/src/libnacl/tests/secretbox8.c @@ -0,0 +1,39 @@ +#include +#include +#include "crypto_secretbox.h" +#include "randombytes.h" +#include "windows/windows-quirks.h" + +unsigned char k[crypto_secretbox_KEYBYTES]; +unsigned char n[crypto_secretbox_NONCEBYTES]; +unsigned char m[10000]; +unsigned char c[10000]; +unsigned char m2[10000]; + +main() +{ + int mlen; + int i; + int caught; + + for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) { + randombytes(k,crypto_secretbox_KEYBYTES); + randombytes(n,crypto_secretbox_NONCEBYTES); + randombytes(m + crypto_secretbox_ZEROBYTES,mlen); + crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); + caught = 0; + while (caught < 10) { + c[random() % (mlen + crypto_secretbox_ZEROBYTES)] = random(); + if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) { + for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i) + if (m2[i] != m[i]) { + printf("forgery\n"); + return 100; + } + } else { + ++caught; + } + } + } + return 0; +} diff --git a/src/libnacl/tests/secretbox8.out b/src/libnacl/tests/secretbox8.out new file mode 100644 index 00000000..e69de29b diff --git a/src/libnacl/tests/stream.c b/src/libnacl/tests/stream.c new file mode 100644 index 00000000..ebb39398 --- /dev/null +++ b/src/libnacl/tests/stream.c @@ -0,0 +1,29 @@ +#include +#include "crypto_stream_xsalsa20.h" +#include "crypto_hash_sha256.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char output[4194304]; + +unsigned char h[32]; + +main() +{ + int i; + crypto_stream_xsalsa20(output,4194304,nonce,firstkey); + crypto_hash_sha256(h,output,sizeof output); + for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream.out b/src/libnacl/tests/stream.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream2.c b/src/libnacl/tests/stream2.c new file mode 100644 index 00000000..12f13de4 --- /dev/null +++ b/src/libnacl/tests/stream2.c @@ -0,0 +1,27 @@ +#include +#include "crypto_stream_salsa20.h" +#include "crypto_hash_sha256.h" + +unsigned char secondkey[32] = { + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 +} ; + +unsigned char noncesuffix[8] = { + 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char output[4194304]; + +unsigned char h[32]; + +main() +{ + int i; + crypto_stream_salsa20(output,4194304,noncesuffix,secondkey); + crypto_hash_sha256(h,output,sizeof output); + for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream2.out b/src/libnacl/tests/stream2.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream2.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream3.c b/src/libnacl/tests/stream3.c new file mode 100644 index 00000000..7798dc18 --- /dev/null +++ b/src/libnacl/tests/stream3.c @@ -0,0 +1,28 @@ +#include +#include "crypto_stream_xsalsa20.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char rs[32]; + +main() +{ + int i; + crypto_stream_xsalsa20(rs,32,nonce,firstkey); + for (i = 0;i < 32;++i) { + printf(",0x%02x",(unsigned int) rs[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/stream3.out b/src/libnacl/tests/stream3.out new file mode 100644 index 00000000..9cd78798 --- /dev/null +++ b/src/libnacl/tests/stream3.out @@ -0,0 +1,4 @@ +,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 diff --git a/src/libnacl/tests/stream4.c b/src/libnacl/tests/stream4.c new file mode 100644 index 00000000..84d8c523 --- /dev/null +++ b/src/libnacl/tests/stream4.c @@ -0,0 +1,53 @@ +#include +#include "crypto_stream_xsalsa20.h" + +unsigned char firstkey[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +unsigned char nonce[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +unsigned char m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +unsigned char c[163]; + +main() +{ + int i; + crypto_stream_xsalsa20_xor(c,m,163,nonce,firstkey); + for (i = 32;i < 163;++i) { + printf(",0x%02x",(unsigned int) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream4.out b/src/libnacl/tests/stream4.out new file mode 100644 index 00000000..0d3d8e94 --- /dev/null +++ b/src/libnacl/tests/stream4.out @@ -0,0 +1,17 @@ +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/tests/stream5.cpp b/src/libnacl/tests/stream5.cpp new file mode 100644 index 00000000..66f3839b --- /dev/null +++ b/src/libnacl/tests/stream5.cpp @@ -0,0 +1,29 @@ +#include +using std::string; +#include +#include "crypto_stream_xsalsa20.h" +#include "crypto_hash_sha256.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string output = crypto_stream_xsalsa20(4194304,nonce,firstkey); + string h = crypto_hash_sha256(output); + for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream5.out b/src/libnacl/tests/stream5.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream5.