// The MIT License (MIT) // // Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file). // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal // in the Software without restriction, including without limitation the rights // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell // copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in all // copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE // SOFTWARE. // Some of this code is taken from the ref10 version of Ed25519 in SUPERCOP // 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as // public domain but parts have been replaced with code generated by Fiat // (https://github.com/mit-plv/fiat-crypto), which is MIT licensed. // // The field functions are shared by Ed25519 and X25519 where possible. #include #include #include #include #include #include #include #include "internal.h" #include "../../crypto/internal.h" static uint64_t load_3(const uint8_t *in) { uint64_t result; result = (uint64_t)in[0]; result |= ((uint64_t)in[1]) << 8; result |= ((uint64_t)in[2]) << 16; return result; } static uint64_t load_4(const uint8_t *in) { uint64_t result; result = (uint64_t)in[0]; result |= ((uint64_t)in[1]) << 8; result |= ((uint64_t)in[2]) << 16; result |= ((uint64_t)in[3]) << 24; return result; } #define assert_fe(f) do { \ for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \ assert(f[_assert_fe_i] < 1.125*(1<<(26-(_assert_fe_i&1)))); \ } \ } while (0) #define assert_fe_loose(f) do { \ for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \ assert(f[_assert_fe_i] < 3.375*(1<<(26-(_assert_fe_i&1)))); \ } \ } while (0) #define assert_fe_frozen(f) do { \ for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \ assert(f[_assert_fe_i] < (1u<<(26-(_assert_fe_i&1)))); \ } \ } while (0) static void fe_frombytes_impl(uint32_t h[10], const uint8_t *s) { // Ignores top bit of s. uint32_t a0 = load_4(s); uint32_t a1 = load_4(s+4); uint32_t a2 = load_4(s+8); uint32_t a3 = load_4(s+12); uint32_t a4 = load_4(s+16); uint32_t a5 = load_4(s+20); uint32_t a6 = load_4(s+24); uint32_t a7 = load_4(s+28); h[0] = a0&((1<<26)-1); // 26 used, 32-26 left. 26 h[1] = (a0>>26) | ((a1&((1<<19)-1))<< 6); // (32-26) + 19 = 6+19 = 25 h[2] = (a1>>19) | ((a2&((1<<13)-1))<<13); // (32-19) + 13 = 13+13 = 26 h[3] = (a2>>13) | ((a3&((1<< 6)-1))<<19); // (32-13) + 6 = 19+ 6 = 25 h[4] = (a3>> 6); // (32- 6) = 26 h[5] = a4&((1<<25)-1); // 25 h[6] = (a4>>25) | ((a5&((1<<19)-1))<< 7); // (32-25) + 19 = 7+19 = 26 h[7] = (a5>>19) | ((a6&((1<<12)-1))<<13); // (32-19) + 12 = 13+12 = 25 h[8] = (a6>>12) | ((a7&((1<< 6)-1))<<20); // (32-12) + 6 = 20+ 6 = 26 h[9] = (a7>> 6)&((1<<25)-1); // 25 assert_fe(h); } static void fe_frombytes(fe *h, const uint8_t *s) { fe_frombytes_impl(h->v, s); } static uint8_t /*bool*/ addcarryx_u25(uint8_t /*bool*/ c, uint32_t a, uint32_t b, uint32_t *low) { // This function extracts 25 bits of result and 1 bit of carry (26 total), so // a 32-bit intermediate is sufficient. uint32_t x = a + b + c; *low = x & ((1 << 25) - 1); return (x >> 25) & 1; } static uint8_t /*bool*/ addcarryx_u26(uint8_t /*bool*/ c, uint32_t a, uint32_t b, uint32_t *low) { // This function extracts 26 bits of result and 1 bit of carry (27 total), so // a 32-bit intermediate is sufficient. uint32_t x = a + b + c; *low = x & ((1 << 26) - 1); return (x >> 26) & 1; } static uint8_t /*bool*/ subborrow_u25(uint8_t /*bool*/ c, uint32_t a, uint32_t b, uint32_t *low) { // This function extracts 25 bits of result and 1 bit of borrow (26 total), so // a 32-bit intermediate is sufficient. uint32_t x = a - b - c; *low = x & ((1 << 25) - 1); return x >> 31; } static uint8_t /*bool*/ subborrow_u26(uint8_t /*bool*/ c, uint32_t a, uint32_t b, uint32_t *low) { // This function extracts 26 bits of result and 1 bit of borrow (27 total), so // a 32-bit intermediate is sufficient. uint32_t x = a - b - c; *low = x & ((1 << 26) - 1); return x >> 31; } static uint32_t cmovznz32(uint32_t t, uint32_t z, uint32_t nz) { t = -!!t; // all set if nonzero, 0 if 0 return (t&nz) | ((~t)&z); } static void fe_freeze(uint32_t out[10], const uint32_t in1[10]) { { const uint32_t x17 = in1[9]; { const uint32_t x18 = in1[8]; { const uint32_t x16 = in1[7]; { const uint32_t x14 = in1[6]; { const uint32_t x12 = in1[5]; { const uint32_t x10 = in1[4]; { const uint32_t x8 = in1[3]; { const uint32_t x6 = in1[2]; { const uint32_t x4 = in1[1]; { const uint32_t x2 = in1[0]; { uint32_t x20; uint8_t/*bool*/ x21 = subborrow_u26(0x0, x2, 0x3ffffed, &x20); { uint32_t x23; uint8_t/*bool*/ x24 = subborrow_u25(x21, x4, 0x1ffffff, &x23); { uint32_t x26; uint8_t/*bool*/ x27 = subborrow_u26(x24, x6, 0x3ffffff, &x26); { uint32_t x29; uint8_t/*bool*/ x30 = subborrow_u25(x27, x8, 0x1ffffff, &x29); { uint32_t x32; uint8_t/*bool*/ x33 = subborrow_u26(x30, x10, 0x3ffffff, &x32); { uint32_t x35; uint8_t/*bool*/ x36 = subborrow_u25(x33, x12, 0x1ffffff, &x35); { uint32_t x38; uint8_t/*bool*/ x39 = subborrow_u26(x36, x14, 0x3ffffff, &x38); { uint32_t x41; uint8_t/*bool*/ x42 = subborrow_u25(x39, x16, 0x1ffffff, &x41); { uint32_t x44; uint8_t/*bool*/ x45 = subborrow_u26(x42, x18, 0x3ffffff, &x44); { uint32_t x47; uint8_t/*bool*/ x48 = subborrow_u25(x45, x17, 0x1ffffff, &x47); { uint32_t x49 = cmovznz32(x48, 0x0, 0xffffffff); { uint32_t x50 = (x49 & 0x3ffffed); { uint32_t x52; uint8_t/*bool*/ x53 = addcarryx_u26(0x0, x20, x50, &x52); { uint32_t x54 = (x49 & 0x1ffffff); { uint32_t x56; uint8_t/*bool*/ x57 = addcarryx_u25(x53, x23, x54, &x56); { uint32_t x58 = (x49 & 0x3ffffff); { uint32_t x60; uint8_t/*bool*/ x61 = addcarryx_u26(x57, x26, x58, &x60); { uint32_t x62 = (x49 & 0x1ffffff); { uint32_t x64; uint8_t/*bool*/ x65 = addcarryx_u25(x61, x29, x62, &x64); { uint32_t x66 = (x49 & 0x3ffffff); { uint32_t x68; uint8_t/*bool*/ x69 = addcarryx_u26(x65, x32, x66, &x68); { uint32_t x70 = (x49 & 0x1ffffff); { uint32_t x72; uint8_t/*bool*/ x73 = addcarryx_u25(x69, x35, x70, &x72); { uint32_t x74 = (x49 & 0x3ffffff); { uint32_t x76; uint8_t/*bool*/ x77 = addcarryx_u26(x73, x38, x74, &x76); { uint32_t x78 = (x49 & 0x1ffffff); { uint32_t x80; uint8_t/*bool*/ x81 = addcarryx_u25(x77, x41, x78, &x80); { uint32_t x82 = (x49 & 0x3ffffff); { uint32_t x84; uint8_t/*bool*/ x85 = addcarryx_u26(x81, x44, x82, &x84); { uint32_t x86 = (x49 & 0x1ffffff); { uint32_t x88; addcarryx_u25(x85, x47, x86, &x88); out[0] = x52; out[1] = x56; out[2] = x60; out[3] = x64; out[4] = x68; out[5] = x72; out[6] = x76; out[7] = x80; out[8] = x84; out[9] = x88; }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} } static void fe_tobytes(uint8_t s[32], const fe *f) { assert_fe(f->v); uint32_t h[10]; fe_freeze(h, f->v); assert_fe_frozen(h); s[0] = h[0] >> 0; s[1] = h[0] >> 8; s[2] = h[0] >> 16; s[3] = (h[0] >> 24) | (h[1] << 2); s[4] = h[1] >> 6; s[5] = h[1] >> 14; s[6] = (h[1] >> 22) | (h[2] << 3); s[7] = h[2] >> 5; s[8] = h[2] >> 13; s[9] = (h[2] >> 21) | (h[3] << 5); s[10] = h[3] >> 3; s[11] = h[3] >> 11; s[12] = (h[3] >> 19) | (h[4] << 6); s[13] = h[4] >> 2; s[14] = h[4] >> 10; s[15] = h[4] >> 18; s[16] = h[5] >> 0; s[17] = h[5] >> 8; s[18] = h[5] >> 16; s[19] = (h[5] >> 24) | (h[6] << 1); s[20] = h[6] >> 7; s[21] = h[6] >> 15; s[22] = (h[6] >> 23) | (h[7] << 3); s[23] = h[7] >> 5; s[24] = h[7] >> 13; s[25] = (h[7] >> 21) | (h[8] << 4); s[26] = h[8] >> 4; s[27] = h[8] >> 12; s[28] = (h[8] >> 20) | (h[9] << 6); s[29] = h[9] >> 2; s[30] = h[9] >> 10; s[31] = h[9] >> 18; } // h = f static void fe_copy(fe *h, const fe *f) { OPENSSL_memmove(h, f, sizeof(uint32_t) * 10); } static void fe_copy_lt(fe_loose *h, const fe *f) { OPENSSL_memmove(h, f, sizeof(uint32_t) * 10); } #if !defined(OPENSSL_SMALL) static void fe_copy_ll(fe_loose *h, const fe_loose *f) { OPENSSL_memmove(h, f, sizeof(uint32_t) * 10); } #endif // !defined(OPENSSL_SMALL) // h = 0 static void fe_0(fe *h) { OPENSSL_memset(h, 0, sizeof(uint32_t) * 10); } static void fe_loose_0(fe_loose *h) { OPENSSL_memset(h, 0, sizeof(uint32_t) * 10); } // h = 1 static void fe_1(fe *h) { OPENSSL_memset(h, 0, sizeof(uint32_t) * 10); h->v[0] = 1; } static void fe_loose_1(fe_loose *h) { OPENSSL_memset(h, 0, sizeof(uint32_t) * 10); h->v[0] = 1; } static void fe_add_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) { { const uint32_t x20 = in1[9]; { const uint32_t x21 = in1[8]; { const uint32_t x19 = in1[7]; { const uint32_t x17 = in1[6]; { const uint32_t x15 = in1[5]; { const uint32_t x13 = in1[4]; { const uint32_t x11 = in1[3]; { const uint32_t x9 = in1[2]; { const uint32_t x7 = in1[1]; { const uint32_t x5 = in1[0]; { const uint32_t x38 = in2[9]; { const uint32_t x39 = in2[8]; { const uint32_t x37 = in2[7]; { const uint32_t x35 = in2[6]; { const uint32_t x33 = in2[5]; { const uint32_t x31 = in2[4]; { const uint32_t x29 = in2[3]; { const uint32_t x27 = in2[2]; { const uint32_t x25 = in2[1]; { const uint32_t x23 = in2[0]; out[0] = (x5 + x23); out[1] = (x7 + x25); out[2] = (x9 + x27); out[3] = (x11 + x29); out[4] = (x13 + x31); out[5] = (x15 + x33); out[6] = (x17 + x35); out[7] = (x19 + x37); out[8] = (x21 + x39); out[9] = (x20 + x38); }}}}}}}}}}}}}}}}}}}} } // h = f + g // Can overlap h with f or g. static void fe_add(fe_loose *h, const fe *f, const fe *g) { assert_fe(f->v); assert_fe(g->v); fe_add_impl(h->v, f->v, g->v); assert_fe_loose(h->v); } static void fe_sub_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) { { const uint32_t x20 = in1[9]; { const uint32_t x21 = in1[8]; { const uint32_t x19 = in1[7]; { const uint32_t x17 = in1[6]; { const uint32_t x15 = in1[5]; { const uint32_t x13 = in1[4]; { const uint32_t x11 = in1[3]; { const uint32_t x9 = in1[2]; { const uint32_t x7 = in1[1]; { const uint32_t x5 = in1[0]; { const uint32_t x38 = in2[9]; { const uint32_t x39 = in2[8]; { const uint32_t x37 = in2[7]; { const uint32_t x35 = in2[6]; { const uint32_t x33 = in2[5]; { const uint32_t x31 = in2[4]; { const uint32_t x29 = in2[3]; { const uint32_t x27 = in2[2]; { const uint32_t x25 = in2[1]; { const uint32_t x23 = in2[0]; out[0] = ((0x7ffffda + x5) - x23); out[1] = ((0x3fffffe + x7) - x25); out[2] = ((0x7fffffe + x9) - x27); out[3] = ((0x3fffffe + x11) - x29); out[4] = ((0x7fffffe + x13) - x31); out[5] = ((0x3fffffe + x15) - x33); out[6] = ((0x7fffffe + x17) - x35); out[7] = ((0x3fffffe + x19) - x37); out[8] = ((0x7fffffe + x21) - x39); out[9] = ((0x3fffffe + x20) - x38); }}}}}}}}}}}}}}}}}}}} } // h = f - g // Can overlap h with f or g. static void fe_sub(fe_loose *h, const fe *f, const fe *g) { assert_fe(f->v); assert_fe(g->v); fe_sub_impl(h->v, f->v, g->v); assert_fe_loose(h->v); } static void fe_carry_impl(uint32_t out[10], const uint32_t in1[10]) { { const uint32_t x17 = in1[9]; { const uint32_t x18 = in1[8]; { const uint32_t x16 = in1[7]; { const uint32_t x14 = in1[6]; { const uint32_t x12 = in1[5]; { const uint32_t x10 = in1[4]; { const uint32_t x8 = in1[3]; { const uint32_t x6 = in1[2]; { const uint32_t x4 = in1[1]; { const uint32_t x2 = in1[0]; { uint32_t x19 = (x2 >> 0x1a); { uint32_t x20 = (x2 & 0x3ffffff); { uint32_t x21 = (x19 + x4); { uint32_t x22 = (x21 >> 0x19); { uint32_t x23 = (x21 & 0x1ffffff); { uint32_t x24 = (x22 + x6); { uint32_t x25 = (x24 >> 0x1a); { uint32_t x26 = (x24 & 0x3ffffff); { uint32_t x27 = (x25 + x8); { uint32_t x28 = (x27 >> 0x19); { uint32_t x29 = (x27 & 0x1ffffff); { uint32_t x30 = (x28 + x10); { uint32_t x31 = (x30 >> 0x1a); { uint32_t x32 = (x30 & 0x3ffffff); { uint32_t x33 = (x31 + x12); { uint32_t x34 = (x33 >> 0x19); { uint32_t x35 = (x33 & 0x1ffffff); { uint32_t x36 = (x34 + x14); { uint32_t x37 = (x36 >> 0x1a); { uint32_t x38 = (x36 & 0x3ffffff); { uint32_t x39 = (x37 + x16); { uint32_t x40 = (x39 >> 0x19); { uint32_t x41 = (x39 & 0x1ffffff); { uint32_t x42 = (x40 + x18); { uint32_t x43 = (x42 >> 0x1a); { uint32_t x44 = (x42 & 0x3ffffff); { uint32_t x45 = (x43 + x17); { uint32_t x46 = (x45 >> 0x19); { uint32_t x47 = (x45 & 0x1ffffff); { uint32_t x48 = (x20 + (0x13 * x46)); { uint32_t x49 = (x48 >> 0x1a); { uint32_t x50 = (x48 & 0x3ffffff); { uint32_t x51 = (x49 + x23); { uint32_t x52 = (x51 >> 0x19); { uint32_t x53 = (x51 & 0x1ffffff); out[0] = x50; out[1] = x53; out[2] = (x52 + x26); out[3] = x29; out[4] = x32; out[5] = x35; out[6] = x38; out[7] = x41; out[8] = x44; out[9] = x47; }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} } static void fe_carry(fe *h, const fe_loose* f) { assert_fe_loose(f->v); fe_carry_impl(h->v, f->v); assert_fe(h->v); } static void fe_mul_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) { assert_fe_loose(in1); assert_fe_loose(in2); { const uint32_t x20 = in1[9]; { const uint32_t x21 = in1[8]; { const uint32_t x19 = in1[7]; { const uint32_t x17 = in1[6]; { const uint32_t x15 = in1[5]; { const uint32_t x13 = in1[4]; { const uint32_t x11 = in1[3]; { const uint32_t x9 = in1[2]; { const uint32_t x7 = in1[1]; { const uint32_t x5 = in1[0]; { const uint32_t x38 = in2[9]; { const uint32_t x39 = in2[8]; { const uint32_t x37 = in2[7]; { const uint32_t x35 = in2[6]; { const uint32_t x33 = in2[5]; { const uint32_t x31 = in2[4]; { const uint32_t x29 = in2[3]; { const uint32_t x27 = in2[2]; { const uint32_t x25 = in2[1]; { const uint32_t x23 = in2[0]; { uint64_t x40 = ((uint64_t)x23 * x5); { uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5)); { uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5)); { uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5)); { uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5)); { uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5)); { uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5)); { uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5)); { uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5)); { uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5)); { uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9)); { uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9)); { uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13)); { uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13)); { uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17)); { uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17)); { uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19)))); { uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21)); { uint64_t x58 = ((uint64_t)(0x2 * x38) * x20); { uint64_t x59 = (x48 + (x58 << 0x4)); { uint64_t x60 = (x59 + (x58 << 0x1)); { uint64_t x61 = (x60 + x58); { uint64_t x62 = (x47 + (x57 << 0x4)); { uint64_t x63 = (x62 + (x57 << 0x1)); { uint64_t x64 = (x63 + x57); { uint64_t x65 = (x46 + (x56 << 0x4)); { uint64_t x66 = (x65 + (x56 << 0x1)); { uint64_t x67 = (x66 + x56); { uint64_t x68 = (x45 + (x55 << 0x4)); { uint64_t x69 = (x68 + (x55 << 0x1)); { uint64_t x70 = (x69 + x55); { uint64_t x71 = (x44 + (x54 << 0x4)); { uint64_t x72 = (x71 + (x54 << 0x1)); { uint64_t x73 = (x72 + x54); { uint64_t x74 = (x43 + (x53 << 0x4)); { uint64_t x75 = (x74 + (x53 << 0x1)); { uint64_t x76 = (x75 + x53); { uint64_t x77 = (x42 + (x52 << 0x4)); { uint64_t x78 = (x77 + (x52 << 0x1)); { uint64_t x79 = (x78 + x52); { uint64_t x80 = (x41 + (x51 << 0x4)); { uint64_t x81 = (x80 + (x51 << 0x1)); { uint64_t x82 = (x81 + x51); { uint64_t x83 = (x40 + (x50 << 0x4)); { uint64_t x84 = (x83 + (x50 << 0x1)); { uint64_t x85 = (x84 + x50); { uint64_t x86 = (x85 >> 0x1a); { uint32_t x87 = ((uint32_t)x85 & 0x3ffffff); { uint64_t x88 = (x86 + x82); { uint64_t x89 = (x88 >> 0x19); { uint32_t x90 = ((uint32_t)x88 & 0x1ffffff); { uint64_t x91 = (x89 + x79); { uint64_t x92 = (x91 >> 0x1a); { uint32_t x93 = ((uint32_t)x91 & 0x3ffffff); { uint64_t x94 = (x92 + x76); { uint64_t x95 = (x94 >> 0x19); { uint32_t x96 = ((uint32_t)x94 & 0x1ffffff); { uint64_t x97 = (x95 + x73); { uint64_t x98 = (x97 >> 0x1a); { uint32_t x99 = ((uint32_t)x97 & 0x3ffffff); { uint64_t x100 = (x98 + x70); { uint64_t x101 = (x100 >> 0x19); { uint32_t x102 = ((uint32_t)x100 & 0x1ffffff); { uint64_t x103 = (x101 + x67); { uint64_t x104 = (x103 >> 0x1a); { uint32_t x105 = ((uint32_t)x103 & 0x3ffffff); { uint64_t x106 = (x104 + x64); { uint64_t x107 = (x106 >> 0x19); { uint32_t x108 = ((uint32_t)x106 & 0x1ffffff); { uint64_t x109 = (x107 + x61); { uint64_t x110 = (x109 >> 0x1a); { uint32_t x111 = ((uint32_t)x109 & 0x3ffffff); { uint64_t x112 = (x110 + x49); { uint64_t x113 = (x112 >> 0x19); { uint32_t x114 = ((uint32_t)x112 & 0x1ffffff); { uint64_t x115 = (x87 + (0x13 * x113)); { uint32_t x116 = (uint32_t) (x115 >> 0x1a); { uint32_t x117 = ((uint32_t)x115 & 0x3ffffff); { uint32_t x118 = (x116 + x90); { uint32_t x119 = (x118 >> 0x19); { uint32_t x120 = (x118 & 0x1ffffff); out[0] = x117; out[1] = x120; out[2] = (x119 + x93); out[3] = x96; out[4] = x99; out[5] = x102; out[6] = x105; out[7] = x108; out[8] = x111; out[9] = x114; }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} assert_fe(out); } static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) { fe_mul_impl(h->v, f->v, g->v); } static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) { fe_mul_impl(h->v, f->v, g->v); } static void fe_mul_ttt(fe *h, const fe *f, const fe *g) { fe_mul_impl(h->v, f->v, g->v); } static void fe_mul_tlt(fe *h, const fe_loose *f, const fe *g) { fe_mul_impl(h->v, f->v, g->v); } static void fe_mul_ttl(fe *h, const fe *f, const fe_loose *g) { fe_mul_impl(h->v, f->v, g->v); } static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) { fe_mul_impl(h->v, f->v, g->v); } static void fe_sqr_impl(uint32_t out[10], const uint32_t in1[10]) { assert_fe_loose(in1); { const uint32_t x17 = in1[9]; { const uint32_t x18 = in1[8]; { const uint32_t x16 = in1[7]; { const uint32_t x14 = in1[6]; { const uint32_t x12 = in1[5]; { const uint32_t x10 = in1[4]; { const uint32_t x8 = in1[3]; { const uint32_t x6 = in1[2]; { const uint32_t x4 = in1[1]; { const uint32_t x2 = in1[0]; { uint64_t x19 = ((uint64_t)x2 * x2); { uint64_t x20 = ((uint64_t)(0x2 * x2) * x4); { uint64_t x21 = (0x2 * (((uint64_t)x4 * x4) + ((uint64_t)x2 * x6))); { uint64_t x22 = (0x2 * (((uint64_t)x4 * x6) + ((uint64_t)x2 * x8))); { uint64_t x23 = ((((uint64_t)x6 * x6) + ((uint64_t)(0x4 * x4) * x8)) + ((uint64_t)(0x2 * x2) * x10)); { uint64_t x24 = (0x2 * ((((uint64_t)x6 * x8) + ((uint64_t)x4 * x10)) + ((uint64_t)x2 * x12))); { uint64_t x25 = (0x2 * (((((uint64_t)x8 * x8) + ((uint64_t)x6 * x10)) + ((uint64_t)x2 * x14)) + ((uint64_t)(0x2 * x4) * x12))); { uint64_t x26 = (0x2 * (((((uint64_t)x8 * x10) + ((uint64_t)x6 * x12)) + ((uint64_t)x4 * x14)) + ((uint64_t)x2 * x16))); { uint64_t x27 = (((uint64_t)x10 * x10) + (0x2 * ((((uint64_t)x6 * x14) + ((uint64_t)x2 * x18)) + (0x2 * (((uint64_t)x4 * x16) + ((uint64_t)x8 * x12)))))); { uint64_t x28 = (0x2 * ((((((uint64_t)x10 * x12) + ((uint64_t)x8 * x14)) + ((uint64_t)x6 * x16)) + ((uint64_t)x4 * x18)) + ((uint64_t)x2 * x17))); { uint64_t x29 = (0x2 * (((((uint64_t)x12 * x12) + ((uint64_t)x10 * x14)) + ((uint64_t)x6 * x18)) + (0x2 * (((uint64_t)x8 * x16) + ((uint64_t)x4 * x17))))); { uint64_t x30 = (0x2 * (((((uint64_t)x12 * x14) + ((uint64_t)x10 * x16)) + ((uint64_t)x8 * x18)) + ((uint64_t)x6 * x17))); { uint64_t x31 = (((uint64_t)x14 * x14) + (0x2 * (((uint64_t)x10 * x18) + (0x2 * (((uint64_t)x12 * x16) + ((uint64_t)x8 * x17)))))); { uint64_t x32 = (0x2 * ((((uint64_t)x14 * x16) + ((uint64_t)x12 * x18)) + ((uint64_t)x10 * x17))); { uint64_t x33 = (0x2 * ((((uint64_t)x16 * x16) + ((uint64_t)x14 * x18)) + ((uint64_t)(0x2 * x12) * x17))); { uint64_t x34 = (0x2 * (((uint64_t)x16 * x18) + ((uint64_t)x14 * x17))); { uint64_t x35 = (((uint64_t)x18 * x18) + ((uint64_t)(0x4 * x16) * x17)); { uint64_t x36 = ((uint64_t)(0x2 * x18) * x17); { uint64_t x37 = ((uint64_t)(0x2 * x17) * x17); { uint64_t x38 = (x27 + (x37 << 0x4)); { uint64_t x39 = (x38 + (x37 << 0x1)); { uint64_t x40 = (x39 + x37); { uint64_t x41 = (x26 + (x36 << 0x4)); { uint64_t x42 = (x41 + (x36 << 0x1)); { uint64_t x43 = (x42 + x36); { uint64_t x44 = (x25 + (x35 << 0x4)); { uint64_t x45 = (x44 + (x35 << 0x1)); { uint64_t x46 = (x45 + x35); { uint64_t x47 = (x24 + (x34 << 0x4)); { uint64_t x48 = (x47 + (x34 << 0x1)); { uint64_t x49 = (x48 + x34); { uint64_t x50 = (x23 + (x33 << 0x4)); { uint64_t x51 = (x50 + (x33 << 0x1)); { uint64_t x52 = (x51 + x33); { uint64_t x53 = (x22 + (x32 << 0x4)); { uint64_t x54 = (x53 + (x32 << 0x1)); { uint64_t x55 = (x54 + x32); { uint64_t x56 = (x21 + (x31 << 0x4)); { uint64_t x57 = (x56 + (x31 << 0x1)); { uint64_t x58 = (x57 + x31); { uint64_t x59 = (x20 + (x30 << 0x4)); { uint64_t x60 = (x59 + (x30 << 0x1)); { uint64_t x61 = (x60 + x30); { uint64_t x62 = (x19 + (x29 << 0x4)); { uint64_t x63 = (x62 + (x29 << 0x1)); { uint64_t x64 = (x63 + x29); { uint64_t x65 = (x64 >> 0x1a); { uint32_t x66 = ((uint32_t)x64 & 0x3ffffff); { uint64_t x67 = (x65 + x61); { uint64_t x68 = (x67 >> 0x19); { uint32_t x69 = ((uint32_t)x67 & 0x1ffffff); { uint64_t x70 = (x68 + x58); { uint64_t x71 = (x70 >> 0x1a); { uint32_t x72 = ((uint32_t)x70 & 0x3ffffff); { uint64_t x73 = (x71 + x55); { uint64_t x74 = (x73 >> 0x19); { uint32_t x75 = ((uint32_t)x73 & 0x1ffffff); { uint64_t x76 = (x74 + x52); { uint64_t x77 = (x76 >> 0x1a); { uint32_t x78 = ((uint32_t)x76 & 0x3ffffff); { uint64_t x79 = (x77 + x49); { uint64_t x80 = (x79 >> 0x19); { uint32_t x81 = ((uint32_t)x79 & 0x1ffffff); { uint64_t x82 = (x80 + x46); { uint64_t x83 = (x82 >> 0x1a); { uint32_t x84 = ((uint32_t)x82 & 0x3ffffff); { uint64_t x85 = (x83 + x43); { uint64_t x86 = (x85 >> 0x19); { uint32_t x87 = ((uint32_t)x85 & 0x1ffffff); { uint64_t x88 = (x86 + x40); { uint64_t x89 = (x88 >> 0x1a); { uint32_t x90 = ((uint32_t)x88 & 0x3ffffff); { uint64_t x91 = (x89 + x28); { uint64_t x92 = (x91 >> 0x19); { uint32_t x93 = ((uint32_t)x91 & 0x1ffffff); { uint64_t x94 = (x66 + (0x13 * x92)); { uint32_t x95 = (uint32_t) (x94 >> 0x1a); { uint32_t x96 = ((uint32_t)x94 & 0x3ffffff); { uint32_t x97 = (x95 + x69); { uint32_t x98 = (x97 >> 0x19); { uint32_t x99 = (x97 & 0x1ffffff); out[0] = x96; out[1] = x99; out[2] = (x98 + x72); out[3] = x75; out[4] = x78; out[5] = x81; out[6] = x84; out[7] = x87; out[8] = x90; out[9] = x93; }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} assert_fe(out); } static void fe_sq_tl(fe *h, const fe_loose *f) { fe_sqr_impl(h->v, f->v); } static void fe_sq_tt(fe *h, const fe *f) { fe_sqr_impl(h->v, f->v); } static void fe_loose_invert(fe *out, const fe_loose *z) { fe t0; fe t1; fe t2; fe t3; int i; fe_sq_tl(&t0, z); fe_sq_tt(&t1, &t0); for (i = 1; i < 2; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_tlt(&t1, z, &t1); fe_mul_ttt(&t0, &t0, &t1); fe_sq_tt(&t2, &t0); fe_mul_ttt(&t1, &t1, &t2); fe_sq_tt(&t2, &t1); for (i = 1; i < 5; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t1, &t2, &t1); fe_sq_tt(&t2, &t1); for (i = 1; i < 10; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t2, &t2, &t1); fe_sq_tt(&t3, &t2); for (i = 1; i < 20; ++i) { fe_sq_tt(&t3, &t3); } fe_mul_ttt(&t2, &t3, &t2); fe_sq_tt(&t2, &t2); for (i = 1; i < 10; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t1, &t2, &t1); fe_sq_tt(&t2, &t1); for (i = 1; i < 50; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t2, &t2, &t1); fe_sq_tt(&t3, &t2); for (i = 1; i < 100; ++i) { fe_sq_tt(&t3, &t3); } fe_mul_ttt(&t2, &t3, &t2); fe_sq_tt(&t2, &t2); for (i = 1; i < 50; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t1, &t2, &t1); fe_sq_tt(&t1, &t1); for (i = 1; i < 5; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(out, &t1, &t0); } static void fe_invert(fe *out, const fe *z) { fe_loose l; fe_copy_lt(&l, z); fe_loose_invert(out, &l); } static void fe_neg_impl(uint32_t out[10], const uint32_t in2[10]) { { const uint32_t x20 = 0; { const uint32_t x21 = 0; { const uint32_t x19 = 0; { const uint32_t x17 = 0; { const uint32_t x15 = 0; { const uint32_t x13 = 0; { const uint32_t x11 = 0; { const uint32_t x9 = 0; { const uint32_t x7 = 0; { const uint32_t x5 = 0; { const uint32_t x38 = in2[9]; { const uint32_t x39 = in2[8]; { const uint32_t x37 = in2[7]; { const uint32_t x35 = in2[6]; { const uint32_t x33 = in2[5]; { const uint32_t x31 = in2[4]; { const uint32_t x29 = in2[3]; { const uint32_t x27 = in2[2]; { const uint32_t x25 = in2[1]; { const uint32_t x23 = in2[0]; out[0] = ((0x7ffffda + x5) - x23); out[1] = ((0x3fffffe + x7) - x25); out[2] = ((0x7fffffe + x9) - x27); out[3] = ((0x3fffffe + x11) - x29); out[4] = ((0x7fffffe + x13) - x31); out[5] = ((0x3fffffe + x15) - x33); out[6] = ((0x7fffffe + x17) - x35); out[7] = ((0x3fffffe + x19) - x37); out[8] = ((0x7fffffe + x21) - x39); out[9] = ((0x3fffffe + x20) - x38); }}}}}}}}}}}}}}}}}}}} } // h = -f static void fe_neg(fe_loose *h, const fe *f) { assert_fe(f->v); fe_neg_impl(h->v, f->v); assert_fe_loose(h->v); } // Replace (f,g) with (g,g) if b == 1; // replace (f,g) with (f,g) if b == 0. // // Preconditions: b in {0,1}. static void fe_cmov(fe_loose *f, const fe_loose *g, unsigned b) { b = 0-b; unsigned i; for (i = 0; i < 10; i++) { uint32_t x = f->v[i] ^ g->v[i]; x &= b; f->v[i] ^= x; } } // return 0 if f == 0 // return 1 if f != 0 static int fe_isnonzero(const fe_loose *f) { fe tight; fe_carry(&tight, f); uint8_t s[32]; fe_tobytes(s, &tight); static const uint8_t zero[32] = {0}; return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0; } // return 1 if f is in {1,3,5,...,q-2} // return 0 if f is in {0,2,4,...,q-1} static int fe_isnegative(const fe *f) { uint8_t s[32]; fe_tobytes(s, f); return s[0] & 1; } // NOTE: based on fiat-crypto fe_mul, edited for in2=2*in1 static void fe_sq2_impl(uint32_t out[10], const uint32_t in1[10]) { assert_fe_loose(in1); { const uint32_t x20 = in1[9]; { const uint32_t x21 = in1[8]; { const uint32_t x19 = in1[7]; { const uint32_t x17 = in1[6]; { const uint32_t x15 = in1[5]; { const uint32_t x13 = in1[4]; { const uint32_t x11 = in1[3]; { const uint32_t x9 = in1[2]; { const uint32_t x7 = in1[1]; { const uint32_t x5 = in1[0]; { const uint32_t x38 = 2*in1[9]; { const uint32_t x39 = 2*in1[8]; { const uint32_t x37 = 2*in1[7]; { const uint32_t x35 = 2*in1[6]; { const uint32_t x33 = 2*in1[5]; { const uint32_t x31 = 2*in1[4]; { const uint32_t x29 = 2*in1[3]; { const uint32_t x27 = 2*in1[2]; { const uint32_t x25 = 2*in1[1]; { const uint32_t x23 = 2*in1[0]; { uint64_t x40 = ((uint64_t)x23 * x5); { uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5)); { uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5)); { uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5)); { uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5)); { uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5)); { uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5)); { uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5)); { uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5)); { uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5)); { uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9)); { uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9)); { uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13)); { uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13)); { uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17)); { uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17)); { uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19)))); { uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21)); { uint64_t x58 = ((uint64_t)(0x2 * x38) * x20); { uint64_t x59 = (x48 + (x58 << 0x4)); { uint64_t x60 = (x59 + (x58 << 0x1)); { uint64_t x61 = (x60 + x58); { uint64_t x62 = (x47 + (x57 << 0x4)); { uint64_t x63 = (x62 + (x57 << 0x1)); { uint64_t x64 = (x63 + x57); { uint64_t x65 = (x46 + (x56 << 0x4)); { uint64_t x66 = (x65 + (x56 << 0x1)); { uint64_t x67 = (x66 + x56); { uint64_t x68 = (x45 + (x55 << 0x4)); { uint64_t x69 = (x68 + (x55 << 0x1)); { uint64_t x70 = (x69 + x55); { uint64_t x71 = (x44 + (x54 << 0x4)); { uint64_t x72 = (x71 + (x54 << 0x1)); { uint64_t x73 = (x72 + x54); { uint64_t x74 = (x43 + (x53 << 0x4)); { uint64_t x75 = (x74 + (x53 << 0x1)); { uint64_t x76 = (x75 + x53); { uint64_t x77 = (x42 + (x52 << 0x4)); { uint64_t x78 = (x77 + (x52 << 0x1)); { uint64_t x79 = (x78 + x52); { uint64_t x80 = (x41 + (x51 << 0x4)); { uint64_t x81 = (x80 + (x51 << 0x1)); { uint64_t x82 = (x81 + x51); { uint64_t x83 = (x40 + (x50 << 0x4)); { uint64_t x84 = (x83 + (x50 << 0x1)); { uint64_t x85 = (x84 + x50); { uint64_t x86 = (x85 >> 0x1a); { uint32_t x87 = ((uint32_t)x85 & 0x3ffffff); { uint64_t x88 = (x86 + x82); { uint64_t x89 = (x88 >> 0x19); { uint32_t x90 = ((uint32_t)x88 & 0x1ffffff); { uint64_t x91 = (x89 + x79); { uint64_t x92 = (x91 >> 0x1a); { uint32_t x93 = ((uint32_t)x91 & 0x3ffffff); { uint64_t x94 = (x92 + x76); { uint64_t x95 = (x94 >> 0x19); { uint32_t x96 = ((uint32_t)x94 & 0x1ffffff); { uint64_t x97 = (x95 + x73); { uint64_t x98 = (x97 >> 0x1a); { uint32_t x99 = ((uint32_t)x97 & 0x3ffffff); { uint64_t x100 = (x98 + x70); { uint64_t x101 = (x100 >> 0x19); { uint32_t x102 = ((uint32_t)x100 & 0x1ffffff); { uint64_t x103 = (x101 + x67); { uint64_t x104 = (x103 >> 0x1a); { uint32_t x105 = ((uint32_t)x103 & 0x3ffffff); { uint64_t x106 = (x104 + x64); { uint64_t x107 = (x106 >> 0x19); { uint32_t x108 = ((uint32_t)x106 & 0x1ffffff); { uint64_t x109 = (x107 + x61); { uint64_t x110 = (x109 >> 0x1a); { uint32_t x111 = ((uint32_t)x109 & 0x3ffffff); { uint64_t x112 = (x110 + x49); { uint64_t x113 = (x112 >> 0x19); { uint32_t x114 = ((uint32_t)x112 & 0x1ffffff); { uint64_t x115 = (x87 + (0x13 * x113)); { uint32_t x116 = (uint32_t) (x115 >> 0x1a); { uint32_t x117 = ((uint32_t)x115 & 0x3ffffff); { uint32_t x118 = (x116 + x90); { uint32_t x119 = (x118 >> 0x19); { uint32_t x120 = (x118 & 0x1ffffff); out[0] = x117; out[1] = x120; out[2] = (x119 + x93); out[3] = x96; out[4] = x99; out[5] = x102; out[6] = x105; out[7] = x108; out[8] = x111; out[9] = x114; }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} assert_fe(out); } static void fe_sq2_tt(fe *h, const fe *f) { fe_sq2_impl(h->v, f->v); } static void fe_pow22523(fe *out, const fe *z) { fe t0; fe t1; fe t2; int i; fe_sq_tt(&t0, z); fe_sq_tt(&t1, &t0); for (i = 1; i < 2; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(&t1, z, &t1); fe_mul_ttt(&t0, &t0, &t1); fe_sq_tt(&t0, &t0); fe_mul_ttt(&t0, &t1, &t0); fe_sq_tt(&t1, &t0); for (i = 1; i < 5; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(&t0, &t1, &t0); fe_sq_tt(&t1, &t0); for (i = 1; i < 10; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(&t1, &t1, &t0); fe_sq_tt(&t2, &t1); for (i = 1; i < 20; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t1, &t2, &t1); fe_sq_tt(&t1, &t1); for (i = 1; i < 10; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(&t0, &t1, &t0); fe_sq_tt(&t1, &t0); for (i = 1; i < 50; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(&t1, &t1, &t0); fe_sq_tt(&t2, &t1); for (i = 1; i < 100; ++i) { fe_sq_tt(&t2, &t2); } fe_mul_ttt(&t1, &t2, &t1); fe_sq_tt(&t1, &t1); for (i = 1; i < 50; ++i) { fe_sq_tt(&t1, &t1); } fe_mul_ttt(&t0, &t1, &t0); fe_sq_tt(&t0, &t0); for (i = 1; i < 2; ++i) { fe_sq_tt(&t0, &t0); } fe_mul_ttt(out, &t0, z); } void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h) { fe recip; fe x; fe y; fe_invert(&recip, &h->Z); fe_mul_ttt(&x, &h->X, &recip); fe_mul_ttt(&y, &h->Y, &recip); fe_tobytes(s, &y); s[31] ^= fe_isnegative(&x) << 7; } static void ge_p3_tobytes(uint8_t s[32], const ge_p3 *h) { fe recip; fe x; fe y; fe_invert(&recip, &h->Z); fe_mul_ttt(&x, &h->X, &recip); fe_mul_ttt(&y, &h->Y, &recip); fe_tobytes(s, &y); s[31] ^= fe_isnegative(&x) << 7; } static const fe d = {{56195235, 13857412, 51736253, 6949390, 114729, 24766616, 60832955, 30306712, 48412415, 21499315}}; static const fe sqrtm1 = {{34513072, 25610706, 9377949, 3500415, 12389472, 33281959, 41962654, 31548777, 326685, 11406482}}; int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) { fe u; fe_loose v; fe v3; fe vxx; fe_loose check; fe_frombytes(&h->Y, s); fe_1(&h->Z); fe_sq_tt(&v3, &h->Y); fe_mul_ttt(&vxx, &v3, &d); fe_sub(&v, &v3, &h->Z); // u = y^2-1 fe_carry(&u, &v); fe_add(&v, &vxx, &h->Z); // v = dy^2+1 fe_sq_tl(&v3, &v); fe_mul_ttl(&v3, &v3, &v); // v3 = v^3 fe_sq_tt(&h->X, &v3); fe_mul_ttl(&h->X, &h->X, &v); fe_mul_ttt(&h->X, &h->X, &u); // x = uv^7 fe_pow22523(&h->X, &h->X); // x = (uv^7)^((q-5)/8) fe_mul_ttt(&h->X, &h->X, &v3); fe_mul_ttt(&h->X, &h->X, &u); // x = uv^3(uv^7)^((q-5)/8) fe_sq_tt(&vxx, &h->X); fe_mul_ttl(&vxx, &vxx, &v); fe_sub(&check, &vxx, &u); if (fe_isnonzero(&check)) { fe_add(&check, &vxx, &u); if (fe_isnonzero(&check)) { return -1; } fe_mul_ttt(&h->X, &h->X, &sqrtm1); } if (fe_isnegative(&h->X) != (s[31] >> 7)) { fe_loose t; fe_neg(&t, &h->X); fe_carry(&h->X, &t); } fe_mul_ttt(&h->T, &h->X, &h->Y); return 0; } static void ge_p2_0(ge_p2 *h) { fe_0(&h->X); fe_1(&h->Y); fe_1(&h->Z); } static void ge_p3_0(ge_p3 *h) { fe_0(&h->X); fe_1(&h->Y); fe_1(&h->Z); fe_0(&h->T); } static void ge_cached_0(ge_cached *h) { fe_loose_1(&h->YplusX); fe_loose_1(&h->YminusX); fe_loose_1(&h->Z); fe_loose_0(&h->T2d); } static void ge_precomp_0(ge_precomp *h) { fe_loose_1(&h->yplusx); fe_loose_1(&h->yminusx); fe_loose_0(&h->xy2d); } // r = p static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) { fe_copy(&r->X, &p->X); fe_copy(&r->Y, &p->Y); fe_copy(&r->Z, &p->Z); } static const fe d2 = {{45281625, 27714825, 36363642, 13898781, 229458, 15978800, 54557047, 27058993, 29715967, 9444199}}; // r = p void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p) { fe_add(&r->YplusX, &p->Y, &p->X); fe_sub(&r->YminusX, &p->Y, &p->X); fe_copy_lt(&r->Z, &p->Z); fe_mul_ltt(&r->T2d, &p->T, &d2); } // r = p void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) { fe_mul_tll(&r->X, &p->X, &p->T); fe_mul_tll(&r->Y, &p->Y, &p->Z); fe_mul_tll(&r->Z, &p->Z, &p->T); } // r = p void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) { fe_mul_tll(&r->X, &p->X, &p->T); fe_mul_tll(&r->Y, &p->Y, &p->Z); fe_mul_tll(&r->Z, &p->Z, &p->T); fe_mul_tll(&r->T, &p->X, &p->Y); } // r = p static void ge_p1p1_to_cached(ge_cached *r, const ge_p1p1 *p) { ge_p3 t; x25519_ge_p1p1_to_p3(&t, p); x25519_ge_p3_to_cached(r, &t); } // r = 2 * p static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) { fe trX, trZ, trT; fe t0; fe_sq_tt(&trX, &p->X); fe_sq_tt(&trZ, &p->Y); fe_sq2_tt(&trT, &p->Z); fe_add(&r->Y, &p->X, &p->Y); fe_sq_tl(&t0, &r->Y); fe_add(&r->Y, &trZ, &trX); fe_sub(&r->Z, &trZ, &trX); fe_carry(&trZ, &r->Y); fe_sub(&r->X, &t0, &trZ); fe_carry(&trZ, &r->Z); fe_sub(&r->T, &trT, &trZ); } // r = 2 * p static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) { ge_p2 q; ge_p3_to_p2(&q, p); ge_p2_dbl(r, &q); } // r = p + q static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { fe trY, trZ, trT; fe_add(&r->X, &p->Y, &p->X); fe_sub(&r->Y, &p->Y, &p->X); fe_mul_tll(&trZ, &r->X, &q->yplusx); fe_mul_tll(&trY, &r->Y, &q->yminusx); fe_mul_tlt(&trT, &q->xy2d, &p->T); fe_add(&r->T, &p->Z, &p->Z); fe_sub(&r->X, &trZ, &trY); fe_add(&r->Y, &trZ, &trY); fe_carry(&trZ, &r->T); fe_add(&r->Z, &trZ, &trT); fe_sub(&r->T, &trZ, &trT); } // r = p - q static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { fe trY, trZ, trT; fe_add(&r->X, &p->Y, &p->X); fe_sub(&r->Y, &p->Y, &p->X); fe_mul_tll(&trZ, &r->X, &q->yminusx); fe_mul_tll(&trY, &r->Y, &q->yplusx); fe_mul_tlt(&trT, &q->xy2d, &p->T); fe_add(&r->T, &p->Z, &p->Z); fe_sub(&r->X, &trZ, &trY); fe_add(&r->Y, &trZ, &trY); fe_carry(&trZ, &r->T); fe_sub(&r->Z, &trZ, &trT); fe_add(&r->T, &trZ, &trT); } // r = p + q void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { fe trX, trY, trZ, trT; fe_add(&r->X, &p->Y, &p->X); fe_sub(&r->Y, &p->Y, &p->X); fe_mul_tll(&trZ, &r->X, &q->YplusX); fe_mul_tll(&trY, &r->Y, &q->YminusX); fe_mul_tlt(&trT, &q->T2d, &p->T); fe_mul_ttl(&trX, &p->Z, &q->Z); fe_add(&r->T, &trX, &trX); fe_sub(&r->X, &trZ, &trY); fe_add(&r->Y, &trZ, &trY); fe_carry(&trZ, &r->T); fe_add(&r->Z, &trZ, &trT); fe_sub(&r->T, &trZ, &trT); } // r = p - q void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { fe trX, trY, trZ, trT; fe_add(&r->X, &p->Y, &p->X); fe_sub(&r->Y, &p->Y, &p->X); fe_mul_tll(&trZ, &r->X, &q->YminusX); fe_mul_tll(&trY, &r->Y, &q->YplusX); fe_mul_tlt(&trT, &q->T2d, &p->T); fe_mul_ttl(&trX, &p->Z, &q->Z); fe_add(&r->T, &trX, &trX); fe_sub(&r->X, &trZ, &trY); fe_add(&r->Y, &trZ, &trY); fe_carry(&trZ, &r->T); fe_sub(&r->Z, &trZ, &trT); fe_add(&r->T, &trZ, &trT); } static uint8_t equal(signed char b, signed char c) { uint8_t ub = b; uint8_t uc = c; uint8_t x = ub ^ uc; // 0: yes; 1..255: no uint32_t y = x; // 0: yes; 1..255: no y -= 1; // 4294967295: yes; 0..254: no y >>= 31; // 1: yes; 0: no return y; } static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) { fe_cmov(&t->yplusx, &u->yplusx, b); fe_cmov(&t->yminusx, &u->yminusx, b); fe_cmov(&t->xy2d, &u->xy2d, b); } void x25519_ge_scalarmult_small_precomp( ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]) { // precomp_table is first expanded into matching |ge_precomp| // elements. ge_precomp multiples[15]; unsigned i; for (i = 0; i < 15; i++) { const uint8_t *bytes = &precomp_table[i*(2 * 32)]; fe x, y; fe_frombytes(&x, bytes); fe_frombytes(&y, bytes + 32); ge_precomp *out = &multiples[i]; fe_add(&out->yplusx, &y, &x); fe_sub(&out->yminusx, &y, &x); fe_mul_ltt(&out->xy2d, &x, &y); fe_mul_llt(&out->xy2d, &out->xy2d, &d2); } // See the comment above |k25519SmallPrecomp| about the structure of the // precomputed elements. This loop does 64 additions and 64 doublings to // calculate the result. ge_p3_0(h); for (i = 63; i < 64; i--) { unsigned j; signed char index = 0; for (j = 0; j < 4; j++) { const uint8_t bit = 1 & (a[(8 * j) + (i / 8)] >> (i & 7)); index |= (bit << j); } ge_precomp e; ge_precomp_0(&e); for (j = 1; j < 16; j++) { cmov(&e, &multiples[j-1], equal(index, j)); } ge_cached cached; ge_p1p1 r; x25519_ge_p3_to_cached(&cached, h); x25519_ge_add(&r, h, &cached); x25519_ge_p1p1_to_p3(h, &r); ge_madd(&r, h, &e); x25519_ge_p1p1_to_p3(h, &r); } } #if defined(OPENSSL_SMALL) // This block of code replaces the standard base-point table with a much smaller // one. The standard table is 30,720 bytes while this one is just 960. // // This table contains 15 pairs of group elements, (x, y), where each field // element is serialised with |fe_tobytes|. If |i| is the index of the group // element then consider i+1 as a four-bit number: (i₀, i₁, i₂, i₃) (where i₀ // is the most significant bit). The value of the group element is then: // (i₀×2^192 + i₁×2^128 + i₂×2^64 + i₃)G, where G is the generator. static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = { 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21, 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62, 0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03, 0xa2, 0xfb, 0xcc, 0x61, 0x67, 0x06, 0x70, 0x1a, 0xc4, 0x78, 0x3a, 0xff, 0x32, 0x62, 0xdd, 0x2c, 0xab, 0x50, 0x19, 0x3b, 0xf2, 0x9b, 0x7d, 0xb8, 0xfd, 0x4f, 0x29, 0x9c, 0xa7, 0x91, 0xba, 0x0e, 0x46, 0x5e, 0x51, 0xfe, 0x1d, 0xbf, 0xe5, 0xe5, 0x9b, 0x95, 0x0d, 0x67, 0xf8, 0xd1, 0xb5, 0x5a, 0xa1, 0x93, 0x2c, 0xc3, 0xde, 0x0e, 0x97, 0x85, 0x2d, 0x7f, 0xea, 0xab, 0x3e, 0x47, 0x30, 0x18, 0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c, 0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f, 0x9a, 0x96, 0x0c, 0x68, 0x29, 0xfd, 0xe2, 0xfb, 0xe6, 0xbc, 0xec, 0x31, 0x08, 0xec, 0xe6, 0xb0, 0x53, 0x60, 0xc3, 0x8c, 0xbe, 0xc1, 0xb3, 0x8a, 0x8f, 0xe4, 0x88, 0x2b, 0x55, 0xe5, 0x64, 0x6e, 0x9b, 0xd0, 0xaf, 0x7b, 0x64, 0x2a, 0x35, 0x25, 0x10, 0x52, 0xc5, 0x9e, 0x58, 0x11, 0x39, 0x36, 0x45, 0x51, 0xb8, 0x39, 0x93, 0xfc, 0x9d, 0x6a, 0xbe, 0x58, 0xcb, 0xa4, 0x0f, 0x51, 0x3c, 0x38, 0x05, 0xca, 0xab, 0x43, 