From 1a4e3f20ac8e4f791ce0213c62740ddf8fc37a03 Mon Sep 17 00:00:00 2001 From: Sven Anderson Date: Mon, 24 Feb 2025 21:48:47 +0100 Subject: [PATCH] mirage-crypto-ec: implementation of SECP256K1 This change implements the SECP256K1 curve (also known as the Bitcoin curve). - field primitives are generated by the fiat-crypto project[1] - point primitives are generated by the ECCKiila project[2] - Ocaml point operations are taken from NIST implementation, adapted to ECCKiila point primitives and optimized for a=0. - testvectors for ECDH and ECDSA verification from wycheproof[3] Closes: #187 [1] https://github.com/mit-plv/fiat-crypto [2] https://gitlab.com/nisec/ecckiila [3] https://github.com/C2SP/wycheproof --- bench/speed.ml | 11 + ec/dune | 2 +- ec/mirage_crypto_ec.ml | 514 +- ec/mirage_crypto_ec.mli | 3 + ec/native/p256k1_stubs.c | 173 + ec/native/secp256k1.h | 21038 +++++++++++++++++++++++ tests/dune | 3 +- tests/ecdh_secp256k1_test.json | 4698 +++++ tests/ecdsa_secp256k1_sha256_test.json | 4482 +++++ tests/test_ec.ml | 103 +- tests/test_ec_wycheproof.ml | 16 +- 11 files changed, 30906 insertions(+), 137 deletions(-) create mode 100644 ec/native/p256k1_stubs.c create mode 100644 ec/native/secp256k1.h create mode 100644 tests/ecdh_secp256k1_test.json create mode 100644 tests/ecdsa_secp256k1_sha256_test.json diff --git a/bench/speed.ml b/bench/speed.ml index 2447d6d6..a448b0b5 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -193,6 +193,13 @@ let ecdsa_p256 = let ecdsa_p256_sig () = Mirage_crypto_ec.P256.Dsa.sign ~key:ecdsa_p256 msg_str_32 +let ecdsa_p256k1 = + Result.get_ok + (Mirage_crypto_ec.P256k1.Dsa.priv_of_octets + "\x08\x9f\x4f\xfc\xcc\xf9\xba\x13\xfe\xdd\x09\x42\xef\x08\xcf\x2d\x90\x9f\x32\xe2\x93\x4a\xb5\xc9\x3b\x6c\x99\xbe\x5a\x9f\xf5\x27") + +let ecdsa_p256k1_sig () = Mirage_crypto_ec.P256k1.Dsa.sign ~key:ecdsa_p256k1 msg_str_32 + let ecdsa_p384 = Result.get_ok (Mirage_crypto_ec.P384.Dsa.priv_of_octets @@ -215,6 +222,7 @@ let ed25519_sig () = Mirage_crypto_ec.Ed25519.sign ~key:ed25519 msg_str let ecdsas = [ ("P256", `P256 (ecdsa_p256, ecdsa_p256_sig ())); + ("P256k1", `P256k1 (ecdsa_p256k1, ecdsa_p256k1_sig ())); ("P384", `P384 (ecdsa_p384, ecdsa_p384_sig ())); ("P521", `P521 (ecdsa_p521, ecdsa_p521_sig ())); ("Ed25519", `Ed25519 (ed25519, ed25519_sig ())); @@ -303,6 +311,7 @@ let benchmarks = [ count name (fun (_, x) -> match x with | `P256 _ -> P256.Dsa.generate () |> ignore + | `P256k1 _ -> P256k1.Dsa.generate () |> ignore | `P384 _ -> P384.Dsa.generate () |> ignore | `P521 _ -> P521.Dsa.generate () |> ignore | `Ed25519 _ -> Ed25519.generate () |> ignore @@ -313,6 +322,7 @@ let benchmarks = [ let open Mirage_crypto_ec in count name (fun (_, x) -> match x with | `P256 (key, _) -> P256.Dsa.sign ~key msg_str_32 + | `P256k1 (key, _) -> P256k1.Dsa.sign ~key msg_str_32 | `P384 (key, _) -> P384.Dsa.sign ~key msg_str_48 | `P521 (key, _) -> P521.Dsa.sign ~key msg_str_65 | `Ed25519 (key, _) -> Ed25519.sign ~key msg_str, "" @@ -323,6 +333,7 @@ let benchmarks = [ let open Mirage_crypto_ec in count name (fun (_, x) -> match x with | `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_32) + | `P256k1 (key, signature) -> P256k1.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_32) | `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_48) | `P521 (key, signature) -> P521.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_65) | `Ed25519 (key, signature) -> Ed25519.(verify ~key:(pub_of_priv key) signature ~msg:msg_str) diff --git a/ec/dune b/ec/dune index 154a0406..845518a7 100644 --- a/ec/dune +++ b/ec/dune @@ -5,7 +5,7 @@ (foreign_stubs (language c) (names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs - curve25519_stubs) + curve25519_stubs p256k1_stubs) (include_dirs ../src/native) (flags (:standard -DNDEBUG) diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml index 23ad4020..21fa9fea 100644 --- a/ec/mirage_crypto_ec.ml +++ b/ec/mirage_crypto_ec.ml @@ -70,17 +70,16 @@ module type Dh_dsa = sig module Dsa : Dsa end -type field_element = string +type field_element = Fe of string [@@unboxed] -type out_field_element = bytes +type out_field_element = Fe_out of bytes [@@unboxed] module type Parameters = sig - val a : field_element - val b : field_element - val g_x : field_element - val g_y : field_element - val p : field_element - val n : field_element + val b : string + val g_x : string + val g_y : string + val p : string + val n : string val pident: string val byte_length : int val bit_length : int @@ -88,13 +87,14 @@ module type Parameters = sig val first_byte_bits : int option end -type point = { f_x : field_element; f_y : field_element; f_z : field_element } - -type out_point = { m_f_x : out_field_element; m_f_y : out_field_element; m_f_z : out_field_element } +module type Parameters_with_a = sig + val a : string + include Parameters +end type scalar = Scalar of string -module type Foreign = sig +module type Foreign_field = sig val mul : out_field_element -> field_element -> field_element -> unit val sub : out_field_element -> field_element -> field_element -> unit val add : out_field_element -> field_element -> field_element -> unit @@ -107,13 +107,38 @@ module type Foreign = sig val to_octets : bytes -> field_element -> unit val inv : out_field_element -> field_element -> unit val select_c : out_field_element -> bool -> field_element -> field_element -> unit +end +module Point_proj = struct + type point = { f_x : field_element; f_y : field_element; f_z : field_element } + type out_point = { m_f_x : out_field_element; m_f_y : out_field_element; m_f_z : out_field_element } +end + +module type Foreign = sig + include Foreign_field + open Point_proj val double_c : out_point -> point -> unit val add_c : out_point -> point -> point -> unit val scalar_mult_base_c : out_point -> string -> unit end +module Point_string = struct + type point = Point of string [@@unboxed] + type out_point = Point_out of bytes [@@unboxed] +end + +module type Foreign_kiila = sig + include Foreign_field + open Point_string + val scalar_mult_base_c : out_point -> string -> unit + val scalar_mult_c : out_point -> string -> point -> unit + val scalar_mult_add_c : out_point -> string -> string -> point -> unit +end + module type Field_element = sig + val create : unit -> out_field_element + val out_fe_to_fe : out_field_element -> field_element + val mul : field_element -> field_element -> field_element val sub : field_element -> field_element -> field_element val add : field_element -> field_element -> field_element @@ -126,68 +151,65 @@ module type Field_element = sig val select : bool -> then_:field_element -> else_:field_element -> field_element val from_be_octets : string -> field_element val to_octets : field_element -> string - val double_point : point -> point - val add_point : point -> point -> point - val scalar_mult_base_point : scalar -> point end -module Make_field_element (P : Parameters) (F : Foreign) : Field_element = struct - let b_uts b = Bytes.unsafe_to_string b +module Make_field_element (P : Parameters) (F : Foreign_field) : Field_element = struct + let out_fe_to_fe (Fe_out b) = Fe (Bytes.unsafe_to_string b) - let create () = Bytes.create P.fe_length + let create () = Fe_out (Bytes.create P.fe_length) let mul a b = let tmp = create () in F.mul tmp a b; - b_uts tmp + out_fe_to_fe tmp let sub a b = let tmp = create () in F.sub tmp a b; - b_uts tmp + out_fe_to_fe tmp let add a b = let tmp = create () in F.add tmp a b; - b_uts tmp + out_fe_to_fe tmp let from_montgomery a = let tmp = create () in F.from_montgomery tmp a; - b_uts tmp + out_fe_to_fe tmp let zero = - let b = Bytes.make P.fe_length '\000' in - b_uts b + let b = Fe_out (Bytes.make P.fe_length '\000') in + out_fe_to_fe b let one = let fe = create () in F.set_one fe; - b_uts fe + out_fe_to_fe fe let nz a = F.nz a let sqr a = let tmp = create () in F.sqr tmp a; - b_uts tmp + out_fe_to_fe tmp let inv a = let tmp = create () in F.inv tmp a; - b_uts tmp + out_fe_to_fe tmp let select bit ~then_ ~else_ = let tmp = create () in F.select_c tmp bit then_ else_; - b_uts tmp + out_fe_to_fe tmp let from_be_octets buf = let buf_rev = rev_string buf in let tmp = create () in F.from_octets tmp buf_rev; - F.to_montgomery tmp (b_uts tmp); - b_uts tmp + F.to_montgomery tmp (out_fe_to_fe tmp); + out_fe_to_fe tmp let create_octets () = Bytes.create P.byte_length @@ -195,52 +217,26 @@ module Make_field_element (P : Parameters) (F : Foreign) : Field_element = struc let to_octets fe = let tmp = create_octets () in F.to_octets tmp fe; - b_uts tmp - - let out_point () = { - m_f_x = create (); - m_f_y = create (); - m_f_z = create (); - } - - let out_p_to_p p = { - f_x = b_uts p.m_f_x ; - f_y = b_uts p.m_f_y ; - f_z = b_uts p.m_f_z ; - } - - let double_point p = - let tmp = out_point () in - F.double_c tmp p; - out_p_to_p tmp - - let add_point a b = - let tmp = out_point () in - F.add_c tmp a b; - out_p_to_p tmp - - let scalar_mult_base_point (Scalar d) = - let tmp = out_point () in - F.scalar_mult_base_c tmp d; - out_p_to_p tmp + Bytes.unsafe_to_string tmp end module type Point = sig - val at_infinity : unit -> point + type point + type out_point val is_infinity : point -> bool - val add : point -> point -> point - val double : point -> point val of_octets : string -> (point, error) result val to_octets : compress:bool -> point -> string val to_affine_raw : point -> (field_element * field_element) option val x_of_finite_point : point -> string - val params_g : point - val select : bool -> then_:point -> else_:point -> point + val scalar_mult : scalar -> point -> point + val scalar_mult_add : scalar -> scalar -> point -> point val scalar_mult_base : scalar -> point + val generator_tables : unit -> string array array array end -module Make_point (P : Parameters) (F : Foreign) : Point = struct +module Make_point (P : Parameters_with_a) (F : Foreign) : Point = struct module Fe = Make_field_element(P)(F) + include Point_proj let at_infinity () = let f_x = Fe.one in @@ -273,7 +269,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct (** Convert coordinates to a finite point ensuring: - x < p - y < p - - y^2 = ax^3 + ax + b + - y^2 = x^3 + ax + b *) let validate_finite_point ~x ~y = match (check_coordinate x, check_coordinate y) with @@ -325,9 +321,33 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct else buf - let double p = Fe.double_point p - let add p q = Fe.add_point p q + let out_point () = { + m_f_x = Fe.create (); + m_f_y = Fe.create (); + m_f_z = Fe.create (); + } + + let out_p_to_p p = { + f_x = Fe.out_fe_to_fe p.m_f_x ; + f_y = Fe.out_fe_to_fe p.m_f_y ; + f_z = Fe.out_fe_to_fe p.m_f_z ; + } + + let double p = + let tmp = out_point () in + F.double_c tmp p; + out_p_to_p tmp + + let add a b = + let tmp = out_point () in + F.add_c tmp a b; + out_p_to_p tmp + + let scalar_mult_base (Scalar d) = + let tmp = out_point () in + F.scalar_mult_base_c tmp d; + out_p_to_p tmp let x_of_finite_point p = match to_affine p with None -> assert false | Some (x, _) -> rev_string x @@ -418,7 +438,225 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct | 0x00 | 0x04 -> Error `Invalid_length | _ -> Error `Invalid_format - let scalar_mult_base = Fe.scalar_mult_base_point + (* Branchless Montgomery ladder method *) + let scalar_mult (Scalar s) p = + let r0 = ref (at_infinity ()) in + let r1 = ref p in + for i = P.byte_length * 8 - 1 downto 0 do + let bit = bit_at s i in + let sum = add !r0 !r1 in + let r0_double = double !r0 in + let r1_double = double !r1 in + r0 := select bit ~then_:sum ~else_:r0_double; + r1 := select bit ~then_:r1_double ~else_:sum + done; + !r0 + + let scalar_mult_add a b p = + add (scalar_mult_base a) (scalar_mult b p) + + (* Pre-compute multiples of the generator point + returns the tables along with the number of significant bytes *) + let generator_tables () = + let len = P.fe_length * 2 in + let one_table _ = Array.init 15 (fun _ -> at_infinity ()) in + let table = Array.init len one_table in + let base = ref params_g in + for i = 0 to len - 1 do + table.(i).(0) <- !base; + for j = 1 to 14 do + table.(i).(j) <- add !base table.(i).(j - 1) + done; + base := double !base; + base := double !base; + base := double !base; + base := double !base + done; + let f2s (Fe x) = x in + let convert {f_x; f_y; f_z} = [|f2s f_x; f2s f_y; f2s f_z|] in + Array.map (Array.map convert) table + +end + +(* + This is an alternative Point implementation, that uses + - concatenated affine coordinates as used by ECCKiila generated code, and + - simplified calculations for a=0 like for the secp256k1 curve +*) +module Make_point_k1 (P : Parameters) (F : Foreign_kiila) : Point = struct + module Fe = Make_field_element(P)(F) + include Point_string + + let make (Fe x) (Fe y) = Point (String.cat x y) + let p_x (Point p) = Fe (String.sub p 0 P.fe_length) + let p_y (Point p) = Fe (String.sub p P.fe_length P.fe_length) + let out_point () = Point_out (Bytes.create (P.fe_length * 2)) + let out_p_to_p (Point_out p) = Point (Bytes.unsafe_to_string p) + + let at_infinity () = + let f_x = Fe.zero in + let f_y = Fe.zero in + make f_x f_y + + let is_infinity (p : point) = not (Fe.nz (p_y p)) + + let is_solution_to_curve_equation = + let b = Fe.from_be_octets P.b in + fun ~x ~y -> + let x3 = Fe.sqr x in + let x3 = Fe.mul x3 x in + let y2 = Fe.sqr y in + let sum = Fe.add x3 b in + let sum = Fe.sub sum y2 in + not (Fe.nz sum) + + let check_coordinate buf = + (* ensure buf < p: *) + match Eqaf.compare_be_with_len ~len:P.byte_length buf P.p >= 0 with + | true -> None + | exception Invalid_argument _ -> None + | false -> Some (Fe.from_be_octets buf) + + (** Convert coordinates to a finite point ensuring: + - x < p + - y < p + - y^2 = x^3 + b + *) + let validate_finite_point ~x ~y = + match (check_coordinate x, check_coordinate y) with + | Some f_x, Some f_y -> + if is_solution_to_curve_equation ~x:f_x ~y:f_y then + Ok (make f_x f_y) + else Error `Not_on_curve + | _ -> Error `Invalid_range + + let to_affine_raw p = + if is_infinity p then + None + else + let x = Fe.from_montgomery (p_x p) in + let y = Fe.from_montgomery (p_y p) in + Some (x, y) + + let to_affine p = + Option.map (fun (x, y) -> Fe.to_octets x, Fe.to_octets y) + (to_affine_raw p) + + let to_octets ~compress p = + let buf = + match to_affine p with + | None -> String.make 1 '\000' + | Some (x, y) -> + let len_x = String.length x and len_y = String.length y in + let res = Bytes.create (1 + len_x + len_y) in + Bytes.set res 0 '\004' ; + let rev_x = rev_string x and rev_y = rev_string y in + Bytes.unsafe_blit_string rev_x 0 res 1 len_x ; + Bytes.unsafe_blit_string rev_y 0 res (1 + len_x) len_y ; + Bytes.unsafe_to_string res + in + if compress then + let out = Bytes.create (P.byte_length + 1) in + let ident = + 2 + (String.get_uint8 buf ((P.byte_length * 2) - 1)) land 1 + in + Bytes.unsafe_blit_string buf 1 out 1 P.byte_length; + Bytes.set_uint8 out 0 ident; + Bytes.unsafe_to_string out + else + buf + + let x_of_finite_point p = + match to_affine p with None -> assert false | Some (x, _) -> rev_string x + + let pow x exp = + let r0 = ref Fe.one in + let r1 = ref x in + for i = P.byte_length * 8 - 1 downto 0 do + let bit = bit_at exp i in + let multiplied = Fe.mul !r0 !r1 in + let r0_sqr = Fe.sqr !r0 in + let r1_sqr = Fe.sqr !r1 in + r0 := Fe.select bit ~then_:multiplied ~else_:r0_sqr; + r1 := Fe.select bit ~then_:r1_sqr ~else_:multiplied; + done; + !r0 + + let decompress = + (* When p = 4*k+3, as is the case of NIST-P256, there is an efficient square + root algorithm to recover the y, as follows: + + Given the compact representation of Q as x, + y2 = x^3 + b (with a=0) + y' = y2^((p+1)/4) + y = min(y',p-y') + Q=(x,y) is the canonical representation of the point + *) + let pident = P.pident (* (Params.p + 1) / 4*) in + let b = Fe.from_be_octets P.b in + let p = Fe.from_be_octets P.p in + fun pk -> + let x = Fe.from_be_octets (String.sub pk 1 P.byte_length) in + let x3 = Fe.mul x x in + let x3 = Fe.mul x3 x in (* x3 *) + let sum = Fe.add x3 b in (* y^2 *) + let y = pow sum pident in (* https://tools.ietf.org/id/draft-jivsov-ecc-compact-00.xml#sqrt point 4.3*) + let y' = Fe.sub p y in + let y = Fe.from_montgomery y in + let y_struct = Fe.to_octets y in (* number must not be in montgomery domain*) + let y_struct = rev_string y_struct in + let y' = Fe.from_montgomery y' in + let y_struct2 = Fe.to_octets y' in (* number must not be in montgomery domain*) + let y_struct2 = rev_string y_struct2 in + let ident = String.get_uint8 pk 0 in + let signY = + 2 + (String.get_uint8 y_struct (P.byte_length - 2)) land 1 + in + let res = if Int.equal signY ident then y_struct else y_struct2 in + let out = Bytes.create ((P.byte_length * 2) + 1) in + Bytes.set out 0 '\004'; + Bytes.unsafe_blit_string pk 1 out 1 P.byte_length; + Bytes.unsafe_blit_string res 0 out (P.byte_length + 1) P.byte_length; + Bytes.unsafe_to_string out + + let of_octets buf = + let len = P.byte_length in + if String.length buf = 0 then + Error `Invalid_format + else + let of_octets buf = + let x = String.sub buf 1 len in + let y = String.sub buf (1 + len) len in + validate_finite_point ~x ~y + in + match String.get_uint8 buf 0 with + | 0x00 when String.length buf = 1 -> + Ok (at_infinity ()) + | 0x02 | 0x03 when String.length P.pident > 0 -> + let decompressed = decompress buf in + of_octets decompressed + | 0x04 when String.length buf = 1 + len + len -> + of_octets buf + | 0x00 | 0x04 -> Error `Invalid_length + | _ -> Error `Invalid_format + + let scalar_mult_base (Scalar d) = + let tmp = out_point () in + F.scalar_mult_base_c tmp d; + out_p_to_p tmp + + let scalar_mult (Scalar s) p = + let tmp = out_point () in + F.scalar_mult_c tmp s p; + out_p_to_p tmp + + let scalar_mult_add (Scalar a) (Scalar b) p = + let tmp = out_point () in + F.scalar_mult_add_c tmp a b p; + out_p_to_p tmp + + let generator_tables () = + assert false end module type Scalar = sig @@ -426,9 +664,6 @@ module type Scalar = sig val is_in_range : string -> bool val of_octets : string -> (scalar, error) result val to_octets : scalar -> string - val scalar_mult : scalar -> point -> point - val scalar_mult_base : scalar -> point - val generator_tables : unit -> field_element array array array end module Make_scalar (Param : Parameters) (P : Point) : Scalar = struct @@ -447,43 +682,6 @@ module Make_scalar (Param : Parameters) (P : Point) : Scalar = struct | false -> Error `Invalid_range let to_octets (Scalar buf) = rev_string buf - - (* Branchless Montgomery ladder method *) - let scalar_mult (Scalar s) p = - let r0 = ref (P.at_infinity ()) in - let r1 = ref p in - for i = Param.byte_length * 8 - 1 downto 0 do - let bit = bit_at s i in - let sum = P.add !r0 !r1 in - let r0_double = P.double !r0 in - let r1_double = P.double !r1 in - r0 := P.select bit ~then_:sum ~else_:r0_double; - r1 := P.select bit ~then_:r1_double ~else_:sum - done; - !r0 - - (* Specialization of [scalar_mult d p] when [p] is the generator *) - let scalar_mult_base = P.scalar_mult_base - - (* Pre-compute multiples of the generator point - returns the tables along with the number of significant bytes *) - let generator_tables () = - let len = Param.fe_length * 2 in - let one_table _ = Array.init 15 (fun _ -> P.at_infinity ()) in - let table = Array.init len one_table in - let base = ref P.params_g in - for i = 0 to len - 1 do - table.(i).(0) <- !base; - for j = 1 to 14 do - table.(i).(j) <- P.add !base table.(i).(j - 1) - done; - base := P.double !base; - base := P.double !base; - base := P.double !base; - base := P.double !base - done; - let convert {f_x; f_y; f_z} = [|f_x; f_y; f_z|] in - Array.map (Array.map convert) table end module Make_dh (Param : Parameters) (P : Point) (S : Scalar) : Dh = struct @@ -498,7 +696,7 @@ module Make_dh (Param : Parameters) (P : Point) (S : Scalar) : Dh = struct type secret = scalar let share ?(compress = false) private_key = - let public_key = S.scalar_mult_base private_key in + let public_key = P.scalar_mult_base private_key in point_to_octets ~compress public_key let secret_of_octets ?compress s = @@ -522,7 +720,7 @@ module Make_dh (Param : Parameters) (P : Point) (S : Scalar) : Dh = struct let key_exchange secret received = match point_of_octets received with | Error _ as err -> err - | Ok shared -> Ok (P.x_of_finite_point (S.scalar_mult secret shared)) + | Ok shared -> Ok (P.x_of_finite_point (P.scalar_mult secret shared)) end module type Foreign_n = sig @@ -548,53 +746,53 @@ module type Fn = sig end module Make_Fn (P : Parameters) (F : Foreign_n) : Fn = struct - let b_uts = Bytes.unsafe_to_string + let out_fe_to_fe (Fe_out x) = Fe (Bytes.unsafe_to_string x) - let create () = Bytes.create P.fe_length + let create () = Fe_out (Bytes.create P.fe_length) let create_octets () = Bytes.create P.byte_length let from_be_octets v = let v' = create () in F.from_bytes v' (rev_string v); - F.to_montgomery v' (b_uts v'); - b_uts v' + F.to_montgomery v' (out_fe_to_fe v'); + out_fe_to_fe v' let to_be_octets v = let buf = create_octets () in F.to_bytes buf v; - rev_string (b_uts buf) + rev_string (Bytes.unsafe_to_string buf) let mul a b = let tmp = create () in F.mul tmp a b; - b_uts tmp + out_fe_to_fe tmp let add a b = let tmp = create () in F.add tmp a b; - b_uts tmp + out_fe_to_fe tmp let inv a = let tmp = create () in F.inv tmp a; - F.to_montgomery tmp (b_uts tmp); - b_uts tmp + F.to_montgomery tmp (out_fe_to_fe tmp); + out_fe_to_fe tmp let one = let tmp = create () in F.one tmp; - b_uts tmp + out_fe_to_fe tmp let from_montgomery a = let tmp = create () in F.from_montgomery tmp a; - b_uts tmp + out_fe_to_fe tmp let to_montgomery a = let tmp = create () in F.to_montgomery tmp a; - b_uts tmp + out_fe_to_fe tmp end module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Digestif.S) = struct @@ -671,7 +869,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige module K_gen_default = K_gen(H) - type pub = point + type pub = P.point let pub_of_octets = P.of_octets @@ -687,16 +885,14 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige in one () in - let q = S.scalar_mult_base d in + let q = P.scalar_mult_base d in (d, q) let x_of_finite_point_mod_n p = match P.to_affine_raw p with | None -> None | Some (x, _) -> - let x = F.to_montgomery x in let x = F.mul x F.one in - let x = F.from_montgomery x in Some (F.to_be_octets x) let sign ~key ?k msg = @@ -714,7 +910,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige | Ok ksc -> ksc | Error _ -> invalid_arg "k not in range" (* if no k is provided, this cannot happen since K_gen_*.gen already preserves the Scalar invariants *) in - let point = S.scalar_mult_base ksc in + let point = P.scalar_mult_base ksc in match x_of_finite_point_mod_n point with | None -> again () | Some r -> @@ -734,7 +930,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige in do_sign g - let pub_of_priv priv = S.scalar_mult_base priv + let pub_of_priv priv = P.scalar_mult_base priv let verify ~key (r, s) msg = try @@ -756,10 +952,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige S.of_octets (F.to_be_octets u2) with | Ok u1, Ok u2 -> - let point = - P.add - (S.scalar_mult_base u1) - (S.scalar_mult u2 key) + let point = P.scalar_mult_add u1 u2 key in begin match x_of_finite_point_mod_n point with | None -> false (* point is infinity *) @@ -770,7 +963,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige | Message_too_long -> false module Precompute = struct - let generator_tables = S.generator_tables + let generator_tables = P.generator_tables end end @@ -790,6 +983,7 @@ module P256 : Dh_dsa = struct end module Foreign = struct + include Point_proj external mul : out_field_element -> field_element -> field_element -> unit = "mc_p256_mul" [@@noalloc] external sub : out_field_element -> field_element -> field_element -> unit = "mc_p256_sub" [@@noalloc] external add : out_field_element -> field_element -> field_element -> unit = "mc_p256_add" [@@noalloc] @@ -825,6 +1019,58 @@ module P256 : Dh_dsa = struct module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA256) end + +module P256k1 : Dh_dsa = struct + module Params = struct + let b = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07" + let g_x = "\x79\xBE\x66\x7E\xF9\xDC\xBB\xAC\x55\xA0\x62\x95\xCE\x87\x0B\x07\x02\x9B\xFC\xDB\x2D\xCE\x28\xD9\x59\xF2\x81\x5B\x16\xF8\x17\x98" + let g_y = "\x48\x3A\xDA\x77\x26\xA3\xC4\x65\x5D\xA4\xFB\xFC\x0E\x11\x08\xA8\xFD\x17\xB4\x48\xA6\x85\x54\x19\x9C\x47\xD0\x8F\xFB\x10\xD4\xB8" + let p = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFC\x2F" + let n = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xBA\xAE\xDC\xE6\xAF\x48\xA0\x3B\xBF\xD2\x5E\x8C\xD0\x36\x41\x41" + let pident = "\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xBF\xFF\xFF\x0C" |> rev_string (* (Params.p + 1) / 4*) + let byte_length = 32 + let bit_length = 256 + let fe_length = 32 + let first_byte_bits = None + end + + module Foreign = struct + include Point_string + external mul : out_field_element -> field_element -> field_element -> unit = "mc_p256k1_mul" [@@noalloc] + external sub : out_field_element -> field_element -> field_element -> unit = "mc_p256k1_sub" [@@noalloc] + external add : out_field_element -> field_element -> field_element -> unit = "mc_p256k1_add" [@@noalloc] + external to_montgomery : out_field_element -> field_element -> unit = "mc_p256k1_to_montgomery" [@@noalloc] + external from_octets : out_field_element -> string -> unit = "mc_p256k1_from_bytes" [@@noalloc] + external set_one : out_field_element -> unit = "mc_p256k1_set_one" [@@noalloc] + external nz : field_element -> bool = "mc_p256k1_nz" [@@noalloc] + external sqr : out_field_element -> field_element -> unit = "mc_p256k1_sqr" [@@noalloc] + external from_montgomery : out_field_element -> field_element -> unit = "mc_p256k1_from_montgomery" [@@noalloc] + external to_octets : bytes -> field_element -> unit = "mc_p256k1_to_bytes" [@@noalloc] + external inv : out_field_element -> field_element -> unit = "mc_p256k1_inv" [@@noalloc] + external select_c : out_field_element -> bool -> field_element -> field_element -> unit = "mc_p256k1_select" [@@noalloc] + external scalar_mult_c : out_point -> string -> point -> unit = "mc_p256k1_scalar_mult" [@@noalloc] + external scalar_mult_add_c : out_point -> string -> string -> point -> unit = "mc_p256k1_scalar_mult_add" [@@noalloc] + external scalar_mult_base_c : out_point -> string -> unit = "mc_p256k1_scalar_mult_base" [@@noalloc] + end + + module Foreign_n = struct + external mul : out_field_element -> field_element -> field_element -> unit = "mc_np256k1_mul" [@@noalloc] + external add : out_field_element -> field_element -> field_element -> unit = "mc_np256k1_add" [@@noalloc] + external inv : out_field_element -> field_element -> unit = "mc_np256k1_inv" [@@noalloc] + external one : out_field_element -> unit = "mc_np256k1_one" [@@noalloc] + external from_bytes : out_field_element -> string -> unit = "mc_np256k1_from_bytes" [@@noalloc] + external to_bytes : bytes -> field_element -> unit = "mc_np256k1_to_bytes" [@@noalloc] + external from_montgomery : out_field_element -> field_element -> unit = "mc_np256k1_from_montgomery" [@@noalloc] + external to_montgomery : out_field_element -> field_element -> unit = "mc_np256k1_to_montgomery" [@@noalloc] + end + + module P = Make_point_k1(Params)(Foreign) + module S = Make_scalar(Params)(P) + module Dh = Make_dh(Params)(P)(S) + module Fn = Make_Fn(Params)(Foreign_n) + module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA256) +end + module P384 : Dh_dsa = struct module Params = struct let a = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFC" @@ -842,6 +1088,7 @@ module P384 : Dh_dsa = struct end module Foreign = struct + include Point_proj external mul : out_field_element -> field_element -> field_element -> unit = "mc_p384_mul" [@@noalloc] external sub : out_field_element -> field_element -> field_element -> unit = "mc_p384_sub" [@@noalloc] external add : out_field_element -> field_element -> field_element -> unit = "mc_p384_add" [@@noalloc] @@ -895,6 +1142,7 @@ module P521 : Dh_dsa = struct end module Foreign = struct + include Point_proj external mul : out_field_element -> field_element -> field_element -> unit = "mc_p521_mul" [@@noalloc] external sub : out_field_element -> field_element -> field_element -> unit = "mc_p521_sub" [@@noalloc] external add : out_field_element -> field_element -> field_element -> unit = "mc_p521_add" [@@noalloc] diff --git a/ec/mirage_crypto_ec.mli b/ec/mirage_crypto_ec.mli index aca30139..7e315411 100644 --- a/ec/mirage_crypto_ec.mli +++ b/ec/mirage_crypto_ec.mli @@ -168,6 +168,9 @@ end (** The NIST P-256 curve, also known as SECP256R1. *) module P256 : Dh_dsa +(** The SECP256K1 curve. *) +module P256k1 : Dh_dsa + (** The NIST P-384 curve, also known as SECP384R1. *) module P384 : Dh_dsa diff --git a/ec/native/p256k1_stubs.c b/ec/native/p256k1_stubs.c new file mode 100644 index 00000000..69ed1e2d --- /dev/null +++ b/ec/native/p256k1_stubs.c @@ -0,0 +1,173 @@ +#include "mirage_crypto.h" +#include "secp256k1.h" +#include + +CAMLprim value mc_p256k1_sub(value out, value a, value b) +{ + CAMLparam3(out, a, b); + fiat_secp256k1_sub((limb_t*)Bytes_val(out), (const limb_t*)String_val(a), (const limb_t*)String_val(b)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_add(value out, value a, value b) +{ + CAMLparam3(out, a, b); + fiat_secp256k1_add((limb_t*)Bytes_val(out), (const limb_t*)String_val(a), (const limb_t*)String_val(b)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_mul(value out, value a, value b) +{ + CAMLparam3(out, a, b); + fiat_secp256k1_mul((limb_t*)Bytes_val(out), (const limb_t*)String_val(a), (const limb_t*)String_val(b)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_from_bytes(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_from_bytes((limb_t*)Bytes_val(out), _st_uint8(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_to_bytes(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_to_bytes(Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_sqr(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_square((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_from_montgomery(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_from_montgomery((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_to_montgomery(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_to_montgomery((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_nz(value x) +{ + CAMLparam1(x); + limb_t ret; + fiat_secp256k1_nonzero(&ret, (const limb_t*)String_val(x)); + CAMLreturn(Val_bool(ret)); +} + +CAMLprim value mc_p256k1_set_one(value x) +{ + CAMLparam1(x); + fiat_secp256k1_set_one((limb_t*)Bytes_val(x)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_inv(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_inv((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_select(value out, value bit, value t, value f) +{ + CAMLparam4(out, bit, t, f); + fiat_secp256k1_selectznz( + (limb_t*)Bytes_val(out), + !!Bool_val(bit), + (const limb_t*)String_val(f), + (const limb_t*)String_val(t) + ); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_inv(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_scalar_inv((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_mul(value out, value a, value b) +{ + CAMLparam3(out, a, b); + fiat_secp256k1_scalar_mul((limb_t*)Bytes_val(out), (const limb_t*)String_val(a), (const limb_t*)String_val(b)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_add(value out, value a, value b) +{ + CAMLparam3(out, a, b); + fiat_secp256k1_scalar_add((limb_t*)Bytes_val(out), (const limb_t*)String_val(a), (const limb_t*)String_val(b)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_one(value out) +{ + CAMLparam1(out); + fiat_secp256k1_scalar_set_one((limb_t*)Bytes_val(out)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_from_bytes(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_scalar_from_bytes((limb_t*)Bytes_val(out), _st_uint8(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_to_bytes(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_scalar_to_bytes(Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_from_montgomery(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_scalar_from_montgomery((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_np256k1_to_montgomery(value out, value in) +{ + CAMLparam2(out, in); + fiat_secp256k1_scalar_to_montgomery((limb_t*)Bytes_val(out), (const limb_t*)String_val(in)); + CAMLreturn(Val_unit); +} + +#define PT(v) ((const pt_aff_t*) (String_val(v))) +#define PT_OUT(v) ((pt_aff_t*) (Bytes_val(v))) + +CAMLprim value mc_p256k1_scalar_mult_base(value out, value s) +{ + CAMLparam2(out, s); + fixed_smul_cmb(PT_OUT(out), _st_uint8(s)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_scalar_mult(value out, value s, value p) +{ + CAMLparam3(out, s, p); + var_smul_rwnaf(PT_OUT(out), _st_uint8(s), PT(p)); + CAMLreturn(Val_unit); +} + +CAMLprim value mc_p256k1_scalar_mult_add(value out, value a, value b, value p) +{ + CAMLparam4(out, a, b, p); + var_smul_wnaf_two(PT_OUT(out), _st_uint8(a), _st_uint8(b), PT(p)); + CAMLreturn(Val_unit); +} diff --git a/ec/native/secp256k1.h b/ec/native/secp256k1.h new file mode 100644 index 00000000..0ec33932 --- /dev/null +++ b/ec/native/secp256k1.h @@ -0,0 +1,21038 @@ +/* Autogenerated: ECCKiila https://gitlab.com/nisec/ecckiila */ +/*- + * MIT License + * - + * Copyright (c) 2020 Luis Rivera-Zamarripa, Jesús-Javier Chi-Domínguez, Billy Bob Brumley + * - + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * - + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * - + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +#if defined(__SIZEOF_INT128__) && !defined(PEDANTIC) + +#include +#include +#define LIMB_BITS 64 +#define LIMB_CNT 4 +/* Field elements */ +typedef uint64_t fe_t[LIMB_CNT]; +typedef uint64_t limb_t; + + +#define fe_copy(d, s) memcpy(d, s, sizeof(fe_t)) +#define fe_set_zero(d) memset(d, 0, sizeof(fe_t)) + +/* Projective points */ +typedef struct { + fe_t X; + fe_t Y; + fe_t Z; +} pt_prj_t; + +/* Affine points */ +typedef struct { + fe_t X; + fe_t Y; +} pt_aff_t; + +/* BEGIN verbatim fiat code https://github.com/mit-plv/fiat-crypto */ +/*- + * MIT License + * + * Copyright (c) 2015-2021 the fiat-crypto authors (see the AUTHORS file). + * https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier secp256k1_montgomery 64 '2^256 - 2^32 - 977' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ +/* curve description: secp256k1_montgomery */ +/* machine_wordsize = 64 (from "64") */ +/* requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp */ +/* m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ +/* */ +/* Computed values: */ +/* eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) */ +/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */ +/* twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in */ +/* if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 */ + +#include +typedef unsigned char fiat_secp256k1_uint1; +typedef signed char fiat_secp256k1_int1; +#if defined(__GNUC__) || defined(__clang__) +# define FIAT_SECP256K1_FIAT_EXTENSION __extension__ +# define FIAT_SECP256K1_FIAT_INLINE __inline__ +#else +# define FIAT_SECP256K1_FIAT_EXTENSION +# define FIAT_SECP256K1_FIAT_INLINE +#endif + +FIAT_SECP256K1_FIAT_EXTENSION typedef signed __int128 fiat_secp256k1_int128; +FIAT_SECP256K1_FIAT_EXTENSION typedef unsigned __int128 fiat_secp256k1_uint128; + +/* The type fiat_secp256k1_montgomery_domain_field_element is a field element in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +typedef uint64_t fiat_secp256k1_montgomery_domain_field_element[4]; + +/* The type fiat_secp256k1_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +typedef uint64_t fiat_secp256k1_non_montgomery_domain_field_element[4]; + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + +#if !defined(FIAT_SECP256K1_NO_ASM) && (defined(__GNUC__) || defined(__clang__)) +static __inline__ uint64_t fiat_secp256k1_value_barrier_u64(uint64_t a) { + __asm__("" : "+r"(a) : /* no inputs */); + return a; +} +#else +# define fiat_secp256k1_value_barrier_u64(x) (x) +#endif + + +/* + * The function fiat_secp256k1_addcarryx_u64 is an addition with carry. + * + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^64 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_addcarryx_u64(uint64_t* out1, fiat_secp256k1_uint1* out2, fiat_secp256k1_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_secp256k1_uint128 x1; + uint64_t x2; + fiat_secp256k1_uint1 x3; + x1 = ((arg1 + (fiat_secp256k1_uint128)arg2) + arg3); + x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + x3 = (fiat_secp256k1_uint1)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_subborrowx_u64 is a subtraction with borrow. + * + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^64 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_subborrowx_u64(uint64_t* out1, fiat_secp256k1_uint1* out2, fiat_secp256k1_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_secp256k1_int128 x1; + fiat_secp256k1_int1 x2; + uint64_t x3; + x1 = ((arg2 - (fiat_secp256k1_int128)arg1) - arg3); + x2 = (fiat_secp256k1_int1)(x1 >> 64); + x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + *out1 = x3; + *out2 = (fiat_secp256k1_uint1)(0x0 - x2); +} + +/* + * The function fiat_secp256k1_mulx_u64 is a multiplication, returning the full double-width result. + * + * Postconditions: + * out1 = (arg1 * arg2) mod 2^64 + * out2 = ⌊arg1 * arg2 / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0xffffffffffffffff] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) { + fiat_secp256k1_uint128 x1; + uint64_t x2; + uint64_t x3; + x1 = ((fiat_secp256k1_uint128)arg1 * arg2); + x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + x3 = (uint64_t)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_cmovznz_u64 is a single-word conditional move. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_cmovznz_u64(uint64_t* out1, fiat_secp256k1_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_secp256k1_uint1 x1; + uint64_t x2; + uint64_t x3; + x1 = (!(!arg1)); + x2 = ((fiat_secp256k1_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); + x3 = ((fiat_secp256k1_value_barrier_u64(x2) & arg3) | (fiat_secp256k1_value_barrier_u64((~x2)) & arg2)); + *out1 = x3; +} + +/* + * The function fiat_secp256k1_mul multiplies two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_mul(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1, const fiat_secp256k1_montgomery_domain_field_element arg2) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_secp256k1_uint1 x14; + uint64_t x15; + fiat_secp256k1_uint1 x16; + uint64_t x17; + fiat_secp256k1_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + fiat_secp256k1_uint1 x31; + uint64_t x32; + fiat_secp256k1_uint1 x33; + uint64_t x34; + fiat_secp256k1_uint1 x35; + uint64_t x36; + uint64_t x37; + fiat_secp256k1_uint1 x38; + uint64_t x39; + fiat_secp256k1_uint1 x40; + uint64_t x41; + fiat_secp256k1_uint1 x42; + uint64_t x43; + fiat_secp256k1_uint1 x44; + uint64_t x45; + fiat_secp256k1_uint1 x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + fiat_secp256k1_uint1 x56; + uint64_t x57; + fiat_secp256k1_uint1 x58; + uint64_t x59; + fiat_secp256k1_uint1 x60; + uint64_t x61; + uint64_t x62; + fiat_secp256k1_uint1 x63; + uint64_t x64; + fiat_secp256k1_uint1 x65; + uint64_t x66; + fiat_secp256k1_uint1 x67; + uint64_t x68; + fiat_secp256k1_uint1 x69; + uint64_t x70; + fiat_secp256k1_uint1 x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + uint64_t x81; + uint64_t x82; + fiat_secp256k1_uint1 x83; + uint64_t x84; + fiat_secp256k1_uint1 x85; + uint64_t x86; + fiat_secp256k1_uint1 x87; + uint64_t x88; + uint64_t x89; + fiat_secp256k1_uint1 x90; + uint64_t x91; + fiat_secp256k1_uint1 x92; + uint64_t x93; + fiat_secp256k1_uint1 x94; + uint64_t x95; + fiat_secp256k1_uint1 x96; + uint64_t x97; + fiat_secp256k1_uint1 x98; + uint64_t x99; + uint64_t x100; + uint64_t x101; + uint64_t x102; + uint64_t x103; + uint64_t x104; + uint64_t x105; + uint64_t x106; + uint64_t x107; + uint64_t x108; + fiat_secp256k1_uint1 x109; + uint64_t x110; + fiat_secp256k1_uint1 x111; + uint64_t x112; + fiat_secp256k1_uint1 x113; + uint64_t x114; + uint64_t x115; + fiat_secp256k1_uint1 x116; + uint64_t x117; + fiat_secp256k1_uint1 x118; + uint64_t x119; + fiat_secp256k1_uint1 x120; + uint64_t x121; + fiat_secp256k1_uint1 x122; + uint64_t x123; + fiat_secp256k1_uint1 x124; + uint64_t x125; + uint64_t x126; + uint64_t x127; + uint64_t x128; + uint64_t x129; + uint64_t x130; + uint64_t x131; + uint64_t x132; + uint64_t x133; + uint64_t x134; + uint64_t x135; + fiat_secp256k1_uint1 x136; + uint64_t x137; + fiat_secp256k1_uint1 x138; + uint64_t x139; + fiat_secp256k1_uint1 x140; + uint64_t x141; + uint64_t x142; + fiat_secp256k1_uint1 x143; + uint64_t x144; + fiat_secp256k1_uint1 x145; + uint64_t x146; + fiat_secp256k1_uint1 x147; + uint64_t x148; + fiat_secp256k1_uint1 x149; + uint64_t x150; + fiat_secp256k1_uint1 x151; + uint64_t x152; + uint64_t x153; + uint64_t x154; + uint64_t x155; + uint64_t x156; + uint64_t x157; + uint64_t x158; + uint64_t x159; + uint64_t x160; + uint64_t x161; + fiat_secp256k1_uint1 x162; + uint64_t x163; + fiat_secp256k1_uint1 x164; + uint64_t x165; + fiat_secp256k1_uint1 x166; + uint64_t x167; + uint64_t x168; + fiat_secp256k1_uint1 x169; + uint64_t x170; + fiat_secp256k1_uint1 x171; + uint64_t x172; + fiat_secp256k1_uint1 x173; + uint64_t x174; + fiat_secp256k1_uint1 x175; + uint64_t x176; + fiat_secp256k1_uint1 x177; + uint64_t x178; + uint64_t x179; + uint64_t x180; + uint64_t x181; + uint64_t x182; + uint64_t x183; + uint64_t x184; + uint64_t x185; + uint64_t x186; + uint64_t x187; + uint64_t x188; + fiat_secp256k1_uint1 x189; + uint64_t x190; + fiat_secp256k1_uint1 x191; + uint64_t x192; + fiat_secp256k1_uint1 x193; + uint64_t x194; + uint64_t x195; + fiat_secp256k1_uint1 x196; + uint64_t x197; + fiat_secp256k1_uint1 x198; + uint64_t x199; + fiat_secp256k1_uint1 x200; + uint64_t x201; + fiat_secp256k1_uint1 x202; + uint64_t x203; + fiat_secp256k1_uint1 x204; + uint64_t x205; + uint64_t x206; + fiat_secp256k1_uint1 x207; + uint64_t x208; + fiat_secp256k1_uint1 x209; + uint64_t x210; + fiat_secp256k1_uint1 x211; + uint64_t x212; + fiat_secp256k1_uint1 x213; + uint64_t x214; + fiat_secp256k1_uint1 x215; + uint64_t x216; + uint64_t x217; + uint64_t x218; + uint64_t x219; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[0]); + fiat_secp256k1_mulx_u64(&x5, &x6, x4, (arg2[3])); + fiat_secp256k1_mulx_u64(&x7, &x8, x4, (arg2[2])); + fiat_secp256k1_mulx_u64(&x9, &x10, x4, (arg2[1])); + fiat_secp256k1_mulx_u64(&x11, &x12, x4, (arg2[0])); + fiat_secp256k1_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + fiat_secp256k1_addcarryx_u64(&x15, &x16, x14, x10, x7); + fiat_secp256k1_addcarryx_u64(&x17, &x18, x16, x8, x5); + x19 = (x18 + x6); + fiat_secp256k1_mulx_u64(&x20, &x21, x11, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x22, &x23, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x24, &x25, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x26, &x27, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x28, &x29, x20, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x30, &x31, 0x0, x29, x26); + fiat_secp256k1_addcarryx_u64(&x32, &x33, x31, x27, x24); + fiat_secp256k1_addcarryx_u64(&x34, &x35, x33, x25, x22); + x36 = (x35 + x23); + fiat_secp256k1_addcarryx_u64(&x37, &x38, 0x0, x11, x28); + fiat_secp256k1_addcarryx_u64(&x39, &x40, x38, x13, x30); + fiat_secp256k1_addcarryx_u64(&x41, &x42, x40, x15, x32); + fiat_secp256k1_addcarryx_u64(&x43, &x44, x42, x17, x34); + fiat_secp256k1_addcarryx_u64(&x45, &x46, x44, x19, x36); + fiat_secp256k1_mulx_u64(&x47, &x48, x1, (arg2[3])); + fiat_secp256k1_mulx_u64(&x49, &x50, x1, (arg2[2])); + fiat_secp256k1_mulx_u64(&x51, &x52, x1, (arg2[1])); + fiat_secp256k1_mulx_u64(&x53, &x54, x1, (arg2[0])); + fiat_secp256k1_addcarryx_u64(&x55, &x56, 0x0, x54, x51); + fiat_secp256k1_addcarryx_u64(&x57, &x58, x56, x52, x49); + fiat_secp256k1_addcarryx_u64(&x59, &x60, x58, x50, x47); + x61 = (x60 + x48); + fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x39, x53); + fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x41, x55); + fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x43, x57); + fiat_secp256k1_addcarryx_u64(&x68, &x69, x67, x45, x59); + fiat_secp256k1_addcarryx_u64(&x70, &x71, x69, x46, x61); + fiat_secp256k1_mulx_u64(&x72, &x73, x62, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x74, &x75, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x76, &x77, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x78, &x79, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x80, &x81, x72, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x82, &x83, 0x0, x81, x78); + fiat_secp256k1_addcarryx_u64(&x84, &x85, x83, x79, x76); + fiat_secp256k1_addcarryx_u64(&x86, &x87, x85, x77, x74); + x88 = (x87 + x75); + fiat_secp256k1_addcarryx_u64(&x89, &x90, 0x0, x62, x80); + fiat_secp256k1_addcarryx_u64(&x91, &x92, x90, x64, x82); + fiat_secp256k1_addcarryx_u64(&x93, &x94, x92, x66, x84); + fiat_secp256k1_addcarryx_u64(&x95, &x96, x94, x68, x86); + fiat_secp256k1_addcarryx_u64(&x97, &x98, x96, x70, x88); + x99 = ((uint64_t)x98 + x71); + fiat_secp256k1_mulx_u64(&x100, &x101, x2, (arg2[3])); + fiat_secp256k1_mulx_u64(&x102, &x103, x2, (arg2[2])); + fiat_secp256k1_mulx_u64(&x104, &x105, x2, (arg2[1])); + fiat_secp256k1_mulx_u64(&x106, &x107, x2, (arg2[0])); + fiat_secp256k1_addcarryx_u64(&x108, &x109, 0x0, x107, x104); + fiat_secp256k1_addcarryx_u64(&x110, &x111, x109, x105, x102); + fiat_secp256k1_addcarryx_u64(&x112, &x113, x111, x103, x100); + x114 = (x113 + x101); + fiat_secp256k1_addcarryx_u64(&x115, &x116, 0x0, x91, x106); + fiat_secp256k1_addcarryx_u64(&x117, &x118, x116, x93, x108); + fiat_secp256k1_addcarryx_u64(&x119, &x120, x118, x95, x110); + fiat_secp256k1_addcarryx_u64(&x121, &x122, x120, x97, x112); + fiat_secp256k1_addcarryx_u64(&x123, &x124, x122, x99, x114); + fiat_secp256k1_mulx_u64(&x125, &x126, x115, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x127, &x128, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x129, &x130, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x131, &x132, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x133, &x134, x125, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x135, &x136, 0x0, x134, x131); + fiat_secp256k1_addcarryx_u64(&x137, &x138, x136, x132, x129); + fiat_secp256k1_addcarryx_u64(&x139, &x140, x138, x130, x127); + x141 = (x140 + x128); + fiat_secp256k1_addcarryx_u64(&x142, &x143, 0x0, x115, x133); + fiat_secp256k1_addcarryx_u64(&x144, &x145, x143, x117, x135); + fiat_secp256k1_addcarryx_u64(&x146, &x147, x145, x119, x137); + fiat_secp256k1_addcarryx_u64(&x148, &x149, x147, x121, x139); + fiat_secp256k1_addcarryx_u64(&x150, &x151, x149, x123, x141); + x152 = ((uint64_t)x151 + x124); + fiat_secp256k1_mulx_u64(&x153, &x154, x3, (arg2[3])); + fiat_secp256k1_mulx_u64(&x155, &x156, x3, (arg2[2])); + fiat_secp256k1_mulx_u64(&x157, &x158, x3, (arg2[1])); + fiat_secp256k1_mulx_u64(&x159, &x160, x3, (arg2[0])); + fiat_secp256k1_addcarryx_u64(&x161, &x162, 0x0, x160, x157); + fiat_secp256k1_addcarryx_u64(&x163, &x164, x162, x158, x155); + fiat_secp256k1_addcarryx_u64(&x165, &x166, x164, x156, x153); + x167 = (x166 + x154); + fiat_secp256k1_addcarryx_u64(&x168, &x169, 0x0, x144, x159); + fiat_secp256k1_addcarryx_u64(&x170, &x171, x169, x146, x161); + fiat_secp256k1_addcarryx_u64(&x172, &x173, x171, x148, x163); + fiat_secp256k1_addcarryx_u64(&x174, &x175, x173, x150, x165); + fiat_secp256k1_addcarryx_u64(&x176, &x177, x175, x152, x167); + fiat_secp256k1_mulx_u64(&x178, &x179, x168, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x180, &x181, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x182, &x183, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x184, &x185, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x186, &x187, x178, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x188, &x189, 0x0, x187, x184); + fiat_secp256k1_addcarryx_u64(&x190, &x191, x189, x185, x182); + fiat_secp256k1_addcarryx_u64(&x192, &x193, x191, x183, x180); + x194 = (x193 + x181); + fiat_secp256k1_addcarryx_u64(&x195, &x196, 0x0, x168, x186); + fiat_secp256k1_addcarryx_u64(&x197, &x198, x196, x170, x188); + fiat_secp256k1_addcarryx_u64(&x199, &x200, x198, x172, x190); + fiat_secp256k1_addcarryx_u64(&x201, &x202, x200, x174, x192); + fiat_secp256k1_addcarryx_u64(&x203, &x204, x202, x176, x194); + x205 = ((uint64_t)x204 + x177); + fiat_secp256k1_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x212, &x213, x211, x203, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x214, &x215, x213, x205, 0x0); + fiat_secp256k1_cmovznz_u64(&x216, x215, x206, x197); + fiat_secp256k1_cmovznz_u64(&x217, x215, x208, x199); + fiat_secp256k1_cmovznz_u64(&x218, x215, x210, x201); + fiat_secp256k1_cmovznz_u64(&x219, x215, x212, x203); + out1[0] = x216; + out1[1] = x217; + out1[2] = x218; + out1[3] = x219; +} + +/* + * The function fiat_secp256k1_square squares a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_square(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_secp256k1_uint1 x14; + uint64_t x15; + fiat_secp256k1_uint1 x16; + uint64_t x17; + fiat_secp256k1_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + fiat_secp256k1_uint1 x31; + uint64_t x32; + fiat_secp256k1_uint1 x33; + uint64_t x34; + fiat_secp256k1_uint1 x35; + uint64_t x36; + uint64_t x37; + fiat_secp256k1_uint1 x38; + uint64_t x39; + fiat_secp256k1_uint1 x40; + uint64_t x41; + fiat_secp256k1_uint1 x42; + uint64_t x43; + fiat_secp256k1_uint1 x44; + uint64_t x45; + fiat_secp256k1_uint1 x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + fiat_secp256k1_uint1 x56; + uint64_t x57; + fiat_secp256k1_uint1 x58; + uint64_t x59; + fiat_secp256k1_uint1 x60; + uint64_t x61; + uint64_t x62; + fiat_secp256k1_uint1 x63; + uint64_t x64; + fiat_secp256k1_uint1 x65; + uint64_t x66; + fiat_secp256k1_uint1 x67; + uint64_t x68; + fiat_secp256k1_uint1 x69; + uint64_t x70; + fiat_secp256k1_uint1 x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + uint64_t x81; + uint64_t x82; + fiat_secp256k1_uint1 x83; + uint64_t x84; + fiat_secp256k1_uint1 x85; + uint64_t x86; + fiat_secp256k1_uint1 x87; + uint64_t x88; + uint64_t x89; + fiat_secp256k1_uint1 x90; + uint64_t x91; + fiat_secp256k1_uint1 x92; + uint64_t x93; + fiat_secp256k1_uint1 x94; + uint64_t x95; + fiat_secp256k1_uint1 x96; + uint64_t x97; + fiat_secp256k1_uint1 x98; + uint64_t x99; + uint64_t x100; + uint64_t x101; + uint64_t x102; + uint64_t x103; + uint64_t x104; + uint64_t x105; + uint64_t x106; + uint64_t x107; + uint64_t x108; + fiat_secp256k1_uint1 x109; + uint64_t x110; + fiat_secp256k1_uint1 x111; + uint64_t x112; + fiat_secp256k1_uint1 x113; + uint64_t x114; + uint64_t x115; + fiat_secp256k1_uint1 x116; + uint64_t x117; + fiat_secp256k1_uint1 x118; + uint64_t x119; + fiat_secp256k1_uint1 x120; + uint64_t x121; + fiat_secp256k1_uint1 x122; + uint64_t x123; + fiat_secp256k1_uint1 x124; + uint64_t x125; + uint64_t x126; + uint64_t x127; + uint64_t x128; + uint64_t x129; + uint64_t x130; + uint64_t x131; + uint64_t x132; + uint64_t x133; + uint64_t x134; + uint64_t x135; + fiat_secp256k1_uint1 x136; + uint64_t x137; + fiat_secp256k1_uint1 x138; + uint64_t x139; + fiat_secp256k1_uint1 x140; + uint64_t x141; + uint64_t x142; + fiat_secp256k1_uint1 x143; + uint64_t x144; + fiat_secp256k1_uint1 x145; + uint64_t x146; + fiat_secp256k1_uint1 x147; + uint64_t x148; + fiat_secp256k1_uint1 x149; + uint64_t x150; + fiat_secp256k1_uint1 x151; + uint64_t x152; + uint64_t x153; + uint64_t x154; + uint64_t x155; + uint64_t x156; + uint64_t x157; + uint64_t x158; + uint64_t x159; + uint64_t x160; + uint64_t x161; + fiat_secp256k1_uint1 x162; + uint64_t x163; + fiat_secp256k1_uint1 x164; + uint64_t x165; + fiat_secp256k1_uint1 x166; + uint64_t x167; + uint64_t x168; + fiat_secp256k1_uint1 x169; + uint64_t x170; + fiat_secp256k1_uint1 x171; + uint64_t x172; + fiat_secp256k1_uint1 x173; + uint64_t x174; + fiat_secp256k1_uint1 x175; + uint64_t x176; + fiat_secp256k1_uint1 x177; + uint64_t x178; + uint64_t x179; + uint64_t x180; + uint64_t x181; + uint64_t x182; + uint64_t x183; + uint64_t x184; + uint64_t x185; + uint64_t x186; + uint64_t x187; + uint64_t x188; + fiat_secp256k1_uint1 x189; + uint64_t x190; + fiat_secp256k1_uint1 x191; + uint64_t x192; + fiat_secp256k1_uint1 