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream6.cpp b/src/libnacl/tests/stream6.cpp new file mode 100644 index 00000000..d9ed61f7 --- /dev/null +++ b/src/libnacl/tests/stream6.cpp @@ -0,0 +1,27 @@ +#include +using std::string; +#include +#include "crypto_stream_salsa20.h" +#include "crypto_hash_sha256.h" + +char secondkey_bytes[32] = { + 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 +,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 +,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 +,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 +} ; + +char noncesuffix_bytes[8] = { + 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +main() +{ + int i; + string secondkey(secondkey_bytes,sizeof secondkey_bytes); + string noncesuffix(noncesuffix_bytes,sizeof noncesuffix_bytes); + string output = crypto_stream_salsa20(4194304,noncesuffix,secondkey); + string h = crypto_hash_sha256(output); + for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream6.out b/src/libnacl/tests/stream6.out new file mode 100644 index 00000000..5fa208c1 --- /dev/null +++ b/src/libnacl/tests/stream6.out @@ -0,0 +1 @@ +662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2 diff --git a/src/libnacl/tests/stream7.cpp b/src/libnacl/tests/stream7.cpp new file mode 100644 index 00000000..d2f106e5 --- /dev/null +++ b/src/libnacl/tests/stream7.cpp @@ -0,0 +1,30 @@ +#include +using std::string; +#include +#include "crypto_stream_xsalsa20.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string rs = crypto_stream_xsalsa20(32,nonce,firstkey); + for (i = 0;i < rs.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) rs[i]); + if (i % 8 == 7) printf("\n"); + } + return 0; +} diff --git a/src/libnacl/tests/stream7.out b/src/libnacl/tests/stream7.out new file mode 100644 index 00000000..9cd78798 --- /dev/null +++ b/src/libnacl/tests/stream7.out @@ -0,0 +1,4 @@ +,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 +,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 +,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 +,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 diff --git a/src/libnacl/tests/stream8.cpp b/src/libnacl/tests/stream8.cpp new file mode 100644 index 00000000..ea95d68f --- /dev/null +++ b/src/libnacl/tests/stream8.cpp @@ -0,0 +1,56 @@ +#include +using std::string; +#include +#include "crypto_stream_xsalsa20.h" + +char firstkey_bytes[32] = { + 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4 +,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7 +,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2 +,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89 +} ; + +char nonce_bytes[24] = { + 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73 +,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6 +,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 +} ; + +char m_bytes[163] = { + 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +, 0, 0, 0, 0, 0, 0, 0, 0 +,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5 +,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b +,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4 +,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc +,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a +,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29 +,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4 +,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31 +,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d +,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57 +,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a +,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde +,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd +,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52 +,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40 +,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64 +,0x5e,0x07,0x05 +} ; + +main() +{ + int i; + string firstkey(firstkey_bytes,sizeof firstkey_bytes); + string nonce(nonce_bytes,sizeof nonce_bytes); + string m(m_bytes,sizeof m_bytes); + string c = crypto_stream_xsalsa20_xor(m,nonce,firstkey); + for (i = 32;i < c.size();++i) { + printf(",0x%02x",(unsigned int) (unsigned char) c[i]); + if (i % 8 == 7) printf("\n"); + } + printf("\n"); + return 0; +} diff --git a/src/libnacl/tests/stream8.out b/src/libnacl/tests/stream8.out new file mode 100644 index 00000000..0d3d8e94 --- /dev/null +++ b/src/libnacl/tests/stream8.out @@ -0,0 +1,17 @@ +,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 +,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce +,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 +,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a +,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b +,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72 +,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 +,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38 +,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a +,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae +,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea +,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda +,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde +,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3 +,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 +,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74 +,0xe3,0x55,0xa5 diff --git a/src/libnacl/try-anything.c b/src/libnacl/try-anything.c new file mode 100644 index 00000000..aa6a2851 --- /dev/null +++ b/src/libnacl/try-anything.c @@ -0,0 +1,177 @@ +/* + * try-anything.c version 20090215 + * D. J. Bernstein + * Public domain. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +#endif +#include "cpucycles.h" +#include "windows/windows-quirks.h" + +typedef uint32_t uint32; + +static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ; +static uint32 in[12]; +static uint32 out[8]; +static int outleft = 0; + +#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) +#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); + +static void surf(void) +{ + uint32 t[12]; uint32 x; uint32 sum = 0; + int r; int i; int loop; + + for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; + for (i = 0;i < 8;++i) out[i] = seed[24 + i]; + x = t[11]; + for (loop = 0;loop < 2;++loop) { + for (r = 0;r < 16;++r) { + sum += 0x9e3779b9; + MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) + MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) + MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) + } + for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; + } +} + +void randombytes(unsigned char *x,unsigned long long xlen) +{ + while (xlen > 0) { + if (!outleft) { + if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; + surf(); + outleft = 8; + } + *x = out[--outleft]; + ++x; + --xlen; + } +} + +extern void preallocate(void); +extern void allocate(void); +extern void predoit(void); +extern void doit(void); +extern char checksum[]; +extern const char *checksum_compute(void); +extern const char *primitiveimplementation; + +static void printword(const char *s) +{ + if (!*s) putchar('-'); + while (*s) { + if (*s == ' ') putchar('_'); + else if (*s == '\t') putchar('_'); + else if (*s == '\r') putchar('_'); + else if (*s == '\n') putchar('_'); + else putchar(*s); + ++s; + } + putchar(' '); +} + +static void printnum(long long x) +{ + printf("%lld ",x); +} + +static void fail(const char *why) +{ + printf("%s\n",why); + exit(111); +} + +unsigned char *alignedcalloc(unsigned long long len) +{ + unsigned char *x = (unsigned char *) calloc(1,len + 256); + long long i; + if (!x) fail("out of memory"); + /* will never deallocate so shifting is ok */ + for (i = 0;i < len + 256;++i) x[i] = random(); + x += 64; + x += 63 & (-(unsigned long) x); + for (i = 0;i < len;++i) x[i] = 0; + return x; +} + +#define TIMINGS 63 +static long long cycles[TIMINGS + 1]; + +void limits() +{ +#ifdef RLIM_INFINITY + struct rlimit r; + r.rlim_cur = 0; + r.rlim_max = 0; +#ifdef RLIMIT_NOFILE + setrlimit(RLIMIT_NOFILE,&r); +#endif +#ifdef RLIMIT_NPROC + setrlimit(RLIMIT_NPROC,&r); +#endif +#ifdef RLIMIT_CORE + setrlimit(RLIMIT_CORE,&r); +#endif +#endif +} + +int main() +{ + long long i; + long long j; + long long abovej; + long long belowj; + long long checksumcycles; + long long cyclespersecond; + const char *problem; + + cyclespersecond = cpucycles_persecond(); + preallocate(); + limits(); + + allocate(); + srandom(getpid()); + + cycles[0] = cpucycles(); + problem = checksum_compute(); if (problem) fail(problem); + cycles[1] = cpucycles(); + checksumcycles = cycles[1] - cycles[0]; + + predoit(); + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + } + for (i = 0;i <= TIMINGS;++i) { + cycles[i] = cpucycles(); + doit(); + } + for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; + for (j = 0;j < TIMINGS;++j) { + belowj = 0; + for (i = 0;i < TIMINGS;++i) if (cycles[i] < cycles[j]) ++belowj; + abovej = 0; + for (i = 0;i < TIMINGS;++i) if (cycles[i] > cycles[j]) ++abovej; + if (belowj * 2 < TIMINGS && abovej * 2 < TIMINGS) break; + } + + printword(checksum); + printnum(cycles[j]); + printnum(checksumcycles); + printnum(cyclespersecond); + printword(primitiveimplementation); + printf("\n"); + return 0; +} diff --git a/src/libnacl/version b/src/libnacl/version new file mode 100644 index 00000000..97840598 --- /dev/null +++ b/src/libnacl/version @@ -0,0 +1 @@ +20110221 diff --git a/src/libnacl/windows/include/windows-quirks.h b/src/libnacl/windows/include/windows-quirks.h new file mode 100644 index 00000000..11d82bf9 --- /dev/null +++ b/src/libnacl/windows/include/windows-quirks.h @@ -0,0 +1,18 @@ + +#include + +#ifdef _WIN32 + +static void +srandom(unsigned seed) +{ + srand(seed); +} + +static long +random(void) +{ + return (long) rand(); +} + +#endif