0x63, 0x0e, 0xf3, 0x8b, 0x41, 0xa6, 0xf8, 0x9b, 0x53, 0x70, 0x80, 0x53, 0x86, 0x5e, 0x8f, 0xe3, 0xc3, 0x0d, 0x18, 0xc8, 0x4b, 0x34, 0x1f, 0xd8, 0x1d, 0xbc, 0xf2, 0x6d, 0x34, 0x3a, 0xbe, 0xdf, 0xd9, 0xf6, 0xf3, 0x89, 0xa1, 0xe1, 0x94, 0x9f, 0x5d, 0x4c, 0x5d, 0xe9, 0xa1, 0x49, 0x92, 0xef, 0x0e, 0x53, 0x81, 0x89, 0x58, 0x87, 0xa6, 0x37, 0xf1, 0xdd, 0x62, 0x60, 0x63, 0x5a, 0x9d, 0x1b, 0x8c, 0xc6, 0x7d, 0x52, 0xea, 0x70, 0x09, 0x6a, 0xe1, 0x32, 0xf3, 0x73, 0x21, 0x1f, 0x07, 0x7b, 0x7c, 0x9b, 0x49, 0xd8, 0xc0, 0xf3, 0x25, 0x72, 0x6f, 0x9d, 0xed, 0x31, 0x67, 0x36, 0x36, 0x54, 0x40, 0x92, 0x71, 0xe6, 0x11, 0x28, 0x11, 0xad, 0x93, 0x32, 0x85, 0x7b, 0x3e, 0xb7, 0x3b, 0x49, 0x13, 0x1c, 0x07, 0xb0, 0x2e, 0x93, 0xaa, 0xfd, 0xfd, 0x28, 0x47, 0x3d, 0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b, 0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61, 0x38, 0x68, 0xb0, 0x07, 0xa3, 0xfc, 0xcc, 0x85, 0x10, 0x7f, 0x4c, 0x65, 0x65, 0xb3, 0xfa, 0xfa, 0xa5, 0x53, 0x6f, 0xdb, 0x74, 0x4c, 0x56, 0x46, 0x03, 0xe2, 0xd5, 0x7a, 0x29, 0x1c, 0xc6, 0x02, 0xbc, 0x59, 0xf2, 0x04, 0x75, 0x63, 0xc0, 0x84, 0x2f, 0x60, 0x1c, 0x67, 0x76, 0xfd, 0x63, 0x86, 0xf3, 0xfa, 0xbf, 0xdc, 0xd2, 0x2d, 0x90, 0x91, 0xbd, 0x33, 0xa9, 0xe5, 0x66, 0x0c, 0xda, 0x42, 0x27, 0xca, 0xf4, 0x66, 0xc2, 0xec, 0x92, 0x14, 0x57, 0x06, 0x63, 0xd0, 0x4d, 0x15, 0x06, 0xeb, 0x69, 0x58, 0x4f, 0x77, 0xc5, 0x8b, 0xc7, 0xf0, 0x8e, 0xed, 0x64, 0xa0, 0xb3, 0x3c, 0x66, 0x71, 0xc6, 0x2d, 0xda, 0x0a, 0x0d, 0xfe, 0x70, 0x27, 0x64, 0xf8, 0x27, 0xfa, 0xf6, 0x5f, 0x30, 0xa5, 0x0d, 0x6c, 0xda, 0xf2, 0x62, 0x5e, 0x78, 0x47, 0xd3, 0x66, 0x00, 0x1c, 0xfd, 0x56, 0x1f, 0x5d, 0x3f, 0x6f, 0xf4, 0x4c, 0xd8, 0xfd, 0x0e, 0x27, 0xc9, 0x5c, 0x2b, 0xbc, 0xc0, 0xa4, 0xe7, 0x23, 0x29, 0x02, 0x9f, 0x31, 0xd6, 0xe9, 0xd7, 0x96, 0xf4, 0xe0, 0x5e, 0x0b, 0x0e, 0x13, 0xee, 0x3c, 0x09, 0xed, 0xf2, 0x3d, 0x76, 0x91, 0xc3, 0xa4, 0x97, 0xae, 0xd4, 0x87, 0xd0, 0x5d, 0xf6, 0x18, 0x47, 0x1f, 0x1d, 0x67, 0xf2, 0xcf, 0x63, 0xa0, 0x91, 0x27, 0xf8, 0x93, 0x45, 0x75, 0x23, 0x3f, 0xd1, 0xf1, 0xad, 0x23, 0xdd, 0x64, 0x93, 0x96, 0x41, 0x70, 0x7f, 0xf7, 0xf5, 0xa9, 0x89, 0xa2, 0x34, 0xb0, 0x8d, 0x1b, 0xae, 0x19, 0x15, 0x49, 0x58, 0x23, 0x6d, 0x87, 0x15, 0x4f, 0x81, 0x76, 0xfb, 0x23, 0xb5, 0xea, 0xcf, 0xac, 0x54, 0x8d, 0x4e, 0x42, 0x2f, 0xeb, 0x0f, 0x63, 0xdb, 0x68, 0x37, 0xa8, 0xcf, 0x8b, 0xab, 0xf5, 0xa4, 0x6e, 0x96, 0x2a, 0xb2, 0xd6, 0xbe, 0x9e, 0xbd, 0x0d, 0xb4, 0x42, 0xa9, 0xcf, 0x01, 0x83, 0x8a, 0x17, 0x47, 0x76, 0xc4, 0xc6, 0x83, 0x04, 0x95, 0x0b, 0xfc, 0x11, 0xc9, 0x62, 0xb8, 0x0c, 0x76, 0x84, 0xd9, 0xb9, 0x37, 0xfa, 0xfc, 0x7c, 0xc2, 0x6d, 0x58, 0x3e, 0xb3, 0x04, 0xbb, 0x8c, 0x8f, 0x48, 0xbc, 0x91, 0x27, 0xcc, 0xf9, 0xb7, 0x22, 0x19, 0x83, 0x2e, 0x09, 0xb5, 0x72, 0xd9, 0x54, 0x1c, 0x4d, 0xa1, 0xea, 0x0b, 0xf1, 0xc6, 0x08, 0x72, 0x46, 0x87, 0x7a, 0x6e, 0x80, 0x56, 0x0a, 0x8a, 0xc0, 0xdd, 0x11, 0x6b, 0xd6, 0xdd, 0x47, 0xdf, 0x10, 0xd9, 0xd8, 0xea, 0x7c, 0xb0, 0x8f, 0x03, 0x00, 0x2e, 0xc1, 0x8f, 0x44, 0xa8, 0xd3, 0x30, 0x06, 0x89, 0xa2, 0xf9, 0x34, 0xad, 0xdc, 0x03, 0x85, 0xed, 0x51, 0xa7, 0x82, 0x9c, 0xe7, 0x5d, 0x52, 0x93, 0x0c, 0x32, 0x9a, 0x5b, 0xe1, 0xaa, 0xca, 0xb8, 0x02, 0x6d, 0x3a, 0xd4, 0xb1, 0x3a, 0xf0, 0x5f, 0xbe, 0xb5, 0x0d, 0x10, 0x6b, 0x38, 0x32, 0xac, 0x76, 0x80, 0xbd, 0xca, 0x94, 0x71, 0x7a, 0xf2, 0xc9, 0x35, 0x2a, 0xde, 0x9f, 0x42, 0x49, 0x18, 0x01, 0xab, 0xbc, 0xef, 0x7c, 0x64, 0x3f, 0x58, 0x3d, 0x92, 0x59, 0xdb, 0x13, 0xdb, 0x58, 0x6e, 0x0a, 0xe0, 0xb7, 0x91, 0x4a, 0x08, 0x20, 0xd6, 0x2e, 0x3c, 0x45, 0xc9, 0x8b, 0x17, 0x79, 0xe7, 0xc7, 0x90, 0x99, 0x3a, 0x18, 0x25, }; void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) { x25519_ge_scalarmult_small_precomp(h, a, k25519SmallPrecomp); } #else // k25519Precomp[i][j] = (j+1)*256^i*B static const ge_precomp k25519Precomp[32][8] = { { { {{25967493, 19198397, 29566455, 3660896, 54414519, 4014786, 27544626, 21800161, 61029707, 2047604}}, {{54563134, 934261, 64385954, 3049989, 66381436, 9406985, 12720692, 5043384, 19500929, 18085054}}, {{58370664, 4489569, 9688441, 18769238, 10184608, 21191052, 29287918, 11864899, 42594502, 29115885}}, }, { {{54292951, 20578084, 45527620, 11784319, 41753206, 30803714, 55390960, 29739860, 66750418, 23343128}}, {{45405608, 6903824, 27185491, 6451973, 37531140, 24000426, 51492312, 11189267, 40279186, 28235350}}, {{26966623, 11152617, 32442495, 15396054, 14353839, 20802097, 63980037, 24013313, 51636816, 29387734}}, }, { {{15636272, 23865875, 24204772, 25642034, 616976, 16869170, 27787599, 18782243, 28944399, 32004408}}, {{16568933, 4717097, 55552716, 32452109, 15682895, 21747389, 16354576, 21778470, 7689661, 11199574}}, {{30464137, 27578307, 55329429, 17883566, 23220364, 15915852, 7512774, 10017326, 49359771, 23634074}}, }, { {{50071967, 13921891, 10945806, 27521001, 27105051, 17470053, 38182653, 15006022, 3284568, 27277892}}, {{23599295, 25248385, 55915199, 25867015, 13236773, 10506355, 7464579, 9656445, 13059162, 10374397}}, {{7798537, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, 29715387, 66467155, 33453106}}, }, { {{10861363, 11473154, 27284546, 1981175, 37044515, 12577860, 32867885, 14515107, 51670560, 10819379}}, {{4708026, 6336745, 20377586, 9066809, 55836755, 6594695, 41455196, 12483687, 54440373, 5581305}}, {{19563141, 16186464, 37722007, 4097518, 10237984, 29206317, 28542349, 13850243, 43430843, 17738489}}, }, { {{51736881, 20691677, 32573249, 4720197, 40672342, 5875510, 47920237, 18329612, 57289923, 21468654}}, {{58559652, 109982, 15149363, 2178705, 22900618, 4543417, 3044240, 17864545, 1762327, 14866737}}, {{48909169, 17603008, 56635573, 1707277, 49922944, 3916100, 38872452, 3959420, 27914454, 4383652}}, }, { {{5153727, 9909285, 1723747, 30776558, 30523604, 5516873, 19480852, 5230134, 43156425, 18378665}}, {{36839857, 30090922, 7665485, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701}}, {{28881826, 14381568, 9657904, 3680757, 46927229, 7843315, 35708204, 1370707, 29794553, 32145132}}, }, { {{14499471, 30824833, 33917750, 29299779, 28494861, 14271267, 30290735, 10876454, 33954766, 2381725}}, {{59913433, 30899068, 52378708, 462250, 39384538, 3941371, 60872247, 3696004, 34808032, 15351954}}, {{27431194, 8222322, 16448760, 29646437, 48401861, 11938354, 34147463, 30583916, 29551812, 10109425}}, }, }, { { {{53451805, 20399000, 35825113, 11777097, 21447386, 6519384, 64730580, 31926875, 10092782, 28790261}}, {{27939166, 14210322, 4677035, 16277044, 44144402, 21156292, 34600109, 12005537, 49298737, 12803509}}, {{17228999, 17892808, 65875336, 300139, 65883994, 21839654, 30364212, 24516238, 18016356, 4397660}}, }, { {{56150021, 25864224, 4776340, 18600194, 27850027, 17952220, 40489757, 14544524, 49631360, 982638}}, {{29253598, 15796703, 64244882, 23645547, 10057022, 3163536, 7332899, 29434304, 46061167, 9934962}}, {{5793284, 16271923, 42977250, 23438027, 29188559, 1206517, 52360934, 4559894, 36984942, 22656481}}, }, { {{39464912, 22061425, 16282656, 22517939, 28414020, 18542168, 24191033, 4541697, 53770555, 5500567}}, {{12650548, 32057319, 9052870, 11355358, 49428827, 25154267, 49678271, 12264342, 10874051, 13524335}}, {{25556948, 30508442, 714650, 2510400, 23394682, 23139102, 33119037, 5080568, 44580805, 5376627}}, }, { {{41020600, 29543379, 50095164, 30016803, 60382070, 1920896, 44787559, 24106988, 4535767, 1569007}}, {{64853442, 14606629, 45416424, 25514613, 28430648, 8775819, 36614302, 3044289, 31848280, 12543772}}, {{45080285, 2943892, 35251351, 6777305, 13784462, 29262229, 39731668, 31491700, 7718481, 14474653}}, }, { {{2385296, 2454213, 44477544, 46602, 62670929, 17874016, 656964, 26317767, 24316167, 28300865}}, {{13741529, 10911568, 33875447, 24950694, 46931033, 32521134, 33040650, 20129900, 46379407, 8321685}}, {{21060490, 31341688, 15712756, 29218333, 1639039, 10656336, 23845965, 21679594, 57124405, 608371}}, }, { {{53436132, 18466845, 56219170, 25997372, 61071954, 11305546, 1123968, 26773855, 27229398, 23887}}, {{43864724, 33260226, 55364135, 14712570, 37643165, 31524814, 12797023, 27114124, 65475458, 16678953}}, {{37608244, 4770661, 51054477, 14001337, 7830047, 9564805, 65600720, 28759386, 49939598, 4904952}}, }, { {{24059538, 14617003, 19037157, 18514524, 19766092, 18648003, 5169210, 16191880, 2128236, 29227599}}, {{50127693, 4124965, 58568254, 22900634, 30336521, 19449185, 37302527, 916032, 60226322, 30567899}}, {{44477957, 12419371, 59974635, 26081060, 50629959, 16739174, 285431, 2763829, 15736322, 4143876}}, }, { {{2379333, 11839345, 62998462, 27565766, 11274297, 794957, 212801, 18959769, 23527083, 17096164}}, {{33431108, 22423954, 49269897, 17927531, 8909498, 8376530, 34483524, 4087880, 51919953, 19138217}}, {{1767664, 7197987, 53903638, 31531796, 54017513, 448825, 5799055, 4357868, 62334673, 17231393}}, }, }, { { {{6721966, 13833823, 43585476, 32003117, 26354292, 21691111, 23365146, 29604700, 7390889, 2759800}}, {{4409022, 2052381, 23373853, 10530217, 7676779, 20668478, 21302352, 29290375, 1244379, 20634787}}, {{62687625, 7169618, 4982368, 30596842, 30256824, 30776892, 14086412, 9208236, 15886429, 16489664}}, }, { {{1996056, 10375649, 14346367, 13311202, 60234729, 17116020, 53415665, 398368, 36502409, 32841498}}, {{41801399, 9795879, 64331450, 14878808, 33577029, 14780362, 13348553, 12076947, 36272402, 5113181}}, {{49338080, 11797795, 31950843, 13929123, 41220562, 12288343, 36767763, 26218045, 13847710, 5387222}}, }, { {{48526701, 30138214, 17824842, 31213466, 22744342, 23111821, 8763060, 3617786, 47508202, 10370990}}, {{20246567, 19185054, 22358228, 33010720, 18507282, 23140436, 14554436, 24808340, 32232923, 16763880}}, {{9648486, 10094563, 26416693, 14745928, 36734546, 27081810, 11094160, 15689506, 3140038, 17044340}}, }, { {{50948792, 5472694, 31895588, 4744994, 8823515, 10365685, 39884064, 9448612, 38334410, 366294}}, {{19153450, 11523972, 56012374, 27051289, 42461232, 5420646, 28344573, 8041113, 719605, 11671788}}, {{8678006, 2694440, 60300850, 2517371, 4964326, 11152271, 51675948, 18287915, 27000812, 23358879}}, }, { {{51950941, 7134311, 8639287, 30739555, 59873175, 10421741, 564065, 5336097, 6750977, 19033406}}, {{11836410, 29574944, 26297893, 16080799, 23455045, 15735944, 1695823, 24735310, 8169719, 16220347}}, {{48993007, 8653646, 17578566, 27461813, 59083086, 17541668, 55964556, 30926767, 61118155, 19388398}}, }, { {{43800366, 22586119, 15213227, 23473218, 36255258, 22504427, 27884328, 2847284, 2655861, 1738395}}, {{39571412, 19301410, 41772562, 25551651, 57738101, 8129820, 21651608, 30315096, 48021414, 22549153}}, {{1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, 5821408, 10478196, 8544890}}, }, { {{32173102, 17425121, 24896206, 3921497, 22579056, 30143578, 19270448, 12217473, 17789017, 30158437}}, {{36555903, 31326030, 51530034, 23407230, 13243888, 517024, 15479401, 29701199, 30460519, 1052596}}, {{55493970, 13323617, 32618793, 8175907, 51878691, 12596686, 27491595, 28942073, 3179267, 24075541}}, }, { {{31947050, 19187781, 62468280, 18214510, 51982886, 27514722, 52352086, 17142691, 19072639, 24043372}}, {{11685058, 11822410, 3158003, 19601838, 33402193, 29389366, 5977895, 28339415, 473098, 5040608}}, {{46817982, 8198641, 39698732, 11602122, 1290375, 30754672, 28326861, 1721092, 47550222, 30422825}}, }, }, { { {{7881532, 10687937, 7578723, 7738378, 48157852, 31000479, 21820785, 8076149, 39240368, 11538388}}, {{47173198, 3899860, 18283497, 26752864, 51380203, 22305220, 8754524, 7446702, 61432810, 5797015}}, {{55813245, 29760862, 51326753, 25589858, 12708868, 25098233, 2014098, 24503858, 64739691, 27677090}}, }, { {{44636488, 21985690, 39426843, 1146374, 18956691, 16640559, 1192730, 29840233, 15123618, 10811505}}, {{14352079, 30134717, 48166819, 10822654, 32750596, 4699007, 67038501, 15776355, 38222085, 21579878}}, {{38867681, 25481956, 62129901, 28239114, 29416930, 1847569, 46454691, 17069576, 4714546, 23953777}}, }, { {{15200332, 8368572, 19679101, 15970074, 35236190, 1959450, 24611599, 29010600, 55362987, 12340219}}, {{12876937, 23074376, 33134380, 6590940, 60801088, 14872439, 9613953, 8241152, 15370987, 9608631}}, {{62965568, 21540023, 8446280, 33162829, 4407737, 13629032, 59383996, 15866073, 38898243, 24740332}}, }, { {{26660628, 17876777, 8393733, 358047, 59707573, 992987, 43204631, 858696, 20571223, 8420556}}, {{14620696, 13067227, 51661590, 8264466, 14106269, 15080814, 33531827, 12516406, 45534429, 21077682}}, {{236881, 10476226, 57258, 18877408, 6472997, 2466984, 17258519, 7256740, 8791136, 15069930}}, }, { {{1276391, 24182514, 22949634, 17231625, 43615824, 27852245, 14711874, 4874229, 36445724, 31223040}}, {{5855666, 4990204, 53397016, 7294283, 59304582, 1924646, 65685689, 25642053, 34039526, 9234252}}, {{20590503, 24535444, 31529743, 26201766, 64402029, 10650547, 31559055, 21944845, 18979185, 13396066}}, }, { {{24474287, 4968103, 22267082, 4407354, 24063882, 25229252, 48291976, 13594781, 33514650, 7021958}}, {{55541958, 26988926, 45743778, 15928891, 40950559, 4315420, 41160136, 29637754, 45628383, 12868081}}, {{38473832, 13504660, 19988037, 31421671, 21078224, 6443208, 45662757, 2244499, 54653067, 25465048}}, }, { {{36513336, 13793478, 61256044, 319135, 41385692, 27290532, 33086545, 8957937, 51875216, 5540520}}, {{55478669, 22050529, 58989363, 25911358, 2620055, 1022908, 43398120, 31985447, 50980335, 18591624}}, {{23152952, 775386, 27395463, 14006635, 57407746, 4649511, 1689819, 892185, 55595587, 18348483}}, }, { {{9770129, 9586738, 26496094, 4324120, 1556511, 30004408, 27453818, 4763127, 47929250, 5867133}}, {{34343820, 1927589, 31726409, 28801137, 23962433, 17534932, 27846558, 5931263, 37359161, 17445976}}, {{27461885, 30576896, 22380809, 1815854, 44075111, 30522493, 7283489, 18406359, 47582163, 7734628}}, }, }, { { {{59098600, 23963614, 55988460, 6196037, 29344158, 20123547, 7585294, 30377806, 18549496, 15302069}}, {{34450527, 27383209, 59436070, 22502750, 6258877, 13504381, 10458790, 27135971, 58236621, 8424745}}, {{24687186, 8613276, 36441818, 30320886, 1863891, 31723888, 19206233, 7134917, 55824382, 32725512}}, }, { {{11334899, 24336410, 8025292, 12707519, 17523892, 23078361, 10243737, 18868971, 62042829, 16498836}}, {{8911542, 6887158, 57524604, 26595841, 11145640, 24010752, 17303924, 19430194, 6536640, 10543906}}, {{38162480, 15479762, 49642029, 568875, 65611181, 11223453, 64439674, 16928857, 39873154, 8876770}}, }, { {{41365946, 20987567, 51458897, 32707824, 34082177, 32758143, 33627041, 15824473, 66504438, 24514614}}, {{10330056, 70051, 7957388, 24551765, 9764901, 15609756, 27698697, 28664395, 1657393, 3084098}}, {{10477963, 26084172, 12119565, 20303627, 29016246, 28188843, 31280318, 14396151, 36875289, 15272408}}, }, { {{54820555, 3169462, 28813183, 16658753, 25116432, 27923966, 41934906, 20918293, 42094106, 1950503}}, {{40928506, 9489186, 11053416, 18808271, 36055143, 5825629, 58724558, 24786899, 15341278, 8373727}}, {{28685821, 7759505, 52730348, 21551571, 35137043, 4079241, 298136, 23321830, 64230656, 15190419}}, }, { {{34175969, 13806335, 52771379, 17760000, 43104243, 10940927, 8669718, 2742393, 41075551, 26679428}}, {{65528476, 21825014, 41129205, 22109408, 49696989, 22641577, 9291593, 17306653, 54954121, 6048604}}, {{36803549, 14843443, 1539301, 11864366, 20201677, 1900163, 13934231, 5128323, 11213262, 9168384}}, }, { {{40828332, 11007846, 19408960, 32613674, 48515898, 29225851, 62020803, 22449281, 20470156, 17155731}}, {{43972811, 9282191, 14855179, 18164354, 59746048, 19145871, 44324911, 14461607, 14042978, 5230683}}, {{29969548, 30812838, 50396996, 25001989, 9175485, 31085458, 21556950, 3506042, 61174973, 21104723}}, }, { {{63964118, 8744660, 19704003, 4581278, 46678178, 6830682, 45824694, 8971512, 38569675, 15326562}}, {{47644235, 10110287, 49846336, 30050539, 43608476, 1355668, 51585814, 15300987, 46594746, 9168259}}, {{61755510, 4488612, 43305616, 16314346, 7780487, 17915493, 38160505, 9601604, 33087103, 24543045}}, }, { {{47665694, 18041531, 46311396, 21109108, 37284416, 10229460, 39664535, 18553900, 61111993, 15664671}}, {{23294591, 16921819, 44458082, 25083453, 27844203, 11461195, 13099750, 31094076, 18151675, 13417686}}, {{42385932, 29377914, 35958184, 5988918, 40250079, 6685064, 1661597, 21002991, 15271675, 18101767}}, }, }, { { {{11433023, 20325767, 8239630, 28274915, 65123427, 32828713, 48410099, 2167543, 60187563, 20114249}}, {{35672693, 15575145, 30436815, 12192228, 44645511, 9395378, 57191156, 24915434, 12215109, 12028277}}, {{14098381, 6555944, 23007258, 5757252, 51681032, 20603929, 30123439, 4617780, 50208775, 32898803}}, }, { {{63082644, 18313596, 11893167, 13718664, 52299402, 1847384, 51288865, 10154008, 23973261, 20869958}}, {{40577025, 29858441, 65199965, 2534300, 35238307, 17004076, 18341389, 22134481, 32013173, 23450893}}, {{41629544, 10876442, 55337778, 18929291, 54739296, 1838103, 21911214, 6354752, 4425632, 32716610}}, }, { {{56675475, 18941465, 22229857, 30463385, 53917697, 776728, 49693489, 21533969, 4725004, 14044970}}, {{19268631, 26250011, 1555348, 8692754, 45634805, 23643767, 6347389, 32142648, 47586572, 17444675}}, {{42244775, 12986007, 56209986, 27995847, 55796492, 33405905, 19541417, 8180106, 9282262, 10282508}}, }, { {{40903763, 4428546, 58447668, 20360168, 4098401, 19389175, 15522534, 8372215, 5542595, 22851749}}, {{56546323, 14895632, 26814552, 16880582, 49628109, 31065071, 64326972, 6993760, 49014979, 10114654}}, {{47001790, 32625013, 31422703, 10427861, 59998115, 6150668, 38017109, 22025285, 25953724, 33448274}}, }, { {{62874467, 25515139, 57989738, 3045999, 2101609, 20947138, 19390019, 6094296, 63793585, 12831124}}, {{51110167, 7578151, 5310217, 14408357, 33560244, 33329692, 31575953, 6326196, 7381791, 31132593}}, {{46206085, 3296810, 24736065, 17226043, 18374253, 7318640, 6295303, 8082724, 51746375, 12339663}}, }, { {{27724736, 2291157, 6088201, 19369634, 1792726, 5857634, 13848414, 15768922, 25091167, 14856294}}, {{48242193, 8331042, 24373479, 8541013, 66406866, 24284974, 12927299, 20858939, 44926390, 24541532}}, {{55685435, 28132841, 11632844, 3405020, 30536730, 21880393, 39848098, 13866389, 30146206, 9142070}}, }, { {{3924129, 18246916, 53291741, 23499471, 12291819, 32886066, 39406089, 9326383, 58871006, 4171293}}, {{51186905, 16037936, 6713787, 16606682, 45496729, 2790943, 26396185, 3731949, 345228, 28091483}}, {{45781307, 13448258, 25284571, 1143661, 20614966, 24705045, 2031538, 21163201, 50855680, 19972348}}, }, { {{31016192, 16832003, 26371391, 19103199, 62081514, 14854136, 17477601, 3842657, 28012650, 17149012}}, {{62033029, 9368965, 58546785, 28953529, 51858910, 6970559, 57918991, 16292056, 58241707, 3507939}}, {{29439664, 3537914, 23333589, 6997794, 49553303, 22536363, 51899661, 18503164, 57943934, 6580395}}, }, }, { { {{54923003, 25874643, 16438268, 10826160, 58412047, 27318820, 17860443, 24280586, 65013061, 9304566}}, {{20714545, 29217521, 29088194, 7406487, 11426967, 28458727, 14792666, 18945815, 5289420, 33077305}}, {{50443312, 22903641, 60948518, 20248671, 9192019, 31751970, 17271489, 12349094, 26939669, 29802138}}, }, { {{54218966, 9373457, 31595848, 16374215, 21471720, 13221525, 39825369, 21205872, 63410057, 117886}}, {{22263325, 26994382, 3984569, 22379786, 51994855, 32987646, 28311252, 5358056, 43789084, 541963}}, {{16259200, 3261970, 2309254, 18019958, 50223152, 28972515, 24134069, 16848603, 53771797, 20002236}}, }, { {{9378160, 20414246, 44262881, 20809167, 28198280, 26310334, 64709179, 32837080, 690425, 14876244}}, {{24977353, 33240048, 58884894, 20089345, 28432342, 32378079, 54040059, 21257083, 44727879, 6618998}}, {{65570671, 11685645, 12944378, 13682314, 42719353, 19141238, 8044828, 19737104, 32239828, 27901670}}, }, { {{48505798, 4762989, 66182614, 8885303, 38696384, 30367116, 9781646, 23204373, 32779358, 5095274}}, {{34100715, 28339925, 34843976, 29869215, 9460460, 24227009, 42507207, 14506723, 