x193; + uint64_t x194; + uint64_t x195; + fiat_secp256k1_uint1 x196; + uint64_t x197; + fiat_secp256k1_uint1 x198; + uint64_t x199; + fiat_secp256k1_uint1 x200; + uint64_t x201; + fiat_secp256k1_uint1 x202; + uint64_t x203; + fiat_secp256k1_uint1 x204; + uint64_t x205; + uint64_t x206; + fiat_secp256k1_uint1 x207; + uint64_t x208; + fiat_secp256k1_uint1 x209; + uint64_t x210; + fiat_secp256k1_uint1 x211; + uint64_t x212; + fiat_secp256k1_uint1 x213; + uint64_t x214; + fiat_secp256k1_uint1 x215; + uint64_t x216; + uint64_t x217; + uint64_t x218; + uint64_t x219; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[0]); + fiat_secp256k1_mulx_u64(&x5, &x6, x4, (arg1[3])); + fiat_secp256k1_mulx_u64(&x7, &x8, x4, (arg1[2])); + fiat_secp256k1_mulx_u64(&x9, &x10, x4, (arg1[1])); + fiat_secp256k1_mulx_u64(&x11, &x12, x4, (arg1[0])); + fiat_secp256k1_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + fiat_secp256k1_addcarryx_u64(&x15, &x16, x14, x10, x7); + fiat_secp256k1_addcarryx_u64(&x17, &x18, x16, x8, x5); + x19 = (x18 + x6); + fiat_secp256k1_mulx_u64(&x20, &x21, x11, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x22, &x23, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x24, &x25, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x26, &x27, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x28, &x29, x20, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x30, &x31, 0x0, x29, x26); + fiat_secp256k1_addcarryx_u64(&x32, &x33, x31, x27, x24); + fiat_secp256k1_addcarryx_u64(&x34, &x35, x33, x25, x22); + x36 = (x35 + x23); + fiat_secp256k1_addcarryx_u64(&x37, &x38, 0x0, x11, x28); + fiat_secp256k1_addcarryx_u64(&x39, &x40, x38, x13, x30); + fiat_secp256k1_addcarryx_u64(&x41, &x42, x40, x15, x32); + fiat_secp256k1_addcarryx_u64(&x43, &x44, x42, x17, x34); + fiat_secp256k1_addcarryx_u64(&x45, &x46, x44, x19, x36); + fiat_secp256k1_mulx_u64(&x47, &x48, x1, (arg1[3])); + fiat_secp256k1_mulx_u64(&x49, &x50, x1, (arg1[2])); + fiat_secp256k1_mulx_u64(&x51, &x52, x1, (arg1[1])); + fiat_secp256k1_mulx_u64(&x53, &x54, x1, (arg1[0])); + fiat_secp256k1_addcarryx_u64(&x55, &x56, 0x0, x54, x51); + fiat_secp256k1_addcarryx_u64(&x57, &x58, x56, x52, x49); + fiat_secp256k1_addcarryx_u64(&x59, &x60, x58, x50, x47); + x61 = (x60 + x48); + fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x39, x53); + fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x41, x55); + fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x43, x57); + fiat_secp256k1_addcarryx_u64(&x68, &x69, x67, x45, x59); + fiat_secp256k1_addcarryx_u64(&x70, &x71, x69, x46, x61); + fiat_secp256k1_mulx_u64(&x72, &x73, x62, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x74, &x75, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x76, &x77, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x78, &x79, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x80, &x81, x72, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x82, &x83, 0x0, x81, x78); + fiat_secp256k1_addcarryx_u64(&x84, &x85, x83, x79, x76); + fiat_secp256k1_addcarryx_u64(&x86, &x87, x85, x77, x74); + x88 = (x87 + x75); + fiat_secp256k1_addcarryx_u64(&x89, &x90, 0x0, x62, x80); + fiat_secp256k1_addcarryx_u64(&x91, &x92, x90, x64, x82); + fiat_secp256k1_addcarryx_u64(&x93, &x94, x92, x66, x84); + fiat_secp256k1_addcarryx_u64(&x95, &x96, x94, x68, x86); + fiat_secp256k1_addcarryx_u64(&x97, &x98, x96, x70, x88); + x99 = ((uint64_t)x98 + x71); + fiat_secp256k1_mulx_u64(&x100, &x101, x2, (arg1[3])); + fiat_secp256k1_mulx_u64(&x102, &x103, x2, (arg1[2])); + fiat_secp256k1_mulx_u64(&x104, &x105, x2, (arg1[1])); + fiat_secp256k1_mulx_u64(&x106, &x107, x2, (arg1[0])); + fiat_secp256k1_addcarryx_u64(&x108, &x109, 0x0, x107, x104); + fiat_secp256k1_addcarryx_u64(&x110, &x111, x109, x105, x102); + fiat_secp256k1_addcarryx_u64(&x112, &x113, x111, x103, x100); + x114 = (x113 + x101); + fiat_secp256k1_addcarryx_u64(&x115, &x116, 0x0, x91, x106); + fiat_secp256k1_addcarryx_u64(&x117, &x118, x116, x93, x108); + fiat_secp256k1_addcarryx_u64(&x119, &x120, x118, x95, x110); + fiat_secp256k1_addcarryx_u64(&x121, &x122, x120, x97, x112); + fiat_secp256k1_addcarryx_u64(&x123, &x124, x122, x99, x114); + fiat_secp256k1_mulx_u64(&x125, &x126, x115, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x127, &x128, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x129, &x130, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x131, &x132, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x133, &x134, x125, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x135, &x136, 0x0, x134, x131); + fiat_secp256k1_addcarryx_u64(&x137, &x138, x136, x132, x129); + fiat_secp256k1_addcarryx_u64(&x139, &x140, x138, x130, x127); + x141 = (x140 + x128); + fiat_secp256k1_addcarryx_u64(&x142, &x143, 0x0, x115, x133); + fiat_secp256k1_addcarryx_u64(&x144, &x145, x143, x117, x135); + fiat_secp256k1_addcarryx_u64(&x146, &x147, x145, x119, x137); + fiat_secp256k1_addcarryx_u64(&x148, &x149, x147, x121, x139); + fiat_secp256k1_addcarryx_u64(&x150, &x151, x149, x123, x141); + x152 = ((uint64_t)x151 + x124); + fiat_secp256k1_mulx_u64(&x153, &x154, x3, (arg1[3])); + fiat_secp256k1_mulx_u64(&x155, &x156, x3, (arg1[2])); + fiat_secp256k1_mulx_u64(&x157, &x158, x3, (arg1[1])); + fiat_secp256k1_mulx_u64(&x159, &x160, x3, (arg1[0])); + fiat_secp256k1_addcarryx_u64(&x161, &x162, 0x0, x160, x157); + fiat_secp256k1_addcarryx_u64(&x163, &x164, x162, x158, x155); + fiat_secp256k1_addcarryx_u64(&x165, &x166, x164, x156, x153); + x167 = (x166 + x154); + fiat_secp256k1_addcarryx_u64(&x168, &x169, 0x0, x144, x159); + fiat_secp256k1_addcarryx_u64(&x170, &x171, x169, x146, x161); + fiat_secp256k1_addcarryx_u64(&x172, &x173, x171, x148, x163); + fiat_secp256k1_addcarryx_u64(&x174, &x175, x173, x150, x165); + fiat_secp256k1_addcarryx_u64(&x176, &x177, x175, x152, x167); + fiat_secp256k1_mulx_u64(&x178, &x179, x168, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x180, &x181, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x182, &x183, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x184, &x185, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x186, &x187, x178, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x188, &x189, 0x0, x187, x184); + fiat_secp256k1_addcarryx_u64(&x190, &x191, x189, x185, x182); + fiat_secp256k1_addcarryx_u64(&x192, &x193, x191, x183, x180); + x194 = (x193 + x181); + fiat_secp256k1_addcarryx_u64(&x195, &x196, 0x0, x168, x186); + fiat_secp256k1_addcarryx_u64(&x197, &x198, x196, x170, x188); + fiat_secp256k1_addcarryx_u64(&x199, &x200, x198, x172, x190); + fiat_secp256k1_addcarryx_u64(&x201, &x202, x200, x174, x192); + fiat_secp256k1_addcarryx_u64(&x203, &x204, x202, x176, x194); + x205 = ((uint64_t)x204 + x177); + fiat_secp256k1_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x212, &x213, x211, x203, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x214, &x215, x213, x205, 0x0); + fiat_secp256k1_cmovznz_u64(&x216, x215, x206, x197); + fiat_secp256k1_cmovznz_u64(&x217, x215, x208, x199); + fiat_secp256k1_cmovznz_u64(&x218, x215, x210, x201); + fiat_secp256k1_cmovznz_u64(&x219, x215, x212, x203); + out1[0] = x216; + out1[1] = x217; + out1[2] = x218; + out1[3] = x219; +} + +/* + * The function fiat_secp256k1_add adds two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_add(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1, const fiat_secp256k1_montgomery_domain_field_element arg2) { + uint64_t x1; + fiat_secp256k1_uint1 x2; + uint64_t x3; + fiat_secp256k1_uint1 x4; + uint64_t x5; + fiat_secp256k1_uint1 x6; + uint64_t x7; + fiat_secp256k1_uint1 x8; + uint64_t x9; + fiat_secp256k1_uint1 x10; + uint64_t x11; + fiat_secp256k1_uint1 x12; + uint64_t x13; + fiat_secp256k1_uint1 x14; + uint64_t x15; + fiat_secp256k1_uint1 x16; + uint64_t x17; + fiat_secp256k1_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + fiat_secp256k1_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x11, &x12, x10, x3, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x13, &x14, x12, x5, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x17, &x18, x16, x8, 0x0); + fiat_secp256k1_cmovznz_u64(&x19, x18, x9, x1); + fiat_secp256k1_cmovznz_u64(&x20, x18, x11, x3); + fiat_secp256k1_cmovznz_u64(&x21, x18, x13, x5); + fiat_secp256k1_cmovznz_u64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/* + * The function fiat_secp256k1_sub subtracts two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_sub(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1, const fiat_secp256k1_montgomery_domain_field_element arg2) { + uint64_t x1; + fiat_secp256k1_uint1 x2; + uint64_t x3; + fiat_secp256k1_uint1 x4; + uint64_t x5; + fiat_secp256k1_uint1 x6; + uint64_t x7; + fiat_secp256k1_uint1 x8; + uint64_t x9; + uint64_t x10; + fiat_secp256k1_uint1 x11; + uint64_t x12; + fiat_secp256k1_uint1 x13; + uint64_t x14; + fiat_secp256k1_uint1 x15; + uint64_t x16; + fiat_secp256k1_uint1 x17; + fiat_secp256k1_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xfffffffefffffc2f))); + fiat_secp256k1_addcarryx_u64(&x12, &x13, x11, x3, x9); + fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, x5, x9); + fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, x7, x9); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * The function fiat_secp256k1_opp negates a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_opp(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1) { + uint64_t x1; + fiat_secp256k1_uint1 x2; + uint64_t x3; + fiat_secp256k1_uint1 x4; + uint64_t x5; + fiat_secp256k1_uint1 x6; + uint64_t x7; + fiat_secp256k1_uint1 x8; + uint64_t x9; + uint64_t x10; + fiat_secp256k1_uint1 x11; + uint64_t x12; + fiat_secp256k1_uint1 x13; + uint64_t x14; + fiat_secp256k1_uint1 x15; + uint64_t x16; + fiat_secp256k1_uint1 x17; + fiat_secp256k1_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); + fiat_secp256k1_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); + fiat_secp256k1_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); + fiat_secp256k1_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_secp256k1_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xfffffffefffffc2f))); + fiat_secp256k1_addcarryx_u64(&x12, &x13, x11, x3, x9); + fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, x5, x9); + fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, x7, x9); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * The function fiat_secp256k1_from_montgomery translates a field element out of the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_from_montgomery(fiat_secp256k1_non_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + fiat_secp256k1_uint1 x13; + uint64_t x14; + fiat_secp256k1_uint1 x15; + uint64_t x16; + fiat_secp256k1_uint1 x17; + uint64_t x18; + fiat_secp256k1_uint1 x19; + uint64_t x20; + fiat_secp256k1_uint1 x21; + uint64_t x22; + fiat_secp256k1_uint1 x23; + uint64_t x24; + fiat_secp256k1_uint1 x25; + uint64_t x26; + fiat_secp256k1_uint1 x27; + uint64_t x28; + fiat_secp256k1_uint1 x29; + uint64_t x30; + fiat_secp256k1_uint1 x31; + uint64_t x32; + fiat_secp256k1_uint1 x33; + uint64_t x34; + fiat_secp256k1_uint1 x35; + uint64_t x36; + uint64_t x37; + uint64_t x38; + uint64_t x39; + uint64_t x40; + uint64_t x41; + uint64_t x42; + uint64_t x43; + uint64_t x44; + uint64_t x45; + uint64_t x46; + fiat_secp256k1_uint1 x47; + uint64_t x48; + fiat_secp256k1_uint1 x49; + uint64_t x50; + fiat_secp256k1_uint1 x51; + uint64_t x52; + fiat_secp256k1_uint1 x53; + uint64_t x54; + fiat_secp256k1_uint1 x55; + uint64_t x56; + fiat_secp256k1_uint1 x57; + uint64_t x58; + fiat_secp256k1_uint1 x59; + uint64_t x60; + fiat_secp256k1_uint1 x61; + uint64_t x62; + fiat_secp256k1_uint1 x63; + uint64_t x64; + fiat_secp256k1_uint1 x65; + uint64_t x66; + fiat_secp256k1_uint1 x67; + uint64_t x68; + fiat_secp256k1_uint1 x69; + uint64_t x70; + uint64_t x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + fiat_secp256k1_uint1 x81; + uint64_t x82; + fiat_secp256k1_uint1 x83; + uint64_t x84; + fiat_secp256k1_uint1 x85; + uint64_t x86; + fiat_secp256k1_uint1 x87; + uint64_t x88; + fiat_secp256k1_uint1 x89; + uint64_t x90; + fiat_secp256k1_uint1 x91; + uint64_t x92; + fiat_secp256k1_uint1 x93; + uint64_t x94; + fiat_secp256k1_uint1 x95; + uint64_t x96; + fiat_secp256k1_uint1 x97; + uint64_t x98; + fiat_secp256k1_uint1 x99; + uint64_t x100; + fiat_secp256k1_uint1 x101; + uint64_t x102; + fiat_secp256k1_uint1 x103; + uint64_t x104; + uint64_t x105; + uint64_t x106; + uint64_t x107; + uint64_t x108; + uint64_t x109; + uint64_t x110; + uint64_t x111; + uint64_t x112; + uint64_t x113; + uint64_t x114; + fiat_secp256k1_uint1 x115; + uint64_t x116; + fiat_secp256k1_uint1 x117; + uint64_t x118; + fiat_secp256k1_uint1 x119; + uint64_t x120; + fiat_secp256k1_uint1 x121; + uint64_t x122; + fiat_secp256k1_uint1 x123; + uint64_t x124; + fiat_secp256k1_uint1 x125; + uint64_t x126; + fiat_secp256k1_uint1 x127; + uint64_t x128; + fiat_secp256k1_uint1 x129; + uint64_t x130; + fiat_secp256k1_uint1 x131; + uint64_t x132; + fiat_secp256k1_uint1 x133; + uint64_t x134; + fiat_secp256k1_uint1 x135; + uint64_t x136; + fiat_secp256k1_uint1 x137; + uint64_t x138; + fiat_secp256k1_uint1 x139; + uint64_t x140; + uint64_t x141; + uint64_t x142; + uint64_t x143; + x1 = (arg1[0]); + fiat_secp256k1_mulx_u64(&x2, &x3, x1, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x4, &x5, x2, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x6, &x7, x2, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x8, &x9, x2, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x10, &x11, x2, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x12, &x13, 0x0, x11, x8); + fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, x9, x6); + fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, x7, x4); + fiat_secp256k1_addcarryx_u64(&x18, &x19, 0x0, x1, x10); + fiat_secp256k1_addcarryx_u64(&x20, &x21, x19, 0x0, x12); + fiat_secp256k1_addcarryx_u64(&x22, &x23, x21, 0x0, x14); + fiat_secp256k1_addcarryx_u64(&x24, &x25, x23, 0x0, x16); + fiat_secp256k1_addcarryx_u64(&x26, &x27, x25, 0x0, (x17 + x5)); + fiat_secp256k1_addcarryx_u64(&x28, &x29, 0x0, x20, (arg1[1])); + fiat_secp256k1_addcarryx_u64(&x30, &x31, x29, x22, 0x0); + fiat_secp256k1_addcarryx_u64(&x32, &x33, x31, x24, 0x0); + fiat_secp256k1_addcarryx_u64(&x34, &x35, x33, x26, 0x0); + fiat_secp256k1_mulx_u64(&x36, &x37, x28, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x38, &x39, x36, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x40, &x41, x36, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x42, &x43, x36, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x44, &x45, x36, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x46, &x47, 0x0, x45, x42); + fiat_secp256k1_addcarryx_u64(&x48, &x49, x47, x43, x40); + fiat_secp256k1_addcarryx_u64(&x50, &x51, x49, x41, x38); + fiat_secp256k1_addcarryx_u64(&x52, &x53, 0x0, x28, x44); + fiat_secp256k1_addcarryx_u64(&x54, &x55, x53, x30, x46); + fiat_secp256k1_addcarryx_u64(&x56, &x57, x55, x32, x48); + fiat_secp256k1_addcarryx_u64(&x58, &x59, x57, x34, x50); + fiat_secp256k1_addcarryx_u64(&x60, &x61, x59, ((uint64_t)x35 + x27), (x51 + x39)); + fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x54, (arg1[2])); + fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x56, 0x0); + fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x58, 0x0); + fiat_secp256k1_addcarryx_u64(&x68, &x69, x67, x60, 0x0); + fiat_secp256k1_mulx_u64(&x70, &x71, x62, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x72, &x73, x70, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x74, &x75, x70, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x76, &x77, x70, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x78, &x79, x70, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x80, &x81, 0x0, x79, x76); + fiat_secp256k1_addcarryx_u64(&x82, &x83, x81, x77, x74); + fiat_secp256k1_addcarryx_u64(&x84, &x85, x83, x75, x72); + fiat_secp256k1_addcarryx_u64(&x86, &x87, 0x0, x62, x78); + fiat_secp256k1_addcarryx_u64(&x88, &x89, x87, x64, x80); + fiat_secp256k1_addcarryx_u64(&x90, &x91, x89, x66, x82); + fiat_secp256k1_addcarryx_u64(&x92, &x93, x91, x68, x84); + fiat_secp256k1_addcarryx_u64(&x94, &x95, x93, ((uint64_t)x69 + x61), (x85 + x73)); + fiat_secp256k1_addcarryx_u64(&x96, &x97, 0x0, x88, (arg1[3])); + fiat_secp256k1_addcarryx_u64(&x98, &x99, x97, x90, 0x0); + fiat_secp256k1_addcarryx_u64(&x100, &x101, x99, x92, 0x0); + fiat_secp256k1_addcarryx_u64(&x102, &x103, x101, x94, 0x0); + fiat_secp256k1_mulx_u64(&x104, &x105, x96, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x106, &x107, x104, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x108, &x109, x104, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x110, &x111, x104, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x112, &x113, x104, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x114, &x115, 0x0, x113, x110); + fiat_secp256k1_addcarryx_u64(&x116, &x117, x115, x111, x108); + fiat_secp256k1_addcarryx_u64(&x118, &x119, x117, x109, x106); + fiat_secp256k1_addcarryx_u64(&x120, &x121, 0x0, x96, x112); + fiat_secp256k1_addcarryx_u64(&x122, &x123, x121, x98, x114); + fiat_secp256k1_addcarryx_u64(&x124, &x125, x123, x100, x116); + fiat_secp256k1_addcarryx_u64(&x126, &x127, x125, x102, x118); + fiat_secp256k1_addcarryx_u64(&x128, &x129, x127, ((uint64_t)x103 + x95), (x119 + x107)); + fiat_secp256k1_subborrowx_u64(&x130, &x131, 0x0, x122, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x132, &x133, x131, x124, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x134, &x135, x133, x126, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x136, &x137, x135, x128, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x138, &x139, x137, x129, 0x0); + fiat_secp256k1_cmovznz_u64(&x140, x139, x130, x122); + fiat_secp256k1_cmovznz_u64(&x141, x139, x132, x124); + fiat_secp256k1_cmovznz_u64(&x142, x139, x134, x126); + fiat_secp256k1_cmovznz_u64(&x143, x139, x136, x128); + out1[0] = x140; + out1[1] = x141; + out1[2] = x142; + out1[3] = x143; +} + +/* + * The function fiat_secp256k1_to_montgomery translates a field element into the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = eval arg1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_to_montgomery(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_non_montgomery_domain_field_element arg1) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + fiat_secp256k1_uint1 x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + uint64_t x14; + uint64_t x15; + uint64_t x16; + uint64_t x17; + uint64_t x18; + uint64_t x19; + fiat_secp256k1_uint1 x20; + uint64_t x21; + fiat_secp256k1_uint1 x22; + uint64_t x23; + fiat_secp256k1_uint1 x24; + uint64_t x25; + fiat_secp256k1_uint1 x26; + uint64_t x27; + fiat_secp256k1_uint1 x28; + uint64_t x29; + fiat_secp256k1_uint1 x30; + uint64_t x31; + fiat_secp256k1_uint1 x32; + uint64_t x33; + fiat_secp256k1_uint1 x34; + uint64_t x35; + uint64_t x36; + uint64_t x37; + fiat_secp256k1_uint1 x38; + uint64_t x39; + fiat_secp256k1_uint1 x40; + uint64_t x41; + fiat_secp256k1_uint1 x42; + uint64_t x43; + fiat_secp256k1_uint1 x44; + uint64_t x45; + fiat_secp256k1_uint1 x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + uint64_t x56; + uint64_t x57; + fiat_secp256k1_uint1 x58; + uint64_t x59; + fiat_secp256k1_uint1 x60; + uint64_t x61; + fiat_secp256k1_uint1 x62; + uint64_t x63; + fiat_secp256k1_uint1 x64; + uint64_t x65; + fiat_secp256k1_uint1 x66; + uint64_t x67; + fiat_secp256k1_uint1 x68; + uint64_t x69; + fiat_secp256k1_uint1 x70; + uint64_t x71; + fiat_secp256k1_uint1 x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + fiat_secp256k1_uint1 x76; + uint64_t x77; + fiat_secp256k1_uint1 x78; + uint64_t x79; + fiat_secp256k1_uint1 x80; + uint64_t x81; + fiat_secp256k1_uint1 x82; + uint64_t x83; + fiat_secp256k1_uint1 x84; + uint64_t x85; + uint64_t x86; + uint64_t x87; + uint64_t x88; + uint64_t x89; + uint64_t x90; + uint64_t x91; + uint64_t x92; + uint64_t x93; + uint64_t x94; + uint64_t x95; + fiat_secp256k1_uint1 x96; + uint64_t x97; + fiat_secp256k1_uint1 x98; + uint64_t x99; + fiat_secp256k1_uint1 x100; + uint64_t x101; + fiat_secp256k1_uint1 x102; + uint64_t x103; + fiat_secp256k1_uint1 x104; + uint64_t x105; + fiat_secp256k1_uint1 x106; + uint64_t x107; + fiat_secp256k1_uint1 x108; + uint64_t x109; + fiat_secp256k1_uint1 x110; + uint64_t x111; + uint64_t x112; + uint64_t x113; + fiat_secp256k1_uint1 x114; + uint64_t x115; + fiat_secp256k1_uint1 x116; + uint64_t x117; + fiat_secp256k1_uint1 x118; + uint64_t x119; + fiat_secp256k1_uint1 x120; + uint64_t x121; + fiat_secp256k1_uint1 x122; + uint64_t x123; + uint64_t x124; + uint64_t x125; + uint64_t x126; + uint64_t x127; + uint64_t x128; + uint64_t x129; + uint64_t x130; + uint64_t x131; + uint64_t x132; + uint64_t x133; + fiat_secp256k1_uint1 x134; + uint64_t x135; + fiat_secp256k1_uint1 x136; + uint64_t x137; + fiat_secp256k1_uint1 x138; + uint64_t x139; + fiat_secp256k1_uint1 x140; + uint64_t x141; + fiat_secp256k1_uint1 x142; + uint64_t x143; + fiat_secp256k1_uint1 x144; + uint64_t x145; + fiat_secp256k1_uint1 x146; + uint64_t x147; + fiat_secp256k1_uint1 x148; + uint64_t x149; + fiat_secp256k1_uint1 x150; + uint64_t x151; + fiat_secp256k1_uint1 x152; + uint64_t x153; + fiat_secp256k1_uint1 x154; + uint64_t x155; + fiat_secp256k1_uint1 x156; + uint64_t x157; + fiat_secp256k1_uint1 x158; + uint64_t x159; + uint64_t x160; + uint64_t x161; + uint64_t x162; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[0]); + fiat_secp256k1_mulx_u64(&x5, &x6, x4, UINT64_C(0x7a2000e90a1)); + fiat_secp256k1_addcarryx_u64(&x7, &x8, 0x0, x6, x4); + fiat_secp256k1_mulx_u64(&x9, &x10, x5, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x11, &x12, x9, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x13, &x14, x9, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x15, &x16, x9, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x17, &x18, x9, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x19, &x20, 0x0, x18, x15); + fiat_secp256k1_addcarryx_u64(&x21, &x22, x20, x16, x13); + fiat_secp256k1_addcarryx_u64(&x23, &x24, x22, x14, x11); + fiat_secp256k1_addcarryx_u64(&x25, &x26, 0x0, x5, x17); + fiat_secp256k1_addcarryx_u64(&x27, &x28, x26, x7, x19); + fiat_secp256k1_addcarryx_u64(&x29, &x30, x28, x8, x21); + fiat_secp256k1_addcarryx_u64(&x31, &x32, x30, 0x0, x23); + fiat_secp256k1_addcarryx_u64(&x33, &x34, x32, 0x0, (x24 + x12)); + fiat_secp256k1_mulx_u64(&x35, &x36, x1, UINT64_C(0x7a2000e90a1)); + fiat_secp256k1_addcarryx_u64(&x37, &x38, 0x0, x36, x1); + fiat_secp256k1_addcarryx_u64(&x39, &x40, 0x0, x27, x35); + fiat_secp256k1_addcarryx_u64(&x41, &x42, x40, x29, x37); + fiat_secp256k1_addcarryx_u64(&x43, &x44, x42, x31, x38); + fiat_secp256k1_addcarryx_u64(&x45, &x46, x44, x33, 0x0); + fiat_secp256k1_mulx_u64(&x47, &x48, x39, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x49, &x50, x47, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x51, &x52, x47, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x53, &x54, x47, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x55, &x56, x47, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x57, &x58, 0x0, x56, x53); + fiat_secp256k1_addcarryx_u64(&x59, &x60, x58, x54, x51); + fiat_secp256k1_addcarryx_u64(&x61, &x62, x60, x52, x49); + fiat_secp256k1_addcarryx_u64(&x63, &x64, 0x0, x39, x55); + fiat_secp256k1_addcarryx_u64(&x65, &x66, x64, x41, x57); + fiat_secp256k1_addcarryx_u64(&x67, &x68, x66, x43, x59); + fiat_secp256k1_addcarryx_u64(&x69, &x70, x68, x45, x61); + fiat_secp256k1_addcarryx_u64(&x71, &x72, x70, ((uint64_t)x46 + x34), (x62 + x50)); + fiat_secp256k1_mulx_u64(&x73, &x74, x2, UINT64_C(0x7a2000e90a1)); + fiat_secp256k1_addcarryx_u64(&x75, &x76, 0x0, x74, x2); + fiat_secp256k1_addcarryx_u64(&x77, &x78, 0x0, x65, x73); + fiat_secp256k1_addcarryx_u64(&x79, &x80, x78, x67, x75); + fiat_secp256k1_addcarryx_u64(&x81, &x82, x80, x69, x76); + fiat_secp256k1_addcarryx_u64(&x83, &x84, x82, x71, 0x0); + fiat_secp256k1_mulx_u64(&x85, &x86, x77, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x87, &x88, x85, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x89, &x90, x85, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x91, &x92, x85, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x93, &x94, x85, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x95, &x96, 0x0, x94, x91); + fiat_secp256k1_addcarryx_u64(&x97, &x98, x96, x92, x89); + fiat_secp256k1_addcarryx_u64(&x99, &x100, x98, x90, x87); + fiat_secp256k1_addcarryx_u64(&x101, &x102, 0x0, x77, x93); + fiat_secp256k1_addcarryx_u64(&x103, &x104, x102, x79, x95); + fiat_secp256k1_addcarryx_u64(&x105, &x106, x104, x81, x97); + fiat_secp256k1_addcarryx_u64(&x107, &x108, x106, x83, x99); + fiat_secp256k1_addcarryx_u64(&x109, &x110, x108, ((uint64_t)x84 + x72), (x100 + x88)); + fiat_secp256k1_mulx_u64(&x111, &x112, x3, UINT64_C(0x7a2000e90a1)); + fiat_secp256k1_addcarryx_u64(&x113, &x114, 0x0, x112, x3); + fiat_secp256k1_addcarryx_u64(&x115, &x116, 0x0, x103, x111); + fiat_secp256k1_addcarryx_u64(&x117, &x118, x116, x105, x113); + fiat_secp256k1_addcarryx_u64(&x119, &x120, x118, x107, x114); + fiat_secp256k1_addcarryx_u64(&x121, &x122, x120, x109, 0x0); + fiat_secp256k1_mulx_u64(&x123, &x124, x115, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x125, &x126, x123, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x127, &x128, x123, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x129, &x130, x123, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x131, &x132, x123, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_addcarryx_u64(&x133, &x134, 0x0, x132, x129); + fiat_secp256k1_addcarryx_u64(&x135, &x136, x134, x130, x127); + fiat_secp256k1_addcarryx_u64(&x137, &x138, x136, x128, x125); + fiat_secp256k1_addcarryx_u64(&x139, &x140, 0x0, x115, x131); + fiat_secp256k1_addcarryx_u64(&x141, &x142, x140, x117, x133); + fiat_secp256k1_addcarryx_u64(&x143, &x144, x142, x119, x135); + fiat_secp256k1_addcarryx_u64(&x145, &x146, x144, x121, x137); + fiat_secp256k1_addcarryx_u64(&x147, &x148, x146, ((uint64_t)x122 + x110), (x138 + x126)); + fiat_secp256k1_subborrowx_u64(&x149, &x150, 0x0, x141, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x151, &x152, x150, x143, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x153, &x154, x152, x145, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x155, &x156, x154, x147, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x157, &x158, x156, x148, 0x0); + fiat_secp256k1_cmovznz_u64(&x159, x158, x149, x141); + fiat_secp256k1_cmovznz_u64(&x160, x158, x151, x143); + fiat_secp256k1_cmovznz_u64(&x161, x158, x153, x145); + fiat_secp256k1_cmovznz_u64(&x162, x158, x155, x147); + out1[0] = x159; + out1[1] = x160; + out1[2] = x161; + out1[3] = x162; +} + +/* + * The function fiat_secp256k1_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_nonzero(uint64_t* out1, const uint64_t arg1[4]) { + uint64_t x1; + x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + *out1 = x1; +} + +/* + * The function fiat_secp256k1_selectznz is a multi-limb conditional select. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_selectznz(uint64_t out1[4], fiat_secp256k1_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + fiat_secp256k1_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); + fiat_secp256k1_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); + fiat_secp256k1_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + fiat_secp256k1_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + +/* + * The function fiat_secp256k1_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint8_t x5; + uint64_t x6; + uint8_t x7; + uint64_t x8; + uint8_t x9; + uint64_t x10; + uint8_t x11; + uint64_t x12; + uint8_t x13; + uint64_t x14; + uint8_t x15; + uint64_t x16; + uint8_t x17; + uint8_t x18; + uint8_t x19; + uint64_t x20; + uint8_t x21; + uint64_t x22; + uint8_t x23; + uint64_t x24; + uint8_t x25; + uint64_t x26; + uint8_t x27; + uint64_t x28; + uint8_t x29; + uint64_t x30; + uint8_t x31; + uint8_t x32; + uint8_t x33; + uint64_t x34; + uint8_t x35; + uint64_t x36; + uint8_t x37; + uint64_t x38; + uint8_t x39; + uint64_t x40; + uint8_t x41; + uint64_t x42; + uint8_t x43; + uint64_t x44; + uint8_t x45; + uint8_t x46; + uint8_t x47; + uint64_t x48; + uint8_t x49; + uint64_t x50; + uint8_t x51; + uint64_t x52; + uint8_t x53; + uint64_t x54; + uint8_t x55; + uint64_t x56; + uint8_t x57; + uint64_t x58; + uint8_t x59; + uint8_t x60; + x1 = (arg1[3]); + x2 = (arg1[2]); + x3 = (arg1[1]); + x4 = (arg1[0]); + x5 = (uint8_t)(x4 & UINT8_C(0xff)); + x6 = (x4 >> 8); + x7 = (uint8_t)(x6 & UINT8_C(0xff)); + x8 = (x6 >> 8); + x9 = (uint8_t)(x8 & UINT8_C(0xff)); + x10 = (x8 >> 8); + x11 = (uint8_t)(x10 & UINT8_C(0xff)); + x12 = (x10 >> 8); + x13 = (uint8_t)(x12 & UINT8_C(0xff)); + x14 = (x12 >> 8); + x15 = (uint8_t)(x14 & UINT8_C(0xff)); + x16 = (x14 >> 8); + x17 = (uint8_t)(x16 & UINT8_C(0xff)); + x18 = (uint8_t)(x16 >> 8); + x19 = (uint8_t)(x3 & UINT8_C(0xff)); + x20 = (x3 >> 8); + x21 = (uint8_t)(x20 & UINT8_C(0xff)); + x22 = (x20 >> 8); + x23 = (uint8_t)(x22 & UINT8_C(0xff)); + x24 = (x22 >> 8); + x25 = (uint8_t)(x24 & UINT8_C(0xff)); + x26 = (x24 >> 8); + x27 = (uint8_t)(x26 & UINT8_C(0xff)); + x28 = (x26 >> 8); + x29 = (uint8_t)(x28 & UINT8_C(0xff)); + x30 = (x28 >> 8); + x31 = (uint8_t)(x30 & UINT8_C(0xff)); + x32 = (uint8_t)(x30 >> 8); + x33 = (uint8_t)(x2 & UINT8_C(0xff)); + x34 = (x2 >> 8); + x35 = (uint8_t)(x34 & UINT8_C(0xff)); + x36 = (x34 >> 8); + x37 = (uint8_t)(x36 & UINT8_C(0xff)); + x38 = (x36 >> 8); + x39 = (uint8_t)(x38 & UINT8_C(0xff)); + x40 = (x38 >> 8); + x41 = (uint8_t)(x40 & UINT8_C(0xff)); + x42 = (x40 >> 8); + x43 = (uint8_t)(x42 & UINT8_C(0xff)); + x44 = (x42 >> 8); + x45 = (uint8_t)(x44 & UINT8_C(0xff)); + x46 = (uint8_t)(x44 >> 8); + x47 = (uint8_t)(x1 & UINT8_C(0xff)); + x48 = (x1 >> 8); + x49 = (uint8_t)(x48 & UINT8_C(0xff)); + x50 = (x48 >> 8); + x51 = (uint8_t)(x50 & UINT8_C(0xff)); + x52 = (x50 >> 8); + x53 = (uint8_t)(x52 & UINT8_C(0xff)); + x54 = (x52 >> 8); + x55 = (uint8_t)(x54 & UINT8_C(0xff)); + x56 = (x54 >> 8); + x57 = (uint8_t)(x56 & UINT8_C(0xff)); + x58 = (x56 >> 8); + x59 = (uint8_t)(x58 & UINT8_C(0xff)); + x60 = (uint8_t)(x58 >> 8); + out1[0] = x5; + out1[1] = x7; + out1[2] = x9; + out1[3] = x11; + out1[4] = x13; + out1[5] = x15; + out1[6] = x17; + out1[7] = x18; + out1[8] = x19; + out1[9] = x21; + out1[10] = x23; + out1[11] = x25; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x39; + out1[20] = x41; + out1[21] = x43; + out1[22] = x45; + out1[23] = x46; + out1[24] = x47; + out1[25] = x49; + out1[26] = x51; + out1[27] = x53; + out1[28] = x55; + out1[29] = x57; + out1[30] = x59; + out1[31] = x60; +} + +/* + * The function fiat_secp256k1_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. + * + * Preconditions: + * 0 ≤ bytes_eval arg1 < m + * Postconditions: + * eval out1 mod m = bytes_eval arg1 mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint8_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + uint64_t x14; + uint64_t x15; + uint8_t x16; + uint64_t x17; + uint64_t x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint8_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + uint64_t x31; + uint8_t x32; + uint64_t x33; + uint64_t x34; + uint64_t x35; + uint64_t x36; + uint64_t x37; + uint64_t x38; + uint64_t x39; + uint64_t x40; + uint64_t x41; + uint64_t x42; + uint64_t x43; + uint64_t x44; + uint64_t x45; + uint64_t x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + uint64_t x56; + uint64_t x57; + uint64_t x58; + uint64_t x59; + uint64_t x60; + x1 = ((uint64_t)(arg1[31]) << 56); + x2 = ((uint64_t)(arg1[30]) << 48); + x3 = ((uint64_t)(arg1[29]) << 40); + x4 = ((uint64_t)(arg1[28]) << 32); + x5 = ((uint64_t)(arg1[27]) << 24); + x6 = ((uint64_t)(arg1[26]) << 16); + x7 = ((uint64_t)(arg1[25]) << 8); + x8 = (arg1[24]); + x9 = ((uint64_t)(arg1[23]) << 56); + x10 = ((uint64_t)(arg1[22]) << 48); + x11 = ((uint64_t)(arg1[21]) << 40); + x12 = ((uint64_t)(arg1[20]) << 32); + x13 = ((uint64_t)(arg1[19]) << 24); + x14 = ((uint64_t)(arg1[18]) << 16); + x15 = ((uint64_t)(arg1[17]) << 8); + x16 = (arg1[16]); + x17 = ((uint64_t)(arg1[15]) << 56); + x18 = ((uint64_t)(arg1[14]) << 48); + x19 = ((uint64_t)(arg1[13]) << 40); + x20 = ((uint64_t)(arg1[12]) << 32); + x21 = ((uint64_t)(arg1[11]) << 24); + x22 = ((uint64_t)(arg1[10]) << 16); + x23 = ((uint64_t)(arg1[9]) << 8); + x24 = (arg1[8]); + x25 = ((uint64_t)(arg1[7]) << 56); + x26 = ((uint64_t)(arg1[6]) << 48); + x27 = ((uint64_t)(arg1[5]) << 40); + x28 = ((uint64_t)(arg1[4]) << 32); + x29 = ((uint64_t)(arg1[3]) << 24); + x30 = ((uint64_t)(arg1[2]) << 16); + x31 = ((uint64_t)(arg1[1]) << 8); + x32 = (arg1[0]); + x33 = (x31 + (uint64_t)x32); + x34 = (x30 + x33); + x35 = (x29 + x34); + x36 = (x28 + x35); + x37 = (x27 + x36); + x38 = (x26 + x37); + x39 = (x25 + x38); + x40 = (x23 + (uint64_t)x24); + x41 = (x22 + x40); + x42 = (x21 + x41); + x43 = (x20 + x42); + x44 = (x19 + x43); + x45 = (x18 + x44); + x46 = (x17 + x45); + x47 = (x15 + (uint64_t)x16); + x48 = (x14 + x47); + x49 = (x13 + x48); + x50 = (x12 + x49); + x51 = (x11 + x50); + x52 = (x10 + x51); + x53 = (x9 + x52); + x54 = (x7 + (uint64_t)x8); + x55 = (x6 + x54); + x56 = (x5 + x55); + x57 = (x4 + x56); + x58 = (x3 + x57); + x59 = (x2 + x58); + x60 = (x1 + x59); + out1[0] = x39; + out1[1] = x46; + out1[2] = x53; + out1[3] = x60; +} + +/* + * The function fiat_secp256k1_set_one returns the field element one in the Montgomery domain. + * + * Postconditions: + * eval (from_montgomery out1) mod m = 1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_set_one(fiat_secp256k1_montgomery_domain_field_element out1) { + out1[0] = UINT64_C(0x1000003d1); + out1[1] = 0x0; + out1[2] = 0x0; + out1[3] = 0x0; +} + +/* + * The function fiat_secp256k1_msat returns the saturated representation of the prime modulus. + * + * Postconditions: + * twos_complement_eval out1 = m + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_msat(uint64_t out1[5]) { + out1[0] = UINT64_C(0xfffffffefffffc2f); + out1[1] = UINT64_C(0xffffffffffffffff); + out1[2] = UINT64_C(0xffffffffffffffff); + out1[3] = UINT64_C(0xffffffffffffffff); + out1[4] = 0x0; +} + +/* + * The function fiat_secp256k1_divstep computes a divstep. + * + * Preconditions: + * 0 ≤ eval arg4 < m + * 0 ≤ eval arg5 < m + * Postconditions: + * out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) + * twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) + * twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) + * eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) + * eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) + * 0 ≤ eval out5 < m + * 0 ≤ eval out5 < m + * 0 ≤ eval out2 < m + * 0 ≤ eval out3 < m + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5], uint64_t out4[4], uint64_t out5[4], uint64_t arg1, const uint64_t arg2[5], const uint64_t arg3[5], const uint64_t arg4[4], const uint64_t arg5[4]) { + uint64_t x1; + fiat_secp256k1_uint1 x2; + fiat_secp256k1_uint1 x3; + uint64_t x4; + fiat_secp256k1_uint1 x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + fiat_secp256k1_uint1 x13; + uint64_t x14; + fiat_secp256k1_uint1 x15; + uint64_t x16; + fiat_secp256k1_uint1 x17; + uint64_t x18; + fiat_secp256k1_uint1 x19; + uint64_t x20; + fiat_secp256k1_uint1 x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + uint64_t x31; + fiat_secp256k1_uint1 x32; + uint64_t x33; + fiat_secp256k1_uint1 x34; + uint64_t x35; + fiat_secp256k1_uint1 x36; + uint64_t x37; + fiat_secp256k1_uint1 x38; + uint64_t x39; + fiat_secp256k1_uint1 x40; + uint64_t x41; + fiat_secp256k1_uint1 x42; + uint64_t x43; + fiat_secp256k1_uint1 x44; + uint64_t x45; + fiat_secp256k1_uint1 x46; + uint64_t x47; + fiat_secp256k1_uint1 x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + fiat_secp256k1_uint1 x54; + uint64_t x55; + fiat_secp256k1_uint1 x56; + uint64_t x57; + fiat_secp256k1_uint1 x58; + uint64_t x59; + fiat_secp256k1_uint1 x60; + uint64_t x61; + uint64_t x62; + fiat_secp256k1_uint1 x63; + uint64_t x64; + fiat_secp256k1_uint1 x65; + uint64_t x66; + fiat_secp256k1_uint1 x67; + uint64_t x68; + fiat_secp256k1_uint1 x69; + uint64_t x70; + uint64_t x71; + uint64_t x72; + uint64_t x73; + fiat_secp256k1_uint1 x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + fiat_secp256k1_uint1 x81; + uint64_t x82; + fiat_secp256k1_uint1 x83; + uint64_t x84; + fiat_secp256k1_uint1 x85; + uint64_t x86; + fiat_secp256k1_uint1 x87; + uint64_t x88; + fiat_secp256k1_uint1 x89; + uint64_t x90; + uint64_t x91; + uint64_t x92; + uint64_t x93; + uint64_t x94; + fiat_secp256k1_uint1 x95; + uint64_t x96; + fiat_secp256k1_uint1 x97; + uint64_t x98; + fiat_secp256k1_uint1 x99; + uint64_t x100; + fiat_secp256k1_uint1 x101; + uint64_t x102; + fiat_secp256k1_uint1 x103; + uint64_t x104; + fiat_secp256k1_uint1 x105; + uint64_t x106; + fiat_secp256k1_uint1 x107; + uint64_t x108; + fiat_secp256k1_uint1 x109; + uint64_t x110; + fiat_secp256k1_uint1 x111; + uint64_t x112; + fiat_secp256k1_uint1 x113; + uint64_t x114; + uint64_t x115; + uint64_t x116; + uint64_t x117; + uint64_t x118; + uint64_t x119; + uint64_t x120; + uint64_t x121; + uint64_t x122; + uint64_t x123; + uint64_t x124; + uint64_t x125; + uint64_t x126; + fiat_secp256k1_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); + x3 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint1)(x1 >> 63) & (fiat_secp256k1_uint1)((arg3[0]) & 0x1)); + fiat_secp256k1_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_secp256k1_cmovznz_u64(&x6, x3, arg1, x4); + fiat_secp256k1_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); + fiat_secp256k1_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); + fiat_secp256k1_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); + fiat_secp256k1_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); + fiat_secp256k1_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); + fiat_secp256k1_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0]))); + fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1]))); + fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2]))); + fiat_secp256k1_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3]))); + fiat_secp256k1_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4]))); + fiat_secp256k1_cmovznz_u64(&x22, x3, (arg3[0]), x12); + fiat_secp256k1_cmovznz_u64(&x23, x3, (arg3[1]), x14); + fiat_secp256k1_cmovznz_u64(&x24, x3, (arg3[2]), x16); + fiat_secp256k1_cmovznz_u64(&x25, x3, (arg3[3]), x18); + fiat_secp256k1_cmovznz_u64(&x26, x3, (arg3[4]), x20); + fiat_secp256k1_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0])); + fiat_secp256k1_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1])); + fiat_secp256k1_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2])); + fiat_secp256k1_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3])); + fiat_secp256k1_addcarryx_u64(&x31, &x32, 0x0, x27, x27); + fiat_secp256k1_addcarryx_u64(&x33, &x34, x32, x28, x28); + fiat_secp256k1_addcarryx_u64(&x35, &x36, x34, x29, x29); + fiat_secp256k1_addcarryx_u64(&x37, &x38, x36, x30, x30); + fiat_secp256k1_subborrowx_u64(&x39, &x40, 0x0, x31, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x41, &x42, x40, x33, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x43, &x44, x42, x35, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x45, &x46, x44, x37, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x47, &x48, x46, x38, 0x0); + x49 = (arg4[3]); + x50 = (arg4[2]); + x51 = (arg4[1]); + x52 = (arg4[0]); + fiat_secp256k1_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52); + fiat_secp256k1_subborrowx_u64(&x55, &x56, x54, 0x0, x51); + fiat_secp256k1_subborrowx_u64(&x57, &x58, x56, 0x0, x50); + fiat_secp256k1_subborrowx_u64(&x59, &x60, x58, 0x0, x49); + fiat_secp256k1_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x53, (x61 & UINT64_C(0xfffffffefffffc2f))); + fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x55, x61); + fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x57, x61); + fiat_secp256k1_addcarryx_u64(&x68, &x69, x67, x59, x61); + fiat_secp256k1_cmovznz_u64(&x70, x3, (arg5[0]), x62); + fiat_secp256k1_cmovznz_u64(&x71, x3, (arg5[1]), x64); + fiat_secp256k1_cmovznz_u64(&x72, x3, (arg5[2]), x66); + fiat_secp256k1_cmovznz_u64(&x73, x3, (arg5[3]), x68); + x74 = (fiat_secp256k1_uint1)(x22 & 0x1); + fiat_secp256k1_cmovznz_u64(&x75, x74, 0x0, x7); + fiat_secp256k1_cmovznz_u64(&x76, x74, 0x0, x8); + fiat_secp256k1_cmovznz_u64(&x77, x74, 0x0, x9); + fiat_secp256k1_cmovznz_u64(&x78, x74, 0x0, x10); + fiat_secp256k1_cmovznz_u64(&x79, x74, 0x0, x11); + fiat_secp256k1_addcarryx_u64(&x80, &x81, 0x0, x22, x75); + fiat_secp256k1_addcarryx_u64(&x82, &x83, x81, x23, x76); + fiat_secp256k1_addcarryx_u64(&x84, &x85, x83, x24, x77); + fiat_secp256k1_addcarryx_u64(&x86, &x87, x85, x25, x78); + fiat_secp256k1_addcarryx_u64(&x88, &x89, x87, x26, x79); + fiat_secp256k1_cmovznz_u64(&x90, x74, 0x0, x27); + fiat_secp256k1_cmovznz_u64(&x91, x74, 0x0, x28); + fiat_secp256k1_cmovznz_u64(&x92, x74, 0x0, x29); + fiat_secp256k1_cmovznz_u64(&x93, x74, 0x0, x30); + fiat_secp256k1_addcarryx_u64(&x94, &x95, 0x0, x70, x90); + fiat_secp256k1_addcarryx_u64(&x96, &x97, x95, x71, x91); + fiat_secp256k1_addcarryx_u64(&x98, &x99, x97, x72, x92); + fiat_secp256k1_addcarryx_u64(&x100, &x101, x99, x73, x93); + fiat_secp256k1_subborrowx_u64(&x102, &x103, 0x0, x94, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x106, &x107, x105, x98, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x110, &x111, x109, x101, 0x0); + fiat_secp256k1_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); + x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff))); + x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff))); + x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff))); + x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff))); + x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1)); + fiat_secp256k1_cmovznz_u64(&x119, x48, x39, x31); + fiat_secp256k1_cmovznz_u64(&x120, x48, x41, x33); + fiat_secp256k1_cmovznz_u64(&x121, x48, x43, x35); + fiat_secp256k1_cmovznz_u64(&x122, x48, x45, x37); + fiat_secp256k1_cmovznz_u64(&x123, x111, x102, x94); + fiat_secp256k1_cmovznz_u64(&x124, x111, x104, x96); + fiat_secp256k1_cmovznz_u64(&x125, x111, x106, x98); + fiat_secp256k1_cmovznz_u64(&x126, x111, x108, x100); + *out1 = x112; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out3[0] = x114; + out3[1] = x115; + out3[2] = x116; + out3[3] = x117; + out3[4] = x118; + out4[0] = x119; + out4[1] = x120; + out4[2] = x121; + out4[3] = x122; + out5[0] = x123; + out5[1] = x124; + out5[2] = x125; + out5[3] = x126; +} + +/* + * The function fiat_secp256k1_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). + * + * Postconditions: + * eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_divstep_precomp(uint64_t out1[4]) { + out1[0] = UINT64_C(0xf201a41831525e0a); + out1[1] = UINT64_C(0x9953f9ddcd648d85); + out1[2] = UINT64_C(0xe86029463db210a9); + out1[3] = UINT64_C(0x24fb8a3104b03709); +} + + +/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier secp256k1_montgomery_scalar 64 '2^256 - 432420386565659656852420866394968145599' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ +/* curve description: secp256k1_montgomery_scalar */ +/* machine_wordsize = 64 (from "64") */ +/* requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp */ +/* m = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 (from "2^256 - 432420386565659656852420866394968145599") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ +/* */ +/* Computed values: */ +/* eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) */ +/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */ +/* twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in */ +/* if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 */ + +#include +typedef unsigned char fiat_secp256k1_scalar_uint1; +typedef signed char fiat_secp256k1_scalar_int1; +#if defined(__GNUC__) || defined(__clang__) +# define FIAT_SECP256K1_SCALAR_FIAT_EXTENSION __extension__ +# define FIAT_SECP256K1_SCALAR_FIAT_INLINE __inline__ +#else +# define FIAT_SECP256K1_SCALAR_FIAT_EXTENSION +# define FIAT_SECP256K1_SCALAR_FIAT_INLINE +#endif + +FIAT_SECP256K1_SCALAR_FIAT_EXTENSION typedef signed __int128 fiat_secp256k1_scalar_int128; +FIAT_SECP256K1_SCALAR_FIAT_EXTENSION typedef unsigned __int128 fiat_secp256k1_scalar_uint128; + +/* The type fiat_secp256k1_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +typedef uint64_t fiat_secp256k1_scalar_montgomery_domain_field_element[4]; + +/* The type fiat_secp256k1_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ +typedef uint64_t fiat_secp256k1_scalar_non_montgomery_domain_field_element[4]; + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + +#if !defined(FIAT_SECP256K1_SCALAR_NO_ASM) && (defined(__GNUC__) || defined(__clang__)) +static __inline__ uint64_t fiat_secp256k1_scalar_value_barrier_u64(uint64_t a) { + __asm__("" : "+r"(a) : /* no inputs */); + return a; +} +#else +# define fiat_secp256k1_scalar_value_barrier_u64(x) (x) +#endif + + +/* + * The function fiat_secp256k1_scalar_addcarryx_u64 is an addition with carry. + * + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^64 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_addcarryx_u64(uint64_t* out1, fiat_secp256k1_scalar_uint1* out2, fiat_secp256k1_scalar_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_secp256k1_scalar_uint128 x1; + uint64_t x2; + fiat_secp256k1_scalar_uint1 x3; + x1 = ((arg1 + (fiat_secp256k1_scalar_uint128)arg2) + arg3); + x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + x3 = (fiat_secp256k1_scalar_uint1)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_scalar_subborrowx_u64 is a subtraction with borrow. + * + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^64 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_subborrowx_u64(uint64_t* out1, fiat_secp256k1_scalar_uint1* out2, fiat_secp256k1_scalar_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_secp256k1_scalar_int128 x1; + fiat_secp256k1_scalar_int1 x2; + uint64_t x3; + x1 = ((arg2 - (fiat_secp256k1_scalar_int128)arg1) - arg3); + x2 = (fiat_secp256k1_scalar_int1)(x1 >> 64); + x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + *out1 = x3; + *out2 = (fiat_secp256k1_scalar_uint1)(0x0 - x2); +} + +/* + * The function fiat_secp256k1_scalar_mulx_u64 is a multiplication, returning the full double-width result. + * + * Postconditions: + * out1 = (arg1 * arg2) mod 2^64 + * out2 = ⌊arg1 * arg2 / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0xffffffffffffffff] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) { + fiat_secp256k1_scalar_uint128 x1; + uint64_t x2; + uint64_t x3; + x1 = ((fiat_secp256k1_scalar_uint128)arg1 * arg2); + x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + x3 = (uint64_t)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_scalar_cmovznz_u64 is a single-word conditional move. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_cmovznz_u64(uint64_t* out1, fiat_secp256k1_scalar_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_secp256k1_scalar_uint1 x1; + uint64_t x2; + uint64_t x3; + x1 = (!