21639561, 30924196}}, {{50707921, 20442216, 25239337, 15531969, 3987758, 29055114, 65819361, 26690896, 17874573, 558605}}, }, { {{53508735, 10240080, 9171883, 16131053, 46239610, 9599699, 33499487, 5080151, 2085892, 5119761}}, {{44903700, 31034903, 50727262, 414690, 42089314, 2170429, 30634760, 25190818, 35108870, 27794547}}, {{60263160, 15791201, 8550074, 32241778, 29928808, 21462176, 27534429, 26362287, 44757485, 12961481}}, }, { {{42616785, 23983660, 10368193, 11582341, 43711571, 31309144, 16533929, 8206996, 36914212, 28394793}}, {{55987368, 30172197, 2307365, 6362031, 66973409, 8868176, 50273234, 7031274, 7589640, 8945490}}, {{34956097, 8917966, 6661220, 21876816, 65916803, 17761038, 7251488, 22372252, 24099108, 19098262}}, }, { {{5019539, 25646962, 4244126, 18840076, 40175591, 6453164, 47990682, 20265406, 60876967, 23273695}}, {{10853575, 10721687, 26480089, 5861829, 44113045, 1972174, 65242217, 22996533, 63745412, 27113307}}, {{50106456, 5906789, 221599, 26991285, 7828207, 20305514, 24362660, 31546264, 53242455, 7421391}}, }, { {{8139908, 27007935, 32257645, 27663886, 30375718, 1886181, 45933756, 15441251, 28826358, 29431403}}, {{6267067, 9695052, 7709135, 16950835, 34239795, 31668296, 14795159, 25714308, 13746020, 31812384}}, {{28584883, 7787108, 60375922, 18503702, 22846040, 25983196, 63926927, 33190907, 4771361, 25134474}}, }, }, { { {{24949256, 6376279, 39642383, 25379823, 48462709, 23623825, 33543568, 21412737, 3569626, 11342593}}, {{26514970, 4740088, 27912651, 3697550, 19331575, 22082093, 6809885, 4608608, 7325975, 18753361}}, {{55490446, 19000001, 42787651, 7655127, 65739590, 5214311, 39708324, 10258389, 49462170, 25367739}}, }, { {{11431185, 15823007, 26570245, 14329124, 18029990, 4796082, 35662685, 15580663, 9280358, 29580745}}, {{66948081, 23228174, 44253547, 29249434, 46247496, 19933429, 34297962, 22372809, 51563772, 4387440}}, {{46309467, 12194511, 3937617, 27748540, 39954043, 9340369, 42594872, 8548136, 20617071, 26072431}}, }, { {{66170039, 29623845, 58394552, 16124717, 24603125, 27329039, 53333511, 21678609, 24345682, 10325460}}, {{47253587, 31985546, 44906155, 8714033, 14007766, 6928528, 16318175, 32543743, 4766742, 3552007}}, {{45357481, 16823515, 1351762, 32751011, 63099193, 3950934, 3217514, 14481909, 10988822, 29559670}}, }, { {{15564307, 19242862, 3101242, 5684148, 30446780, 25503076, 12677126, 27049089, 58813011, 13296004}}, {{57666574, 6624295, 36809900, 21640754, 62437882, 31497052, 31521203, 9614054, 37108040, 12074673}}, {{4771172, 33419193, 14290748, 20464580, 27992297, 14998318, 65694928, 31997715, 29832612, 17163397}}, }, { {{7064884, 26013258, 47946901, 28486894, 48217594, 30641695, 25825241, 5293297, 39986204, 13101589}}, {{64810282, 2439669, 59642254, 1719964, 39841323, 17225986, 32512468, 28236839, 36752793, 29363474}}, {{37102324, 10162315, 33928688, 3981722, 50626726, 20484387, 14413973, 9515896, 19568978, 9628812}}, }, { {{33053803, 199357, 15894591, 1583059, 27380243, 28973997, 49269969, 27447592, 60817077, 3437739}}, {{48129987, 3884492, 19469877, 12726490, 15913552, 13614290, 44147131, 70103, 7463304, 4176122}}, {{39984863, 10659916, 11482427, 17484051, 12771466, 26919315, 34389459, 28231680, 24216881, 5944158}}, }, { {{8894125, 7450974, 64444715, 23788679, 39028346, 21165316, 19345745, 14680796, 11632993, 5847885}}, {{26942781, 31239115, 9129563, 28647825, 26024104, 11769399, 55590027, 6367193, 57381634, 4782139}}, {{19916442, 28726022, 44198159, 22140040, 25606323, 27581991, 33253852, 8220911, 6358847, 31680575}}, }, { {{801428, 31472730, 16569427, 11065167, 29875704, 96627, 7908388, 29073952, 53570360, 1387154}}, {{19646058, 5720633, 55692158, 12814208, 11607948, 12749789, 14147075, 15156355, 45242033, 11835259}}, {{19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, 15467869, 40548314, 5052482}}, }, }, { { {{64091413, 10058205, 1980837, 3964243, 22160966, 12322533, 60677741, 20936246, 12228556, 26550755}}, {{32944382, 14922211, 44263970, 5188527, 21913450, 24834489, 4001464, 13238564, 60994061, 8653814}}, {{22865569, 28901697, 27603667, 21009037, 14348957, 8234005, 24808405, 5719875, 28483275, 2841751}}, }, { {{50687877, 32441126, 66781144, 21446575, 21886281, 18001658, 65220897, 33238773, 19932057, 20815229}}, {{55452759, 10087520, 58243976, 28018288, 47830290, 30498519, 3999227, 13239134, 62331395, 19644223}}, {{1382174, 21859713, 17266789, 9194690, 53784508, 9720080, 20403944, 11284705, 53095046, 3093229}}, }, { {{16650902, 22516500, 66044685, 1570628, 58779118, 7352752, 66806440, 16271224, 43059443, 26862581}}, {{45197768, 27626490, 62497547, 27994275, 35364760, 22769138, 24123613, 15193618, 45456747, 16815042}}, {{57172930, 29264984, 41829040, 4372841, 2087473, 10399484, 31870908, 14690798, 17361620, 11864968}}, }, { {{55801235, 6210371, 13206574, 5806320, 38091172, 19587231, 54777658, 26067830, 41530403, 17313742}}, {{14668443, 21284197, 26039038, 15305210, 25515617, 4542480, 10453892, 6577524, 9145645, 27110552}}, {{5974855, 3053895, 57675815, 23169240, 35243739, 3225008, 59136222, 3936127, 61456591, 30504127}}, }, { {{30625386, 28825032, 41552902, 20761565, 46624288, 7695098, 17097188, 17250936, 39109084, 1803631}}, {{63555773, 9865098, 61880298, 4272700, 61435032, 16864731, 14911343, 12196514, 45703375, 7047411}}, {{20093258, 9920966, 55970670, 28210574, 13161586, 12044805, 34252013, 4124600, 34765036, 23296865}}, }, { {{46320040, 14084653, 53577151, 7842146, 19119038, 19731827, 4752376, 24839792, 45429205, 2288037}}, {{40289628, 30270716, 29965058, 3039786, 52635099, 2540456, 29457502, 14625692, 42289247, 12570231}}, {{66045306, 22002608, 16920317, 12494842, 1278292, 27685323, 45948920, 30055751, 55134159, 4724942}}, }, { {{17960970, 21778898, 62967895, 23851901, 58232301, 32143814, 54201480, 24894499, 37532563, 1903855}}, {{23134274, 19275300, 56426866, 31942495, 20684484, 15770816, 54119114, 3190295, 26955097, 14109738}}, {{15308788, 5320727, 36995055, 19235554, 22902007, 7767164, 29425325, 22276870, 31960941, 11934971}}, }, { {{39713153, 8435795, 4109644, 12222639, 42480996, 14818668, 20638173, 4875028, 10491392, 1379718}}, {{53949449, 9197840, 3875503, 24618324, 65725151, 27674630, 33518458, 16176658, 21432314, 12180697}}, {{55321537, 11500837, 13787581, 19721842, 44678184, 10140204, 1465425, 12689540, 56807545, 19681548}}, }, }, { { {{5414091, 18168391, 46101199, 9643569, 12834970, 1186149, 64485948, 32212200, 26128230, 6032912}}, {{40771450, 19788269, 32496024, 19900513, 17847800, 20885276, 3604024, 8316894, 41233830, 23117073}}, {{3296484, 6223048, 24680646, 21307972, 44056843, 5903204, 58246567, 28915267, 12376616, 3188849}}, }, { {{29190469, 18895386, 27549112, 32370916, 3520065, 22857131, 32049514, 26245319, 50999629, 23702124}}, {{52364359, 24245275, 735817, 32955454, 46701176, 28496527, 25246077, 17758763, 18640740, 32593455}}, {{60180029, 17123636, 10361373, 5642961, 4910474, 12345252, 35470478, 33060001, 10530746, 1053335}}, }, { {{37842897, 19367626, 53570647, 21437058, 47651804, 22899047, 35646494, 30605446, 24018830, 15026644}}, {{44516310, 30409154, 64819587, 5953842, 53668675, 9425630, 25310643, 13003497, 64794073, 18408815}}, {{39688860, 32951110, 59064879, 31885314, 41016598, 13987818, 39811242, 187898, 43942445, 31022696}}, }, { {{45364466, 19743956, 1844839, 5021428, 56674465, 17642958, 9716666, 16266922, 62038647, 726098}}, {{29370903, 27500434, 7334070, 18212173, 9385286, 2247707, 53446902, 28714970, 30007387, 17731091}}, {{66172485, 16086690, 23751945, 33011114, 65941325, 28365395, 9137108, 730663, 9835848, 4555336}}, }, { {{43732429, 1410445, 44855111, 20654817, 30867634, 15826977, 17693930, 544696, 55123566, 12422645}}, {{31117226, 21338698, 53606025, 6561946, 57231997, 20796761, 61990178, 29457725, 29120152, 13924425}}, {{49707966, 19321222, 19675798, 30819676, 56101901, 27695611, 57724924, 22236731, 7240930, 33317044}}, }, { {{35747106, 22207651, 52101416, 27698213, 44655523, 21401660, 1222335, 4389483, 3293637, 18002689}}, {{50424044, 19110186, 11038543, 11054958, 53307689, 30215898, 42789283, 7733546, 12796905, 27218610}}, {{58349431, 22736595, 41689999, 10783768, 36493307, 23807620, 38855524, 3647835, 3222231, 22393970}}, }, { {{18606113, 1693100, 41660478, 18384159, 4112352, 10045021, 23603893, 31506198, 59558087, 2484984}}, {{9255298, 30423235, 54952701, 32550175, 13098012, 24339566, 16377219, 31451620, 47306788, 30519729}}, {{44379556, 7496159, 61366665, 11329248, 19991973, 30206930, 35390715, 9936965, 37011176, 22935634}}, }, { {{21878571, 28553135, 4338335, 13643897, 64071999, 13160959, 19708896, 5415497, 59748361, 29445138}}, {{27736842, 10103576, 12500508, 8502413, 63695848, 23920873, 10436917, 32004156, 43449720, 25422331}}, {{19492550, 21450067, 37426887, 32701801, 63900692, 12403436, 30066266, 8367329, 13243957, 8709688}}, }, }, { { {{12015105, 2801261, 28198131, 10151021, 24818120, 28811299, 55914672, 27908697, 5150967, 7274186}}, {{2831347, 21062286, 1478974, 6122054, 23825128, 20820846, 31097298, 6083058, 31021603, 23760822}}, {{64578913, 31324785, 445612, 10720828, 53259337, 22048494, 43601132, 16354464, 15067285, 19406725}}, }, { {{7840923, 14037873, 33744001, 15934015, 66380651, 29911725, 21403987, 1057586, 47729402, 21151211}}, {{915865, 17085158, 15608284, 24765302, 42751837, 6060029, 49737545, 8410996, 59888403, 16527024}}, {{32922597, 32997445, 20336073, 17369864, 10903704, 28169945, 16957573, 52992, 23834301, 6588044}}, }, { {{32752011, 11232950, 3381995, 24839566, 22652987, 22810329, 17159698, 16689107, 46794284, 32248439}}, {{62419196, 9166775, 41398568, 22707125, 11576751, 12733943, 7924251, 30802151, 1976122, 26305405}}, {{21251203, 16309901, 64125849, 26771309, 30810596, 12967303, 156041, 30183180, 12331344, 25317235}}, }, { {{8651595, 29077400, 51023227, 28557437, 13002506, 2950805, 29054427, 28447462, 10008135, 28886531}}, {{31486061, 15114593, 52847614, 12951353, 14369431, 26166587, 16347320, 19892343, 8684154, 23021480}}, {{19443825, 11385320, 24468943, 23895364, 43189605, 2187568, 40845657, 27467510, 31316347, 14219878}}, }, { {{38514374, 1193784, 32245219, 11392485, 31092169, 15722801, 27146014, 6992409, 29126555, 9207390}}, {{32382916, 1110093, 18477781, 11028262, 39697101, 26006320, 62128346, 10843781, 59151264, 19118701}}, {{2814918, 7836403, 27519878, 25686276, 46214848, 22000742, 45614304, 8550129, 28346258, 1994730}}, }, { {{47530565, 8085544, 53108345, 29605809, 2785837, 17323125, 47591912, 7174893, 22628102, 8115180}}, {{36703732, 955510, 55975026, 18476362, 34661776, 20276352, 41457285, 3317159, 57165847, 930271}}, {{51805164, 26720662, 28856489, 1357446, 23421993, 1057177, 24091212, 32165462, 44343487, 22903716}}, }, { {{44357633, 28250434, 54201256, 20785565, 51297352, 25757378, 52269845, 17000211, 65241845, 8398969}}, {{35139535, 2106402, 62372504, 1362500, 12813763, 16200670, 22981545, 27263159, 18009407, 17781660}}, {{49887941, 24009210, 39324209, 14166834, 29815394, 7444469, 29551787, 29827013, 19288548, 1325865}}, }, { {{15100138, 17718680, 43184885, 32549333, 40658671, 15509407, 12376730, 30075286, 33166106, 25511682}}, {{20909212, 13023121, 57899112, 16251777, 61330449, 25459517, 12412150, 10018715, 2213263, 19676059}}, {{32529814, 22479743, 30361438, 16864679, 57972923, 1513225, 22922121, 6382134, 61341936, 8371347}}, }, }, { { {{9923462, 11271500, 12616794, 3544722, 37110496, 31832805, 12891686, 25361300, 40665920, 10486143}}, {{44511638, 26541766, 8587002, 25296571, 4084308, 20584370, 361725, 2610596, 43187334, 22099236}}, {{5408392, 32417741, 62139741, 10561667, 24145918, 14240566, 31319731, 29318891, 19985174, 30118346}}, }, { {{53114407, 16616820, 14549246, 3341099, 32155958, 13648976, 49531796, 8849296, 65030, 8370684}}, {{58787919, 21504805, 31204562, 5839400, 46481576, 32497154, 47665921, 6922163, 12743482, 23753914}}, {{64747493, 12678784, 28815050, 4759974, 43215817, 4884716, 23783145, 11038569, 18800704, 255233}}, }, { {{61839187, 31780545, 13957885, 7990715, 23132995, 728773, 13393847, 9066957, 19258688, 18800639}}, {{64172210, 22726896, 56676774, 14516792, 63468078, 4372540, 35173943, 2209389, 65584811, 2055793}}, {{580882, 16705327, 5468415, 30871414, 36182444, 18858431, 59905517, 24560042, 37087844, 7394434}}, }, { {{23838809, 1822728, 51370421, 15242726, 8318092, 29821328, 45436683, 30062226, 62287122, 14799920}}, {{13345610, 9759151, 3371034, 17416641, 16353038, 8577942, 31129804, 13496856, 58052846, 7402517}}, {{2286874, 29118501, 47066405, 31546095, 53412636, 5038121, 11006906, 17794080, 8205060, 1607563}}, }, { {{14414067, 25552300, 3331829, 30346215, 22249150, 27960244, 18364660, 30647474, 30019586, 24525154}}, {{39420813, 1585952, 56333811, 931068, 37988643, 22552112, 52698034, 12029092, 9944378, 8024}}, {{4368715, 29844802, 29874199, 18531449, 46878477, 22143727, 50994269, 32555346, 58966475, 5640029}}, }, { {{10299591, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, 16859868, 15219797, 19226649}}, {{27425505, 27835351, 3055005, 10660664, 23458024, 595578, 51710259, 32381236, 48766680, 9742716}}, {{6744077, 2427284, 26042789, 2720740, 66260958, 1118973, 32324614, 7406442, 12420155, 1994844}}, }, { {{14012502, 28529712, 48724410, 23975962, 40623521, 29617992, 54075385, 22644628, 24319928, 27108099}}, {{16412671, 29047065, 10772640, 15929391, 50040076, 28895810, 10555944, 23070383, 37006495, 28815383}}, {{22397363, 25786748, 57815702, 20761563, 17166286, 23799296, 39775798, 6199365, 21880021, 21303672}}, }, { {{62825557, 5368522, 35991846, 8163388, 36785801, 3209127, 16557151, 8890729, 8840445, 4957760}}, {{51661137, 709326, 60189418, 22684253, 37330941, 6522331, 45388683, 12130071, 52312361, 5005756}}, {{64994094, 19246303, 23019041, 15765735, 41839181, 6002751, 10183197, 20315106, 50713577, 31378319}}, }, }, { { {{48083108, 1632004, 13466291, 25559332, 43468412, 16573536, 35094956, 30497327, 22208661, 2000468}}, {{3065054, 32141671, 41510189, 33192999, 49425798, 27851016, 58944651, 11248526, 63417650, 26140247}}, {{10379208, 27508878, 8877318, 1473647, 37817580, 21046851, 16690914, 2553332, 63976176, 16400288}}, }, { {{15716668, 1254266, 48636174, 7446273, 58659946, 6344163, 45011593, 26268851, 26894936, 9132066}}, {{24158868, 12938817, 11085297, 25376834, 39045385, 29097348, 36532400, 64451, 60291780, 30861549}}, {{13488534, 7794716, 22236231, 5989356, 25426474, 20976224, 2350709, 30135921, 62420857, 2364225}}, }, { {{16335033, 9132434, 25640582, 6678888, 1725628, 8517937, 55301840, 21856974, 15445874, 25756331}}, {{29004188, 25687351, 28661401, 32914020, 54314860, 25611345, 31863254, 29418892, 66830813, 17795152}}, {{60986784, 18687766, 38493958, 14569918, 56250865, 29962602, 10343411, 26578142, 37280576, 22738620}}, }, { {{27081650, 3463984, 14099042, 29036828, 1616302, 27348828, 29542635, 15372179, 17293797, 960709}}, {{20263915, 11434237, 61343429, 11236809, 13505955, 22697330, 50997518, 6493121, 47724353, 7639713}}, {{64278047, 18715199, 25403037, 25339236, 58791851, 17380732, 18006286, 17510682, 29994676, 17746311}}, }, { {{9769828, 5202651, 42951466, 19923039, 39057860, 21992807, 42495722, 19693649, 35924288, 709463}}, {{12286395, 13076066, 45333675, 32377809, 42105665, 4057651, 35090736, 24663557, 16102006, 13205847}}, {{13733362, 5599946, 10557076, 3195751, 61550873, 8536969, 41568694, 8525971, 10151379, 10394400}}, }, { {{4024660, 17416881, 22436261, 12276534, 58009849, 30868332, 19698228, 11743039, 33806530, 8934413}}, {{51229064, 29029191, 58528116, 30620370, 14634844, 32856154, 57659786, 3137093, 55571978, 11721157}}, {{17555920, 28540494, 8268605, 2331751, 44370049, 9761012, 9319229, 8835153, 57903375, 32274386}}, }, { {{66647436, 25724417, 20614117, 16688288, 59594098, 28747312, 22300303, 505429, 6108462, 27371017}}, {{62038564, 12367916, 36445330, 3234472, 32617080, 25131790, 29880582, 20071101, 40210373, 25686972}}, {{35133562, 5726538, 26934134, 10237677, 63935147, 32949378, 24199303, 3795095, 7592688, 18562353}}, }, { {{21594432, 18590204, 17466407, 29477210, 32537083, 2739898, 6407723, 12018833, 38852812, 4298411}}, {{46458361, 21592935, 39872588, 570497, 3767144, 31836892, 13891941, 31985238, 13717173, 10805743}}, {{52432215, 17910135, 15287173, 11927123, 24177847, 25378864, 66312432, 14860608, 40169934, 27690595}}, }, }, { { {{12962541, 5311799, 57048096, 11658279, 18855286, 25600231, 13286262, 20745728, 62727807, 9882021}}, {{18512060, 11319350, 46985740, 15090308, 18818594, 5271736, 44380960, 3666878, 43141434, 30255002}}, {{60319844, 30408388, 16192428, 13241070, 15898607, 19348318, 57023983, 26893321, 64705764, 5276064}}, }, { {{30169808, 28236784, 26306205, 21803573, 27814963, 7069267, 7152851, 3684982, 1449224, 13082861}}, {{10342807, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, 15056736, 46092426, 25352431}}, {{33958735, 3261607, 22745853, 7948688, 19370557, 18376767, 40936887, 6482813, 56808784, 22494330}}, }, { {{32869458, 28145887, 25609742, 15678670, 56421095, 18083360, 26112420, 2521008, 44444576, 6904814}}, {{29506904, 4457497, 3377935, 23757988, 36598817, 12935079, 1561737, 3841096, 38105225, 26896789}}, {{10340844, 26924055, 48452231, 31276001, 12621150, 20215377, 30878496, 21730062, 41524312, 5181965}}, }, { {{25940096, 20896407, 17324187, 23247058, 58437395, 15029093, 24396252, 17103510, 64786011, 21165857}}, {{45343161, 9916822, 65808455, 4079497, 66080518, 11909558, 1782390, 12641087, 20603771, 26992690}}, {{48226577, 21881051, 24849421, 11501709, 13161720, 28785558, 1925522, 11914390, 4662781, 7820689}}, }, { {{12241050, 33128450, 8132690, 9393934, 32846760, 31954812, 29749455, 12172924, 16136752, 15264020}}, {{56758909, 18873868, 58896884, 2330219, 49446315, 19008651, 10658212, 6671822, 19012087, 3772772}}, {{3753511, 30133366, 10617073, 2028709, 14841030, 26832768, 28718731, 17791548, 20527770, 12988982}}, }, { {{52286360, 27757162, 63400876, 12689772, 66209881, 22639565, 42925817, 22989488, 3299664, 21129479}}, {{50331161, 18301130, 57466446, 4978982, 3308785, 8755439, 6943197, 6461331, 41525717, 8991217}}, {{49882601, 1816361, 65435576, 27467992, 31783887, 25378441, 34160718, 7417949, 36866577, 1507264}}, }, { {{29692644, 6829891, 56610064, 4334895, 20945975, 21647936, 38221255, 8209390, 14606362, 22907359}}, {{63627275, 8707080, 32188102, 5672294, 22096700, 1711240, 34088169, 9761486, 4170404, 31469107}}, {{55521375, 14855944, 62981086, 32022574, 40459774, 15084045, 22186522, 16002000, 52832027, 25153633}}, }, { {{62297408, 13761028, 35404987, 31070512, 63796392, 7869046, 59995292, 23934339, 13240844, 10965870}}, {{59366301, 25297669, 52340529, 19898171, 43876480, 12387165, 4498947, 14147411, 29514390, 4302863}}, {{53695440, 21146572, 20757301, 19752600, 14785142, 8976368, 62047588, 31410058, 17846987, 19582505}}, }, }, { { {{64864412, 32799703, 62511833, 32488122, 60861691, 1455298, 45461136, 24339642, 61886162, 12650266}}, {{57202067, 17484121, 21134159, 12198166, 40044289, 708125, 387813, 13770293, 47974538, 10958662}}, {{22470984, 12369526, 23446014, 28113323, 45588061, 23855708, 55336367, 21979976, 42025033, 4271861}}, }, { {{41939299, 23500789, 47199531, 15361594, 61124506, 2159191, 75375, 29275903, 34582642, 8469672}}, {{15854951, 4148314, 58214974, 7259001, 11666551, 13824734, 36577666, 2697371, 24154791, 24093489}}, {{15446137, 17747788, 29759746, 14019369, 30811221, 23944241, 35526855, 12840103, 24913809, 9815020}}, }, { {{62399578, 27940162, 35267365, 21265538, 52665326, 10799413, 58005188, 13438768, 18735128, 9466238}}, {{11933045, 9281483, 5081055, 28370608, 64480701, 28648802, 59381042, 22658328, 44380208, 16199063}}, {{14576810, 379472, 40322331, 25237195, 37682355, 22741457, 67006097, 1876698, 30801119, 2164795}}, }, { {{15995086, 3199873, 13672555, 13712240, 47730029, 28906785, 54027253, 18058162, 