(!arg1)); + x2 = ((fiat_secp256k1_scalar_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); + x3 = ((fiat_secp256k1_scalar_value_barrier_u64(x2) & arg3) | (fiat_secp256k1_scalar_value_barrier_u64((~x2)) & arg2)); + *out1 = x3; +} + +/* + * The function fiat_secp256k1_scalar_mul multiplies two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_mul(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg2) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint64_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint64_t x17; + fiat_secp256k1_scalar_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint64_t x32; + fiat_secp256k1_scalar_uint1 x33; + uint64_t x34; + fiat_secp256k1_scalar_uint1 x35; + uint64_t x36; + uint64_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint64_t x39; + fiat_secp256k1_scalar_uint1 x40; + uint64_t x41; + fiat_secp256k1_scalar_uint1 x42; + uint64_t x43; + fiat_secp256k1_scalar_uint1 x44; + uint64_t x45; + fiat_secp256k1_scalar_uint1 x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + fiat_secp256k1_scalar_uint1 x56; + uint64_t x57; + fiat_secp256k1_scalar_uint1 x58; + uint64_t x59; + fiat_secp256k1_scalar_uint1 x60; + uint64_t x61; + uint64_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint64_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint64_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint64_t x68; + fiat_secp256k1_scalar_uint1 x69; + uint64_t x70; + fiat_secp256k1_scalar_uint1 x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + uint64_t x81; + uint64_t x82; + fiat_secp256k1_scalar_uint1 x83; + uint64_t x84; + fiat_secp256k1_scalar_uint1 x85; + uint64_t x86; + fiat_secp256k1_scalar_uint1 x87; + uint64_t x88; + uint64_t x89; + fiat_secp256k1_scalar_uint1 x90; + uint64_t x91; + fiat_secp256k1_scalar_uint1 x92; + uint64_t x93; + fiat_secp256k1_scalar_uint1 x94; + uint64_t x95; + fiat_secp256k1_scalar_uint1 x96; + uint64_t x97; + fiat_secp256k1_scalar_uint1 x98; + uint64_t x99; + uint64_t x100; + uint64_t x101; + uint64_t x102; + uint64_t x103; + uint64_t x104; + uint64_t x105; + uint64_t x106; + uint64_t x107; + uint64_t x108; + fiat_secp256k1_scalar_uint1 x109; + uint64_t x110; + fiat_secp256k1_scalar_uint1 x111; + uint64_t x112; + fiat_secp256k1_scalar_uint1 x113; + uint64_t x114; + uint64_t x115; + fiat_secp256k1_scalar_uint1 x116; + uint64_t x117; + fiat_secp256k1_scalar_uint1 x118; + uint64_t x119; + fiat_secp256k1_scalar_uint1 x120; + uint64_t x121; + fiat_secp256k1_scalar_uint1 x122; + uint64_t x123; + fiat_secp256k1_scalar_uint1 x124; + uint64_t x125; + uint64_t x126; + uint64_t x127; + uint64_t x128; + uint64_t x129; + uint64_t x130; + uint64_t x131; + uint64_t x132; + uint64_t x133; + uint64_t x134; + uint64_t x135; + fiat_secp256k1_scalar_uint1 x136; + uint64_t x137; + fiat_secp256k1_scalar_uint1 x138; + uint64_t x139; + fiat_secp256k1_scalar_uint1 x140; + uint64_t x141; + uint64_t x142; + fiat_secp256k1_scalar_uint1 x143; + uint64_t x144; + fiat_secp256k1_scalar_uint1 x145; + uint64_t x146; + fiat_secp256k1_scalar_uint1 x147; + uint64_t x148; + fiat_secp256k1_scalar_uint1 x149; + uint64_t x150; + fiat_secp256k1_scalar_uint1 x151; + uint64_t x152; + uint64_t x153; + uint64_t x154; + uint64_t x155; + uint64_t x156; + uint64_t x157; + uint64_t x158; + uint64_t x159; + uint64_t x160; + uint64_t x161; + fiat_secp256k1_scalar_uint1 x162; + uint64_t x163; + fiat_secp256k1_scalar_uint1 x164; + uint64_t x165; + fiat_secp256k1_scalar_uint1 x166; + uint64_t x167; + uint64_t x168; + fiat_secp256k1_scalar_uint1 x169; + uint64_t x170; + fiat_secp256k1_scalar_uint1 x171; + uint64_t x172; + fiat_secp256k1_scalar_uint1 x173; + uint64_t x174; + fiat_secp256k1_scalar_uint1 x175; + uint64_t x176; + fiat_secp256k1_scalar_uint1 x177; + uint64_t x178; + uint64_t x179; + uint64_t x180; + uint64_t x181; + uint64_t x182; + uint64_t x183; + uint64_t x184; + uint64_t x185; + uint64_t x186; + uint64_t x187; + uint64_t x188; + fiat_secp256k1_scalar_uint1 x189; + uint64_t x190; + fiat_secp256k1_scalar_uint1 x191; + uint64_t x192; + fiat_secp256k1_scalar_uint1 x193; + uint64_t x194; + uint64_t x195; + fiat_secp256k1_scalar_uint1 x196; + uint64_t x197; + fiat_secp256k1_scalar_uint1 x198; + uint64_t x199; + fiat_secp256k1_scalar_uint1 x200; + uint64_t x201; + fiat_secp256k1_scalar_uint1 x202; + uint64_t x203; + fiat_secp256k1_scalar_uint1 x204; + uint64_t x205; + uint64_t x206; + fiat_secp256k1_scalar_uint1 x207; + uint64_t x208; + fiat_secp256k1_scalar_uint1 x209; + uint64_t x210; + fiat_secp256k1_scalar_uint1 x211; + uint64_t x212; + fiat_secp256k1_scalar_uint1 x213; + uint64_t x214; + fiat_secp256k1_scalar_uint1 x215; + uint64_t x216; + uint64_t x217; + uint64_t x218; + uint64_t x219; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u64(&x5, &x6, x4, (arg2[3])); + fiat_secp256k1_scalar_mulx_u64(&x7, &x8, x4, (arg2[2])); + fiat_secp256k1_scalar_mulx_u64(&x9, &x10, x4, (arg2[1])); + fiat_secp256k1_scalar_mulx_u64(&x11, &x12, x4, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + fiat_secp256k1_scalar_addcarryx_u64(&x15, &x16, x14, x10, x7); + fiat_secp256k1_scalar_addcarryx_u64(&x17, &x18, x16, x8, x5); + x19 = (x18 + x6); + fiat_secp256k1_scalar_mulx_u64(&x20, &x21, x11, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x22, &x23, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x24, &x25, x20, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x26, &x27, x20, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x28, &x29, x20, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x30, &x31, 0x0, x29, x26); + fiat_secp256k1_scalar_addcarryx_u64(&x32, &x33, x31, x27, x24); + fiat_secp256k1_scalar_addcarryx_u64(&x34, &x35, x33, x25, x22); + x36 = (x35 + x23); + fiat_secp256k1_scalar_addcarryx_u64(&x37, &x38, 0x0, x11, x28); + fiat_secp256k1_scalar_addcarryx_u64(&x39, &x40, x38, x13, x30); + fiat_secp256k1_scalar_addcarryx_u64(&x41, &x42, x40, x15, x32); + fiat_secp256k1_scalar_addcarryx_u64(&x43, &x44, x42, x17, x34); + fiat_secp256k1_scalar_addcarryx_u64(&x45, &x46, x44, x19, x36); + fiat_secp256k1_scalar_mulx_u64(&x47, &x48, x1, (arg2[3])); + fiat_secp256k1_scalar_mulx_u64(&x49, &x50, x1, (arg2[2])); + fiat_secp256k1_scalar_mulx_u64(&x51, &x52, x1, (arg2[1])); + fiat_secp256k1_scalar_mulx_u64(&x53, &x54, x1, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x55, &x56, 0x0, x54, x51); + fiat_secp256k1_scalar_addcarryx_u64(&x57, &x58, x56, x52, x49); + fiat_secp256k1_scalar_addcarryx_u64(&x59, &x60, x58, x50, x47); + x61 = (x60 + x48); + fiat_secp256k1_scalar_addcarryx_u64(&x62, &x63, 0x0, x39, x53); + fiat_secp256k1_scalar_addcarryx_u64(&x64, &x65, x63, x41, x55); + fiat_secp256k1_scalar_addcarryx_u64(&x66, &x67, x65, x43, x57); + fiat_secp256k1_scalar_addcarryx_u64(&x68, &x69, x67, x45, x59); + fiat_secp256k1_scalar_addcarryx_u64(&x70, &x71, x69, x46, x61); + fiat_secp256k1_scalar_mulx_u64(&x72, &x73, x62, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x74, &x75, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x76, &x77, x72, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x78, &x79, x72, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x80, &x81, x72, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x82, &x83, 0x0, x81, x78); + fiat_secp256k1_scalar_addcarryx_u64(&x84, &x85, x83, x79, x76); + fiat_secp256k1_scalar_addcarryx_u64(&x86, &x87, x85, x77, x74); + x88 = (x87 + x75); + fiat_secp256k1_scalar_addcarryx_u64(&x89, &x90, 0x0, x62, x80); + fiat_secp256k1_scalar_addcarryx_u64(&x91, &x92, x90, x64, x82); + fiat_secp256k1_scalar_addcarryx_u64(&x93, &x94, x92, x66, x84); + fiat_secp256k1_scalar_addcarryx_u64(&x95, &x96, x94, x68, x86); + fiat_secp256k1_scalar_addcarryx_u64(&x97, &x98, x96, x70, x88); + x99 = ((uint64_t)x98 + x71); + fiat_secp256k1_scalar_mulx_u64(&x100, &x101, x2, (arg2[3])); + fiat_secp256k1_scalar_mulx_u64(&x102, &x103, x2, (arg2[2])); + fiat_secp256k1_scalar_mulx_u64(&x104, &x105, x2, (arg2[1])); + fiat_secp256k1_scalar_mulx_u64(&x106, &x107, x2, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x108, &x109, 0x0, x107, x104); + fiat_secp256k1_scalar_addcarryx_u64(&x110, &x111, x109, x105, x102); + fiat_secp256k1_scalar_addcarryx_u64(&x112, &x113, x111, x103, x100); + x114 = (x113 + x101); + fiat_secp256k1_scalar_addcarryx_u64(&x115, &x116, 0x0, x91, x106); + fiat_secp256k1_scalar_addcarryx_u64(&x117, &x118, x116, x93, x108); + fiat_secp256k1_scalar_addcarryx_u64(&x119, &x120, x118, x95, x110); + fiat_secp256k1_scalar_addcarryx_u64(&x121, &x122, x120, x97, x112); + fiat_secp256k1_scalar_addcarryx_u64(&x123, &x124, x122, x99, x114); + fiat_secp256k1_scalar_mulx_u64(&x125, &x126, x115, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x127, &x128, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x129, &x130, x125, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x131, &x132, x125, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x133, &x134, x125, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x135, &x136, 0x0, x134, x131); + fiat_secp256k1_scalar_addcarryx_u64(&x137, &x138, x136, x132, x129); + fiat_secp256k1_scalar_addcarryx_u64(&x139, &x140, x138, x130, x127); + x141 = (x140 + x128); + fiat_secp256k1_scalar_addcarryx_u64(&x142, &x143, 0x0, x115, x133); + fiat_secp256k1_scalar_addcarryx_u64(&x144, &x145, x143, x117, x135); + fiat_secp256k1_scalar_addcarryx_u64(&x146, &x147, x145, x119, x137); + fiat_secp256k1_scalar_addcarryx_u64(&x148, &x149, x147, x121, x139); + fiat_secp256k1_scalar_addcarryx_u64(&x150, &x151, x149, x123, x141); + x152 = ((uint64_t)x151 + x124); + fiat_secp256k1_scalar_mulx_u64(&x153, &x154, x3, (arg2[3])); + fiat_secp256k1_scalar_mulx_u64(&x155, &x156, x3, (arg2[2])); + fiat_secp256k1_scalar_mulx_u64(&x157, &x158, x3, (arg2[1])); + fiat_secp256k1_scalar_mulx_u64(&x159, &x160, x3, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x161, &x162, 0x0, x160, x157); + fiat_secp256k1_scalar_addcarryx_u64(&x163, &x164, x162, x158, x155); + fiat_secp256k1_scalar_addcarryx_u64(&x165, &x166, x164, x156, x153); + x167 = (x166 + x154); + fiat_secp256k1_scalar_addcarryx_u64(&x168, &x169, 0x0, x144, x159); + fiat_secp256k1_scalar_addcarryx_u64(&x170, &x171, x169, x146, x161); + fiat_secp256k1_scalar_addcarryx_u64(&x172, &x173, x171, x148, x163); + fiat_secp256k1_scalar_addcarryx_u64(&x174, &x175, x173, x150, x165); + fiat_secp256k1_scalar_addcarryx_u64(&x176, &x177, x175, x152, x167); + fiat_secp256k1_scalar_mulx_u64(&x178, &x179, x168, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x180, &x181, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x182, &x183, x178, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x184, &x185, x178, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x186, &x187, x178, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x188, &x189, 0x0, x187, x184); + fiat_secp256k1_scalar_addcarryx_u64(&x190, &x191, x189, x185, x182); + fiat_secp256k1_scalar_addcarryx_u64(&x192, &x193, x191, x183, x180); + x194 = (x193 + x181); + fiat_secp256k1_scalar_addcarryx_u64(&x195, &x196, 0x0, x168, x186); + fiat_secp256k1_scalar_addcarryx_u64(&x197, &x198, x196, x170, x188); + fiat_secp256k1_scalar_addcarryx_u64(&x199, &x200, x198, x172, x190); + fiat_secp256k1_scalar_addcarryx_u64(&x201, &x202, x200, x174, x192); + fiat_secp256k1_scalar_addcarryx_u64(&x203, &x204, x202, x176, x194); + x205 = ((uint64_t)x204 + x177); + fiat_secp256k1_scalar_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x212, &x213, x211, x203, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x214, &x215, x213, x205, 0x0); + fiat_secp256k1_scalar_cmovznz_u64(&x216, x215, x206, x197); + fiat_secp256k1_scalar_cmovznz_u64(&x217, x215, x208, x199); + fiat_secp256k1_scalar_cmovznz_u64(&x218, x215, x210, x201); + fiat_secp256k1_scalar_cmovznz_u64(&x219, x215, x212, x203); + out1[0] = x216; + out1[1] = x217; + out1[2] = x218; + out1[3] = x219; +} + +/* + * The function fiat_secp256k1_scalar_square squares a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_square(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint64_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint64_t x17; + fiat_secp256k1_scalar_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint64_t x32; + fiat_secp256k1_scalar_uint1 x33; + uint64_t x34; + fiat_secp256k1_scalar_uint1 x35; + uint64_t x36; + uint64_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint64_t x39; + fiat_secp256k1_scalar_uint1 x40; + uint64_t x41; + fiat_secp256k1_scalar_uint1 x42; + uint64_t x43; + fiat_secp256k1_scalar_uint1 x44; + uint64_t x45; + fiat_secp256k1_scalar_uint1 x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + fiat_secp256k1_scalar_uint1 x56; + uint64_t x57; + fiat_secp256k1_scalar_uint1 x58; + uint64_t x59; + fiat_secp256k1_scalar_uint1 x60; + uint64_t x61; + uint64_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint64_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint64_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint64_t x68; + fiat_secp256k1_scalar_uint1 x69; + uint64_t x70; + fiat_secp256k1_scalar_uint1 x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + uint64_t x81; + uint64_t x82; + fiat_secp256k1_scalar_uint1 x83; + uint64_t x84; + fiat_secp256k1_scalar_uint1 x85; + uint64_t x86; + fiat_secp256k1_scalar_uint1 x87; + uint64_t x88; + uint64_t x89; + fiat_secp256k1_scalar_uint1 x90; + uint64_t x91; + fiat_secp256k1_scalar_uint1 x92; + uint64_t x93; + fiat_secp256k1_scalar_uint1 x94; + uint64_t x95; + fiat_secp256k1_scalar_uint1 x96; + uint64_t x97; + fiat_secp256k1_scalar_uint1 x98; + uint64_t x99; + uint64_t x100; + uint64_t x101; + uint64_t x102; + uint64_t x103; + uint64_t x104; + uint64_t x105; + uint64_t x106; + uint64_t x107; + uint64_t x108; + fiat_secp256k1_scalar_uint1 x109; + uint64_t x110; + fiat_secp256k1_scalar_uint1 x111; + uint64_t x112; + fiat_secp256k1_scalar_uint1 x113; + uint64_t x114; + uint64_t x115; + fiat_secp256k1_scalar_uint1 x116; + uint64_t x117; + fiat_secp256k1_scalar_uint1 x118; + uint64_t x119; + fiat_secp256k1_scalar_uint1 x120; + uint64_t x121; + fiat_secp256k1_scalar_uint1 x122; + uint64_t x123; + fiat_secp256k1_scalar_uint1 x124; + uint64_t x125; + uint64_t x126; + uint64_t x127; + uint64_t x128; + uint64_t x129; + uint64_t x130; + uint64_t x131; + uint64_t x132; + uint64_t x133; + uint64_t x134; + uint64_t x135; + fiat_secp256k1_scalar_uint1 x136; + uint64_t x137; + fiat_secp256k1_scalar_uint1 x138; + uint64_t x139; + fiat_secp256k1_scalar_uint1 x140; + uint64_t x141; + uint64_t x142; + fiat_secp256k1_scalar_uint1 x143; + uint64_t x144; + fiat_secp256k1_scalar_uint1 x145; + uint64_t x146; + fiat_secp256k1_scalar_uint1 x147; + uint64_t x148; + fiat_secp256k1_scalar_uint1 x149; + uint64_t x150; + fiat_secp256k1_scalar_uint1 x151; + uint64_t x152; + uint64_t x153; + uint64_t x154; + uint64_t x155; + uint64_t x156; + uint64_t x157; + uint64_t x158; + uint64_t x159; + uint64_t x160; + uint64_t x161; + fiat_secp256k1_scalar_uint1 x162; + uint64_t x163; + fiat_secp256k1_scalar_uint1 x164; + uint64_t x165; + fiat_secp256k1_scalar_uint1 x166; + uint64_t x167; + uint64_t x168; + fiat_secp256k1_scalar_uint1 x169; + uint64_t x170; + fiat_secp256k1_scalar_uint1 x171; + uint64_t x172; + fiat_secp256k1_scalar_uint1 x173; + uint64_t x174; + fiat_secp256k1_scalar_uint1 x175; + uint64_t x176; + fiat_secp256k1_scalar_uint1 x177; + uint64_t x178; + uint64_t x179; + uint64_t x180; + uint64_t x181; + uint64_t x182; + uint64_t x183; + uint64_t x184; + uint64_t x185; + uint64_t x186; + uint64_t x187; + uint64_t x188; + fiat_secp256k1_scalar_uint1 x189; + uint64_t x190; + fiat_secp256k1_scalar_uint1 x191; + uint64_t x192; + fiat_secp256k1_scalar_uint1 x193; + uint64_t x194; + uint64_t x195; + fiat_secp256k1_scalar_uint1 x196; + uint64_t x197; + fiat_secp256k1_scalar_uint1 x198; + uint64_t x199; + fiat_secp256k1_scalar_uint1 x200; + uint64_t x201; + fiat_secp256k1_scalar_uint1 x202; + uint64_t x203; + fiat_secp256k1_scalar_uint1 x204; + uint64_t x205; + uint64_t x206; + fiat_secp256k1_scalar_uint1 x207; + uint64_t x208; + fiat_secp256k1_scalar_uint1 x209; + uint64_t x210; + fiat_secp256k1_scalar_uint1 x211; + uint64_t x212; + fiat_secp256k1_scalar_uint1 x213; + uint64_t x214; + fiat_secp256k1_scalar_uint1 x215; + uint64_t x216; + uint64_t x217; + uint64_t x218; + uint64_t x219; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u64(&x5, &x6, x4, (arg1[3])); + fiat_secp256k1_scalar_mulx_u64(&x7, &x8, x4, (arg1[2])); + fiat_secp256k1_scalar_mulx_u64(&x9, &x10, x4, (arg1[1])); + fiat_secp256k1_scalar_mulx_u64(&x11, &x12, x4, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + fiat_secp256k1_scalar_addcarryx_u64(&x15, &x16, x14, x10, x7); + fiat_secp256k1_scalar_addcarryx_u64(&x17, &x18, x16, x8, x5); + x19 = (x18 + x6); + fiat_secp256k1_scalar_mulx_u64(&x20, &x21, x11, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x22, &x23, x20, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x24, &x25, x20, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x26, &x27, x20, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x28, &x29, x20, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x30, &x31, 0x0, x29, x26); + fiat_secp256k1_scalar_addcarryx_u64(&x32, &x33, x31, x27, x24); + fiat_secp256k1_scalar_addcarryx_u64(&x34, &x35, x33, x25, x22); + x36 = (x35 + x23); + fiat_secp256k1_scalar_addcarryx_u64(&x37, &x38, 0x0, x11, x28); + fiat_secp256k1_scalar_addcarryx_u64(&x39, &x40, x38, x13, x30); + fiat_secp256k1_scalar_addcarryx_u64(&x41, &x42, x40, x15, x32); + fiat_secp256k1_scalar_addcarryx_u64(&x43, &x44, x42, x17, x34); + fiat_secp256k1_scalar_addcarryx_u64(&x45, &x46, x44, x19, x36); + fiat_secp256k1_scalar_mulx_u64(&x47, &x48, x1, (arg1[3])); + fiat_secp256k1_scalar_mulx_u64(&x49, &x50, x1, (arg1[2])); + fiat_secp256k1_scalar_mulx_u64(&x51, &x52, x1, (arg1[1])); + fiat_secp256k1_scalar_mulx_u64(&x53, &x54, x1, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x55, &x56, 0x0, x54, x51); + fiat_secp256k1_scalar_addcarryx_u64(&x57, &x58, x56, x52, x49); + fiat_secp256k1_scalar_addcarryx_u64(&x59, &x60, x58, x50, x47); + x61 = (x60 + x48); + fiat_secp256k1_scalar_addcarryx_u64(&x62, &x63, 0x0, x39, x53); + fiat_secp256k1_scalar_addcarryx_u64(&x64, &x65, x63, x41, x55); + fiat_secp256k1_scalar_addcarryx_u64(&x66, &x67, x65, x43, x57); + fiat_secp256k1_scalar_addcarryx_u64(&x68, &x69, x67, x45, x59); + fiat_secp256k1_scalar_addcarryx_u64(&x70, &x71, x69, x46, x61); + fiat_secp256k1_scalar_mulx_u64(&x72, &x73, x62, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x74, &x75, x72, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x76, &x77, x72, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x78, &x79, x72, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x80, &x81, x72, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x82, &x83, 0x0, x81, x78); + fiat_secp256k1_scalar_addcarryx_u64(&x84, &x85, x83, x79, x76); + fiat_secp256k1_scalar_addcarryx_u64(&x86, &x87, x85, x77, x74); + x88 = (x87 + x75); + fiat_secp256k1_scalar_addcarryx_u64(&x89, &x90, 0x0, x62, x80); + fiat_secp256k1_scalar_addcarryx_u64(&x91, &x92, x90, x64, x82); + fiat_secp256k1_scalar_addcarryx_u64(&x93, &x94, x92, x66, x84); + fiat_secp256k1_scalar_addcarryx_u64(&x95, &x96, x94, x68, x86); + fiat_secp256k1_scalar_addcarryx_u64(&x97, &x98, x96, x70, x88); + x99 = ((uint64_t)x98 + x71); + fiat_secp256k1_scalar_mulx_u64(&x100, &x101, x2, (arg1[3])); + fiat_secp256k1_scalar_mulx_u64(&x102, &x103, x2, (arg1[2])); + fiat_secp256k1_scalar_mulx_u64(&x104, &x105, x2, (arg1[1])); + fiat_secp256k1_scalar_mulx_u64(&x106, &x107, x2, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x108, &x109, 0x0, x107, x104); + fiat_secp256k1_scalar_addcarryx_u64(&x110, &x111, x109, x105, x102); + fiat_secp256k1_scalar_addcarryx_u64(&x112, &x113, x111, x103, x100); + x114 = (x113 + x101); + fiat_secp256k1_scalar_addcarryx_u64(&x115, &x116, 0x0, x91, x106); + fiat_secp256k1_scalar_addcarryx_u64(&x117, &x118, x116, x93, x108); + fiat_secp256k1_scalar_addcarryx_u64(&x119, &x120, x118, x95, x110); + fiat_secp256k1_scalar_addcarryx_u64(&x121, &x122, x120, x97, x112); + fiat_secp256k1_scalar_addcarryx_u64(&x123, &x124, x122, x99, x114); + fiat_secp256k1_scalar_mulx_u64(&x125, &x126, x115, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x127, &x128, x125, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x129, &x130, x125, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x131, &x132, x125, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x133, &x134, x125, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x135, &x136, 0x0, x134, x131); + fiat_secp256k1_scalar_addcarryx_u64(&x137, &x138, x136, x132, x129); + fiat_secp256k1_scalar_addcarryx_u64(&x139, &x140, x138, x130, x127); + x141 = (x140 + x128); + fiat_secp256k1_scalar_addcarryx_u64(&x142, &x143, 0x0, x115, x133); + fiat_secp256k1_scalar_addcarryx_u64(&x144, &x145, x143, x117, x135); + fiat_secp256k1_scalar_addcarryx_u64(&x146, &x147, x145, x119, x137); + fiat_secp256k1_scalar_addcarryx_u64(&x148, &x149, x147, x121, x139); + fiat_secp256k1_scalar_addcarryx_u64(&x150, &x151, x149, x123, x141); + x152 = ((uint64_t)x151 + x124); + fiat_secp256k1_scalar_mulx_u64(&x153, &x154, x3, (arg1[3])); + fiat_secp256k1_scalar_mulx_u64(&x155, &x156, x3, (arg1[2])); + fiat_secp256k1_scalar_mulx_u64(&x157, &x158, x3, (arg1[1])); + fiat_secp256k1_scalar_mulx_u64(&x159, &x160, x3, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x161, &x162, 0x0, x160, x157); + fiat_secp256k1_scalar_addcarryx_u64(&x163, &x164, x162, x158, x155); + fiat_secp256k1_scalar_addcarryx_u64(&x165, &x166, x164, x156, x153); + x167 = (x166 + x154); + fiat_secp256k1_scalar_addcarryx_u64(&x168, &x169, 0x0, x144, x159); + fiat_secp256k1_scalar_addcarryx_u64(&x170, &x171, x169, x146, x161); + fiat_secp256k1_scalar_addcarryx_u64(&x172, &x173, x171, x148, x163); + fiat_secp256k1_scalar_addcarryx_u64(&x174, &x175, x173, x150, x165); + fiat_secp256k1_scalar_addcarryx_u64(&x176, &x177, x175, x152, x167); + fiat_secp256k1_scalar_mulx_u64(&x178, &x179, x168, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x180, &x181, x178, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x182, &x183, x178, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x184, &x185, x178, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x186, &x187, x178, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x188, &x189, 0x0, x187, x184); + fiat_secp256k1_scalar_addcarryx_u64(&x190, &x191, x189, x185, x182); + fiat_secp256k1_scalar_addcarryx_u64(&x192, &x193, x191, x183, x180); + x194 = (x193 + x181); + fiat_secp256k1_scalar_addcarryx_u64(&x195, &x196, 0x0, x168, x186); + fiat_secp256k1_scalar_addcarryx_u64(&x197, &x198, x196, x170, x188); + fiat_secp256k1_scalar_addcarryx_u64(&x199, &x200, x198, x172, x190); + fiat_secp256k1_scalar_addcarryx_u64(&x201, &x202, x200, x174, x192); + fiat_secp256k1_scalar_addcarryx_u64(&x203, &x204, x202, x176, x194); + x205 = ((uint64_t)x204 + x177); + fiat_secp256k1_scalar_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x212, &x213, x211, x203, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x214, &x215, x213, x205, 0x0); + fiat_secp256k1_scalar_cmovznz_u64(&x216, x215, x206, x197); + fiat_secp256k1_scalar_cmovznz_u64(&x217, x215, x208, x199); + fiat_secp256k1_scalar_cmovznz_u64(&x218, x215, x210, x201); + fiat_secp256k1_scalar_cmovznz_u64(&x219, x215, x212, x203); + out1[0] = x216; + out1[1] = x217; + out1[2] = x218; + out1[3] = x219; +} + +/* + * The function fiat_secp256k1_scalar_add adds two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_add(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg2) { + uint64_t x1; + fiat_secp256k1_scalar_uint1 x2; + uint64_t x3; + fiat_secp256k1_scalar_uint1 x4; + uint64_t x5; + fiat_secp256k1_scalar_uint1 x6; + uint64_t x7; + fiat_secp256k1_scalar_uint1 x8; + uint64_t x9; + fiat_secp256k1_scalar_uint1 x10; + uint64_t x11; + fiat_secp256k1_scalar_uint1 x12; + uint64_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint64_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint64_t x17; + fiat_secp256k1_scalar_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + fiat_secp256k1_scalar_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_scalar_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_scalar_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_scalar_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x11, &x12, x10, x3, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x13, &x14, x12, x5, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x17, &x18, x16, x8, 0x0); + fiat_secp256k1_scalar_cmovznz_u64(&x19, x18, x9, x1); + fiat_secp256k1_scalar_cmovznz_u64(&x20, x18, x11, x3); + fiat_secp256k1_scalar_cmovznz_u64(&x21, x18, x13, x5); + fiat_secp256k1_scalar_cmovznz_u64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/* + * The function fiat_secp256k1_scalar_sub subtracts two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_sub(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg2) { + uint64_t x1; + fiat_secp256k1_scalar_uint1 x2; + uint64_t x3; + fiat_secp256k1_scalar_uint1 x4; + uint64_t x5; + fiat_secp256k1_scalar_uint1 x6; + uint64_t x7; + fiat_secp256k1_scalar_uint1 x8; + uint64_t x9; + uint64_t x10; + fiat_secp256k1_scalar_uint1 x11; + uint64_t x12; + fiat_secp256k1_scalar_uint1 x13; + uint64_t x14; + fiat_secp256k1_scalar_uint1 x15; + uint64_t x16; + fiat_secp256k1_scalar_uint1 x17; + fiat_secp256k1_scalar_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_scalar_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_scalar_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_scalar_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_scalar_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xbfd25e8cd0364141))); + fiat_secp256k1_scalar_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT64_C(0xbaaedce6af48a03b))); + fiat_secp256k1_scalar_addcarryx_u64(&x14, &x15, x13, x5, (x9 & UINT64_C(0xfffffffffffffffe))); + fiat_secp256k1_scalar_addcarryx_u64(&x16, &x17, x15, x7, x9); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * The function fiat_secp256k1_scalar_opp negates a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_opp(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1) { + uint64_t x1; + fiat_secp256k1_scalar_uint1 x2; + uint64_t x3; + fiat_secp256k1_scalar_uint1 x4; + uint64_t x5; + fiat_secp256k1_scalar_uint1 x6; + uint64_t x7; + fiat_secp256k1_scalar_uint1 x8; + uint64_t x9; + uint64_t x10; + fiat_secp256k1_scalar_uint1 x11; + uint64_t x12; + fiat_secp256k1_scalar_uint1 x13; + uint64_t x14; + fiat_secp256k1_scalar_uint1 x15; + uint64_t x16; + fiat_secp256k1_scalar_uint1 x17; + fiat_secp256k1_scalar_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); + fiat_secp256k1_scalar_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); + fiat_secp256k1_scalar_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); + fiat_secp256k1_scalar_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_secp256k1_scalar_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xbfd25e8cd0364141))); + fiat_secp256k1_scalar_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT64_C(0xbaaedce6af48a03b))); + fiat_secp256k1_scalar_addcarryx_u64(&x14, &x15, x13, x5, (x9 & UINT64_C(0xfffffffffffffffe))); + fiat_secp256k1_scalar_addcarryx_u64(&x16, &x17, x15, x7, x9); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * The function fiat_secp256k1_scalar_from_montgomery translates a field element out of the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_from_montgomery(fiat_secp256k1_scalar_non_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + fiat_secp256k1_scalar_uint1 x13; + uint64_t x14; + fiat_secp256k1_scalar_uint1 x15; + uint64_t x16; + fiat_secp256k1_scalar_uint1 x17; + uint64_t x18; + fiat_secp256k1_scalar_uint1 x19; + uint64_t x20; + fiat_secp256k1_scalar_uint1 x21; + uint64_t x22; + fiat_secp256k1_scalar_uint1 x23; + uint64_t x24; + fiat_secp256k1_scalar_uint1 x25; + uint64_t x26; + fiat_secp256k1_scalar_uint1 x27; + uint64_t x28; + fiat_secp256k1_scalar_uint1 x29; + uint64_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint64_t x32; + fiat_secp256k1_scalar_uint1 x33; + uint64_t x34; + fiat_secp256k1_scalar_uint1 x35; + uint64_t x36; + uint64_t x37; + uint64_t x38; + uint64_t x39; + uint64_t x40; + uint64_t x41; + uint64_t x42; + uint64_t x43; + uint64_t x44; + uint64_t x45; + uint64_t x46; + fiat_secp256k1_scalar_uint1 x47; + uint64_t x48; + fiat_secp256k1_scalar_uint1 x49; + uint64_t x50; + fiat_secp256k1_scalar_uint1 x51; + uint64_t x52; + fiat_secp256k1_scalar_uint1 x53; + uint64_t x54; + fiat_secp256k1_scalar_uint1 x55; + uint64_t x56; + fiat_secp256k1_scalar_uint1 x57; + uint64_t x58; + fiat_secp256k1_scalar_uint1 x59; + uint64_t x60; + fiat_secp256k1_scalar_uint1 x61; + uint64_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint64_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint64_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint64_t x68; + fiat_secp256k1_scalar_uint1 x69; + uint64_t x70; + uint64_t x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + fiat_secp256k1_scalar_uint1 x81; + uint64_t x82; + fiat_secp256k1_scalar_uint1 x83; + uint64_t x84; + fiat_secp256k1_scalar_uint1 x85; + uint64_t x86; + fiat_secp256k1_scalar_uint1 x87; + uint64_t x88; + fiat_secp256k1_scalar_uint1 x89; + uint64_t x90; + fiat_secp256k1_scalar_uint1 x91; + uint64_t x92; + fiat_secp256k1_scalar_uint1 x93; + uint64_t x94; + fiat_secp256k1_scalar_uint1 x95; + uint64_t x96; + fiat_secp256k1_scalar_uint1 x97; + uint64_t x98; + fiat_secp256k1_scalar_uint1 x99; + uint64_t x100; + fiat_secp256k1_scalar_uint1 x101; + uint64_t x102; + fiat_secp256k1_scalar_uint1 x103; + uint64_t x104; + uint64_t x105; + uint64_t x106; + uint64_t x107; + uint64_t x108; + uint64_t x109; + uint64_t x110; + uint64_t x111; + uint64_t x112; + uint64_t x113; + uint64_t x114; + fiat_secp256k1_scalar_uint1 x115; + uint64_t x116; + fiat_secp256k1_scalar_uint1 x117; + uint64_t x118; + fiat_secp256k1_scalar_uint1 x119; + uint64_t x120; + fiat_secp256k1_scalar_uint1 x121; + uint64_t x122; + fiat_secp256k1_scalar_uint1 x123; + uint64_t x124; + fiat_secp256k1_scalar_uint1 x125; + uint64_t x126; + fiat_secp256k1_scalar_uint1 x127; + uint64_t x128; + fiat_secp256k1_scalar_uint1 x129; + uint64_t x130; + fiat_secp256k1_scalar_uint1 x131; + uint64_t x132; + fiat_secp256k1_scalar_uint1 x133; + uint64_t x134; + fiat_secp256k1_scalar_uint1 x135; + uint64_t x136; + fiat_secp256k1_scalar_uint1 x137; + uint64_t x138; + fiat_secp256k1_scalar_uint1 x139; + uint64_t x140; + uint64_t x141; + uint64_t x142; + uint64_t x143; + x1 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u64(&x2, &x3, x1, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x4, &x5, x2, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x6, &x7, x2, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x8, &x9, x2, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x10, &x11, x2, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x12, &x13, 0x0, x11, x8); + fiat_secp256k1_scalar_addcarryx_u64(&x14, &x15, x13, x9, x6); + fiat_secp256k1_scalar_addcarryx_u64(&x16, &x17, x15, x7, x4); + fiat_secp256k1_scalar_addcarryx_u64(&x18, &x19, 0x0, x1, x10); + fiat_secp256k1_scalar_addcarryx_u64(&x20, &x21, x19, 0x0, x12); + fiat_secp256k1_scalar_addcarryx_u64(&x22, &x23, x21, 0x0, x14); + fiat_secp256k1_scalar_addcarryx_u64(&x24, &x25, x23, 0x0, x16); + fiat_secp256k1_scalar_addcarryx_u64(&x26, &x27, x25, 0x0, (x17 + x5)); + fiat_secp256k1_scalar_addcarryx_u64(&x28, &x29, 0x0, x20, (arg1[1])); + fiat_secp256k1_scalar_addcarryx_u64(&x30, &x31, x29, x22, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x32, &x33, x31, x24, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x34, &x35, x33, x26, 0x0); + fiat_secp256k1_scalar_mulx_u64(&x36, &x37, x28, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x38, &x39, x36, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x40, &x41, x36, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x42, &x43, x36, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x44, &x45, x36, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x46, &x47, 0x0, x45, x42); + fiat_secp256k1_scalar_addcarryx_u64(&x48, &x49, x47, x43, x40); + fiat_secp256k1_scalar_addcarryx_u64(&x50, &x51, x49, x41, x38); + fiat_secp256k1_scalar_addcarryx_u64(&x52, &x53, 0x0, x28, x44); + fiat_secp256k1_scalar_addcarryx_u64(&x54, &x55, x53, x30, x46); + fiat_secp256k1_scalar_addcarryx_u64(&x56, &x57, x55, x32, x48); + fiat_secp256k1_scalar_addcarryx_u64(&x58, &x59, x57, x34, x50); + fiat_secp256k1_scalar_addcarryx_u64(&x60, &x61, x59, ((uint64_t)x35 + x27), (x51 + x39)); + fiat_secp256k1_scalar_addcarryx_u64(&x62, &x63, 0x0, x54, (arg1[2])); + fiat_secp256k1_scalar_addcarryx_u64(&x64, &x65, x63, x56, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x66, &x67, x65, x58, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x68, &x69, x67, x60, 0x0); + fiat_secp256k1_scalar_mulx_u64(&x70, &x71, x62, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x72, &x73, x70, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x74, &x75, x70, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x76, &x77, x70, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x78, &x79, x70, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x80, &x81, 0x0, x79, x76); + fiat_secp256k1_scalar_addcarryx_u64(&x82, &x83, x81, x77, x74); + fiat_secp256k1_scalar_addcarryx_u64(&x84, &x85, x83, x75, x72); + fiat_secp256k1_scalar_addcarryx_u64(&x86, &x87, 0x0, x62, x78); + fiat_secp256k1_scalar_addcarryx_u64(&x88, &x89, x87, x64, x80); + fiat_secp256k1_scalar_addcarryx_u64(&x90, &x91, x89, x66, x82); + fiat_secp256k1_scalar_addcarryx_u64(&x92, &x93, x91, x68, x84); + fiat_secp256k1_scalar_addcarryx_u64(&x94, &x95, x93, ((uint64_t)x69 + x61), (x85 + x73)); + fiat_secp256k1_scalar_addcarryx_u64(&x96, &x97, 0x0, x88, (arg1[3])); + fiat_secp256k1_scalar_addcarryx_u64(&x98, &x99, x97, x90, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x100, &x101, x99, x92, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x102, &x103, x101, x94, 0x0); + fiat_secp256k1_scalar_mulx_u64(&x104, &x105, x96, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x106, &x107, x104, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x108, &x109, x104, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x110, &x111, x104, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x112, &x113, x104, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x114, &x115, 0x0, x113, x110); + fiat_secp256k1_scalar_addcarryx_u64(&x116, &x117, x115, x111, x108); + fiat_secp256k1_scalar_addcarryx_u64(&x118, &x119, x117, x109, x106); + fiat_secp256k1_scalar_addcarryx_u64(&x120, &x121, 0x0, x96, x112); + fiat_secp256k1_scalar_addcarryx_u64(&x122, &x123, x121, x98, x114); + fiat_secp256k1_scalar_addcarryx_u64(&x124, &x125, x123, x100, x116); + fiat_secp256k1_scalar_addcarryx_u64(&x126, &x127, x125, x102, x118); + fiat_secp256k1_scalar_addcarryx_u64(&x128, &x129, x127, ((uint64_t)x103 + x95), (x119 + x107)); + fiat_secp256k1_scalar_subborrowx_u64(&x130, &x131, 0x0, x122, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x132, &x133, x131, x124, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x134, &x135, x133, x126, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x136, &x137, x135, x128, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x138, &x139, x137, x129, 0x0); + fiat_secp256k1_scalar_cmovznz_u64(&x140, x139, x130, x122); + fiat_secp256k1_scalar_cmovznz_u64(&x141, x139, x132, x124); + fiat_secp256k1_scalar_cmovznz_u64(&x142, x139, x134, x126); + fiat_secp256k1_scalar_cmovznz_u64(&x143, x139, x136, x128); + out1[0] = x140; + out1[1] = x141; + out1[2] = x142; + out1[3] = x143; +} + +/* + * The function fiat_secp256k1_scalar_to_montgomery translates a field element into the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = eval arg1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_to_montgomery(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_non_montgomery_domain_field_element arg1) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint64_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint64_t x17; + fiat_secp256k1_scalar_uint1 x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + fiat_secp256k1_scalar_uint1 x30; + uint64_t x31; + fiat_secp256k1_scalar_uint1 x32; + uint64_t x33; + fiat_secp256k1_scalar_uint1 x34; + uint64_t x35; + fiat_secp256k1_scalar_uint1 x36; + uint64_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint64_t x39; + fiat_secp256k1_scalar_uint1 x40; + uint64_t x41; + fiat_secp256k1_scalar_uint1 x42; + uint64_t x43; + fiat_secp256k1_scalar_uint1 x44; + uint64_t x45; + uint64_t x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + fiat_secp256k1_scalar_uint1 x54; + uint64_t x55; + fiat_secp256k1_scalar_uint1 x56; + uint64_t x57; + fiat_secp256k1_scalar_uint1 x58; + uint64_t x59; + fiat_secp256k1_scalar_uint1 x60; + uint64_t x61; + fiat_secp256k1_scalar_uint1 x62; + uint64_t x63; + fiat_secp256k1_scalar_uint1 x64; + uint64_t x65; + fiat_secp256k1_scalar_uint1 x66; + uint64_t x67; + uint64_t x68; + uint64_t x69; + uint64_t x70; + uint64_t x71; + uint64_t x72; + uint64_t x73; + uint64_t x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + fiat_secp256k1_scalar_uint1 x78; + uint64_t x79; + fiat_secp256k1_scalar_uint1 x80; + uint64_t x81; + fiat_secp256k1_scalar_uint1 x82; + uint64_t x83; + fiat_secp256k1_scalar_uint1 x84; + uint64_t x85; + fiat_secp256k1_scalar_uint1 x86; + uint64_t x87; + fiat_secp256k1_scalar_uint1 x88; + uint64_t x89; + fiat_secp256k1_scalar_uint1 x90; + uint64_t x91; + fiat_secp256k1_scalar_uint1 x92; + uint64_t x93; + uint64_t x94; + uint64_t x95; + uint64_t x96; + uint64_t x97; + uint64_t x98; + uint64_t x99; + uint64_t x100; + uint64_t x101; + fiat_secp256k1_scalar_uint1 x102; + uint64_t x103; + fiat_secp256k1_scalar_uint1 x104; + uint64_t x105; + fiat_secp256k1_scalar_uint1 x106; + uint64_t x107; + fiat_secp256k1_scalar_uint1 x108; + uint64_t x109; + fiat_secp256k1_scalar_uint1 x110; + uint64_t x111; + fiat_secp256k1_scalar_uint1 x112; + uint64_t x113; + fiat_secp256k1_scalar_uint1 x114; + uint64_t x115; + uint64_t x116; + uint64_t x117; + uint64_t x118; + uint64_t x119; + uint64_t x120; + uint64_t x121; + uint64_t x122; + uint64_t x123; + uint64_t x124; + uint64_t x125; + fiat_secp256k1_scalar_uint1 x126; + uint64_t x127; + fiat_secp256k1_scalar_uint1 x128; + uint64_t x129; + fiat_secp256k1_scalar_uint1 x130; + uint64_t x131; + fiat_secp256k1_scalar_uint1 x132; + uint64_t x133; + fiat_secp256k1_scalar_uint1 x134; + uint64_t x135; + fiat_secp256k1_scalar_uint1 x136; + uint64_t x137; + fiat_secp256k1_scalar_uint1 x138; + uint64_t x139; + fiat_secp256k1_scalar_uint1 x140; + uint64_t x141; + uint64_t x142; + uint64_t x143; + uint64_t x144; + uint64_t x145; + uint64_t x146; + uint64_t x147; + uint64_t x148; + uint64_t x149; + fiat_secp256k1_scalar_uint1 x150; + uint64_t x151; + fiat_secp256k1_scalar_uint1 x152; + uint64_t x153; + fiat_secp256k1_scalar_uint1 x154; + uint64_t x155; + fiat_secp256k1_scalar_uint1 x156; + uint64_t x157; + fiat_secp256k1_scalar_uint1 x158; + uint64_t x159; + fiat_secp256k1_scalar_uint1 x160; + uint64_t x161; + fiat_secp256k1_scalar_uint1 x162; + uint64_t x163; + uint64_t x164; + uint64_t x165; + uint64_t x166; + uint64_t x167; + uint64_t x168; + uint64_t x169; + uint64_t x170; + uint64_t x171; + uint64_t x172; + uint64_t x173; + fiat_secp256k1_scalar_uint1 x174; + uint64_t x175; + fiat_secp256k1_scalar_uint1 x176; + uint64_t x177; + fiat_secp256k1_scalar_uint1 x178; + uint64_t x179; + fiat_secp256k1_scalar_uint1 x180; + uint64_t x181; + fiat_secp256k1_scalar_uint1 x182; + uint64_t x183; + fiat_secp256k1_scalar_uint1 x184; + uint64_t x185; + fiat_secp256k1_scalar_uint1 x186; + uint64_t x187; + fiat_secp256k1_scalar_uint1 x188; + uint64_t x189; + fiat_secp256k1_scalar_uint1 x190; + uint64_t x191; + fiat_secp256k1_scalar_uint1 x192; + uint64_t x193; + fiat_secp256k1_scalar_uint1 x194; + uint64_t x195; + fiat_secp256k1_scalar_uint1 x196; + uint64_t x197; + fiat_secp256k1_scalar_uint1 x198; + uint64_t x199; + uint64_t x200; + uint64_t x201; + uint64_t x202; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u64(&x5, &x6, x4, UINT64_C(0x9d671cd581c69bc5)); + fiat_secp256k1_scalar_mulx_u64(&x7, &x8, x4, UINT64_C(0xe697f5e45bcd07c6)); + fiat_secp256k1_scalar_mulx_u64(&x9, &x10, x4, UINT64_C(0x741496c20e7cf878)); + fiat_secp256k1_scalar_mulx_u64(&x11, &x12, x4, UINT64_C(0x896cf21467d7d140)); + fiat_secp256k1_scalar_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + fiat_secp256k1_scalar_addcarryx_u64(&x15, &x16, x14, x10, x7); + fiat_secp256k1_scalar_addcarryx_u64(&x17, &x18, x16, x8, x5); + fiat_secp256k1_scalar_mulx_u64(&x19, &x20, x11, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x21, &x22, x19, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x23, &x24, x19, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x25, &x26, x19, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x27, &x28, x19, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x29, &x30, 0x0, x28, x25); + fiat_secp256k1_scalar_addcarryx_u64(&x31, &x32, x30, x26, x23); + fiat_secp256k1_scalar_addcarryx_u64(&x33, &x34, x32, x24, x21); + fiat_secp256k1_scalar_addcarryx_u64(&x35, &x36, 0x0, x11, x27); + fiat_secp256k1_scalar_addcarryx_u64(&x37, &x38, x36, x13, x29); + fiat_secp256k1_scalar_addcarryx_u64(&x39, &x40, x38, x15, x31); + fiat_secp256k1_scalar_addcarryx_u64(&x41, &x42, x40, x17, x33); + fiat_secp256k1_scalar_addcarryx_u64(&x43, &x44, x42, (x18 + x6), (x34 + x22)); + fiat_secp256k1_scalar_mulx_u64(&x45, &x46, x1, UINT64_C(0x9d671cd581c69bc5)); + fiat_secp256k1_scalar_mulx_u64(&x47, &x48, x1, UINT64_C(0xe697f5e45bcd07c6)); + fiat_secp256k1_scalar_mulx_u64(&x49, &x50, x1, UINT64_C(0x741496c20e7cf878)); + fiat_secp256k1_scalar_mulx_u64(&x51, &x52, x1, UINT64_C(0x896cf21467d7d140)); + fiat_secp256k1_scalar_addcarryx_u64(&x53, &x54, 0x0, x52, x49); + fiat_secp256k1_scalar_addcarryx_u64(&x55, &x56, x54, x50, x47); + fiat_secp256k1_scalar_addcarryx_u64(&x57, &x58, x56, x48, x45); + fiat_secp256k1_scalar_addcarryx_u64(&x59, &x60, 0x0, x37, x51); + fiat_secp256k1_scalar_addcarryx_u64(&x61, &x62, x60, x39, x53); + fiat_secp256k1_scalar_addcarryx_u64(&x63, &x64, x62, x41, x55); + fiat_secp256k1_scalar_addcarryx_u64(&x65, &x66, x64, x43, x57); + fiat_secp256k1_scalar_mulx_u64(&x67, &x68, x59, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x69, &x70, x67, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x71, &x72, x67, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x73, &x74, x67, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x75, &x76, x67, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x77, &x78, 0x0, x76, x73); + fiat_secp256k1_scalar_addcarryx_u64(&x79, &x80, x78, x74, x71); + fiat_secp256k1_scalar_addcarryx_u64(&x81, &x82, x80, x72, x69); + fiat_secp256k1_scalar_addcarryx_u64(&x83, &x84, 0x0, x59, x75); + fiat_secp256k1_scalar_addcarryx_u64(&x85, &x86, x84, x61, x77); + fiat_secp256k1_scalar_addcarryx_u64(&x87, &x88, x86, x63, x79); + fiat_secp256k1_scalar_addcarryx_u64(&x89, &x90, x88, x65, x81); + fiat_secp256k1_scalar_addcarryx_u64(&x91, &x92, x90, (((uint64_t)x66 + x44) + (x58 + x46)), (x82 + x70)); + fiat_secp256k1_scalar_mulx_u64(&x93, &x94, x2, UINT64_C(0x9d671cd581c69bc5)); + fiat_secp256k1_scalar_mulx_u64(&x95, &x96, x2, UINT64_C(0xe697f5e45bcd07c6)); + fiat_secp256k1_scalar_mulx_u64(&x97, &x98, x2, UINT64_C(0x741496c20e7cf878)); + fiat_secp256k1_scalar_mulx_u64(&x99, &x100, x2, UINT64_C(0x896cf21467d7d140)); + fiat_secp256k1_scalar_addcarryx_u64(&x101, &x102, 0x0, x100, x97); + fiat_secp256k1_scalar_addcarryx_u64(&x103, &x104, x102, x98, x95); + fiat_secp256k1_scalar_addcarryx_u64(&x105, &x106, x104, x96, x93); + fiat_secp256k1_scalar_addcarryx_u64(&x107, &x108, 0x0, x85, x99); + fiat_secp256k1_scalar_addcarryx_u64(&x109, &x110, x108, x87, x101); + fiat_secp256k1_scalar_addcarryx_u64(&x111, &x112, x110, x89, x103); + fiat_secp256k1_scalar_addcarryx_u64(&x113, &x114, x112, x91, x105); + fiat_secp256k1_scalar_mulx_u64(&x115, &x116, x107, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x117, &x118, x115, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x119, &x120, x115, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x121, &x122, x115, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x123, &x124, x115, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x125, &x126, 0x0, x124, x121); + fiat_secp256k1_scalar_addcarryx_u64(&x127, &x128, x126, x122, x119); + fiat_secp256k1_scalar_addcarryx_u64(&x129, &x130, x128, x120, x117); + fiat_secp256k1_scalar_addcarryx_u64(&x131, &x132, 0x0, x107, x123); + fiat_secp256k1_scalar_addcarryx_u64(&x133, &x134, x132, x109, x125); + fiat_secp256k1_scalar_addcarryx_u64(&x135, &x136, x134, x111, x127); + fiat_secp256k1_scalar_addcarryx_u64(&x137, &x138, x136, x113, x129); + fiat_secp256k1_scalar_addcarryx_u64(&x139, &x140, x138, (((uint64_t)x114 + x92) + (x106 + x94)), (x130 + x118)); + fiat_secp256k1_scalar_mulx_u64(&x141, &x142, x3, UINT64_C(0x9d671cd581c69bc5)); + fiat_secp256k1_scalar_mulx_u64(&x143, &x144, x3, UINT64_C(0xe697f5e45bcd07c6)); + fiat_secp256k1_scalar_mulx_u64(&x145, &x146, x3, UINT64_C(0x741496c20e7cf878)); + fiat_secp256k1_scalar_mulx_u64(&x147, &x148, x3, UINT64_C(0x896cf21467d7d140)); + fiat_secp256k1_scalar_addcarryx_u64(&x149, &x150, 0x0, x148, x145); + fiat_secp256k1_scalar_addcarryx_u64(&x151, &x152, x150, x146, x143); + fiat_secp256k1_scalar_addcarryx_u64(&x153, &x154, x152, x144, x141); + fiat_secp256k1_scalar_addcarryx_u64(&x155, &x156, 0x0, x133, x147); + fiat_secp256k1_scalar_addcarryx_u64(&x157, &x158, x156, x135, x149); + fiat_secp256k1_scalar_addcarryx_u64(&x159, &x160, x158, x137, x151); + fiat_secp256k1_scalar_addcarryx_u64(&x161, &x162, x160, x139, x153); + fiat_secp256k1_scalar_mulx_u64(&x163, &x164, x155, UINT64_C(0x4b0dff665588b13f)); + fiat_secp256k1_scalar_mulx_u64(&x165, &x166, x163, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_mulx_u64(&x167, &x168, x163, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_mulx_u64(&x169, &x170, x163, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_mulx_u64(&x171, &x172, x163, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_addcarryx_u64(&x173, &x174, 0x0, x172, x169); + fiat_secp256k1_scalar_addcarryx_u64(&x175, &x176, x174, x170, x167); + fiat_secp256k1_scalar_addcarryx_u64(&x177, &x178, x176, x168, x165); + fiat_secp256k1_scalar_addcarryx_u64(&x179, &x180, 0x0, x155, x171); + fiat_secp256k1_scalar_addcarryx_u64(&x181, &x182, x180, x157, x173); + fiat_secp256k1_scalar_addcarryx_u64(&x183, &x184, x182, x159, x175); + fiat_secp256k1_scalar_addcarryx_u64(&x185, &x186, x184, x161, x177); + fiat_secp256k1_scalar_addcarryx_u64(&x187, &x188, x186, (((uint64_t)x162 + x140) + (x154 + x142)), (x178 + x166)); + fiat_secp256k1_scalar_subborrowx_u64(&x189, &x190, 0x0, x181, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x191, &x192, x190, x183, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x193, &x194, x192, x185, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x195, &x196, x194, x187, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x197, &x198, x196, x188, 0x0); + fiat_secp256k1_scalar_cmovznz_u64(&x199, x198, x189, x181); + fiat_secp256k1_scalar_cmovznz_u64(&x200, x198, x191, x183); + fiat_secp256k1_scalar_cmovznz_u64(&x201, x198, x193, x185); + fiat_secp256k1_scalar_cmovznz_u64(&x202, x198, x195, x187); + out1[0] = x199; + out1[1] = x200; + out1[2] = x201; + out1[3] = x202; +} + +/* + * The function fiat_secp256k1_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_nonzero(uint64_t* out1, const uint64_t arg1[4]) { + uint64_t x1; + x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + *out1 = x1; +} + +/* + * The function fiat_secp256k1_scalar_selectznz is a multi-limb conditional select. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_selectznz(uint64_t out1[4], fiat_secp256k1_scalar_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + fiat_secp256k1_scalar_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); + fiat_secp256k1_scalar_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); + fiat_secp256k1_scalar_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + fiat_secp256k1_scalar_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + +/* + * The function fiat_secp256k1_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint8_t x5; + uint64_t x6; + uint8_t x7; + uint64_t x8; + uint8_t x9; + uint64_t x10; + uint8_t x11; + uint64_t x12; + uint8_t x13; + uint64_t x14; + uint8_t x15; + uint64_t x16; + uint8_t x17; + uint8_t x18; + uint8_t x19; + uint64_t x20; + uint8_t x21; + uint64_t x22; + uint8_t x23; + uint64_t x24; + uint8_t x25; + uint64_t x26; + uint8_t x27; + uint64_t x28; + uint8_t x29; + uint64_t x30; + uint8_t x31; + uint8_t x32; + uint8_t x33; + uint64_t x34; + uint8_t x35; + uint64_t x36; + uint8_t x37; + uint64_t x38; + uint8_t x39; + uint64_t x40; + uint8_t x41; + uint64_t x42; + uint8_t x43; + uint64_t x44; + uint8_t x45; + uint8_t x46; + uint8_t x47; + uint64_t x48; + uint8_t x49; + uint64_t x50; + uint8_t x51; + uint64_t x52; + uint8_t x53; + uint64_t x54; + uint8_t x55; + uint64_t x56; + uint8_t x57; + uint64_t x58; + uint8_t x59; + uint8_t x60; + x1 = (arg1[3]); + x2 = (arg1[2]); + x3 = (arg1[1]); + x4 = (arg1[0]); + x5 = (uint8_t)(x4 & UINT8_C(0xff)); + x6 = (x4 >> 8); + x7 = (uint8_t)(x6 & UINT8_C(0xff)); + x8 = (x6 >> 8); + x9 = (uint8_t)(x8 & UINT8_C(0xff)); + x10 = (x8 >> 8); + x11 = (uint8_t)(x10 & UINT8_C(0xff)); + x12 = (x10 >> 8); + x13 = (uint8_t)(x12 & UINT8_C(0xff)); + x14 = (x12 >> 8); + x15 = (uint8_t)(x14 & UINT8_C(0xff)); + x16 = (x14 >> 8); + x17 = (uint8_t)(x16 & UINT8_C(0xff)); + x18 = (uint8_t)(x16 >> 8); + x19 = (uint8_t)(x3 & UINT8_C(0xff)); + x20 = (x3 >> 8); + x21 = (uint8_t)(x20 & UINT8_C(0xff)); + x22 = (x20 >> 8); + x23 = (uint8_t)(x22 & UINT8_C(0xff)); + x24 = (x22 >> 8); + x25 = (uint8_t)(x24 & UINT8_C(0xff)); + x26 = (x24 >> 8); + x27 = (uint8_t)(x26 & UINT8_C(0xff)); + x28 = (x26 >> 8); + x29 = (uint8_t)(x28 & UINT8_C(0xff)); + x30 = (x28 >> 8); + x31 = (uint8_t)(x30 & UINT8_C(0xff)); + x32 = (uint8_t)(x30 >> 8); + x33 = (uint8_t)(x2 & UINT8_C(0xff)); + x34 = (x2 >> 8); + x35 = (uint8_t)(x34 & UINT8_C(0xff)); + x36 = (x34 >> 8); + x37 = (uint8_t)(x36 & UINT8_C(0xff)); + x38 = (x36 >> 8); + x39 = (uint8_t)(x38 & UINT8_C(0xff)); + x40 = (x38 >> 8); + x41 = (uint8_t)(x40 & UINT8_C(0xff)); + x42 = (x40 >> 8); + x43 = (uint8_t)(x42 & UINT8_C(0xff)); + x44 = (x42 >> 8); + x45 = (uint8_t)(x44 & UINT8_C(0xff)); + x46 = (uint8_t)(x44 >> 8); + x47 = (uint8_t)(x1 & UINT8_C(0xff)); + x48 = (x1 >> 8); + x49 = (uint8_t)(x48 & UINT8_C(0xff)); + x50 = (x48 >> 8); + x51 = (uint8_t)(x50 & UINT8_C(0xff)); + x52 = (x50 >> 8); + x53 = (uint8_t)(x52 & UINT8_C(0xff)); + x54 = (x52 >> 8); + x55 = (uint8_t)(x54 & UINT8_C(0xff)); + x56 = (x54 >> 8); + x57 = (uint8_t)(x56 & UINT8_C(0xff)); + x58 = (x56 >> 8); + x59 = (uint8_t)(x58 & UINT8_C(0xff)); + x60 = (uint8_t)(x58 >> 8); + out1[0] = x5; + out1[1] = x7; + out1[2] = x9; + out1[3] = x11; + out1[4] = x13; + out1[5] = x15; + out1[6] = x17; + out1[7] = x18; + out1[8] = x19; + out1[9] = x21; + out1[10] = x23; + out1[11] = x25; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x39; + out1[20] = x41; + out1[21] = x43; + out1[22] = x45; + out1[23] = x46; + out1[24] = x47; + out1[25] = x49; + out1[26] = x51; + out1[27] = x53; + out1[28] = x55; + out1[29] = x57; + out1[30] = x59; + out1[31] = x60; +} + +/* + * The function fiat_secp256k1_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. + * + * Preconditions: + * 0 ≤ bytes_eval arg1 < m + * Postconditions: + * eval out1 mod m = bytes_eval arg1 mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { + uint64_t x1; + uint64_t x2; + uint64_t x3; + uint64_t x4; + uint64_t x5; + uint64_t x6; + uint64_t x7; + uint8_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + uint64_t x13; + uint64_t x14; + uint64_t x15; + uint8_t x16; + uint64_t x17; + uint64_t x18; + uint64_t x19; + uint64_t x20; + uint64_t x21; + uint64_t x22; + uint64_t x23; + uint8_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + uint64_t x31; + uint8_t x32; + uint64_t x33; + uint64_t x34; + uint64_t x35; + uint64_t x36; + uint64_t x37; + uint64_t x38; + uint64_t x39; + uint64_t x40; + uint64_t x41; + uint64_t x42; + uint64_t x43; + uint64_t x44; + uint64_t x45; + uint64_t x46; + uint64_t x47; + uint64_t x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + uint64_t x54; + uint64_t x55; + uint64_t x56; + uint64_t x57; + uint64_t x58; + uint64_t x59; + uint64_t x60; + x1 = ((uint64_t)(arg1[31]) << 56); + x2 = ((uint64_t)(arg1[30]) << 48); + x3 = ((uint64_t)(arg1[29]) << 40); + x4 = ((uint64_t)(arg1[28]) << 32); + x5 = ((uint64_t)(arg1[27]) << 24); + x6 = ((uint64_t)(arg1[26]) << 16); + x7 = ((uint64_t)(arg1[25]) << 8); + x8 = (arg1[24]); + x9 = ((uint64_t)(arg1[23]) << 56); + x10 = ((uint64_t)(arg1[22]) << 48); + x11 = ((uint64_t)(arg1[21]) << 40); + x12 = ((uint64_t)(arg1[20]) << 32); + x13 = ((uint64_t)(arg1[19]) << 24); + x14 = ((uint64_t)(arg1[18]) << 16); + x15 = ((uint64_t)(arg1[17]) << 8); + x16 = (arg1[16]); + x17 = ((uint64_t)(arg1[15]) << 56); + x18 = ((uint64_t)(arg1[14]) << 48); + x19 = ((uint64_t)(arg1[13]) << 40); + x20 = ((uint64_t)(arg1[12]) << 32); + x21 = ((uint64_t)(arg1[11]) << 24); + x22 = ((uint64_t)(arg1[10]) << 16); + x23 = ((uint64_t)(arg1[9]) << 8); + x24 = (arg1[8]); + x25 = ((uint64_t)(arg1[7]) << 56); + x26 = ((uint64_t)(arg1[6]) << 48); + x27 = ((uint64_t)(arg1[5]) << 40); + x28 = ((uint64_t)(arg1[4]) << 32); + x29 = ((uint64_t)(arg1[3]) << 24); + x30 = ((uint64_t)(arg1[2]) << 16); + x31 = ((uint64_t)(arg1[1]) << 8); + x32 = (arg1[0]); + x33 = (x31 + (uint64_t)x32); + x34 = (x30 + x33); + x35 = (x29 + x34); + x36 = (x28 + x35); + x37 = (x27 + x36); + x38 = (x26 + x37); + x39 = (x25 + x38); + x40 = (x23 + (uint64_t)x24); + x41 = (x22 + x40); + x42 = (x21 + x41); + x43 = (x20 + x42); + x44 = (x19 + x43); + x45 = (x18 + x44); + x46 = (x17 + x45); + x47 = (x15 + (uint64_t)x16); + x48 = (x14 + x47); + x49 = (x13 + x48); + x50 = (x12 + x49); + x51 = (x11 + x50); + x52 = (x10 + x51); + x53 = (x9 + x52); + x54 = (x7 + (uint64_t)x8); + x55 = (x6 + x54); + x56 = (x5 + x55); + x57 = (x4 + x56); + x58 = (x3 + x57); + x59 = (x2 + x58); + x60 = (x1 + x59); + out1[0] = x39; + out1[1] = x46; + out1[2] = x53; + out1[3] = x60; +} + +/* + * The function fiat_secp256k1_scalar_set_one returns the field element one in the Montgomery domain. + * + * Postconditions: + * eval (from_montgomery out1) mod m = 1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_set_one(fiat_secp256k1_scalar_montgomery_domain_field_element out1) { + out1[0] = UINT64_C(0x402da1732fc9bebf); + out1[1] = UINT64_C(0x4551231950b75fc4); + out1[2] = 0x1; + out1[3] = 0x0; +} + +/* + * The function fiat_secp256k1_scalar_msat returns the saturated representation of the prime modulus. + * + * Postconditions: + * twos_complement_eval out1 = m + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_msat(uint64_t out1[5]) { + out1[0] = UINT64_C(0xbfd25e8cd0364141); + out1[1] = UINT64_C(0xbaaedce6af48a03b); + out1[2] = UINT64_C(0xfffffffffffffffe); + out1[3] = UINT64_C(0xffffffffffffffff); + out1[4] = 0x0; +} + +/* + * The function fiat_secp256k1_scalar_divstep computes a divstep. + * + * Preconditions: + * 0 ≤ eval arg4 < m + * 0 ≤ eval arg5 < m + * Postconditions: + * out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) + * twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) + * twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) + * eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) + * eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) + * 0 ≤ eval out5 < m + * 0 ≤ eval out5 < m + * 0 ≤ eval out2 < m + * 0 ≤ eval out3 < m + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5], uint64_t out4[4], uint64_t out5[4], uint64_t arg1, const uint64_t arg2[5], const uint64_t arg3[5], const uint64_t arg4[4], const uint64_t arg5[4]) { + uint64_t x1; + fiat_secp256k1_scalar_uint1 x2; + fiat_secp256k1_scalar_uint1 x3; + uint64_t x4; + fiat_secp256k1_scalar_uint1 x5; + uint64_t x6; + uint64_t x7; + uint64_t x8; + uint64_t x9; + uint64_t x10; + uint64_t x11; + uint64_t x12; + fiat_secp256k1_scalar_uint1 x13; + uint64_t x14; + fiat_secp256k1_scalar_uint1 x15; + uint64_t x16; + fiat_secp256k1_scalar_uint1 x17; + uint64_t x18; + fiat_secp256k1_scalar_uint1 x19; + uint64_t x20; + fiat_secp256k1_scalar_uint1 x21; + uint64_t x22; + uint64_t x23; + uint64_t x24; + uint64_t x25; + uint64_t x26; + uint64_t x27; + uint64_t x28; + uint64_t x29; + uint64_t x30; + uint64_t x31; + fiat_secp256k1_scalar_uint1 x32; + uint64_t x33; + fiat_secp256k1_scalar_uint1 x34; + uint64_t x35; + fiat_secp256k1_scalar_uint1 x36; + uint64_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint64_t x39; + fiat_secp256k1_scalar_uint1 x40; + uint64_t x41; + fiat_secp256k1_scalar_uint1 x42; + uint64_t x43; + fiat_secp256k1_scalar_uint1 x44; + uint64_t x45; + fiat_secp256k1_scalar_uint1 x46; + uint64_t x47; + fiat_secp256k1_scalar_uint1 x48; + uint64_t x49; + uint64_t x50; + uint64_t x51; + uint64_t x52; + uint64_t x53; + fiat_secp256k1_scalar_uint1 x54; + uint64_t x55; + fiat_secp256k1_scalar_uint1 x56; + uint64_t x57; + fiat_secp256k1_scalar_uint1 x58; + uint64_t x59; + fiat_secp256k1_scalar_uint1 x60; + uint64_t x61; + uint64_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint64_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint64_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint64_t