53616056, 1268051}}, {{56818250, 29895392, 63822271, 10948817, 23037027, 3794475, 63638526, 20954210, 50053494, 3565903}}, {{29210069, 24135095, 61189071, 28601646, 10834810, 20226706, 50596761, 22733718, 39946641, 19523900}}, }, { {{53946955, 15508587, 16663704, 25398282, 38758921, 9019122, 37925443, 29785008, 2244110, 19552453}}, {{61955989, 29753495, 57802388, 27482848, 16243068, 14684434, 41435776, 17373631, 13491505, 4641841}}, {{10813398, 643330, 47920349, 32825515, 30292061, 16954354, 27548446, 25833190, 14476988, 20787001}}, }, { {{10292079, 9984945, 6481436, 8279905, 59857350, 7032742, 27282937, 31910173, 39196053, 12651323}}, {{35923332, 32741048, 22271203, 11835308, 10201545, 15351028, 17099662, 3988035, 21721536, 30405492}}, {{10202177, 27008593, 35735631, 23979793, 34958221, 25434748, 54202543, 3852693, 13216206, 14842320}}, }, { {{51293224, 22953365, 60569911, 26295436, 60124204, 26972653, 35608016, 13765823, 39674467, 9900183}}, {{14465486, 19721101, 34974879, 18815558, 39665676, 12990491, 33046193, 15796406, 60056998, 25514317}}, {{30924398, 25274812, 6359015, 20738097, 16508376, 9071735, 41620263, 15413634, 9524356, 26535554}}, }, { {{12274201, 20378885, 32627640, 31769106, 6736624, 13267305, 5237659, 28444949, 15663515, 4035784}}, {{64157555, 8903984, 17349946, 601635, 50676049, 28941875, 53376124, 17665097, 44850385, 4659090}}, {{50192582, 28601458, 36715152, 18395610, 20774811, 15897498, 5736189, 15026997, 64930608, 20098846}}, }, }, { { {{58249865, 31335375, 28571665, 23398914, 66634396, 23448733, 63307367, 278094, 23440562, 33264224}}, {{10226222, 27625730, 15139955, 120818, 52241171, 5218602, 32937275, 11551483, 50536904, 26111567}}, {{17932739, 21117156, 43069306, 10749059, 11316803, 7535897, 22503767, 5561594, 63462240, 3898660}}, }, { {{7749907, 32584865, 50769132, 33537967, 42090752, 15122142, 65535333, 7152529, 21831162, 1245233}}, {{26958440, 18896406, 4314585, 8346991, 61431100, 11960071, 34519569, 32934396, 36706772, 16838219}}, {{54942968, 9166946, 33491384, 13673479, 29787085, 13096535, 6280834, 14587357, 44770839, 13987524}}, }, { {{42758936, 7778774, 21116000, 15572597, 62275598, 28196653, 62807965, 28429792, 59639082, 30696363}}, {{9681908, 26817309, 35157219, 13591837, 60225043, 386949, 31622781, 6439245, 52527852, 4091396}}, {{58682418, 1470726, 38999185, 31957441, 3978626, 28430809, 47486180, 12092162, 29077877, 18812444}}, }, { {{5269168, 26694706, 53878652, 25533716, 25932562, 1763552, 61502754, 28048550, 47091016, 2357888}}, {{32264008, 18146780, 61721128, 32394338, 65017541, 29607531, 23104803, 20684524, 5727337, 189038}}, {{14609104, 24599962, 61108297, 16931650, 52531476, 25810533, 40363694, 10942114, 41219933, 18669734}}, }, { {{20513481, 5557931, 51504251, 7829530, 26413943, 31535028, 45729895, 7471780, 13913677, 28416557}}, {{41534488, 11967825, 29233242, 12948236, 60354399, 4713226, 58167894, 14059179, 12878652, 8511905}}, {{41452044, 3393630, 64153449, 26478905, 64858154, 9366907, 36885446, 6812973, 5568676, 30426776}}, }, { {{11630004, 12144454, 2116339, 13606037, 27378885, 15676917, 49700111, 20050058, 52713667, 8070817}}, {{27117677, 23547054, 35826092, 27984343, 1127281, 12772488, 37262958, 10483305, 55556115, 32525717}}, {{10637467, 27866368, 5674780, 1072708, 40765276, 26572129, 65424888, 9177852, 39615702, 15431202}}, }, { {{20525126, 10892566, 54366392, 12779442, 37615830, 16150074, 38868345, 14943141, 52052074, 25618500}}, {{37084402, 5626925, 66557297, 23573344, 753597, 11981191, 25244767, 30314666, 63752313, 9594023}}, {{43356201, 2636869, 61944954, 23450613, 585133, 7877383, 11345683, 27062142, 13352334, 22577348}}, }, { {{65177046, 28146973, 3304648, 20669563, 17015805, 28677341, 37325013, 25801949, 53893326, 33235227}}, {{20239939, 6607058, 6203985, 3483793, 48721888, 32775202, 46385121, 15077869, 44358105, 14523816}}, {{27406023, 27512775, 27423595, 29057038, 4996213, 10002360, 38266833, 29008937, 36936121, 28748764}}, }, }, { { {{11374242, 12660715, 17861383, 21013599, 10935567, 1099227, 53222788, 24462691, 39381819, 11358503}}, {{54378055, 10311866, 1510375, 10778093, 64989409, 24408729, 32676002, 11149336, 40985213, 4985767}}, {{48012542, 341146, 60911379, 33315398, 15756972, 24757770, 66125820, 13794113, 47694557, 17933176}}, }, { {{6490062, 11940286, 25495923, 25828072, 8668372, 24803116, 3367602, 6970005, 65417799, 24549641}}, {{1656478, 13457317, 15370807, 6364910, 13605745, 8362338, 47934242, 28078708, 50312267, 28522993}}, {{44835530, 20030007, 67044178, 29220208, 48503227, 22632463, 46537798, 26546453, 67009010, 23317098}}, }, { {{17747446, 10039260, 19368299, 29503841, 46478228, 17513145, 31992682, 17696456, 37848500, 28042460}}, {{31932008, 28568291, 47496481, 16366579, 22023614, 88450, 11371999, 29810185, 4882241, 22927527}}, {{29796488, 37186, 19818052, 10115756, 55279832, 3352735, 18551198, 3272828, 61917932, 29392022}}, }, { {{12501267, 4044383, 58495907, 20162046, 34678811, 5136598, 47878486, 30024734, 330069, 29895023}}, {{6384877, 2899513, 17807477, 7663917, 64749976, 12363164, 25366522, 24980540, 66837568, 12071498}}, {{58743349, 29511910, 25133447, 29037077, 60897836, 2265926, 34339246, 1936674, 61949167, 3829362}}, }, { {{28425966, 27718999, 66531773, 28857233, 52891308, 6870929, 7921550, 26986645, 26333139, 14267664}}, {{56041645, 11871230, 27385719, 22994888, 62522949, 22365119, 10004785, 24844944, 45347639, 8930323}}, {{45911060, 17158396, 25654215, 31829035, 12282011, 11008919, 1541940, 4757911, 40617363, 17145491}}, }, { {{13537262, 25794942, 46504023, 10961926, 61186044, 20336366, 53952279, 6217253, 51165165, 13814989}}, {{49686272, 15157789, 18705543, 29619, 24409717, 33293956, 27361680, 9257833, 65152338, 31777517}}, {{42063564, 23362465, 15366584, 15166509, 54003778, 8423555, 37937324, 12361134, 48422886, 4578289}}, }, { {{24579768, 3711570, 1342322, 22374306, 40103728, 14124955, 44564335, 14074918, 21964432, 8235257}}, {{60580251, 31142934, 9442965, 27628844, 12025639, 32067012, 64127349, 31885225, 13006805, 2355433}}, {{50803946, 19949172, 60476436, 28412082, 16974358, 22643349, 27202043, 1719366, 1141648, 20758196}}, }, { {{54244920, 20334445, 58790597, 22536340, 60298718, 28710537, 13475065, 30420460, 32674894, 13715045}}, {{11423316, 28086373, 32344215, 8962751, 24989809, 9241752, 53843611, 16086211, 38367983, 17912338}}, {{65699196, 12530727, 60740138, 10847386, 19531186, 19422272, 55399715, 7791793, 39862921, 4383346}}, }, }, { { {{38137966, 5271446, 65842855, 23817442, 54653627, 16732598, 62246457, 28647982, 27193556, 6245191}}, {{51914908, 5362277, 65324971, 2695833, 4960227, 12840725, 23061898, 3260492, 22510453, 8577507}}, {{54476394, 11257345, 34415870, 13548176, 66387860, 10879010, 31168030, 13952092, 37537372, 29918525}}, }, { {{3877321, 23981693, 32416691, 5405324, 56104457, 19897796, 3759768, 11935320, 5611860, 8164018}}, {{50833043, 14667796, 15906460, 12155291, 44997715, 24514713, 32003001, 24722143, 5773084, 25132323}}, {{43320746, 25300131, 1950874, 8937633, 18686727, 16459170, 66203139, 12376319, 31632953, 190926}}, }, { {{42515238, 17415546, 58684872, 13378745, 14162407, 6901328, 58820115, 4508563, 41767309, 29926903}}, {{8884438, 27670423, 6023973, 10104341, 60227295, 28612898, 18722940, 18768427, 65436375, 827624}}, {{34388281, 17265135, 34605316, 7101209, 13354605, 2659080, 65308289, 19446395, 42230385, 1541285}}, }, { {{2901328, 32436745, 3880375, 23495044, 49487923, 29941650, 45306746, 29986950, 20456844, 31669399}}, {{27019610, 12299467, 53450576, 31951197, 54247203, 28692960, 47568713, 28538373, 29439640, 15138866}}, {{21536104, 26928012, 34661045, 22864223, 44700786, 5175813, 61688824, 17193268, 7779327, 109896}}, }, { {{30279725, 14648750, 59063993, 6425557, 13639621, 32810923, 28698389, 12180118, 23177719, 33000357}}, {{26572828, 3405927, 35407164, 12890904, 47843196, 5335865, 60615096, 2378491, 4439158, 20275085}}, {{44392139, 3489069, 57883598, 33221678, 18875721, 32414337, 14819433, 20822905, 49391106, 28092994}}, }, { {{62052362, 16566550, 15953661, 3767752, 56672365, 15627059, 66287910, 2177224, 8550082, 18440267}}, {{48635543, 16596774, 66727204, 15663610, 22860960, 15585581, 39264755, 29971692, 43848403, 25125843}}, {{34628313, 15707274, 58902952, 27902350, 29464557, 2713815, 44383727, 15860481, 45206294, 1494192}}, }, { {{47546773, 19467038, 41524991, 24254879, 13127841, 759709, 21923482, 16529112, 8742704, 12967017}}, {{38643965, 1553204, 32536856, 23080703, 42417258, 33148257, 58194238, 30620535, 37205105, 15553882}}, {{21877890, 3230008, 9881174, 10539357, 62311749, 2841331, 11543572, 14513274, 19375923, 20906471}}, }, { {{8832269, 19058947, 13253510, 5137575, 5037871, 4078777, 24880818, 27331716, 2862652, 9455043}}, {{29306751, 5123106, 20245049, 19404543, 9592565, 8447059, 65031740, 30564351, 15511448, 4789663}}, {{46429108, 7004546, 8824831, 24119455, 63063159, 29803695, 61354101, 108892, 23513200, 16652362}}, }, }, { { {{33852691, 4144781, 62632835, 26975308, 10770038, 26398890, 60458447, 20618131, 48789665, 10212859}}, {{2756062, 8598110, 7383731, 26694540, 22312758, 32449420, 21179800, 2600940, 57120566, 21047965}}, {{42463153, 13317461, 36659605, 17900503, 21365573, 22684775, 11344423, 864440, 64609187, 16844368}}, }, { {{40676061, 6148328, 49924452, 19080277, 18782928, 33278435, 44547329, 211299, 2719757, 4940997}}, {{65784982, 3911312, 60160120, 14759764, 37081714, 7851206, 21690126, 8518463, 26699843, 5276295}}, {{53958991, 27125364, 9396248, 365013, 24703301, 23065493, 1321585, 149635, 51656090, 7159368}}, }, { {{9987761, 30149673, 17507961, 9505530, 9731535, 31388918, 22356008, 8312176, 22477218, 25151047}}, {{18155857, 17049442, 19744715, 9006923, 15154154, 23015456, 24256459, 28689437, 44560690, 9334108}}, {{2986088, 28642539, 10776627, 30080588, 10620589, 26471229, 45695018, 14253544, 44521715, 536905}}, }, { {{4377737, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, 10589625, 10838060, 18134008}}, {{47766460, 867879, 9277171, 30335973, 52677291, 31567988, 19295825, 17757482, 6378259, 699185}}, {{7895007, 4057113, 60027092, 20476675, 49222032, 33231305, 66392824, 15693154, 62063800, 20180469}}, }, { {{59371282, 27685029, 52542544, 26147512, 11385653, 13201616, 31730678, 22591592, 63190227, 23885106}}, {{10188286, 17783598, 59772502, 13427542, 22223443, 14896287, 30743455, 7116568, 45322357, 5427592}}, {{696102, 13206899, 27047647, 22922350, 15285304, 23701253, 10798489, 28975712, 19236242, 12477404}}, }, { {{55879425, 11243795, 50054594, 25513566, 66320635, 25386464, 63211194, 11180503, 43939348, 7733643}}, {{17800790, 19518253, 40108434, 21787760, 23887826, 3149671, 23466177, 23016261, 10322026, 15313801}}, {{26246234, 11968874, 32263343, 28085704, 6830754, 20231401, 51314159, 33452449, 42659621, 10890803}}, }, { {{35743198, 10271362, 54448239, 27287163, 16690206, 20491888, 52126651, 16484930, 25180797, 28219548}}, {{66522290, 10376443, 34522450, 22268075, 19801892, 10997610, 2276632, 9482883, 316878, 13820577}}, {{57226037, 29044064, 64993357, 16457135, 56008783, 11674995, 30756178, 26039378, 30696929, 29841583}}, }, { {{32988917, 23951020, 12499365, 7910787, 56491607, 21622917, 59766047, 23569034, 34759346, 7392472}}, {{58253184, 15927860, 9866406, 29905021, 64711949, 16898650, 36699387, 24419436, 25112946, 30627788}}, {{64604801, 33117465, 25621773, 27875660, 15085041, 28074555, 42223985, 20028237, 5537437, 19640113}}, }, }, { { {{55883280, 2320284, 57524584, 10149186, 33664201, 5808647, 52232613, 31824764, 31234589, 6090599}}, {{57475529, 116425, 26083934, 2897444, 60744427, 30866345, 609720, 15878753, 60138459, 24519663}}, {{39351007, 247743, 51914090, 24551880, 23288160, 23542496, 43239268, 6503645, 20650474, 1804084}}, }, { {{39519059, 15456423, 8972517, 8469608, 15640622, 4439847, 3121995, 23224719, 27842615, 33352104}}, {{51801891, 2839643, 22530074, 10026331, 4602058, 5048462, 28248656, 5031932, 55733782, 12714368}}, {{20807691, 26283607, 29286140, 11421711, 39232341, 19686201, 45881388, 1035545, 47375635, 12796919}}, }, { {{12076880, 19253146, 58323862, 21705509, 42096072, 16400683, 49517369, 20654993, 3480664, 18371617}}, {{34747315, 5457596, 28548107, 7833186, 7303070, 21600887, 42745799, 17632556, 33734809, 2771024}}, {{45719598, 421931, 26597266, 6860826, 22486084, 26817260, 49971378, 29344205, 42556581, 15673396}}, }, { {{46924223, 2338215, 19788685, 23933476, 63107598, 24813538, 46837679, 4733253, 3727144, 20619984}}, {{6120100, 814863, 55314462, 32931715, 6812204, 17806661, 2019593, 7975683, 31123697, 22595451}}, {{30069250, 22119100, 30434653, 2958439, 18399564, 32578143, 12296868, 9204260, 50676426, 9648164}}, }, { {{32705413, 32003455, 30705657, 7451065, 55303258, 9631812, 3305266, 5248604, 41100532, 22176930}}, {{17219846, 2375039, 35537917, 27978816, 47649184, 9219902, 294711, 15298639, 2662509, 17257359}}, {{65935918, 25995736, 62742093, 29266687, 45762450, 25120105, 32087528, 32331655, 32247247, 19164571}}, }, { {{14312609, 1221556, 17395390, 24854289, 62163122, 24869796, 38911119, 23916614, 51081240, 20175586}}, {{65680039, 23875441, 57873182, 6549686, 59725795, 33085767, 23046501, 9803137, 17597934, 2346211}}, {{18510781, 15337574, 26171504, 981392, 44867312, 7827555, 43617730, 22231079, 3059832, 21771562}}, }, { {{10141598, 6082907, 17829293, 31606789, 9830091, 13613136, 41552228, 28009845, 33606651, 3592095}}, {{33114149, 17665080, 40583177, 20211034, 33076704, 8716171, 1151462, 1521897, 66126199, 26716628}}, {{34169699, 29298616, 23947180, 33230254, 34035889, 21248794, 50471177, 3891703, 26353178, 693168}}, }, { {{30374239, 1595580, 50224825, 13186930, 4600344, 406904, 9585294, 33153764, 31375463, 14369965}}, {{52738210, 25781902, 1510300, 6434173, 48324075, 27291703, 32732229, 20445593, 17901440, 16011505}}, {{18171223, 21619806, 54608461, 15197121, 56070717, 18324396, 47936623, 17508055, 8764034, 12309598}}, }, }, { { {{5975889, 28311244, 47649501, 23872684, 55567586, 14015781, 43443107, 1228318, 17544096, 22960650}}, {{5811932, 31839139, 3442886, 31285122, 48741515, 25194890, 49064820, 18144304, 61543482, 12348899}}, {{35709185, 11407554, 25755363, 6891399, 63851926, 14872273, 42259511, 8141294, 56476330, 32968952}}, }, { {{54433560, 694025, 62032719, 13300343, 14015258, 19103038, 57410191, 22225381, 30944592, 1130208}}, {{8247747, 26843490, 40546482, 25845122, 52706924, 18905521, 4652151, 2488540, 23550156, 33283200}}, {{17294297, 29765994, 7026747, 15626851, 22990044, 113481, 2267737, 27646286, 66700045, 33416712}}, }, { {{16091066, 17300506, 18599251, 7340678, 2137637, 32332775, 63744702, 14550935, 3260525, 26388161}}, {{62198760, 20221544, 18550886, 10864893, 50649539, 26262835, 44079994, 20349526, 54360141, 2701325}}, {{58534169, 16099414, 4629974, 17213908, 46322650, 27548999, 57090500, 9276970, 11329923, 1862132}}, }, { {{14763057, 17650824, 36190593, 3689866, 3511892, 10313526, 45157776, 12219230, 58070901, 32614131}}, {{8894987, 30108338, 6150752, 3013931, 301220, 15693451, 35127648, 30644714, 51670695, 11595569}}, {{15214943, 3537601, 40870142, 19495559, 4418656, 18323671, 13947275, 10730794, 53619402, 29190761}}, }, { {{64570558, 7682792, 32759013, 263109, 37124133, 25598979, 44776739, 23365796, 977107, 699994}}, {{54642373, 4195083, 57897332, 550903, 51543527, 12917919, 19118110, 33114591, 36574330, 19216518}}, {{31788442, 19046775, 4799988, 7372237, 8808585, 18806489, 9408236, 23502657, 12493931, 28145115}}, }, { {{41428258, 5260743, 47873055, 27269961, 63412921, 16566086, 27218280, 2607121, 29375955, 6024730}}, {{842132, 30759739, 62345482, 24831616, 26332017, 21148791, 11831879, 6985184, 57168503, 2854095}}, {{62261602, 25585100, 2516241, 27706719, 9695690, 26333246, 16512644, 960770, 12121869, 16648078}}, }, { {{51890212, 14667095, 53772635, 2013716, 30598287, 33090295, 35603941, 25672367, 20237805, 2838411}}, {{47820798, 4453151, 15298546, 17376044, 22115042, 17581828, 12544293, 20083975, 1068880, 21054527}}, {{57549981, 17035596, 33238497, 13506958, 30505848, 32439836, 58621956, 30924378, 12521377, 4845654}}, }, { {{38910324, 10744107, 64150484, 10199663, 7759311, 20465832, 3409347, 32681032, 60626557, 20668561}}, {{43547042, 6230155, 46726851, 10655313, 43068279, 21933259, 10477733, 32314216, 63995636, 13974497}}, {{12966261, 15550616, 35069916, 31939085, 21025979, 32924988, 5642324, 7188737, 18895762, 12629579}}, }, }, { { {{14741879, 18607545, 22177207, 21833195, 1279740, 8058600, 11758140, 789443, 32195181, 3895677}}, {{10758205, 15755439, 62598914, 9243697, 62229442, 6879878, 64904289, 29988312, 58126794, 4429646}}, {{64654951, 15725972, 46672522, 23143759, 61304955, 22514211, 59972993, 21911536, 18047435, 18272689}}, }, { {{41935844, 22247266, 29759955, 11776784, 44846481, 17733976, 10993113, 20703595, 49488162, 24145963}}, {{21987233, 700364, 42603816, 14972007, 59334599, 27836036, 32155025, 2581431, 37149879, 8773374}}, {{41540495, 454462, 53896929, 16126714, 25240068, 8594567, 20656846, 12017935, 59234475, 19634276}}, }, { {{6028163, 6263078, 36097058, 22252721, 66289944, 2461771, 35267690, 28086389, 65387075, 30777706}}, {{54829870, 16624276, 987579, 27631834, 32908202, 1248608, 7719845, 29387734, 28408819, 6816612}}, {{56750770, 25316602, 19549650, 21385210, 22082622, 16147817, 20613181, 13982702, 56769294, 5067942}}, }, { {{36602878, 29732664, 12074680, 13582412, 47230892, 2443950, 47389578, 12746131, 5331210, 23448488}}, {{30528792, 3601899, 65151774, 4619784, 39747042, 18118043, 24180792, 20984038, 27679907, 31905504}}, {{9402385, 19597367, 32834042, 10838634, 40528714, 20317236, 26653273, 24868867, 22611443, 20839026}}, }, { {{22190590, 1118029, 22736441, 15130463, 36648172, 27563110, 19189624, 28905490, 4854858, 6622139}}, {{58798126, 30600981, 58846284, 30166382, 56707132, 33282502, 13424425, 29987205, 26404408, 13001963}}, {{35867026, 18138731, 64114613, 8939345, 11562230, 20713762, 41044498, 21932711, 51703708, 11020692}}, }, { {{1866042, 25604943, 59210214, 23253421, 12483314, 13477547, 3175636, 21130269, 28761761, 1406734}}, {{66660290, 31776765, 13018550, 3194501, 57528444, 22392694, 24760584, 29207344, 25577410, 20175752}}, {{42818486, 4759344, 66418211, 31701615, 2066746, 10693769, 37513074, 9884935, 57739938, 4745409}}, }, { {{57967561, 6049713, 47577803, 29213020, 35848065, 9944275, 51646856, 22242579, 10931923, 21622501}}, {{50547351, 14112679, 59096219, 4817317, 59068400, 22139825, 44255434, 10856640, 46638094, 13434653}}, {{22759470, 23480998, 50342599, 31683009, 13637441, 23386341, 1765143, 20900106, 28445306, 28189722}}, }, { {{29875063, 12493613, 2795536, 29768102, 1710619, 15181182, 56913147, 24765756, 9074233, 1167180}}, {{40903181, 11014232, 57266213, 30918946, 40200743, 7532293, 48391976, 24018933, 3843902, 9367684}}, {{56139269, 27150720, 9591133, 9582310, 11349256, 108879, 16235123, 8601684, 66969667, 4242894}}, }, }, { { {{22092954, 20363309, 65066070, 21585919, 32186752, 22037044, 60534522, 2470659, 39691498, 16625500}}, {{56051142, 3042015, 13770083, 24296510, 584235, 33009577, 59338006, 2602724, 39757248, 14247412}}, {{6314156, 23289540, 34336361, 15957556, 56951134, 168749, 58490057, 14290060, 27108877, 32373552}}, }, { {{58522267, 26383465, 13241781, 10960156, 34117849, 19759835, 33547975, 22495543, 39960412, 981873}}, {{22833421, 9293594, 34459416, 19935764, 57971897, 14756818, 44180005, 19583651, 56629059, 17356469}}, {{59340277, 3326785, 38997067, 10783823, 19178761, 14905060, 22680049, 13906969, 51175174, 3797898}}, }, { {{21721337, 29341686, 54902740, 9310181, 63226625, 19901321, 23740223, 30845200, 20491982, 25512280}}, {{9209251, 18419377, 53852306, 27386633, 66377847, 15289672, 25947805, 15286587, 30997318, 26851369}}, {{7392013, 16618386, 23946583, 25514540, 53843699, 32020573, 52911418, 31232855, 17649997, 33304352}}, }, { {{57807776, 19360604, 30609525, 30504889, 41933794, 32270679, 51867297, 24028707, 64875610, 7662145}}, {{49550191, 1763593, 33994528, 15908609, 37067994, 21380136, 7335079, 25082233, 63934189, 3440182}}, {{47219164, 27577423, 42997570, 23865561, 10799742, 16982475, 40449, 29122597, 4862399, 1133}}, }, { {{34252636, 25680474, 61686474, 14860949, 50789833, 7956141, 7258061, 311861, 36513873, 26175010}}, {{63335436, 31988495, 28985339, 7499440, 24445838, 9325937, 29727763, 16527196, 18278453, 15405622}}, {{62726958, 8508651, 47210498, 29880007, 61124410, 15149969, 53795266, 843522, 45233802, 13626196}}, }, { {{2281448, 20067377, 56193445, 30944521, 1879357, 16164207, 56324982, 3953791, 13340839, 15928663}}, {{31727126, 26374577, 48671360, 25270779, 2875792, 17164102, 41838969, 26539605, 43656557, 5964752}}, {{4100401, 27594980, 49929526, 6017713, 48403027, 12227140, 40424029, 11344143, 2538215, 25983677}}, }, { {{57675240, 6123112, 11159803, 31397824, 30016279, 14966241, 46633881, 1485420, 66479608, 17595569}}, {{40304287, 4260918, 11851389, 9658551, 35091757, 16367491, 46903439, 20363143, 11659921, 22439314}}, {{26180377, 10015009, 36264640, 24973138, 5418196, 9480663, 2231568, 23384352, 33100371, 32248261}}, }, { {{15121094, 28352561, 56718958, 15427820, 39598927, 17561924, 21670946, 4486675, 61177054, 19088051}}, {{16166467, 24070699, 56004733, 6023907, 35182066, 32189508, 2340059, 17299464, 56373093, 23514607}}, {{28042865, 29997343, 54982337, 12259705, 63391366, 26608532, 6766452, 24864833, 18036435, 5803270}}, }, }, { { {{66291264, 6763911, 11803561, 1585585, 10958447, 30883267, 23855390, 4598332, 60949433, 19436993}}, {{36077558, 19298237, 17332028, 31170912, 31312681, 27587249, 696308, 50292, 47013125, 11763583}}, {{66514282, 31040148, 34874710, 12643979, 12650761, 14811489, 665117, 20940800, 47335652, 22840869}}, }, { {{30464590, 22291560, 62981387, 20819953, 19835326, 26448819, 42712688, 2075772, 50088707, 992470}}, {{18357166, 26559999, 7766381, 16342475, 37783946, 411173, 14578841, 8080033, 55534529, 22952821}}, {{19598397, 10334610, 12555054, 2555664, 18821899, 23214652, 21873262, 16014234, 26224780, 16452269}}, }, { {{36884939, 5145195, 5944548, 16385966, 3976735, 2009897, 55731060, 25936245, 46575034, 3698649}}, {{14187449, 3448569, 56472628, 22743496, 44444983, 30120835, 7268409, 22663988, 27394300, 12015369}}, {{19695742, 16087646, 28032085, 12999827, 6817792, 11427614, 20244189, 32241655, 53849736, 30151970}}, }, { {{30860084, 12735208, 65220619, 28854697, 50133957, 2256939, 58942851, 12298311, 58558340, 23160969}}, {{61389038, 22309106, 65198214, 15569034, 26642876, 25966672, 61319509, 18435777, 62132699, 12651792}}, {{64260450, 9953420, 11531313, 28271553, 26895122, 20857343, 53990043, 17036529, 9768697, 31021214}}, }, { {{42389405, 1894650, 66821166, 28850346, 15348718, 25397902, 32767512, 12765450, 4940095, 10678226}}, {{18860224, 15980149, 48121624, 31991861, 40875851, 22482575, 59264981, 13944023, 42736516, 16582018}}, {{51604604, 4970267, 37215820, 4175592, 46115652, 31354675, 55404809, 15444559, 56105103, 7989036}}, }, { {{31490433, 5568061, 64696061, 2182382, 34772017, 4531685, 35030595, 6200205, 47422751, 18754260}}, {{49800177, 17674491, 35586086, 33551600, 34221481, 16375548, 8680158, 17182719, 28550067, 26697300}}, {{38981977, 27866340, 16837844, 31733974, 60258182, 12700015, 37068883, 4364037, 1155602, 5988841}}, }, { {{21890435, 20281525, 54484852, 12154348, 59276991, 15300495, 23148983, 29083951, 24618406, 8283181}}, {{33972757, 23041680, 9975415, 6841041, 35549071, 16356535, 3070187, 26528504, 1466168, 10740210}}, {{65599446, 18066246, 53605478, 22898515, 32799043, 909394, 53169961, 27774712, 34944214, 18227391}}, }, { {{3960804, 19286629, 39082773, 17636380, 47704005, 13146867, 15567327, 951507, 63848543, 32980496}}, {{24740822, 5052253, 37014733, 8961360, 25877428, 6165135, 42740684, 14397371, 59728495, 27410326}}, {{38220480, 3510802, 39005586, 32395953, 55870735, 22922977, 51667400, 19101303, 65483377, 27059617}}, }, }, { { {{793280, 24323954, 8836301, 27318725, 39747955, 31184838, 33152842, 28669181, 57202663, 32932579}}, {{5666214, 525582, 20782575, 25516013, 42570364, 14657739, 16099374, 1468826, 60937436, 18367850}}, {{62249590, 29775088, 64191105, 26806412, 7778749, 11688288, 36704511, 23683193, 65549940, 23690785}}, }, { {{10896313, 25834728, 824274, 472601, 47648556, 3009586, 25248958, 14783338, 36527388, 17796587}}, {{10566929, 12612572, 35164652, 11118702, 54475488, 12362878, 21752402, 8822496, 24003793, 14264025}}, {{27713843, 26198459, 56100623, 9227529, 27050101, 2504721, 23886875, 20436907, 13958494, 27821979}}, }, { {{43627235, 4867225, 39861736, 3900520, 29838369, 25342141, 35219464, 23512650, 7340520, 18144364}}, {{4646495, 25543308, 44342840, 22021777, 23184552, 8566613, 31366726, 32173371, 52042079, 23179239}}, {{49838347, 12723031, 50115803, 14878793, 21619651, 27356856, 27584816, 3093888, 58265170, 3849920}}, }, { {{58043933, 2103171, 25561640, 18428694, 61869039, 9582957, 32477045, 24536477, 5002293, 18004173}}, {{55051311, 22376525, 21115584, 20189277, 8808711, 21523724, 16489529, 13378448, 41263148, 12741425}}, {{61162478, 10645102, 36197278, 15390283, 63821882, 26435754, 24306471, 15852464, 28834118, 25908360}}, }, { {{49773116, 24447374, 42577584, 9434952, 58636780, 32971069, 54018092, 455840, 20461858, 5491305}}, {{13669229, 17458950, 54626889, 23351392, 52539093, 21661233, 42112877, 11293806, 38520660, 24132599}}, {{28497909, 6272777, 34085870, 14470569, 8906179, 32328802, 18504673, 19389266, 29867744, 24758489}}, }, { {{50901822, 13517195, 39309234, 19856633, 24009063, 27180541, 60741263, 20379039, 22853428, 29542421}}, {{24191359, 16712145, 53177067, 15217830, 14542237, 1646131, 18603514, 22516545, 12876622, 31441985}}, {{17902668, 4518229, 66697162, 30725184, 26878216, 5258055, 54248111, 608396, 16031844, 3723494}}, }, { {{38476072, 12763727, 46662418, 7577503, 33001348, 20536687, 17558841, 25681542, 23896953, 29240187}}, {{47103464, 21542479, 31520463, 605201, 2543521, 5991821, 64163800, 7229063, 57189218, 24727572}}, {{28816026, 298879, 38943848, 17633493, 19000927, 31888542, 54428030, 30605106, 49057085, 31471516}}, }, { {{16000882, 33209536, 3493091, 22107234, 37604268, 20394642, 12577739, 16041268, 47393624, 7847706}}, {{10151868, 10572098, 27312476, 7922682, 14825339, 4723128, 34252933, 27035413, 57088296, 3852847}}, {{55678375, 15697595, 45987307, 29133784, 5386313, 15063598, 16514493, 17622322, 29330898, 18478208}}, }, }, { { {{41609129, 29175637, 51885955, 26653220, 16615730, 2051784, 3303702, 15490, 39560068, 12314390}}, {{15683501, 27551389, 18109119, 23573784, 15337967, 27556609, 50391428, 15921865, 16103996, 29823217}}, {{43939021, 22773182, 13588191, 31925625, 63310306, 32479502, 47835256, 5402698, 37293151, 23713330}}, }, { {{23190676, 2384583, 34394524, 3462153, 37205209, 32025299, 55842007, 8911516, 41903005, 2739712}}, {{21374101, 30000182, 33584214, 9874410, 15377179, 11831242, 33578960, 6134906, 4931255, 11987849}}, {{67101132, 30575573, 50885377, 7277596, 105524, 33232381, 35628324, 13861387, 37032554, 10117929}}, }, { {{37607694, 22809559, 40945095, 13051538, 41483300, 5089642, 60783361, 6704078, 12890019, 15728940}}, {{45136504, 21783052, 66157804, 29135591, 14704839, 2695116, 903376, 23126293, 12885166, 8311031}}, {{49592363, 5352193, 10384213, 19742774, 7506450, 13453191, 26423267, 4384730, 1888765, 28119028}}, }, { {{41291507, 30447119, 53614264, 30371925, 30896458, 19632703, 34857219, 20846562, 47644429, 30214188}}, {{43500868, 30888657, 66582772, 4651135, 5765089, 4618330, 6092245, 14845197, 17151279, 23700316}}, {{42278406, 20820711, 51942885, 10367249, 37577956, 33289075, 22825804, 26467153, 50242379, 16176524}}, }, { {{43525589, 6564960, 20063689, 3798228, 62368686, 7359224, 2006182, 23191006, 38362610, 23356922}}, {{56482264, 29068029, 53788301, 28429114, 3432135, 27161203, 23632036, 31613822, 32808309, 1099883}}, {{15030958, 5768825, 39657628, 30667132, 60681485, 18193060, 51830967, 26745081, 2051440, 18328567}}, }, { {{63746541, 26315059, 7517889, 9824992, 23555850, 295369, 5148398, 19400244, 44422509, 16633659}}, {{4577067, 16802144, 13249840, 18250104, 19958762, 19017158, 18559669, 22794883, 8402477, 23690159}}, {{38702534, 32502850, 40318708, 32646733, 49896449, 22523642, 9453450, 18574360, 17983009, 9967138}}, }, { {{41346370, 6524721, 26585488, 9969270, 24709298, 1220360, 65430874, 7806336, 17507396, 3651560}}, {{56688388, 29436320, 14584638, 15971087, 51340543, 8861009, 26556809, 27979875, 48555541, 22197296}}, {{2839082, 14284142, 4029895, 3472686, 14402957, 12689363, 40466743, 8459446, 61503401, 25932490}}, }, { {{62269556, 30018987, 9744960, 2871048, 25113978, 3187018, 41998051, 32705365, 17258083, 25576693}}, {{18164541, 22959256, 49953981, 32012014, 19237077, 23809137, 23357532, 18337424, 26908269, 12150756}}, {{36843994, 25906566, 5112248, 26517760, 65609056, 26580174, 43167, 28016731, 34806789, 16215818}}, }, }, { { {{60209940, 9824393, 54804085, 29153342, 35711722, 27277596, 32574488, 12532905, 59605792, 24879084}}, {{39765323, 17038963, 39957339, 22831480, 946345, 16291093, 254968, 7168080, 21676107, 31611404}}, {{21260942, 25129680, 50276977, 21633609, 43430902, 3968120, 63456915, 27338965, 63552672, 25641356}}, }, { {{16544735, 13250366, 50304436, 15546241, 62525861, 12757257, 64646556, 24874095, 48201831, 23891632}}, {{64693606, 17976703, 18312302, 4964443, 51836334, 20900867, 26820650, 16690659, 25459437, 28989823}}, {{41964155, 11425019, 28423002, 22533875, 60963942, 17728207, 9142794, 31162830, 60676445, 31909614}}, }, { {{44004212, 6253475, 16964147, 29785560, 41994891, 21257994, 39651638, 17209773, 6335691, 7249989}}, {{36775618, 13979674, 7503222, 21186118, 55152142, 28932738, 36836594, 2682241, 25993170, 21075909}}, {{4364628, 5930691, 32304656, 23509878, 59054082, 15091130, 22857016, 22955477, 31820367, 15075278}}, }, { {{31879134, 24635739, 17258760, 90626, 59067028, 28636722, 24162787, 23903546, 49138625, 12833044}}, {{19073683, 14851414, 42705695, 21694263, 7625277, 11091125, 47489674, 2074448, 57694925, 14905376}}, {{24483648, 21618865, 64589997, 22007013, 65555733, 15355505, 41826784, 9253128, 27628530, 25998952}}, }, { {{17597607, 8340603, 19355617, 552187, 26198470, 30377849, 4593323, 24396850, 52997988, 15297015}}, {{510886, 14337390, 35323607, 16638631, 6328095, 2713355, 46891447, 21690211, 8683220, 2921426}}, {{18606791, 11874196, 27155355, 28272950, 43077121, 6265445, 41930624, 32275507, 4674689, 13890525}}, }, { {{13609624, 13069022, 39736503, 20498523, 24360585, 9592974, 14977157, 9835105, 4389687, 288396}}, {{9922506, 33035038, 13613106, 5883594, 48350519, 33120168, 54804801, 8317627, 23388070, 16052080}}, {{12719997, 11937594, 35138804, 28525742, 26900119, 8561328, 46953177, 21921452, 52354592, 22741539}}, }, { {{15961858, 14150409, 26716931, 32888600, 44314535, 13603568, 11829573, 7467844, 38286736, 929274}}, {{11038231, 21972036, 39798381, 26237869, 56610336, 17246600, 43629330, 24182562, 45715720, 2465073}}, {{20017144, 29231206, 27915241, 1529148, 12396362, 15675764, 13817261, 23896366, 2463390, 28932292}}, }, { {{50749986, 20890520, 55043680, 4996453, 65852442, 1073571, 9583558, 12851107, 4003896, 12673717}}, {{65377275, 18398561, 63845933, 16143081, 19294135, 13385325, 14741514, 24450706, 7903885, 2348101}}, {{24536016, 17039225, 12715591, 29692277, 1511292, 10047386, 63266518, 26425272, 38731325, 10048126}}, }, }, { { {{54486638, 27349611, 30718824, 2591312, 56491836, 12192839, 18873298, 26257342, 34811107, 15221631}}, {{40630742, 22450567, 11546243, 31701949, 9180879, 7656409, 45764914, 2095754, 29769758, 6593415}}, {{35114656, 30646970, 4176911, 3264766, 12538965, 32686321, 26312344, 27435754, 30958053, 8292160}}, }, { {{31429803, 19595316, 29173531, 15632448, 12174511, 30794338, 32808830, 3977186, 26143136, 30405556}}, {{22648882, 1402143, 44308880, 13746058, 7936347, 365344, 58440231, 31879998, 63350620, 31249806}}, {{51616947, 8012312, 64594134, 20851969, 43143017, 23300402, 65496150, 32018862, 50444388, 8194477}}, }, { {{27338066, 26047012, 59694639, 10140404, 48082437, 26964542, 27277190, 8855376, 28572286, 3005164}}, {{26287105, 4821776, 25476601, 29408529, 63344350, 17765447, 49100281, 1182478, 41014043, 20474836}}, {{59937691, 3178079, 23970071, 6201893, 49913287, 29065239, 45232588, 19571804, 32208682, 32356184}}, }, { {{50451143, 2817642, 56822502, 14811297, 6024667, 13349505, 39793360, 23056589, 39436278, 22014573}}, {{15941010, 24148500, 45741813, 8062054, 31876073, 33315803, 51830470, 32110002, 15397330, 29424239}}, {{8934485, 20068965, 43822466, 20131190, 34662773, 14047985, 31170398, 32113411, 39603297, 15087183}}, }, { {{48751602, 31397940, 24524912, 16876564, 15520426, 27193656, 51606457, 11461895, 16788528, 27685490}}, {{65161459, 16013772, 21750665, 3714552, 49707082, 17498998, 63338576, 23231111, 31322513, 21938797}}, {{21426636, 27904214, 53460576, 28206894, 38296674, 28633461, 48833472, 18933017, 13040861, 21441484}}, }, { {{11293895, 12478086, 39972463, 15083749, 37801443, 14748871, 14555558, 20137329, 1613710, 4896935}}, {{41213962, 15323293, 58619073, 25496531, 25967125, 20128972, 2825959, 28657387, 43137087, 22287016}}, {{51184079, 28324551, 49665331, 6410663, 3622847, 10243618, 20615400, 12405433, 43355834, 25118015}}, }, { {{60017550, 12556207, 46917512, 9025186, 50036385, 4333800, 4378436, 2432030, 23097949, 32988414}}, {{4565804, 17528778, 20084411, 25711615, 1724998, 189254, 24767264, 10103221, 48596551, 2424777}}, {{366633, 21577626, 8173089, 26664313, 30788633, 5745705, 59940186, 1344108, 63466311, 12412658}}, }, { {{43107073, 7690285, 14929416, 33386175, 34898028, 20141445, 24162696, 18227928, 63967362, 11179384}}, {{18289503, 18829478, 8056944, 16430056, 45379140, 7842513, 61107423, 32067534, 48424218, 22110928}}, {{476239, 6601091, 60956074, 23831056, 17503544, 28690532, 27672958, 13403813, 11052904, 5219329}}, }, }, { { {{20678527, 25178694, 34436965, 8849122, 62099106, 14574751, 31186971, 29580702, 9014761, 24975376}}, {{53464795, 23204192, 51146355, 5075807, 65594203, 22019831, 34006363, 9160279, 8473550, 30297594}}, {{24900749, 14435722, 17209120, 18261891, 44516588, 9878982, 59419555, 17218610, 42540382, 11788947}}, }, { {{63990690, 22159237, 53306774, 14797440, 9652448, 26708528, 47071426, 10410732, 42540394, 32095740}}, {{51449703, 16736705, 44641714, 10215877, 58011687, 7563910, 11871841, 21049238, 48595538, 8464117}}, {{43708233, 8348506, 52522913, 32692717, 63158658, 27181012, 14325288, 8628612, 33313881, 25183915}}, }, { {{46921872, 28586496, 22367355, 5271547, 66011747, 28765593, 42303196, 23317577, 58168128, 27736162}}, {{60160060, 31759219, 34483180, 17533252, 32635413, 26180187, 15989196, 20716244, 28358191, 29300528}}, {{43547083, 30755372, 34757181, 31892468, 57961144, 10429266, 50471180, 4072015, 61757200, 5596588}}, }, { {{38872266, 30164383, 12312895, 6213178, 3117142, 16078565, 29266239, 2557221, 1768301, 15373193}}, {{59865506, 30307471, 62515396, 26001078, 66980936, 32642186, 66017961, 29049440, 42448372, 3442909}}, {{36898293, 5124042, 14181784, 8197961, 18964734, 21615339, 22597930, 7176455, 48523386, 13365929}}, }, { {{59231455, 32054473, 8324672, 4690079, 6261860, 890446, 24538107, 24984246, 57419264, 30522764}}, {{25008885, 22782833, 62803832, 23916421, 16265035, 15721635, 683793, 21730648, 15723478, 18390951}}, {{57448220, 12374378, 40101865, 26528283, 59384749, 21239917, 11879681, 5400171, 519526, 32318556}}, }, { {{22258397, 17222199, 59239046, 14613015, 44588609, 30603508, 46754982, 7315966, 16648397, 7605640}}, {{59027556, 25089834, 58885552, 9719709, 19259459, 18206220, 23994941, 28272877, 57640015, 4763277}}, {{45409620, 9220968, 51378240, 1084136, 41632757, 30702041, 31088446, 25789909, 55752334, 728111}}, }, { {{26047201, 21802961, 60208540, 17032633, 24092067, 9158119, 62835319, 20998873, 37743427, 28056159}}, {{17510331, 33231575, 5854288, 8403524, 17133918, 30441820, 38997856, 12327944, 10750447, 10014012}}, {{56796096, 3936951, 9156313, 24656749, 16498691, 32559785, 39627812, 32887699, 3424690, 7540221}}, }, { {{30322361, 26590322, 11361004, 29411115, 7433303, 4989748, 60037442, 17237212, 57864598, 15258045}}, {{13054543, 30774935, 19155473, 469045, 54626067, 4566041, 5631406, 2711395, 1062915, 28418087}}, {{47868616, 22299832, 37599834, 26054466, 61273100, 13005410, 61042375, 12194496, 32960380, 1459310}}, }, }, { { {{19852015, 7027924, 23669353, 10020366, 8586503, 26896525, 394196, 27452547, 18638002, 22379495}}, {{31395515, 15098109, 26581030, 8030562, 50580950, 28547297, 9012485, 25970078, 60465776, 28111795}}, {{57916680, 31207054, 65111764, 4529533, 25766844, 607986, 67095642, 9677542, 34813975, 27098423}}, }, { {{64664349, 33404494, 29348901, 8186665, 1873760, 12489863, 36174285, 25714739, 59256019, 25416002}}, {{51872508, 18120922, 7766469, 746860, 26346930, 23332670, 39775412, 10754587, 57677388, 5203575}}, {{31834314, 14135496, 66338857, 5159117, 20917671, 16786336, 59640890, 26216907, 31809242, 7347066}}, }, { {{57502122, 21680191, 20414458, 13033986, 13716524, 21862551, 19797969, 21343177, 15192875, 31466942}}, {{54445282, 31372712, 1168161, 29749623, 26747876, 19416341, 10609329, 12694420, 33473243, 20172328}}, {{33184999, 11180355, 15832085, 22169002, 65475192, 225883, 15089336, 22530529, 60973201, 14480052}}, }, { {{31308717, 27934434, 31030839, 31657333, 15674546, 26971549, 5496207, 13685227, 27595050, 8737275}}, {{46790012, 18404192, 10933842, 17376410, 8335351, 26008410, 36100512, 20943827, 26498113, 66511}}, {{22644435, 24792703, 50437087, 4884561, 64003250, 19995065, 30540765, 29267685, 53781076, 26039336}}, }, { {{39091017, 9834844, 18617207, 30873120, 63706907, 20246925, 8205539, 13585437, 49981399, 15115438}}, {{23711543, 32881517, 31206560, 25191721, 6164646, 23844445, 33572981, 32128335, 8236920, 16492939}}, {{43198286, 20038905, 40809380, 29050590, 25005589, 25867162, 19574901, 10071562, 6708380, 27332008}}, }, { {{2101372, 28624378, 19702730, 2367575, 51681697, 1047674, 5301017, 9328700, 29955601, 21876122}}, {{3096359, 9271816, 45488000, 18032587, 52260867, 25961494, 41216721, 20918836, 57191288, 6216607}}, {{34493015, 338662, 41913253, 2510421, 37895298, 19734218, 24822829, 27407865, 40341383, 7525078}}, }, { {{44042215, 19568808, 16133486, 25658254, 63719298, 778787, 66198528, 30771936, 47722230, 11994100}}, {{21691500, 19929806, 66467532, 19187410, 3285880, 30070836, 42044197, 9718257, 59631427, 13381417}}, {{18445390, 29352196, 14979845, 11622458, 65381754, 29971451, 23111647, 27179185, 28535281, 15779576}}, }, { {{30098034, 3089662, 57874477, 16662134, 45801924, 11308410, 53040410, 12021729, 9955285, 17251076}}, {{9734894, 18977602, 59635230, 24415696, 2060391, 11313496, 48682835, 9924398, 20194861, 13380996}}, {{40730762, 25589224, 44941042, 15789296, 49053522, 27385639, 65123949, 15707770, 26342023, 10146099}}, }, }, { { {{41091971, 33334488, 21339190, 33513044, 19745255, 30675732, 37471583, 2227039, 21612326, 33008704}}, {{54031477, 1184227, 23562814, 27583990, 46757619, 27205717, 25764460, 12243797, 46252298, 11649657}}, {{57077370, 11262625, 27384172, 2271902, 26947504, 17556661, 39943, 6114064, 33514190, 2333242}}, }, { {{45675257, 21132610, 8119781, 7219913, 45278342, 24538297, 60429113, 20883793, 24350577, 20104431}}, {{62992557, 22282898, 43222677, 4843614, 37020525, 690622, 35572776, 23147595, 8317859, 12352766}}, {{18200138, 19078521, 34021104, 30857812, 43406342, 24451920, 43556767, 31266881, 20712162, 6719373}}, }, { {{26656189, 6075253, 59250308, 1886071, 38764821, 4262325, 11117530, 29791222, 26224234, 30256974}}, {{49939907, 