x68; + fiat_secp256k1_scalar_uint1 x69; + uint64_t x70; + uint64_t x71; + uint64_t x72; + uint64_t x73; + fiat_secp256k1_scalar_uint1 x74; + uint64_t x75; + uint64_t x76; + uint64_t x77; + uint64_t x78; + uint64_t x79; + uint64_t x80; + fiat_secp256k1_scalar_uint1 x81; + uint64_t x82; + fiat_secp256k1_scalar_uint1 x83; + uint64_t x84; + fiat_secp256k1_scalar_uint1 x85; + uint64_t x86; + fiat_secp256k1_scalar_uint1 x87; + uint64_t x88; + fiat_secp256k1_scalar_uint1 x89; + uint64_t x90; + uint64_t x91; + uint64_t x92; + uint64_t x93; + uint64_t x94; + fiat_secp256k1_scalar_uint1 x95; + uint64_t x96; + fiat_secp256k1_scalar_uint1 x97; + uint64_t x98; + fiat_secp256k1_scalar_uint1 x99; + uint64_t x100; + fiat_secp256k1_scalar_uint1 x101; + uint64_t x102; + fiat_secp256k1_scalar_uint1 x103; + uint64_t x104; + fiat_secp256k1_scalar_uint1 x105; + uint64_t x106; + fiat_secp256k1_scalar_uint1 x107; + uint64_t x108; + fiat_secp256k1_scalar_uint1 x109; + uint64_t x110; + fiat_secp256k1_scalar_uint1 x111; + uint64_t x112; + fiat_secp256k1_scalar_uint1 x113; + uint64_t x114; + uint64_t x115; + uint64_t x116; + uint64_t x117; + uint64_t x118; + uint64_t x119; + uint64_t x120; + uint64_t x121; + uint64_t x122; + uint64_t x123; + uint64_t x124; + uint64_t x125; + uint64_t x126; + fiat_secp256k1_scalar_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); + x3 = (fiat_secp256k1_scalar_uint1)((fiat_secp256k1_scalar_uint1)(x1 >> 63) & (fiat_secp256k1_scalar_uint1)((arg3[0]) & 0x1)); + fiat_secp256k1_scalar_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_secp256k1_scalar_cmovznz_u64(&x6, x3, arg1, x4); + fiat_secp256k1_scalar_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); + fiat_secp256k1_scalar_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); + fiat_secp256k1_scalar_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); + fiat_secp256k1_scalar_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); + fiat_secp256k1_scalar_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); + fiat_secp256k1_scalar_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0]))); + fiat_secp256k1_scalar_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1]))); + fiat_secp256k1_scalar_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2]))); + fiat_secp256k1_scalar_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3]))); + fiat_secp256k1_scalar_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4]))); + fiat_secp256k1_scalar_cmovznz_u64(&x22, x3, (arg3[0]), x12); + fiat_secp256k1_scalar_cmovznz_u64(&x23, x3, (arg3[1]), x14); + fiat_secp256k1_scalar_cmovznz_u64(&x24, x3, (arg3[2]), x16); + fiat_secp256k1_scalar_cmovznz_u64(&x25, x3, (arg3[3]), x18); + fiat_secp256k1_scalar_cmovznz_u64(&x26, x3, (arg3[4]), x20); + fiat_secp256k1_scalar_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0])); + fiat_secp256k1_scalar_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1])); + fiat_secp256k1_scalar_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2])); + fiat_secp256k1_scalar_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3])); + fiat_secp256k1_scalar_addcarryx_u64(&x31, &x32, 0x0, x27, x27); + fiat_secp256k1_scalar_addcarryx_u64(&x33, &x34, x32, x28, x28); + fiat_secp256k1_scalar_addcarryx_u64(&x35, &x36, x34, x29, x29); + fiat_secp256k1_scalar_addcarryx_u64(&x37, &x38, x36, x30, x30); + fiat_secp256k1_scalar_subborrowx_u64(&x39, &x40, 0x0, x31, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x41, &x42, x40, x33, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x43, &x44, x42, x35, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x45, &x46, x44, x37, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x47, &x48, x46, x38, 0x0); + x49 = (arg4[3]); + x50 = (arg4[2]); + x51 = (arg4[1]); + x52 = (arg4[0]); + fiat_secp256k1_scalar_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52); + fiat_secp256k1_scalar_subborrowx_u64(&x55, &x56, x54, 0x0, x51); + fiat_secp256k1_scalar_subborrowx_u64(&x57, &x58, x56, 0x0, x50); + fiat_secp256k1_scalar_subborrowx_u64(&x59, &x60, x58, 0x0, x49); + fiat_secp256k1_scalar_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_addcarryx_u64(&x62, &x63, 0x0, x53, (x61 & UINT64_C(0xbfd25e8cd0364141))); + fiat_secp256k1_scalar_addcarryx_u64(&x64, &x65, x63, x55, (x61 & UINT64_C(0xbaaedce6af48a03b))); + fiat_secp256k1_scalar_addcarryx_u64(&x66, &x67, x65, x57, (x61 & UINT64_C(0xfffffffffffffffe))); + fiat_secp256k1_scalar_addcarryx_u64(&x68, &x69, x67, x59, x61); + fiat_secp256k1_scalar_cmovznz_u64(&x70, x3, (arg5[0]), x62); + fiat_secp256k1_scalar_cmovznz_u64(&x71, x3, (arg5[1]), x64); + fiat_secp256k1_scalar_cmovznz_u64(&x72, x3, (arg5[2]), x66); + fiat_secp256k1_scalar_cmovznz_u64(&x73, x3, (arg5[3]), x68); + x74 = (fiat_secp256k1_scalar_uint1)(x22 & 0x1); + fiat_secp256k1_scalar_cmovznz_u64(&x75, x74, 0x0, x7); + fiat_secp256k1_scalar_cmovznz_u64(&x76, x74, 0x0, x8); + fiat_secp256k1_scalar_cmovznz_u64(&x77, x74, 0x0, x9); + fiat_secp256k1_scalar_cmovznz_u64(&x78, x74, 0x0, x10); + fiat_secp256k1_scalar_cmovznz_u64(&x79, x74, 0x0, x11); + fiat_secp256k1_scalar_addcarryx_u64(&x80, &x81, 0x0, x22, x75); + fiat_secp256k1_scalar_addcarryx_u64(&x82, &x83, x81, x23, x76); + fiat_secp256k1_scalar_addcarryx_u64(&x84, &x85, x83, x24, x77); + fiat_secp256k1_scalar_addcarryx_u64(&x86, &x87, x85, x25, x78); + fiat_secp256k1_scalar_addcarryx_u64(&x88, &x89, x87, x26, x79); + fiat_secp256k1_scalar_cmovznz_u64(&x90, x74, 0x0, x27); + fiat_secp256k1_scalar_cmovznz_u64(&x91, x74, 0x0, x28); + fiat_secp256k1_scalar_cmovznz_u64(&x92, x74, 0x0, x29); + fiat_secp256k1_scalar_cmovznz_u64(&x93, x74, 0x0, x30); + fiat_secp256k1_scalar_addcarryx_u64(&x94, &x95, 0x0, x70, x90); + fiat_secp256k1_scalar_addcarryx_u64(&x96, &x97, x95, x71, x91); + fiat_secp256k1_scalar_addcarryx_u64(&x98, &x99, x97, x72, x92); + fiat_secp256k1_scalar_addcarryx_u64(&x100, &x101, x99, x73, x93); + fiat_secp256k1_scalar_subborrowx_u64(&x102, &x103, 0x0, x94, UINT64_C(0xbfd25e8cd0364141)); + fiat_secp256k1_scalar_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xbaaedce6af48a03b)); + fiat_secp256k1_scalar_subborrowx_u64(&x106, &x107, x105, x98, UINT64_C(0xfffffffffffffffe)); + fiat_secp256k1_scalar_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_scalar_subborrowx_u64(&x110, &x111, x109, x101, 0x0); + fiat_secp256k1_scalar_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); + x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff))); + x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff))); + x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff))); + x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff))); + x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1)); + fiat_secp256k1_scalar_cmovznz_u64(&x119, x48, x39, x31); + fiat_secp256k1_scalar_cmovznz_u64(&x120, x48, x41, x33); + fiat_secp256k1_scalar_cmovznz_u64(&x121, x48, x43, x35); + fiat_secp256k1_scalar_cmovznz_u64(&x122, x48, x45, x37); + fiat_secp256k1_scalar_cmovznz_u64(&x123, x111, x102, x94); + fiat_secp256k1_scalar_cmovznz_u64(&x124, x111, x104, x96); + fiat_secp256k1_scalar_cmovznz_u64(&x125, x111, x106, x98); + fiat_secp256k1_scalar_cmovznz_u64(&x126, x111, x108, x100); + *out1 = x112; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out3[0] = x114; + out3[1] = x115; + out3[2] = x116; + out3[3] = x117; + out3[4] = x118; + out4[0] = x119; + out4[1] = x120; + out4[2] = x121; + out4[3] = x122; + out5[0] = x123; + out5[1] = x124; + out5[2] = x125; + out5[3] = x126; +} + +/* + * The function fiat_secp256k1_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). + * + * Postconditions: + * eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_divstep_precomp(uint64_t out1[4]) { + out1[0] = UINT64_C(0xd7431a4d2b9cb4e9); + out1[1] = UINT64_C(0xab67d35a32d9c503); + out1[2] = UINT64_C(0xadf6c7e5859ce35f); + out1[3] = UINT64_C(0x615441451df6c379); +} + +/* END verbatim fiat code */ + +/* curve-related constants */ + +static const limb_t const_one[4] = { + UINT64_C(0x00000001000003D1), UINT64_C(0x0000000000000000), + UINT64_C(0x0000000000000000), UINT64_C(0x0000000000000000)}; + +static const limb_t const_b3[4] = { + UINT64_C(0x0000001500005025), UINT64_C(0x0000000000000000), + UINT64_C(0x0000000000000000), UINT64_C(0x0000000000000000)}; + +static const limb_t const_divstep[4] = { + UINT64_C(0xEE9129A95F556348), UINT64_C(0xF6E12502CEC1C048), + UINT64_C(0x14AF95BB0DE5911F), UINT64_C(0x28AA9C1CCCE23616)}; + +static const limb_t const_psat[4] = { + UINT64_C(0xFFFFFFFEFFFFFC2F), UINT64_C(0xFFFFFFFFFFFFFFFF), + UINT64_C(0xFFFFFFFFFFFFFFFF), UINT64_C(0xFFFFFFFFFFFFFFFF)}; + +/* LUT for scalar multiplication by comb interleaving */ +static const pt_aff_t lut_cmb[27][16] = { + { + {{UINT64_C(0xD7362E5A487E2097), UINT64_C(0x231E295329BC66DB), + UINT64_C(0x979F48C033FD129C), UINT64_C(0x9981E643E9089F48)}, + {UINT64_C(0xB15EA6D2D3DBABE2), UINT64_C(0x8DFC5D5D1F1DC64D), + UINT64_C(0x70B6B59AAC19C136), UINT64_C(0xCF3F851FD4A582D6)}}, + {{UINT64_C(0x2379D4BBD5FEA781), UINT64_C(0x066CEAFB22EB7BC4), + UINT64_C(0x5940D07385985972), UINT64_C(0x9497730FCDF4C0AD)}, + {UINT64_C(0xAF18B0B0613F55A9), UINT64_C(0xAC4964CDC5A1F91F), + UINT64_C(0xCC6048BD84885650), UINT64_C(0x3EC28DCD9215EC76)}}, + {{UINT64_C(0x212347FCBEA19BC6), UINT64_C(0x58D7334DDC284CDA), + UINT64_C(0x20CE358572DD41DD), UINT64_C(0x8ED284D3AAE7F96F)}, + {UINT64_C(0x9E5E784800DFD9E7), UINT64_C(0x59AAA8D8AAD35CC5), + UINT64_C(0x011D0B107F8DBFD2), UINT64_C(0x1FD437AE583630C0)}}, + {{UINT64_C(0x07ECE566CAA4CB22), UINT64_C(0xCA934F8716C087C4), + UINT64_C(0x4DA362224E1D6BD5), UINT64_C(0x5F402433D73866E0)}, + {UINT64_C(0x4777D1124A77D752), UINT64_C(0x879D7639F1097263), + UINT64_C(0xF2FD13D87291AB04), UINT64_C(0xC8043A670BA1A73B)}}, + {{UINT64_C(0x46CC6D26EAFD5A74), UINT64_C(0x6EDD9E7F1ED7F74C), + UINT64_C(0x8CEC72C7F64B253D), UINT64_C(0x87D71C6BF4D02A72)}, + {UINT64_C(0xB2A0D4AE268D25A4), UINT64_C(0xAEC108C659794D80), + UINT64_C(0xF0176BEDE6793574), UINT64_C(0x0156339094CEF97C)}}, + {{UINT64_C(0x04F0C78F94A7A0AA), UINT64_C(0x349EBDF993493BB8), + UINT64_C(0xD28558B5BB49A3C1), UINT64_C(0x9D888BE8BCE5A953)}, + {UINT64_C(0x434322E37BEACF4C), UINT64_C(0x755DB980F899ACAA), + UINT64_C(0x7CB76BD27B41572A), UINT64_C(0x0E92C06D7705FAC8)}}, + {{UINT64_C(0xD59A06C4F5989088), UINT64_C(0xD35438E646AEC93F), + UINT64_C(0x5B370E50A02A9988), UINT64_C(0x7065F32BAFF18F7B)}, + {UINT64_C(0x14817536A5D44558), UINT64_C(0x0F73D052948A3B41), + UINT64_C(0xDB37E3A6C013F5AF), UINT64_C(0x595E4C3399B24984)}}, + {{UINT64_C(0xD51E8DA318620CD4), UINT64_C(0xA9B174243FF3BFFD), + UINT64_C(0x8FE0D087F9180A0E), UINT64_C(0x329CF6F36A78A2B1)}, + {UINT64_C(0x364E94E68CF9083A), UINT64_C(0xD97359FB5CA29845), + UINT64_C(0x1442E0ED9E703FC8), UINT64_C(0xF384D03B4965BC3E)}}, + {{UINT64_C(0xD90BB8E11DF00C43), UINT64_C(0x9B182865F3B25560), + UINT64_C(0x69D7A2A822B91922), UINT64_C(0xE272A6A1F9FF59AA)}, + {UINT64_C(0x85352EA76F2A14C9), UINT64_C(0x99DC58B3753707E5), + UINT64_C(0x4E936DDCC6B65CC3), UINT64_C(0xB9D1058538A1624E)}}, + {{UINT64_C(0xD78EE564D62A7A38), UINT64_C(0x5F8BF03A727DF8F4), + UINT64_C(0xD8D133ADA3023A4A), UINT64_C(0xDEB7636C4DD633A5)}, + {UINT64_C(0xDF15C738E0D36289), UINT64_C(0x91A29C6198B88BDC), + UINT64_C(0x7CEEF09600DDA4F2), UINT64_C(0x444EC627D07C28EA)}}, + {{UINT64_C(0x7287D563F76CE60A), UINT64_C(0x6DDB2DC674EACC1D), + UINT64_C(0xE0A1107E6CB12EA3), UINT64_C(0x38D21CE5A746F598)}, + {UINT64_C(0xEAD831A434CAE6F2), UINT64_C(0x439DDFDC4C4C0573), + UINT64_C(0xD69265AEB8025098), UINT64_C(0x9A760529AF0BE6C8)}}, + {{UINT64_C(0x710C24917D7868E2), UINT64_C(0xB7018DCCA66FA9A0), + UINT64_C(0xB2BB768F928BA6AA), UINT64_C(0x34B9089136060918)}, + {UINT64_C(0x1BB37E7D5A765CFA), UINT64_C(0x04E41EB805D5C130), + UINT64_C(0xFABC5A81934FC6C9), UINT64_C(0x1ADA75EB956C455F)}}, + {{UINT64_C(0x43A8673A528EAB6D), UINT64_C(0xCC7C3AFF84257EEE), + UINT64_C(0x826674BBF7FB2C09), UINT64_C(0x4F13FD3DB6487C5A)}, + {UINT64_C(0x1AF88D5C37027B74), UINT64_C(0xD788F352BB5BB569), + UINT64_C(0x315A735BEAAA2D4C), UINT64_C(0xDAAF22E5B81AC1BD)}}, + {{UINT64_C(0x4065DE4BDF096D18), UINT64_C(0xF732D13664C270E8), + UINT64_C(0x4A77F053B730AEBA), UINT64_C(0x6753E5A765719926)}, + {UINT64_C(0xCA06688145D3E40B), UINT64_C(0x5987C3F8AC9DCFB6), + UINT64_C(0xFBFCC60CD3304A23), UINT64_C(0x5DACE33180153D3B)}}, + {{UINT64_C(0x78393CC1BC66AEBF), UINT64_C(0x66DE27B31124AA09), + UINT64_C(0x8C4C7F2072CECEBE), UINT64_C(0x30822ABDD5A92B77)}, + {UINT64_C(0xA8C8E083F7CBCB31), UINT64_C(0xCB952FA172BD2977), + UINT64_C(0x0CDB3AB31AFA8C27), UINT64_C(0x210EC24F6535CE88)}}, + {{UINT64_C(0x3EEEC4B21AF2746F), UINT64_C(0x016F76F7B2686256), + UINT64_C(0x730D41A484012E67), UINT64_C(0xF12C7E23F74EC811)}, + {UINT64_C(0xE5694678A89357DC), UINT64_C(0x10AC2B51CA2335DD), + UINT64_C(0x5E0EDA4CE149B499), UINT64_C(0x27964839BFA868AA)}}, + }, + { + {{UINT64_C(0xADB47B9D5BB2A131), UINT64_C(0x18668FE168DDBBEA), + UINT64_C(0x9CB9F68786A0679A), UINT64_C(0xC00F5A0F4033B7E8)}, + {UINT64_C(0xC215EBE6EDCE153C), UINT64_C(0x4F227EC0293549DD), + UINT64_C(0xB6190F9094DB5F97), UINT64_C(0xE50530CC3E4DC133)}}, + {{UINT64_C(0xDC772F167AB0A263), UINT64_C(0x46F341F68DD11538), + UINT64_C(0x07660582686BD6FC), UINT64_C(0xDDCBD7C1390FC89F)}, + {UINT64_C(0x634A8D7F29BA2017), UINT64_C(0x198EF17D6745BF3F), + UINT64_C(0x2A4751270347FC10), UINT64_C(0xDD0AC964A7944C7C)}}, + {{UINT64_C(0x12F838ED6E1DE804), UINT64_C(0x8AB192A591447472), + UINT64_C(0xFCC205743221B010), UINT64_C(0x652AE2678042009C)}, + {UINT64_C(0xBD830BF906819F10), UINT64_C(0xD43AF55129FDC18A), + UINT64_C(0x6DBBA7F16C7E5F2F), UINT64_C(0xE2057C4FC43D7C7D)}}, + {{UINT64_C(0x1B184D85C4AE2691), UINT64_C(0x132DBDB0B0A8A9CF), + UINT64_C(0x7D5789BFFCE576EE), UINT64_C(0x0A07739812898C50)}, + {UINT64_C(0x9FDAE028D4DDBE0A), UINT64_C(0xD1AB29D6FDCB1E2D), + UINT64_C(0x1CFBE8A0A748809B), UINT64_C(0x1827DDD932371D99)}}, + {{UINT64_C(0x9CCE6EB6B8C213A9), UINT64_C(0xF8E9D0EF20B781D0), + UINT64_C(0x1D80DC106F2D52B0), UINT64_C(0xFA2C5362BBE471F4)}, + {UINT64_C(0xC8DEA3D79400FE98), UINT64_C(0xD3930B3C50E2EE83), + UINT64_C(0x8A2BCEAA3423F1F4), UINT64_C(0x086F92EB48F261C2)}}, + {{UINT64_C(0xDA54C36C8203E535), UINT64_C(0x9C9EF006D59AF0DA), + UINT64_C(0x79CB51B9D912D1F7), UINT64_C(0x9BDE1E92F424ABF2)}, + {UINT64_C(0x252014FA408425B9), UINT64_C(0xE2BD92B769D677F5), + UINT64_C(0x55E8423D399526D9), UINT64_C(0xF91FD1CFAF0015C7)}}, + {{UINT64_C(0x9DE9505F264593FA), UINT64_C(0x78132A3696E33B09), + UINT64_C(0xFE34862816F63FFA), UINT64_C(0x6038E103A796D533)}, + {UINT64_C(0xC813DC994D96A7EE), UINT64_C(0x4FEBC0B16169424E), + UINT64_C(0x4B962AF4A40EFB63), UINT64_C(0x52E0D46D094516B3)}}, + {{UINT64_C(0xD3C495BB4E84AB6D), UINT64_C(0x7A736E55E0713C82), + UINT64_C(0x9024A7296F4CC6FE), UINT64_C(0x958AC19B13AFC3C3)}, + {UINT64_C(0x54895A5AF8F6CD1C), UINT64_C(0x102C29F35CD04824), + UINT64_C(0xD9F6C2C3A29A46FD), UINT64_C(0x49A53D7D4539FE06)}}, + {{UINT64_C(0x76ED4FCD89D67F7F), UINT64_C(0xF558F995BFA7390B), + UINT64_C(0xD4F84FEC02CAD114), UINT64_C(0x95668D58D564379E)}, + {UINT64_C(0x6EE347B2DA52E321), UINT64_C(0x1375F05BD7082BDB), + UINT64_C(0xA7199D0B5506ADBA), UINT64_C(0x1F9E8D781AD75B7E)}}, + {{UINT64_C(0x722AEDC3C0EF5AC2), UINT64_C(0x1A79BBE91B4A13C4), + UINT64_C(0xC91560C8B4E5B4AC), UINT64_C(0xB0DC200C1998C957)}, + {UINT64_C(0xF77717945A6B5ECD), UINT64_C(0x251720BADE37586A), + UINT64_C(0x81E1CB1BA9DC2FBD), UINT64_C(0xEDBA02ACF282AB9C)}}, + {{UINT64_C(0x8C4949CBA05E7F4B), UINT64_C(0xF8B4C0D2E2687A19), + UINT64_C(0x3C83C92BC3F11770), UINT64_C(0x2E5564E64F9EC1AA)}, + {UINT64_C(0x66DB0E44CA4CC477), UINT64_C(0x620E3FA9629BDB96), + UINT64_C(0x9596E1FD1358F998), UINT64_C(0xAA987302CCEC2C26)}}, + {{UINT64_C(0x8B1CD761C7241FC0), UINT64_C(0x53BD24E1BC9601A1), + UINT64_C(0xBC2E872D144B11D2), UINT64_C(0x26CA8DE5AC76FE3B)}, + {UINT64_C(0x44C5DCBDAE6FA369), UINT64_C(0x1D0BE74233B04317), + UINT64_C(0x60301C5FA7AC77CB), UINT64_C(0xA657D2DCCA1DD56A)}}, + {{UINT64_C(0x73C8D8F9DD208EA5), UINT64_C(0x743E748901618745), + UINT64_C(0x7258816070EDDDD6), UINT64_C(0x18B3A00C8F05ABCE)}, + {UINT64_C(0x7F4CE6B7ECFD9054), UINT64_C(0xBB4373E8A806F3C4), + UINT64_C(0x90DDD252A45FA053), UINT64_C(0x810954C585E689FE)}}, + {{UINT64_C(0xE1427B2FE6CF4CC2), UINT64_C(0x7E83DF80CB880C74), + UINT64_C(0x611729371701C0D5), UINT64_C(0xD261D859C74B3852)}, + {UINT64_C(0x892F60D2D5E12E6F), UINT64_C(0xEBB8114989359CE6), + UINT64_C(0x43179C139797B2D1), UINT64_C(0xF23B611730F6CA2F)}}, + {{UINT64_C(0xFDCA182C1ACD789C), UINT64_C(0x9715AD57C56C9A51), + UINT64_C(0xA42D8CE0C4B42FE8), UINT64_C(0xB87D46385AACCC6D)}, + {UINT64_C(0x82A846F43ADC27FD), UINT64_C(0x7493C03467437B33), + UINT64_C(0xF27F0FB920F23D3C), UINT64_C(0xEBEBD682772E22A8)}}, + {{UINT64_C(0x1ECE3DB4408F77DE), UINT64_C(0xBA056F8A44EEBCA7), + UINT64_C(0xA977CB6E651263E2), UINT64_C(0xE6CC43D7395C54A3)}, + {UINT64_C(0x10572FAF4ADFB5CB), UINT64_C(0x96B18CBC2EB5E269), + UINT64_C(0x2181A249EA461B59), UINT64_C(0xDA590102784E1003)}}, + }, + { + {{UINT64_C(0xD53D5D0472ED7345), UINT64_C(0xBCFF12D439515FF5), + UINT64_C(0x7A4D9D08B3B5828C), UINT64_C(0xF899A71B1BAC7DEB)}, + {UINT64_C(0x6137EEF2BA436C62), UINT64_C(0x0D85465E5E7F89AB), + UINT64_C(0x1ED24E35F6D34352), UINT64_C(0x6737DBE3C1601124)}}, + {{UINT64_C(0x723B7C7964727D73), UINT64_C(0x273ACEBAB21A366A), + UINT64_C(0x52BB492250CD2CFB), UINT64_C(0xA24B55FA0B64B761)}, + {UINT64_C(0x4AED6807266F7BB5), UINT64_C(0x7E232C20CF67241B), + UINT64_C(0x21FE3578B3B76CC0), UINT64_C(0x3DF4119582EC9A9D)}}, + {{UINT64_C(0x06908E0DD7025992), UINT64_C(0x5A83405C2C613728), + UINT64_C(0x30F4ABF4C704B367), UINT64_C(0x6070E00379C4A4F5)}, + {UINT64_C(0x126CE1F0F02BA458), UINT64_C(0x4CD496DD5CB90F5F), + UINT64_C(0xFB4884DC6EE31CC4), UINT64_C(0x2DF0BFFB185E0F36)}}, + {{UINT64_C(0x84F73C281235FF02), UINT64_C(0x82AD64D428E0D879), + UINT64_C(0x0695CF5441FEB6FC), UINT64_C(0x0D1B80F501B30F63)}, + {UINT64_C(0x14823EC46200C5FA), UINT64_C(0x55F3A7C79489B1DB), + UINT64_C(0x26DC42CAF32A660E), UINT64_C(0x9A8F9A716B59093A)}}, + {{UINT64_C(0x2A5E192AA7358CD9), UINT64_C(0xE65C68FD3920B3FB), + UINT64_C(0xCA019F567D733D8C), UINT64_C(0xEA4E59541B1F3740)}, + {UINT64_C(0xCC4019C23D2B3E78), UINT64_C(0x5C01628738246B34), + UINT64_C(0x5A2E1C763701A79C), UINT64_C(0x578D7C7744E2E24E)}}, + {{UINT64_C(0x8399142C5978E10C), UINT64_C(0xCD7AE5E6031F1DF4), + UINT64_C(0xBEA538DBAB4575BE), UINT64_C(0x327A46CAE11BFD96)}, + {UINT64_C(0xA85F0725366BF920), UINT64_C(0x42CB6DE93832FDC4), + UINT64_C(0x54FDA13EA50F7B4A), UINT64_C(0x7DAD8BF55B443C4D)}}, + {{UINT64_C(0x9A509DA001571197), UINT64_C(0x8566B4916CDAB45B), + UINT64_C(0x761CD707DA6682D0), UINT64_C(0x02BE866CAD99DFF7)}, + {UINT64_C(0xEFB393AC87328D26), UINT64_C(0x253C3F161BAE26CB), + UINT64_C(0xC2619E0A0CAC62E9), UINT64_C(0xC6F788C595BE5A85)}}, + {{UINT64_C(0xAEF4DDEB1CE167B3), UINT64_C(0x43BB8C25C91926C1), + UINT64_C(0xCAFF0648785102C6), UINT64_C(0xEAE000F94EC7D940)}, + {UINT64_C(0xD805C63CEE85E592), UINT64_C(0x20752D503CD2EBF6), + UINT64_C(0x5323BF052C0D121F), UINT64_C(0xAC71D5E4AC16F19D)}}, + {{UINT64_C(0x5E1389B6F005EE4D), UINT64_C(0xFC3F344F93E54158), + UINT64_C(0x3B5E52C6E6B37488), UINT64_C(0xB3BC46C97FB8723C)}, + {UINT64_C(0x4EF52C80E4AD666E), UINT64_C(0x9676BD485DE515BA), + UINT64_C(0x15E09BCFE4051BB8), UINT64_C(0xF493E1A8FB192FDD)}}, + {{UINT64_C(0x0D826FEB41510252), UINT64_C(0xCC030EB77340E66B), + UINT64_C(0x1FC4FA66D569D4A8), UINT64_C(0x10FFC3E6137BA31E)}, + {UINT64_C(0xD1039C86EB54E5D9), UINT64_C(0x29CB8CD8FA21D262), + UINT64_C(0x3DEFC889E4EA33CC), UINT64_C(0x0BF2C7B0F71FFB3F)}}, + {{UINT64_C(0x0582D4183856B5F6), UINT64_C(0x443C661AE4A22D22), + UINT64_C(0x49662D3B070E2575), UINT64_C(0x74958067B3E9CB59)}, + {UINT64_C(0x2CACF10A4BAA8436), UINT64_C(0x0DCB4CDA46E39579), + UINT64_C(0x3C812B6B56267016), UINT64_C(0xE63279DC96302E24)}}, + {{UINT64_C(0x5E16836958EF5133), UINT64_C(0x775F6E7E61470D73), + UINT64_C(0x704D382882AD34A0), UINT64_C(0x93B38254975ADAC7)}, + {UINT64_C(0xED368C1A00E04509), UINT64_C(0x9C7612501775C0B9), + UINT64_C(0xEDA3FA7A79CA225E), UINT64_C(0xB4C5742A571F0C77)}}, + {{UINT64_C(0xECB9D3A3B4B43FE5), UINT64_C(0x5E1FB120EC17F04E), + UINT64_C(0xE14CD21D50E18FD5), UINT64_C(0x96D0E4D7EFB7CBB0)}, + {UINT64_C(0x6114F5E9E1F2F0DC), UINT64_C(0x266DEECC1CB1664D), + UINT64_C(0x1D956E7553B6B3A5), UINT64_C(0x5926066B3FDDA52B)}}, + {{UINT64_C(0x7AF9DCE64936887C), UINT64_C(0x89F32762BC9422BC), + UINT64_C(0x0B6384DFCBC2FEB9), UINT64_C(0x077AD3F23D364641)}, + {UINT64_C(0x395E829AB087C470), UINT64_C(0xF11F265F0A57B70C), + UINT64_C(0x98ABE3C3AF1E1E65), UINT64_C(0x992AC4ED7EF88793)}}, + {{UINT64_C(0x3C996D0ED22E0631), UINT64_C(0x4A33C99C67C90FB2), + UINT64_C(0xD237AA0F69FB16D8), UINT64_C(0x50E5129E05B2F5B9)}, + {UINT64_C(0x9236537887D3A5E8), UINT64_C(0x5B8A3476C2FFA5DE), + UINT64_C(0xDAD4E0FD6E950529), UINT64_C(0xDEC58E35CE23F3FA)}}, + {{UINT64_C(0x3B8715F1A5D6631E), UINT64_C(0x0625981E50E938BD), + UINT64_C(0xFC5973DB3B117BDD), UINT64_C(0x452BF05F4D1207FB)}, + {UINT64_C(0x6264C5FB904E00BF), UINT64_C(0x15BE791B87BD746F), + UINT64_C(0xBC2E344DB71D04AE), UINT64_C(0x48EC77B6E4452259)}}, + }, + { + {{UINT64_C(0xB097726A22376827), UINT64_C(0xE6B946D4AF1BA09A), + UINT64_C(0xC023D28604CC2DAD), UINT64_C(0x4991DDAE7912926A)}, + {UINT64_C(0x564DB45EC7F90D00), UINT64_C(0xF810ACCA720DDC70), + UINT64_C(0xFF8EF73CB4F4F9E3), UINT64_C(0x4E72AB52A6474B56)}}, + {{UINT64_C(0x1AC9EDB0722E27CA), UINT64_C(0x9B55C43E2A77E573), + UINT64_C(0xE68AD58B33CF218A), UINT64_C(0xB7810094FF2682C9)}, + {UINT64_C(0x64E8CF9C108DBA84), UINT64_C(0x7904CCE9554F1C61), + UINT64_C(0x433BA21CD5494562), UINT64_C(0x0368F033E605F805)}}, + {{UINT64_C(0x93A9416E7AA43A10), UINT64_C(0x624E801373CEDB71), + UINT64_C(0x48A187592BA7B976), UINT64_C(0x9B0BEAF24BF11460)}, + {UINT64_C(0xEEFEC18B862A583D), UINT64_C(0xACB601A288CDF386), + UINT64_C(0xBBA8D65B129E050D), UINT64_C(0xB6AB21187EC732D0)}}, + {{UINT64_C(0x3CD9CF9C2C35F231), UINT64_C(0x8D89595BAAD0B513), + UINT64_C(0x90A4E9A8EE1574EC), UINT64_C(0x84DC9A3FC23311C0)}, + {UINT64_C(0x5C284CAE48599220), UINT64_C(0x17479E47824625B1), + UINT64_C(0x46A41EF7E79C5F1B), UINT64_C(0x8534BCE9195F87CB)}}, + {{UINT64_C(0x9FC7CE2225805A67), UINT64_C(0x0F13CEA9C92A9434), + UINT64_C(0xF40822FBEE6EFE7A), UINT64_C(0x07BC438F6887531C)}, + {UINT64_C(0x0F6CCD4969FA017E), UINT64_C(0x8E979E5AC28AEE92), + UINT64_C(0x36D6B03D7CF48445), UINT64_C(0xCBA8C9D7AE0B26E2)}}, + {{UINT64_C(0x4E05D13B71FFD978), UINT64_C(0x67220F5FEAE6A8A7), + UINT64_C(0x579EDFE47FE498A9), UINT64_C(0x13469C4BE866D9A1)}, + {UINT64_C(0x87C7ACA2CEC8133C), UINT64_C(0x0A0EDF37082DE8D3), + UINT64_C(0xD1E8B1531251E1CE), UINT64_C(0x9FCFF173FEFD964F)}}, + {{UINT64_C(0x938E3207F94F8735), UINT64_C(0x1B865BE5678F448C), + UINT64_C(0x831A5FE81893BE5E), UINT64_C(0xE1DC855588A6330F)}, + {UINT64_C(0x9797B27B806FD401), UINT64_C(0x894A619D3FF777E3), + UINT64_C(0x8ADEF55BFDB0CBBD), UINT64_C(0xE82537282424DEE8)}}, + {{UINT64_C(0x045B521B3AD37F5D), UINT64_C(0x1E9B89517941BC49), + UINT64_C(0xD7003802DE1940C9), UINT64_C(0x31E1701EBB046081)}, + {UINT64_C(0x44A1E14437108972), UINT64_C(0x7853DE8382ECAE12), + UINT64_C(0x1785856CE24FB978), UINT64_C(0x97C51F6EC94BBE6F)}}, + {{UINT64_C(0x7E7413C38562F55C), UINT64_C(0x43306DDD08901C7A), + UINT64_C(0xF1234C3104F2B431), UINT64_C(0x18DFEC268D2736E0)}, + {UINT64_C(0x7030FB801B7FE16D), UINT64_C(0x302C1CD9BFC4FEFE), + UINT64_C(0xF2023AE2FFBF2ABE), UINT64_C(0x66FF8497AA8C9C85)}}, + {{UINT64_C(0xACA9952297DB392F), UINT64_C(0xC7000A602368EAA0), + UINT64_C(0x41E8E4F167140277), UINT64_C(0x98A6EBCA566C7D38)}, + {UINT64_C(0x5B04290E0DED8A0A), UINT64_C(0xD38222E90E100942), + UINT64_C(0x9D1070809ED5B686), UINT64_C(0xFBBD8A0E58F2D502)}}, + {{UINT64_C(0xDEDFB3CDBE63A8D7), UINT64_C(0x0C3E84F65C46E440), + UINT64_C(0x58560A19EA88946E), UINT64_C(0xE5455AF4126D33D7)}, + {UINT64_C(0xD12198D5306B77E5), UINT64_C(0xE31EB15279412EC2), + UINT64_C(0x3FCC853BE5EE1BD9), UINT64_C(0x692465D2B238C1AE)}}, + {{UINT64_C(0x052C639429B6AB66), UINT64_C(0x1CE2B5ADC2E958AA), + UINT64_C(0x52191A428B5B9D2C), UINT64_C(0x694AD26473DA0387)}, + {UINT64_C(0x50BF347AE23BBD38), UINT64_C(0x539C49D90E0A8426), + UINT64_C(0x9963D0772CF0816E), UINT64_C(0xAA34BAE782853FB5)}}, + {{UINT64_C(0xC1611F9CFADCA93A), UINT64_C(0x9EA92C72493ED44A), + UINT64_C(0x35EB5861289A5402), UINT64_C(0x1DA553EBE3F5F444)}, + {UINT64_C(0x1E9CEAD9D9752CE7), UINT64_C(0xF277201138A940D5), + UINT64_C(0xE3A0D936A63C86EA), UINT64_C(0x6327A74A026B28F8)}}, + {{UINT64_C(0x82E76F015F27751D), UINT64_C(0x1E8AFC2239643F2A), + UINT64_C(0x74207427279BF43A), UINT64_C(0x74A3AA86967D9933)}, + {UINT64_C(0xE9A511808AF03E8D), UINT64_C(0x11A3459FC4117153), + UINT64_C(0x78A2C363F7307F0A), UINT64_C(0x53F482FC3E1DBC71)}}, + {{UINT64_C(0x1BED8CFBED63E873), UINT64_C(0xF951BE41B075EE92), + UINT64_C(0x01E2E2FDF3D7483E), UINT64_C(0xA004585892CCEEDB)}, + {UINT64_C(0xBE085F4BD7650268), UINT64_C(0x9D9C949C06F37445), + UINT64_C(0x9285C316E6638C85), UINT64_C(0x9DA46B59FEE72012)}}, + {{UINT64_C(0x3C10FDEFC7953D7A), UINT64_C(0x229FEDAA3156B224), + UINT64_C(0x3DE7DC2B8FD2A3BD), UINT64_C(0xB8DFFAA34C395FD0)}, + {UINT64_C(0x74F8C4FE43A96164), UINT64_C(0xEB08C13E3C3A22F7), + UINT64_C(0x3A41F1BA17E9ECD5), UINT64_C(0x98FC0E6E9A56B9F0)}}, + }, + { + {{UINT64_C(0xB4CBE1F9A31D9E68), UINT64_C(0x753E44AD81A39A40), + UINT64_C(0x24942A08955BBF75), UINT64_C(0x237E206F5F040B8B)}, + {UINT64_C(0x463C8A168A3E0D60), UINT64_C(0x51296C3FB66B0F39), + UINT64_C(0x1436C2E876CA47B8), UINT64_C(0x67B2DB2A4267C78E)}}, + {{UINT64_C(0x82DC87C968B5D6E5), UINT64_C(0x767AD90FC0D5B00E), + UINT64_C(0xA22FC4A2F430D85F), UINT64_C(0xF767AE2A44EDDDED)}, + {UINT64_C(0x6534930E6AA4AE2C), UINT64_C(0x0FD06A4F83835E85), + UINT64_C(0xD45FA9D45FC5DCBD), UINT64_C(0x180B43DC52E5003D)}}, + {{UINT64_C(0x8AAA5564147E2901), UINT64_C(0xF35D4745AC0BA42F), + UINT64_C(0x5369599784D90619), UINT64_C(0xD47482A0390DA26A)}, + {UINT64_C(0xCE0C2719A551B4FE), UINT64_C(0xE7A7ED5003889A62), + UINT64_C(0x28E6B681E6F268D3), UINT64_C(0x75843CC225AF46D8)}}, + {{UINT64_C(0xC415DB9E2CF3F659), UINT64_C(0xB199014D8992A840), + UINT64_C(0xC0000D26F4B0B18A), UINT64_C(0xC964B8C966E954D3)}, + {UINT64_C(0x2794CB2CEC7DA8F2), UINT64_C(0xCB22251CDC3377DC), + UINT64_C(0xF82A51C46FF18F63), UINT64_C(0x57B660EC9020BE85)}}, + {{UINT64_C(0xD7731817A4BBE4B7), UINT64_C(0x84EE0E6A5F40B3ED), + UINT64_C(0xB70FBA5F8FCADFA7), UINT64_C(0x054709DCE7152792)}, + {UINT64_C(0x3BB24B69A1228915), UINT64_C(0xCC7A1EB4FDCDFBA4), + UINT64_C(0x50E63E748F210079), UINT64_C(0xB812E59DC1E2FB3E)}}, + {{UINT64_C(0x8669273829F88B93), UINT64_C(0x0F7359BBA7C0AE0C), + UINT64_C(0x39F73CAA9184E302), UINT64_C(0x2278855450E49E86)}, + {UINT64_C(0xDBD59CDEC874D7E0), UINT64_C(0xAF483075D420FDDE), + UINT64_C(0x8950699D97C0BA77), UINT64_C(0x3590EB117E19757F)}}, + {{UINT64_C(0x54D9E0EA3B6724E1), UINT64_C(0xBC36BF06F13C9B20), + UINT64_C(0xF1E6D4702605D1E7), UINT64_C(0x9844B73D7DDFA99A)}, + {UINT64_C(0xB8B997E452ED79D6), UINT64_C(0xF89A4A377A85F0E9), + UINT64_C(0x473EA7BB15C0A1A6), UINT64_C(0xD0DC04649A03C92A)}}, + {{UINT64_C(0x2872A5B4C57210CD), UINT64_C(0xB9F47934C752F0A4), + UINT64_C(0x15706795C8C6DA09), UINT64_C(0x6164580B4C286C02)}, + {UINT64_C(0x3A4B59E02C860B9F), UINT64_C(0x19F4D685199571DC), + UINT64_C(0x29AA5C58BECF297B), UINT64_C(0x7A046A57B7768952)}}, + {{UINT64_C(0xC53EC390A007B7F4), UINT64_C(0xA521B1B61AECA631), + UINT64_C(0xA1D64AF8EDA4C81E), UINT64_C(0xA2D678FEFD63BBF2)}, + {UINT64_C(0xB96C2C129A7FB89D), UINT64_C(0x083BAE5CDE0BB7DE), + UINT64_C(0x8A97D0C4ABB2BBE3), UINT64_C(0x83C6D29FF788A09B)}}, + {{UINT64_C(0x7E923C154C26B7FD), UINT64_C(0x6AE7AD0318E96B8F), + UINT64_C(0x5B0B77BF54358A27), UINT64_C(0xFA26D2FA33696A6A)}, + {UINT64_C(0xA6CC36EF37822B46), UINT64_C(0xFEA2597686D9CA8D), + UINT64_C(0x966CB42C5BC3F869), UINT64_C(0x33E40A72F4C15C52)}}, + {{UINT64_C(0x614DFC5FABA41F41), UINT64_C(0xCAA473F2D1BDD857), + UINT64_C(0x5A0F506A5C4419B4), UINT64_C(0x40545B7D285953D1)}, + {UINT64_C(0x453857C5F5822883), UINT64_C(0xA0E5764ED32772AB), + UINT64_C(0xE8CE67A271233025), UINT64_C(0x77B626C648078BCE)}}, + {{UINT64_C(0xA58D1A72BF6BA9E8), UINT64_C(0xDBCA7B89CDEADBC2), + UINT64_C(0xFA0EB696C2CC421D), UINT64_C(0xA07BA9EA50296C01)}, + {UINT64_C(0x89FEFCDE3B26B9E9), UINT64_C(0x52699A3DFA959E64), + UINT64_C(0x3C7F218F1B0CC9FC), UINT64_C(0x36FCCCF4FA91A2D1)}}, + {{UINT64_C(0x55E430C07F74F18F), UINT64_C(0x6E30808F46F7CDD6), + UINT64_C(0xA324ABDADB12613F), UINT64_C(0xF3F24158D2C95B5D)}, + {UINT64_C(0xF8669E90B4FD892F), UINT64_C(0xDA7F50862BB07B3E), + UINT64_C(0x9F1714B6328CA4F3), UINT64_C(0x577C9BD9DCE28C82)}}, + {{UINT64_C(0x71D47A7D3CE0034B), UINT64_C(0xE3151BB5BF1F479E), + UINT64_C(0xA8560D27796951A7), UINT64_C(0x66B474189D0A0A46)}, + {UINT64_C(0x9B92865BBABCCB3A), UINT64_C(0x7C37194515060BD8), + UINT64_C(0x977626AF915FD78C), UINT64_C(0xEA45CB836E13CFB7)}}, + {{UINT64_C(0x862B5471C63D691D), UINT64_C(0x799C141E1AA121C8), + UINT64_C(0xC1D8C23B591CBDA1), UINT64_C(0x38EC077BFC7D54B4)}, + {UINT64_C(0xC6771DBBE2EE2CD6), UINT64_C(0x499B5DCB1EB976D6), + UINT64_C(0x73224683528DCC06), UINT64_C(0x66FA72A3FAD4626B)}}, + {{UINT64_C(0x46D5E2114AA8EFCF), UINT64_C(0x4687605E217E2CAE), + UINT64_C(0xFAE20BA720387543), UINT64_C(0xFA9BA7E59B0CA212)}, + {UINT64_C(0x41384EB3DF662D3D), UINT64_C(0x0604531C978AB224), + UINT64_C(0x00118E0B4D8171BA), UINT64_C(0xB12F7EAE8D58272A)}}, + }, + { + {{UINT64_C(0x51950CBB40C47099), UINT64_C(0x90AD3D8A0A9B4A87), + UINT64_C(0x544C3E23AE1EB361), UINT64_C(0x1269B5AFA18CE64F)}, + {UINT64_C(0x584BED44DA9AC0AF), UINT64_C(0xCE3BEEE93D717C65), + UINT64_C(0x63F33D45F1A3D771), UINT64_C(0x79542C046BAF45DC)}}, + {{UINT64_C(0x48B6FEAC382FB0B0), UINT64_C(0x41EC48142CBB9B65), + UINT64_C(0x9788C2DC3EF55415), UINT64_C(0x39839E637765B527)}, + {UINT64_C(0xA3EEBF02C7A481DE), UINT64_C(0x24B2923B0F4533CD), + UINT64_C(0xCADE127D734D205B), UINT64_C(0xB9E273783A82BEAD)}}, + {{UINT64_C(0xA117AC22211F2509), UINT64_C(0x2F41B55F7E6A8CC6), + UINT64_C(0x5ECCEB274EA371D8), UINT64_C(0x7189FA01D483305C)}, + {UINT64_C(0x9CEBFCC388E14674), UINT64_C(0xFDFD5A506C1620FB), + UINT64_C(0xDDFB0F802E2975CF), UINT64_C(0xC997846EA9A902D5)}}, + {{UINT64_C(0x7EBA53EB68DD3194), UINT64_C(0x905AAB30746F8AF2), + UINT64_C(0x995618F99705D86E), UINT64_C(0x7110614DDCBA13D1)}, + {UINT64_C(0xB09B660FC53F4FED), UINT64_C(0xF51C1985F13C318F), + UINT64_C(0x122B674C7C86DF88), UINT64_C(0x8FB7A0A42BCF8EC5)}}, + {{UINT64_C(0x833C2AD7535E7777), UINT64_C(0xC28AE919CECE3D05), + UINT64_C(0xBABCD3893A3EF6BD), UINT64_C(0x865BFF3BA5DFB028)}, + {UINT64_C(0xA3C2AE8437685655), UINT64_C(0xE06CAB4A9163CA7B), + UINT64_C(0xE846C1256EBB4335), UINT64_C(0x2198F30B6A728728)}}, + {{UINT64_C(0x27A81F1F6C268178), UINT64_C(0x467A376449EC264D), + UINT64_C(0x9733CBBFB12A182B), UINT64_C(0xA7E632C8FDD1455E)}, + {UINT64_C(0xE8463C5D6A61C342), UINT64_C(0xD75ADB80DF19ACE7), + UINT64_C(0x90D581FC54134C15), UINT64_C(0x42D47645478BFC4C)}}, + {{UINT64_C(0x528E2979736BFD9D), UINT64_C(0x2E2B3691BD43B9A0), + UINT64_C(0x9AF895C220C774FB), UINT64_C(0x076B26A16D7E424A)}, + {UINT64_C(0xEBF7C6C5AAD6D339), UINT64_C(0x0B0D2C07DBB7E80C), + UINT64_C(0x617D43A5C4AF6E33), UINT64_C(0x61C4DE18AF18F263)}}, + {{UINT64_C(0x68FBBED2BF11E94C), UINT64_C(0x5D9F55A42FB4B105), + UINT64_C(0xD61E63C5A30EEF14), UINT64_C(0x8E1205ACEDC00DF3)}, + {UINT64_C(0x161BD942DC17A985), UINT64_C(0x2424DEF18A9CF54F), + UINT64_C(0xE43DB8FFC4E33EF7), UINT64_C(0xD459F65DB4AC188F)}}, + {{UINT64_C(0xF09C734A135AC7BD), UINT64_C(0x7483609CA6C25AC0), + UINT64_C(0xE679619E8B4057D2), UINT64_C(0x9ED96BDC512DBBA4)}, + {UINT64_C(0xB98AC745B17642C1), UINT64_C(0x29ACACE36B062307), + UINT64_C(0x34D7B3F27D8F95F0), UINT64_C(0x5154A2E6A625176B)}}, + {{UINT64_C(0xED31862F7B63E1A5), UINT64_C(0xE6A86F3B17A13E12), + UINT64_C(0x4F81B9205B609CE8), UINT64_C(0x0A45CFA8CE25F81C)}, + {UINT64_C(0x4AA3BB5BA872E892), UINT64_C(0xC6020564A4750ABE), + UINT64_C(0x61DE3D3FE2244773), UINT64_C(0x9CC3D62710CA3FA2)}}, + {{UINT64_C(0x819A3BC799E9994A), UINT64_C(0x0F79A8D1C61C8B71), + UINT64_C(0x77A7038D935751E9), UINT64_C(0xF5DDC5CD42FC0D27)}, + {UINT64_C(0xA8771B822B2BB23B), UINT64_C(0x6E85221F2286F0F7), + UINT64_C(0xF009DFBDF1D1D3DD), UINT64_C(0xFF586AD1C9021146)}}, + {{UINT64_C(0xDD0D52B35949DFCB), UINT64_C(0x81F38318130072AF), + UINT64_C(0x8822ED39B3B4C1CA), UINT64_C(0x211ED088A66F4434)}, + {UINT64_C(0x27BE39A3C20687D2), UINT64_C(0xBB4F2228AE0945DA), + UINT64_C(0x3A50E01C512CE23F), UINT64_C(0x55D9A4D88C4FF67E)}}, + {{UINT64_C(0x04E8FBF8DD97F076), UINT64_C(0x8D419976483B4FD9), + UINT64_C(0x364DAF969CC344BA), UINT64_C(0xACB89D4B4D0BAB91)}, + {UINT64_C(0xB25952E528903B31), UINT64_C(0xC4812DFAACEA03D9), + UINT64_C(0x18A72A777F05DD9F), UINT64_C(0x0BB58AAF3EB2478B)}}, + {{UINT64_C(0xDC3784215E39F117), UINT64_C(0xD5698D4A639CEF28), + UINT64_C(0x4E870B7BE4D1143F), UINT64_C(0x70F9C856C98A9676)}, + {UINT64_C(0x6BF177247A56D720), UINT64_C(0x4F32D20F0E4247D5), + UINT64_C(0xCDDF6CAF1DC73435), UINT64_C(0x8876CEB85F927ABD)}}, + {{UINT64_C(0xF76EA7B1D57A7EE3), UINT64_C(0x99AA11D077880D2C), + UINT64_C(0xA752265D5CB4CECF), UINT64_C(0x1C77BA6CBAD097F5)}, + {UINT64_C(0x8464C1B5371DA1DE), UINT64_C(0x47092846AAEFE6D8), + UINT64_C(0x26C4A50EE05B696C), UINT64_C(0xDB16A174AE49A9D6)}}, + {{UINT64_C(0x0AED484FD7C4EA8C), UINT64_C(0x60B30298DFA66305), + UINT64_C(0x1A03DFD09B478201), UINT64_C(0xE7F87BC921FE2588)}, + {UINT64_C(0xC08F648E87150A21), UINT64_C(0x4C1ED208652D91F8), + UINT64_C(0xBFBAF51F4276A7F6), UINT64_C(0x8C66D0FFCF2D124F)}}, + }, + { + {{UINT64_C(0x8B651CE58F8CFAC9), UINT64_C(0xE7688F8881BEDA93), + UINT64_C(0xEF334FF50D656E1E), UINT64_C(0xA374D8D85EC25F80)}, + {UINT64_C(0x9E13EAE379C03819), UINT64_C(0xAF5831C18D4DAB3C), + UINT64_C(0x88DEB51DF6E90C26), UINT64_C(0x87A61F17823F5310)}}, + {{UINT64_C(0x0426236497239C58), UINT64_C(0x124DB7C09181765B), + UINT64_C(0xA7B5D21A8BDC8297), UINT64_C(0x1998F669684F23C3)}, + {UINT64_C(0xF27A606339FD52B8), UINT64_C(0xB234C77AF77C78A1), + UINT64_C(0x768C0FB078F05350), UINT64_C(0xFDD391801B5E5D18)}}, + {{UINT64_C(0xF15ADFE1951AB7AD), UINT64_C(0xD760A27091F8BE57), + UINT64_C(0x974F7ECBE2DA421E), UINT64_C(0x6B41A29883E7BBE0)}, + {UINT64_C(0xAAF40BB40467E682), UINT64_C(0x735ED4B61BF34E2D), + UINT64_C(0x8D7CEC0F40689777), UINT64_C(0xF8EF58A59A20CFB3)}}, + {{UINT64_C(0x33BE69093A134039), UINT64_C(0x84255B1DF04DD006), + UINT64_C(0xBE2DA53DFB23FDE9), UINT64_C(0xAA9227621D7272B0)}, + {UINT64_C(0x4512E3BA9D836751), UINT64_C(0xB204522CEA4D6DAD), + UINT64_C(0x87DF6050AA016939), UINT64_C(0xB90072212F7D3B93)}}, + {{UINT64_C(0x25F2A39335485CDF), UINT64_C(0xBADD4A893DD4547E), + UINT64_C(0xA1E69BDA2F69714D), UINT64_C(0xE7803AA48624204F)}, + {UINT64_C(0x187016EF19344722), UINT64_C(0xB9B81E43A10D5D54), + UINT64_C(0x85514FD9D0A58DD7), UINT64_C(0xFF291F5E939945EC)}}, + {{UINT64_C(0x098E11B1EC8630FF), UINT64_C(0xC7CB1E86B49DBF4B), + UINT64_C(0x28ACEF09C8D03872), UINT64_C(0x306CC71ED3432F5D)}, + {UINT64_C(0xAE45E3E975BE7D37), UINT64_C(0x5C20C374166FA905), + UINT64_C(0x3F31F05177FDB46D), UINT64_C(0xB9D61E480BD1DCBC)}}, + {{UINT64_C(0xF3FF066A3A7854A6), UINT64_C(0x01FDBA6379D9C31C), + UINT64_C(0x7F93EF7FCC8220E2), UINT64_C(0xA70E18F24844B55A)}, + {UINT64_C(0x3ADDF8414BC3C084), UINT64_C(0xD4405377DC378009), + UINT64_C(0xB3C0DCF6DED5EAE7), UINT64_C(0x9C8D2EE199BA8D32)}}, + {{UINT64_C(0xA2A1CA13D09D724E), UINT64_C(0x410F5C9C03C89D26), + UINT64_C(0x061A88D921497E67), UINT64_C(0xA83F216C5EEFEC86)}, + {UINT64_C(0xE3C61B9A3B0ED3BD), UINT64_C(0xA0BF9448A8B7BF87), + UINT64_C(0x4EA60D494720C8E3), UINT64_C(0xCECB54B625BF7B91)}}, + {{UINT64_C(0xC71AF8D0563BD88F), UINT64_C(0xA9A7693484BC872B), + UINT64_C(0x9C4EA6914139F60F), UINT64_C(0x14B7565C50ACBD40)}, + {UINT64_C(0x55BBE389DE1E988D), UINT64_C(0x85AB1EC0383D8F04), + UINT64_C(0x1E6FBEE647BDA26E), UINT64_C(0x1B5520CE830D04A4)}}, + {{UINT64_C(0x5EC3985B49D2ECE6), UINT64_C(0x7AE8A6647FD3A325), + UINT64_C(0xAE3CD9BB8A7B7BF0), UINT64_C(0x6D1B6C6F167B5735)}, + {UINT64_C(0x75F8E09DCBD66CFA), UINT64_C(0xFC74389B9472F6E2), + UINT64_C(0xE4C0FBCE6A605B67), UINT64_C(0xA1C9799066835600)}}, + {{UINT64_C(0xB82BA5DB37345DFF), UINT64_C(0x3FE94956A53F2F79), + UINT64_C(0x00BE25CFB05FFA72), UINT64_C(0xF32719E71839B33A)}, + {UINT64_C(0x3FB293CB92A9AA2D), UINT64_C(0x7456E8C5B0566C21), + UINT64_C(0xAB80C96CFFA49A71), UINT64_C(0x9A0CF729D2926ACA)}}, + {{UINT64_C(0x7EB98D9283EF498A), UINT64_C(0xFFB2C21208480078), + UINT64_C(0xC6343AC34F6BBBB5), UINT64_C(0x8711C0FED699167D)}, + {UINT64_C(0xA018574530B94D4E), UINT64_C(0xC960B153645A0305), + UINT64_C(0xCA2CDCA6CCF6F684), UINT64_C(0x23172462FDD84305)}}, + {{UINT64_C(0xCCE6FFAE267FEC34), UINT64_C(0x16089E751478AD32), + UINT64_C(0x0EAFE6A45FACA18F), UINT64_C(0x84C39A7E3B37922A)}, + {UINT64_C(0x06F020A5ADE43C26), UINT64_C(0xD3FDECC6F21E7A3D), + UINT64_C(0xA3B6928439DA18D6), UINT64_C(0xE0F55227797E167C)}}, + {{UINT64_C(0x60309BCA31838DB4), UINT64_C(0x10A4434ECAE99AEF), + UINT64_C(0x9323FBE32EF5BF3A), UINT64_C(0x2CA2AF365D81B491)}, + {UINT64_C(0x3B7BB0D5B1A87E49), UINT64_C(0x9F085302465B9F2B), + UINT64_C(0x857D173ED2226F46), UINT64_C(0x270806C80FD5B231)}}, + {{UINT64_C(0x19F1479729ADC92A), UINT64_C(0x95496E1D381351CA), + UINT64_C(0xFA1ED992E2C7BEF7), UINT64_C(0x1B7C0F841460A635)}, + {UINT64_C(0x24AE4082589B215F), UINT64_C(0x1CE037FEB3D41491), + UINT64_C(0x68F840AF8C11A33B), UINT64_C(0xB3454D4DC3E7D3C2)}}, + {{UINT64_C(0x1CEEB5E2FC57CE5F), UINT64_C(0x9BFC00726E556841), + UINT64_C(0x1D03E7223289795F), UINT64_C(0x0B93783B8B121FE5)}, + {UINT64_C(0xD096C7CCAB212042), UINT64_C(0x31F2E2395340E070), + UINT64_C(0x74F37C12AC6A5122), UINT64_C(0xD6F86CD5ED5EB5C6)}}, + }, + { + {{UINT64_C(0x60C5EF28A8C46E18), UINT64_C(0xBDD078523400758E), + UINT64_C(0x13C3796CC6066192), UINT64_C(0x56AC699D5C131AA2)}, + {UINT64_C(0x9EB3FA4AEC5D028C), UINT64_C(0xDBD7486C1B30F5E0), + UINT64_C(0x0929AB49A82244A3), UINT64_C(0xA6498DF131A1D3D3)}}, + {{UINT64_C(0xA24DF2F2A3FCD07D), UINT64_C(0x72C1A0E4ED81EFAF), + UINT64_C(0xD1DBF5E4D724648E), UINT64_C(0x624DDF85191CE28C)}, + {UINT64_C(0x628169F3FAC1EDFA), UINT64_C(0xE35B42A7BABD8CB9), + UINT64_C(0x658C4AA44748893D), UINT64_C(0xB68832C2FC093F18)}}, + {{UINT64_C(0xB87FBCC6B7B4AC46), UINT64_C(0x132ABB4E8527A86A), + UINT64_C(0xE78670D1BFD88B11), UINT64_C(0x4212CFAAA352932B)}, + {UINT64_C(0x83D7E5E135003688), UINT64_C(0xA7E4BA84B79FD125), + UINT64_C(0xDAD2027B919FD264), UINT64_C(0x1A98517387ADA394)}}, + {{UINT64_C(0x1F3E07177D178F3D), UINT64_C(0xB40D633302ED45AA), + UINT64_C(0x20549C3AA929F102), UINT64_C(0x8EA303CD389A6596)}, + {UINT64_C(0x7D49F30A435C0708), UINT64_C(0x72F8D34E08DF9773), + UINT64_C(0x53B95B7214840CDE), UINT64_C(0xDA217E196CB0E1FF)}}, + {{UINT64_C(0x04E4BD5AB6CDB3BB), UINT64_C(0x06864C71E9AF899A), + UINT64_C(0x65F442BA43F993CF), UINT64_C(0xCF9321AF21316E34)}, + {UINT64_C(0x6870D661F2398BD4), UINT64_C(0xDC393BB3007FE273), + UINT64_C(0x75E0F15E56270871), UINT64_C(0xB38FD2F4024F529F)}}, + {{UINT64_C(0xB6AB69BB7A77CB69), UINT64_C(0x356710DDD83A4655), + UINT64_C(0x080726AB590E5655), UINT64_C(0xB5B6E2910D39C69B)}, + {UINT64_C(0xD8CF22FEF369E23B), UINT64_C(0xAE3EAB185F1E5201), + UINT64_C(0x5C1110DBE7D09526), UINT64_C(0x34025BCB25AAB9DE)}}, + {{UINT64_C(0xF07BA22A385A47CE), UINT64_C(0xB7374A1FEF13BE2B), + UINT64_C(0xB670854413686D7C), UINT64_C(0x6DA6A6D0969123FA)}, + {UINT64_C(0x8F3E271677315C57), UINT64_C(0xE303886E66B75734), + UINT64_C(0x412C7E395FAC48BF), UINT64_C(0xE64057B0A2375284)}}, + {{UINT64_C(0xE55869ABDE75DB6F), UINT64_C(0x0502E775E2BFB67E), + UINT64_C(0x16AEA992D3BAFF50), UINT64_C(0xC2E59CE2FA5AEACB)}, + {UINT64_C(0x4A2C11B0EFE72786), UINT64_C(0xEE3E2EE7C36127CD), + UINT64_C(0xA274E02BEDD288F0), UINT64_C(0x97562DCF40280563)}}, + {{UINT64_C(0x140BA70DC99BF4EA), UINT64_C(0x3EDF7CB35FA7A58D), + UINT64_C(0xE5A0D4102BDA5832), UINT64_C(0x0EE03DC1051D41C0)}, + {UINT64_C(0xCE3E2C28E37CB7AD), UINT64_C(0x2886491A8ADFD406), + UINT64_C(0x7C40DEBCB68992CB), UINT64_C(0xC0B115B8D80D6F75)}}, + {{UINT64_C(0x16EC6C3A3A38541D), UINT64_C(0xFCBE786D39ED09F3), + UINT64_C(0xD2CD1238E12082E5), UINT64_C(0xF2AF2AC99F13CDB2)}, + {UINT64_C(0xAA7625DA601C85C5), UINT64_C(0xD4B22A2DD503B778), + UINT64_C(0x9E40E5D748515493), UINT64_C(0x52066F28CD08A785)}}, + {{UINT64_C(0x22E419872BCA2883), UINT64_C(0x1BE5512BD4029901), + UINT64_C(0xBDB94F899D808270), UINT64_C(0x9D6ACA03EBE7C2EF)}, + {UINT64_C(0x2B7366DEE0D0DE42), UINT64_C(0x0C1ADE3333A3DA60), + UINT64_C(0x8FFB5C8FB83228B3), UINT64_C(0x4A9A8BF292381C79)}}, + {{UINT64_C(0x5B04B607F599C194), UINT64_C(0xED176FD841789337), + UINT64_C(0x55D07DFC836C7384), UINT64_C(0x02EF7F8B8D16BEAB)}, + {UINT64_C(0x30E2ECFE2A2FB582), UINT64_C(0x5F85885042239D80), + UINT64_C(0x6DE69A9747311BF3), UINT64_C(0xE5035B08D6537CB4)}}, + {{UINT64_C(0xC1CDBA5DCA5D29AA), UINT64_C(0x7B3BF6D82A9C1167), + UINT64_C(0xBA44D295EB99C693), UINT64_C(0xDD8B6C90D7702F67)}, + {UINT64_C(0x1880B1D2C9020430), UINT64_C(0x9023C1A6A3CF8D35), + UINT64_C(0x3859F3983680E4BA), UINT64_C(0xA0D6D2529C13BD00)}}, + {{UINT64_C(0xA7BB8005D7FC5662), UINT64_C(0xF5D3C12BD826EAD2), + UINT64_C(0xB7EF2A4E52A7C9D3), UINT64_C(0x068A2D3E7F284391)}, + {UINT64_C(0x8B31EBCFFD32B95B), UINT64_C(0xE8A198E3AE817CBE), + UINT64_C(0x4FE885AF709622F1), UINT64_C(0x359B9BD14B85FED3)}}, + {{UINT64_C(0xB92BF25E38560DD4), UINT64_C(0x705A108AF8DBAFA4), + UINT64_C(0x21A8DCEADD457DB3), UINT64_C(0xA6B8362C31567166)}, + {UINT64_C(0x2403897CB5CC9AB3), UINT64_C(0xF6FAB3572732888B), + UINT64_C(0x098C7E036670B41F), UINT64_C(0x746557E93B7DAC32)}}, + {{UINT64_C(0xAEC530AB661AAB9C), UINT64_C(0x69E829DFC09081DB), + UINT64_C(0xEEC2A176ABD8573E), UINT64_C(0xFD66E1DCE49C7434)}, + {UINT64_C(0x7CD3374E3C3022FD), UINT64_C(0x57F4AAD9782A5EE9), + UINT64_C(0xC4895756CCF4C17C), UINT64_C(0x8C2C2238DFCF2F68)}}, + }, + { + {{UINT64_C(0xBE0B2578F8023127), UINT64_C(0xA95CCD098A8B68DE), + UINT64_C(0x0DC602351925E578), UINT64_C(0xB2153F53004FCA40)}, + {UINT64_C(0xB025456B72665F8E), UINT64_C(0xA5327909A0246BEE), + UINT64_C(0xFCFC4EF6F075A443), UINT64_C(0xB013B77BFBF58688)}}, + {{UINT64_C(0x7DC23489E31D4659), UINT64_C(0xA9E52E03CB43DB1C), + UINT64_C(0xC0EA0D9FEFFF5157), UINT64_C(0x39049EF851C0FC54)}, + {UINT64_C(0xCE36F42F87926762), UINT64_C(0x9592667ABA4686F9), + UINT64_C(0xC10AC0AF2E18E003), UINT64_C(0xD8331F211D5B8020)}}, + {{UINT64_C(0x9DA2838D27AB3B85), UINT64_C(0x28CB26B3A5619978), + UINT64_C(0x83856B951C50FC16), UINT64_C(0xFBAEFD9066B521A6)}, + {UINT64_C(0xEA3368D4B120CA34), UINT64_C(0x035416C27A2FD88D), + UINT64_C(0xC5138982682644B8), UINT64_C(0xFCAB1A3B402255F2)}}, + {{UINT64_C(0x84E0DCD6AEABBAF7), UINT64_C(0x50D114CD7CFD0130), + UINT64_C(0x08D645A7160841FC), UINT64_C(0x0B3484D484787649)}, + {UINT64_C(0x887546E0B36D4CD3), UINT64_C(0x3EA2DCBFE57D6C61), + UINT64_C(0x5AC69355CCF12537), UINT64_C(0x2C0738718D9EA7E8)}}, + {{UINT64_C(0x28FCD9B5D37D6A85), UINT64_C(0xAC6DF3753E25A01B), + UINT64_C(0x3A88D67C09581C8D), UINT64_C(0x3DE489A2C91E80C1)}, + {UINT64_C(0x6698CF2CFEF28D61), UINT64_C(0xFB519FC67EC55F12), + UINT64_C(0xBC25CC567D0A60F7), UINT64_C(0x3815B5781FC0D1EF)}}, + {{UINT64_C(0x987FBF19F6BC53D1), UINT64_C(0x463F62647640CCDC), + UINT64_C(0x906C6CA16D77F958), UINT64_C(0x401557217E034231)}, + {UINT64_C(0x6A97B3C91D5BED33), UINT64_C(0xFEDE82365523BFF1), + UINT64_C(0x5FE71BC71B99BD54), UINT64_C(0x090B2BDAEFC4797C)}}, + {{UINT64_C(0x35630AFEC5D95F3E), UINT64_C(0x90562D89D1D2C22D), + UINT64_C(0x4CE69FE4EA7241D3), UINT64_C(0xDFE26EF1C1F398F7)}, + {UINT64_C(0xA3B354054CC07AFB), UINT64_C(0xC4DC0AF8068D5928), + UINT64_C(0x35124E9D341E982C), UINT64_C(0x7BD8B508ADF07AFC)}}, + {{UINT64_C(0xC61223801BDE66EC), UINT64_C(0x0FD726077EA38576), + UINT64_C(0xE10000E4804A44E6), UINT64_C(0x89C6D7FC3607BF1B)}, + {UINT64_C(0x2444766156FBBE3C), UINT64_C(0x7A6E60BE34E83784), + UINT64_C(0x01C2E35C65AC0D58), UINT64_C(0x5EABF057F66DF727)}}, + {{UINT64_C(0xD59E953C5C36695F), UINT64_C(0xF7A62DCC1BF513D9), + UINT64_C(0x9D19C30458DC462E), UINT64_C(0x1F29B6B12287BAE1)}, + {UINT64_C(0x2897347C8EB7665A), UINT64_C(0x9E4E65123CF945FD), + UINT64_C(0x3F9D9AC2B8100515), UINT64_C(0x7F7D0BD95F3FCA4A)}}, + {{UINT64_C(0x86809C20D21CD4A1), UINT64_C(0x88D53A6935CC7D3D), + UINT64_C(0x6EA15230AEAEECF9), UINT64_C(0x5F9C845E0D4B8E41)}, + {UINT64_C(0x50150E1980012703), UINT64_C(0x2B815B54B59EECFC), + UINT64_C(0x4CF3F8085F185F6E), UINT64_C(0xC4EE564371A0DC04)}}, + {{UINT64_C(0x693E74528F6C4286), UINT64_C(0x8FE2725C588012DE), + UINT64_C(0xF20FBD9B71F135DC), UINT64_C(0x29674A5A3956BC1C)}, + {UINT64_C(0x45A6AB5507269D70), UINT64_C(0xD16E80CBB5CDD43C), + UINT64_C(0xBEEFF7F7435D1CC8), UINT64_C(0x058CEC1D16E22EC2)}}, + {{UINT64_C(0x054B3E2F620E02F4), UINT64_C(0x55B699606789F6F4), + UINT64_C(0x9C1B023DF6171139), UINT64_C(0x1D57F164FA0DF29D)}, + {UINT64_C(0x84940A21E1FCD4F4), UINT64_C(0xA72CB6BC889B6C0F), + UINT64_C(0xF6B3D64B4B0E77F6), UINT64_C(0xDF6286BF2534B793)}}, + {{UINT64_C(0xAC5731CBC4935F08), UINT64_C(0xA949F2583C04006B), + UINT64_C(0x980C9C9F136A1064), UINT64_C(0x7AAD87C0AF7448CB)}, + {UINT64_C(0xCC1DFEA22BAFC88A), UINT64_C(0x396E9BE585CA1701), + UINT64_C(0x04F4F2B3981EE32C), UINT64_C(0x07075D0F40F60D30)}}, + {{UINT64_C(0xCDC1B94DA86031B8), UINT64_C(0x84D8D43FE3B8A8CF), + UINT64_C(0xA6E1EAC79ACEBBB6), UINT64_C(0x83F89B9BE2AAEA77)}, + {UINT64_C(0x8C1BFC697A25D5C8), UINT64_C(0x0AF7DDF238CE54FD), + UINT64_C(0x6ED6B61DF2CAF5C4), UINT64_C(0xD0FC60FEE192FDE4)}}, + {{UINT64_C(0x0F14DDDAB024F605), UINT64_C(0x2A255F7A5343EE3A), + UINT64_C(0x415BE312FDD033D7), UINT64_C(0x97770222F1B98FED)}, + {UINT64_C(0x90D32B2F5ECFC5C8), UINT64_C(0xE899ADFB512231B0), + UINT64_C(0x135E299BA6C92274), UINT64_C(0xC85CDFDA39F0CEB3)}}, + {{UINT64_C(0xEBE3D2F1C786CECB), UINT64_C(0xFF6D01CDBA007DEA), + UINT64_C(0x6D79C4BA40F25660), UINT64_C(0x021A16C665C69060)}, + {UINT64_C(0xE68F7D7649BD9B07), UINT64_C(0x675A2E2C1CD0FC22), + UINT64_C(0x2FF660AA8D336524), UINT64_C(0x08F90F2067EA395A)}}, + }, + { + {{UINT64_C(0xD8C2B1740DAF895D), UINT64_C(0x73D108A66FF59370), + UINT64_C(0xFD0BFCEFFC35A5C0), UINT64_C(0xBF3C7A7E72534CB1)}, + {UINT64_C(0x87848D09214C9CFC), UINT64_C(0xADF4BB553C07F690), + UINT64_C(0x5E0AB41C85B373FD), UINT64_C(0x7D70B14681F666DA)}}, + {{UINT64_C(0x6269AEE1F02FAD0E), UINT64_C(0x40F14A5E9BE76F26), + UINT64_C(0x0F93DF26FD6CCF45), UINT64_C(0xA3AAAFC6B81BAB74)}, + {UINT64_C(0xE7871C96CC898EC4), UINT64_C(0xC8D4F25300E38C87), + UINT64_C(0x009C4B82B16ABB26), UINT64_C(0x38A2E5A6461DECCE)}}, + {{UINT64_C(0x7A50CD9E7944B90E), UINT64_C(0x42FCAA5476945527), + UINT64_C(0xC7FD69859444BB9E), UINT64_C(0x8BF279D27B2D9176)}, + {UINT64_C(0x4B9AD4E61F131F58), UINT64_C(0x65532ECAF2B71FDD), + UINT64_C(0xB8D482FB323C4EC1), UINT64_C(0x6218E700BA9A8C88)}}, + {{UINT64_C(0x1DE597A65A6FC633), UINT64_C(0x84F87C8E4BEB5087), + UINT64_C(0x3DF9A4A252FC4B5B), UINT64_C(0x3384FD69E9AF1FDF)}, + {UINT64_C(0xFD4F521FA3227E12), UINT64_C(0x7CC87430A88ED0B1), + UINT64_C(0xECBE91C0CE650F29), UINT64_C(0x7CA41CD2DE0E5CD4)}}, + {{UINT64_C(0xD290F1FD0914E73C), UINT64_C(0x0B1E3FC6F91E0416), + UINT64_C(0xD6B4A7C2C38EF29F), UINT64_C(0xF24B18770C0AB812)}, + {UINT64_C(0x90414EC2C8A065F4), UINT64_C(0x214B72B2D65763B5), + UINT64_C(0xB273FB70938FFAC7), UINT64_C(0xC69CE9888588175C)}}, + {{UINT64_C(0x2B3A731FBF58685C), UINT64_C(0x2C018AD9AAB1B7DC), + UINT64_C(0x2D1600F13315F85B), UINT64_C(0xB4AE420836D69A42)}, + {UINT64_C(0x667297F9C7915A74), UINT64_C(0x45090D46DD1460C2), + UINT64_C(0xB9995CB105BD0C15), UINT64_C(0x1C906B58A1620CDB)}}, + {{UINT64_C(0x15A6DF87A785FEED), UINT64_C(0xB64CF5035BAD4605), + UINT64_C(0xEB40AFB3DD61B060), UINT64_C(0xA677A30660FD1CBC)}, + {UINT64_C(0x936F81628B195250), UINT64_C(0x80F922551FC84A26), + UINT64_C(0xC9277E423C5EEF41), UINT64_C(0xF635F1E6B82B644E)}}, + {{UINT64_C(0x4474D8DFB1D6B229), UINT64_C(0x0902F46E5B4F742B), + UINT64_C(0x154E37F976259A3E), UINT64_C(0xF4323FD1C182C634)}, + {UINT64_C(0xA2C6D7A59B7FEC08), UINT64_C(0x7ADA35DF974A0338), + UINT64_C(0x1824ECDB747500A7), UINT64_C(0x570BC2750D79FB22)}}, + {{UINT64_C(0x61ECD53AE535C8F1), UINT64_C(0x95F720E09FBC7E57), + UINT64_C(0x9C31560EB2794F3D), UINT64_C(0x02602E06D90E834E)}, + {UINT64_C(0xEB8C3A281609F976), UINT64_C(0x3E1F77FA77B8B898), + UINT64_C(0x1296CA7B81C13275), UINT64_C(0x2FC07B718B9EA97B)}}, + {{UINT64_C(0x964B4B4B5A6594A7), UINT64_C(0x818244FBC6CBB480), + UINT64_C(0xA640926BD8501BA4), UINT64_C(0xA7D0ECCE3416BFC7)}, + {UINT64_C(0x07C6D95125373C07), UINT64_C(0x111097720BBFF1D1), + UINT64_C(0x3B9F750A80666734), UINT64_C(0xB6B6AC23DBA11EF3)}}, + {{UINT64_C(0x61FD0C30FF1C032B), UINT64_C(0x2CC7FAB30C6D90DE), + UINT64_C(0xBC0749C282C63A1F), UINT64_C(0xEC366046BF07B163)}, + {UINT64_C(0x450BA6A7D5161068), UINT64_C(0x935D8AAB7576E002), + UINT64_C(0x45FCBBD638BC740B), UINT64_C(0x47A3CDBB67A8265E)}}, + {{UINT64_C(0x2F10C602A09794ED), UINT64_C(0xE7E7218134DA9558), + UINT64_C(0x1666740525EAB8B2), UINT64_C(0x06C546654904159E)}, + {UINT64_C(0xD09DE96E9691C8C0), UINT64_C(0xEC7E4311DD106E67), + UINT64_C(0x3360EB1C9E815B70), UINT64_C(0xAADF5E76AAAE2F91)}}, + {{UINT64_C(0x533956C2509878E0), UINT64_C(0xBFC4FE09449C2742), + UINT64_C(0xE1C73A2F5F46F112), UINT64_C(0x5CE874FB6FD7DF35)}, + {UINT64_C(0x155E3C3BE44B85AB), UINT64_C(0x86117DB5E7EEF05B), + UINT64_C(0x7D8320A040D80BF7), UINT64_C(0xAA462DAFDEEBBB9C)}}, + {{UINT64_C(0x5884D29B7A4CA995), UINT64_C(0xF3B0FA46BB3FB571), + UINT64_C(0x41EF21C258DAAE35), UINT64_C(0xD990D3925EB796EE)}, + {UINT64_C(0x0ED99779C73B2170), UINT64_C(0x33859F1D0C457943), + UINT64_C(0x0D26DF31E1B9FC60), UINT64_C(0xCFAC4E7CE6516083)}}, + {{UINT64_C(0xF6179F253FC2B97D), UINT64_C(0xF17FFB38525E4654), + UINT64_C(0x422B799637EF8394), UINT64_C(0xDEABCFB31AAA1ADB)}, + {UINT64_C(0xBF8EDA3D69C1CBCB), UINT64_C(0x5EC8B947D3372892), + UINT64_C(0xD0A25581D0EC2E20), UINT64_C(0x447104C5945F570A)}}, + {{UINT64_C(0x8884DB3F2177D41C), UINT64_C(0xE36729DC4FD364BF), + UINT64_C(0x49D9DE1F7979ABD1), UINT64_C(0xCFA9D9F5C43D4B39)}, + {UINT64_C(0x459B637B2F500D7C), UINT64_C(0x7ED6031498BB12AA), + UINT64_C(0x466F3486A304C11A), UINT64_C(0x7F43082769CD5770)}}, + }, + { + {{UINT64_C(0x5E0570B6606235B2), UINT64_C(0xE340C4AE29207AF9), + UINT64_C(0xD527A2C607BDEF0D), UINT64_C(0xBB362C3DAFDF8BBA)}, + {UINT64_C(0x7B4FC2A9BD5F0BEE), UINT64_C(0x147CE7591A2956B1), + UINT64_C(0xBA7A6B7334124A7D), UINT64_C(0x3C40C279D15A2323)}}, + {{UINT64_C(0x033F132C7CCEE136), UINT64_C(0xD7D54CA5101E7655), + UINT64_C(0xAE7EDE54697B4BD0), UINT64_C(0x74DA46F914B44112)}, + {UINT64_C(0x2FC256607E4CBB3A), UINT64_C(0x3672ACD242E4CC85), + UINT64_C(0xA6660E0279C09849), UINT64_C(0x9185150C485FB022)}}, + {{UINT64_C(0x0FA5C09E956CE121), UINT64_C(0x833695BAA6E78E8B), + UINT64_C(0xCE82270FDE600687), UINT64_C(0x6E390C25AD9331C3)}, + {UINT64_C(0xB05D89DA246A3D4F), UINT64_C(0xAE711914838C1EEF), + UINT64_C(0xD8CAE58CF1D67085), UINT64_C(0x325A0777FDADE743)}}, + {{UINT64_C(0x5854321E4FA3E53A), UINT64_C(0x2763474348595CFE), + UINT64_C(0x86AD6FF764EE4CBE), UINT64_C(0xA1BA68170A265250)}, + {UINT64_C(0xD2B611926BCAE29D), UINT64_C(0x6C25BFD44E251346), + UINT64_C(0x9C3684CB2E7169AB), UINT64_C(0xD32F1F6E44563D91)}}, + {{UINT64_C(0x542CC6EE1B06F603), UINT64_C(0x639699ED08D99442), + UINT64_C(0x3E9BD04EE0650C3A), UINT64_C(0x882E3BA19E1454D5)}, + {UINT64_C(0x140A8911FCBEE463), UINT64_C(0xF3DD8BF85027A6A3), + UINT64_C(0xD78A2C36D9BC64B7), UINT64_C(0x1D84024C699B4EF7)}}, + {{UINT64_C(0x2AE948C40DD84AD7), UINT64_C(0x089E36DA906543F5), + UINT64_C(0x353CFC758E063D82), UINT64_C(0x63C085334F1290B8)}, + {UINT64_C(0xACD53165346A0166), UINT64_C(0x7E16CE42278522C8), + UINT64_C(0x94CBE8A356CE3DD5), UINT64_C(0x3454C4616E4A5A49)}}, + {{UINT64_C(0x9E30249AE02D0F81), UINT64_C(0xA4B5E0B44714BB75), + UINT64_C(0x97FD77B5A4A7E91F), UINT64_C(0xDE3FC9C6BA6BEE5C)}, + {UINT64_C(0x8841E605CBCD5591), UINT64_C(0x1E55914CE1F7C4C8), + UINT64_C(0x8435358D208C68AF), UINT64_C(0x6591DBE4CD2A63EF)}}, + {{UINT64_C(0x5AF4A5820D446BF3), UINT64_C(0x772B7FE4D7FED553), + UINT64_C(0x7FCB944E927E6152), UINT64_C(0x121D2455434D663A)}, + {UINT64_C(0x510A3C91D335D051), UINT64_C(0x500685E2C5AC34C3), + UINT64_C(0xF5884686AB79EABA), UINT64_C(0xE0E0AC1793DB2EB9)}}, + {{UINT64_C(0x449A30C39BBCF4AF), UINT64_C(0xA351F4D873F545D1), + UINT64_C(0x3FD900028D311661), UINT64_C(0x3D3185FC8B5C6A9B)}, + {UINT64_C(0x30DC70B484CB12AE), UINT64_C(0x65E74A9DA2F07CFF), + UINT64_C(0x48FF46E91B6DC753), UINT64_C(0x6EA3C4B1976DF0A5)}}, + {{UINT64_C(0xC44F2CBCF98C5FB0), UINT64_C(0x5B2738FCF6409E74), + UINT64_C(0x44002134083E8B52), UINT64_C(0x920B6AC128D0924D)}, + {UINT64_C(0x6DCE3B60D0E4320D), UINT64_C(0x682005A0B95EE657), + UINT64_C(0xDE972287ABCA92E7), UINT64_C(0x4728414A1AE0D1F7)}}, + {{UINT64_C(0x7153DCC93CEB5D8D), UINT64_C(0xBE92231A63060A1E), + UINT64_C(0x2DF4322A4F854FA2), UINT64_C(0x3615AA9011721651)}, + {UINT64_C(0x5317455907272E8B), UINT64_C(0x2CFEF4C7CA817E64), + UINT64_C(0x3AB30B8049D1B9ED), UINT64_C(0xF71202E8143286C3)}}, + {{UINT64_C(0x5A6123E62AB4C4A9), UINT64_C(0x20176A77F2CF8B8E), + UINT64_C(0x564783DF49D8917C), UINT64_C(0xA38CBD47F3E79212)}, + {UINT64_C(0x847870273D6A8DDB), UINT64_C(0x26AACCFC11DF4F04), + UINT64_C(0x33BCEB505D0457C7), UINT64_C(0x64446FD1053B19DE)}}, + {{UINT64_C(0xC23775723BDE901A), UINT64_C