18700334, 63713187, 17184554, 47154818, 14050419, 21728352, 9493610, 18620611, 17125804}}, {{53785524, 13325348, 11432106, 5964811, 18609221, 6062965, 61839393, 23828875, 36407290, 17074774}}, }, { {{43248326, 22321272, 26961356, 1640861, 34695752, 16816491, 12248508, 28313793, 13735341, 1934062}}, {{25089769, 6742589, 17081145, 20148166, 21909292, 17486451, 51972569, 29789085, 45830866, 5473615}}, {{31883658, 25593331, 1083431, 21982029, 22828470, 13290673, 59983779, 12469655, 29111212, 28103418}}, }, { {{24244947, 18504025, 40845887, 2791539, 52111265, 16666677, 24367466, 6388839, 56813277, 452382}}, {{41468082, 30136590, 5217915, 16224624, 19987036, 29472163, 42872612, 27639183, 15766061, 8407814}}, {{46701865, 13990230, 15495425, 16395525, 5377168, 15166495, 58191841, 29165478, 59040954, 2276717}}, }, { {{30157899, 12924066, 49396814, 9245752, 19895028, 3368142, 43281277, 5096218, 22740376, 26251015}}, {{2041139, 19298082, 7783686, 13876377, 41161879, 20201972, 24051123, 13742383, 51471265, 13295221}}, {{33338218, 25048699, 12532112, 7977527, 9106186, 31839181, 49388668, 28941459, 62657506, 18884987}}, }, { {{47063583, 5454096, 52762316, 6447145, 28862071, 1883651, 64639598, 29412551, 7770568, 9620597}}, {{23208049, 7979712, 33071466, 8149229, 1758231, 22719437, 30945527, 31860109, 33606523, 18786461}}, {{1439939, 17283952, 66028874, 32760649, 4625401, 10647766, 62065063, 1220117, 30494170, 22113633}}, }, { {{62071265, 20526136, 64138304, 30492664, 15640973, 26852766, 40369837, 926049, 65424525, 20220784}}, {{13908495, 30005160, 30919927, 27280607, 45587000, 7989038, 9021034, 9078865, 3353509, 4033511}}, {{37445433, 18440821, 32259990, 33209950, 24295848, 20642309, 23161162, 8839127, 27485041, 7356032}}, }, }, { { {{9661008, 705443, 11980065, 28184278, 65480320, 14661172, 60762722, 2625014, 28431036, 16782598}}, {{43269631, 25243016, 41163352, 7480957, 49427195, 25200248, 44562891, 14150564, 15970762, 4099461}}, {{29262576, 16756590, 26350592, 24760869, 8529670, 22346382, 13617292, 23617289, 11465738, 8317062}}, }, { {{41615764, 26591503, 32500199, 24135381, 44070139, 31252209, 14898636, 3848455, 20969334, 28396916}}, {{46724414, 19206718, 48772458, 13884721, 34069410, 2842113, 45498038, 29904543, 11177094, 14989547}}, {{42612143, 21838415, 16959895, 2278463, 12066309, 10137771, 13515641, 2581286, 38621356, 9930239}}, }, { {{49357223, 31456605, 16544299, 20545132, 51194056, 18605350, 18345766, 20150679, 16291480, 28240394}}, {{33879670, 2553287, 32678213, 9875984, 8534129, 6889387, 57432090, 6957616, 4368891, 9788741}}, {{16660737, 7281060, 56278106, 12911819, 20108584, 25452756, 45386327, 24941283, 16250551, 22443329}}, }, { {{47343357, 2390525, 50557833, 14161979, 1905286, 6414907, 4689584, 10604807, 36918461, 4782746}}, {{65754325, 14736940, 59741422, 20261545, 7710541, 19398842, 57127292, 4383044, 22546403, 437323}}, {{31665558, 21373968, 50922033, 1491338, 48740239, 3294681, 27343084, 2786261, 36475274, 19457415}}, }, { {{52641566, 32870716, 33734756, 7448551, 19294360, 14334329, 47418233, 2355318, 47824193, 27440058}}, {{15121312, 17758270, 6377019, 27523071, 56310752, 20596586, 18952176, 15496498, 37728731, 11754227}}, {{64471568, 20071356, 8488726, 19250536, 12728760, 31931939, 7141595, 11724556, 22761615, 23420291}}, }, { {{16918416, 11729663, 49025285, 3022986, 36093132, 20214772, 38367678, 21327038, 32851221, 11717399}}, {{11166615, 7338049, 60386341, 4531519, 37640192, 26252376, 31474878, 3483633, 65915689, 29523600}}, {{66923210, 9921304, 31456609, 20017994, 55095045, 13348922, 33142652, 6546660, 47123585, 29606055}}, }, { {{34648249, 11266711, 55911757, 25655328, 31703693, 3855903, 58571733, 20721383, 36336829, 18068118}}, {{49102387, 12709067, 3991746, 27075244, 45617340, 23004006, 35973516, 17504552, 10928916, 3011958}}, {{60151107, 17960094, 31696058, 334240, 29576716, 14796075, 36277808, 20749251, 18008030, 10258577}}, }, { {{44660220, 15655568, 7018479, 29144429, 36794597, 32352840, 65255398, 1367119, 25127874, 6671743}}, {{29701166, 19180498, 56230743, 9279287, 67091296, 13127209, 21382910, 11042292, 25838796, 4642684}}, {{46678630, 14955536, 42982517, 8124618, 61739576, 27563961, 30468146, 19653792, 18423288, 4177476}}, }, }, }; static uint8_t negative(signed char b) { uint32_t x = b; x >>= 31; // 1: yes; 0: no return x; } static void table_select(ge_precomp *t, int pos, signed char b) { ge_precomp minust; uint8_t bnegative = negative(b); uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1); ge_precomp_0(t); cmov(t, &k25519Precomp[pos][0], equal(babs, 1)); cmov(t, &k25519Precomp[pos][1], equal(babs, 2)); cmov(t, &k25519Precomp[pos][2], equal(babs, 3)); cmov(t, &k25519Precomp[pos][3], equal(babs, 4)); cmov(t, &k25519Precomp[pos][4], equal(babs, 5)); cmov(t, &k25519Precomp[pos][5], equal(babs, 6)); cmov(t, &k25519Precomp[pos][6], equal(babs, 7)); cmov(t, &k25519Precomp[pos][7], equal(babs, 8)); fe_copy_ll(&minust.yplusx, &t->yminusx); fe_copy_ll(&minust.yminusx, &t->yplusx); // NOTE: the input table is canonical, but types don't encode it fe tmp; fe_carry(&tmp, &t->xy2d); fe_neg(&minust.xy2d, &tmp); cmov(t, &minust, bnegative); } // h = a * B // where a = a[0]+256*a[1]+...+256^31 a[31] // B is the Ed25519 base point (x,4/5) with x positive. // // Preconditions: // a[31] <= 127 void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { signed char e[64]; signed char carry; ge_p1p1 r; ge_p2 s; ge_precomp t; int i; for (i = 0; i < 32; ++i) { e[2 * i + 0] = (a[i] >> 0) & 15; e[2 * i + 1] = (a[i] >> 4) & 15; } // each e[i] is between 0 and 15 // e[63] is between 0 and 7 carry = 0; for (i = 0; i < 63; ++i) { e[i] += carry; carry = e[i] + 8; carry >>= 4; e[i] -= carry << 4; } e[63] += carry; // each e[i] is between -8 and 8 ge_p3_0(h); for (i = 1; i < 64; i += 2) { table_select(&t, i / 2, e[i]); ge_madd(&r, h, &t); x25519_ge_p1p1_to_p3(h, &r); } ge_p3_dbl(&r, h); x25519_ge_p1p1_to_p2(&s, &r); ge_p2_dbl(&r, &s); x25519_ge_p1p1_to_p2(&s, &r); ge_p2_dbl(&r, &s); x25519_ge_p1p1_to_p2(&s, &r); ge_p2_dbl(&r, &s); x25519_ge_p1p1_to_p3(h, &r); for (i = 0; i < 64; i += 2) { table_select(&t, i / 2, e[i]); ge_madd(&r, h, &t); x25519_ge_p1p1_to_p3(h, &r); } } #endif static void cmov_cached(ge_cached *t, ge_cached *u, uint8_t b) { fe_cmov(&t->YplusX, &u->YplusX, b); fe_cmov(&t->YminusX, &u->YminusX, b); fe_cmov(&t->Z, &u->Z, b); fe_cmov(&t->T2d, &u->T2d, b); } // r = scalar * A. // where a = a[0]+256*a[1]+...+256^31 a[31]. void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) { ge_p2 Ai_p2[8]; ge_cached Ai[16]; ge_p1p1 t; ge_cached_0(&Ai[0]); x25519_ge_p3_to_cached(&Ai[1], A); ge_p3_to_p2(&Ai_p2[1], A); unsigned i; for (i = 2; i < 16; i += 2) { ge_p2_dbl(&t, &Ai_p2[i / 2]); ge_p1p1_to_cached(&Ai[i], &t); if (i < 8) { x25519_ge_p1p1_to_p2(&Ai_p2[i], &t); } x25519_ge_add(&t, A, &Ai[i]); ge_p1p1_to_cached(&Ai[i + 1], &t); if (i < 7) { x25519_ge_p1p1_to_p2(&Ai_p2[i + 1], &t); } } ge_p2_0(r); ge_p3 u; for (i = 0; i < 256; i += 4) { ge_p2_dbl(&t, r); x25519_ge_p1p1_to_p2(r, &t); ge_p2_dbl(&t, r); x25519_ge_p1p1_to_p2(r, &t); ge_p2_dbl(&t, r); x25519_ge_p1p1_to_p2(r, &t); ge_p2_dbl(&t, r); x25519_ge_p1p1_to_p3(&u, &t); uint8_t index = scalar[31 - i/8]; index >>= 4 - (i & 4); index &= 0xf; unsigned j; ge_cached selected; ge_cached_0(&selected); for (j = 0; j < 16; j++) { cmov_cached(&selected, &Ai[j], equal(j, index)); } x25519_ge_add(&t, &u, &selected); x25519_ge_p1p1_to_p2(r, &t); } } static void slide(signed char *r, const uint8_t *a) { int i; int b; int k; for (i = 0; i < 256; ++i) { r[i] = 1 & (a[i >> 3] >> (i & 7)); } for (i = 0; i < 256; ++i) { if (r[i]) { for (b = 1; b <= 6 && i + b < 256; ++b) { if (r[i + b]) { if (r[i] + (r[i + b] << b) <= 15) { r[i] += r[i + b] << b; r[i + b] = 0; } else if (r[i] - (r[i + b] << b) >= -15) { r[i] -= r[i + b] << b; for (k = i + b; k < 256; ++k) { if (!r[k]) { r[k] = 1; break; } r[k] = 0; } } else { break; } } } } } } static const ge_precomp Bi[8] = { { {{25967493, 19198397, 29566455, 3660896, 54414519, 4014786, 27544626, 21800161, 61029707, 2047604}}, {{54563134, 934261, 64385954, 3049989, 66381436, 9406985, 12720692, 5043384, 19500929, 18085054}}, {{58370664, 4489569, 9688441, 18769238, 10184608, 21191052, 29287918, 11864899, 42594502, 29115885}}, }, { {{15636272, 23865875, 24204772, 25642034, 616976, 16869170, 27787599, 18782243, 28944399, 32004408}}, {{16568933, 4717097, 55552716, 32452109, 15682895, 21747389, 16354576, 21778470, 7689661, 11199574}}, {{30464137, 27578307, 55329429, 17883566, 23220364, 15915852, 7512774, 10017326, 49359771, 23634074}}, }, { {{10861363, 11473154, 27284546, 1981175, 37044515, 12577860, 32867885, 14515107, 51670560, 10819379}}, {{4708026, 6336745, 20377586, 9066809, 55836755, 6594695, 41455196, 12483687, 54440373, 5581305}}, {{19563141, 16186464, 37722007, 4097518, 10237984, 29206317, 28542349, 13850243, 43430843, 17738489}}, }, { {{5153727, 9909285, 1723747, 30776558, 30523604, 5516873, 19480852, 5230134, 43156425, 18378665}}, {{36839857, 30090922, 7665485, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701}}, {{28881826, 14381568, 9657904, 3680757, 46927229, 7843315, 35708204, 1370707, 29794553, 32145132}}, }, { {{44589871, 26862249, 14201701, 24808930, 43598457, 8844725, 18474211, 32192982, 54046167, 13821876}}, {{60653668, 25714560, 3374701, 28813570, 40010246, 22982724, 31655027, 26342105, 18853321, 19333481}}, {{4566811, 20590564, 38133974, 21313742, 59506191, 30723862, 58594505, 23123294, 2207752, 30344648}}, }, { {{41954014, 29368610, 29681143, 7868801, 60254203, 24130566, 54671499, 32891431, 35997400, 17421995}}, {{25576264, 30851218, 7349803, 21739588, 16472781, 9300885, 3844789, 15725684, 171356, 6466918}}, {{23103977, 13316479, 9739013, 17404951, 817874, 18515490, 8965338, 19466374, 36393951, 16193876}}, }, { {{33587053, 3180712, 64714734, 14003686, 50205390, 17283591, 17238397, 4729455, 49034351, 9256799}}, {{41926547, 29380300, 32336397, 5036987, 45872047, 11360616, 22616405, 9761698, 47281666, 630304}}, {{53388152, 2639452, 42871404, 26147950, 9494426, 27780403, 60554312, 17593437, 64659607, 19263131}}, }, { {{63957664, 28508356, 9282713, 6866145, 35201802, 32691408, 48168288, 15033783, 25105118, 25659556}}, {{42782475, 15950225, 35307649, 18961608, 55446126, 28463506, 1573891, 30928545, 2198789, 17749813}}, {{64009494, 10324966, 64867251, 7453182, 61661885, 30818928, 53296841, 17317989, 34647629, 21263748}}, }, }; // r = a * A + b * B // where a = a[0]+256*a[1]+...+256^31 a[31]. // and b = b[0]+256*b[1]+...+256^31 b[31]. // B is the Ed25519 base point (x,4/5) with x positive. static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, const ge_p3 *A, const uint8_t *b) { signed char aslide[256]; signed char bslide[256]; ge_cached Ai[8]; // A,3A,5A,7A,9A,11A,13A,15A ge_p1p1 t; ge_p3 u; ge_p3 A2; int i; slide(aslide, a); slide(bslide, b); x25519_ge_p3_to_cached(&Ai[0], A); ge_p3_dbl(&t, A); x25519_ge_p1p1_to_p3(&A2, &t); x25519_ge_add(&t, &A2, &Ai[0]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[1], &u); x25519_ge_add(&t, &A2, &Ai[1]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[2], &u); x25519_ge_add(&t, &A2, &Ai[2]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[3], &u); x25519_ge_add(&t, &A2, &Ai[3]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[4], &u); x25519_ge_add(&t, &A2, &Ai[4]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[5], &u); x25519_ge_add(&t, &A2, &Ai[5]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[6], &u); x25519_ge_add(&t, &A2, &Ai[6]); x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_p3_to_cached(&Ai[7], &u); ge_p2_0(r); for (i = 255; i >= 0; --i) { if (aslide[i] || bslide[i]) { break; } } for (; i >= 0; --i) { ge_p2_dbl(&t, r); if (aslide[i] > 0) { x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_add(&t, &u, &Ai[aslide[i] / 2]); } else if (aslide[i] < 0) { x25519_ge_p1p1_to_p3(&u, &t); x25519_ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); } if (bslide[i] > 0) { x25519_ge_p1p1_to_p3(&u, &t); ge_madd(&t, &u, &Bi[bslide[i] / 2]); } else if (bslide[i] < 0) { x25519_ge_p1p1_to_p3(&u, &t); ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); } x25519_ge_p1p1_to_p2(r, &t); } } // The set of scalars is \Z/l // where l = 2^252 + 27742317777372353535851937790883648493. // Input: // s[0]+256*s[1]+...+256^63*s[63] = s // // Output: // s[0]+256*s[1]+...+256^31*s[31] = s mod l // where l = 2^252 + 27742317777372353535851937790883648493. // Overwrites s in place. void x25519_sc_reduce(uint8_t s[64]) { int64_t s0 = 2097151 & load_3(s); int64_t s1 = 2097151 & (load_4(s + 2) >> 5); int64_t s2 = 2097151 & (load_3(s + 5) >> 2); int64_t s3 = 2097151 & (load_4(s + 7) >> 7); int64_t s4 = 2097151 & (load_4(s + 10) >> 4); int64_t s5 = 2097151 & (load_3(s + 13) >> 1); int64_t s6 = 2097151 & (load_4(s + 15) >> 6); int64_t s7 = 2097151 & (load_3(s + 18) >> 3); int64_t s8 = 2097151 & load_3(s + 21); int64_t s9 = 2097151 & (load_4(s + 23) >> 5); int64_t s10 = 2097151 & (load_3(s + 26) >> 2); int64_t s11 = 2097151 & (load_4(s + 28) >> 7); int64_t s12 = 2097151 & (load_4(s + 31) >> 4); int64_t s13 = 2097151 & (load_3(s + 34) >> 1); int64_t s14 = 2097151 & (load_4(s + 36) >> 6); int64_t s15 = 2097151 & (load_3(s + 39) >> 3); int64_t s16 = 2097151 & load_3(s + 42); int64_t s17 = 2097151 & (load_4(s + 44) >> 5); int64_t s18 = 2097151 & (load_3(s + 47) >> 2); int64_t s19 = 2097151 & (load_4(s + 49) >> 7); int64_t s20 = 2097151 & (load_4(s + 52) >> 4); int64_t s21 = 2097151 & (load_3(s + 55) >> 1); int64_t s22 = 2097151 & (load_4(s + 57) >> 6); int64_t s23 = (load_4(s + 60) >> 3); int64_t carry0; int64_t carry1; int64_t carry2; int64_t carry3; int64_t carry4; int64_t carry5; int64_t carry6; int64_t carry7; int64_t carry8; int64_t carry9; int64_t carry10; int64_t carry11; int64_t carry12; int64_t carry13; int64_t carry14; int64_t carry15; int64_t carry16; s11 += s23 * 666643; s12 += s23 * 470296; s13 += s23 * 654183; s14 -= s23 * 997805; s15 += s23 * 136657; s16 -= s23 * 683901; s23 = 0; s10 += s22 * 666643; s11 += s22 * 470296; s12 += s22 * 654183; s13 -= s22 * 997805; s14 += s22 * 136657; s15 -= s22 * 683901; s22 = 0; s9 += s21 * 666643; s10 += s21 * 470296; s11 += s21 * 654183; s12 -= s21 * 997805; s13 += s21 * 136657; s14 -= s21 * 683901; s21 = 0; s8 += s20 * 666643; s9 += s20 * 470296; s10 += s20 * 654183; s11 -= s20 * 997805; s12 += s20 * 136657; s13 -= s20 * 683901; s20 = 0; s7 += s19 * 666643; s8 += s19 * 470296; s9 += s19 * 654183; s10 -= s19 * 997805; s11 += s19 * 136657; s12 -= s19 * 683901; s19 = 0; s6 += s18 * 666643; s7 += s18 * 470296; s8 += s18 * 654183; s9 -= s18 * 997805; s10 += s18 * 136657; s11 -= s18 * 683901; s18 = 0; carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; s6 -= carry6 << 21; carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; s8 -= carry8 << 21; carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 << 21; carry12 = (s12 + (1 << 20)) >> 21; s13 += carry12; s12 -= carry12 << 21; carry14 = (s14 + (1 << 20)) >> 21; s15 += carry14; s14 -= carry14 << 21; carry16 = (s16 + (1 << 20)) >> 21; s17 += carry16; s16 -= carry16 << 21; carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; s7 -= carry7 << 21; carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; s9 -= carry9 << 21; carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 << 21; carry13 = (s13 + (1 << 20)) >> 21; s14 += carry13; s13 -= carry13 << 21; carry15 = (s15 + (1 << 20)) >> 21; s16 += carry15; s15 -= carry15 << 21; s5 += s17 * 666643; s6 += s17 * 470296; s7 += s17 * 654183; s8 -= s17 * 997805; s9 += s17 * 136657; s10 -= s17 * 683901; s17 = 0; s4 += s16 * 666643; s5 += s16 * 470296; s6 += s16 * 654183; s7 -= s16 * 997805; s8 += s16 * 136657; s9 -= s16 * 683901; s16 = 0; s3 += s15 * 666643; s4 += s15 * 470296; s5 += s15 * 654183; s6 -= s15 * 997805; s7 += s15 * 136657; s8 -= s15 * 683901; s15 = 0; s2 += s14 * 666643; s3 += s14 * 470296; s4 += s14 * 654183; s5 -= s14 * 997805; s6 += s14 * 136657; s7 -= s14 * 683901; s14 = 0; s1 += s13 * 666643; s2 += s13 * 470296; s3 += s13 * 654183; s4 -= s13 * 997805; s5 += s13 * 136657; s6 -= s13 * 683901; s13 = 0; s0 += s12 * 666643; s1 += s12 * 470296; s2 += s12 * 654183; s3 -= s12 * 997805; s4 += s12 * 136657; s5 -= s12 * 683901; s12 = 0; carry0 = (s0 + (1 << 20)) >> 21; s1 += carry0; s0 -= carry0 << 21; carry2 = (s2 + (1 << 20)) >> 21; s3 += carry2; s2 -= carry2 << 21; carry4 = (s4 + (1 << 20)) >> 21; s5 += carry4; s4 -= carry4 << 21; carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; s6 -= carry6 << 21; carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; s8 -= carry8 << 21; carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 << 21; carry1 = (s1 + (1 << 20)) >> 21; s2 += carry1; s1 -= carry1 << 21; carry3 = (s3 + (1 << 20)) >> 21; s4 += carry3; s3 -= carry3 << 21; carry5 = (s5 + (1 << 20)) >> 21; s6 += carry5; s5 -= carry5 << 21; carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; s7 -= carry7 << 21; carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; s9 -= carry9 << 21; carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 << 21; s0 += s12 * 666643; s1 += s12 * 470296; s2 += s12 * 654183; s3 -= s12 * 997805; s4 += s12 * 136657; s5 -= s12 * 683901; s12 = 0; carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21; s0 += s12 * 666643; s1 += s12 * 470296; s2 += s12 * 654183; s3 -= s12 * 997805; s4 += s12 * 136657; s5 -= s12 * 683901; s12 = 0; carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; s[0] = s0 >> 0; s[1] = s0 >> 8; s[2] = (s0 >> 16) | (s1 << 5); s[3] = s1 >> 3; s[4] = s1 >> 11; s[5] = (s1 >> 19) | (s2 << 2); s[6] = s2 >> 6; s[7] = (s2 >> 14) | (s3 << 7); s[8] = s3 >> 1; s[9] = s3 >> 9; s[10] = (s3 >> 17) | (s4 << 4); s[11] = s4 >> 4; s[12] = s4 >> 12; s[13] = (s4 >> 20) | (s5 << 1); s[14] = s5 >> 7; s[15] = (s5 >> 15) | (s6 << 6); s[16] = s6 >> 2; s[17] = s6 >> 10; s[18] = (s6 >> 18) | (s7 << 3); s[19] = s7 >> 5; s[20] = s7 >> 13; s[21] = s8 >> 0; s[22] = s8 >> 8; s[23] = (s8 >> 16) | (s9 << 5); s[24] = s9 >> 3; s[25] = s9 >> 11; s[26] = (s9 >> 19) | (s10 << 2); s[27] = s10 >> 6; s[28] = (s10 >> 14) | (s11 << 7); s[29] = s11 >> 1; s[30] = s11 >> 9; s[31] = s11 >> 17; } // Input: // a[0]+256*a[1]+...+256^31*a[31] = a // b[0]+256*b[1]+...+256^31*b[31] = b // c[0]+256*c[1]+...