(0xF87D42325BAEA503), + UINT64_C(0xF4C5ABBE1E6B702B), UINT64_C(0xDDFFFB90210552AC)}, + {UINT64_C(0x0EB9543071AADFB7), UINT64_C(0xEC0AEF027AA6979E), + UINT64_C(0x652149F1F538BE05), UINT64_C(0x38371DC80CBF52F0)}}, + {{UINT64_C(0x88FE482A8A0F98DA), UINT64_C(0xA29BFE04CCF4146D), + UINT64_C(0xB87E00933C7B0FD6), UINT64_C(0x37119556510E1D15)}, + {UINT64_C(0x556C51D6CC64EC7E), UINT64_C(0x2DD0D9E182BC053C), + UINT64_C(0x1EA11FEF74471C85), UINT64_C(0xE152AAE22E35DC13)}}, + {{UINT64_C(0xE4EDD5302B3852E5), UINT64_C(0x44EC6C0CB1A5753A), + UINT64_C(0x610B98951EE345D9), UINT64_C(0x3F09D39AD7DB0E28)}, + {UINT64_C(0x624B69E8AF486DDA), UINT64_C(0x52B38B6B4290BEBD), + UINT64_C(0xD46A52E1F0BF9060), UINT64_C(0x7A5930650CF051F5)}}, + {{UINT64_C(0xCEB4D27E4C94F4C4), UINT64_C(0xCF95A4C89E129A90), + UINT64_C(0x748D454DECDF87CC), UINT64_C(0xA55829097A38BEDC)}, + {UINT64_C(0x533F5750DBF83328), UINT64_C(0x4DF3E030746B8AC2), + UINT64_C(0x6AA0948D32CCDABD), UINT64_C(0x52C1F70B9C914D38)}}, + }, + { + {{UINT64_C(0x66F8AB1F49B34898), UINT64_C(0x8ABCDB14639542C2), + UINT64_C(0x2BB1C7D369F1D26F), UINT64_C(0x5F81D57EB38A33DF)}, + {UINT64_C(0x09AC2FE3B93B7F35), UINT64_C(0x04FB8AA50495E23A), + UINT64_C(0x1EEE24AA827C7E3F), UINT64_C(0x7ABEA15264764E0F)}}, + {{UINT64_C(0x4DB17F2A4823DBF0), UINT64_C(0xE9BC82F52B5F5BCD), + UINT64_C(0xAED897506BADBB25), UINT64_C(0x6CEDFF2D7DEEE5AD)}, + {UINT64_C(0x1EF06EB64D7752CE), UINT64_C(0x2E4239E8556AE461), + UINT64_C(0xEEE4F80E1349FDF3), UINT64_C(0x73E89C3DA9607518)}}, + {{UINT64_C(0x0D26BE42CDBDFBC4), UINT64_C(0x5E163B1364FBEF92), + UINT64_C(0x17AFDAC755C795DA), UINT64_C(0x12383DDDBC47029C)}, + {UINT64_C(0x02E1BD3CAF064843), UINT64_C(0x3EBBC13B0316C320), + UINT64_C(0x9BAC1DEF5BAC1D34), UINT64_C(0xF1CD1CA611B9912E)}}, + {{UINT64_C(0xA87C4C9FD2707EF1), UINT64_C(0x4BF536D10D7467AA), + UINT64_C(0x201AAE563A266104), UINT64_C(0x2AAF44F1085F4C7D)}, + {UINT64_C(0xE1A36E3D29E9E621), UINT64_C(0x95D0C47BDD7AB915), + UINT64_C(0xC0CC48FF783A2957), UINT64_C(0x2596716003DB2DD9)}}, + {{UINT64_C(0x9DBFCB0305A1F998), UINT64_C(0xFC2540166E97F3A9), + UINT64_C(0xBB38F5CD5B951AF6), UINT64_C(0xDDB0003E9BFB2B45)}, + {UINT64_C(0x067D970C5F47A756), UINT64_C(0xA22D808A8A750D2E), + UINT64_C(0x29D1F35970C32863), UINT64_C(0x3811E6D34253EE85)}}, + {{UINT64_C(0x7F42B79B8AE4BC85), UINT64_C(0x2081C966C841CD7C), + UINT64_C(0x3A3175138A2CE9C5), UINT64_C(0x9C9200ADBF7BC5F5)}, + {UINT64_C(0xF008697C5BDA104D), UINT64_C(0x0D9DF621FE22C17C), + UINT64_C(0x390753ECF0F1779B), UINT64_C(0xB9D32AA52FAF183D)}}, + {{UINT64_C(0xEA2E107BC91511FE), UINT64_C(0x2B62D5B36736634B), + UINT64_C(0x4249D04A2A8DC042), UINT64_C(0x3C5381FA81D12613)}, + {UINT64_C(0x521113821A3A6139), UINT64_C(0x041673F26C220480), + UINT64_C(0xE60C1374A279108A), UINT64_C(0xE5B6883AD823CE13)}}, + {{UINT64_C(0x2018FB21F10D3E23), UINT64_C(0x740617E9472C577E), + UINT64_C(0x516817C1FB2BEF3D), UINT64_C(0xD3B0BCBD80DBF605)}, + {UINT64_C(0xC4AE5435930412DC), UINT64_C(0x7680C410B32FAED5), + UINT64_C(0xEE7FC6124CCE032A), UINT64_C(0x78FE72AC2A1B2DE1)}}, + {{UINT64_C(0x7F6ABF789ECE7432), UINT64_C(0xC0C93B997463BEFA), + UINT64_C(0xE7BF1FE3906623C3), UINT64_C(0x17A073236E8663B1)}, + {UINT64_C(0x2500BF81EA8D0833), UINT64_C(0xC33D8FA43BFFB9BE), + UINT64_C(0x2125DE6411C19237), UINT64_C(0x5228A0CFDC1540A5)}}, + {{UINT64_C(0x28F5D39327260AB3), UINT64_C(0x91DB0E80ABA4D4BE), + UINT64_C(0x3A59FD26D115AF4F), UINT64_C(0x84C5CD3E106E89AB)}, + {UINT64_C(0x1F2F8CA435E21615), UINT64_C(0xFD6EECF6A0C5B9C5), + UINT64_C(0x618160D7E9EA6606), UINT64_C(0xC3E1FAE6B0BDB055)}}, + {{UINT64_C(0x814219AC63FAD863), UINT64_C(0xC9CFC5D6EB4DEB74), + UINT64_C(0x757AADE698529A06), UINT64_C(0xF6A00C4ED8314984)}, + {UINT64_C(0xA32508290A6C6B62), UINT64_C(0x87B8E1AED737FB84), + UINT64_C(0xAE12680FABFAF28B), UINT64_C(0xE61C223ECBE25EAE)}}, + {{UINT64_C(0x431A2C288F06D6A7), UINT64_C(0x0EAB1B62B32DD450), + UINT64_C(0xE8E4CFEB133F6396), UINT64_C(0x7065C9CA116E5F94)}, + {UINT64_C(0xD35C445969C4A684), UINT64_C(0x3F2F9535FE0E5B68), + UINT64_C(0x1059E7BBDC1A2B11), UINT64_C(0x0F2899F6B6D255F0)}}, + {{UINT64_C(0x20042BDE59C88D6F), UINT64_C(0xBB3C7F5CA5C414E6), + UINT64_C(0x1836F262028BA468), UINT64_C(0x9B27885176E69F14)}, + {UINT64_C(0x43FABC1455033478), UINT64_C(0x20AE7F21752B768E), + UINT64_C(0x21D22D8736D0DC3C), UINT64_C(0xFC5A54146FDAAE5E)}}, + {{UINT64_C(0xD292C78E77665332), UINT64_C(0xD929C2DE15B51280), + UINT64_C(0xB88C3BE86AD007FC), UINT64_C(0xD5146B18FE1E8903)}, + {UINT64_C(0x302F5ADE46521C2D), UINT64_C(0xD968DD88114CD824), + UINT64_C(0xB7ACDCF60AE73043), UINT64_C(0xF185B8561710B41D)}}, + {{UINT64_C(0x831CDF575B0D71CA), UINT64_C(0x8B1626FBC96DFA07), + UINT64_C(0xD9124C559659A13E), UINT64_C(0x36ADFA2E1E7D7F95)}, + {UINT64_C(0xADCC82B0BD0E1914), UINT64_C(0xAC4C9A2EB7DEC54A), + UINT64_C(0xD5CA88816837C321), UINT64_C(0xA4102F0D534EA944)}}, + {{UINT64_C(0xA8C3378DBDBF158D), UINT64_C(0x3B7C68A84CD1CAC0), + UINT64_C(0x9EAB56617B309CA0), UINT64_C(0xD927A55627CED737)}, + {UINT64_C(0x68CC9E84B5EB2DFA), UINT64_C(0xA230CCC27079A2AD), + UINT64_C(0xCA2D74A4CE203091), UINT64_C(0x3DFA5881A0D8D97E)}}, + }, + { + {{UINT64_C(0xB37B0A32788DDFA9), UINT64_C(0x195E96FF22DE8830), + UINT64_C(0x6746A7A8E9970A54), UINT64_C(0xF831020432C3B8E3)}, + {UINT64_C(0x8F88C4E569D78B56), UINT64_C(0x552D969932E19CB5), + UINT64_C(0x0992234575856ADB), UINT64_C(0x8D8E9C907F98D51E)}}, + {{UINT64_C(0x9D6900342E08DA84), UINT64_C(0xF5B19B0F5910338B), + UINT64_C(0x3FC4466E1FA0BC39), UINT64_C(0xCA53DC42F1112F63)}, + {UINT64_C(0x92ACA6D663A3DC0A), UINT64_C(0x8DCEDB909419064C), + UINT64_C(0xF9FA275D3A91D432), UINT64_C(0x7E0A58C7EAA0D1D8)}}, + {{UINT64_C(0x0AD176718B8E24E8), UINT64_C(0xE32D77D002B1CEA8), + UINT64_C(0xE0D299E160BD4D38), UINT64_C(0x1BFBA2BA6C91EC2E)}, + {UINT64_C(0xC088DD8B70D20A36), UINT64_C(0xFDBF6F481229F50B), + UINT64_C(0x92C76498BE6C6296), UINT64_C(0xE683842B9DC37F91)}}, + {{UINT64_C(0xD22F6193557C6F06), UINT64_C(0x1E63AAB135632C35), + UINT64_C(0xE29BF3051937F1C0), UINT64_C(0x0B4663637A50026A)}, + {UINT64_C(0x366F11B217981C5A), UINT64_C(0xD6EE7B2F519754DC), + UINT64_C(0x5A97284A307D0E67), UINT64_C(0xA557AD4464B277A0)}}, + {{UINT64_C(0x46BD9FA7CDDA4E80), UINT64_C(0x70370D7DCBC0F2A4), + UINT64_C(0x3973FB1CEB29A60C), UINT64_C(0x7981116C6231D5C7)}, + {UINT64_C(0x85103428D602AFB6), UINT64_C(0x81F0C2085CD4AC6C), + UINT64_C(0x4F8B17D315C1B416), UINT64_C(0x44B41162AB6F98D9)}}, + {{UINT64_C(0x2453A284D07A0E64), UINT64_C(0x9213658C2CFDC2EF), + UINT64_C(0x9A244F4A9D01AD31), UINT64_C(0xC425BB80C8B15211)}, + {UINT64_C(0x9B8002CC4FA2620B), UINT64_C(0x28BBF261C7507557), + UINT64_C(0x0073DBD35C049D63), UINT64_C(0x3AB8E2B848D8B4F1)}}, + {{UINT64_C(0xCD4EA6EFE7159CF5), UINT64_C(0xC905C7D3DDA7E74A), + UINT64_C(0x404F325C9F7845C9), UINT64_C(0xDD3F6793045D2825)}, + {UINT64_C(0xA169AECAF3B8412E), UINT64_C(0xDC57CAA3D9B038DC), + UINT64_C(0xAC53FE9D0BA059D8), UINT64_C(0x417DB31D2D5104E5)}}, + {{UINT64_C(0x106CA52153D02DEC), UINT64_C(0xCC64E77F981875AA), + UINT64_C(0x9EEBC562A7DD017F), UINT64_C(0x4995637FE6B5A1B0)}, + {UINT64_C(0xB9443E490A4CA9CD), UINT64_C(0x0C2CB41C17946D86), + UINT64_C(0xD5C01D6429C7ECD1), UINT64_C(0x9B98317002F0168C)}}, + {{UINT64_C(0xD425E60CAAD33D37), UINT64_C(0x34BFA0CB5A545F6B), + UINT64_C(0x70A943BDE6535512), UINT64_C(0x18952C7621121F6D)}, + {UINT64_C(0xE6682A52EE465696), UINT64_C(0x8D0360C8E0EB00BD), + UINT64_C(0x63F1453C4A5941A8), UINT64_C(0x01E299634AF638FD)}}, + {{UINT64_C(0x53D8E1BE5DCE9965), UINT64_C(0xDB50B654DBD38FCF), + UINT64_C(0x8B20238549FC2935), UINT64_C(0x084EBA46377CBD77)}, + {UINT64_C(0x8454F7A68E09632D), UINT64_C(0x80F3A428E5758347), + UINT64_C(0x4BB18F87A9CBFCB7), UINT64_C(0xEDF2FFDCCA7C980E)}}, + {{UINT64_C(0x958562EF7DA1D450), UINT64_C(0x3169FCFD22DE90D0), + UINT64_C(0xA1E3434C77EC2951), UINT64_C(0xF39A9A6BE1BD8D64)}, + {UINT64_C(0xC920CB6AE04F79B5), UINT64_C(0x762E6FB960FF8EDF), + UINT64_C(0x83DC8BFE929A95A7), UINT64_C(0x49B513DA36B6CE1E)}}, + {{UINT64_C(0x1920558FB8A345AC), UINT64_C(0x54694F512C1DBB9D), + UINT64_C(0x18C9C4D33D0A5A7B), UINT64_C(0xA1FDBDF4BF750F4B)}, + {UINT64_C(0xD5BD6686C21A6881), UINT64_C(0xB7B0A8D9F3993386), + UINT64_C(0xD6E893DB97190F76), UINT64_C(0x4EB3572445616120)}}, + {{UINT64_C(0xB9418A3144585129), UINT64_C(0x1323C7D544CB598D), + UINT64_C(0xC8FC3C4DB70A073A), UINT64_C(0x9C4CA7D3BB93F56C)}, + {UINT64_C(0xE7CBE861ABC63C83), UINT64_C(0x818FE43F0D0A169E), + UINT64_C(0xE94DF57DC09A418C), UINT64_C(0xA008A9B1F676897A)}}, + {{UINT64_C(0x346428A4935FA41B), UINT64_C(0xC018CA23F8AEC139), + UINT64_C(0x93A6F8948BE1BE1F), UINT64_C(0xBBA1D4BE713C9374)}, + {UINT64_C(0xE8DFED9929775FEB), UINT64_C(0x1420D105EA7A5F66), + UINT64_C(0x7AAF838A94CE6E57), UINT64_C(0x36BC174531BAE62C)}}, + {{UINT64_C(0x0B1573BE96FD9F4B), UINT64_C(0x6A12D63066A9D440), + UINT64_C(0xC196F2E35D85253D), UINT64_C(0x462984EBF54C7E5C)}, + {UINT64_C(0x035AC6141D537418), UINT64_C(0x450380BDC1C6B59A), + UINT64_C(0x7DD661B382379084), UINT64_C(0x4EB1FA9ECD0C5A31)}}, + {{UINT64_C(0x6A43358DCD13CF78), UINT64_C(0xCA0F888BC239DDD9), + UINT64_C(0x3A7D6291FA0B00EE), UINT64_C(0xB1CE7548BC7D9FF1)}, + {UINT64_C(0xA53E4309F2A721D5), UINT64_C(0xC7DB97B58F9CDC30), + UINT64_C(0xAACE5A7EC41F17DC), UINT64_C(0xF1512053F88931D1)}}, + }, + { + {{UINT64_C(0x4DED7EEA33FA7CC4), UINT64_C(0x46D343384878A57E), + UINT64_C(0x3886E71D3CA03752), UINT64_C(0x89B88F81FB64FD08)}, + {UINT64_C(0x63B59D57D01CFCC7), UINT64_C(0x59B5489F92395B98), + UINT64_C(0xFAC7723385F9B49C), UINT64_C(0xFAFC41AA5278F731)}}, + {{UINT64_C(0x7A082DAB949A818A), UINT64_C(0xABEAE732DF117A78), + UINT64_C(0xAAD6B6A4125CF9D5), UINT64_C(0x6F2239AA64782727)}, + {UINT64_C(0x713D2218085F79E7), UINT64_C(0xD41F57FFAC131FAC), + UINT64_C(0x284F357AB3AE0E8A), UINT64_C(0xC0D1EDAF38DCC8D4)}}, + {{UINT64_C(0x18F3DA5C188ED232), UINT64_C(0xB29166B9FF7FD9E3), + UINT64_C(0x8E8FA01C32779105), UINT64_C(0x9658E013B914002E)}, + {UINT64_C(0xAA1687017D257E24), UINT64_C(0x6479EFB47779BCC9), + UINT64_C(0x3EF8F20AA82A8F7C), UINT64_C(0xFAEDCFF43EF2D040)}}, + {{UINT64_C(0x3702BF4CB47EDF91), UINT64_C(0x6FC20945027A8CE4), + UINT64_C(0xE91F4E6DE76DB1F6), UINT64_C(0x6763CCFFE0D006ED)}, + {UINT64_C(0x363D12447A176CF6), UINT64_C(0x6A18918E139A15B2), + UINT64_C(0x07D248433740BD53), UINT64_C(0xF46CAD7D10AEC68F)}}, + {{UINT64_C(0x8E8DAE4C6A913C0A), UINT64_C(0x387539ED324E5B39), + UINT64_C(0x1560B84BE7EDC102), UINT64_C(0x1A6215A9EC252B86)}, + {UINT64_C(0x797115A62F7E23C4), UINT64_C(0x88928A8946E24DA2), + UINT64_C(0xDFA13273FB9BC591), UINT64_C(0x800B695056E32561)}}, + {{UINT64_C(0xB77C8A95FDF8694F), UINT64_C(0xAD110D2E5A995282), + UINT64_C(0xFAF4C6F9BC415511), UINT64_C(0x1A220C942675FA98)}, + {UINT64_C(0xE9CB1C6354B7754C), UINT64_C(0xCEF19642EF991A9B), + UINT64_C(0xDAEAE2EC06DC63BB), UINT64_C(0x8ACF18A05CF25E85)}}, + {{UINT64_C(0xE80F87C8FFEB8918), UINT64_C(0x5862CE599B589283), + UINT64_C(0x9B2704615E4952C6), UINT64_C(0xB69055EF05AB0853)}, + {UINT64_C(0x3972459B2A5887C8), UINT64_C(0xE4AF5ED8DC0E50C7), + UINT64_C(0x17E44D395B95CA6F), UINT64_C(0x1E4F9EAACEB23724)}}, + {{UINT64_C(0x69B2198EA4330F18), UINT64_C(0x61F38C015394E5B5), + UINT64_C(0x62CF25BED3A4D10D), UINT64_C(0x2E8BEE45D4BB6F61)}, + {UINT64_C(0xB5C6B137A0B6DA1C), UINT64_C(0x5695722AE423AFDA), + UINT64_C(0xA94F7B52CA94A75D), UINT64_C(0x66C739E4A1A084B6)}}, + {{UINT64_C(0x21CF6FD8B99B98C4), UINT64_C(0x8864BDE5F91A9C50), + UINT64_C(0xFE8FBBDFF8A81C5E), UINT64_C(0x67D3D4176D250BDD)}, + {UINT64_C(0xFF0B4C73C9A86CB2), UINT64_C(0x9C01341A9A81720A), + UINT64_C(0x5CC5DFF1B14A52E9), UINT64_C(0x2624C4F42E81D8C1)}}, + {{UINT64_C(0x918998D3A8F231C9), UINT64_C(0x964FEB535CEE8015), + UINT64_C(0xF59DDDFFB36CFDDB), UINT64_C(0x41EC3DBAAC457ED3)}, + {UINT64_C(0x81B0708F3B92357D), UINT64_C(0xE3AA9A6BA8F69D94), + UINT64_C(0x3D644741F1B5D866), UINT64_C(0x95EFBBBC557419AB)}}, + {{UINT64_C(0x7A1CDC9F6C96935D), UINT64_C(0x9052B7F5A59AC625), + UINT64_C(0x4E577CD0FB94812A), UINT64_C(0x6F81C37C3253CDC6)}, + {UINT64_C(0xDD9D6E757ED42DF3), UINT64_C(0x29877B1C21DE354B), + UINT64_C(0x9C48562BAD9B69E0), UINT64_C(0x6B5809E3909C8729)}}, + {{UINT64_C(0x6DE41B6B3308B299), UINT64_C(0x011716BADD64B41E), + UINT64_C(0x7448EC934FD199ED), UINT64_C(0xF92A73A889A5E174)}, + {UINT64_C(0x69CBE15B2A838869), UINT64_C(0xD9D459A2604F861D), + UINT64_C(0xA975EBF361FA8614), UINT64_C(0xE919FE9FC6174AF6)}}, + {{UINT64_C(0xFA2EAFACC20EE256), UINT64_C(0xD36E0E624C165773), + UINT64_C(0x47A2BA6FED237EFC), UINT64_C(0xB1B333749AAFC2A1)}, + {UINT64_C(0x40C329B3B896E7E2), UINT64_C(0x8DBDC94EEC8258C1), + UINT64_C(0xC584DDE830C3B95C), UINT64_C(0xF778FDFE601F14F3)}}, + {{UINT64_C(0xBA9783532A91ACC0), UINT64_C(0xCF34310245907A5E), + UINT64_C(0x714C3E9D010CC756), UINT64_C(0x35B0C956A8FE987E)}, + {UINT64_C(0x32D66485C4517685), UINT64_C(0xE6BE583AD97BDDE6), + UINT64_C(0xCF90C7691F7D9B96), UINT64_C(0x601AF0E935E97010)}}, + {{UINT64_C(0x4616E5A4B33382FE), UINT64_C(0xE16A1CFF42D94635), + UINT64_C(0x4D271F625A188964), UINT64_C(0x145629F703BC3D72)}, + {UINT64_C(0x2B27031C8BF79E80), UINT64_C(0xEC11D604E0A6DEDF), + UINT64_C(0xC8787A78AFB21AD2), UINT64_C(0x0D0ED6255E318C3B)}}, + {{UINT64_C(0xAD5F5B33B76250C2), UINT64_C(0x1E3193941DA57313), + UINT64_C(0xA2664BA58E8787B3), UINT64_C(0xBBAC2F63AF812EA6)}, + {UINT64_C(0xB24A479813E77049), UINT64_C(0x6698858EE738B6FE), + UINT64_C(0x1D1EE428AD8CB572), UINT64_C(0x8D7CB09741FA28AB)}}, + }, + { + {{UINT64_C(0x196BE23C6A975D8B), UINT64_C(0x6D7848F8DE2AEF07), + UINT64_C(0x880E9C1B88971BDF), UINT64_C(0xA0B61EBF9617507C)}, + {UINT64_C(0x7881E1CCB558D193), UINT64_C(0x8E3EB39E27EFE5DB), + UINT64_C(0x78BC5008A94FBC74), UINT64_C(0x1A4B3DB705B737B4)}}, + {{UINT64_C(0xF131A5B1FA650F2E), UINT64_C(0x3CAA49A520DA5A45), + UINT64_C(0x24FED3B9C2438F2B), UINT64_C(0x2CC1DD26DA6B04EF)}, + {UINT64_C(0x2A127B3BF4E712BA), UINT64_C(0x0B70938A68312CB3), + UINT64_C(0x6AD2EA017B0FBDEE), UINT64_C(0x3ACAD928BE454E4D)}}, + {{UINT64_C(0x439EE637FF55EE27), UINT64_C(0x4582AF544197B103), + UINT64_C(0x9EB0314AA4F51DF0), UINT64_C(0xC36D22488EA0AFF9)}, + {UINT64_C(0xCED232862FB634DB), UINT64_C(0x7E6DC894717DE21D), + UINT64_C(0x26790435BDDEAA23), UINT64_C(0x85E9B4C1C60F5F3D)}}, + {{UINT64_C(0xA711EF88D5636AB2), UINT64_C(0xFFB5A3A829744971), + UINT64_C(0x771631A07367F41D), UINT64_C(0xBFB67BFA6406B576)}, + {UINT64_C(0x131D115927651342), UINT64_C(0xAC7E214A46E3F66A), + UINT64_C(0x0AAC82C63EB4550E), UINT64_C(0x8559E605223B5174)}}, + {{UINT64_C(0x2AAB71E06752E22D), UINT64_C(0x4D5F19578D49ECE1), + UINT64_C(0x0AA0EC0F6BEE4AAD), UINT64_C(0x39370E735F7CD806)}, + {UINT64_C(0x58FD71FC632CFCDD), UINT64_C(0x3D4620C7BA368B2B), + UINT64_C(0x04F4292A0D8CFEC7), UINT64_C(0x636550483958AF0F)}}, + {{UINT64_C(0x962C22EEF61E86B5), UINT64_C(0x374A3D0A8D14B7AB), + UINT64_C(0x474D0C8ACC9088B5), UINT64_C(0x860D72769410EF17)}, + {UINT64_C(0x3ECBF75E189A1251), UINT64_C(0xE84818EDE8B9B799), + UINT64_C(0xAB271286B53ECA19), UINT64_C(0x027357EC3A839B17)}}, + {{UINT64_C(0xF53ADE08CD174988), UINT64_C(0x31B0CF0A07BE5624), + UINT64_C(0xB6B01FACED030FA9), UINT64_C(0x1F5BE6BE33788DFB)}, + {UINT64_C(0x422F2D64149E8BCC), UINT64_C(0x547566E3756EBBB8), + UINT64_C(0x3DB92D1BF6901E1E), UINT64_C(0xCB4F29336A0D05BC)}}, + {{UINT64_C(0xCEC6FE54D88D80BA), UINT64_C(0xF72B99A2F46BD447), + UINT64_C(0x9257670101395763), UINT64_C(0x222E4583FCF5CB52)}, + {UINT64_C(0xE9BE9305B7A7A29C), UINT64_C(0x851409F02DE6AC68), + UINT64_C(0x356A9D64F623BF59), UINT64_C(0x728C1B45F17991C6)}}, + {{UINT64_C(0xD7178EAE76D1EE14), UINT64_C(0x97D88A40F7355B21), + UINT64_C(0x26EC5D87D8FD191B), UINT64_C(0xD03E01EC49918B3A)}, + {UINT64_C(0xF5A8C77C4C0BAB43), UINT64_C(0xE3B79537FC2F3545), + UINT64_C(0xC27E762DC8EC71B9), UINT64_C(0x1A9CB95EF590D16B)}}, + {{UINT64_C(0xEDC8E4DE3FE54A2A), UINT64_C(0x6D700BE4688FB8F5), + UINT64_C(0x7CB13770C2EE31AD), UINT64_C(0x2C397D86FCFF3124)}, + {UINT64_C(0xD776CE7DA8727AA5), UINT64_C(0x0A2AEF64BE4750B0), + UINT64_C(0x8DD7798799D9D493), UINT64_C(0x87E6A8AE1B59A777)}}, + {{UINT64_C(0xA330F53DA8B7688A), UINT64_C(0x7791F82D55FC1FBB), + UINT64_C(0x4DADF4AEE64E0212), UINT64_C(0x35CF0460D1276F1A)}, + {UINT64_C(0x30DD755B5A3A0AA3), UINT64_C(0x19F1E322BB71A09F), + UINT64_C(0xE4C403BE5F519D1D), UINT64_C(0x37BEABA502FBF0A6)}}, + {{UINT64_C(0x2213F75CFE51AC2A), UINT64_C(0xB606DBDE378BD527), + UINT64_C(0xF620FEE06A141A9F), UINT64_C(0xABC98F30315DEC75)}, + {UINT64_C(0x4319D3217886593E), UINT64_C(0x079C9A51300FD9F7), + UINT64_C(0x31AA1F50803D9A1A), UINT64_C(0x5FD612478AFC5A81)}}, + {{UINT64_C(0x286CAD1D5A7B338C), UINT64_C(0x02749FB93CACA86D), + UINT64_C(0xD22930DEBBD73DCC), UINT64_C(0x7CD84A019457DD3B)}, + {UINT64_C(0xAD12ECFE6D2AE68C), UINT64_C(0x7261B6F225AC2BF6), + UINT64_C(0x436737C0AFCD9F79), UINT64_C(0x7197970B19FD2468)}}, + {{UINT64_C(0x21D8EE084BCD5BE5), UINT64_C(0xDB783F9E1BBB4AE6), + UINT64_C(0x88A042074590DB53), UINT64_C(0x34D40BAA684FC043)}, + {UINT64_C(0x597267FC9F4E1D9C), UINT64_C(0x9AAD1E1D28C384DA), + UINT64_C(0x8A3A23E5B9959E1E), UINT64_C(0x53F744FE196A21E9)}}, + {{UINT64_C(0x07468891369A2386), UINT64_C(0xB080B9B520008208), + UINT64_C(0xD0980B3D5BE5A264), UINT64_C(0x5A2C8B0A962CC2F1)}, + {UINT64_C(0x81D30E713AA93D10), UINT64_C(0xFAD2A511D109EE0D), + UINT64_C(0x5092615F2F2A4AD7), UINT64_C(0x05F4A36A5D4B605E)}}, + {{UINT64_C(0x322C8CB1DD235E1E), UINT64_C(0x3B14C68EC8173E52), + UINT64_C(0x33636551574904E4), UINT64_C(0xB4B65763D7C2DC2D)}, + {UINT64_C(0x8B3ED18AB181A4D6), UINT64_C(0x985DDA9CBD32168E), + UINT64_C(0xA51C68AA3C87D509), UINT64_C(0xFC9F2925151E919F)}}, + }, + { + {{UINT64_C(0xF3282B6AC9740C53), UINT64_C(0x03EACC2D41DBE39F), + UINT64_C(0xE8B03A5067A8EFCD), UINT64_C(0xFFBD4DB75AE21E0C)}, + {UINT64_C(0x54CF603D44D0D734), UINT64_C(0x0F18661E6CB67A47), + UINT64_C(0x2C0FAB457B5EE4A9), UINT64_C(0x6B1E81DB39E2058D)}}, + {{UINT64_C(0x6B4B3C046DD39C2F), UINT64_C(0xFD4F3AF2855CD4DE), + UINT64_C(0xA36566B3E5A53210), UINT64_C(0x6C0673096A98E15E)}, + {UINT64_C(0x081BAAA6EE980506), UINT64_C(0x9A07BD110C6A1B26), + UINT64_C(0xD456C89E79B09922), UINT64_C(0x9B5FAB01B09F5BA1)}}, + {{UINT64_C(0xDB8ADA43E4F0A0BD), UINT64_C(0x9F6AE9013341B0BF), + UINT64_C(0x097F8BD03152A32F), UINT64_C(0xCE9B738CEEE86B2C)}, + {UINT64_C(0x64A9D62F6A823435), UINT64_C(0xB7B9B5ACF55DFA6D), + UINT64_C(0xB8C64EE283F5AF85), UINT64_C(0x7013963BC53C946C)}}, + {{UINT64_C(0x72C4F2C7B0204D46), UINT64_C(0x019118543B84BEE4), + UINT64_C(0x4EDE3A9B898A4242), UINT64_C(0x0A1364B087443AA4)}, + {UINT64_C(0x09FAB15EDA496B1C), UINT64_C(0x3566CD75886E4CE8), + UINT64_C(0x74773EE88C69ECFA), UINT64_C(0x0C86FB149063032E)}}, + {{UINT64_C(0x596E1E9784DA5F49), UINT64_C(0xBD067C91F512A6C1), + UINT64_C(0x4ED9FC16689E184C), UINT64_C(0xAE33935B0F0033D2)}, + {UINT64_C(0xEF46C76CAFF6163B), UINT64_C(0x89DAECE254F2F14D), + UINT64_C(0x6C368DE559BE0CA1), UINT64_C(0xC96802B0AF653502)}}, + {{UINT64_C(0x59B05C7EE06D0BC2), UINT64_C(0x4259B65A554C1BB8), + UINT64_C(0xC77E5958AB9123FF), UINT64_C(0x042A023B1118396B)}, + {UINT64_C(0xAAFC16A2596C9E61), UINT64_C(0x825B3A5C08E0DDCE), + UINT64_C(0x6D492C0D13C56C3F), UINT64_C(0xA01B0E4130903D53)}}, + {{UINT64_C(0x265DE72674509164), UINT64_C(0x47BD6323209F9B7E), + UINT64_C(0x4448718BE3F2D8F5), UINT64_C(0xF11AA6C9296C5422)}, + {UINT64_C(0x7E188D4D60950C0C), UINT64_C(0xFDAFC74F66FD3FD7), + UINT64_C(0x2B50D5F456CE8E07), UINT64_C(0x2FA53226F565D9DC)}}, + {{UINT64_C(0x0FAF6F5664F0F519), UINT64_C(0x88F80D33E34E3DDA), + UINT64_C(0x9EF7AFBBD74CF0F8), UINT64_C(0x060C1EE179306489)}, + {UINT64_C(0x7CE7C34FA7C588A7), UINT64_C(0x94A18D6EFBF60D92), + UINT64_C(0xD67CEFDC22D2DEC5), UINT64_C(0x48421B35A25C4F0C)}}, + {{UINT64_C(0x91025C937F7E1D5C), UINT64_C(0x8F6EFE67F030099B), + UINT64_C(0x7A360F1C7C4C442E), UINT64_C(0xAC6B90FFFA52F273)}, + {UINT64_C(0xADEC831E667D95EA), UINT64_C(0x29DED36C73603FB1), + UINT64_C(0x538FE859853BB106), UINT64_C(0x74524D8AFA2EC509)}}, + {{UINT64_C(0xB0945F3945925E45), UINT64_C(0x5DECE13D93F17FCB), + UINT64_C(0x59A4346A0AB7B02F), UINT64_C(0x6E470D8DA2E0C98D)}, + {UINT64_C(0x8DE38B518E92CC1E), UINT64_C(0x5366CDC47CD7D795), + UINT64_C(0xE6F089FE982B363F), UINT64_C(0xBFFB066F9A6947F4)}}, + {{UINT64_C(0x6D0C7B993578E862), UINT64_C(0x7FE464A5E29CAC22), + UINT64_C(0x7C4E323F8DE63C1A), UINT64_C(0xC39E5F1DCE013027)}, + {UINT64_C(0x680BF3EBE2A7EE81), UINT64_C(0xD8AC01194B00806B), + UINT64_C(0x88E1C9326D530B42), UINT64_C(0x027392E8DEDEEE21)}}, + {{UINT64_C(0x223A01C74658BDD2), UINT64_C(0x78257A90CC0B0CDE), + UINT64_C(0x542D429CFBA816F6), UINT64_C(0x1A89D1AFDBA885FF)}, + {UINT64_C(0x23E49B0384CDF649), UINT64_C(0x46434EF3B37CBF07), + UINT64_C(0x6033213F80E368E9), UINT64_C(0x2A6ABF71A99062E3)}}, + {{UINT64_C(0x0EB5F18A3284CBD6), UINT64_C(0xDE3CB9F16E82E3A4), + UINT64_C(0x7120C85DF2C11BC6), UINT64_C(0xE80C497EEB4B1180)}, + {UINT64_C(0x8748EF50F1BE002B), UINT64_C(0x625C11CE5637198E), + UINT64_C(0x00A11D3873C57DF7), UINT64_C(0xD56A2129C32F91AA)}}, + {{UINT64_C(0x7B3B197F7C33925A), UINT64_C(0x74ED66DAF25ADCFE), + UINT64_C(0x4502A03FE01B9050), UINT64_C(0x1AC895BA9EB8FF43)}, + {UINT64_C(0x4276D6DEB1CDB86B), UINT64_C(0xEBBED54D1B4FF068), + UINT64_C(0xD65E4097749F2E4D), UINT64_C(0x96661A7BFBD04F87)}}, + {{UINT64_C(0xC505AE8768358FC9), UINT64_C(0xA9EE67DF23A92299), + UINT64_C(0x488D60564844E0BD), UINT64_C(0x31EC3CEE0D6D2D87)}, + {UINT64_C(0x9AC30A03BF0EEBAF), UINT64_C(0x7069C7397FAB562C), + UINT64_C(0x9C8BA57F91037E54), UINT64_C(0x598D3F5EDF2301A0)}}, + {{UINT64_C(0xCA456B28B5803441), UINT64_C(0x9DBF63925F1AF025), + UINT64_C(0x003984FA03B66AFA), UINT64_C(0xA5268F77005A634D)}, + {UINT64_C(0xC36FC8C521DCE747), UINT64_C(0xD9CDDD6263D1D105), + UINT64_C(0xF7D46E50DB78FC65), UINT64_C(0x45E8091E00EC2A7F)}}, + }, + { + {{UINT64_C(0xC75F9DF61A89F319), UINT64_C(0x07FDF0458DB72E5B), + UINT64_C(0xC1545DEB23496830), UINT64_C(0x803233B474F901C9)}, + {UINT64_C(0xB2F97BE80384551A), UINT64_C(0x39BC7F2B6B2116A1), + UINT64_C(0xF7F04C199421E72F), UINT64_C(0x76B396B1EB78BEA3)}}, + {{UINT64_C(0xDBEED2EE54A54506), UINT64_C(0x1CC37B4AED654872), + UINT64_C(0xCABDE41C05725001), UINT64_C(0x07998D888E15FF9D)}, + {UINT64_C(0x4A7EE1B54C8EA30F), UINT64_C(0x35B50E88C81206A0), + UINT64_C(0xC8D752C148D21BB4), UINT64_C(0xE2DD8EBB054153BF)}}, + {{UINT64_C(0x3FDA8BF81A6E9ECB), UINT64_C(0xE8B7627B8C8AFEB4), + UINT64_C(0x4F3738BD352045AB), UINT64_C(0xBA146059883837AF)}, + {UINT64_C(0xCCA601548A65C868), UINT64_C(0x98AA1B1C5C236043), + UINT64_C(0xE86B595E1753BE75), UINT64_C(0x17860787DF64426A)}}, + {{UINT64_C(0x5DA07C157BB4C52F), UINT64_C(0x1F3C67520970789B), + UINT64_C(0x18E074BF99D8F959), UINT64_C(0x93C81FA3FCCAAC3E)}, + {UINT64_C(0xF9A197DA9503412A), UINT64_C(0x62455A7601155A83), + UINT64_C(0x9392808B994227B2), UINT64_C(0x1E9928DB8301D617)}}, + {{UINT64_C(0xCEFE14077B2D98BB), UINT64_C(0x00E0E4B01CFE8F0C), + UINT64_C(0x66442EF765C29E1E), UINT64_C(0x75C83934F80D6E95)}, + {UINT64_C(0x68DAD1167AD1E682), UINT64_C(0xCF2FF1950FBD8665), + UINT64_C(0x1CB46859C17AAAC5), UINT64_C(0xCEA040F64EC1B813)}}, + {{UINT64_C(0x90AD76B99F74F401), UINT64_C(0x068EB7B6018A2A87), + UINT64_C(0xB306DF7AEA441683), UINT64_C(0x898F94FFFA440F23)}, + {UINT64_C(0xB44B6AD20B95C15A), UINT64_C(0xD2EF1F05A6723374), + UINT64_C(0xCA8437B8BC2F82CF), UINT64_C(0x83E415954587BEBA)}}, + {{UINT64_C(0x97F97295D300E8A6), UINT64_C(0x284693B1E37011A7), + UINT64_C(0x0B6BC62EC40D4060), UINT64_C(0x9D63CA238CDBE471)}, + {UINT64_C(0x88205EE29C012014), UINT64_C(0xA1D127308CC90A4D), + UINT64_C(0xF00D10685B20ACB8), UINT64_C(0x12042EEC6BC43C57)}}, + {{UINT64_C(0xADECFE9AFAE1979A), UINT64_C(0xA29C402D62B16C81), + UINT64_C(0xEEDCC83DDA57B92E), UINT64_C(0x33A0ECA5650FE00D)}, + {UINT64_C(0x64CE5337494A141A), UINT64_C(0xCD127AF489A596E4), + UINT64_C(0x6C2CE6D846FBD62A), UINT64_C(0x72859DAA94C1012B)}}, + {{UINT64_C(0x6C1CC682300867C3), UINT64_C(0x46504A32E87D1615), + UINT64_C(0x9E98E43E4D83DEC3), UINT64_C(0x54DA927BE6266560)}, + {UINT64_C(0x0F9AD8850F7772FB), UINT64_C(0x8D1CCF81A2BECB7B), + UINT64_C(0x01F37FD6BB2E1BFA), UINT64_C(0xE6760BBE7D74C205)}}, + {{UINT64_C(0x5517CBEA8A192792), UINT64_C(0xFBF3C6D733273AFA), + UINT64_C(0xC38039D7227D96E4), UINT64_C(0x6B3D1A9F13B739F8)}, + {UINT64_C(0x61D95C7EDBE84961), UINT64_C(0x2D7E3A58747DDE9E), + UINT64_C(0x96B99A0FF914F81D), UINT64_C(0xB0A87440907B3729)}}, + {{UINT64_C(0x78C6727A48FE346C), UINT64_C(0xBEE3EC2FD94CF310), + UINT64_C(0x5DE8E89BE69AD258), UINT64_C(0x4389160AFE898C26)}, + {UINT64_C(0xB0A1DFCB8B5BD153), UINT64_C(0x67DD64E91FC605E6), + UINT64_C(0x5511E4403AD3136F), UINT64_C(0xD257345D35D39A12)}}, + {{UINT64_C(0x6181A1CEC04E4811), UINT64_C(0x941D1B04097F8928), + UINT64_C(0x58B1C5E37A96B1A6), UINT64_C(0xAD94582FD4FBBAD0)}, + {UINT64_C(0x7FD2F309E3AEB124), UINT64_C(0xE203A55DCEA9E4A7), + UINT64_C(0x66C920034C56FF29), UINT64_C(0x1861906D1547355C)}}, + {{UINT64_C(0xCD57FAB1506A1CE0), UINT64_C(0xBD704DDC83A57E67), + UINT64_C(0x9822FD56DF9EDFD2), UINT64_C(0x644B126B3EBCBFF8)}, + {UINT64_C(0x19009A8919767FD0), UINT64_C(0xB18223B09254AD9B), + UINT64_C(0x4D500CA26CAA9857), UINT64_C(0x6A71F10FFC569217)}}, + {{UINT64_C(0x30401E62EBD43FD8), UINT64_C(0xF52372012483A619), + UINT64_C(0x58CC6CD1FEA606B1), UINT64_C(0xB68CA5B4ECABE66B)}, + {UINT64_C(0xFD0DDAB5E3BCD3B9), UINT64_C(0x21549FF1F52E352C), + UINT64_C(0x836210CC8729D91B), UINT64_C(0x7DD631E6D50CCE7C)}}, + {{UINT64_C(0x04A04A93C5777E0A), UINT64_C(0x72789D966BA31B9F), + UINT64_C(0x5E180A04C745FC04), UINT64_C(0x6345425E8042A5AB)}, + {UINT64_C(0xF9387C151FCEFDC7), UINT64_C(0xADC85A6D44F9BEE7), + UINT64_C(0x2C52C5152A370E54), UINT64_C(0x9AB0CE96CCBA3B50)}}, + {{UINT64_C(0x49FA64B98DDB0823), UINT64_C(0x766A17D1C8EEA5D8), + UINT64_C(0xB6C8DCDBF886F4E0), UINT64_C(0x02FAFE378E997669)}, + {UINT64_C(0x1C47F9781AD443EF), UINT64_C(0x74560B801852F5DC), + UINT64_C(0x3FB410A9F84CB4A4), UINT64_C(0x9B12FAD7BA9AA688)}}, + }, + { + {{UINT64_C(0x816A7516053928D8), UINT64_C(0x7E94F13642AE7264), + UINT64_C(0x23232C2FCE07CE23), UINT64_C(0x01E4A0F24817D6EC)}, + {UINT64_C(0x441A9B63CC20AD14), UINT64_C(0xFB48322F0D21ECEE), + UINT64_C(0x3731DA85E18282F9), UINT64_C(0xC8B9BCE3BEBAC026)}}, + {{UINT64_C(0x02504FE7864C3071), UINT64_C(0x36F81F1A605CFDA0), + UINT64_C(0x24E29169BC696D66), UINT64_C(0xA5825793CAE8BFE3)}, + {UINT64_C(0xA83C143111284998), UINT64_C(0x65C63D28664B7288), + UINT64_C(0x27886C93F3D9324B), UINT64_C(0xC1113DF3543E57E3)}}, + {{UINT64_C(0x67D17CB67C6BCD50), UINT64_C(0x53D2035ED22AFA9D), + UINT64_C(0xE090F72FAD10C93F), UINT64_C(0x3FE3363EFF7177C5)}, + {UINT64_C(0x4BCA027BC9EABC39), UINT64_C(0x6CD8125D3772AA3B), + UINT64_C(0xDDECB4FF33BEB0CC), UINT64_C(0x93106DBB48DBCA34)}}, + {{UINT64_C(0x5D4AD42D03333E51), UINT64_C(0x91AE8BFF18AC0012), + UINT64_C(0x372A18962547848D), UINT64_C(0x9674B667F66137E4)}, + {UINT64_C(0xEB99077099DA2E79), UINT64_C(0x895B9A5230AEC97A), + UINT64_C(0x0AAB007D12360E0B), UINT64_C(0x4BB34E4A65466CC1)}}, + {{UINT64_C(0x6355232F358F2214), UINT64_C(0x4D2E16E87A68B1AF), + UINT64_C(0xFA1C0EE436FCA6BB), UINT64_C(0xC72D46C03F86774C)}, + {UINT64_C(0x1A7C248EF43B746E), UINT64_C(0x9E6BDA4C8CE45BC2), + UINT64_C(0x5D034C385F1B337E), UINT64_C(0xE409C5B3839736DE)}}, + {{UINT64_C(0xC2DFE29D45CBF3CD), UINT64_C(0xA89376E9EF2D2092), + UINT64_C(0x383BFEE10C966D8C), UINT64_C(0xC0565256C007FB2F)}, + {UINT64_C(0xD301E3715FE005A0), UINT64_C(0x964EF9ABB1E72BEE), + UINT64_C(0xC94ED7D4CF2D4524), UINT64_C(0xB06A72DC76F3EAB9)}}, + {{UINT64_C(0x4A3982DE76D1CDC3), UINT64_C(0x0229EC30B2B7C677), + UINT64_C(0x5BAE8379EABDA9E6), UINT64_C(0x8C2E812D3CA82336)}, + {UINT64_C(0xA545EB612141B693), UINT64_C(0x499D3300250B6C43), + UINT64_C(0x92E773D3448E4754), UINT64_C(0x92B8B5F0865B3E06)}}, + {{UINT64_C(0x2574779D38815ECE), UINT64_C(0xCB2740A851C44C46), + UINT64_C(0xBA413FE7ED7A76FF), UINT64_C(0xB9EAB0D8BF0AE035)}, + {UINT64_C(0xA811CED032BDF3A4), UINT64_C(0x6AD5D11674CFAFA7), + UINT64_C(0x880F52A6BDEB82AA), UINT64_C(0x1231D57BEC63B3AD)}}, + {{UINT64_C(0x6583C596BB91BA25), UINT64_C(0x269ED1FC14E678E0), + UINT64_C(0x214E210EA8904C0A), UINT64_C(0xBE23E1166AD1F785)}, + {UINT64_C(0x8143EF6FAB28376F), UINT64_C(0x743853FC11C07B30), + UINT64_C(0x0727BA0505BCB66B), UINT64_C(0xFE0967AEFA2E3FE3)}}, + {{UINT64_C(0x826239CCEE85640C), UINT64_C(0xABA664E56A040D08), + UINT64_C(0xDA0802DBDF4B45E3), UINT64_C(0x017AD4C2F7D6F8A5)}, + {UINT64_C(0x03C768422BEE4F1F), UINT64_C(0xF931B27466990EBA), + UINT64_C(0xBD8E479B5492C621), UINT64_C(0x8441E24ED6D6724D)}}, + {{UINT64_C(0x7F959A76BAF86242), UINT64_C(0x11C9C2DA02C116BC), + UINT64_C(0x423EF58B53D9EAFA), UINT64_C(0x4E44134EB6CF05E8)}, + {UINT64_C(0xB4361DB0C2BDD9B5), UINT64_C(0x8A4C39AB8A96C7C3), + UINT64_C(0x15F01C4CB8CC028C), UINT64_C(0xA88E5E23028EDEED)}}, + {{UINT64_C(0x933765CB99CD2B22), UINT64_C(0x4BD2D11C7E1C3D02), + UINT64_C(0x0EF8454F305F9FEE), UINT64_C(0x21AAA582C96C8F5D)}, + {UINT64_C(0x7F08CB99301A9C6F), UINT64_C(0xAF17D6A088BEDA03), + UINT64_C(0x91F0C23664C1B3A7), UINT64_C(0x684D990970417706)}}, + {{UINT64_C(0x265DB2AB34EF4348), UINT64_C(0x58E6244997E2A4B7), + UINT64_C(0xBA525AF50CFEB464), UINT64_C(0xDE18E1B8FB1D7EA5)}, + {UINT64_C(0x4DF8E48BD7F49C81), UINT64_C(0x8B6B5966A69B1527), + UINT64_C(0x5B836D250E6DCE29), UINT64_C(0x751C064A71653514)}}, + {{UINT64_C(0xA9999D365A1F5F71), UINT64_C(0x82F5FB2D5313814D), + UINT64_C(0x466E8A0A381F39C0), UINT64_C(0x69E74F5C654C305A)}, + {UINT64_C(0x59E6B68D293B7B3E), UINT64_C(0xC7F44D230009EF15), + UINT64_C(0xC02830CCC8780FE7), UINT64_C(0xDC292106F007EC91)}}, + {{UINT64_C(0x955F5DE79C05E45F), UINT64_C(0xEA59D59B68123DBF), + UINT64_C(0x3DC255C8F52733AF), UINT64_C(0xF7A68E0992A6D8D2)}, + {UINT64_C(0x758A4A062ABCDAFD), UINT64_C(0x5127D614A0251632), + UINT64_C(0x492910E84AAE66AD), UINT64_C(0x733A32904D284998)}}, + {{UINT64_C(0x3449946A64321A5C), UINT64_C(0x793F0A4986A54655), + UINT64_C(0x71A6DDEFF100BEEB), UINT64_C(0xDB34CD6330BEAEB1)}, + {UINT64_C(0xB6039443CCA6D9AF), UINT64_C(0xBFA8698D67FF53B9), + UINT64_C(0xC94EC41BB6653DF0), UINT64_C(0x6BE4B4E9EBB9B2A7)}}, + }, + { + {{UINT64_C(0x4CE5F7DFBE92A7B3), UINT64_C(0x47B3AE5B73B3343E), + UINT64_C(0x50F4F84E5B420387), UINT64_C(0x9F0AB1F288310928)}, + {UINT64_C(0x74EBB140B12D1D1C), UINT64_C(0x0AE6CEDD31AC2CBA), + UINT64_C(0x32723384C21BDD1E), UINT64_C(0x6F96281AD5C6C2CA)}}, + {{UINT64_C(0x6803BFA3DCD19554), UINT64_C(0x4234C6C0BF57CDB0), + UINT64_C(0xC945EC0C997D12FE), UINT64_C(0xA17EDB0E9C54DA30)}, + {UINT64_C(0x5CC6EF69FC237636), UINT64_C(0xE62BA95836B02A53), + UINT64_C(0x4432E65A132E449A), UINT64_C(0xECFF6FE025C1D9FC)}}, + {{UINT64_C(0xE810F115A340AF20), UINT64_C(0x43BFBA7D89260E53), + UINT64_C(0x0476496EE1E0F019), UINT64_C(0xA348F9D5D2180FD0)}, + {UINT64_C(0x0DD877A0AAA7D4AC), UINT64_C(0xD423CC00F2FDFF1B), + UINT64_C(0xE389D8F487FA9CA9), UINT64_C(0xB7632E789B779EEB)}}, + {{UINT64_C(0xFA966958C2BEEEAA), UINT64_C(0x0C86AEBB7DCA9EAB), + UINT64_C(0xF9FE0D01DEC1E2ED), UINT64_C(0x52B056F464A2C031)}, + {UINT64_C(0xEF9C4FCA3265FEF6), UINT64_C(0x2B72B0CD399397BB), + UINT64_C(0xAEBAB534BDF4F8DA), UINT64_C(0xFE2FF212D912B515)}}, + {{UINT64_C(0x9ADB8E39B490B135), UINT64_C(0x3385307CD6225D98), + UINT64_C(0xF6321E232D072108), UINT64_C(0xC601DCFA58541EE0)}, + {UINT64_C(0xA2C38FE7F3D24845), UINT64_C(0x4557C44DD9965A2A), + UINT64_C(0xFBD66B3745EB8668), UINT64_C(0x9D8EFD41929B4677)}}, + {{UINT64_C(0x979305E8E024336C), UINT64_C(0xAC7AA44C972119E1), + UINT64_C(0x8D836F4945B83078), UINT64_C(0x25A9109C4EDEFC45)}, + {UINT64_C(0x3A257A862A833E9B), UINT64_C(0x55C65B049A5ADEED), + UINT64_C(0xDF61CB751F0319D5), UINT64_C(0x1CC7716B72226D0E)}}, + {{UINT64_C(0x8AE22D4304403982), UINT64_C(0xFA823FF4D536FAD4), + UINT64_C(0xB48754F6900C62A8), UINT64_C(0xDD769A75D83BEDF6)}, + {UINT64_C(0x12C896B1F594EB9F), UINT64_C(0xC4059242501F6C2E), + UINT64_C(0xC70706002B3B5866), UINT64_C(0xB8816C0D61F47FDC)}}, + {{UINT64_C(0xD07BBC7415C01622), UINT64_C(0x2A1B8C7E700F7410), + UINT64_C(0x03288C225E26F445), UINT64_C(0x9F677C264C981A6C)}, + {UINT64_C(0x529AD175DC6B7767), UINT64_C(0x331B6FBB0CB6A4DB), + UINT64_C(0x74759CEA5518C5BB), UINT64_C(0xF531DDCC03FF7788)}}, + {{UINT64_C(0xC4D32F4123DB5B38), UINT64_C(0xD2FA53296F71CBD5), + UINT64_C(0x9611DCFBDA2AC80F), UINT64_C(0x30A24F0CC6CF8C94)}, + {UINT64_C(0x8FD5FA0CE9A95532), UINT64_C(0xAA32B969A63B1B27), + UINT64_C(0xF3851092FEAC9175), UINT64_C(0xA455A54CDA6E2F94)}}, + {{UINT64_C(0xDBB4F9FB965A1AFF), UINT64_C(0x6E1B708EFF03B9E8), + UINT64_C(0xE5F36ACF04EB7663), UINT64_C(0xD64A63B61332DCFF)}, + {UINT64_C(0x52CCA410C6F1A8AE), UINT64_C(0x5F45F0BC2D7676EE), + UINT64_C(0xA6A792E9DF0282DF), UINT64_C(0x587B41DDB0E40316)}}, + {{UINT64_C(0xED42BD649B222927), UINT64_C(0x6E23C0602C91203F), + UINT64_C(0xA86A0916C804758B), UINT64_C(0x411CEE95DD6CADE2)}, + {UINT64_C(0x79F9A76F6059064D), UINT64_C(0x516D7B8F4A07B3C2), + UINT64_C(0xB7638FA1CB58546F), UINT64_C(0x6626B2D934ECDE60)}}, + {{UINT64_C(0x55E9DAFC9CEA2617), UINT64_C(0x82E8D71E3C2AC4CE), + UINT64_C(0x8326671DEB9E419B), UINT64_C(0x24AD6DD4A62A48D2)}, + {UINT64_C(0xA3B2ED2F3EA12497), UINT64_C(0x0159163CD04EDCD4), + UINT64_C(0xFAA67F4E5DB42F26), UINT64_C(0x17E1CB5092CAEA4C)}}, + {{UINT64_C(0x62177B8EC82FF816), UINT64_C(0x550111C02A2F7265), + UINT64_C(0x25CF45BD49D34F40), UINT64_C(0x1C1A0B4F57832334)}, + {UINT64_C(0xDEC3A3B390C2E339), UINT64_C(0xCFC2903D23C74EF6), + UINT64_C(0x7F078C9C03C85027), UINT64_C(0x436F30B794AA3A80)}}, + {{UINT64_C(0x2B92532AE36F6ED3), UINT64_C(0x14C9A3C887739ADD), + UINT64_C(0x6EED15740F52D2AB), UINT64_C(0x45C0F627312A8650)}, + {UINT64_C(0x70799C9A4D38BAC6), UINT64_C(0x1BE85B454F27AFF3), + UINT64_C(0xB7924C27B10F8C5A), UINT64_C(0x41B183BC09445274)}}, + {{UINT64_C(0xFB43861B47A7CEF9), UINT64_C(0x5CED698B815700C8), + UINT64_C(0x4BA42EFAD84843DF), UINT64_C(0xB7A161DC01E5B054)}, + {UINT64_C(0x06E032BC769CB44E), UINT64_C(0xAB2A6C1C8FE85B83), + UINT64_C(0x6E3F76D63ED6FEFD), UINT64_C(0x83BC5A77E3D9A9A6)}}, + {{UINT64_C(0x840A1A7C519B675E), UINT64_C(0x1A23B1D060114A86), + UINT64_C(0xA70D4CD9A6D35165), UINT64_C(0xB85A7A02DD15BC09)}, + {UINT64_C(0xBB16DFAC2B90CBAE), UINT64_C(0x0D79D662D0B88998), + UINT64_C(0x260315664C837446), UINT64_C(0x84F813BEC676563A)}}, + }, + { + {{UINT64_C(0xB924C20953187AA5), UINT64_C(0xF48B71BE71FEF056), + UINT64_C(0x6DBE2BB164D96D4E), UINT64_C(0x39431F9DD6243D76)}, + {UINT64_C(0xA16AD31970B0FB54), UINT64_C(0xE0DBFA7E24947691), + UINT64_C(0x79F5E35026FA488C), UINT64_C(0x1D4BEF31CB7BBFC3)}}, + {{UINT64_C(0x98D1D434BA302229), UINT64_C(0xD69B84D54752FC22), + UINT64_C(0xDF64ABABFC89B366), UINT64_C(0xCAD34A781FFA5A86)}, + {UINT64_C(0xCB182EF789FECF33), UINT64_C(0xF584EAC7FAD468FE), + UINT64_C(0xBCE50A6712192DF7), UINT64_C(0xA0AF7E142C674C0A)}}, + {{UINT64_C(0x106F6C92E971F03A), UINT64_C(0x3EF76714A0AF9DE2), + UINT64_C(0xD7C94C188A56A600), UINT64_C(0x148C3372113024CB)}, + {UINT64_C(0xC4414B8C4F1E0045), UINT64_C(0x484368DF3C5940E0), + UINT64_C(0x4BE4C59140059400), UINT64_C(0x08C18D1E98567A3B)}}, + {{UINT64_C(0x9BAB9F99F565667D), UINT64_C(0x8CB455F8BA6012C9), + UINT64_C(0x5893806F8C99D3D3), UINT64_C(0x86AC6780C225BFA6)}, + {UINT64_C(0xD2597A5525EBC23B), UINT64_C(0x0E4756CB67774D0D), + UINT64_C(0xD9ECE566324AC4F8), UINT64_C(0x7306D3FD2D44D0C4)}}, + {{UINT64_C(0x0E4F08E3E864ADB2), UINT64_C(0x0CB289B7506E31AF), + UINT64_C(0x3156CE7D3064914D), UINT64_C(0x19BC75164312B695)}, + {UINT64_C(0xA32FF9A5F3F92668), UINT64_C(0x27FACBE7F7218000), + UINT64_C(0x94256A4EF160AE6D), UINT64_C(0x370001D82B29FDCF)}}, + {{UINT64_C(0x4C5F282CC741D5E4), UINT64_C(0x57FABB116DE92087), + UINT64_C(0x700C9AE0454817CB), UINT64_C(0xFE69F411C89C9396)}, + {UINT64_C(0x58E3C9A3B5A7D681), UINT64_C(0x470A772246861C6D), + UINT64_C(0xEC768AB309F109BF), UINT64_C(0x942C6E94C437ED33)}}, + {{UINT64_C(0xF1147AEB66CC5844), UINT64_C(0x63613B08E98E6D2A), + UINT64_C(0x116A90B2603AB32D), UINT64_C(0x4EC010B0C8BFE3F9)}, + {UINT64_C(0x0C777B8F6ADE25FE), UINT64_C(0x001D4EAA9CE22D89), + UINT64_C(0x6DB9CCB744AC47C8), UINT64_C(0x6F302A544EC30B46)}}, + {{UINT64_C(0x0D3570F045BD06FF), UINT64_C(0x801DC94931CD21E4), + UINT64_C(0xA41E24125415144F), UINT64_C(0xBAE09CA9ECE94C65)}, + {UINT64_C(0x4260198E2F97570E), UINT64_C(0xA259AFD2F46490F6), + UINT64_C(0x00F2ABC63C4FB96C), UINT64_C(0x0EFC09B02EEF07BE)}}, + {{UINT64_C(0xA4B6AA1E1B6FC753), UINT64_C(0x234F0CC675730769), + UINT64_C(0x0AFA2A7A57A95F95), UINT64_C(0x890E15259B03EF9F)}, + {UINT64_C(0xDC7175D663CFC138), UINT64_C(0xABE382C21160EB2F), + UINT64_C(0x4F1C814E87543983), UINT64_C(0x6FE1CB1B92141325)}}, + {{UINT64_C(0x8B3D3BED3A0AAF9E), UINT64_C(0xBC96D8430BE4ACEB), + UINT64_C(0x0B0FE631FA286283), UINT64_C(0x0F56D8174FB40200)}, + {UINT64_C(0xB127B4809822D0DF), UINT64_C(0x4371E41BA6EF4CEA), + UINT64_C(0x137094FB7020B057), UINT64_C(0xCF389055417D00D4)}}, + {{UINT64_C(0x8523314F74538FFF), UINT64_C(0x6EA73224F6F98371), + UINT64_C(0x63963B7A5968F573), UINT64_C(0x6D164517566859A5)}, + {UINT64_C(0xDC821FF3C16D87EA), UINT64_C(0xABE871CD212B5026), + UINT64_C(0x21B5E5380D22A44E), UINT64_C(0xC999639561F867FC)}}, + {{UINT64_C(0x1CCF304ADF0EA29A), UINT64_C(0x8ACBE8E6B89980EA), + UINT64_C(0x3E0EA6481DA4A141), UINT64_C(0x3EFDBA52219E4744)}, + {UINT64_C(0x664623157CEEB8F6), UINT64_C(0x58B60B9AAB44289C), + UINT64_C(0x20E5CACA20358B74), UINT64_C(0x127C38AFE7B308D6)}}, + {{UINT64_C(0xC6DA108B39AAF1DC), UINT64_C(0x821024286DCA2220), + UINT64_C(0x14B458CE145E622A), UINT64_C(0x3BBC38753B180E3A)}, + {UINT64_C(0x3AB22178ACB7FD2F), UINT64_C(0x0E5345303693D714), + UINT64_C(0xC1FD929AC7EC03E2), UINT64_C(0xEB019C7F99A07EEB)}}, + {{UINT64_C(0xADAF9A61605BAC71), UINT64_C(0xE0843223B123EAAF), + UINT64_C(0x30EC1468DDCFDE26), UINT64_C(0x430D451AFF6A1D88)}, + {UINT64_C(0xBBDBE0F69ADC70DB), UINT64_C(0x9B46D0331136BE03), + UINT64_C(0x52B6373C16BE0FE9), UINT64_C(0xD33F05DC61AE9043)}}, + {{UINT64_C(0xBE651548517FE3FE), UINT64_C(0x05E62067C6A5E772), + UINT64_C(0x2210D84DC9485ED1), UINT64_C(0x69FDE4908A6EEE11)}, + {UINT64_C(0x17968DE0A469DFB0), UINT64_C(0xAC30D2F8602D46DB), + UINT64_C(0xF657D86CEC069E78), UINT64_C(0x757DF3C5A31AEF88)}}, + {{UINT64_C(0x34A23983BF8603B5), UINT64_C(0x94F006039D5F531B), + UINT64_C(0x70E7A47E67FD7EAE), UINT64_C(0x6BB953278212C9E9)}, + {UINT64_C(0xC64BF6D66F210F09), UINT64_C(0xBCA4858E17E5C910), + UINT64_C(0x2A50C94262AE32F9), UINT64_C(0x3EEBBC008CEFAD6A)}}, + }, + { + {{UINT64_C(0xB173531F2F5FDC0D), UINT64_C(0x8E20F42294545D45), + UINT64_C(0x93670135F89FEB01), UINT64_C(0xAF918DC69AB69A17)}, + {UINT64_C(0xF51BC727506FEFFF), UINT64_C(0x422F1DA2A4265311), + UINT64_C(0xE51DAAB5E7BC3D42), UINT64_C(0xF84E403F18C5EFA9)}}, + {{UINT64_C(0x8FABB8B58D74D480), UINT64_C(0x5D5E811FA79780E4), + UINT64_C(0xAB5D60561A913E41), UINT64_C(0x25752259C20FE5F7)}, + {UINT64_C(0x90E0AE01CC886DF1), UINT64_C(0x6AE21693A9B62A8C), + UINT64_C(0x8B0916178EB63740), UINT64_C(0xF606D236FA4582E1)}}, + {{UINT64_C(0x7685371112A7274D), UINT64_C(0x5DD7D95C7D831725), + UINT64_C(0xDBC498E2F83F65DA), UINT64_C(0xE323328632C7C02C)}, + {UINT64_C(0x9DE9F6DF663C0E96), UINT64_C(0x1ADD83B5090A516E), + UINT64_C(0xA5E6F88227746833), UINT64_C(0x97EB65EF35C40F7E)}}, + {{UINT64_C(0xB86CFBFCD8C7ACA5), UINT64_C(0xCCBA70366F3ACA13), + UINT64_C(0x09270E7B773EDED2), UINT64_C(0x9C43B38F9A23BC52)}, + {UINT64_C(0x3E17E2578521005C), UINT64_C(0xA42903E290627F29), + UINT64_C(0x507AF91ED9399BCC), UINT64_C(0x017720184E4C7B9C)}}, + {{UINT64_C(0x45631565B3122C04), UINT64_C(0x48EBF151E01A0448), + UINT64_C(0x7A7C2CAEA7C20146), UINT64_C(0xFABF60D716D538DE)}, + {UINT64_C(0xF9A06A3A1C97AA24), UINT64_C(0xDC3A9E61AA8EE3BB), + UINT64_C(0xACED24DFF81D967D), UINT64_C(0x1CFF0126A06C9381)}}, + {{UINT64_C(0xD8B3E5EEAE9BB942), UINT64_C(0xF7AB50D5E30B9A21), + UINT64_C(0x13338FC694CC4EAE), UINT64_C(0xABEFEBF9C30CB7DE)}, + {UINT64_C(0x72BFAD006FB3EB24), UINT64_C(0x4B22DA33EA140094), + UINT64_C(0x76F8ACC65F506970), UINT64_C(0x2F120A7405756F3E)}}, + {{UINT64_C(0xE6040F91D869CAD0), UINT64_C(0x056E2D65177E259B), + UINT64_C(0x9505A12CF774D09F), UINT64_C(0x7286E7206A1BAB13)}, + {UINT64_C(0x7C5E2822FFAAD5BD), UINT64_C(0xE9AD20469350F33D), + UINT64_C(0x74F184BF112ED8A2), UINT64_C(0xABC754C0CE5AEA10)}}, + {{UINT64_C(0x75C8C1A99905D9A8), UINT64_C(0x5CFEADBCEC9A21E4), + UINT64_C(0x227D7A65C43A36E1), UINT64_C(0x3E8081873467E226)}, + {UINT64_C(0x223C5DABB250B4FB), UINT64_C(0xA0B9AF8CB3ED6A96), + UINT64_C(0x033055D460D1C260), UINT64_C(0x5CB09441546AF3D7)}}, + {{UINT64_C(0x1EE8340B987046BA), UINT64_C(0x20A3A83A40CCB679), + UINT64_C(0xA7F30B4ECEBC2086), UINT64_C(0x419E671DD6CE474D)}, + {UINT64_C(0xAC8EF20A7BB9A8A5), UINT64_C(0xBD4DD76C7295C1D6), + UINT64_C(0x7DF31235A1CF415C), UINT64_C(0x4D6C431DC77351F8)}}, + {{UINT64_C(0x8D092C1B13FDB1B8), UINT64_C(0x24029C0AA57C5626), + UINT64_C(0xE0C627D6CC820507), UINT64_C(0x3733C834E33149CC)}, + {UINT64_C(0x35297448B02E95B9), UINT64_C(0xB64EB7D3656423C5), + UINT64_C(0xD3A74EC996CE22AF), UINT64_C(0xDC1A4C68C83963C6)}}, + {{UINT64_C(0xC9C291AAFE1E8508), UINT64_C(0xE8885B766185C2FC), + UINT64_C(0x5E3C1419F784F47D), UINT64_C(0x42494E083B6AC9A2)}, + {UINT64_C(0x506F141FDCFA84A9), UINT64_C(0xA15DE2B90B3D65A0), + UINT64_C(0xFD770E06C53C426E), UINT64_C(0x05E0E5092DC15AC6)}}, + {{UINT64_C(0x0FC75AD2F72F03B5), UINT64_C(0x04BEFB3DCB7CD47D), + UINT64_C(0x2FF4313370D13D90), UINT64_C(0xDE47787F165AF4A1)}, + {UINT64_C(0xD6C4D0F2C7D54E2B), UINT64_C(0x0FA13F54F43F8509), + UINT64_C(0xDC53DD6BA0BAC440), UINT64_C(0xDA9C960339451ACD)}}, + {{UINT64_C(0xA3AD73A12D952C14), UINT64_C(0x5BA6FD3B3826D25D), + UINT64_C(0x982829077CE389AA), UINT64_C(0x7532CED468C5CEC8)}, + {UINT64_C(0x9465AB15923B1DC4), UINT64_C(0x54BCE72362D775F6), + UINT64_C(0x1E4ACF973B515D9E), UINT64_C(0xF9106D8EAFCAF39D)}}, + {{UINT64_C(0x8D844B008C255E98), UINT64_C(0xB25B516E43B8801D), + UINT64_C(0x84E958AE0701BAC5), UINT64_C(0x5B6066AE8AF32D55)}, + {UINT64_C(0x38231BD42F81F8FF), UINT64_C(0x953AD272CCFB8DD8), + UINT64_C(0xFA26233387ECE886), UINT64_C(0x94DC2ED26D71E44D)}}, + {{UINT64_C(0x2A1547163F1611B3), UINT64_C(0x7EB552D19A9CB3CE), + UINT64_C(0xA783C56D7996B8E8), UINT64_C(0x82F1B2BBE1B53F33)}, + {UINT64_C(0x75C3C3542EED1F97), UINT64_C(0x4085DFA055905BE1), + UINT64_C(0x027445D727470475), UINT64_C(0xE8797CA64A395F43)}}, + {{UINT64_C(0x8228175B8D15FE2A), UINT64_C(0x201F53CE22C5F3B8), + UINT64_C(0xC2E45A58E027B3B4), UINT64_C(0x10EF9849CB14FCFD)}, + {UINT64_C(0x5B1B95BF175D09BC), UINT64_C(0xB6106AFB01F2A90F), + UINT64_C(0x9218C94F499C99A3), UINT64_C(0x71ABADB39911D2E0)}}, + }, + { + {{UINT64_C(0xDC325EB780CDC998), UINT64_C(0xEAEB3EA4451072D2), + UINT64_C(0xFBE4A77A63F4814E), UINT64_C(0xAF7196535CF7300B)}, + {UINT64_C(0xA5961C0CAF79157B), UINT64_C(0xD6BD64FAC1B1EFF8), + UINT64_C(0xD53C7278209C1192), UINT64_C(0xD49A6EDF11867896)}}, + {{UINT64_C(0x702DF5A9AB8F5570), UINT64_C(0x8465E1B6C4B1EF0B), + UINT64_C(0x2824394DC3F6DDEF), UINT64_C(0x8D94A8AFF9AF33E5)}, + {UINT64_C(0xC80D44363598996C), UINT64_C(0x19843A6E03E27975), + UINT64_C(0xF3B68AE98976FB0C), UINT64_C(0x4BAABFBEF594FCED)}}, + {{UINT64_C(0x5E774509DB5F2680), UINT64_C(0x3BD21DA394C14B10), + UINT64_C(0x72B49B4432BD63C9), UINT64_C(0xF420C1A3178414DA)}, + {UINT64_C(0xCC2D52BD1668B9E2), UINT64_C(0x53293FA4EAE81242), + UINT64_C(0x25DA03816F2165BA), UINT64_C(0x20D877C0A05D275F)}}, + {{UINT64_C(0x5DAD995ECF12FF20), UINT64_C(0x219B1C143CD20A95), + UINT64_C(0x90F3022C2FF2F4A4), UINT64_C(0x4FC4DF0B6C06B717)}, + {UINT64_C(0xAAB7E5188620DD16), UINT64_C(0x0B84B91CDA0E5568), + UINT64_C(0x47E5F136D3892316), UINT64_C(0x3085B0F3ADE1CB59)}}, + {{UINT64_C(0xC5AB38256D022D4A), UINT64_C(0x74093B16A0ECC567), + UINT64_C(0x3DC28B8B2ABD9BE8), UINT64_C(0xEC16D9A4B1C505DA)}, + {UINT64_C(0xAF90003DBDD32FD2), UINT64_C(0xCF60567C9C865764), + UINT64_C(0x2D7ABA981AC07EE1), UINT64_C(0xE743B7E3C043F883)}}, + {{UINT64_C(0x031CB47B362AD50B), UINT64_C(0x76498AED49176EF3), + UINT64_C(0x34EFBEB77BCE256B), UINT64_C(0xC1E699CC495A1BF4)}, + {UINT64_C(0x3B3145D0B2CE0814), UINT64_C(0x697DA9BF23A72021), + UINT64_C(0x1C41EF0738F9734C), UINT64_C(0x7CE22ED7DBC79075)}}, + {{UINT64_C(0x063D4C365009F1BB), UINT64_C(0x43E60EDB061052AC), + UINT64_C(0x4C919093AEC77DE3), UINT64_C(0x18D45E98DEB01A6E)}, + {UINT64_C(0x12DCB455C237CB96), UINT64_C(0xEBB1BC837E5ECB32), + UINT64_C(0xD7B215CDB26D22B4), UINT64_C(0x444DD4BF7317DE40)}}, + {{UINT64_C(0x05E49964A1175405), UINT64_C(0x639DA398B6048479), + UINT64_C(0x8A97CE537D7F6FC9), UINT64_C(0xA6D085859D2DE749)}, + {UINT64_C(0xF4502FA9C83C3CA5), UINT64_C(0x80E9D34B272692BA), + UINT64_C(0x503BA60E6847E384), UINT64_C(0x5EA54ED6236CF53E)}}, + {{UINT64_C(0x7D721A71E9189E8A), UINT64_C(0x7979776BF3F69EC2), + UINT64_C(0x8800A4C1D4286DED), UINT64_C(0xE71FF3E87C8D89D4)}, + {UINT64_C(0x2215B363F11DA2F7), UINT64_C(0x2B31B90EC6B5CC88), + UINT64_C(0x8670711C90CD9D4B), UINT64_C(0xF3F9F486CAFF7330)}}, + {{UINT64_C(0x253ED15009315492), UINT64_C(0x6D5F0D329D099BD0), + UINT64_C(0xC979EF865FEC6081), UINT64_C(0x9EF7BD88F92FA2C8)}, + {UINT64_C(0xC4F127AE21A7E802), UINT64_C(0xE119011830FE9599), + UINT64_C(0xC7727ACDAF5C0C1E), UINT64_C(0xBD2EA3888A734759)}}, + {{UINT64_C(0x9AB29AD607E34C9D), UINT64_C(0x5E45E94C37E15A32), + UINT64_C(0x2B63DA06E436B8CE), UINT64_C(0x8DD937354B845BD9)}, + {UINT64_C(0xADF9CE47A4F1FD37), UINT64_C(0xBE2B08435A926BE6), + UINT64_C(0x54E97009896A0E81), UINT64_C(0x06FA991A0ADD1B2F)}}, + {{UINT64_C(0x62DD03A48EC1E909), UINT64_C(0x7E16F49814084578), + UINT64_C(0x895777F8F80356FA), UINT64_C(0x4DAFF32D85299026)}, + {UINT64_C(0xC17E6DF28BA547CA), UINT64_C(0xC885AA8B038DE094), + UINT64_C(0x244A6756B715DAE2), UINT64_C(0x0FA31722D84D1340)}}, + {{UINT64_C(0x3051CBE787059FA8), UINT64_C(0xA2D043F8D34499C5), + UINT64_C(0x34431D141FB740CD), UINT64_C(0x7828F8ECFFE32D27)}, + {UINT64_C(0xFFEEA95A613B329A), UINT64_C(0xA3BAFEC385A1711B), + UINT64_C(0x3527C43526D17299), UINT64_C(0xD52037B412D76D5E)}}, + {{UINT64_C(0x36187B586E1A2133), UINT64_C(0xC2A0B8BFB81D026E), + UINT64_C(0x0AAA95AD164FA62D), UINT64_C(0x06449D7DBCA633E0)}, + {UINT64_C(0x8AA8C573C2EA71E5), UINT64_C(0x0ABF37C50B3E113A), + UINT64_C(0xE3A8C47EBC9B1B1A), UINT64_C(0x39A91F2B371EBF26)}}, + {{UINT64_C(0x8EEFBBDC8225F3B3), UINT64_C(0xED42D6BB4AA48C64), + UINT64_C(0xC2025C88845B95A0), UINT64_C(0x505F80D533AB3325)}, + {UINT64_C(0x673E8935D673FC83), UINT64_C(0x2C0ED14897E7F0F7), + UINT64_C(0xFE43E8305ACD0AD3), UINT64_C(0xFBD8507E26B99F5F)}}, + {{UINT64_C(0xA33E71151B616E6A), UINT64_C(0xCF9D848CB3AE45E3), + UINT64_C(0xCAF518B9F4CFAC7F), UINT64_C(0x9BECFF334D40CF27)}, + {UINT64_C(0xC4E5058C2DBD58CA), UINT64_C(0x050418953C23A7A9), + UINT64_C(0xEE357D2FA308CE6D), UINT64_C(0x85A23F6435A2A495)}}, + }, + { + {{UINT64_C(0xFDBA1119362C4AEE), UINT64_C(0x9475450FD149E823), + UINT64_C(0x0308651061E240DF), UINT64_C(0xAC4C0D91B2797E52)}, + {UINT64_C(0x07A9F04E94E2E738), UINT64_C(0xC9F2500993DFAA57), + UINT64_C(0xE28D8A1E631BF262), UINT64_C(0x3A5E0C8DB6C3C6A3)}}, + {{UINT64_C(0x1F89310DBAD34D69), UINT64_C(0x90164C592D46C9A7), + UINT64_C(0x9DA649C290BEA726), UINT64_C(0xF9E3C93F712B3C99)}, + {UINT64_C(0x567997209595FCBD), UINT64_C(0x9DF889AF7FF73C8A), + UINT64_C(0xB84AB58821D4B858), UINT64_C(0xC4D8D79275F8D5ED)}}, + {{UINT64_C(0x9EEC2896172273DD), UINT64_C(0xD9884CBA970C1D17), + UINT64_C(0xE5C167DC18301645), UINT64_C(0xE5DDA586530E5772)}, + {UINT64_C(0xDEEAF7092DD0F27B), UINT64_C(0xC601F20A41DFB251), + UINT64_C(0x5F480C1D42217E9B), UINT64_C(0x0D75797DB337BFB1)}}, + {{UINT64_C(0xACB8ABCAAB76EF88), UINT64_C(0x34AB9AB60D715487), + UINT64_C(0x75D466B09FAD30D7), UINT64_C(0x626EB0D470D43609)}, + {UINT64_C(0x5E7F91F7CA4F4152), UINT64_C(0x0CD7BF19180B857B), + UINT64_C(0x1F02DD96888784E5), UINT64_C(0xD814B697179F78DA)}}, + {{UINT64_C(0x350FD825A224ED18), UINT64_C(0xF938205920AED265), + UINT64_C(0x36A20A2F4F050462), UINT64_C(0x2FDD04DF8EF3AE9C)}, + {UINT64_C(0x31D87F6BA5E419C1), UINT64_C(0xDAE49976F10CBEC1), + UINT64_C(0x15B93EB0E6B6030B), UINT64_C(0xB1C8AEADABB9ECBE)}}, + {{UINT64_C(0xF69E090A5D63DA84), UINT64_C(0x62243127D238680B), + UINT64_C(0x5ADE38EE4F961216), UINT64_C(0x727798D0CA3A0D0F)}, + {UINT64_C(0x8E73B0505C9ED783), UINT64_C(0x02EBEB13FAC6A9CD), + UINT64_C(0xC82AFD1478A6A6C4), UINT64_C(0x8F5DEA731475800A)}}, + {{UINT64_C(0xB9F1E6467D0DFD06), UINT64_C(0xA6B2D78338302ACD), + UINT64_C(0x242BAA32B80FE945), UINT64_C(0x0D772C77D9E62215)}, + {UINT64_C(0xDAE890C00FE3501C), UINT64_C(0x5860479AF791A0B9), + UINT64_C(0xDEEC9228658E920C), UINT64_C(0x47F181529E665CCC)}}, + {{UINT64_C(0x94E95E6D22982870), UINT64_C(0x80FF175831B9B86F), + UINT64_C(0x6295EBE52FAF1581), UINT64_C(0x025C90BF970663FB)}, + {UINT64_C(0xFBB6A13C5FF2E753), UINT64_C(0x9817C6B78E2C5EB7), + UINT64_C(0xDA10C2DD0B21C29C), UINT64_C(0xD8BAB5ABE1AB7C88)}}, + {{UINT64_C(0x915F505BABA924FF), UINT64_C(0x021E28383B5D1F04), + UINT64_C(0x8EA6D2E33782EB7C), UINT64_C(0x00F160C798C40BAC)}, + {UINT64_C(0xF3EFA871D53990A8), UINT64_C(0xFEA6F6C4567C8DA6), + UINT64_C(0x34D78F24F177E5D2), UINT64_C(0x384FE73B2A42612A)}}, + {{UINT64_C(0x9C2D82964552813D), UINT64_C(0x68D10E9C5F45A6D6), + UINT64_C(0x9487871989C9A46B), UINT64_C(0xE3AC5DD0E9D43BA7)}, + {UINT64_C(0x0625BCDACD024E6B), UINT64_C(0x895E298C0B5AD7A2), + UINT64_C(0x8289869EC1E20892), UINT64_C(0xC540A1B650AD2460)}}, + {{UINT64_C(0xD6D4EDFF9D50F7B6), UINT64_C(0xF08A5C03093754D5), + UINT64_C(0x3F9D24A5E882AA97), UINT64_C(0x9E4B368781D03072)}, + {UINT64_C(0xC17FDD4402BDE7A8), UINT64_C(0x591AEEE018BD5636), + UINT64_C(0x94F8FD354E360484), UINT64_C(0x8F40D8906791E2B7)}}, + {{UINT64_C(0x0830EF0120082F5B), UINT64_C(0xA54DA9D2A99569BD), + UINT64_C(0x6D2F34FECA2D84F6), UINT64_C(0x2507224E000DE48F)}, + {UINT64_C(0x16116111959E8782), UINT64_C(0xB345A914458A520B), + UINT64_C(0x1965B51B3327A114), UINT64_C(0xF304DC0089E3068F)}}, + {{UINT64_C(0x88F7D9AB603E598D), UINT64_C(0xEC7CCD9D38332F15), + UINT64_C(0x62E27E79EE911F98), UINT64_C(0xBF08610AA5416C7F)}, + {UINT64_C(0x492D6F58943A910B), UINT64_C(0xA367F6CCF21E43BE), + UINT64_C(0x0B6527B023DC9AFB), UINT64_C(0x59EE094DD158357C)}}, + {{UINT64_C(0x2D39E618CA4294C0), UINT64_C(0xF057BD41AE4E8829), + UINT64_C(0xF677704692D6F4A0), UINT64_C(0xF3AE39D925401655)}, + {UINT64_C(0x66DF02ED5751BBD0), UINT64_C(0x6B71E6F1C59A685A), + UINT64_C(0xC2FCFC2CBD6E98A1), UINT64_C(0xB14FEC9FCFF47262)}}, + {{UINT64_C(0x28B2C099B2398B71), UINT64_C(0xFB02586531002307), + UINT64_C(0x3DB1342E5D9FA558), UINT64_C(0xEB0502131EAF95F2)}, + {UINT64_C(0xC7F54D336F54A78A), UINT64_C(0x78396B11087C2B97), + UINT64_C(0x06FDFA16736A5FE2), UINT64_C(0xD99376FE13094475)}}, + {{UINT64_C(0x04D4B5AF38613F93), UINT64_C(0x011351E1618A1550), + UINT64_C(0xE9992D4AAB896C02), UINT64_C(0x7E907A9D3E9AE8E9)}, + {UINT64_C(0x00C91A686B345D86), UINT64_C(0xFCF5C9AA5A0F3B3C), + UINT64_C(0xFFF3720EE88714E9), UINT64_C(0x9E107637BABFE992)}}, + }, + { + {{UINT64_C(0x31997616B4D7985C), UINT64_C(0x179CE767EC57C2A4), + UINT64_C(0x5F0CF0323F526D15), UINT64_C(0x264738DEDB4BFA47)}, + {UINT64_C(0x25F639CD9F8DED60), UINT64_C(0xDF159B4BB5D53EF3), + UINT64_C(0x03D62F07AF518A12), UINT64_C(0x6555DC2E31B4F561)}}, + {{UINT64_C(0x9169BDAFA16519B6), UINT64_C(0xB931AB1EB4A8C593), + UINT64_C(0xCBEDADCB40411D0D), UINT64_C(0xA80BE8557A97FB49)}, + {UINT64_C(0xB5ECCA90D3562DFF), UINT64_C(0xFD3B9C4C6A8441C9), + UINT64_C(0x089505F123D875C4), UINT64_C(0x642B253ACBDE3C66)}}, + {{UINT64_C(0x7DCE9688E9EC283F), UINT64_C(0x54E5E5A2BBD7D9D3), + UINT64_C(0x3D8ECB7FF5F288C1), UINT64_C(0x2E3158A1366659CD)}, + {UINT64_C(0xCA2CB601F54AF8FB), UINT64_C(0x1285C7047F8C5185), + UINT64_C(0xE009269F7161AF47), UINT64_C(0x5C5E62990AE88185)}}, + {{UINT64_C(0x8BF3547290C6C034), UINT64_C(0x6A5782B33BBCBB19), + UINT64_C(0x8B8750D0151D7DDA), UINT64_C(0x867DABC25CB146A7)}, + {UINT64_C(0xB0CF281DDC60AEEE), UINT64_C(0x7C408598A22396FE), + UINT64_C(0x0739BC359F64E610), UINT64_C(0x0CAF076C270899AB)}}, + {{UINT64_C(0xDE4E9CFFC8809978), UINT64_C(0x93D0B90178514FD5), + UINT64_C(0x200F4F837F11899D), UINT64_C(0xE34084F7108039F0)}, + {UINT64_C(0x774864645E691A94), UINT64_C(0xB8189181DE725BBA), + UINT64_C(0x966744499248DE6E), UINT64_C(0x174D13DD8E76B07C)}}, + {{UINT64_C(0xBCC21C7EC5D6D48D), UINT64_C(0x53EA5CCEB03F7A28), + UINT64_C(0x3EB4E87732D40BF3), UINT64_C(0x8F7C629D459E999E)}, + {UINT64_C(0xF408FCD0760722ED), UINT64_C(0xB29464E5B4BA1C1F), + UINT64_C(0xADA459DA324A4F8D), UINT64_C(0x282985DE433F8FCC)}}, + {{UINT64_C(0xBCB3B6DC4C2DE790), UINT64_C(0x0C1A0C73CABFE6A8), + UINT64_C(0xEA6CE3DD6E01D31F), UINT64_C(0xA3EAB6E3D7BAE36D)}, + {UINT64_C(0xCB2C7F5D0191605C), UINT64_C(0x631122B2EF403029), + UINT64_C(0x801928B683CA9F54), UINT64_C(0x340CA229467E2AAC)}}, + {{UINT64_C(0x9331F03E203A754B), UINT64_C(0x45355264B931213A), + UINT64_C(0x1B27F856D551B132), UINT64_C(0x9E765FAEF987B9D6)}, + {UINT64_C(0x09016F24A6D094E6), UINT64_C(0xBB7C5D580D712549), + UINT64_C(0xA4174E8296843E3B), UINT64_C(0x956FCF0A9AE35234)}}, + {{UINT64_C(0xE6AC1909FF9FD8B4), UINT64_C(0xF571894F02673FA4), + UINT64_C(0x96704C88FFBADE36), UINT64_C(0x0C0FCBA56E522D60)}, + {UINT64_C(0x3F22D5AD3EB2213B), UINT64_C(0x316D6C8308AA7742), + UINT64_C(0x720D67B57661E4CE), UINT64_C(0x60E391366053F2C9)}}, + {{UINT64_C(0xEBA452007EE62DD7), UINT64_C(0xBA0F4A9D916EC32C), + UINT64_C(0x3B3B3BF6C7A5F0E5), UINT64_C(0xCB7FD1E5C29E78BB)}, + {UINT64_C(0x06D55C5A3B57F9CB), UINT64_C(0x58E0E72C1E77E898), + UINT64_C(0xC83CC053ADFA9277), UINT64_C(0x934EFD66AF4DA403)}}, + {{UINT64_C(0xF151F2C1A006BBA3), UINT64_C(0xA131D12F9B777AF4), + UINT64_C(0xC1115DC5D57544DE), UINT64_C(0xAFAB301CF9F77F21)}, + {UINT64_C