+256^31*c[31] = c // // Output: // s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l // where l = 2^252 + 27742317777372353535851937790883648493. static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c) { int64_t a0 = 2097151 & load_3(a); int64_t a1 = 2097151 & (load_4(a + 2) >> 5); int64_t a2 = 2097151 & (load_3(a + 5) >> 2); int64_t a3 = 2097151 & (load_4(a + 7) >> 7); int64_t a4 = 2097151 & (load_4(a + 10) >> 4); int64_t a5 = 2097151 & (load_3(a + 13) >> 1); int64_t a6 = 2097151 & (load_4(a + 15) >> 6); int64_t a7 = 2097151 & (load_3(a + 18) >> 3); int64_t a8 = 2097151 & load_3(a + 21); int64_t a9 = 2097151 & (load_4(a + 23) >> 5); int64_t a10 = 2097151 & (load_3(a + 26) >> 2); int64_t a11 = (load_4(a + 28) >> 7); int64_t b0 = 2097151 & load_3(b); int64_t b1 = 2097151 & (load_4(b + 2) >> 5); int64_t b2 = 2097151 & (load_3(b + 5) >> 2); int64_t b3 = 2097151 & (load_4(b + 7) >> 7); int64_t b4 = 2097151 & (load_4(b + 10) >> 4); int64_t b5 = 2097151 & (load_3(b + 13) >> 1); int64_t b6 = 2097151 & (load_4(b + 15) >> 6); int64_t b7 = 2097151 & (load_3(b + 18) >> 3); int64_t b8 = 2097151 & load_3(b + 21); int64_t b9 = 2097151 & (load_4(b + 23) >> 5); int64_t b10 = 2097151 & (load_3(b + 26) >> 2); int64_t b11 = (load_4(b + 28) >> 7); int64_t c0 = 2097151 & load_3(c); int64_t c1 = 2097151 & (load_4(c + 2) >> 5); int64_t c2 = 2097151 & (load_3(c + 5) >> 2); int64_t c3 = 2097151 & (load_4(c + 7) >> 7); int64_t c4 = 2097151 & (load_4(c + 10) >> 4); int64_t c5 = 2097151 & (load_3(c + 13) >> 1); int64_t c6 = 2097151 & (load_4(c + 15) >> 6); int64_t c7 = 2097151 & (load_3(c + 18) >> 3); int64_t c8 = 2097151 & load_3(c + 21); int64_t c9 = 2097151 & (load_4(c + 23) >> 5); int64_t c10 = 2097151 & (load_3(c + 26) >> 2); int64_t c11 = (load_4(c + 28) >> 7); int64_t s0; int64_t s1; int64_t s2; int64_t s3; int64_t s4; int64_t s5; int64_t s6; int64_t s7; int64_t s8; int64_t s9; int64_t s10; int64_t s11; int64_t s12; int64_t s13; int64_t s14; int64_t s15; int64_t s16; int64_t s17; int64_t s18; int64_t s19; int64_t s20; int64_t s21; int64_t s22; int64_t s23; int64_t carry0; int64_t carry1; int64_t carry2; int64_t carry3; int64_t carry4; int64_t carry5; int64_t carry6; int64_t carry7; int64_t carry8; int64_t carry9; int64_t carry10; int64_t carry11; int64_t carry12; int64_t carry13; int64_t carry14; int64_t carry15; int64_t carry16; int64_t carry17; int64_t carry18; int64_t carry19; int64_t carry20; int64_t carry21; int64_t carry22; s0 = c0 + a0 * b0; s1 = c1 + a0 * b1 + a1 * b0; s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; s20 = a9 * b11 + a10 * b10 + a11 * b9; s21 = a10 * b11 + a11 * b10; s22 = a11 * b11; s23 = 0; carry0 = (s0 + (1 << 20)) >> 21; s1 += carry0; s0 -= carry0 << 21; carry2 = (s2 + (1 << 20)) >> 21; s3 += carry2; s2 -= carry2 << 21; carry4 = (s4 + (1 << 20)) >> 21; s5 += carry4; s4 -= carry4 << 21; carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; s6 -= carry6 << 21; carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; s8 -= carry8 << 21; carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 << 21; carry12 = (s12 + (1 << 20)) >> 21; s13 += carry12; s12 -= carry12 << 21; carry14 = (s14 + (1 << 20)) >> 21; s15 += carry14; s14 -= carry14 << 21; carry16 = (s16 + (1 << 20)) >> 21; s17 += carry16; s16 -= carry16 << 21; carry18 = (s18 + (1 << 20)) >> 21; s19 += carry18; s18 -= carry18 << 21; carry20 = (s20 + (1 << 20)) >> 21; s21 += carry20; s20 -= carry20 << 21; carry22 = (s22 + (1 << 20)) >> 21; s23 += carry22; s22 -= carry22 << 21; carry1 = (s1 + (1 << 20)) >> 21; s2 += carry1; s1 -= carry1 << 21; carry3 = (s3 + (1 << 20)) >> 21; s4 += carry3; s3 -= carry3 << 21; carry5 = (s5 + (1 << 20)) >> 21; s6 += carry5; s5 -= carry5 << 21; carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; s7 -= carry7 << 21; carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; s9 -= carry9 << 21; carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 << 21; carry13 = (s13 + (1 << 20)) >> 21; s14 += carry13; s13 -= carry13 << 21; carry15 = (s15 + (1 << 20)) >> 21; s16 += carry15; s15 -= carry15 << 21; carry17 = (s17 + (1 << 20)) >> 21; s18 += carry17; s17 -= carry17 << 21; carry19 = (s19 + (1 << 20)) >> 21; s20 += carry19; s19 -= carry19 << 21; carry21 = (s21 + (1 << 20)) >> 21; s22 += carry21; s21 -= carry21 << 21; s11 += s23 * 666643; s12 += s23 * 470296; s13 += s23 * 654183; s14 -= s23 * 997805; s15 += s23 * 136657; s16 -= s23 * 683901; s23 = 0; s10 += s22 * 666643; s11 += s22 * 470296; s12 += s22 * 654183; s13 -= s22 * 997805; s14 += s22 * 136657; s15 -= s22 * 683901; s22 = 0; s9 += s21 * 666643; s10 += s21 * 470296; s11 += s21 * 654183; s12 -= s21 * 997805; s13 += s21 * 136657; s14 -= s21 * 683901; s21 = 0; s8 += s20 * 666643; s9 += s20 * 470296; s10 += s20 * 654183; s11 -= s20 * 997805; s12 += s20 * 136657; s13 -= s20 * 683901; s20 = 0; s7 += s19 * 666643; s8 += s19 * 470296; s9 += s19 * 654183; s10 -= s19 * 997805; s11 += s19 * 136657; s12 -= s19 * 683901; s19 = 0; s6 += s18 * 666643; s7 += s18 * 470296; s8 += s18 * 654183; s9 -= s18 * 997805; s10 += s18 * 136657; s11 -= s18 * 683901; s18 = 0; carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; s6 -= carry6 << 21; carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; s8 -= carry8 << 21; carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 << 21; carry12 = (s12 + (1 << 20)) >> 21; s13 += carry12; s12 -= carry12 << 21; carry14 = (s14 + (1 << 20)) >> 21; s15 += carry14; s14 -= carry14 << 21; carry16 = (s16 + (1 << 20)) >> 21; s17 += carry16; s16 -= carry16 << 21; carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; s7 -= carry7 << 21; carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; s9 -= carry9 << 21; carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 << 21; carry13 = (s13 + (1 << 20)) >> 21; s14 += carry13; s13 -= carry13 << 21; carry15 = (s15 + (1 << 20)) >> 21; s16 += carry15; s15 -= carry15 << 21; s5 += s17 * 666643; s6 += s17 * 470296; s7 += s17 * 654183; s8 -= s17 * 997805; s9 += s17 * 136657; s10 -= s17 * 683901; s17 = 0; s4 += s16 * 666643; s5 += s16 * 470296; s6 += s16 * 654183; s7 -= s16 * 997805; s8 += s16 * 136657; s9 -= s16 * 683901; s16 = 0; s3 += s15 * 666643; s4 += s15 * 470296; s5 += s15 * 654183; s6 -= s15 * 997805; s7 += s15 * 136657; s8 -= s15 * 683901; s15 = 0; s2 += s14 * 666643; s3 += s14 * 470296; s4 += s14 * 654183; s5 -= s14 * 997805; s6 += s14 * 136657; s7 -= s14 * 683901; s14 = 0; s1 += s13 * 666643; s2 += s13 * 470296; s3 += s13 * 654183; s4 -= s13 * 997805; s5 += s13 * 136657; s6 -= s13 * 683901; s13 = 0; s0 += s12 * 666643; s1 += s12 * 470296; s2 += s12 * 654183; s3 -= s12 * 997805; s4 += s12 * 136657; s5 -= s12 * 683901; s12 = 0; carry0 = (s0 + (1 << 20)) >> 21; s1 += carry0; s0 -= carry0 << 21; carry2 = (s2 + (1 << 20)) >> 21; s3 += carry2; s2 -= carry2 << 21; carry4 = (s4 + (1 << 20)) >> 21; s5 += carry4; s4 -= carry4 << 21; carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; s6 -= carry6 << 21; carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; s8 -= carry8 << 21; carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 << 21; carry1 = (s1 + (1 << 20)) >> 21; s2 += carry1; s1 -= carry1 << 21; carry3 = (s3 + (1 << 20)) >> 21; s4 += carry3; s3 -= carry3 << 21; carry5 = (s5 + (1 << 20)) >> 21; s6 += carry5; s5 -= carry5 << 21; carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; s7 -= carry7 << 21; carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; s9 -= carry9 << 21; carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 << 21; s0 += s12 * 666643; s1 += s12 * 470296; s2 += s12 * 654183; s3 -= s12 * 997805; s4 += s12 * 136657; s5 -= s12 * 683901; s12 = 0; carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21; s0 += s12 * 666643; s1 += s12 * 470296; s2 += s12 * 654183; s3 -= s12 * 997805; s4 += s12 * 136657; s5 -= s12 * 683901; s12 = 0; carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; s[0] = s0 >> 0; s[1] = s0 >> 8; s[2] = (s0 >> 16) | (s1 << 5); s[3] = s1 >> 3; s[4] = s1 >> 11; s[5] = (s1 >> 19) | (s2 << 2); s[6] = s2 >> 6; s[7] = (s2 >> 14) | (s3 << 7); s[8] = s3 >> 1; s[9] = s3 >> 9; s[10] = (s3 >> 17) | (s4 << 4); s[11] = s4 >> 4; s[12] = s4 >> 12; s[13] = (s4 >> 20) | (s5 << 1); s[14] = s5 >> 7; s[15] = (s5 >> 15) | (s6 << 6); s[16] = s6 >> 2; s[17] = s6 >> 10; s[18] = (s6 >> 18) | (s7 << 3); s[19] = s7 >> 5; s[20] = s7 >> 13; s[21] = s8 >> 0; s[22] = s8 >> 8; s[23] = (s8 >> 16) | (s9 << 5); s[24] = s9 >> 3; s[25] = s9 >> 11; s[26] = (s9 >> 19) | (s10 << 2); s[27] = s10 >> 6; s[28] = (s10 >> 14) | (s11 << 7); s[29] = s11 >> 1; s[30] = s11 >> 9; s[31] = s11 >> 17; } void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]) { uint8_t seed[32]; RAND_bytes(seed, 32); ED25519_keypair_from_seed(out_public_key, out_private_key, seed); } int ED25519_sign(uint8_t out_sig[64], const uint8_t *message, size_t message_len, const uint8_t private_key[64]) { uint8_t az[SHA512_DIGEST_LENGTH]; SHA512(private_key, 32, az); az[0] &= 248; az[31] &= 63; az[31] |= 64; SHA512_CTX hash_ctx; SHA512_Init(&hash_ctx); SHA512_Update(&hash_ctx, az + 32, 32); SHA512_Update(&hash_ctx, message, message_len); uint8_t nonce[SHA512_DIGEST_LENGTH]; SHA512_Final(nonce, &hash_ctx); x25519_sc_reduce(nonce); ge_p3 R; x25519_ge_scalarmult_base(&R, nonce); ge_p3_tobytes(out_sig, &R); SHA512_Init(&hash_ctx); SHA512_Update(&hash_ctx, out_sig, 32); SHA512_Update(&hash_ctx, private_key + 32, 32); SHA512_Update(&hash_ctx, message, message_len); uint8_t hram[SHA512_DIGEST_LENGTH]; SHA512_Final(hram, &hash_ctx); x25519_sc_reduce(hram); sc_muladd(out_sig + 32, hram, az, nonce); return 1; } int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[64], const uint8_t public_key[32]) { ge_p3 A; if ((signature[63] & 224) != 0 || x25519_ge_frombytes_vartime(&A, public_key) != 0) { return 0; } fe_loose t; fe_neg(&t, &A.X); fe_carry(&A.X, &t); fe_neg(&t, &A.T); fe_carry(&A.T, &t); uint8_t pkcopy[32]; OPENSSL_memcpy(pkcopy, public_key, 32); uint8_t rcopy[32]; OPENSSL_memcpy(rcopy, signature, 32); uint8_t scopy[32]; OPENSSL_memcpy(scopy, signature + 32, 32); SHA512_CTX hash_ctx; SHA512_Init(&hash_ctx); SHA512_Update(&hash_ctx, signature, 32); SHA512_Update(&hash_ctx, public_key, 32); SHA512_Update(&hash_ctx, message, message_len); uint8_t h[SHA512_DIGEST_LENGTH]; SHA512_Final(h, &hash_ctx); x25519_sc_reduce(h); ge_p2 R; ge_double_scalarmult_vartime(&R, h, &A, scopy); uint8_t rcheck[32]; x25519_ge_tobytes(rcheck, &R); return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; } void ED25519_keypair_from_seed(uint8_t out_public_key[32], uint8_t out_private_key[64], const uint8_t seed[32]) { uint8_t az[SHA512_DIGEST_LENGTH]; SHA512(seed, 32, az); az[0] &= 248; az[31] &= 63; az[31] |= 64; ge_p3 A; x25519_ge_scalarmult_base(&A, az); ge_p3_tobytes(out_public_key, &A); OPENSSL_memcpy(out_private_key, seed, 32); OPENSSL_memcpy(out_private_key + 32, out_public_key, 32); } #if defined(BORINGSSL_X25519_X86_64) static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { x25519_x86_64(out, scalar, point); } #else // Replace (f,g) with (g,f) if b == 1; // replace (f,g) with (f,g) if b == 0. // // Preconditions: b in {0,1}. static void fe_cswap(fe *f, fe *g, unsigned int b) { b = 0-b; unsigned i; for (i = 0; i < 10; i++) { uint32_t x = f->v[i] ^ g->v[i]; x &= b; f->v[i] ^= x; g->v[i] ^= x; } } // NOTE: based on fiat-crypto fe_mul, edited for in2=121666, 0, 0.. static void fe_mul_121666_impl(uint32_t out[10], const uint32_t in1[10]) { assert_fe_loose(in1); { const uint32_t x20 = in1[9]; { const uint32_t x21 = in1[8]; { const uint32_t x19 = in1[7]; { const uint32_t x17 = in1[6]; { const uint32_t x15 = in1[5]; { const uint32_t x13 = in1[4]; { const uint32_t x11 = in1[3]; { const uint32_t x9 = in1[2]; { const uint32_t x7 = in1[1]; { const uint32_t x5 = in1[0]; { const uint32_t x38 = 0; { const uint32_t x39 = 0; { const uint32_t x37 = 0; { const uint32_t x35 = 0; { const uint32_t x33 = 0; { const uint32_t x31 = 0; { const uint32_t x29 = 0; { const uint32_t x27 = 0; { const uint32_t x25 = 0; { const uint32_t x23 = 121666; { uint64_t x40 = ((uint64_t)x23 * x5); { uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5)); { uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5)); { uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5)); { uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5)); { uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5)); { uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5)); { uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5)); { uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5)); { uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5)); { uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9)); { uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9)); { uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13)); { uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13)); { uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17)); { uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17)); { uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19)))); { uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21)); { uint64_t x58 = ((uint64_t)(0x2 * x38) * x20); { uint64_t x59 = (x48 + (x58 << 0x4)); { uint64_t x60 = (x59 + (x58 << 0x1)); { uint64_t x61 = (x60 + x58); { uint64_t x62 = (x47 + (x57 << 0x4)); { uint64_t x63 = (x62 + (x57 << 0x1)); { uint64_t x64 = (x63 + x57); { uint64_t x65 = (x46 + (x56 << 0x4)); { uint64_t x66 = (x65 + (x56 << 0x1)); { uint64_t x67 = (x66 + x56); { uint64_t x68 = (x45 + (x55 << 0x4)); { uint64_t x69 = (x68 + (x55 << 0x1)); { uint64_t x70 = (x69 + x55); { uint64_t x71 = (x44 + (x54 << 0x4)); { uint64_t x72 = (x71 + (x54 << 0x1)); { uint64_t x73 = (x72 + x54); { uint64_t x74 = (x43 + (x53 << 0x4)); { uint64_t x75 = (x74 + (x53 << 0x1)); { uint64_t x76 = (x75 + x53); { uint64_t x77 = (x42 + (x52 << 0x4)); { uint64_t x78 = (x77 + (x52 << 0x1)); { uint64_t x79 = (x78 + x52); { uint64_t x80 = (x41 + (x51 << 0x4)); { uint64_t x81 = (x80 + (x51 << 0x1)); { uint64_t x82 = (x81 + x51); { uint64_t x83 = (x40 + (x50 << 0x4)); { uint64_t x84 = (x83 + (x50 << 0x1)); { uint64_t x85 = (x84 + x50); { uint64_t x86 = (x85 >> 0x1a); { uint32_t x87 = ((uint32_t)x85 & 0x3ffffff); { uint64_t x88 = (x86 + x82); { uint64_t x89 = (x88 >> 0x19); { uint32_t x90 = ((uint32_t)x88 & 0x1ffffff); { uint64_t x91 = (x89 + x79); { uint64_t x92 = (x91 >> 0x1a); { uint32_t x93 = ((uint32_t)x91 & 0x3ffffff); { uint64_t x94 = (x92 + x76); { uint64_t x95 = (x94 >> 0x19); { uint32_t x96 = ((uint32_t)x94 & 0x1ffffff); { uint64_t x97 = (x95 + x73); { uint64_t x98 = (x97 >> 0x1a); { uint32_t x99 = ((uint32_t)x97 & 0x3ffffff); { uint64_t x100 = (x98 + x70); { uint64_t x101 = (x100 >> 0x19); { uint32_t x102 = ((uint32_t)x100 & 0x1ffffff); { uint64_t x103 = (x101 + x67); { uint64_t x104 = (x103 >> 0x1a); { uint32_t x105 = ((uint32_t)x103 & 0x3ffffff); { uint64_t x106 = (x104 + x64); { uint64_t x107 = (x106 >> 0x19); { uint32_t x108 = ((uint32_t)x106 & 0x1ffffff); { uint64_t x109 = (x107 + x61); { uint64_t x110 = (x109 >> 0x1a); { uint32_t x111 = ((uint32_t)x109 & 0x3ffffff); { uint64_t x112 = (x110 + x49); { uint64_t x113 = (x112 >> 0x19); { uint32_t x114 = ((uint32_t)x112 & 0x1ffffff); { uint64_t x115 = (x87 + (0x13 * x113)); { uint32_t x116 = (uint32_t) (x115 >> 0x1a); { uint32_t x117 = ((uint32_t)x115 & 0x3ffffff); { uint32_t x118 = (x116 + x90); { uint32_t x119 = (x118 >> 0x19); { uint32_t x120 = (x118 & 0x1ffffff); out[0] = x117; out[1] = x120; out[2] = (x119 + x93); out[3] = x96; out[4] = x99; out[5] = x102; out[6] = x105; out[7] = x108; out[8] = x111; out[9] = x114; }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} assert_fe(out); } static void fe_mul121666(fe *h, const fe_loose *f) { assert_fe_loose(f->v); fe_mul_121666_impl(h->v, f->v); assert_fe(h->v); } static void x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { fe x1, x2, z2, x3, z3, tmp0, tmp1; fe_loose x2l, z2l, x3l, tmp0l, tmp1l; uint8_t e[32]; OPENSSL_memcpy(e, scalar, 32); e[0] &= 248; e[31] &= 127; e[31] |= 64; // The following implementation was transcribed to Coq and proven to // correspond to unary scalar multiplication in affine coordinates given that // x1 != 0 is the x coordinate of some point on the curve. It was also checked // in Coq that doing a ladderstep with x1 = x3 = 0 gives z2' = z3' = 0, and z2 // = z3 = 0 gives z2' = z3' = 0. The statement was quantified over the // underlying field, so it applies to Curve25519 itself and the quadratic // twist of Curve25519. It was not proven in Coq that prime-field arithmetic // correctly simulates extension-field arithmetic on prime-field values. // The decoding of the byte array representation of e was not considered. // Specification of Montgomery curves in affine coordinates: // // Proof that these form a group that is isomorphic to a Weierstrass curve: // // Coq transcription and correctness proof of the loop (where scalarbits=255): // // // preconditions: 0 <= e < 2^255 (not necessarily e < order), fe_invert(0) = 0 fe_frombytes(&x1, point); fe_1(&x2); fe_0(&z2); fe_copy(&x3, &x1); fe_1(&z3); unsigned swap = 0; int pos; for (pos = 254; pos >= 0; --pos) { // loop invariant as of right before the test, for the case where x1 != 0: // pos >= -1; if z2 = 0 then x2 is nonzero; if z3 = 0 then x3 is nonzero // let r := e >> (pos+1) in the following equalities of projective points: // to_xz (r*P) === if swap then (x3, z3) else (x2, z2) // to_xz ((r+1)*P) === if swap then (x2, z2) else (x3, z3) // x1 is the nonzero x coordinate of the nonzero point (r*P-(r+1)*P) unsigned b = 1 & (e[pos / 8] >> (pos & 7)); swap ^= b; fe_cswap(&x2, &x3, swap); fe_cswap(&z2, &z3, swap); swap = b; // Coq transcription of ladderstep formula (called from transcribed loop): // // // x1 != 0 // x1 = 0 fe_sub(&tmp0l, &x3, &z3); fe_sub(&tmp1l, &x2, &z2); fe_add(&x2l, &x2, &z2); fe_add(&z2l, &x3, &z3); fe_mul_tll(&z3, &tmp0l, &x2l); fe_mul_tll(&z2, &z2l, &tmp1l); fe_sq_tl(&tmp0, &tmp1l); fe_sq_tl(&tmp1, &x2l); fe_add(&x3l, &z3, &z2); fe_sub(&z2l, &z3, &z2); fe_mul_ttt(&x2, &tmp1, &tmp0); fe_sub(&tmp1l, &tmp1, &tmp0); fe_sq_tl(&z2, &z2l); fe_mul121666(&z3, &tmp1l); fe_sq_tl(&x3, &x3l); fe_add(&tmp0l, &tmp0, &z3); fe_mul_ttt(&z3, &x1, &z2); fe_mul_tll(&z2, &tmp1l, &tmp0l); } // here pos=-1, so r=e, so to_xz (e*P) === if swap then (x3, z3) else (x2, z2) fe_cswap(&x2, &x3, swap); fe_cswap(&z2, &z3, swap); fe_invert(&z2, &z2); fe_mul_ttt(&x2, &x2, &z2); fe_tobytes(out, &x2); } static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { #if defined(BORINGSSL_X25519_NEON) if (CRYPTO_is_NEON_capable()) { x25519_NEON(out, scalar, point); return; } #endif x25519_scalar_mult_generic(out, scalar, point); } #endif // BORINGSSL_X25519_X86_64 void X25519_keypair(uint8_t out_public_value[32], uint8_t out_private_key[32]) { RAND_bytes(out_private_key, 32); // All X25519 implementations should decode scalars correctly (see // https://tools.ietf.org/html/rfc7748#section-5). However, if an // implementation doesn't then it might interoperate with random keys a // fraction of the time because they'll, randomly, happen to be correctly // formed. // // Thus we do the opposite of the masking here to make sure that our private // keys are never correctly masked and so, hopefully, any incorrect // implementations are deterministically broken. // // This does not affect security because, although we're throwing away // entropy, a valid implementation of scalarmult should throw away the exact // same bits anyway. out_private_key[0] |= 7; out_private_key[31] &= 63; out_private_key[31] |= 128; X25519_public_from_private(out_public_value, out_private_key); } int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]) { static const uint8_t kZeros[32] = {0}; x25519_scalar_mult(out_shared_key, private_key, peer_public_value); // The all-zero output results when the input is a point of small order. return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0; } #if defined(BORINGSSL_X25519_X86_64) // When |BORINGSSL_X25519_X86_64| is set, base point multiplication is done with // the Montgomery ladder because it's faster. Otherwise it's done using the // Ed25519 tables. void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]) { static const uint8_t kMongomeryBasePoint[32] = {9}; x25519_scalar_mult(out_public_value, private_key, kMongomeryBasePoint); } #else void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]) { #if defined(BORINGSSL_X25519_NEON) if (CRYPTO_is_NEON_capable()) { static const uint8_t kMongomeryBasePoint[32] = {9}; x25519_NEON(out_public_value, private_key, kMongomeryBasePoint); return; } #endif uint8_t e[32]; OPENSSL_memcpy(e, private_key, 32); e[0] &= 248; e[31] &= 127; e[31] |= 64; ge_p3 A; x25519_ge_scalarmult_base(&A, e); // We only need the u-coordinate of the curve25519 point. The map is // u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). fe_loose zplusy, zminusy; fe zminusy_inv; fe_add(&zplusy, &A.Z, &A.Y); fe_sub(&zminusy, &A.Z, &A.Y); fe_loose_invert(&zminusy_inv, &zminusy); fe_mul_tlt(&zminusy_inv, &zplusy, &zminusy_inv); fe_tobytes(out_public_value, &zminusy_inv); } #endif // BORINGSSL_X25519_X86_64