(0x2361C9F03C316A92), UINT64_C(0xA76EC9F4E83E8EA0), + UINT64_C(0xF8B22E5B2A463988), UINT64_C(0xF84F7F27C70892FA)}}, + {{UINT64_C(0x3089E6E362E3F989), UINT64_C(0xDDBE9E7CBB528E9F), + UINT64_C(0x91E38B69D093C766), UINT64_C(0xD2C6563F8A46C2B4)}, + {UINT64_C(0x477EE71656C884F0), UINT64_C(0x5AD3E27EE1DED7B7), + UINT64_C(0x973C0C4426FDAC5E), UINT64_C(0x46B62D7B78B0BB8F)}}, + {{UINT64_C(0x1B7E8CBD7E700F97), UINT64_C(0x42F15F55E383D0A4), + UINT64_C(0x74316CF425D5C538), UINT64_C(0x5CAA963DED590AA8)}, + {UINT64_C(0xDEEB3CEEB05E7AD9), UINT64_C(0x74E7B064CA0C9C09), + UINT64_C(0x08699576F02ED1FE), UINT64_C(0x7A84FF4EB899F9BE)}}, + {{UINT64_C(0x1E0F143F8E7799A5), UINT64_C(0xBC7F446D20E6D9B1), + UINT64_C(0xDB0F04D0E178F931), UINT64_C(0xB4AD04F0A5EDC88C)}, + {UINT64_C(0x762ABA6E3FAFF5B8), UINT64_C(0x352922C9F2910580), + UINT64_C(0x1A49CEE98768AF3E), UINT64_C(0x89DC3150B0A08A33)}}, + {{UINT64_C(0x38472B6F7C7F824B), UINT64_C(0x97354929BEAEF806), + UINT64_C(0x6014F5E8FCA818FC), UINT64_C(0x996A624F4D542B22)}, + {UINT64_C(0x0BF7E1B36FEE8432), UINT64_C(0x24C0960A755D16EE), + UINT64_C(0x452FA32C8B7D1362), UINT64_C(0xB09A7FA5D3ED3D8F)}}, + {{UINT64_C(0x9F1C2E3579F99367), UINT64_C(0x51A770F9902A7D40), + UINT64_C(0x1B254A23772BEE18), UINT64_C(0x00D5E1C296114B2B)}, + {UINT64_C(0x29611530E44AD2CD), UINT64_C(0x50D7A40897E0644C), + UINT64_C(0x1AF10EA2C72FF462), UINT64_C(0xDB8CF7243D2501FF)}}, + }, + { + {{UINT64_C(0x2D63D36358A8AECC), UINT64_C(0x393A5462676A1840), + UINT64_C(0xA2F08A934368AE8F), UINT64_C(0x36C2BB30A611C3DD)}, + {UINT64_C(0x701F8653E44F6D6A), UINT64_C(0x846EC4780FA19833), + UINT64_C(0x54AB2B7E1921B4A8), UINT64_C(0x92D19021A6B88446)}}, + {{UINT64_C(0x5551B17CDBC895F4), UINT64_C(0x7F5ECB2F8A21F081), + UINT64_C(0x520715FAE2B4F569), UINT64_C(0xC7051B37F7DCD9D2)}, + {UINT64_C(0x76181B8827C8E319), UINT64_C(0xFB6BAAD8E4FC1A12), + UINT64_C(0x8F81106C61CFCE76), UINT64_C(0xA021837D35008866)}}, + {{UINT64_C(0x1CDF62DF302513DA), UINT64_C(0x64605506E4DC1668), + UINT64_C(0xDEE53189972BE654), UINT64_C(0x1519D30A948AFBF7)}, + {UINT64_C(0x5B6CB34A423ACBE9), UINT64_C(0xCBD96D42495866F3), + UINT64_C(0x8AF8C97EB27A8C3F), UINT64_C(0xF4B8706502405022)}}, + {{UINT64_C(0x31E248108E0376EC), UINT64_C(0x3ABD9B67E5D7A816), + UINT64_C(0xA7FC938A5E189D01), UINT64_C(0xEEE2E9F62FE13886)}, + {UINT64_C(0x9D96C9E34BC5B96C), UINT64_C(0x11B750F4A5B490D2), + UINT64_C(0x63366B8B3B718DE7), UINT64_C(0x3B2921B67B2B7291)}}, + {{UINT64_C(0x8D04C59C233829CB), UINT64_C(0x2831D2BF5D690F43), + UINT64_C(0xEC32E4C3F1B6C60E), UINT64_C(0x8726E1015F6578E5)}, + {UINT64_C(0xB23BE8EE0D56E78E), UINT64_C(0xEC2542DDD8E3987F), + UINT64_C(0xE9BA8B163980AD13), UINT64_C(0x1B37BA598942D6FB)}}, + {{UINT64_C(0x24D786A1F0F2C574), UINT64_C(0x6EC3D98CE189F236), + UINT64_C(0x4E8F0A0092DAA6DF), UINT64_C(0x32F4BDD0A328CA87)}, + {UINT64_C(0x2BA38AEF647422F5), UINT64_C(0x442461A5BC7D339C), + UINT64_C(0xD32855E28D5CDF0C), UINT64_C(0x8E226C9F575ACCB1)}}, + {{UINT64_C(0xEF3BD7107F550CFF), UINT64_C(0xF90B7237F6716F3D), + UINT64_C(0x071FFF8932233CDB), UINT64_C(0x4C048CEA40D58724)}, + {UINT64_C(0x20BFB31065E86924), UINT64_C(0x94B7297BC48DA998), + UINT64_C(0xC983B5F154F64297), UINT64_C(0x0F21384D4277EA8D)}}, + {{UINT64_C(0x1C32326C09A677DD), UINT64_C(0x04007199ACF84219), + UINT64_C(0x927DF40236E0128B), UINT64_C(0x86054B7683459CF4)}, + {UINT64_C(0x28DE82C148E0560B), UINT64_C(0x2CF5C21D4BC4F69C), + UINT64_C(0x22C15353E420C01A), UINT64_C(0x34C2F7D34C1545FE)}}, + {{UINT64_C(0xCE7B268D160D136D), UINT64_C(0x7F6093A04554CA94), + UINT64_C(0xC849758B81E19640), UINT64_C(0x5658D69E95C4AB06)}, + {UINT64_C(0x7319481B9DA8883D), UINT64_C(0x742243E55E0BFB8B), + UINT64_C(0x596835B546E1AEDE), UINT64_C(0x70EFC105107C0725)}}, + {{UINT64_C(0x2EE68FCC930F895B), UINT64_C(0x43361CAFC93CD312), + UINT64_C(0x1BDA01F29F6867CC), UINT64_C(0x052C0D9D1C92228B)}, + {UINT64_C(0xA6F897E3CA86A4FF), UINT64_C(0xC48BA0CD90B4171C), + UINT64_C(0x036534E011D93A03), UINT64_C(0x00F7D663B4961C8F)}}, + {{UINT64_C(0x4B766AC91419A80E), UINT64_C(0x83A7050421DC1C9D), + UINT64_C(0xB2B7ADFB2EB59C5D), UINT64_C(0x179D087324B42575)}, + {UINT64_C(0x9EC816823EEA138F), UINT64_C(0x347E917BB8AEB010), + UINT64_C(0xE021100C5910CE07), UINT64_C(0x301D673970C44EB9)}}, + {{UINT64_C(0x76D4A125D46BEE47), UINT64_C(0xD3B496549839A415), + UINT64_C(0xD5050ACC3901932F), UINT64_C(0x0462A8F72AD3CD2B)}, + {UINT64_C(0x0F87843B6FC7199B), UINT64_C(0x0F63EB3CB386DC8E), + UINT64_C(0xEF1809657A49CF77), UINT64_C(0xBBE812B34B95296B)}}, + {{UINT64_C(0xAAC122F95C27EC25), UINT64_C(0xEFD1790B47105577), + UINT64_C(0xBE4D4AF432B4DBF2), UINT64_C(0x35880AF9FD9F06F8)}, + {UINT64_C(0xC99B14297B3DDFDA), UINT64_C(0xA3B80D8B6E4B030D), + UINT64_C(0xBF228F42DA18700D), UINT64_C(0xEF7F91D9ED386EEF)}}, + {{UINT64_C(0x10C6C124391CC8D0), UINT64_C(0xD3A1E6B427C3715A), + UINT64_C(0x12E0090B8760A0C6), UINT64_C(0x206512908A2580BE)}, + {UINT64_C(0xD5846CAB387235A2), UINT64_C(0x8F75DC2FC6DA615A), + UINT64_C(0x8E160E863A82B8F9), UINT64_C(0x1654307AAD451A41)}}, + {{UINT64_C(0xADA0A2F5BBB9CABE), UINT64_C(0x486E6E20782EC480), + UINT64_C(0x34E670238ACC52DA), UINT64_C(0x68992DB42B21818A)}, + {UINT64_C(0x2E148D4F2DDACB59), UINT64_C(0xCCFCBE9A6977878C), + UINT64_C(0x393E111603E1374B), UINT64_C(0x793827E337638129)}}, + {{UINT64_C(0xB6657FEA29F58D1F), UINT64_C(0x8BA31BFE527BA98B), + UINT64_C(0xD0E0B268A9D8C4AF), UINT64_C(0x9C1B9FE1121F58B7)}, + {UINT64_C(0x6CEEDC246798AA06), UINT64_C(0x2F8911B45149899C), + UINT64_C(0x2197D06FD9778F1D), UINT64_C(0xFF14526705F00C07)}}, + }, + { + {{UINT64_C(0xA5CE7FE8F441AC64), UINT64_C(0xCE4B9A6FF8CBE95B), + UINT64_C(0x1A2BD334B4CF46A4), UINT64_C(0x125EA7171204CA96)}, + {UINT64_C(0x4B514210251C6124), UINT64_C(0x60BC1CA40639DEB7), + UINT64_C(0x716C7EB1D4951A8A), UINT64_C(0xF052592F46C9F47A)}}, + {{UINT64_C(0x9C1B5E5377C8FEA4), UINT64_C(0x0F5D3CC7678EC92A), + UINT64_C(0x203713CB864C4032), UINT64_C(0x5B82C803D405B6D4)}, + {UINT64_C(0xFF7EC24FE9464605), UINT64_C(0xD71241D3A5ECCB23), + UINT64_C(0xEF890204AC2543F8), UINT64_C(0xE810D87B11C9801F)}}, + {{UINT64_C(0xED12752878D881D5), UINT64_C(0xEE5A48FBFCCFA102), + UINT64_C(0x1A163AABCDD3D7DB), UINT64_C(0x7FAA79EA2EB508C0)}, + {UINT64_C(0x7248AE86D2D35829), UINT64_C(0xA5DEC6878C9A98BE), + UINT64_C(0x8893580286C486DB), UINT64_C(0x3A9BB9C3EB27CADF)}}, + {{UINT64_C(0x3526AF1F51341F5F), UINT64_C(0xFC45C2E1384D1B33), + UINT64_C(0x94B9E0DB41D5A8F0), UINT64_C(0xFD44C1C0E702876D)}, + {UINT64_C(0x67C3A4F73FD321E9), UINT64_C(0xA38BD2FEFAFB7530), + UINT64_C(0x2F03715779442870), UINT64_C(0x00487BF8E081DCB7)}}, + {{UINT64_C(0x7EE4D8B726135B59), UINT64_C(0xB53DC0AE00D7C94B), + UINT64_C(0xB2F59B8A4F98473B), UINT64_C(0xAFC012E25ADF3FE8)}, + {UINT64_C(0x1ABD7A189E3F646A), UINT64_C(0x81D49A4760C52778), + UINT64_C(0xB1C1184D62C39ACC), UINT64_C(0xE8EB8A525F66FC65)}}, + {{UINT64_C(0x015EEC90C0F79061), UINT64_C(0xAFF38E8B58589E98), + UINT64_C(0x6A041C32C3F2FD7A), UINT64_C(0x976C5A586ED8E5C7)}, + {UINT64_C(0x5D7E2142F52768DF), UINT64_C(0x4AA0E46B3A5403DC), + UINT64_C(0xA62D566553302DD1), UINT64_C(0x78622C4BC7FFD6D5)}}, + {{UINT64_C(0xD01103A5F9352AE4), UINT64_C(0x637ED15DE1934E02), + UINT64_C(0xF7132C3BA7B58CA7), UINT64_C(0xBE295C4F4973F021)}, + {UINT64_C(0x1401C3DDF01617BF), UINT64_C(0x3C4B6F95B56601B8), + UINT64_C(0x41C39C9E1C85B1B1), UINT64_C(0xCC5025D4CE76C842)}}, + {{UINT64_C(0xDF81CF678776738E), UINT64_C(0xF7072A25383BB026), + UINT64_C(0xF53CAAE7B49EDF2E), UINT64_C(0x2F9DE44FDF74A7D9)}, + {UINT64_C(0xFA0A5800880F0F21), UINT64_C(0x77BF53F498978F74), + UINT64_C(0x81F6D3A11CD2F434), UINT64_C(0x27FA3CF85C7F3532)}}, + {{UINT64_C(0xD581CEEF76582202), UINT64_C(0xC16F828AFF2F0DEF), + UINT64_C(0xE76314C6E6C4F53B), UINT64_C(0xB640EB31F7381BF8)}, + {UINT64_C(0xE3B15EB636DD0C32), UINT64_C(0x125A821E375393B2), + UINT64_C(0x1F5894523EC2BE1D), UINT64_C(0x2635873CA1080F21)}}, + {{UINT64_C(0x6EBA81EB3D6FCCD6), UINT64_C(0xBD98B711E01BDF6E), + UINT64_C(0x29EDC6A5771492A9), UINT64_C(0x55367FBE2386FCA8)}, + {UINT64_C(0x791794BAD4FB3C72), UINT64_C(0xFD0EBF313B85FAB0), + UINT64_C(0x0D6D790724905F3F), UINT64_C(0xE029ABA1294AAFFF)}}, + {{UINT64_C(0xF39BC50AD5445163), UINT64_C(0xBC631CFDFFE91CA2), + UINT64_C(0x4A5D2FE4809EE2FA), UINT64_C(0x318B5EE0E3A4A68B)}, + {UINT64_C(0x11063C4AD5194980), UINT64_C(0x3CA5B7D8504FFDD2), + UINT64_C(0x4A0671BAB9EAE9E9), UINT64_C(0xA92B1BCDBDC9B450)}}, + {{UINT64_C(0x7408D2CB9EF58C99), UINT64_C(0x8B80A4CD87A9FE6E), + UINT64_C(0x5E9535BCD784D8D9), UINT64_C(0xC68CFFC04982ACAB)}, + {UINT64_C(0x012E175B3FFD77B2), UINT64_C(0x75A96047F65C99EB), + UINT64_C(0xB5646BDA8DF05C49), UINT64_C(0x3A51049BA9BFFA1D)}}, + {{UINT64_C(0x61FC49394B366BED), UINT64_C(0x83F714260A21272D), + UINT64_C(0x6F851419C1F063A0), UINT64_C(0x49E985B3DA38C6A2)}, + {UINT64_C(0x8993B91B49E66A53), UINT64_C(0x2B748159B46351F5), + UINT64_C(0x75F5C92C48CF7616), UINT64_C(0xB70159EC43BE076A)}}, + {{UINT64_C(0xF198B351E79D8255), UINT64_C(0xBFC47724F59FE019), + UINT64_C(0x09CDA15E16B9E680), UINT64_C(0xBDACE4391CC2B9CD)}, + {UINT64_C(0xCDC2EF1DA9204697), UINT64_C(0x662B331A89CB9A9E), + UINT64_C(0x38628A149968F610), UINT64_C(0xC203DC7234D9F707)}}, + {{UINT64_C(0xF9B59177A8EC873D), UINT64_C(0x06251EEA3DCB22A3), + UINT64_C(0xF2843915B923799E), UINT64_C(0x83D881CE1F58C6D6)}, + {UINT64_C(0x2CC84AF674594A6B), UINT64_C(0x3BCA0706143D665F), + UINT64_C(0x436A93B9A6F0D6CD), UINT64_C(0x1033910431D6E3A4)}}, + {{UINT64_C(0xB826096280E71165), UINT64_C(0x9435A53A37CF05F9), + UINT64_C(0xB515236A6BEF565C), UINT64_C(0x131B09AB6B1C69F8)}, + {UINT64_C(0x7D28A52415587108), UINT64_C(0x710B2297372A0B9B), + UINT64_C(0x45B05AF6EB731907), UINT64_C(0x7327B80D1E60FE7A)}}, + }, + { + {{UINT64_C(0x4F1BFE276A5F218A), UINT64_C(0x9670C96EF36B4CD7), + UINT64_C(0xC104530116BD6D68), UINT64_C(0x860042B43FCF028D)}, + {UINT64_C(0x513468E4A1C37CE3), UINT64_C(0xD32C00E3F54337C3), + UINT64_C(0x017A64EEDCA44E58), UINT64_C(0x845B2CFD572A1432)}}, + {{UINT64_C(0x860E9CAA9A4B3A0D), UINT64_C(0x33E1E718354094B1), + UINT64_C(0x32191B81E8D3EF60), UINT64_C(0xC0E37532F46AED39)}, + {UINT64_C(0xB8EF03B7781ED738), UINT64_C(0x99B1302F42418A51), + UINT64_C(0xF0C368743DEFDA42), UINT64_C(0x74E15756F0D5AC2F)}}, + {{UINT64_C(0x927758A63E05D280), UINT64_C(0xBB49189E46FE7051), + UINT64_C(0xD1DAC0CD5DF82A4E), UINT64_C(0x59CEF00C188E6E67)}, + {UINT64_C(0x782491DFDD031AF1), UINT64_C(0xD82966F8DB8AD011), + UINT64_C(0x0B5AD2C6B19A773A), UINT64_C(0x3D2651D902488CB1)}}, + {{UINT64_C(0xADDDB80E20E33212), UINT64_C(0x4169EE1373429553), + UINT64_C(0xB5B9EC0343E75223), UINT64_C(0xB05874DE627A8605)}, + {UINT64_C(0xE21CFE17B013211E), UINT64_C(0x107A375E24D1770A), + UINT64_C(0x424C5FC529AC869A), UINT64_C(0x218F36E927D697ED)}}, + {{UINT64_C(0xBDEAD1FFABFCCF26), UINT64_C(0x488980F358B3B4BA), + UINT64_C(0x14D39E5DA104EF0D), UINT64_C(0x215D33694418F3F4)}, + {UINT64_C(0xFC72ABBAE098F1C7), UINT64_C(0xB77FE8C51E796EBB), + UINT64_C(0x8E2BAFF6281779D5), UINT64_C(0x4B4FABB18F5F3B8A)}}, + {{UINT64_C(0xF0437E7AD8B01303), UINT64_C(0xBA781CB4DC2BB1D8), + UINT64_C(0x5D093C334A0ED188), UINT64_C(0xAE3EBC9DB62617E3)}, + {UINT64_C(0xDD968B8D5A3FC980), UINT64_C(0xB98AC721EED9C68B), + UINT64_C(0x7D1589DA3BC4BA5F), UINT64_C(0x1F70C41FB164EF92)}}, + {{UINT64_C(0x829356F1FF9BE49F), UINT64_C(0xB4784FAF70E8CD8E), + UINT64_C(0x50FC7D197C8137F0), UINT64_C(0x6530241666FFD563)}, + {UINT64_C(0xDF4691AB608CC073), UINT64_C(0x53E031241E721EA8), + UINT64_C(0xA69C5F9EE21DB3EF), UINT64_C(0xBA1EB5684A40D5E8)}}, + {{UINT64_C(0x05D6B7B02238C55D), UINT64_C(0x6FF6E9D4F1D12981), + UINT64_C(0xA7EE9598F6BFD816), UINT64_C(0xD18D9944950F2954)}, + {UINT64_C(0xA7751A95EFF2B2AE), UINT64_C(0x48C651BBA8EBFAC1), + UINT64_C(0xB11642A3AB09CB81), UINT64_C(0x38A06C96F23F4F07)}}, + {{UINT64_C(0x3A480AEDBFDD2FE5), UINT64_C(0x3DB4D9A4507C3FD8), + UINT64_C(0xE622105939A44883), UINT64_C(0x95897A95268CAF69)}, + {UINT64_C(0x1D4E01471BB281CC), UINT64_C(0xDAB9142943632032), + UINT64_C(0x6D91D12B0FF829D7), UINT64_C(0x5500D4633C33143C)}}, + {{UINT64_C(0xAA5C151A1DE8E78C), UINT64_C(0x84D9971E26A27FA7), + UINT64_C(0xE1B970C4D6D2D794), UINT64_C(0x60116AFC76EAAD40)}, + {UINT64_C(0x25FC7C02E1659332), UINT64_C(0x8FBD58D2DFCA9480), + UINT64_C(0x97F12859454F42ED), UINT64_C(0xC5DA1AA279A45FDE)}}, + {{UINT64_C(0x2D76441EED995CF0), UINT64_C(0x457710B729CBA4C6), + UINT64_C(0xF4FAC58CE5AB0DEB), UINT64_C(0x7A1E2B5D3E66C502)}, + {UINT64_C(0xB2DB583C85DC5610), UINT64_C(0xF5A4D27822686CC9), + UINT64_C(0x3F48BE66EEAAFF42), UINT64_C(0x6A78FA0D62325EE4)}}, + {{UINT64_C(0xE39F21371174FFB6), UINT64_C(0x802BE319D2E0DF58), + UINT64_C(0x8758050BA0E46CAC), UINT64_C(0x0AC0435DC1505CFB)}, + {UINT64_C(0x19B5C82A16552F01), UINT64_C(0x3BCA0B0114C66E12), + UINT64_C(0x6D740C67B2EAFE88), UINT64_C(0xD0F37392B03447A4)}}, + {{UINT64_C(0xEF2F21F4969A14D4), UINT64_C(0xEDEAAB9864C6FA7C), + UINT64_C(0xE842CC685E483758), UINT64_C(0x7EE0C315AE2D48D1)}, + {UINT64_C(0x47B7547F21377294), UINT64_C(0x9317BD4A4C64BDF6), + UINT64_C(0xDF4D893103D5A12B), UINT64_C(0x20F0DB38FD557EE9)}}, + {{UINT64_C(0xC2AA7A9ADE4DA7AF), UINT64_C(0xA5029C69D0BFCEBB), + UINT64_C(0x28E1A892B300B2AC), UINT64_C(0xAFD303271667CC45)}, + {UINT64_C(0x2C1F118606179176), UINT64_C(0x96714AB493D8938D), + UINT64_C(0x2E2A1C3E8FA8647A), UINT64_C(0x1D5C1B584B40FE42)}}, + {{UINT64_C(0x21A94497D69C0B65), UINT64_C(0x29B7B2744C382C0C), + UINT64_C(0x0A1B4AA27EB0577B), UINT64_C(0x2802315DDFF741C9)}, + {UINT64_C(0x8106EB9673A46493), UINT64_C(0xC330FEA55EA04126), + UINT64_C(0x75543E9ECE5AFC0C), UINT64_C(0x4793CCF77E800130)}}, + {{UINT64_C(0xA0087FBB706250D1), UINT64_C(0x579C440929A3419B), + UINT64_C(0x17846712DE27D5AB), UINT64_C(0x43041A06D0029993)}, + {UINT64_C(0x282FDC448801EF53), UINT64_C(0xF2D4B09FE580E842), + UINT64_C(0x1AE6DDFA4594B462), UINT64_C(0x33EDA377809765A9)}}, + }}; + +#else /* __SIZEOF_INT128__ */ + +#include +#include +#define LIMB_BITS 32 +#define LIMB_CNT 8 +/* Field elements */ +typedef uint32_t fe_t[LIMB_CNT]; +typedef uint32_t limb_t; + + +#define fe_copy(d, s) memcpy(d, s, sizeof(fe_t)) +#define fe_set_zero(d) memset(d, 0, sizeof(fe_t)) + +/* Projective points */ +typedef struct { + fe_t X; + fe_t Y; + fe_t Z; +} pt_prj_t; + +/* Affine points */ +typedef struct { + fe_t X; + fe_t Y; +} pt_aff_t; + +/* BEGIN verbatim fiat code https://github.com/mit-plv/fiat-crypto */ +/*- + * MIT License + * + * Copyright (c) 2015-2021 the fiat-crypto authors (see the AUTHORS file). + * https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier secp256k1_montgomery 32 '2^256 - 2^32 - 977' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ +/* curve description: secp256k1_montgomery */ +/* machine_wordsize = 32 (from "32") */ +/* requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp */ +/* m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ +/* */ +/* Computed values: */ +/* eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) */ +/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */ +/* twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in */ +/* if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 */ + +#include +typedef unsigned char fiat_secp256k1_uint1; +typedef signed char fiat_secp256k1_int1; +#if defined(__GNUC__) || defined(__clang__) +# define FIAT_SECP256K1_FIAT_INLINE __inline__ +#else +# define FIAT_SECP256K1_FIAT_INLINE +#endif + +/* The type fiat_secp256k1_montgomery_domain_field_element is a field element in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ +typedef uint32_t fiat_secp256k1_montgomery_domain_field_element[8]; + +/* The type fiat_secp256k1_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ +typedef uint32_t fiat_secp256k1_non_montgomery_domain_field_element[8]; + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + +#if !defined(FIAT_SECP256K1_NO_ASM) && (defined(__GNUC__) || defined(__clang__)) +static __inline__ uint32_t fiat_secp256k1_value_barrier_u32(uint32_t a) { + __asm__("" : "+r"(a) : /* no inputs */); + return a; +} +#else +# define fiat_secp256k1_value_barrier_u32(x) (x) +#endif + + +/* + * The function fiat_secp256k1_addcarryx_u32 is an addition with carry. + * + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^32 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_addcarryx_u32(uint32_t* out1, fiat_secp256k1_uint1* out2, fiat_secp256k1_uint1 arg1, uint32_t arg2, uint32_t arg3) { + uint64_t x1; + uint32_t x2; + fiat_secp256k1_uint1 x3; + x1 = ((arg1 + (uint64_t)arg2) + arg3); + x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + x3 = (fiat_secp256k1_uint1)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_subborrowx_u32 is a subtraction with borrow. + * + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^32 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_subborrowx_u32(uint32_t* out1, fiat_secp256k1_uint1* out2, fiat_secp256k1_uint1 arg1, uint32_t arg2, uint32_t arg3) { + int64_t x1; + fiat_secp256k1_int1 x2; + uint32_t x3; + x1 = ((arg2 - (int64_t)arg1) - arg3); + x2 = (fiat_secp256k1_int1)(x1 >> 32); + x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + *out1 = x3; + *out2 = (fiat_secp256k1_uint1)(0x0 - x2); +} + +/* + * The function fiat_secp256k1_mulx_u32 is a multiplication, returning the full double-width result. + * + * Postconditions: + * out1 = (arg1 * arg2) mod 2^32 + * out2 = ⌊arg1 * arg2 / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffff] + * arg2: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0xffffffff] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, uint32_t arg2) { + uint64_t x1; + uint32_t x2; + uint32_t x3; + x1 = ((uint64_t)arg1 * arg2); + x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + x3 = (uint32_t)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_cmovznz_u32 is a single-word conditional move. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_cmovznz_u32(uint32_t* out1, fiat_secp256k1_uint1 arg1, uint32_t arg2, uint32_t arg3) { + fiat_secp256k1_uint1 x1; + uint32_t x2; + uint32_t x3; + x1 = (!(!arg1)); + x2 = ((fiat_secp256k1_int1)(0x0 - x1) & UINT32_C(0xffffffff)); + x3 = ((fiat_secp256k1_value_barrier_u32(x2) & arg3) | (fiat_secp256k1_value_barrier_u32((~x2)) & arg2)); + *out1 = x3; +} + +/* + * The function fiat_secp256k1_mul multiplies two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_mul(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1, const fiat_secp256k1_montgomery_domain_field_element arg2) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint32_t x24; + uint32_t x25; + fiat_secp256k1_uint1 x26; + uint32_t x27; + fiat_secp256k1_uint1 x28; + uint32_t x29; + fiat_secp256k1_uint1 x30; + uint32_t x31; + fiat_secp256k1_uint1 x32; + uint32_t x33; + fiat_secp256k1_uint1 x34; + uint32_t x35; + fiat_secp256k1_uint1 x36; + uint32_t x37; + fiat_secp256k1_uint1 x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + uint32_t x57; + uint32_t x58; + fiat_secp256k1_uint1 x59; + uint32_t x60; + fiat_secp256k1_uint1 x61; + uint32_t x62; + fiat_secp256k1_uint1 x63; + uint32_t x64; + fiat_secp256k1_uint1 x65; + uint32_t x66; + fiat_secp256k1_uint1 x67; + uint32_t x68; + fiat_secp256k1_uint1 x69; + uint32_t x70; + fiat_secp256k1_uint1 x71; + uint32_t x72; + uint32_t x73; + fiat_secp256k1_uint1 x74; + uint32_t x75; + fiat_secp256k1_uint1 x76; + uint32_t x77; + fiat_secp256k1_uint1 x78; + uint32_t x79; + fiat_secp256k1_uint1 x80; + uint32_t x81; + fiat_secp256k1_uint1 x82; + uint32_t x83; + fiat_secp256k1_uint1 x84; + uint32_t x85; + fiat_secp256k1_uint1 x86; + uint32_t x87; + fiat_secp256k1_uint1 x88; + uint32_t x89; + fiat_secp256k1_uint1 x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + uint32_t x94; + uint32_t x95; + uint32_t x96; + uint32_t x97; + uint32_t x98; + uint32_t x99; + uint32_t x100; + uint32_t x101; + uint32_t x102; + uint32_t x103; + uint32_t x104; + uint32_t x105; + uint32_t x106; + uint32_t x107; + fiat_secp256k1_uint1 x108; + uint32_t x109; + fiat_secp256k1_uint1 x110; + uint32_t x111; + fiat_secp256k1_uint1 x112; + uint32_t x113; + fiat_secp256k1_uint1 x114; + uint32_t x115; + fiat_secp256k1_uint1 x116; + uint32_t x117; + fiat_secp256k1_uint1 x118; + uint32_t x119; + fiat_secp256k1_uint1 x120; + uint32_t x121; + uint32_t x122; + fiat_secp256k1_uint1 x123; + uint32_t x124; + fiat_secp256k1_uint1 x125; + uint32_t x126; + fiat_secp256k1_uint1 x127; + uint32_t x128; + fiat_secp256k1_uint1 x129; + uint32_t x130; + fiat_secp256k1_uint1 x131; + uint32_t x132; + fiat_secp256k1_uint1 x133; + uint32_t x134; + fiat_secp256k1_uint1 x135; + uint32_t x136; + fiat_secp256k1_uint1 x137; + uint32_t x138; + fiat_secp256k1_uint1 x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + uint32_t x153; + uint32_t x154; + uint32_t x155; + uint32_t x156; + uint32_t x157; + uint32_t x158; + fiat_secp256k1_uint1 x159; + uint32_t x160; + fiat_secp256k1_uint1 x161; + uint32_t x162; + fiat_secp256k1_uint1 x163; + uint32_t x164; + fiat_secp256k1_uint1 x165; + uint32_t x166; + fiat_secp256k1_uint1 x167; + uint32_t x168; + fiat_secp256k1_uint1 x169; + uint32_t x170; + fiat_secp256k1_uint1 x171; + uint32_t x172; + uint32_t x173; + fiat_secp256k1_uint1 x174; + uint32_t x175; + fiat_secp256k1_uint1 x176; + uint32_t x177; + fiat_secp256k1_uint1 x178; + uint32_t x179; + fiat_secp256k1_uint1 x180; + uint32_t x181; + fiat_secp256k1_uint1 x182; + uint32_t x183; + fiat_secp256k1_uint1 x184; + uint32_t x185; + fiat_secp256k1_uint1 x186; + uint32_t x187; + fiat_secp256k1_uint1 x188; + uint32_t x189; + fiat_secp256k1_uint1 x190; + uint32_t x191; + uint32_t x192; + uint32_t x193; + uint32_t x194; + uint32_t x195; + uint32_t x196; + uint32_t x197; + uint32_t x198; + uint32_t x199; + uint32_t x200; + uint32_t x201; + uint32_t x202; + uint32_t x203; + uint32_t x204; + uint32_t x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + fiat_secp256k1_uint1 x209; + uint32_t x210; + fiat_secp256k1_uint1 x211; + uint32_t x212; + fiat_secp256k1_uint1 x213; + uint32_t x214; + fiat_secp256k1_uint1 x215; + uint32_t x216; + fiat_secp256k1_uint1 x217; + uint32_t x218; + fiat_secp256k1_uint1 x219; + uint32_t x220; + fiat_secp256k1_uint1 x221; + uint32_t x222; + uint32_t x223; + fiat_secp256k1_uint1 x224; + uint32_t x225; + fiat_secp256k1_uint1 x226; + uint32_t x227; + fiat_secp256k1_uint1 x228; + uint32_t x229; + fiat_secp256k1_uint1 x230; + uint32_t x231; + fiat_secp256k1_uint1 x232; + uint32_t x233; + fiat_secp256k1_uint1 x234; + uint32_t x235; + fiat_secp256k1_uint1 x236; + uint32_t x237; + fiat_secp256k1_uint1 x238; + uint32_t x239; + fiat_secp256k1_uint1 x240; + uint32_t x241; + uint32_t x242; + uint32_t x243; + uint32_t x244; + uint32_t x245; + uint32_t x246; + uint32_t x247; + uint32_t x248; + uint32_t x249; + uint32_t x250; + uint32_t x251; + uint32_t x252; + uint32_t x253; + uint32_t x254; + uint32_t x255; + uint32_t x256; + uint32_t x257; + uint32_t x258; + uint32_t x259; + fiat_secp256k1_uint1 x260; + uint32_t x261; + fiat_secp256k1_uint1 x262; + uint32_t x263; + fiat_secp256k1_uint1 x264; + uint32_t x265; + fiat_secp256k1_uint1 x266; + uint32_t x267; + fiat_secp256k1_uint1 x268; + uint32_t x269; + fiat_secp256k1_uint1 x270; + uint32_t x271; + fiat_secp256k1_uint1 x272; + uint32_t x273; + uint32_t x274; + fiat_secp256k1_uint1 x275; + uint32_t x276; + fiat_secp256k1_uint1 x277; + uint32_t x278; + fiat_secp256k1_uint1 x279; + uint32_t x280; + fiat_secp256k1_uint1 x281; + uint32_t x282; + fiat_secp256k1_uint1 x283; + uint32_t x284; + fiat_secp256k1_uint1 x285; + uint32_t x286; + fiat_secp256k1_uint1 x287; + uint32_t x288; + fiat_secp256k1_uint1 x289; + uint32_t x290; + fiat_secp256k1_uint1 x291; + uint32_t x292; + uint32_t x293; + uint32_t x294; + uint32_t x295; + uint32_t x296; + uint32_t x297; + uint32_t x298; + uint32_t x299; + uint32_t x300; + uint32_t x301; + uint32_t x302; + uint32_t x303; + uint32_t x304; + uint32_t x305; + uint32_t x306; + uint32_t x307; + uint32_t x308; + uint32_t x309; + fiat_secp256k1_uint1 x310; + uint32_t x311; + fiat_secp256k1_uint1 x312; + uint32_t x313; + fiat_secp256k1_uint1 x314; + uint32_t x315; + fiat_secp256k1_uint1 x316; + uint32_t x317; + fiat_secp256k1_uint1 x318; + uint32_t x319; + fiat_secp256k1_uint1 x320; + uint32_t x321; + fiat_secp256k1_uint1 x322; + uint32_t x323; + uint32_t x324; + fiat_secp256k1_uint1 x325; + uint32_t x326; + fiat_secp256k1_uint1 x327; + uint32_t x328; + fiat_secp256k1_uint1 x329; + uint32_t x330; + fiat_secp256k1_uint1 x331; + uint32_t x332; + fiat_secp256k1_uint1 x333; + uint32_t x334; + fiat_secp256k1_uint1 x335; + uint32_t x336; + fiat_secp256k1_uint1 x337; + uint32_t x338; + fiat_secp256k1_uint1 x339; + uint32_t x340; + fiat_secp256k1_uint1 x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + uint32_t x346; + uint32_t x347; + uint32_t x348; + uint32_t x349; + uint32_t x350; + uint32_t x351; + uint32_t x352; + uint32_t x353; + uint32_t x354; + uint32_t x355; + uint32_t x356; + uint32_t x357; + uint32_t x358; + uint32_t x359; + uint32_t x360; + fiat_secp256k1_uint1 x361; + uint32_t x362; + fiat_secp256k1_uint1 x363; + uint32_t x364; + fiat_secp256k1_uint1 x365; + uint32_t x366; + fiat_secp256k1_uint1 x367; + uint32_t x368; + fiat_secp256k1_uint1 x369; + uint32_t x370; + fiat_secp256k1_uint1 x371; + uint32_t x372; + fiat_secp256k1_uint1 x373; + uint32_t x374; + uint32_t x375; + fiat_secp256k1_uint1 x376; + uint32_t x377; + fiat_secp256k1_uint1 x378; + uint32_t x379; + fiat_secp256k1_uint1 x380; + uint32_t x381; + fiat_secp256k1_uint1 x382; + uint32_t x383; + fiat_secp256k1_uint1 x384; + uint32_t x385; + fiat_secp256k1_uint1 x386; + uint32_t x387; + fiat_secp256k1_uint1 x388; + uint32_t x389; + fiat_secp256k1_uint1 x390; + uint32_t x391; + fiat_secp256k1_uint1 x392; + uint32_t x393; + uint32_t x394; + uint32_t x395; + uint32_t x396; + uint32_t x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + uint32_t x406; + uint32_t x407; + uint32_t x408; + uint32_t x409; + uint32_t x410; + fiat_secp256k1_uint1 x411; + uint32_t x412; + fiat_secp256k1_uint1 x413; + uint32_t x414; + fiat_secp256k1_uint1 x415; + uint32_t x416; + fiat_secp256k1_uint1 x417; + uint32_t x418; + fiat_secp256k1_uint1 x419; + uint32_t x420; + fiat_secp256k1_uint1 x421; + uint32_t x422; + fiat_secp256k1_uint1 x423; + uint32_t x424; + uint32_t x425; + fiat_secp256k1_uint1 x426; + uint32_t x427; + fiat_secp256k1_uint1 x428; + uint32_t x429; + fiat_secp256k1_uint1 x430; + uint32_t x431; + fiat_secp256k1_uint1 x432; + uint32_t x433; + fiat_secp256k1_uint1 x434; + uint32_t x435; + fiat_secp256k1_uint1 x436; + uint32_t x437; + fiat_secp256k1_uint1 x438; + uint32_t x439; + fiat_secp256k1_uint1 x440; + uint32_t x441; + fiat_secp256k1_uint1 x442; + uint32_t x443; + uint32_t x444; + uint32_t x445; + uint32_t x446; + uint32_t x447; + uint32_t x448; + uint32_t x449; + uint32_t x450; + uint32_t x451; + uint32_t x452; + uint32_t x453; + uint32_t x454; + uint32_t x455; + uint32_t x456; + uint32_t x457; + uint32_t x458; + uint32_t x459; + uint32_t x460; + uint32_t x461; + fiat_secp256k1_uint1 x462; + uint32_t x463; + fiat_secp256k1_uint1 x464; + uint32_t x465; + fiat_secp256k1_uint1 x466; + uint32_t x467; + fiat_secp256k1_uint1 x468; + uint32_t x469; + fiat_secp256k1_uint1 x470; + uint32_t x471; + fiat_secp256k1_uint1 x472; + uint32_t x473; + fiat_secp256k1_uint1 x474; + uint32_t x475; + uint32_t x476; + fiat_secp256k1_uint1 x477; + uint32_t x478; + fiat_secp256k1_uint1 x479; + uint32_t x480; + fiat_secp256k1_uint1 x481; + uint32_t x482; + fiat_secp256k1_uint1 x483; + uint32_t x484; + fiat_secp256k1_uint1 x485; + uint32_t x486; + fiat_secp256k1_uint1 x487; + uint32_t x488; + fiat_secp256k1_uint1 x489; + uint32_t x490; + fiat_secp256k1_uint1 x491; + uint32_t x492; + fiat_secp256k1_uint1 x493; + uint32_t x494; + uint32_t x495; + uint32_t x496; + uint32_t x497; + uint32_t x498; + uint32_t x499; + uint32_t x500; + uint32_t x501; + uint32_t x502; + uint32_t x503; + uint32_t x504; + uint32_t x505; + uint32_t x506; + uint32_t x507; + uint32_t x508; + uint32_t x509; + uint32_t x510; + uint32_t x511; + fiat_secp256k1_uint1 x512; + uint32_t x513; + fiat_secp256k1_uint1 x514; + uint32_t x515; + fiat_secp256k1_uint1 x516; + uint32_t x517; + fiat_secp256k1_uint1 x518; + uint32_t x519; + fiat_secp256k1_uint1 x520; + uint32_t x521; + fiat_secp256k1_uint1 x522; + uint32_t x523; + fiat_secp256k1_uint1 x524; + uint32_t x525; + uint32_t x526; + fiat_secp256k1_uint1 x527; + uint32_t x528; + fiat_secp256k1_uint1 x529; + uint32_t x530; + fiat_secp256k1_uint1 x531; + uint32_t x532; + fiat_secp256k1_uint1 x533; + uint32_t x534; + fiat_secp256k1_uint1 x535; + uint32_t x536; + fiat_secp256k1_uint1 x537; + uint32_t x538; + fiat_secp256k1_uint1 x539; + uint32_t x540; + fiat_secp256k1_uint1 x541; + uint32_t x542; + fiat_secp256k1_uint1 x543; + uint32_t x544; + uint32_t x545; + uint32_t x546; + uint32_t x547; + uint32_t x548; + uint32_t x549; + uint32_t x550; + uint32_t x551; + uint32_t x552; + uint32_t x553; + uint32_t x554; + uint32_t x555; + uint32_t x556; + uint32_t x557; + uint32_t x558; + uint32_t x559; + uint32_t x560; + uint32_t x561; + uint32_t x562; + fiat_secp256k1_uint1 x563; + uint32_t x564; + fiat_secp256k1_uint1 x565; + uint32_t x566; + fiat_secp256k1_uint1 x567; + uint32_t x568; + fiat_secp256k1_uint1 x569; + uint32_t x570; + fiat_secp256k1_uint1 x571; + uint32_t x572; + fiat_secp256k1_uint1 x573; + uint32_t x574; + fiat_secp256k1_uint1 x575; + uint32_t x576; + uint32_t x577; + fiat_secp256k1_uint1 x578; + uint32_t x579; + fiat_secp256k1_uint1 x580; + uint32_t x581; + fiat_secp256k1_uint1 x582; + uint32_t x583; + fiat_secp256k1_uint1 x584; + uint32_t x585; + fiat_secp256k1_uint1 x586; + uint32_t x587; + fiat_secp256k1_uint1 x588; + uint32_t x589; + fiat_secp256k1_uint1 x590; + uint32_t x591; + fiat_secp256k1_uint1 x592; + uint32_t x593; + fiat_secp256k1_uint1 x594; + uint32_t x595; + uint32_t x596; + uint32_t x597; + uint32_t x598; + uint32_t x599; + uint32_t x600; + uint32_t x601; + uint32_t x602; + uint32_t x603; + uint32_t x604; + uint32_t x605; + uint32_t x606; + uint32_t x607; + uint32_t x608; + uint32_t x609; + uint32_t x610; + uint32_t x611; + uint32_t x612; + fiat_secp256k1_uint1 x613; + uint32_t x614; + fiat_secp256k1_uint1 x615; + uint32_t x616; + fiat_secp256k1_uint1 x617; + uint32_t x618; + fiat_secp256k1_uint1 x619; + uint32_t x620; + fiat_secp256k1_uint1 x621; + uint32_t x622; + fiat_secp256k1_uint1 x623; + uint32_t x624; + fiat_secp256k1_uint1 x625; + uint32_t x626; + uint32_t x627; + fiat_secp256k1_uint1 x628; + uint32_t x629; + fiat_secp256k1_uint1 x630; + uint32_t x631; + fiat_secp256k1_uint1 x632; + uint32_t x633; + fiat_secp256k1_uint1 x634; + uint32_t x635; + fiat_secp256k1_uint1 x636; + uint32_t x637; + fiat_secp256k1_uint1 x638; + uint32_t x639; + fiat_secp256k1_uint1 x640; + uint32_t x641; + fiat_secp256k1_uint1 x642; + uint32_t x643; + fiat_secp256k1_uint1 x644; + uint32_t x645; + uint32_t x646; + uint32_t x647; + uint32_t x648; + uint32_t x649; + uint32_t x650; + uint32_t x651; + uint32_t x652; + uint32_t x653; + uint32_t x654; + uint32_t x655; + uint32_t x656; + uint32_t x657; + uint32_t x658; + uint32_t x659; + uint32_t x660; + uint32_t x661; + uint32_t x662; + uint32_t x663; + fiat_secp256k1_uint1 x664; + uint32_t x665; + fiat_secp256k1_uint1 x666; + uint32_t x667; + fiat_secp256k1_uint1 x668; + uint32_t x669; + fiat_secp256k1_uint1 x670; + uint32_t x671; + fiat_secp256k1_uint1 x672; + uint32_t x673; + fiat_secp256k1_uint1 x674; + uint32_t x675; + fiat_secp256k1_uint1 x676; + uint32_t x677; + uint32_t x678; + fiat_secp256k1_uint1 x679; + uint32_t x680; + fiat_secp256k1_uint1 x681; + uint32_t x682; + fiat_secp256k1_uint1 x683; + uint32_t x684; + fiat_secp256k1_uint1 x685; + uint32_t x686; + fiat_secp256k1_uint1 x687; + uint32_t x688; + fiat_secp256k1_uint1 x689; + uint32_t x690; + fiat_secp256k1_uint1 x691; + uint32_t x692; + fiat_secp256k1_uint1 x693; + uint32_t x694; + fiat_secp256k1_uint1 x695; + uint32_t x696; + uint32_t x697; + uint32_t x698; + uint32_t x699; + uint32_t x700; + uint32_t x701; + uint32_t x702; + uint32_t x703; + uint32_t x704; + uint32_t x705; + uint32_t x706; + uint32_t x707; + uint32_t x708; + uint32_t x709; + uint32_t x710; + uint32_t x711; + uint32_t x712; + uint32_t x713; + fiat_secp256k1_uint1 x714; + uint32_t x715; + fiat_secp256k1_uint1 x716; + uint32_t x717; + fiat_secp256k1_uint1 x718; + uint32_t x719; + fiat_secp256k1_uint1 x720; + uint32_t x721; + fiat_secp256k1_uint1 x722; + uint32_t x723; + fiat_secp256k1_uint1 x724; + uint32_t x725; + fiat_secp256k1_uint1 x726; + uint32_t x727; + uint32_t x728; + fiat_secp256k1_uint1 x729; + uint32_t x730; + fiat_secp256k1_uint1 x731; + uint32_t x732; + fiat_secp256k1_uint1 x733; + uint32_t x734; + fiat_secp256k1_uint1 x735; + uint32_t x736; + fiat_secp256k1_uint1 x737; + uint32_t x738; + fiat_secp256k1_uint1 x739; + uint32_t x740; + fiat_secp256k1_uint1 x741; + uint32_t x742; + fiat_secp256k1_uint1 x743; + uint32_t x744; + fiat_secp256k1_uint1 x745; + uint32_t x746; + uint32_t x747; + uint32_t x748; + uint32_t x749; + uint32_t x750; + uint32_t x751; + uint32_t x752; + uint32_t x753; + uint32_t x754; + uint32_t x755; + uint32_t x756; + uint32_t x757; + uint32_t x758; + uint32_t x759; + uint32_t x760; + uint32_t x761; + uint32_t x762; + uint32_t x763; + uint32_t x764; + fiat_secp256k1_uint1 x765; + uint32_t x766; + fiat_secp256k1_uint1 x767; + uint32_t x768; + fiat_secp256k1_uint1 x769; + uint32_t x770; + fiat_secp256k1_uint1 x771; + uint32_t x772; + fiat_secp256k1_uint1 x773; + uint32_t x774; + fiat_secp256k1_uint1 x775; + uint32_t x776; + fiat_secp256k1_uint1 x777; + uint32_t x778; + uint32_t x779; + fiat_secp256k1_uint1 x780; + uint32_t x781; + fiat_secp256k1_uint1 x782; + uint32_t x783; + fiat_secp256k1_uint1 x784; + uint32_t x785; + fiat_secp256k1_uint1 x786; + uint32_t x787; + fiat_secp256k1_uint1 x788; + uint32_t x789; + fiat_secp256k1_uint1 x790; + uint32_t x791; + fiat_secp256k1_uint1 x792; + uint32_t x793; + fiat_secp256k1_uint1 x794; + uint32_t x795; + fiat_secp256k1_uint1 x796; + uint32_t x797; + uint32_t x798; + fiat_secp256k1_uint1 x799; + uint32_t x800; + fiat_secp256k1_uint1 x801; + uint32_t x802; + fiat_secp256k1_uint1 x803; + uint32_t x804; + fiat_secp256k1_uint1 x805; + uint32_t x806; + fiat_secp256k1_uint1 x807; + uint32_t x808; + fiat_secp256k1_uint1 x809; + uint32_t x810; + fiat_secp256k1_uint1 x811; + uint32_t x812; + fiat_secp256k1_uint1 x813; + uint32_t x814; + fiat_secp256k1_uint1 x815; + uint32_t x816; + uint32_t x817; + uint32_t x818; + uint32_t x819; + uint32_t x820; + uint32_t x821; + uint32_t x822; + uint32_t x823; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[4]); + x5 = (arg1[5]); + x6 = (arg1[6]); + x7 = (arg1[7]); + x8 = (arg1[0]); + fiat_secp256k1_mulx_u32(&x9, &x10, x8, (arg2[7])); + fiat_secp256k1_mulx_u32(&x11, &x12, x8, (arg2[6])); + fiat_secp256k1_mulx_u32(&x13, &x14, x8, (arg2[5])); + fiat_secp256k1_mulx_u32(&x15, &x16, x8, (arg2[4])); + fiat_secp256k1_mulx_u32(&x17, &x18, x8, (arg2[3])); + fiat_secp256k1_mulx_u32(&x19, &x20, x8, (arg2[2])); + fiat_secp256k1_mulx_u32(&x21, &x22, x8, (arg2[1])); + fiat_secp256k1_mulx_u32(&x23, &x24, x8, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + fiat_secp256k1_addcarryx_u32(&x27, &x28, x26, x22, x19); + fiat_secp256k1_addcarryx_u32(&x29, &x30, x28, x20, x17); + fiat_secp256k1_addcarryx_u32(&x31, &x32, x30, x18, x15); + fiat_secp256k1_addcarryx_u32(&x33, &x34, x32, x16, x13); + fiat_secp256k1_addcarryx_u32(&x35, &x36, x34, x14, x11); + fiat_secp256k1_addcarryx_u32(&x37, &x38, x36, x12, x9); + x39 = (x38 + x10); + fiat_secp256k1_mulx_u32(&x40, &x41, x23, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x46, &x47, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x48, &x49, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x50, &x51, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x52, &x53, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x54, &x55, x40, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x56, &x57, x40, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x58, &x59, 0x0, x57, x54); + fiat_secp256k1_addcarryx_u32(&x60, &x61, x59, x55, x52); + fiat_secp256k1_addcarryx_u32(&x62, &x63, x61, x53, x50); + fiat_secp256k1_addcarryx_u32(&x64, &x65, x63, x51, x48); + fiat_secp256k1_addcarryx_u32(&x66, &x67, x65, x49, x46); + fiat_secp256k1_addcarryx_u32(&x68, &x69, x67, x47, x44); + fiat_secp256k1_addcarryx_u32(&x70, &x71, x69, x45, x42); + x72 = (x71 + x43); + fiat_secp256k1_addcarryx_u32(&x73, &x74, 0x0, x23, x56); + fiat_secp256k1_addcarryx_u32(&x75, &x76, x74, x25, x58); + fiat_secp256k1_addcarryx_u32(&x77, &x78, x76, x27, x60); + fiat_secp256k1_addcarryx_u32(&x79, &x80, x78, x29, x62); + fiat_secp256k1_addcarryx_u32(&x81, &x82, x80, x31, x64); + fiat_secp256k1_addcarryx_u32(&x83, &x84, x82, x33, x66); + fiat_secp256k1_addcarryx_u32(&x85, &x86, x84, x35, x68); + fiat_secp256k1_addcarryx_u32(&x87, &x88, x86, x37, x70); + fiat_secp256k1_addcarryx_u32(&x89, &x90, x88, x39, x72); + fiat_secp256k1_mulx_u32(&x91, &x92, x1, (arg2[7])); + fiat_secp256k1_mulx_u32(&x93, &x94, x1, (arg2[6])); + fiat_secp256k1_mulx_u32(&x95, &x96, x1, (arg2[5])); + fiat_secp256k1_mulx_u32(&x97, &x98, x1, (arg2[4])); + fiat_secp256k1_mulx_u32(&x99, &x100, x1, (arg2[3])); + fiat_secp256k1_mulx_u32(&x101, &x102, x1, (arg2[2])); + fiat_secp256k1_mulx_u32(&x103, &x104, x1, (arg2[1])); + fiat_secp256k1_mulx_u32(&x105, &x106, x1, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x107, &x108, 0x0, x106, x103); + fiat_secp256k1_addcarryx_u32(&x109, &x110, x108, x104, x101); + fiat_secp256k1_addcarryx_u32(&x111, &x112, x110, x102, x99); + fiat_secp256k1_addcarryx_u32(&x113, &x114, x112, x100, x97); + fiat_secp256k1_addcarryx_u32(&x115, &x116, x114, x98, x95); + fiat_secp256k1_addcarryx_u32(&x117, &x118, x116, x96, x93); + fiat_secp256k1_addcarryx_u32(&x119, &x120, x118, x94, x91); + x121 = (x120 + x92); + fiat_secp256k1_addcarryx_u32(&x122, &x123, 0x0, x75, x105); + fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x77, x107); + fiat_secp256k1_addcarryx_u32(&x126, &x127, x125, x79, x109); + fiat_secp256k1_addcarryx_u32(&x128, &x129, x127, x81, x111); + fiat_secp256k1_addcarryx_u32(&x130, &x131, x129, x83, x113); + fiat_secp256k1_addcarryx_u32(&x132, &x133, x131, x85, x115); + fiat_secp256k1_addcarryx_u32(&x134, &x135, x133, x87, x117); + fiat_secp256k1_addcarryx_u32(&x136, &x137, x135, x89, x119); + fiat_secp256k1_addcarryx_u32(&x138, &x139, x137, x90, x121); + fiat_secp256k1_mulx_u32(&x140, &x141, x122, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x142, &x143, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x144, &x145, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x146, &x147, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x148, &x149, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x150, &x151, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x152, &x153, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x154, &x155, x140, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x156, &x157, x140, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x158, &x159, 0x0, x157, x154); + fiat_secp256k1_addcarryx_u32(&x160, &x161, x159, x155, x152); + fiat_secp256k1_addcarryx_u32(&x162, &x163, x161, x153, x150); + fiat_secp256k1_addcarryx_u32(&x164, &x165, x163, x151, x148); + fiat_secp256k1_addcarryx_u32(&x166, &x167, x165, x149, x146); + fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x147, x144); + fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x145, x142); + x172 = (x171 + x143); + fiat_secp256k1_addcarryx_u32(&x173, &x174, 0x0, x122, x156); + fiat_secp256k1_addcarryx_u32(&x175, &x176, x174, x124, x158); + fiat_secp256k1_addcarryx_u32(&x177, &x178, x176, x126, x160); + fiat_secp256k1_addcarryx_u32(&x179, &x180, x178, x128, x162); + fiat_secp256k1_addcarryx_u32(&x181, &x182, x180, x130, x164); + fiat_secp256k1_addcarryx_u32(&x183, &x184, x182, x132, x166); + fiat_secp256k1_addcarryx_u32(&x185, &x186, x184, x134, x168); + fiat_secp256k1_addcarryx_u32(&x187, &x188, x186, x136, x170); + fiat_secp256k1_addcarryx_u32(&x189, &x190, x188, x138, x172); + x191 = ((uint32_t)x190 + x139); + fiat_secp256k1_mulx_u32(&x192, &x193, x2, (arg2[7])); + fiat_secp256k1_mulx_u32(&x194, &x195, x2, (arg2[6])); + fiat_secp256k1_mulx_u32(&x196, &x197, x2, (arg2[5])); + fiat_secp256k1_mulx_u32(&x198, &x199, x2, (arg2[4])); + fiat_secp256k1_mulx_u32(&x200, &x201, x2, (arg2[3])); + fiat_secp256k1_mulx_u32(&x202, &x203, x2, (arg2[2])); + fiat_secp256k1_mulx_u32(&x204, &x205, x2, (arg2[1])); + fiat_secp256k1_mulx_u32(&x206, &x207, x2, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x208, &x209, 0x0, x207, x204); + fiat_secp256k1_addcarryx_u32(&x210, &x211, x209, x205, x202); + fiat_secp256k1_addcarryx_u32(&x212, &x213, x211, x203, x200); + fiat_secp256k1_addcarryx_u32(&x214, &x215, x213, x201, x198); + fiat_secp256k1_addcarryx_u32(&x216, &x217, x215, x199, x196); + fiat_secp256k1_addcarryx_u32(&x218, &x219, x217, x197, x194); + fiat_secp256k1_addcarryx_u32(&x220, &x221, x219, x195, x192); + x222 = (x221 + x193); + fiat_secp256k1_addcarryx_u32(&x223, &x224, 0x0, x175, x206); + fiat_secp256k1_addcarryx_u32(&x225, &x226, x224, x177, x208); + fiat_secp256k1_addcarryx_u32(&x227, &x228, x226, x179, x210); + fiat_secp256k1_addcarryx_u32(&x229, &x230, x228, x181, x212); + fiat_secp256k1_addcarryx_u32(&x231, &x232, x230, x183, x214); + fiat_secp256k1_addcarryx_u32(&x233, &x234, x232, x185, x216); + fiat_secp256k1_addcarryx_u32(&x235, &x236, x234, x187, x218); + fiat_secp256k1_addcarryx_u32(&x237, &x238, x236, x189, x220); + fiat_secp256k1_addcarryx_u32(&x239, &x240, x238, x191, x222); + fiat_secp256k1_mulx_u32(&x241, &x242, x223, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x243, &x244, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x245, &x246, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x247, &x248, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x249, &x250, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x251, &x252, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x253, &x254, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x255, &x256, x241, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x257, &x258, x241, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x259, &x260, 0x0, x258, x255); + fiat_secp256k1_addcarryx_u32(&x261, &x262, x260, x256, x253); + fiat_secp256k1_addcarryx_u32(&x263, &x264, x262, x254, x251); + fiat_secp256k1_addcarryx_u32(&x265, &x266, x264, x252, x249); + fiat_secp256k1_addcarryx_u32(&x267, &x268, x266, x250, x247); + fiat_secp256k1_addcarryx_u32(&x269, &x270, x268, x248, x245); + fiat_secp256k1_addcarryx_u32(&x271, &x272, x270, x246, x243); + x273 = (x272 + x244); + fiat_secp256k1_addcarryx_u32(&x274, &x275, 0x0, x223, x257); + fiat_secp256k1_addcarryx_u32(&x276, &x277, x275, x225, x259); + fiat_secp256k1_addcarryx_u32(&x278, &x279, x277, x227, x261); + fiat_secp256k1_addcarryx_u32(&x280, &x281, x279, x229, x263); + fiat_secp256k1_addcarryx_u32(&x282, &x283, x281, x231, x265); + fiat_secp256k1_addcarryx_u32(&x284, &x285, x283, x233, x267); + fiat_secp256k1_addcarryx_u32(&x286, &x287, x285, x235, x269); + fiat_secp256k1_addcarryx_u32(&x288, &x289, x287, x237, x271); + fiat_secp256k1_addcarryx_u32(&x290, &x291, x289, x239, x273); + x292 = ((uint32_t)x291 + x240); + fiat_secp256k1_mulx_u32(&x293, &x294, x3, (arg2[7])); + fiat_secp256k1_mulx_u32(&x295, &x296, x3, (arg2[6])); + fiat_secp256k1_mulx_u32(&x297, &x298, x3, (arg2[5])); + fiat_secp256k1_mulx_u32(&x299, &x300, x3, (arg2[4])); + fiat_secp256k1_mulx_u32(&x301, &x302, x3, (arg2[3])); + fiat_secp256k1_mulx_u32(&x303, &x304, x3, (arg2[2])); + fiat_secp256k1_mulx_u32(&x305, &x306, x3, (arg2[1])); + fiat_secp256k1_mulx_u32(&x307, &x308, x3, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x309, &x310, 0x0, x308, x305); + fiat_secp256k1_addcarryx_u32(&x311, &x312, x310, x306, x303); + fiat_secp256k1_addcarryx_u32(&x313, &x314, x312, x304, x301); + fiat_secp256k1_addcarryx_u32(&x315, &x316, x314, x302, x299); + fiat_secp256k1_addcarryx_u32(&x317, &x318, x316, x300, x297); + fiat_secp256k1_addcarryx_u32(&x319, &x320, x318, x298, x295); + fiat_secp256k1_addcarryx_u32(&x321, &x322, x320, x296, x293); + x323 = (x322 + x294); + fiat_secp256k1_addcarryx_u32(&x324, &x325, 0x0, x276, x307); + fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x278, x309); + fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x280, x311); + fiat_secp256k1_addcarryx_u32(&x330, &x331, x329, x282, x313); + fiat_secp256k1_addcarryx_u32(&x332, &x333, x331, x284, x315); + fiat_secp256k1_addcarryx_u32(&x334, &x335, x333, x286, x317); + fiat_secp256k1_addcarryx_u32(&x336, &x337, x335, x288, x319); + fiat_secp256k1_addcarryx_u32(&x338, &x339, x337, x290, x321); + fiat_secp256k1_addcarryx_u32(&x340, &x341, x339, x292, x323); + fiat_secp256k1_mulx_u32(&x342, &x343, x324, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x344, &x345, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x346, &x347, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x348, &x349, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x350, &x351, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x352, &x353, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x354, &x355, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x356, &x357, x342, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x358, &x359, x342, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x360, &x361, 0x0, x359, x356); + fiat_secp256k1_addcarryx_u32(&x362, &x363, x361, x357, x354); + fiat_secp256k1_addcarryx_u32(&x364, &x365, x363, x355, x352); + fiat_secp256k1_addcarryx_u32(&x366, &x367, x365, x353, x350); + fiat_secp256k1_addcarryx_u32(&x368, &x369, x367, x351, x348); + fiat_secp256k1_addcarryx_u32(&x370, &x371, x369, x349, x346); + fiat_secp256k1_addcarryx_u32(&x372, &x373, x371, x347, x344); + x374 = (x373 + x345); + fiat_secp256k1_addcarryx_u32(&x375, &x376, 0x0, x324, x358); + fiat_secp256k1_addcarryx_u32(&x377, &x378, x376, x326, x360); + fiat_secp256k1_addcarryx_u32(&x379, &x380, x378, x328, x362); + fiat_secp256k1_addcarryx_u32(&x381, &x382, x380, x330, x364); + fiat_secp256k1_addcarryx_u32(&x383, &x384, x382, x332, x366); + fiat_secp256k1_addcarryx_u32(&x385, &x386, x384, x334, x368); + fiat_secp256k1_addcarryx_u32(&x387, &x388, x386, x336, x370); + fiat_secp256k1_addcarryx_u32(&x389, &x390, x388, x338, x372); + fiat_secp256k1_addcarryx_u32(&x391, &x392, x390, x340, x374); + x393 = ((uint32_t)x392 + x341); + fiat_secp256k1_mulx_u32(&x394, &x395, x4, (arg2[7])); + fiat_secp256k1_mulx_u32(&x396, &x397, x4, (arg2[6])); + fiat_secp256k1_mulx_u32(&x398, &x399, x4, (arg2[5])); + fiat_secp256k1_mulx_u32(&x400, &x401, x4, (arg2[4])); + fiat_secp256k1_mulx_u32(&x402, &x403, x4, (arg2[3])); + fiat_secp256k1_mulx_u32(&x404, &x405, x4, (arg2[2])); + fiat_secp256k1_mulx_u32(&x406, &x407, x4, (arg2[1])); + fiat_secp256k1_mulx_u32(&x408, &x409, x4, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x410, &x411, 0x0, x409, x406); + fiat_secp256k1_addcarryx_u32(&x412, &x413, x411, x407, x404); + fiat_secp256k1_addcarryx_u32(&x414, &x415, x413, x405, x402); + fiat_secp256k1_addcarryx_u32(&x416, &x417, x415, x403, x400); + fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, x401, x398); + fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, x399, x396); + fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, x397, x394); + x424 = (x423 + x395); + fiat_secp256k1_addcarryx_u32(&x425, &x426, 0x0, x377, x408); + fiat_secp256k1_addcarryx_u32(&x427, &x428, x426, x379, x410); + fiat_secp256k1_addcarryx_u32(&x429, &x430, x428, x381, x412); + fiat_secp256k1_addcarryx_u32(&x431, &x432, x430, x383, x414); + fiat_secp256k1_addcarryx_u32(&x433, &x434, x432, x385, x416); + fiat_secp256k1_addcarryx_u32(&x435, &x436, x434, x387, x418); + fiat_secp256k1_addcarryx_u32(&x437, &x438, x436, x389, x420); + fiat_secp256k1_addcarryx_u32(&x439, &x440, x438, x391, x422); + fiat_secp256k1_addcarryx_u32(&x441, &x442, x440, x393, x424); + fiat_secp256k1_mulx_u32(&x443, &x444, x425, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x445, &x446, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x447, &x448, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x449, &x450, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x451, &x452, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x453, &x454, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x455, &x456, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x457, &x458, x443, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x459, &x460, x443, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x461, &x462, 0x0, x460, x457); + fiat_secp256k1_addcarryx_u32(&x463, &x464, x462, x458, x455); + fiat_secp256k1_addcarryx_u32(&x465, &x466, x464, x456, x453); + fiat_secp256k1_addcarryx_u32(&x467, &x468, x466, x454, x451); + fiat_secp256k1_addcarryx_u32(&x469, &x470, x468, x452, x449); + fiat_secp256k1_addcarryx_u32(&x471, &x472, x470, x450, x447); + fiat_secp256k1_addcarryx_u32(&x473, &x474, x472, x448, x445); + x475 = (x474 + x446); + fiat_secp256k1_addcarryx_u32(&x476, &x477, 0x0, x425, x459); + fiat_secp256k1_addcarryx_u32(&x478, &x479, x477, x427, x461); + fiat_secp256k1_addcarryx_u32(&x480, &x481, x479, x429, x463); + fiat_secp256k1_addcarryx_u32(&x482, &x483, x481, x431, x465); + fiat_secp256k1_addcarryx_u32(&x484, &x485, x483, x433, x467); + fiat_secp256k1_addcarryx_u32(&x486, &x487, x485, x435, x469); + fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, x437, x471); + fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, x439, x473); + fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, x441, x475); + x494 = ((uint32_t)x493 + x442); + fiat_secp256k1_mulx_u32(&x495, &x496, x5, (arg2[7])); + fiat_secp256k1_mulx_u32(&x497, &x498, x5, (arg2[6])); + fiat_secp256k1_mulx_u32(&x499, &x500, x5, (arg2[5])); + fiat_secp256k1_mulx_u32(&x501, &x502, x5, (arg2[4])); + fiat_secp256k1_mulx_u32(&x503, &x504, x5, (arg2[3])); + fiat_secp256k1_mulx_u32(&x505, &x506, x5, (arg2[2])); + fiat_secp256k1_mulx_u32(&x507, &x508, x5, (arg2[1])); + fiat_secp256k1_mulx_u32(&x509, &x510, x5, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x511, &x512, 0x0, x510, x507); + fiat_secp256k1_addcarryx_u32(&x513, &x514, x512, x508, x505); + fiat_secp256k1_addcarryx_u32(&x515, &x516, x514, x506, x503); + fiat_secp256k1_addcarryx_u32(&x517, &x518, x516, x504, x501); + fiat_secp256k1_addcarryx_u32(&x519, &x520, x518, x502, x499); + fiat_secp256k1_addcarryx_u32(&x521, &x522, x520, x500, x497); + fiat_secp256k1_addcarryx_u32(&x523, &x524, x522, x498, x495); + x525 = (x524 + x496); + fiat_secp256k1_addcarryx_u32(&x526, &x527, 0x0, x478, x509); + fiat_secp256k1_addcarryx_u32(&x528, &x529, x527, x480, x511); + fiat_secp256k1_addcarryx_u32(&x530, &x531, x529, x482, x513); + fiat_secp256k1_addcarryx_u32(&x532, &x533, x531, x484, x515); + fiat_secp256k1_addcarryx_u32(&x534, &x535, x533, x486, x517); + fiat_secp256k1_addcarryx_u32(&x536, &x537, x535, x488, x519); + fiat_secp256k1_addcarryx_u32(&x538, &x539, x537, x490, x521); + fiat_secp256k1_addcarryx_u32(&x540, &x541, x539, x492, x523); + fiat_secp256k1_addcarryx_u32(&x542, &x543, x541, x494, x525); + fiat_secp256k1_mulx_u32(&x544, &x545, x526, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x546, &x547, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x548, &x549, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x550, &x551, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x552, &x553, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x554, &x555, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x556, &x557, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x558, &x559, x544, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x560, &x561, x544, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x562, &x563, 0x0, x561, x558); + fiat_secp256k1_addcarryx_u32(&x564, &x565, x563, x559, x556); + fiat_secp256k1_addcarryx_u32(&x566, &x567, x565, x557, x554); + fiat_secp256k1_addcarryx_u32(&x568, &x569, x567, x555, x552); + fiat_secp256k1_addcarryx_u32(&x570, &x571, x569, x553, x550); + fiat_secp256k1_addcarryx_u32(&x572, &x573, x571, x551, x548); + fiat_secp256k1_addcarryx_u32(&x574, &x575, x573, x549, x546); + x576 = (x575 + x547); + fiat_secp256k1_addcarryx_u32(&x577, &x578, 0x0, x526, x560); + fiat_secp256k1_addcarryx_u32(&x579, &x580, x578, x528, x562); + fiat_secp256k1_addcarryx_u32(&x581, &x582, x580, x530, x564); + fiat_secp256k1_addcarryx_u32(&x583, &x584, x582, x532, x566); + fiat_secp256k1_addcarryx_u32(&x585, &x586, x584, x534, x568); + fiat_secp256k1_addcarryx_u32(&x587, &x588, x586, x536, x570); + fiat_secp256k1_addcarryx_u32(&x589, &x590, x588, x538, x572); + fiat_secp256k1_addcarryx_u32(&x591, &x592, x590, x540, x574); + fiat_secp256k1_addcarryx_u32(&x593, &x594, x592, x542, x576); + x595 = ((uint32_t)x594 + x543); + fiat_secp256k1_mulx_u32(&x596, &x597, x6, (arg2[7])); + fiat_secp256k1_mulx_u32(&x598, &x599, x6, (arg2[6])); + fiat_secp256k1_mulx_u32(&x600, &x601, x6, (arg2[5])); + fiat_secp256k1_mulx_u32(&x602, &x603, x6, (arg2[4])); + fiat_secp256k1_mulx_u32(&x604, &x605, x6, (arg2[3])); + fiat_secp256k1_mulx_u32(&x606, &x607, x6, (arg2[2])); + fiat_secp256k1_mulx_u32(&x608, &x609, x6, (arg2[1])); + fiat_secp256k1_mulx_u32(&x610, &x611, x6, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x612, &x613, 0x0, x611, x608); + fiat_secp256k1_addcarryx_u32(&x614, &x615, x613, x609, x606); + fiat_secp256k1_addcarryx_u32(&x616, &x617, x615, x607, x604); + fiat_secp256k1_addcarryx_u32(&x618, &x619, x617, x605, x602); + fiat_secp256k1_addcarryx_u32(&x620, &x621, x619, x603, x600); + fiat_secp256k1_addcarryx_u32(&x622, &x623, x621, x601, x598); + fiat_secp256k1_addcarryx_u32(&x624, &x625, x623, x599, x596); + x626 = (x625 + x597); + fiat_secp256k1_addcarryx_u32(&x627, &x628, 0x0, x579, x610); + fiat_secp256k1_addcarryx_u32(&x629, &x630, x628, x581, x612); + fiat_secp256k1_addcarryx_u32(&x631, &x632, x630, x583, x614); + fiat_secp256k1_addcarryx_u32(&x633, &x634, x632, x585, x616); + fiat_secp256k1_addcarryx_u32(&x635, &x636, x634, x587, x618); + fiat_secp256k1_addcarryx_u32(&x637, &x638, x636, x589, x620); + fiat_secp256k1_addcarryx_u32(&x639, &x640, x638, x591, x622); + fiat_secp256k1_addcarryx_u32(&x641, &x642, x640, x593, x624); + fiat_secp256k1_addcarryx_u32(&x643, &x644, x642, x595, x626); + fiat_secp256k1_mulx_u32(&x645, &x646, x627, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x647, &x648, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x649, &x650, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x651, &x652, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x653, &x654, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x655, &x656, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x657, &x658, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x659, &x660, x645, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x661, &x662, x645, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x663, &x664, 0x0, x662, x659); + fiat_secp256k1_addcarryx_u32(&x665, &x666, x664, x660, x657); + fiat_secp256k1_addcarryx_u32(&x667, &x668, x666, x658, x655); + fiat_secp256k1_addcarryx_u32(&x669, &x670, x668, x656, x653); + fiat_secp256k1_addcarryx_u32(&x671, &x672, x670, x654, x651); + fiat_secp256k1_addcarryx_u32(&x673, &x674, x672, x652, x649); + fiat_secp256k1_addcarryx_u32(&x675, &x676, x674, x650, x647); + x677 = (x676 + x648); + fiat_secp256k1_addcarryx_u32(&x678, &x679, 0x0, x627, x661); + fiat_secp256k1_addcarryx_u32(&x680, &x681, x679, x629, x663); + fiat_secp256k1_addcarryx_u32(&x682, &x683, x681, x631, x665); + fiat_secp256k1_addcarryx_u32(&x684, &x685, x683, x633, x667); + fiat_secp256k1_addcarryx_u32(&x686, &x687, x685, x635, x669); + fiat_secp256k1_addcarryx_u32(&x688, &x689, x687, x637, x671); + fiat_secp256k1_addcarryx_u32(&x690, &x691, x689, x639, x673); + fiat_secp256k1_addcarryx_u32(&x692, &x693, x691, x641, x675); + fiat_secp256k1_addcarryx_u32(&x694, &x695, x693, x643, x677); + x696 = ((uint32_t)x695 + x644); + fiat_secp256k1_mulx_u32(&x697, &x698, x7, (arg2[7])); + fiat_secp256k1_mulx_u32(&x699, &x700, x7, (arg2[6])); + fiat_secp256k1_mulx_u32(&x701, &x702, x7, (arg2[5])); + fiat_secp256k1_mulx_u32(&x703, &x704, x7, (arg2[4])); + fiat_secp256k1_mulx_u32(&x705, &x706, x7, (arg2[3])); + fiat_secp256k1_mulx_u32(&x707, &x708, x7, (arg2[2])); + fiat_secp256k1_mulx_u32(&x709, &x710, x7, (arg2[1])); + fiat_secp256k1_mulx_u32(&x711, &x712, x7, (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x713, &x714, 0x0, x712, x709); + fiat_secp256k1_addcarryx_u32(&x715, &x716, x714, x710, x707); + fiat_secp256k1_addcarryx_u32(&x717, &x718, x716, x708, x705); + fiat_secp256k1_addcarryx_u32(&x719, &x720, x718, x706, x703); + fiat_secp256k1_addcarryx_u32(&x721, &x722, x720, x704, x701); + fiat_secp256k1_addcarryx_u32(&x723, &x724, x722, x702, x699); + fiat_secp256k1_addcarryx_u32(&x725, &x726, x724, x700, x697); + x727 = (x726 + x698); + fiat_secp256k1_addcarryx_u32(&x728, &x729, 0x0, x680, x711); + fiat_secp256k1_addcarryx_u32(&x730, &x731, x729, x682, x713); + fiat_secp256k1_addcarryx_u32(&x732, &x733, x731, x684, x715); + fiat_secp256k1_addcarryx_u32(&x734, &x735, x733, x686, x717); + fiat_secp256k1_addcarryx_u32(&x736, &x737, x735, x688, x719); + fiat_secp256k1_addcarryx_u32(&x738, &x739, x737, x690, x721); + fiat_secp256k1_addcarryx_u32(&x740, &x741, x739, x692, x723); + fiat_secp256k1_addcarryx_u32(&x742, &x743, x741, x694, x725); + fiat_secp256k1_addcarryx_u32(&x744, &x745, x743, x696, x727); + fiat_secp256k1_mulx_u32(&x746, &x747, x728, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x748, &x749, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x750, &x751, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x752, &x753, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x754, &x755, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x756, &x757, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x758, &x759, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x760, &x761, x746, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x762, &x763, x746, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x764, &x765, 0x0, x763, x760); + fiat_secp256k1_addcarryx_u32(&x766, &x767, x765, x761, x758); + fiat_secp256k1_addcarryx_u32(&x768, &x769, x767, x759, x756); + fiat_secp256k1_addcarryx_u32(&x770, &x771, x769, x757, x754); + fiat_secp256k1_addcarryx_u32(&x772, &x773, x771, x755, x752); + fiat_secp256k1_addcarryx_u32(&x774, &x775, x773, x753, x750); + fiat_secp256k1_addcarryx_u32(&x776, &x777, x775, x751, x748); + x778 = (x777 + x749); + fiat_secp256k1_addcarryx_u32(&x779, &x780, 0x0, x728, x762); + fiat_secp256k1_addcarryx_u32(&x781, &x782, x780, x730, x764); + fiat_secp256k1_addcarryx_u32(&x783, &x784, x782, x732, x766); + fiat_secp256k1_addcarryx_u32(&x785, &x786, x784, x734, x768); + fiat_secp256k1_addcarryx_u32(&x787, &x788, x786, x736, x770); + fiat_secp256k1_addcarryx_u32(&x789, &x790, x788, x738, x772); + fiat_secp256k1_addcarryx_u32(&x791, &x792, x790, x740, x774); + fiat_secp256k1_addcarryx_u32(&x793, &x794, x792, x742, x776); + fiat_secp256k1_addcarryx_u32(&x795, &x796, x794, x744, x778); + x797 = ((uint32_t)x796 + x745); + fiat_secp256k1_subborrowx_u32(&x798, &x799, 0x0, x781, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x800, &x801, x799, x783, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x802, &x803, x801, x785, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x804, &x805, x803, x787, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x806, &x807, x805, x789, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x808, &x809, x807, x791, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x810, &x811, x809, x793, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x812, &x813, x811, x795, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x814, &x815, x813, x797, 0x0); + fiat_secp256k1_cmovznz_u32(&x816, x815, x798, x781); + fiat_secp256k1_cmovznz_u32(&x817, x815, x800, x783); + fiat_secp256k1_cmovznz_u32(&x818, x815, x802, x785); + fiat_secp256k1_cmovznz_u32(&x819, x815, x804, x787); + fiat_secp256k1_cmovznz_u32(&x820, x815, x806, x789); + fiat_secp256k1_cmovznz_u32(&x821, x815, x808, x791); + fiat_secp256k1_cmovznz_u32(&x822, x815, x810, x793); + fiat_secp256k1_cmovznz_u32(&x823, x815, x812, x795); + out1[0] = x816; + out1[1] = x817; + out1[2] = x818; + out1[3] = x819; + out1[4] = x820; + out1[5] = x821; + out1[6] = x822; + out1[7] = x823; +} + +/* + * The function fiat_secp256k1_square squares a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_square(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint32_t x24; + uint32_t x25; + fiat_secp256k1_uint1 x26; + uint32_t x27; + fiat_secp256k1_uint1 x28; + uint32_t x29; + fiat_secp256k1_uint1 x30; + uint32_t x31; + fiat_secp256k1_uint1 x32; + uint32_t x33; + fiat_secp256k1_uint1 x34; + uint32_t x35; + fiat_secp256k1_uint1 x36; + uint32_t x37; + fiat_secp256k1_uint1 x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + uint32_t x57; + uint32_t x58; + fiat_secp256k1_uint1 x59; + uint32_t x60; + fiat_secp256k1_uint1 x61; + uint32_t x62; + fiat_secp256k1_uint1 x63; + uint32_t x64; + fiat_secp256k1_uint1 x65; + uint32_t x66; + fiat_secp256k1_uint1 x67; + uint32_t x68; + fiat_secp256k1_uint1 x69; + uint32_t x70; + fiat_secp256k1_uint1 x71; + uint32_t x72; + uint32_t x73; + fiat_secp256k1_uint1 x74; + uint32_t x75; + fiat_secp256k1_uint1 x76; + uint32_t x77; + fiat_secp256k1_uint1 x78; + uint32_t x79; + fiat_secp256k1_uint1 x80; + uint32_t x81; + fiat_secp256k1_uint1 x82; + uint32_t x83; + fiat_secp256k1_uint1 x84; + uint32_t x85; + fiat_secp256k1_uint1 x86; + uint32_t x87; + fiat_secp256k1_uint1 x88; + uint32_t x89; + fiat_secp256k1_uint1 x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + uint32_t x94; + uint32_t x95; + uint32_t x96; + uint32_t x97; + uint32_t x98; + uint32_t x99; + uint32_t x100; + uint32_t x101; + uint32_t x102; + uint32_t x103; + uint32_t x104; + uint32_t x105; + uint32_t x106; + uint32_t x107; + fiat_secp256k1_uint1 x108; + uint32_t x109; + fiat_secp256k1_uint1 x110; + uint32_t x111; + fiat_secp256k1_uint1 x112; + uint32_t x113; + fiat_secp256k1_uint1 x114; + uint32_t x115; + fiat_secp256k1_uint1 x116; + uint32_t x117; + fiat_secp256k1_uint1 x118; + uint32_t x119; + fiat_secp256k1_uint1 x120; + uint32_t x121; + uint32_t x122; + fiat_secp256k1_uint1 x123; + uint32_t x124; + fiat_secp256k1_uint1 x125; + uint32_t x126; + fiat_secp256k1_uint1 x127; + uint32_t x128; + fiat_secp256k1_uint1 x129; + uint32_t x130; + fiat_secp256k1_uint1 x131; + uint32_t x132; + fiat_secp256k1_uint1 x133; + uint32_t x134; + fiat_secp256k1_uint1 x135; + uint32_t x136; + fiat_secp256k1_uint1 x137; + uint32_t x138; + fiat_secp256k1_uint1 x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + uint32_t x153; + uint32_t x154; + uint32_t x155; + uint32_t x156; + uint32_t x157; + uint32_t x158; + fiat_secp256k1_uint1 x159; + uint32_t x160; + fiat_secp256k1_uint1 x161; + uint32_t x162; + fiat_secp256k1_uint1 x163; + uint32_t x164; + fiat_secp256k1_uint1 x165; + uint32_t x166; + fiat_secp256k1_uint1 x167; + uint32_t x168; + fiat_secp256k1_uint1 x169; + uint32_t x170; + fiat_secp256k1_uint1 x171; + uint32_t x172; + uint32_t x173; + fiat_secp256k1_uint1 x174; + uint32_t x175; + fiat_secp256k1_uint1 x176; + uint32_t x177; + fiat_secp256k1_uint1 x178; + uint32_t x179; + fiat_secp256k1_uint1 x180; + uint32_t x181; + fiat_secp256k1_uint1 x182; + uint32_t x183; + fiat_secp256k1_uint1 x184; + uint32_t x185; + fiat_secp256k1_uint1 x186; + uint32_t x187; + fiat_secp256k1_uint1 x188; + uint32_t x189; + fiat_secp256k1_uint1 x190; + uint32_t x191; + uint32_t x192; + uint32_t x193; + uint32_t x194; + uint32_t x195; + uint32_t x196; + uint32_t x197; + uint32_t x198; + uint32_t x199; + uint32_t x200; + uint32_t x201; + uint32_t x202; + uint32_t x203; + uint32_t x204; + uint32_t x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + fiat_secp256k1_uint1 x209; + uint32_t x210; + fiat_secp256k1_uint1 x211; + uint32_t x212; + fiat_secp256k1_uint1 x213; + uint32_t x214; + fiat_secp256k1_uint1 x215; + uint32_t x216; + fiat_secp256k1_uint1 x217; + uint32_t x218; + fiat_secp256k1_uint1 x219; + uint32_t x220; + fiat_secp256k1_uint1 x221; + uint32_t x222; + uint32_t x223; + fiat_secp256k1_uint1 x224; + uint32_t x225; + fiat_secp256k1_uint1 x226; + uint32_t x227; + fiat_secp256k1_uint1 x228; + uint32_t x229; + fiat_secp256k1_uint1 x230; + uint32_t x231; + fiat_secp256k1_uint1 x232; + uint32_t x233; + fiat_secp256k1_uint1 x234; + uint32_t x235; + fiat_secp256k1_uint1 x236; + uint32_t x237; + fiat_secp256k1_uint1 x238; + uint32_t x239; + fiat_secp256k1_uint1 x240; + uint32_t x241; + uint32_t x242; + uint32_t x243; + uint32_t x244; + uint32_t x245; + uint32_t x246; + uint32_t x247; + uint32_t x248; + uint32_t x249; + uint32_t x250; + uint32_t x251; + uint32_t x252; + uint32_t x253; + uint32_t x254; + uint32_t x255; + uint32_t x256; + uint32_t x257; + uint32_t x258; + uint32_t x259; + fiat_secp256k1_uint1 x260; + uint32_t x261; + fiat_secp256k1_uint1 x262; + uint32_t x263; + fiat_secp256k1_uint1 x264; + uint32_t x265; + fiat_secp256k1_uint1 x266; + uint32_t x267; + fiat_secp256k1_uint1 x268; + uint32_t x269; + fiat_secp256k1_uint1 x270; + uint32_t x271; + fiat_secp256k1_uint1 x272; + uint32_t x273; + uint32_t x274; + fiat_secp256k1_uint1 x275; + uint32_t x276; + fiat_secp256k1_uint1 x277; + uint32_t x278; + fiat_secp256k1_uint1 x279; + uint32_t x280; + fiat_secp256k1_uint1 x281; + uint32_t x282; + fiat_secp256k1_uint1 x283; + uint32_t x284; + fiat_secp256k1_uint1 x285; + uint32_t x286; + fiat_secp256k1_uint1 x287; + uint32_t x288; + fiat_secp256k1_uint1 x289; + uint32_t x290; + fiat_secp256k1_uint1 x291; + uint32_t x292; + uint32_t x293; + uint32_t x294; + uint32_t x295; + uint32_t x296; + uint32_t x297; + uint32_t x298; + uint32_t x299; + uint32_t x300; + uint32_t x301; + uint32_t x302; + uint32_t x303; + uint32_t x304; + uint32_t x305; + uint32_t x306; + uint32_t x307; + uint32_t x308; + uint32_t x309; + fiat_secp256k1_uint1 x310; + uint32_t x311; + fiat_secp256k1_uint1 x312; + uint32_t x313; + fiat_secp256k1_uint1 x314; + uint32_t x315; + fiat_secp256k1_uint1 x316; + uint32_t x317; + fiat_secp256k1_uint1 x318; + uint32_t x319; + fiat_secp256k1_uint1 x320; + uint32_t x321; + fiat_secp256k1_uint1 x322; + uint32_t x323; + uint32_t x324; + fiat_secp256k1_uint1 x325; + uint32_t x326; + fiat_secp256k1_uint1 x327; + uint32_t x328; + fiat_secp256k1_uint1 x329; + uint32_t x330; + fiat_secp256k1_uint1 x331; + uint32_t x332; + fiat_secp256k1_uint1 x333; + uint32_t x334; + fiat_secp256k1_uint1 x335; + uint32_t x336; + fiat_secp256k1_uint1 x337; + uint32_t x338; + fiat_secp256k1_uint1 x339; + uint32_t x340; + fiat_secp256k1_uint1 x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + uint32_t x346; + uint32_t x347; + uint32_t x348; + uint32_t x349; + uint32_t x350; + uint32_t x351; + uint32_t x352; + uint32_t x353; + uint32_t x354; + uint32_t x355; + uint32_t x356; + uint32_t x357; + uint32_t x358; + uint32_t x359; + uint32_t x360; + fiat_secp256k1_uint1 x361; + uint32_t x362; + fiat_secp256k1_uint1 x363; + uint32_t x364; + fiat_secp256k1_uint1 x365; + uint32_t x366; + fiat_secp256k1_uint1 x367; + uint32_t x368; + fiat_secp256k1_uint1 x369; + uint32_t x370; + fiat_secp256k1_uint1 x371; + uint32_t x372; + fiat_secp256k1_uint1 x373; + uint32_t x374; + uint32_t x375; + fiat_secp256k1_uint1 x376; + uint32_t x377; + fiat_secp256k1_uint1 x378; + uint32_t x379; + fiat_secp256k1_uint1 x380; + uint32_t x381; + fiat_secp256k1_uint1 x382; + uint32_t x383; + fiat_secp256k1_uint1 x384; + uint32_t x385; + fiat_secp256k1_uint1 x386; + uint32_t x387; + fiat_secp256k1_uint1 x388; + uint32_t x389; + fiat_secp256k1_uint1 x390; + uint32_t x391; + fiat_secp256k1_uint1 x392; + uint32_t x393; + uint32_t x394; + uint32_t x395; + uint32_t x396; + uint32_t x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + uint32_t x406; + uint32_t x407; + uint32_t x408; + uint32_t x409; + uint32_t x410; + fiat_secp256k1_uint1 x411; + uint32_t x412; + fiat_secp256k1_uint1 x413; + uint32_t x414; + fiat_secp256k1_uint1 x415; + uint32_t x416; + fiat_secp256k1_uint1 x417; + uint32_t x418; + fiat_secp256k1_uint1 x419; + uint32_t x420; + fiat_secp256k1_uint1 x421; + uint32_t x422; + fiat_secp256k1_uint1 x423; + uint32_t x424; + uint32_t x425; + fiat_secp256k1_uint1 x426; + uint32_t x427; + fiat_secp256k1_uint1 x428; + uint32_t x429; + fiat_secp256k1_uint1 x430; + uint32_t x431; + fiat_secp256k1_uint1 x432; + uint32_t x433; + fiat_secp256k1_uint1 x434; + uint32_t x435; + fiat_secp256k1_uint1 x436; + uint32_t x437; + fiat_secp256k1_uint1 x438; + uint32_t x439; + fiat_secp256k1_uint1 x440; + uint32_t x441; + fiat_secp256k1_uint1 x442; + uint32_t x443; + uint32_t x444; + uint32_t x445; + uint32_t x446; + uint32_t x447; + uint32_t x448; + uint32_t x449; + uint32_t x450; + uint32_t x451; + uint32_t x452; + uint32_t x453; + uint32_t x454; + uint32_t x455; + uint32_t x456; + uint32_t x457; + uint32_t x458; + uint32_t x459; + uint32_t x460; + uint32_t x461; + fiat_secp256k1_uint1 x462; + uint32_t x463; + fiat_secp256k1_uint1 x464; + uint32_t x465; + fiat_secp256k1_uint1 x466; + uint32_t x467; + fiat_secp256k1_uint1 x468; + uint32_t x469; + fiat_secp256k1_uint1 x470; + uint32_t x471; + fiat_secp256k1_uint1 x472; + uint32_t x473; + fiat_secp256k1_uint1 x474; + uint32_t x475; + uint32_t x476; + fiat_secp256k1_uint1 x477; + uint32_t x478; + fiat_secp256k1_uint1 x479; + uint32_t x480; + fiat_secp256k1_uint1 x481; + uint32_t x482; + fiat_secp256k1_uint1 x483; + uint32_t x484; + fiat_secp256k1_uint1 x485; + uint32_t x486; + fiat_secp256k1_uint1 x487; + uint32_t x488; + fiat_secp256k1_uint1 x489; + uint32_t x490; + fiat_secp256k1_uint1 x491; + uint32_t x492; + fiat_secp256k1_uint1 x493; + uint32_t x494; + uint32_t x495; + uint32_t x496; + uint32_t x497; + uint32_t x498; + uint32_t x499; + uint32_t x500; + uint32_t x501; + uint32_t x502; + uint32_t x503; + uint32_t x504; + uint32_t x505; + uint32_t x506; + uint32_t x507; + uint32_t x508; + uint32_t x509; + uint32_t x510; + uint32_t x511; + fiat_secp256k1_uint1 x512; + uint32_t x513; + fiat_secp256k1_uint1 x514; + uint32_t x515; + fiat_secp256k1_uint1 x516; + uint32_t x517; + fiat_secp256k1_uint1 x518; + uint32_t x519; + fiat_secp256k1_uint1 x520; + uint32_t x521; + fiat_secp256k1_uint1 x522; + uint32_t x523; + fiat_secp256k1_uint1 x524; + uint32_t x525; + uint32_t x526; + fiat_secp256k1_uint1 x527; + uint32_t x528; + fiat_secp256k1_uint1 x529; + uint32_t x530; + fiat_secp256k1_uint1 x531; + uint32_t x532; + fiat_secp256k1_uint1 x533; + uint32_t x534; + fiat_secp256k1_uint1 x535; + uint32_t x536; + fiat_secp256k1_uint1 x537; + uint32_t x538; + fiat_secp256k1_uint1 x539; + uint32_t x540; + fiat_secp256k1_uint1 x541; + uint32_t x542; + fiat_secp256k1_uint1 x543; + uint32_t x544; + uint32_t x545; + uint32_t x546; + uint32_t x547; + uint32_t x548; + uint32_t x549; + uint32_t x550; + uint32_t x551; + uint32_t x552; + uint32_t x553; + uint32_t x554; + uint32_t x555; + uint32_t x556; + uint32_t x557; + uint32_t x558; + uint32_t x559; + uint32_t x560; + uint32_t x561; + uint32_t x562; + fiat_secp256k1_uint1 x563; + uint32_t x564; + fiat_secp256k1_uint1 x565; + uint32_t x566; + fiat_secp256k1_uint1 x567; + uint32_t x568; + fiat_secp256k1_uint1 x569; + uint32_t x570; + fiat_secp256k1_uint1 x571; + uint32_t x572; + fiat_secp256k1_uint1 x573; + uint32_t x574; + fiat_secp256k1_uint1 x575; + uint32_t x576; + uint32_t x577; + fiat_secp256k1_uint1 x578; + uint32_t x579; + fiat_secp256k1_uint1 x580; + uint32_t x581; + fiat_secp256k1_uint1 x582; + uint32_t x583; + fiat_secp256k1_uint1 x584; + uint32_t x585; + fiat_secp256k1_uint1 x586; + uint32_t x587; + fiat_secp256k1_uint1 x588; + uint32_t x589; + fiat_secp256k1_uint1 x590; + uint32_t x591; + fiat_secp256k1_uint1 x592; + uint32_t x593; + fiat_secp256k1_uint1 x594; + uint32_t x595; + uint32_t x596; + uint32_t x597; + uint32_t x598; + uint32_t x599; + uint32_t x600; + uint32_t x601; + uint32_t x602; + uint32_t x603; + uint32_t x604; + uint32_t x605; + uint32_t x606; + uint32_t x607; + uint32_t x608; + uint32_t x609; + uint32_t x610; + uint32_t x611; + uint32_t x612; + fiat_secp256k1_uint1 x613; + uint32_t x614; + fiat_secp256k1_uint1 x615; + uint32_t x616; + fiat_secp256k1_uint1 x617; + uint32_t x618; + fiat_secp256k1_uint1 x619; + uint32_t x620; + fiat_secp256k1_uint1 x621; + uint32_t x622; + fiat_secp256k1_uint1 x623; + uint32_t x624; + fiat_secp256k1_uint1 x625; + uint32_t x626; + uint32_t x627; + fiat_secp256k1_uint1 x628; + uint32_t x629; + fiat_secp256k1_uint1 x630; + uint32_t x631; + fiat_secp256k1_uint1 x632; + uint32_t x633; + fiat_secp256k1_uint1 x634; + uint32_t x635; + fiat_secp256k1_uint1 x636; + uint32_t x637; + fiat_secp256k1_uint1 x638; + uint32_t x639; + fiat_secp256k1_uint1 x640; + uint32_t x641; + fiat_secp256k1_uint1 x642; + uint32_t x643; + fiat_secp256k1_uint1 x644; + uint32_t x645; + uint32_t x646; + uint32_t x647; + uint32_t x648; + uint32_t x649; + uint32_t x650; + uint32_t x651; + uint32_t x652; + uint32_t x653; + uint32_t x654; + uint32_t x655; + uint32_t x656; + uint32_t x657; + uint32_t x658; + uint32_t x659; + uint32_t x660; + uint32_t x661; + uint32_t x662; + uint32_t x663; + fiat_secp256k1_uint1 x664; + uint32_t x665; + fiat_secp256k1_uint1 x666; + uint32_t x667; + fiat_secp256k1_uint1 x668; + uint32_t x669; + fiat_secp256k1_uint1 x670; + uint32_t x671; + fiat_secp256k1_uint1 x672; + uint32_t x673; + fiat_secp256k1_uint1 x674; + uint32_t x675; + fiat_secp256k1_uint1 x676; + uint32_t x677; + uint32_t x678; + fiat_secp256k1_uint1 x679; + uint32_t x680; + fiat_secp256k1_uint1 x681; + uint32_t x682; + fiat_secp256k1_uint1 x683; + uint32_t x684; + fiat_secp256k1_uint1 x685; + uint32_t x686; + fiat_secp256k1_uint1 x687; + uint32_t x688; + fiat_secp256k1_uint1 x689; + uint32_t x690; + fiat_secp256k1_uint1 x691; + uint32_t x692; + fiat_secp256k1_uint1 x693; + uint32_t x694; + fiat_secp256k1_uint1 x695; + uint32_t x696; + uint32_t x697; + uint32_t x698; + uint32_t x699; + uint32_t x700; + uint32_t x701; + uint32_t x702; + uint32_t x703; + uint32_t x704; + uint32_t x705; + uint32_t x706; + uint32_t x707; + uint32_t x708; + uint32_t x709; + uint32_t x710; + uint32_t x711; + uint32_t x712; + uint32_t x713; + fiat_secp256k1_uint1 x714; + uint32_t x715; + fiat_secp256k1_uint1 x716; + uint32_t x717; + fiat_secp256k1_uint1 x718; + uint32_t x719; + fiat_secp256k1_uint1 x720; + uint32_t x721; + fiat_secp256k1_uint1 x722; + uint32_t x723; + fiat_secp256k1_uint1 x724; + uint32_t x725; + fiat_secp256k1_uint1 x726; + uint32_t x727; + uint32_t x728; + fiat_secp256k1_uint1 x729; + uint32_t x730; + fiat_secp256k1_uint1 x731; + uint32_t x732; + fiat_secp256k1_uint1 x733; + uint32_t x734; + fiat_secp256k1_uint1 x735; + uint32_t x736; + fiat_secp256k1_uint1 x737; + uint32_t x738; + fiat_secp256k1_uint1 x739; + uint32_t x740; + fiat_secp256k1_uint1 x741; + uint32_t x742; + fiat_secp256k1_uint1 x743; + uint32_t x744; + fiat_secp256k1_uint1 x745; + uint32_t x746; + uint32_t x747; + uint32_t x748; + uint32_t x749; + uint32_t x750; + uint32_t x751; + uint32_t x752; + uint32_t x753; + uint32_t x754; + uint32_t x755; + uint32_t x756; + uint32_t x757; + uint32_t x758; + uint32_t x759; + uint32_t x760; + uint32_t x761; + uint32_t x762; + uint32_t x763; + uint32_t x764; + fiat_secp256k1_uint1 x765; + uint32_t x766; + fiat_secp256k1_uint1 x767; + uint32_t x768; + fiat_secp256k1_uint1 x769; + uint32_t x770; + fiat_secp256k1_uint1 x771; + uint32_t x772; + fiat_secp256k1_uint1 x773; + uint32_t x774; + fiat_secp256k1_uint1 x775; + uint32_t x776; + fiat_secp256k1_uint1 x777; + uint32_t x778; + uint32_t x779; + fiat_secp256k1_uint1 x780; + uint32_t x781; + fiat_secp256k1_uint1 x782; + uint32_t x783; + fiat_secp256k1_uint1 x784; + uint32_t x785; + fiat_secp256k1_uint1 x786; + uint32_t x787; + fiat_secp256k1_uint1 x788; + uint32_t x789; + fiat_secp256k1_uint1 x790; + uint32_t x791; + fiat_secp256k1_uint1 x792; + uint32_t x793; + fiat_secp256k1_uint1 x794; + uint32_t x795; + fiat_secp256k1_uint1 x796; + uint32_t x797; + uint32_t x798; + fiat_secp256k1_uint1 x799; + uint32_t x800; + fiat_secp256k1_uint1 x801; + uint32_t x802; + fiat_secp256k1_uint1 x803; + uint32_t x804; + fiat_secp256k1_uint1 x805; + uint32_t x806; + fiat_secp256k1_uint1 x807; + uint32_t x808; + fiat_secp256k1_uint1 x809; + uint32_t x810; + fiat_secp256k1_uint1 x811; + uint32_t x812; + fiat_secp256k1_uint1 x813; + uint32_t x814; + fiat_secp256k1_uint1 x815; + uint32_t x816; + uint32_t x817; + uint32_t x818; + uint32_t x819; + uint32_t x820; + uint32_t x821; + uint32_t x822; + uint32_t x823; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[4]); + x5 = (arg1[5]); + x6 = (arg1[6]); + x7 = (arg1[7]); + x8 = (arg1[0]); + fiat_secp256k1_mulx_u32(&x9, &x10, x8, (arg1[7])); + fiat_secp256k1_mulx_u32(&x11, &x12, x8, (arg1[6])); + fiat_secp256k1_mulx_u32(&x13, &x14, x8, (arg1[5])); + fiat_secp256k1_mulx_u32(&x15, &x16, x8, (arg1[4])); + fiat_secp256k1_mulx_u32(&x17, &x18, x8, (arg1[3])); + fiat_secp256k1_mulx_u32(&x19, &x20, x8, (arg1[2])); + fiat_secp256k1_mulx_u32(&x21, &x22, x8, (arg1[1])); + fiat_secp256k1_mulx_u32(&x23, &x24, x8, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + fiat_secp256k1_addcarryx_u32(&x27, &x28, x26, x22, x19); + fiat_secp256k1_addcarryx_u32(&x29, &x30, x28, x20, x17); + fiat_secp256k1_addcarryx_u32(&x31, &x32, x30, x18, x15); + fiat_secp256k1_addcarryx_u32(&x33, &x34, x32, x16, x13); + fiat_secp256k1_addcarryx_u32(&x35, &x36, x34, x14, x11); + fiat_secp256k1_addcarryx_u32(&x37, &x38, x36, x12, x9); + x39 = (x38 + x10); + fiat_secp256k1_mulx_u32(&x40, &x41, x23, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x46, &x47, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x48, &x49, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x50, &x51, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x52, &x53, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x54, &x55, x40, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x56, &x57, x40, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x58, &x59, 0x0, x57, x54); + fiat_secp256k1_addcarryx_u32(&x60, &x61, x59, x55, x52); + fiat_secp256k1_addcarryx_u32(&x62, &x63, x61, x53, x50); + fiat_secp256k1_addcarryx_u32(&x64, &x65, x63, x51, x48); + fiat_secp256k1_addcarryx_u32(&x66, &x67, x65, x49, x46); + fiat_secp256k1_addcarryx_u32(&x68, &x69, x67, x47, x44); + fiat_secp256k1_addcarryx_u32(&x70, &x71, x69, x45, x42); + x72 = (x71 + x43); + fiat_secp256k1_addcarryx_u32(&x73, &x74, 0x0, x23, x56); + fiat_secp256k1_addcarryx_u32(&x75, &x76, x74, x25, x58); + fiat_secp256k1_addcarryx_u32(&x77, &x78, x76, x27, x60); + fiat_secp256k1_addcarryx_u32(&x79, &x80, x78, x29, x62); + fiat_secp256k1_addcarryx_u32(&x81, &x82, x80, x31, x64); + fiat_secp256k1_addcarryx_u32(&x83, &x84, x82, x33, x66); + fiat_secp256k1_addcarryx_u32(&x85, &x86, x84, x35, x68); + fiat_secp256k1_addcarryx_u32(&x87, &x88, x86, x37, x70); + fiat_secp256k1_addcarryx_u32(&x89, &x90, x88, x39, x72); + fiat_secp256k1_mulx_u32(&x91, &x92, x1, (arg1[7])); + fiat_secp256k1_mulx_u32(&x93, &x94, x1, (arg1[6])); + fiat_secp256k1_mulx_u32(&x95, &x96, x1, (arg1[5])); + fiat_secp256k1_mulx_u32(&x97, &x98, x1, (arg1[4])); + fiat_secp256k1_mulx_u32(&x99, &x100, x1, (arg1[3])); + fiat_secp256k1_mulx_u32(&x101, &x102, x1, (arg1[2])); + fiat_secp256k1_mulx_u32(&x103, &x104, x1, (arg1[1])); + fiat_secp256k1_mulx_u32(&x105, &x106, x1, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x107, &x108, 0x0, x106, x103); + fiat_secp256k1_addcarryx_u32(&x109, &x110, x108, x104, x101); + fiat_secp256k1_addcarryx_u32(&x111, &x112, x110, x102, x99); + fiat_secp256k1_addcarryx_u32(&x113, &x114, x112, x100, x97); + fiat_secp256k1_addcarryx_u32(&x115, &x116, x114, x98, x95); + fiat_secp256k1_addcarryx_u32(&x117, &x118, x116, x96, x93); + fiat_secp256k1_addcarryx_u32(&x119, &x120, x118, x94, x91); + x121 = (x120 + x92); + fiat_secp256k1_addcarryx_u32(&x122, &x123, 0x0, x75, x105); + fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x77, x107); + fiat_secp256k1_addcarryx_u32(&x126, &x127, x125, x79, x109); + fiat_secp256k1_addcarryx_u32(&x128, &x129, x127, x81, x111); + fiat_secp256k1_addcarryx_u32(&x130, &x131, x129, x83, x113); + fiat_secp256k1_addcarryx_u32(&x132, &x133, x131, x85, x115); + fiat_secp256k1_addcarryx_u32(&x134, &x135, x133, x87, x117); + fiat_secp256k1_addcarryx_u32(&x136, &x137, x135, x89, x119); + fiat_secp256k1_addcarryx_u32(&x138, &x139, x137, x90, x121); + fiat_secp256k1_mulx_u32(&x140, &x141, x122, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x142, &x143, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x144, &x145, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x146, &x147, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x148, &x149, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x150, &x151, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x152, &x153, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x154, &x155, x140, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x156, &x157, x140, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x158, &x159, 0x0, x157, x154); + fiat_secp256k1_addcarryx_u32(&x160, &x161, x159, x155, x152); + fiat_secp256k1_addcarryx_u32(&x162, &x163, x161, x153, x150); + fiat_secp256k1_addcarryx_u32(&x164, &x165, x163, x151, x148); + fiat_secp256k1_addcarryx_u32(&x166, &x167, x165, x149, x146); + fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x147, x144); + fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x145, x142); + x172 = (x171 + x143); + fiat_secp256k1_addcarryx_u32(&x173, &x174, 0x0, x122, x156); + fiat_secp256k1_addcarryx_u32(&x175, &x176, x174, x124, x158); + fiat_secp256k1_addcarryx_u32(&x177, &x178, x176, x126, x160); + fiat_secp256k1_addcarryx_u32(&x179, &x180, x178, x128, x162); + fiat_secp256k1_addcarryx_u32(&x181, &x182, x180, x130, x164); + fiat_secp256k1_addcarryx_u32(&x183, &x184, x182, x132, x166); + fiat_secp256k1_addcarryx_u32(&x185, &x186, x184, x134, x168); + fiat_secp256k1_addcarryx_u32(&x187, &x188, x186, x136, x170); + fiat_secp256k1_addcarryx_u32(&x189, &x190, x188, x138, x172); + x191 = ((uint32_t)x190 + x139); + fiat_secp256k1_mulx_u32(&x192, &x193, x2, (arg1[7])); + fiat_secp256k1_mulx_u32(&x194, &x195, x2, (arg1[6])); + fiat_secp256k1_mulx_u32(&x196, &x197, x2, (arg1[5])); + fiat_secp256k1_mulx_u32(&x198, &x199, x2, (arg1[4])); + fiat_secp256k1_mulx_u32(&x200, &x201, x2, (arg1[3])); + fiat_secp256k1_mulx_u32(&x202, &x203, x2, (arg1[2])); + fiat_secp256k1_mulx_u32(&x204, &x205, x2, (arg1[1])); + fiat_secp256k1_mulx_u32(&x206, &x207, x2, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x208, &x209, 0x0, x207, x204); + fiat_secp256k1_addcarryx_u32(&x210, &x211, x209, x205, x202); + fiat_secp256k1_addcarryx_u32(&x212, &x213, x211, x203, x200); + fiat_secp256k1_addcarryx_u32(&x214, &x215, x213, x201, x198); + fiat_secp256k1_addcarryx_u32(&x216, &x217, x215, x199, x196); + fiat_secp256k1_addcarryx_u32(&x218, &x219, x217, x197, x194); + fiat_secp256k1_addcarryx_u32(&x220, &x221, x219, x195, x192); + x222 = (x221 + x193); + fiat_secp256k1_addcarryx_u32(&x223, &x224, 0x0, x175, x206); + fiat_secp256k1_addcarryx_u32(&x225, &x226, x224, x177, x208); + fiat_secp256k1_addcarryx_u32(&x227, &x228, x226, x179, x210); + fiat_secp256k1_addcarryx_u32(&x229, &x230, x228, x181, x212); + fiat_secp256k1_addcarryx_u32(&x231, &x232, x230, x183, x214); + fiat_secp256k1_addcarryx_u32(&x233, &x234, x232, x185, x216); + fiat_secp256k1_addcarryx_u32(&x235, &x236, x234, x187, x218); + fiat_secp256k1_addcarryx_u32(&x237, &x238, x236, x189, x220); + fiat_secp256k1_addcarryx_u32(&x239, &x240, x238, x191, x222); + fiat_secp256k1_mulx_u32(&x241, &x242, x223, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x243, &x244, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x245, &x246, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x247, &x248, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x249, &x250, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x251, &x252, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x253, &x254, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x255, &x256, x241, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x257, &x258, x241, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x259, &x260, 0x0, x258, x255); + fiat_secp256k1_addcarryx_u32(&x261, &x262, x260, x256, x253); + fiat_secp256k1_addcarryx_u32(&x263, &x264, x262, x254, x251); + fiat_secp256k1_addcarryx_u32(&x265, &x266, x264, x252, x249); + fiat_secp256k1_addcarryx_u32(&x267, &x268, x266, x250, x247); + fiat_secp256k1_addcarryx_u32(&x269, &x270, x268, x248, x245); + fiat_secp256k1_addcarryx_u32(&x271, &x272, x270, x246, x243); + x273 = (x272 + x244); + fiat_secp256k1_addcarryx_u32(&x274, &x275, 0x0, x223, x257); + fiat_secp256k1_addcarryx_u32(&x276, &x277, x275, x225, x259); + fiat_secp256k1_addcarryx_u32(&x278, &x279, x277, x227, x261); + fiat_secp256k1_addcarryx_u32(&x280, &x281, x279, x229, x263); + fiat_secp256k1_addcarryx_u32(&x282, &x283, x281, x231, x265); + fiat_secp256k1_addcarryx_u32(&x284, &x285, x283, x233, x267); + fiat_secp256k1_addcarryx_u32(&x286, &x287, x285, x235, x269); + fiat_secp256k1_addcarryx_u32(&x288, &x289, x287, x237, x271); + fiat_secp256k1_addcarryx_u32(&x290, &x291, x289, x239, x273); + x292 = ((uint32_t)x291 + x240); + fiat_secp256k1_mulx_u32(&x293, &x294, x3, (arg1[7])); + fiat_secp256k1_mulx_u32(&x295, &x296, x3, (arg1[6])); + fiat_secp256k1_mulx_u32(&x297, &x298, x3, (arg1[5])); + fiat_secp256k1_mulx_u32(&x299, &x300, x3, (arg1[4])); + fiat_secp256k1_mulx_u32(&x301, &x302, x3, (arg1[3])); + fiat_secp256k1_mulx_u32(&x303, &x304, x3, (arg1[2])); + fiat_secp256k1_mulx_u32(&x305, &x306, x3, (arg1[1])); + fiat_secp256k1_mulx_u32(&x307, &x308, x3, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x309, &x310, 0x0, x308, x305); + fiat_secp256k1_addcarryx_u32(&x311, &x312, x310, x306, x303); + fiat_secp256k1_addcarryx_u32(&x313, &x314, x312, x304, x301); + fiat_secp256k1_addcarryx_u32(&x315, &x316, x314, x302, x299); + fiat_secp256k1_addcarryx_u32(&x317, &x318, x316, x300, x297); + fiat_secp256k1_addcarryx_u32(&x319, &x320, x318, x298, x295); + fiat_secp256k1_addcarryx_u32(&x321, &x322, x320, x296, x293); + x323 = (x322 + x294); + fiat_secp256k1_addcarryx_u32(&x324, &x325, 0x0, x276, x307); + fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x278, x309); + fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x280, x311); + fiat_secp256k1_addcarryx_u32(&x330, &x331, x329, x282, x313); + fiat_secp256k1_addcarryx_u32(&x332, &x333, x331, x284, x315); + fiat_secp256k1_addcarryx_u32(&x334, &x335, x333, x286, x317); + fiat_secp256k1_addcarryx_u32(&x336, &x337, x335, x288, x319); + fiat_secp256k1_addcarryx_u32(&x338, &x339, x337, x290, x321); + fiat_secp256k1_addcarryx_u32(&x340, &x341, x339, x292, x323); + fiat_secp256k1_mulx_u32(&x342, &x343, x324, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x344, &x345, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x346, &x347, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x348, &x349, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x350, &x351, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x352, &x353, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x354, &x355, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x356, &x357, x342, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x358, &x359, x342, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x360, &x361, 0x0, x359, x356); + fiat_secp256k1_addcarryx_u32(&x362, &x363, x361, x357, x354); + fiat_secp256k1_addcarryx_u32(&x364, &x365, x363, x355, x352); + fiat_secp256k1_addcarryx_u32(&x366, &x367, x365, x353, x350); + fiat_secp256k1_addcarryx_u32(&x368, &x369, x367, x351, x348); + fiat_secp256k1_addcarryx_u32(&x370, &x371, x369, x349, x346); + fiat_secp256k1_addcarryx_u32(&x372, &x373, x371, x347, x344); + x374 = (x373 + x345); + fiat_secp256k1_addcarryx_u32(&x375, &x376, 0x0, x324, x358); + fiat_secp256k1_addcarryx_u32(&x377, &x378, x376, x326, x360); + fiat_secp256k1_addcarryx_u32(&x379, &x380, x378, x328, x362); + fiat_secp256k1_addcarryx_u32(&x381, &x382, x380, x330, x364); + fiat_secp256k1_addcarryx_u32(&x383, &x384, x382, x332, x366); + fiat_secp256k1_addcarryx_u32(&x385, &x386, x384, x334, x368); + fiat_secp256k1_addcarryx_u32(&x387, &x388, x386, x336, x370); + fiat_secp256k1_addcarryx_u32(&x389, &x390, x388, x338, x372); + fiat_secp256k1_addcarryx_u32(&x391, &x392, x390, x340, x374); + x393 = ((uint32_t)x392 + x341); + fiat_secp256k1_mulx_u32(&x394, &x395, x4, (arg1[7])); + fiat_secp256k1_mulx_u32(&x396, &x397, x4, (arg1[6])); + fiat_secp256k1_mulx_u32(&x398, &x399, x4, (arg1[5])); + fiat_secp256k1_mulx_u32(&x400, &x401, x4, (arg1[4])); + fiat_secp256k1_mulx_u32(&x402, &x403, x4, (arg1[3])); + fiat_secp256k1_mulx_u32(&x404, &x405, x4, (arg1[2])); + fiat_secp256k1_mulx_u32(&x406, &x407, x4, (arg1[1])); + fiat_secp256k1_mulx_u32(&x408, &x409, x4, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x410, &x411, 0x0, x409, x406); + fiat_secp256k1_addcarryx_u32(&x412, &x413, x411, x407, x404); + fiat_secp256k1_addcarryx_u32(&x414, &x415, x413, x405, x402); + fiat_secp256k1_addcarryx_u32(&x416, &x417, x415, x403, x400); + fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, x401, x398); + fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, x399, x396); + fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, x397, x394); + x424 = (x423 + x395); + fiat_secp256k1_addcarryx_u32(&x425, &x426, 0x0, x377, x408); + fiat_secp256k1_addcarryx_u32(&x427, &x428, x426, x379, x410); + fiat_secp256k1_addcarryx_u32(&x429, &x430, x428, x381, x412); + fiat_secp256k1_addcarryx_u32(&x431, &x432, x430, x383, x414); + fiat_secp256k1_addcarryx_u32(&x433, &x434, x432, x385, x416); + fiat_secp256k1_addcarryx_u32(&x435, &x436, x434, x387, x418); + fiat_secp256k1_addcarryx_u32(&x437, &x438, x436, x389, x420); + fiat_secp256k1_addcarryx_u32(&x439, &x440, x438, x391, x422); + fiat_secp256k1_addcarryx_u32(&x441, &x442, x440, x393, x424); + fiat_secp256k1_mulx_u32(&x443, &x444, x425, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x445, &x446, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x447, &x448, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x449, &x450, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x451, &x452, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x453, &x454, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x455, &x456, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x457, &x458, x443, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x459, &x460, x443, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x461, &x462, 0x0, x460, x457); + fiat_secp256k1_addcarryx_u32(&x463, &x464, x462, x458, x455); + fiat_secp256k1_addcarryx_u32(&x465, &x466, x464, x456, x453); + fiat_secp256k1_addcarryx_u32(&x467, &x468, x466, x454, x451); + fiat_secp256k1_addcarryx_u32(&x469, &x470, x468, x452, x449); + fiat_secp256k1_addcarryx_u32(&x471, &x472, x470, x450, x447); + fiat_secp256k1_addcarryx_u32(&x473, &x474, x472, x448, x445); + x475 = (x474 + x446); + fiat_secp256k1_addcarryx_u32(&x476, &x477, 0x0, x425, x459); + fiat_secp256k1_addcarryx_u32(&x478, &x479, x477, x427, x461); + fiat_secp256k1_addcarryx_u32(&x480, &x481, x479, x429, x463); + fiat_secp256k1_addcarryx_u32(&x482, &x483, x481, x431, x465); + fiat_secp256k1_addcarryx_u32(&x484, &x485, x483, x433, x467); + fiat_secp256k1_addcarryx_u32(&x486, &x487, x485, x435, x469); + fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, x437, x471); + fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, x439, x473); + fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, x441, x475); + x494 = ((uint32_t)x493 + x442); + fiat_secp256k1_mulx_u32(&x495, &x496, x5, (arg1[7])); + fiat_secp256k1_mulx_u32(&x497, &x498, x5, (arg1[6])); + fiat_secp256k1_mulx_u32(&x499, &x500, x5, (arg1[5])); + fiat_secp256k1_mulx_u32(&x501, &x502, x5, (arg1[4])); + fiat_secp256k1_mulx_u32(&x503, &x504, x5, (arg1[3])); + fiat_secp256k1_mulx_u32(&x505, &x506, x5, (arg1[2])); + fiat_secp256k1_mulx_u32(&x507, &x508, x5, (arg1[1])); + fiat_secp256k1_mulx_u32(&x509, &x510, x5, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x511, &x512, 0x0, x510, x507); + fiat_secp256k1_addcarryx_u32(&x513, &x514, x512, x508, x505); + fiat_secp256k1_addcarryx_u32(&x515, &x516, x514, x506, x503); + fiat_secp256k1_addcarryx_u32(&x517, &x518, x516, x504, x501); + fiat_secp256k1_addcarryx_u32(&x519, &x520, x518, x502, x499); + fiat_secp256k1_addcarryx_u32(&x521, &x522, x520, x500, x497); + fiat_secp256k1_addcarryx_u32(&x523, &x524, x522, x498, x495); + x525 = (x524 + x496); + fiat_secp256k1_addcarryx_u32(&x526, &x527, 0x0, x478, x509); + fiat_secp256k1_addcarryx_u32(&x528, &x529, x527, x480, x511); + fiat_secp256k1_addcarryx_u32(&x530, &x531, x529, x482, x513); + fiat_secp256k1_addcarryx_u32(&x532, &x533, x531, x484, x515); + fiat_secp256k1_addcarryx_u32(&x534, &x535, x533, x486, x517); + fiat_secp256k1_addcarryx_u32(&x536, &x537, x535, x488, x519); + fiat_secp256k1_addcarryx_u32(&x538, &x539, x537, x490, x521); + fiat_secp256k1_addcarryx_u32(&x540, &x541, x539, x492, x523); + fiat_secp256k1_addcarryx_u32(&x542, &x543, x541, x494, x525); + fiat_secp256k1_mulx_u32(&x544, &x545, x526, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x546, &x547, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x548, &x549, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x550, &x551, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x552, &x553, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x554, &x555, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x556, &x557, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x558, &x559, x544, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x560, &x561, x544, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x562, &x563, 0x0, x561, x558); + fiat_secp256k1_addcarryx_u32(&x564, &x565, x563, x559, x556); + fiat_secp256k1_addcarryx_u32(&x566, &x567, x565, x557, x554); + fiat_secp256k1_addcarryx_u32(&x568, &x569, x567, x555, x552); + fiat_secp256k1_addcarryx_u32(&x570, &x571, x569, x553, x550); + fiat_secp256k1_addcarryx_u32(&x572, &x573, x571, x551, x548); + fiat_secp256k1_addcarryx_u32(&x574, &x575, x573, x549, x546); + x576 = (x575 + x547); + fiat_secp256k1_addcarryx_u32(&x577, &x578, 0x0, x526, x560); + fiat_secp256k1_addcarryx_u32(&x579, &x580, x578, x528, x562); + fiat_secp256k1_addcarryx_u32(&x581, &x582, x580, x530, x564); + fiat_secp256k1_addcarryx_u32(&x583, &x584, x582, x532, x566); + fiat_secp256k1_addcarryx_u32(&x585, &x586, x584, x534, x568); + fiat_secp256k1_addcarryx_u32(&x587, &x588, x586, x536, x570); + fiat_secp256k1_addcarryx_u32(&x589, &x590, x588, x538, x572); + fiat_secp256k1_addcarryx_u32(&x591, &x592, x590, x540, x574); + fiat_secp256k1_addcarryx_u32(&x593, &x594, x592, x542, x576); + x595 = ((uint32_t)x594 + x543); + fiat_secp256k1_mulx_u32(&x596, &x597, x6, (arg1[7])); + fiat_secp256k1_mulx_u32(&x598, &x599, x6, (arg1[6])); + fiat_secp256k1_mulx_u32(&x600, &x601, x6, (arg1[5])); + fiat_secp256k1_mulx_u32(&x602, &x603, x6, (arg1[4])); + fiat_secp256k1_mulx_u32(&x604, &x605, x6, (arg1[3])); + fiat_secp256k1_mulx_u32(&x606, &x607, x6, (arg1[2])); + fiat_secp256k1_mulx_u32(&x608, &x609, x6, (arg1[1])); + fiat_secp256k1_mulx_u32(&x610, &x611, x6, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x612, &x613, 0x0, x611, x608); + fiat_secp256k1_addcarryx_u32(&x614, &x615, x613, x609, x606); + fiat_secp256k1_addcarryx_u32(&x616, &x617, x615, x607, x604); + fiat_secp256k1_addcarryx_u32(&x618, &x619, x617, x605, x602); + fiat_secp256k1_addcarryx_u32(&x620, &x621, x619, x603, x600); + fiat_secp256k1_addcarryx_u32(&x622, &x623, x621, x601, x598); + fiat_secp256k1_addcarryx_u32(&x624, &x625, x623, x599, x596); + x626 = (x625 + x597); + fiat_secp256k1_addcarryx_u32(&x627, &x628, 0x0, x579, x610); + fiat_secp256k1_addcarryx_u32(&x629, &x630, x628, x581, x612); + fiat_secp256k1_addcarryx_u32(&x631, &x632, x630, x583, x614); + fiat_secp256k1_addcarryx_u32(&x633, &x634, x632, x585, x616); + fiat_secp256k1_addcarryx_u32(&x635, &x636, x634, x587, x618); + fiat_secp256k1_addcarryx_u32(&x637, &x638, x636, x589, x620); + fiat_secp256k1_addcarryx_u32(&x639, &x640, x638, x591, x622); + fiat_secp256k1_addcarryx_u32(&x641, &x642, x640, x593, x624); + fiat_secp256k1_addcarryx_u32(&x643, &x644, x642, x595, x626); + fiat_secp256k1_mulx_u32(&x645, &x646, x627, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x647, &x648, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x649, &x650, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x651, &x652, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x653, &x654, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x655, &x656, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x657, &x658, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x659, &x660, x645, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x661, &x662, x645, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x663, &x664, 0x0, x662, x659); + fiat_secp256k1_addcarryx_u32(&x665, &x666, x664, x660, x657); + fiat_secp256k1_addcarryx_u32(&x667, &x668, x666, x658, x655); + fiat_secp256k1_addcarryx_u32(&x669, &x670, x668, x656, x653); + fiat_secp256k1_addcarryx_u32(&x671, &x672, x670, x654, x651); + fiat_secp256k1_addcarryx_u32(&x673, &x674, x672, x652, x649); + fiat_secp256k1_addcarryx_u32(&x675, &x676, x674, x650, x647); + x677 = (x676 + x648); + fiat_secp256k1_addcarryx_u32(&x678, &x679, 0x0, x627, x661); + fiat_secp256k1_addcarryx_u32(&x680, &x681, x679, x629, x663); + fiat_secp256k1_addcarryx_u32(&x682, &x683, x681, x631, x665); + fiat_secp256k1_addcarryx_u32(&x684, &x685, x683, x633, x667); + fiat_secp256k1_addcarryx_u32(&x686, &x687, x685, x635, x669); + fiat_secp256k1_addcarryx_u32(&x688, &x689, x687, x637, x671); + fiat_secp256k1_addcarryx_u32(&x690, &x691, x689, x639, x673); + fiat_secp256k1_addcarryx_u32(&x692, &x693, x691, x641, x675); + fiat_secp256k1_addcarryx_u32(&x694, &x695, x693, x643, x677); + x696 = ((uint32_t)x695 + x644); + fiat_secp256k1_mulx_u32(&x697, &x698, x7, (arg1[7])); + fiat_secp256k1_mulx_u32(&x699, &x700, x7, (arg1[6])); + fiat_secp256k1_mulx_u32(&x701, &x702, x7, (arg1[5])); + fiat_secp256k1_mulx_u32(&x703, &x704, x7, (arg1[4])); + fiat_secp256k1_mulx_u32(&x705, &x706, x7, (arg1[3])); + fiat_secp256k1_mulx_u32(&x707, &x708, x7, (arg1[2])); + fiat_secp256k1_mulx_u32(&x709, &x710, x7, (arg1[1])); + fiat_secp256k1_mulx_u32(&x711, &x712, x7, (arg1[0])); + fiat_secp256k1_addcarryx_u32(&x713, &x714, 0x0, x712, x709); + fiat_secp256k1_addcarryx_u32(&x715, &x716, x714, x710, x707); + fiat_secp256k1_addcarryx_u32(&x717, &x718, x716, x708, x705); + fiat_secp256k1_addcarryx_u32(&x719, &x720, x718, x706, x703); + fiat_secp256k1_addcarryx_u32(&x721, &x722, x720, x704, x701); + fiat_secp256k1_addcarryx_u32(&x723, &x724, x722, x702, x699); + fiat_secp256k1_addcarryx_u32(&x725, &x726, x724, x700, x697); + x727 = (x726 + x698); + fiat_secp256k1_addcarryx_u32(&x728, &x729, 0x0, x680, x711); + fiat_secp256k1_addcarryx_u32(&x730, &x731, x729, x682, x713); + fiat_secp256k1_addcarryx_u32(&x732, &x733, x731, x684, x715); + fiat_secp256k1_addcarryx_u32(&x734, &x735, x733, x686, x717); + fiat_secp256k1_addcarryx_u32(&x736, &x737, x735, x688, x719); + fiat_secp256k1_addcarryx_u32(&x738, &x739, x737, x690, x721); + fiat_secp256k1_addcarryx_u32(&x740, &x741, x739, x692, x723); + fiat_secp256k1_addcarryx_u32(&x742, &x743, x741, x694, x725); + fiat_secp256k1_addcarryx_u32(&x744, &x745, x743, x696, x727); + fiat_secp256k1_mulx_u32(&x746, &x747, x728, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x748, &x749, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x750, &x751, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x752, &x753, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x754, &x755, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x756, &x757, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x758, &x759, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x760, &x761, x746, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x762, &x763, x746, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x764, &x765, 0x0, x763, x760); + fiat_secp256k1_addcarryx_u32(&x766, &x767, x765, x761, x758); + fiat_secp256k1_addcarryx_u32(&x768, &x769, x767, x759, x756); + fiat_secp256k1_addcarryx_u32(&x770, &x771, x769, x757, x754); + fiat_secp256k1_addcarryx_u32(&x772, &x773, x771, x755, x752); + fiat_secp256k1_addcarryx_u32(&x774, &x775, x773, x753, x750); + fiat_secp256k1_addcarryx_u32(&x776, &x777, x775, x751, x748); + x778 = (x777 + x749); + fiat_secp256k1_addcarryx_u32(&x779, &x780, 0x0, x728, x762); + fiat_secp256k1_addcarryx_u32(&x781, &x782, x780, x730, x764); + fiat_secp256k1_addcarryx_u32(&x783, &x784, x782, x732, x766); + fiat_secp256k1_addcarryx_u32(&x785, &x786, x784, x734, x768); + fiat_secp256k1_addcarryx_u32(&x787, &x788, x786, x736, x770); + fiat_secp256k1_addcarryx_u32(&x789, &x790, x788, x738, x772); + fiat_secp256k1_addcarryx_u32(&x791, &x792, x790, x740, x774); + fiat_secp256k1_addcarryx_u32(&x793, &x794, x792, x742, x776); + fiat_secp256k1_addcarryx_u32(&x795, &x796, x794, x744, x778); + x797 = ((uint32_t)x796 + x745); + fiat_secp256k1_subborrowx_u32(&x798, &x799, 0x0, x781, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x800, &x801, x799, x783, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x802, &x803, x801, x785, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x804, &x805, x803, x787, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x806, &x807, x805, x789, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x808, &x809, x807, x791, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x810, &x811, x809, x793, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x812, &x813, x811, x795, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x814, &x815, x813, x797, 0x0); + fiat_secp256k1_cmovznz_u32(&x816, x815, x798, x781); + fiat_secp256k1_cmovznz_u32(&x817, x815, x800, x783); + fiat_secp256k1_cmovznz_u32(&x818, x815, x802, x785); + fiat_secp256k1_cmovznz_u32(&x819, x815, x804, x787); + fiat_secp256k1_cmovznz_u32(&x820, x815, x806, x789); + fiat_secp256k1_cmovznz_u32(&x821, x815, x808, x791); + fiat_secp256k1_cmovznz_u32(&x822, x815, x810, x793); + fiat_secp256k1_cmovznz_u32(&x823, x815, x812, x795); + out1[0] = x816; + out1[1] = x817; + out1[2] = x818; + out1[3] = x819; + out1[4] = x820; + out1[5] = x821; + out1[6] = x822; + out1[7] = x823; +} + +/* + * The function fiat_secp256k1_add adds two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_add(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1, const fiat_secp256k1_montgomery_domain_field_element arg2) { + uint32_t x1; + fiat_secp256k1_uint1 x2; + uint32_t x3; + fiat_secp256k1_uint1 x4; + uint32_t x5; + fiat_secp256k1_uint1 x6; + uint32_t x7; + fiat_secp256k1_uint1 x8; + uint32_t x9; + fiat_secp256k1_uint1 x10; + uint32_t x11; + fiat_secp256k1_uint1 x12; + uint32_t x13; + fiat_secp256k1_uint1 x14; + uint32_t x15; + fiat_secp256k1_uint1 x16; + uint32_t x17; + fiat_secp256k1_uint1 x18; + uint32_t x19; + fiat_secp256k1_uint1 x20; + uint32_t x21; + fiat_secp256k1_uint1 x22; + uint32_t x23; + fiat_secp256k1_uint1 x24; + uint32_t x25; + fiat_secp256k1_uint1 x26; + uint32_t x27; + fiat_secp256k1_uint1 x28; + uint32_t x29; + fiat_secp256k1_uint1 x30; + uint32_t x31; + fiat_secp256k1_uint1 x32; + uint32_t x33; + fiat_secp256k1_uint1 x34; + uint32_t x35; + uint32_t x36; + uint32_t x37; + uint32_t x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + fiat_secp256k1_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + fiat_secp256k1_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + fiat_secp256k1_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_secp256k1_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_secp256k1_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x19, &x20, x18, x3, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x21, &x22, x20, x5, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x23, &x24, x22, x7, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x25, &x26, x24, x9, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x27, &x28, x26, x11, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x29, &x30, x28, x13, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x31, &x32, x30, x15, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x33, &x34, x32, x16, 0x0); + fiat_secp256k1_cmovznz_u32(&x35, x34, x17, x1); + fiat_secp256k1_cmovznz_u32(&x36, x34, x19, x3); + fiat_secp256k1_cmovznz_u32(&x37, x34, x21, x5); + fiat_secp256k1_cmovznz_u32(&x38, x34, x23, x7); + fiat_secp256k1_cmovznz_u32(&x39, x34, x25, x9); + fiat_secp256k1_cmovznz_u32(&x40, x34, x27, x11); + fiat_secp256k1_cmovznz_u32(&x41, x34, x29, x13); + fiat_secp256k1_cmovznz_u32(&x42, x34, x31, x15); + out1[0] = x35; + out1[1] = x36; + out1[2] = x37; + out1[3] = x38; + out1[4] = x39; + out1[5] = x40; + out1[6] = x41; + out1[7] = x42; +} + +/* + * The function fiat_secp256k1_sub subtracts two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_sub(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1, const fiat_secp256k1_montgomery_domain_field_element arg2) { + uint32_t x1; + fiat_secp256k1_uint1 x2; + uint32_t x3; + fiat_secp256k1_uint1 x4; + uint32_t x5; + fiat_secp256k1_uint1 x6; + uint32_t x7; + fiat_secp256k1_uint1 x8; + uint32_t x9; + fiat_secp256k1_uint1 x10; + uint32_t x11; + fiat_secp256k1_uint1 x12; + uint32_t x13; + fiat_secp256k1_uint1 x14; + uint32_t x15; + fiat_secp256k1_uint1 x16; + uint32_t x17; + uint32_t x18; + fiat_secp256k1_uint1 x19; + uint32_t x20; + fiat_secp256k1_uint1 x21; + uint32_t x22; + fiat_secp256k1_uint1 x23; + uint32_t x24; + fiat_secp256k1_uint1 x25; + uint32_t x26; + fiat_secp256k1_uint1 x27; + uint32_t x28; + fiat_secp256k1_uint1 x29; + uint32_t x30; + fiat_secp256k1_uint1 x31; + uint32_t x32; + fiat_secp256k1_uint1 x33; + fiat_secp256k1_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + fiat_secp256k1_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + fiat_secp256k1_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_secp256k1_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_secp256k1_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + fiat_secp256k1_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xfffffc2f))); + fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xfffffffe))); + fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, x5, x17); + fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, x7, x17); + fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, x9, x17); + fiat_secp256k1_addcarryx_u32(&x28, &x29, x27, x11, x17); + fiat_secp256k1_addcarryx_u32(&x30, &x31, x29, x13, x17); + fiat_secp256k1_addcarryx_u32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * The function fiat_secp256k1_opp negates a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_opp(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1) { + uint32_t x1; + fiat_secp256k1_uint1 x2; + uint32_t x3; + fiat_secp256k1_uint1 x4; + uint32_t x5; + fiat_secp256k1_uint1 x6; + uint32_t x7; + fiat_secp256k1_uint1 x8; + uint32_t x9; + fiat_secp256k1_uint1 x10; + uint32_t x11; + fiat_secp256k1_uint1 x12; + uint32_t x13; + fiat_secp256k1_uint1 x14; + uint32_t x15; + fiat_secp256k1_uint1 x16; + uint32_t x17; + uint32_t x18; + fiat_secp256k1_uint1 x19; + uint32_t x20; + fiat_secp256k1_uint1 x21; + uint32_t x22; + fiat_secp256k1_uint1 x23; + uint32_t x24; + fiat_secp256k1_uint1 x25; + uint32_t x26; + fiat_secp256k1_uint1 x27; + uint32_t x28; + fiat_secp256k1_uint1 x29; + uint32_t x30; + fiat_secp256k1_uint1 x31; + uint32_t x32; + fiat_secp256k1_uint1 x33; + fiat_secp256k1_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); + fiat_secp256k1_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); + fiat_secp256k1_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); + fiat_secp256k1_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_secp256k1_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); + fiat_secp256k1_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); + fiat_secp256k1_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); + fiat_secp256k1_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); + fiat_secp256k1_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + fiat_secp256k1_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xfffffc2f))); + fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xfffffffe))); + fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, x5, x17); + fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, x7, x17); + fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, x9, x17); + fiat_secp256k1_addcarryx_u32(&x28, &x29, x27, x11, x17); + fiat_secp256k1_addcarryx_u32(&x30, &x31, x29, x13, x17); + fiat_secp256k1_addcarryx_u32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * The function fiat_secp256k1_from_montgomery translates a field element out of the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_from_montgomery(fiat_secp256k1_non_montgomery_domain_field_element out1, const fiat_secp256k1_montgomery_domain_field_element arg1) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + fiat_secp256k1_uint1 x21; + uint32_t x22; + fiat_secp256k1_uint1 x23; + uint32_t x24; + fiat_secp256k1_uint1 x25; + uint32_t x26; + fiat_secp256k1_uint1 x27; + uint32_t x28; + fiat_secp256k1_uint1 x29; + uint32_t x30; + fiat_secp256k1_uint1 x31; + uint32_t x32; + fiat_secp256k1_uint1 x33; + uint32_t x34; + fiat_secp256k1_uint1 x35; + uint32_t x36; + fiat_secp256k1_uint1 x37; + uint32_t x38; + fiat_secp256k1_uint1 x39; + uint32_t x40; + fiat_secp256k1_uint1 x41; + uint32_t x42; + fiat_secp256k1_uint1 x43; + uint32_t x44; + fiat_secp256k1_uint1 x45; + uint32_t x46; + fiat_secp256k1_uint1 x47; + uint32_t x48; + fiat_secp256k1_uint1 x49; + uint32_t x50; + fiat_secp256k1_uint1 x51; + uint32_t x52; + fiat_secp256k1_uint1 x53; + uint32_t x54; + fiat_secp256k1_uint1 x55; + uint32_t x56; + fiat_secp256k1_uint1 x57; + uint32_t x58; + fiat_secp256k1_uint1 x59; + uint32_t x60; + fiat_secp256k1_uint1 x61; + uint32_t x62; + fiat_secp256k1_uint1 x63; + uint32_t x64; + fiat_secp256k1_uint1 x65; + uint32_t x66; + fiat_secp256k1_uint1 x67; + uint32_t x68; + uint32_t x69; + uint32_t x70; + uint32_t x71; + uint32_t x72; + uint32_t x73; + uint32_t x74; + uint32_t x75; + uint32_t x76; + uint32_t x77; + uint32_t x78; + uint32_t x79; + uint32_t x80; + uint32_t x81; + uint32_t x82; + uint32_t x83; + uint32_t x84; + uint32_t x85; + uint32_t x86; + fiat_secp256k1_uint1 x87; + uint32_t x88; + fiat_secp256k1_uint1 x89; + uint32_t x90; + fiat_secp256k1_uint1 x91; + uint32_t x92; + fiat_secp256k1_uint1 x93; + uint32_t x94; + fiat_secp256k1_uint1 x95; + uint32_t x96; + fiat_secp256k1_uint1 x97; + uint32_t x98; + fiat_secp256k1_uint1 x99; + uint32_t x100; + fiat_secp256k1_uint1 x101; + uint32_t x102; + fiat_secp256k1_uint1 x103; + uint32_t x104; + fiat_secp256k1_uint1 x105; + uint32_t x106; + fiat_secp256k1_uint1 x107; + uint32_t x108; + fiat_secp256k1_uint1 x109; + uint32_t x110; + fiat_secp256k1_uint1 x111; + uint32_t x112; + fiat_secp256k1_uint1 x113; + uint32_t x114; + fiat_secp256k1_uint1 x115; + uint32_t x116; + fiat_secp256k1_uint1 x117; + uint32_t x118; + fiat_secp256k1_uint1 x119; + uint32_t x120; + fiat_secp256k1_uint1 x121; + uint32_t x122; + fiat_secp256k1_uint1 x123; + uint32_t x124; + fiat_secp256k1_uint1 x125; + uint32_t x126; + fiat_secp256k1_uint1 x127; + uint32_t x128; + fiat_secp256k1_uint1 x129; + uint32_t x130; + fiat_secp256k1_uint1 x131; + uint32_t x132; + fiat_secp256k1_uint1 x133; + uint32_t x134; + uint32_t x135; + uint32_t x136; + uint32_t x137; + uint32_t x138; + uint32_t x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + fiat_secp256k1_uint1 x153; + uint32_t x154; + fiat_secp256k1_uint1 x155; + uint32_t x156; + fiat_secp256k1_uint1 x157; + uint32_t x158; + fiat_secp256k1_uint1 x159; + uint32_t x160; + fiat_secp256k1_uint1 x161; + uint32_t x162; + fiat_secp256k1_uint1 x163; + uint32_t x164; + fiat_secp256k1_uint1 x165; + uint32_t x166; + fiat_secp256k1_uint1 x167; + uint32_t x168; + fiat_secp256k1_uint1 x169; + uint32_t x170; + fiat_secp256k1_uint1 x171; + uint32_t x172; + fiat_secp256k1_uint1 x173; + uint32_t x174; + fiat_secp256k1_uint1 x175; + uint32_t x176; + fiat_secp256k1_uint1 x177; + uint32_t x178; + fiat_secp256k1_uint1 x179; + uint32_t x180; + fiat_secp256k1_uint1 x181; + uint32_t x182; + fiat_secp256k1_uint1 x183; + uint32_t x184; + fiat_secp256k1_uint1 x185; + uint32_t x186; + fiat_secp256k1_uint1 x187; + uint32_t x188; + fiat_secp256k1_uint1 x189; + uint32_t x190; + fiat_secp256k1_uint1 x191; + uint32_t x192; + fiat_secp256k1_uint1 x193; + uint32_t x194; + fiat_secp256k1_uint1 x195; + uint32_t x196; + fiat_secp256k1_uint1 x197; + uint32_t x198; + fiat_secp256k1_uint1 x199; + uint32_t x200; + uint32_t x201; + uint32_t x202; + uint32_t x203; + uint32_t x204; + uint32_t x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + uint32_t x209; + uint32_t x210; + uint32_t x211; + uint32_t x212; + uint32_t x213; + uint32_t x214; + uint32_t x215; + uint32_t x216; + uint32_t x217; + uint32_t x218; + fiat_secp256k1_uint1 x219; + uint32_t x220; + fiat_secp256k1_uint1 x221; + uint32_t x222; + fiat_secp256k1_uint1 x223; + uint32_t x224; + fiat_secp256k1_uint1 x225; + uint32_t x226; + fiat_secp256k1_uint1 x227; + uint32_t x228; + fiat_secp256k1_uint1 x229; + uint32_t x230; + fiat_secp256k1_uint1 x231; + uint32_t x232; + fiat_secp256k1_uint1 x233; + uint32_t x234; + fiat_secp256k1_uint1 x235; + uint32_t x236; + fiat_secp256k1_uint1 x237; + uint32_t x238; + fiat_secp256k1_uint1 x239; + uint32_t x240; + fiat_secp256k1_uint1 x241; + uint32_t x242; + fiat_secp256k1_uint1 x243; + uint32_t x244; + fiat_secp256k1_uint1 x245; + uint32_t x246; + fiat_secp256k1_uint1 x247; + uint32_t x248; + fiat_secp256k1_uint1 x249; + uint32_t x250; + fiat_secp256k1_uint1 x251; + uint32_t x252; + fiat_secp256k1_uint1 x253; + uint32_t x254; + fiat_secp256k1_uint1 x255; + uint32_t x256; + fiat_secp256k1_uint1 x257; + uint32_t x258; + fiat_secp256k1_uint1 x259; + uint32_t x260; + fiat_secp256k1_uint1 x261; + uint32_t x262; + fiat_secp256k1_uint1 x263; + uint32_t x264; + fiat_secp256k1_uint1 x265; + uint32_t x266; + uint32_t x267; + uint32_t x268; + uint32_t x269; + uint32_t x270; + uint32_t x271; + uint32_t x272; + uint32_t x273; + uint32_t x274; + uint32_t x275; + uint32_t x276; + uint32_t x277; + uint32_t x278; + uint32_t x279; + uint32_t x280; + uint32_t x281; + uint32_t x282; + uint32_t x283; + uint32_t x284; + fiat_secp256k1_uint1 x285; + uint32_t x286; + fiat_secp256k1_uint1 x287; + uint32_t x288; + fiat_secp256k1_uint1 x289; + uint32_t x290; + fiat_secp256k1_uint1 x291; + uint32_t x292; + fiat_secp256k1_uint1 x293; + uint32_t x294; + fiat_secp256k1_uint1 x295; + uint32_t x296; + fiat_secp256k1_uint1 x297; + uint32_t x298; + fiat_secp256k1_uint1 x299; + uint32_t x300; + fiat_secp256k1_uint1 x301; + uint32_t x302; + fiat_secp256k1_uint1 x303; + uint32_t x304; + fiat_secp256k1_uint1 x305; + uint32_t x306; + fiat_secp256k1_uint1 x307; + uint32_t x308; + fiat_secp256k1_uint1 x309; + uint32_t x310; + fiat_secp256k1_uint1 x311; + uint32_t x312; + fiat_secp256k1_uint1 x313; + uint32_t x314; + fiat_secp256k1_uint1 x315; + uint32_t x316; + fiat_secp256k1_uint1 x317; + uint32_t x318; + fiat_secp256k1_uint1 x319; + uint32_t x320; + fiat_secp256k1_uint1 x321; + uint32_t x322; + fiat_secp256k1_uint1 x323; + uint32_t x324; + fiat_secp256k1_uint1 x325; + uint32_t x326; + fiat_secp256k1_uint1 x327; + uint32_t x328; + fiat_secp256k1_uint1 x329; + uint32_t x330; + fiat_secp256k1_uint1 x331; + uint32_t x332; + uint32_t x333; + uint32_t x334; + uint32_t x335; + uint32_t x336; + uint32_t x337; + uint32_t x338; + uint32_t x339; + uint32_t x340; + uint32_t x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + uint32_t x346; + uint32_t x347; + uint32_t x348; + uint32_t x349; + uint32_t x350; + fiat_secp256k1_uint1 x351; + uint32_t x352; + fiat_secp256k1_uint1 x353; + uint32_t x354; + fiat_secp256k1_uint1 x355; + uint32_t x356; + fiat_secp256k1_uint1 x357; + uint32_t x358; + fiat_secp256k1_uint1 x359; + uint32_t x360; + fiat_secp256k1_uint1 x361; + uint32_t x362; + fiat_secp256k1_uint1 x363; + uint32_t x364; + fiat_secp256k1_uint1 x365; + uint32_t x366; + fiat_secp256k1_uint1 x367; + uint32_t x368; + fiat_secp256k1_uint1 x369; + uint32_t x370; + fiat_secp256k1_uint1 x371; + uint32_t x372; + fiat_secp256k1_uint1 x373; + uint32_t x374; + fiat_secp256k1_uint1 x375; + uint32_t x376; + fiat_secp256k1_uint1 x377; + uint32_t x378; + fiat_secp256k1_uint1 x379; + uint32_t x380; + fiat_secp256k1_uint1 x381; + uint32_t x382; + fiat_secp256k1_uint1 x383; + uint32_t x384; + fiat_secp256k1_uint1 x385; + uint32_t x386; + fiat_secp256k1_uint1 x387; + uint32_t x388; + fiat_secp256k1_uint1 x389; + uint32_t x390; + fiat_secp256k1_uint1 x391; + uint32_t x392; + fiat_secp256k1_uint1 x393; + uint32_t x394; + fiat_secp256k1_uint1 x395; + uint32_t x396; + fiat_secp256k1_uint1 x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + uint32_t x406; + uint32_t x407; + uint32_t x408; + uint32_t x409; + uint32_t x410; + uint32_t x411; + uint32_t x412; + uint32_t x413; + uint32_t x414; + uint32_t x415; + uint32_t x416; + fiat_secp256k1_uint1 x417; + uint32_t x418; + fiat_secp256k1_uint1 x419; + uint32_t x420; + fiat_secp256k1_uint1 x421; + uint32_t x422; + fiat_secp256k1_uint1 x423; + uint32_t x424; + fiat_secp256k1_uint1 x425; + uint32_t x426; + fiat_secp256k1_uint1 x427; + uint32_t x428; + fiat_secp256k1_uint1 x429; + uint32_t x430; + fiat_secp256k1_uint1 x431; + uint32_t x432; + fiat_secp256k1_uint1 x433; + uint32_t x434; + fiat_secp256k1_uint1 x435; + uint32_t x436; + fiat_secp256k1_uint1 x437; + uint32_t x438; + fiat_secp256k1_uint1 x439; + uint32_t x440; + fiat_secp256k1_uint1 x441; + uint32_t x442; + fiat_secp256k1_uint1 x443; + uint32_t x444; + fiat_secp256k1_uint1 x445; + uint32_t x446; + fiat_secp256k1_uint1 x447; + uint32_t x448; + fiat_secp256k1_uint1 x449; + uint32_t x450; + fiat_secp256k1_uint1 x451; + uint32_t x452; + fiat_secp256k1_uint1 x453; + uint32_t x454; + fiat_secp256k1_uint1 x455; + uint32_t x456; + fiat_secp256k1_uint1 x457; + uint32_t x458; + fiat_secp256k1_uint1 x459; + uint32_t x460; + fiat_secp256k1_uint1 x461; + uint32_t x462; + fiat_secp256k1_uint1 x463; + uint32_t x464; + uint32_t x465; + uint32_t x466; + uint32_t x467; + uint32_t x468; + uint32_t x469; + uint32_t x470; + uint32_t x471; + uint32_t x472; + uint32_t x473; + uint32_t x474; + uint32_t x475; + uint32_t x476; + uint32_t x477; + uint32_t x478; + uint32_t x479; + uint32_t x480; + uint32_t x481; + uint32_t x482; + fiat_secp256k1_uint1 x483; + uint32_t x484; + fiat_secp256k1_uint1 x485; + uint32_t x486; + fiat_secp256k1_uint1 x487; + uint32_t x488; + fiat_secp256k1_uint1 x489; + uint32_t x490; + fiat_secp256k1_uint1 x491; + uint32_t x492; + fiat_secp256k1_uint1 x493; + uint32_t x494; + fiat_secp256k1_uint1 x495; + uint32_t x496; + fiat_secp256k1_uint1 x497; + uint32_t x498; + fiat_secp256k1_uint1 x499; + uint32_t x500; + fiat_secp256k1_uint1 x501; + uint32_t x502; + fiat_secp256k1_uint1 x503; + uint32_t x504; + fiat_secp256k1_uint1 x505; + uint32_t x506; + fiat_secp256k1_uint1 x507; + uint32_t x508; + fiat_secp256k1_uint1 x509; + uint32_t x510; + fiat_secp256k1_uint1 x511; + uint32_t x512; + fiat_secp256k1_uint1 x513; + uint32_t x514; + fiat_secp256k1_uint1 x515; + uint32_t x516; + fiat_secp256k1_uint1 x517; + uint32_t x518; + fiat_secp256k1_uint1 x519; + uint32_t x520; + fiat_secp256k1_uint1 x521; + uint32_t x522; + fiat_secp256k1_uint1 x523; + uint32_t x524; + fiat_secp256k1_uint1 x525; + uint32_t x526; + fiat_secp256k1_uint1 x527; + uint32_t x528; + fiat_secp256k1_uint1 x529; + uint32_t x530; + fiat_secp256k1_uint1 x531; + uint32_t x532; + uint32_t x533; + uint32_t x534; + uint32_t x535; + uint32_t x536; + uint32_t x537; + uint32_t x538; + uint32_t x539; + x1 = (arg1[0]); + fiat_secp256k1_mulx_u32(&x2, &x3, x1, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x4, &x5, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x6, &x7, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x8, &x9, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x10, &x11, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x12, &x13, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x14, &x15, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x16, &x17, x2, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x18, &x19, x2, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x20, &x21, 0x0, x19, x16); + fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, x17, x14); + fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, x15, x12); + fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, x13, x10); + fiat_secp256k1_addcarryx_u32(&x28, &x29, x27, x11, x8); + fiat_secp256k1_addcarryx_u32(&x30, &x31, x29, x9, x6); + fiat_secp256k1_addcarryx_u32(&x32, &x33, x31, x7, x4); + fiat_secp256k1_addcarryx_u32(&x34, &x35, 0x0, x1, x18); + fiat_secp256k1_addcarryx_u32(&x36, &x37, x35, 0x0, x20); + fiat_secp256k1_addcarryx_u32(&x38, &x39, x37, 0x0, x22); + fiat_secp256k1_addcarryx_u32(&x40, &x41, x39, 0x0, x24); + fiat_secp256k1_addcarryx_u32(&x42, &x43, x41, 0x0, x26); + fiat_secp256k1_addcarryx_u32(&x44, &x45, x43, 0x0, x28); + fiat_secp256k1_addcarryx_u32(&x46, &x47, x45, 0x0, x30); + fiat_secp256k1_addcarryx_u32(&x48, &x49, x47, 0x0, x32); + fiat_secp256k1_addcarryx_u32(&x50, &x51, x49, 0x0, (x33 + x5)); + fiat_secp256k1_addcarryx_u32(&x52, &x53, 0x0, x36, (arg1[1])); + fiat_secp256k1_addcarryx_u32(&x54, &x55, x53, x38, 0x0); + fiat_secp256k1_addcarryx_u32(&x56, &x57, x55, x40, 0x0); + fiat_secp256k1_addcarryx_u32(&x58, &x59, x57, x42, 0x0); + fiat_secp256k1_addcarryx_u32(&x60, &x61, x59, x44, 0x0); + fiat_secp256k1_addcarryx_u32(&x62, &x63, x61, x46, 0x0); + fiat_secp256k1_addcarryx_u32(&x64, &x65, x63, x48, 0x0); + fiat_secp256k1_addcarryx_u32(&x66, &x67, x65, x50, 0x0); + fiat_secp256k1_mulx_u32(&x68, &x69, x52, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x70, &x71, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x72, &x73, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x74, &x75, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x76, &x77, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x78, &x79, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x80, &x81, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x82, &x83, x68, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x84, &x85, x68, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x86, &x87, 0x0, x85, x82); + fiat_secp256k1_addcarryx_u32(&x88, &x89, x87, x83, x80); + fiat_secp256k1_addcarryx_u32(&x90, &x91, x89, x81, x78); + fiat_secp256k1_addcarryx_u32(&x92, &x93, x91, x79, x76); + fiat_secp256k1_addcarryx_u32(&x94, &x95, x93, x77, x74); + fiat_secp256k1_addcarryx_u32(&x96, &x97, x95, x75, x72); + fiat_secp256k1_addcarryx_u32(&x98, &x99, x97, x73, x70); + fiat_secp256k1_addcarryx_u32(&x100, &x101, 0x0, x52, x84); + fiat_secp256k1_addcarryx_u32(&x102, &x103, x101, x54, x86); + fiat_secp256k1_addcarryx_u32(&x104, &x105, x103, x56, x88); + fiat_secp256k1_addcarryx_u32(&x106, &x107, x105, x58, x90); + fiat_secp256k1_addcarryx_u32(&x108, &x109, x107, x60, x92); + fiat_secp256k1_addcarryx_u32(&x110, &x111, x109, x62, x94); + fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x64, x96); + fiat_secp256k1_addcarryx_u32(&x114, &x115, x113, x66, x98); + fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, ((uint32_t)x67 + x51), (x99 + x71)); + fiat_secp256k1_addcarryx_u32(&x118, &x119, 0x0, x102, (arg1[2])); + fiat_secp256k1_addcarryx_u32(&x120, &x121, x119, x104, 0x0); + fiat_secp256k1_addcarryx_u32(&x122, &x123, x121, x106, 0x0); + fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x108, 0x0); + fiat_secp256k1_addcarryx_u32(&x126, &x127, x125, x110, 0x0); + fiat_secp256k1_addcarryx_u32(&x128, &x129, x127, x112, 0x0); + fiat_secp256k1_addcarryx_u32(&x130, &x131, x129, x114, 0x0); + fiat_secp256k1_addcarryx_u32(&x132, &x133, x131, x116, 0x0); + fiat_secp256k1_mulx_u32(&x134, &x135, x118, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x136, &x137, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x138, &x139, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x140, &x141, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x142, &x143, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x144, &x145, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x146, &x147, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x148, &x149, x134, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x150, &x151, x134, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x152, &x153, 0x0, x151, x148); + fiat_secp256k1_addcarryx_u32(&x154, &x155, x153, x149, x146); + fiat_secp256k1_addcarryx_u32(&x156, &x157, x155, x147, x144); + fiat_secp256k1_addcarryx_u32(&x158, &x159, x157, x145, x142); + fiat_secp256k1_addcarryx_u32(&x160, &x161, x159, x143, x140); + fiat_secp256k1_addcarryx_u32(&x162, &x163, x161, x141, x138); + fiat_secp256k1_addcarryx_u32(&x164, &x165, x163, x139, x136); + fiat_secp256k1_addcarryx_u32(&x166, &x167, 0x0, x118, x150); + fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x120, x152); + fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x122, x154); + fiat_secp256k1_addcarryx_u32(&x172, &x173, x171, x124, x156); + fiat_secp256k1_addcarryx_u32(&x174, &x175, x173, x126, x158); + fiat_secp256k1_addcarryx_u32(&x176, &x177, x175, x128, x160); + fiat_secp256k1_addcarryx_u32(&x178, &x179, x177, x130, x162); + fiat_secp256k1_addcarryx_u32(&x180, &x181, x179, x132, x164); + fiat_secp256k1_addcarryx_u32(&x182, &x183, x181, ((uint32_t)x133 + x117), (x165 + x137)); + fiat_secp256k1_addcarryx_u32(&x184, &x185, 0x0, x168, (arg1[3])); + fiat_secp256k1_addcarryx_u32(&x186, &x187, x185, x170, 0x0); + fiat_secp256k1_addcarryx_u32(&x188, &x189, x187, x172, 0x0); + fiat_secp256k1_addcarryx_u32(&x190, &x191, x189, x174, 0x0); + fiat_secp256k1_addcarryx_u32(&x192, &x193, x191, x176, 0x0); + fiat_secp256k1_addcarryx_u32(&x194, &x195, x193, x178, 0x0); + fiat_secp256k1_addcarryx_u32(&x196, &x197, x195, x180, 0x0); + fiat_secp256k1_addcarryx_u32(&x198, &x199, x197, x182, 0x0); + fiat_secp256k1_mulx_u32(&x200, &x201, x184, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x202, &x203, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x204, &x205, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x206, &x207, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x208, &x209, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x210, &x211, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x212, &x213, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x214, &x215, x200, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x216, &x217, x200, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x218, &x219, 0x0, x217, x214); + fiat_secp256k1_addcarryx_u32(&x220, &x221, x219, x215, x212); + fiat_secp256k1_addcarryx_u32(&x222, &x223, x221, x213, x210); + fiat_secp256k1_addcarryx_u32(&x224, &x225, x223, x211, x208); + fiat_secp256k1_addcarryx_u32(&x226, &x227, x225, x209, x206); + fiat_secp256k1_addcarryx_u32(&x228, &x229, x227, x207, x204); + fiat_secp256k1_addcarryx_u32(&x230, &x231, x229, x205, x202); + fiat_secp256k1_addcarryx_u32(&x232, &x233, 0x0, x184, x216); + fiat_secp256k1_addcarryx_u32(&x234, &x235, x233, x186, x218); + fiat_secp256k1_addcarryx_u32(&x236, &x237, x235, x188, x220); + fiat_secp256k1_addcarryx_u32(&x238, &x239, x237, x190, x222); + fiat_secp256k1_addcarryx_u32(&x240, &x241, x239, x192, x224); + fiat_secp256k1_addcarryx_u32(&x242, &x243, x241, x194, x226); + fiat_secp256k1_addcarryx_u32(&x244, &x245, x243, x196, x228); + fiat_secp256k1_addcarryx_u32(&x246, &x247, x245, x198, x230); + fiat_secp256k1_addcarryx_u32(&x248, &x249, x247, ((uint32_t)x199 + x183), (x231 + x203)); + fiat_secp256k1_addcarryx_u32(&x250, &x251, 0x0, x234, (arg1[4])); + fiat_secp256k1_addcarryx_u32(&x252, &x253, x251, x236, 0x0); + fiat_secp256k1_addcarryx_u32(&x254, &x255, x253, x238, 0x0); + fiat_secp256k1_addcarryx_u32(&x256, &x257, x255, x240, 0x0); + fiat_secp256k1_addcarryx_u32(&x258, &x259, x257, x242, 0x0); + fiat_secp256k1_addcarryx_u32(&x260, &x261, x259, x244, 0x0); + fiat_secp256k1_addcarryx_u32(&x262, &x263, x261, x246, 0x0); + fiat_secp256k1_addcarryx_u32(&x264, &x265, x263, x248, 0x0); + fiat_secp256k1_mulx_u32(&x266, &x267, x250, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x268, &x269, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x270, &x271, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x272, &x273, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x274, &x275, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x276, &x277, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x278, &x279, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x280, &x281, x266, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x282, &x283, x266, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x284, &x285, 0x0, x283, x280); + fiat_secp256k1_addcarryx_u32(&x286, &x287, x285, x281, x278); + fiat_secp256k1_addcarryx_u32(&x288, &x289, x287, x279, x276); + fiat_secp256k1_addcarryx_u32(&x290, &x291, x289, x277, x274); + fiat_secp256k1_addcarryx_u32(&x292, &x293, x291, x275, x272); + fiat_secp256k1_addcarryx_u32(&x294, &x295, x293, x273, x270); + fiat_secp256k1_addcarryx_u32(&x296, &x297, x295, x271, x268); + fiat_secp256k1_addcarryx_u32(&x298, &x299, 0x0, x250, x282); + fiat_secp256k1_addcarryx_u32(&x300, &x301, x299, x252, x284); + fiat_secp256k1_addcarryx_u32(&x302, &x303, x301, x254, x286); + fiat_secp256k1_addcarryx_u32(&x304, &x305, x303, x256, x288); + fiat_secp256k1_addcarryx_u32(&x306, &x307, x305, x258, x290); + fiat_secp256k1_addcarryx_u32(&x308, &x309, x307, x260, x292); + fiat_secp256k1_addcarryx_u32(&x310, &x311, x309, x262, x294); + fiat_secp256k1_addcarryx_u32(&x312, &x313, x311, x264, x296); + fiat_secp256k1_addcarryx_u32(&x314, &x315, x313, ((uint32_t)x265 + x249), (x297 + x269)); + fiat_secp256k1_addcarryx_u32(&x316, &x317, 0x0, x300, (arg1[5])); + fiat_secp256k1_addcarryx_u32(&x318, &x319, x317, x302, 0x0); + fiat_secp256k1_addcarryx_u32(&x320, &x321, x319, x304, 0x0); + fiat_secp256k1_addcarryx_u32(&x322, &x323, x321, x306, 0x0); + fiat_secp256k1_addcarryx_u32(&x324, &x325, x323, x308, 0x0); + fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x310, 0x0); + fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x312, 0x0); + fiat_secp256k1_addcarryx_u32(&x330, &x331, x329, x314, 0x0); + fiat_secp256k1_mulx_u32(&x332, &x333, x316, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x334, &x335, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x336, &x337, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x338, &x339, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x340, &x341, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x342, &x343, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x344, &x345, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x346, &x347, x332, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x348, &x349, x332, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x350, &x351, 0x0, x349, x346); + fiat_secp256k1_addcarryx_u32(&x352, &x353, x351, x347, x344); + fiat_secp256k1_addcarryx_u32(&x354, &x355, x353, x345, x342); + fiat_secp256k1_addcarryx_u32(&x356, &x357, x355, x343, x340); + fiat_secp256k1_addcarryx_u32(&x358, &x359, x357, x341, x338); + fiat_secp256k1_addcarryx_u32(&x360, &x361, x359, x339, x336); + fiat_secp256k1_addcarryx_u32(&x362, &x363, x361, x337, x334); + fiat_secp256k1_addcarryx_u32(&x364, &x365, 0x0, x316, x348); + fiat_secp256k1_addcarryx_u32(&x366, &x367, x365, x318, x350); + fiat_secp256k1_addcarryx_u32(&x368, &x369, x367, x320, x352); + fiat_secp256k1_addcarryx_u32(&x370, &x371, x369, x322, x354); + fiat_secp256k1_addcarryx_u32(&x372, &x373, x371, x324, x356); + fiat_secp256k1_addcarryx_u32(&x374, &x375, x373, x326, x358); + fiat_secp256k1_addcarryx_u32(&x376, &x377, x375, x328, x360); + fiat_secp256k1_addcarryx_u32(&x378, &x379, x377, x330, x362); + fiat_secp256k1_addcarryx_u32(&x380, &x381, x379, ((uint32_t)x331 + x315), (x363 + x335)); + fiat_secp256k1_addcarryx_u32(&x382, &x383, 0x0, x366, (arg1[6])); + fiat_secp256k1_addcarryx_u32(&x384, &x385, x383, x368, 0x0); + fiat_secp256k1_addcarryx_u32(&x386, &x387, x385, x370, 0x0); + fiat_secp256k1_addcarryx_u32(&x388, &x389, x387, x372, 0x0); + fiat_secp256k1_addcarryx_u32(&x390, &x391, x389, x374, 0x0); + fiat_secp256k1_addcarryx_u32(&x392, &x393, x391, x376, 0x0); + fiat_secp256k1_addcarryx_u32(&x394, &x395, x393, x378, 0x0); + fiat_secp256k1_addcarryx_u32(&x396, &x397, x395, x380, 0x0); + fiat_secp256k1_mulx_u32(&x398, &x399, x382, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x400, &x401, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x402, &x403, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x404, &x405, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x406, &x407, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x408, &x409, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x410, &x411, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x412, &x413, x398, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x414, &x415, x398, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x416, &x417, 0x0, x415, x412); + fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, x413, x410); + fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, x411, x408); + fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, x409, x406); + fiat_secp256k1_addcarryx_u32(&x424, &x425, x423, x407, x404); + fiat_secp256k1_addcarryx_u32(&x426, &x427, x425, x405, x402); + fiat_secp256k1_addcarryx_u32(&x428, &x429, x427, x403, x400); + fiat_secp256k1_addcarryx_u32(&x430, &x431, 0x0, x382, x414); + fiat_secp256k1_addcarryx_u32(&x432, &x433, x431, x384, x416); + fiat_secp256k1_addcarryx_u32(&x434, &x435, x433, x386, x418); + fiat_secp256k1_addcarryx_u32(&x436, &x437, x435, x388, x420); + fiat_secp256k1_addcarryx_u32(&x438, &x439, x437, x390, x422); + fiat_secp256k1_addcarryx_u32(&x440, &x441, x439, x392, x424); + fiat_secp256k1_addcarryx_u32(&x442, &x443, x441, x394, x426); + fiat_secp256k1_addcarryx_u32(&x444, &x445, x443, x396, x428); + fiat_secp256k1_addcarryx_u32(&x446, &x447, x445, ((uint32_t)x397 + x381), (x429 + x401)); + fiat_secp256k1_addcarryx_u32(&x448, &x449, 0x0, x432, (arg1[7])); + fiat_secp256k1_addcarryx_u32(&x450, &x451, x449, x434, 0x0); + fiat_secp256k1_addcarryx_u32(&x452, &x453, x451, x436, 0x0); + fiat_secp256k1_addcarryx_u32(&x454, &x455, x453, x438, 0x0); + fiat_secp256k1_addcarryx_u32(&x456, &x457, x455, x440, 0x0); + fiat_secp256k1_addcarryx_u32(&x458, &x459, x457, x442, 0x0); + fiat_secp256k1_addcarryx_u32(&x460, &x461, x459, x444, 0x0); + fiat_secp256k1_addcarryx_u32(&x462, &x463, x461, x446, 0x0); + fiat_secp256k1_mulx_u32(&x464, &x465, x448, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x466, &x467, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x468, &x469, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x470, &x471, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x472, &x473, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x474, &x475, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x476, &x477, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x478, &x479, x464, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x480, &x481, x464, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x482, &x483, 0x0, x481, x478); + fiat_secp256k1_addcarryx_u32(&x484, &x485, x483, x479, x476); + fiat_secp256k1_addcarryx_u32(&x486, &x487, x485, x477, x474); + fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, x475, x472); + fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, x473, x470); + fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, x471, x468); + fiat_secp256k1_addcarryx_u32(&x494, &x495, x493, x469, x466); + fiat_secp256k1_addcarryx_u32(&x496, &x497, 0x0, x448, x480); + fiat_secp256k1_addcarryx_u32(&x498, &x499, x497, x450, x482); + fiat_secp256k1_addcarryx_u32(&x500, &x501, x499, x452, x484); + fiat_secp256k1_addcarryx_u32(&x502, &x503, x501, x454, x486); + fiat_secp256k1_addcarryx_u32(&x504, &x505, x503, x456, x488); + fiat_secp256k1_addcarryx_u32(&x506, &x507, x505, x458, x490); + fiat_secp256k1_addcarryx_u32(&x508, &x509, x507, x460, x492); + fiat_secp256k1_addcarryx_u32(&x510, &x511, x509, x462, x494); + fiat_secp256k1_addcarryx_u32(&x512, &x513, x511, ((uint32_t)x463 + x447), (x495 + x467)); + fiat_secp256k1_subborrowx_u32(&x514, &x515, 0x0, x498, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x516, &x517, x515, x500, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x518, &x519, x517, x502, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x520, &x521, x519, x504, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x522, &x523, x521, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x524, &x525, x523, x508, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x526, &x527, x525, x510, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x528, &x529, x527, x512, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x530, &x531, x529, x513, 0x0); + fiat_secp256k1_cmovznz_u32(&x532, x531, x514, x498); + fiat_secp256k1_cmovznz_u32(&x533, x531, x516, x500); + fiat_secp256k1_cmovznz_u32(&x534, x531, x518, x502); + fiat_secp256k1_cmovznz_u32(&x535, x531, x520, x504); + fiat_secp256k1_cmovznz_u32(&x536, x531, x522, x506); + fiat_secp256k1_cmovznz_u32(&x537, x531, x524, x508); + fiat_secp256k1_cmovznz_u32(&x538, x531, x526, x510); + fiat_secp256k1_cmovznz_u32(&x539, x531, x528, x512); + out1[0] = x532; + out1[1] = x533; + out1[2] = x534; + out1[3] = x535; + out1[4] = x536; + out1[5] = x537; + out1[6] = x538; + out1[7] = x539; +} + +/* + * The function fiat_secp256k1_to_montgomery translates a field element into the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = eval arg1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_to_montgomery(fiat_secp256k1_montgomery_domain_field_element out1, const fiat_secp256k1_non_montgomery_domain_field_element arg1) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + fiat_secp256k1_uint1 x14; + uint32_t x15; + fiat_secp256k1_uint1 x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint32_t x24; + uint32_t x25; + uint32_t x26; + uint32_t x27; + uint32_t x28; + uint32_t x29; + uint32_t x30; + uint32_t x31; + uint32_t x32; + uint32_t x33; + uint32_t x34; + uint32_t x35; + fiat_secp256k1_uint1 x36; + uint32_t x37; + fiat_secp256k1_uint1 x38; + uint32_t x39; + fiat_secp256k1_uint1 x40; + uint32_t x41; + fiat_secp256k1_uint1 x42; + uint32_t x43; + fiat_secp256k1_uint1 x44; + uint32_t x45; + fiat_secp256k1_uint1 x46; + uint32_t x47; + fiat_secp256k1_uint1 x48; + uint32_t x49; + fiat_secp256k1_uint1 x50; + uint32_t x51; + fiat_secp256k1_uint1 x52; + uint32_t x53; + fiat_secp256k1_uint1 x54; + uint32_t x55; + fiat_secp256k1_uint1 x56; + uint32_t x57; + fiat_secp256k1_uint1 x58; + uint32_t x59; + fiat_secp256k1_uint1 x60; + uint32_t x61; + fiat_secp256k1_uint1 x62; + uint32_t x63; + fiat_secp256k1_uint1 x64; + uint32_t x65; + fiat_secp256k1_uint1 x66; + uint32_t x67; + uint32_t x68; + uint32_t x69; + uint32_t x70; + uint32_t x71; + fiat_secp256k1_uint1 x72; + uint32_t x73; + fiat_secp256k1_uint1 x74; + uint32_t x75; + fiat_secp256k1_uint1 x76; + uint32_t x77; + fiat_secp256k1_uint1 x78; + uint32_t x79; + fiat_secp256k1_uint1 x80; + uint32_t x81; + fiat_secp256k1_uint1 x82; + uint32_t x83; + fiat_secp256k1_uint1 x84; + uint32_t x85; + fiat_secp256k1_uint1 x86; + uint32_t x87; + fiat_secp256k1_uint1 x88; + uint32_t x89; + fiat_secp256k1_uint1 x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + uint32_t x94; + uint32_t x95; + uint32_t x96; + uint32_t x97; + uint32_t x98; + uint32_t x99; + uint32_t x100; + uint32_t x101; + uint32_t x102; + uint32_t x103; + uint32_t x104; + uint32_t x105; + uint32_t x106; + uint32_t x107; + uint32_t x108; + uint32_t x109; + fiat_secp256k1_uint1 x110; + uint32_t x111; + fiat_secp256k1_uint1 x112; + uint32_t x113; + fiat_secp256k1_uint1 x114; + uint32_t x115; + fiat_secp256k1_uint1 x116; + uint32_t x117; + fiat_secp256k1_uint1 x118; + uint32_t x119; + fiat_secp256k1_uint1 x120; + uint32_t x121; + fiat_secp256k1_uint1 x122; + uint32_t x123; + fiat_secp256k1_uint1 x124; + uint32_t x125; + fiat_secp256k1_uint1 x126; + uint32_t x127; + fiat_secp256k1_uint1 x128; + uint32_t x129; + fiat_secp256k1_uint1 x130; + uint32_t x131; + fiat_secp256k1_uint1 x132; + uint32_t x133; + fiat_secp256k1_uint1 x134; + uint32_t x135; + fiat_secp256k1_uint1 x136; + uint32_t x137; + fiat_secp256k1_uint1 x138; + uint32_t x139; + fiat_secp256k1_uint1 x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + fiat_secp256k1_uint1 x146; + uint32_t x147; + fiat_secp256k1_uint1 x148; + uint32_t x149; + fiat_secp256k1_uint1 x150; + uint32_t x151; + fiat_secp256k1_uint1 x152; + uint32_t x153; + fiat_secp256k1_uint1 x154; + uint32_t x155; + fiat_secp256k1_uint1 x156; + uint32_t x157; + fiat_secp256k1_uint1 x158; + uint32_t x159; + fiat_secp256k1_uint1 x160; + uint32_t x161; + fiat_secp256k1_uint1 x162; + uint32_t x163; + fiat_secp256k1_uint1 x164; + uint32_t x165; + uint32_t x166; + uint32_t x167; + uint32_t x168; + uint32_t x169; + uint32_t x170; + uint32_t x171; + uint32_t x172; + uint32_t x173; + uint32_t x174; + uint32_t x175; + uint32_t x176; + uint32_t x177; + uint32_t x178; + uint32_t x179; + uint32_t x180; + uint32_t x181; + uint32_t x182; + uint32_t x183; + fiat_secp256k1_uint1 x184; + uint32_t x185; + fiat_secp256k1_uint1 x186; + uint32_t x187; + fiat_secp256k1_uint1 x188; + uint32_t x189; + fiat_secp256k1_uint1 x190; + uint32_t x191; + fiat_secp256k1_uint1 x192; + uint32_t x193; + fiat_secp256k1_uint1 x194; + uint32_t x195; + fiat_secp256k1_uint1 x196; + uint32_t x197; + fiat_secp256k1_uint1 x198; + uint32_t x199; + fiat_secp256k1_uint1 x200; + uint32_t x201; + fiat_secp256k1_uint1 x202; + uint32_t x203; + fiat_secp256k1_uint1 x204; + uint32_t x205; + fiat_secp256k1_uint1 x206; + uint32_t x207; + fiat_secp256k1_uint1 x208; + uint32_t x209; + fiat_secp256k1_uint1 x210; + uint32_t x211; + fiat_secp256k1_uint1 x212; + uint32_t x213; + fiat_secp256k1_uint1 x214; + uint32_t x215; + uint32_t x216; + uint32_t x217; + uint32_t x218; + uint32_t x219; + fiat_secp256k1_uint1 x220; + uint32_t x221; + fiat_secp256k1_uint1 x222; + uint32_t x223; + fiat_secp256k1_uint1 x224; + uint32_t x225; + fiat_secp256k1_uint1 x226; + uint32_t x227; + fiat_secp256k1_uint1 x228; + uint32_t x229; + fiat_secp256k1_uint1 x230; + uint32_t x231; + fiat_secp256k1_uint1 x232; + uint32_t x233; + fiat_secp256k1_uint1 x234; + uint32_t x235; + fiat_secp256k1_uint1 x236; + uint32_t x237; + fiat_secp256k1_uint1 x238; + uint32_t x239; + uint32_t x240; + uint32_t x241; + uint32_t x242; + uint32_t x243; + uint32_t x244; + uint32_t x245; + uint32_t x246; + uint32_t x247; + uint32_t x248; + uint32_t x249; + uint32_t x250; + uint32_t x251; + uint32_t x252; + uint32_t x253; + uint32_t x254; + uint32_t x255; + uint32_t x256; + uint32_t x257; + fiat_secp256k1_uint1 x258; + uint32_t x259; + fiat_secp256k1_uint1 x260; + uint32_t x261; + fiat_secp256k1_uint1 x262; + uint32_t x263; + fiat_secp256k1_uint1 x264; + uint32_t x265; + fiat_secp256k1_uint1 x266; + uint32_t x267; + fiat_secp256k1_uint1 x268; + uint32_t x269; + fiat_secp256k1_uint1 x270; + uint32_t x271; + fiat_secp256k1_uint1 x272; + uint32_t x273; + fiat_secp256k1_uint1 x274; + uint32_t x275; + fiat_secp256k1_uint1 x276; + uint32_t x277; + fiat_secp256k1_uint1 x278; + uint32_t x279; + fiat_secp256k1_uint1 x280; + uint32_t x281; + fiat_secp256k1_uint1 x282; + uint32_t x283; + fiat_secp256k1_uint1 x284; + uint32_t x285; + fiat_secp256k1_uint1 x286; + uint32_t x287; + fiat_secp256k1_uint1 x288; + uint32_t x289; + uint32_t x290; + uint32_t x291; + uint32_t x292; + uint32_t x293; + fiat_secp256k1_uint1 x294; + uint32_t x295; + fiat_secp256k1_uint1 x296; + uint32_t x297; + fiat_secp256k1_uint1 x298; + uint32_t x299; + fiat_secp256k1_uint1 x300; + uint32_t x301; + fiat_secp256k1_uint1 x302; + uint32_t x303; + fiat_secp256k1_uint1 x304; + uint32_t x305; + fiat_secp256k1_uint1 x306; + uint32_t x307; + fiat_secp256k1_uint1 x308; + uint32_t x309; + fiat_secp256k1_uint1 x310; + uint32_t x311; + fiat_secp256k1_uint1 x312; + uint32_t x313; + uint32_t x314; + uint32_t x315; + uint32_t x316; + uint32_t x317; + uint32_t x318; + uint32_t x319; + uint32_t x320; + uint32_t x321; + uint32_t x322; + uint32_t x323; + uint32_t x324; + uint32_t x325; + uint32_t x326; + uint32_t x327; + uint32_t x328; + uint32_t x329; + uint32_t x330; + uint32_t x331; + fiat_secp256k1_uint1 x332; + uint32_t x333; + fiat_secp256k1_uint1 x334; + uint32_t x335; + fiat_secp256k1_uint1 x336; + uint32_t x337; + fiat_secp256k1_uint1 x338; + uint32_t x339; + fiat_secp256k1_uint1 x340; + uint32_t x341; + fiat_secp256k1_uint1 x342; + uint32_t x343; + fiat_secp256k1_uint1 x344; + uint32_t x345; + fiat_secp256k1_uint1 x346; + uint32_t x347; + fiat_secp256k1_uint1 x348; + uint32_t x349; + fiat_secp256k1_uint1 x350; + uint32_t x351; + fiat_secp256k1_uint1 x352; + uint32_t x353; + fiat_secp256k1_uint1 x354; + uint32_t x355; + fiat_secp256k1_uint1 x356; + uint32_t x357; + fiat_secp256k1_uint1 x358; + uint32_t x359; + fiat_secp256k1_uint1 x360; + uint32_t x361; + fiat_secp256k1_uint1 x362; + uint32_t x363; + uint32_t x364; + uint32_t x365; + uint32_t x366; + uint32_t x367; + fiat_secp256k1_uint1 x368; + uint32_t x369; + fiat_secp256k1_uint1 x370; + uint32_t x371; + fiat_secp256k1_uint1 x372; + uint32_t x373; + fiat_secp256k1_uint1 x374; + uint32_t x375; + fiat_secp256k1_uint1 x376; + uint32_t x377; + fiat_secp256k1_uint1 x378; + uint32_t x379; + fiat_secp256k1_uint1 x380; + uint32_t x381; + fiat_secp256k1_uint1 x382; + uint32_t x383; + fiat_secp256k1_uint1 x384; + uint32_t x385; + fiat_secp256k1_uint1 x386; + uint32_t x387; + uint32_t x388; + uint32_t x389; + uint32_t x390; + uint32_t x391; + uint32_t x392; + uint32_t x393; + uint32_t x394; + uint32_t x395; + uint32_t x396; + uint32_t x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + fiat_secp256k1_uint1 x406; + uint32_t x407; + fiat_secp256k1_uint1 x408; + uint32_t x409; + fiat_secp256k1_uint1 x410; + uint32_t x411; + fiat_secp256k1_uint1 x412; + uint32_t x413; + fiat_secp256k1_uint1 x414; + uint32_t x415; + fiat_secp256k1_uint1 x416; + uint32_t x417; + fiat_secp256k1_uint1 x418; + uint32_t x419; + fiat_secp256k1_uint1 x420; + uint32_t x421; + fiat_secp256k1_uint1 x422; + uint32_t x423; + fiat_secp256k1_uint1 x424; + uint32_t x425; + fiat_secp256k1_uint1 x426; + uint32_t x427; + fiat_secp256k1_uint1 x428; + uint32_t x429; + fiat_secp256k1_uint1 x430; + uint32_t x431; + fiat_secp256k1_uint1 x432; + uint32_t x433; + fiat_secp256k1_uint1 x434; + uint32_t x435; + fiat_secp256k1_uint1 x436; + uint32_t x437; + uint32_t x438; + uint32_t x439; + uint32_t x440; + uint32_t x441; + fiat_secp256k1_uint1 x442; + uint32_t x443; + fiat_secp256k1_uint1 x444; + uint32_t x445; + fiat_secp256k1_uint1 x446; + uint32_t x447; + fiat_secp256k1_uint1 x448; + uint32_t x449; + fiat_secp256k1_uint1 x450; + uint32_t x451; + fiat_secp256k1_uint1 x452; + uint32_t x453; + fiat_secp256k1_uint1 x454; + uint32_t x455; + fiat_secp256k1_uint1 x456; + uint32_t x457; + fiat_secp256k1_uint1 x458; + uint32_t x459; + fiat_secp256k1_uint1 x460; + uint32_t x461; + uint32_t x462; + uint32_t x463; + uint32_t x464; + uint32_t x465; + uint32_t x466; + uint32_t x467; + uint32_t x468; + uint32_t x469; + uint32_t x470; + uint32_t x471; + uint32_t x472; + uint32_t x473; + uint32_t x474; + uint32_t x475; + uint32_t x476; + uint32_t x477; + uint32_t x478; + uint32_t x479; + fiat_secp256k1_uint1 x480; + uint32_t x481; + fiat_secp256k1_uint1 x482; + uint32_t x483; + fiat_secp256k1_uint1 x484; + uint32_t x485; + fiat_secp256k1_uint1 x486; + uint32_t x487; + fiat_secp256k1_uint1 x488; + uint32_t x489; + fiat_secp256k1_uint1 x490; + uint32_t x491; + fiat_secp256k1_uint1 x492; + uint32_t x493; + fiat_secp256k1_uint1 x494; + uint32_t x495; + fiat_secp256k1_uint1 x496; + uint32_t x497; + fiat_secp256k1_uint1 x498; + uint32_t x499; + fiat_secp256k1_uint1 x500; + uint32_t x501; + fiat_secp256k1_uint1 x502; + uint32_t x503; + fiat_secp256k1_uint1 x504; + uint32_t x505; + fiat_secp256k1_uint1 x506; + uint32_t x507; + fiat_secp256k1_uint1 x508; + uint32_t x509; + fiat_secp256k1_uint1 x510; + uint32_t x511; + uint32_t x512; + uint32_t x513; + uint32_t x514; + uint32_t x515; + fiat_secp256k1_uint1 x516; + uint32_t x517; + fiat_secp256k1_uint1 x518; + uint32_t x519; + fiat_secp256k1_uint1 x520; + uint32_t x521; + fiat_secp256k1_uint1 x522; + uint32_t x523; + fiat_secp256k1_uint1 x524; + uint32_t x525; + fiat_secp256k1_uint1 x526; + uint32_t x527; + fiat_secp256k1_uint1 x528; + uint32_t x529; + fiat_secp256k1_uint1 x530; + uint32_t x531; + fiat_secp256k1_uint1 x532; + uint32_t x533; + fiat_secp256k1_uint1 x534; + uint32_t x535; + uint32_t x536; + uint32_t x537; + uint32_t x538; + uint32_t x539; + uint32_t x540; + uint32_t x541; + uint32_t x542; + uint32_t x543; + uint32_t x544; + uint32_t x545; + uint32_t x546; + uint32_t x547; + uint32_t x548; + uint32_t x549; + uint32_t x550; + uint32_t x551; + uint32_t x552; + uint32_t x553; + fiat_secp256k1_uint1 x554; + uint32_t x555; + fiat_secp256k1_uint1 x556; + uint32_t x557; + fiat_secp256k1_uint1 x558; + uint32_t x559; + fiat_secp256k1_uint1 x560; + uint32_t x561; + fiat_secp256k1_uint1 x562; + uint32_t x563; + fiat_secp256k1_uint1 x564; + uint32_t x565; + fiat_secp256k1_uint1 x566; + uint32_t x567; + fiat_secp256k1_uint1 x568; + uint32_t x569; + fiat_secp256k1_uint1 x570; + uint32_t x571; + fiat_secp256k1_uint1 x572; + uint32_t x573; + fiat_secp256k1_uint1 x574; + uint32_t x575; + fiat_secp256k1_uint1 x576; + uint32_t x577; + fiat_secp256k1_uint1 x578; + uint32_t x579; + fiat_secp256k1_uint1 x580; + uint32_t x581; + fiat_secp256k1_uint1 x582; + uint32_t x583; + fiat_secp256k1_uint1 x584; + uint32_t x585; + fiat_secp256k1_uint1 x586; + uint32_t x587; + fiat_secp256k1_uint1 x588; + uint32_t x589; + fiat_secp256k1_uint1 x590; + uint32_t x591; + fiat_secp256k1_uint1 x592; + uint32_t x593; + fiat_secp256k1_uint1 x594; + uint32_t x595; + fiat_secp256k1_uint1 x596; + uint32_t x597; + fiat_secp256k1_uint1 x598; + uint32_t x599; + fiat_secp256k1_uint1 x600; + uint32_t x601; + fiat_secp256k1_uint1 x602; + uint32_t x603; + uint32_t x604; + uint32_t x605; + uint32_t x606; + uint32_t x607; + uint32_t x608; + uint32_t x609; + uint32_t x610; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[4]); + x5 = (arg1[5]); + x6 = (arg1[6]); + x7 = (arg1[7]); + x8 = (arg1[0]); + fiat_secp256k1_mulx_u32(&x9, &x10, x8, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x11, &x12, x8, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x13, &x14, 0x0, x12, x9); + fiat_secp256k1_addcarryx_u32(&x15, &x16, x14, x10, x8); + fiat_secp256k1_mulx_u32(&x17, &x18, x11, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x19, &x20, x17, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x21, &x22, x17, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x23, &x24, x17, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x25, &x26, x17, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x27, &x28, x17, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x29, &x30, x17, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x31, &x32, x17, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x33, &x34, x17, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x35, &x36, 0x0, x34, x31); + fiat_secp256k1_addcarryx_u32(&x37, &x38, x36, x32, x29); + fiat_secp256k1_addcarryx_u32(&x39, &x40, x38, x30, x27); + fiat_secp256k1_addcarryx_u32(&x41, &x42, x40, x28, x25); + fiat_secp256k1_addcarryx_u32(&x43, &x44, x42, x26, x23); + fiat_secp256k1_addcarryx_u32(&x45, &x46, x44, x24, x21); + fiat_secp256k1_addcarryx_u32(&x47, &x48, x46, x22, x19); + fiat_secp256k1_addcarryx_u32(&x49, &x50, 0x0, x11, x33); + fiat_secp256k1_addcarryx_u32(&x51, &x52, x50, x13, x35); + fiat_secp256k1_addcarryx_u32(&x53, &x54, x52, x15, x37); + fiat_secp256k1_addcarryx_u32(&x55, &x56, x54, x16, x39); + fiat_secp256k1_addcarryx_u32(&x57, &x58, x56, 0x0, x41); + fiat_secp256k1_addcarryx_u32(&x59, &x60, x58, 0x0, x43); + fiat_secp256k1_addcarryx_u32(&x61, &x62, x60, 0x0, x45); + fiat_secp256k1_addcarryx_u32(&x63, &x64, x62, 0x0, x47); + fiat_secp256k1_addcarryx_u32(&x65, &x66, x64, 0x0, (x48 + x20)); + fiat_secp256k1_mulx_u32(&x67, &x68, x1, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x69, &x70, x1, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x71, &x72, 0x0, x70, x67); + fiat_secp256k1_addcarryx_u32(&x73, &x74, x72, x68, x1); + fiat_secp256k1_addcarryx_u32(&x75, &x76, 0x0, x51, x69); + fiat_secp256k1_addcarryx_u32(&x77, &x78, x76, x53, x71); + fiat_secp256k1_addcarryx_u32(&x79, &x80, x78, x55, x73); + fiat_secp256k1_addcarryx_u32(&x81, &x82, x80, x57, x74); + fiat_secp256k1_addcarryx_u32(&x83, &x84, x82, x59, 0x0); + fiat_secp256k1_addcarryx_u32(&x85, &x86, x84, x61, 0x0); + fiat_secp256k1_addcarryx_u32(&x87, &x88, x86, x63, 0x0); + fiat_secp256k1_addcarryx_u32(&x89, &x90, x88, x65, 0x0); + fiat_secp256k1_mulx_u32(&x91, &x92, x75, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x93, &x94, x91, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x95, &x96, x91, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x97, &x98, x91, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x99, &x100, x91, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x101, &x102, x91, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x103, &x104, x91, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x105, &x106, x91, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x107, &x108, x91, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x109, &x110, 0x0, x108, x105); + fiat_secp256k1_addcarryx_u32(&x111, &x112, x110, x106, x103); + fiat_secp256k1_addcarryx_u32(&x113, &x114, x112, x104, x101); + fiat_secp256k1_addcarryx_u32(&x115, &x116, x114, x102, x99); + fiat_secp256k1_addcarryx_u32(&x117, &x118, x116, x100, x97); + fiat_secp256k1_addcarryx_u32(&x119, &x120, x118, x98, x95); + fiat_secp256k1_addcarryx_u32(&x121, &x122, x120, x96, x93); + fiat_secp256k1_addcarryx_u32(&x123, &x124, 0x0, x75, x107); + fiat_secp256k1_addcarryx_u32(&x125, &x126, x124, x77, x109); + fiat_secp256k1_addcarryx_u32(&x127, &x128, x126, x79, x111); + fiat_secp256k1_addcarryx_u32(&x129, &x130, x128, x81, x113); + fiat_secp256k1_addcarryx_u32(&x131, &x132, x130, x83, x115); + fiat_secp256k1_addcarryx_u32(&x133, &x134, x132, x85, x117); + fiat_secp256k1_addcarryx_u32(&x135, &x136, x134, x87, x119); + fiat_secp256k1_addcarryx_u32(&x137, &x138, x136, x89, x121); + fiat_secp256k1_addcarryx_u32(&x139, &x140, x138, ((uint32_t)x90 + x66), (x122 + x94)); + fiat_secp256k1_mulx_u32(&x141, &x142, x2, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x143, &x144, x2, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x145, &x146, 0x0, x144, x141); + fiat_secp256k1_addcarryx_u32(&x147, &x148, x146, x142, x2); + fiat_secp256k1_addcarryx_u32(&x149, &x150, 0x0, x125, x143); + fiat_secp256k1_addcarryx_u32(&x151, &x152, x150, x127, x145); + fiat_secp256k1_addcarryx_u32(&x153, &x154, x152, x129, x147); + fiat_secp256k1_addcarryx_u32(&x155, &x156, x154, x131, x148); + fiat_secp256k1_addcarryx_u32(&x157, &x158, x156, x133, 0x0); + fiat_secp256k1_addcarryx_u32(&x159, &x160, x158, x135, 0x0); + fiat_secp256k1_addcarryx_u32(&x161, &x162, x160, x137, 0x0); + fiat_secp256k1_addcarryx_u32(&x163, &x164, x162, x139, 0x0); + fiat_secp256k1_mulx_u32(&x165, &x166, x149, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x167, &x168, x165, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x169, &x170, x165, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x171, &x172, x165, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x173, &x174, x165, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x175, &x176, x165, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x177, &x178, x165, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x179, &x180, x165, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x181, &x182, x165, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x183, &x184, 0x0, x182, x179); + fiat_secp256k1_addcarryx_u32(&x185, &x186, x184, x180, x177); + fiat_secp256k1_addcarryx_u32(&x187, &x188, x186, x178, x175); + fiat_secp256k1_addcarryx_u32(&x189, &x190, x188, x176, x173); + fiat_secp256k1_addcarryx_u32(&x191, &x192, x190, x174, x171); + fiat_secp256k1_addcarryx_u32(&x193, &x194, x192, x172, x169); + fiat_secp256k1_addcarryx_u32(&x195, &x196, x194, x170, x167); + fiat_secp256k1_addcarryx_u32(&x197, &x198, 0x0, x149, x181); + fiat_secp256k1_addcarryx_u32(&x199, &x200, x198, x151, x183); + fiat_secp256k1_addcarryx_u32(&x201, &x202, x200, x153, x185); + fiat_secp256k1_addcarryx_u32(&x203, &x204, x202, x155, x187); + fiat_secp256k1_addcarryx_u32(&x205, &x206, x204, x157, x189); + fiat_secp256k1_addcarryx_u32(&x207, &x208, x206, x159, x191); + fiat_secp256k1_addcarryx_u32(&x209, &x210, x208, x161, x193); + fiat_secp256k1_addcarryx_u32(&x211, &x212, x210, x163, x195); + fiat_secp256k1_addcarryx_u32(&x213, &x214, x212, ((uint32_t)x164 + x140), (x196 + x168)); + fiat_secp256k1_mulx_u32(&x215, &x216, x3, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x217, &x218, x3, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x219, &x220, 0x0, x218, x215); + fiat_secp256k1_addcarryx_u32(&x221, &x222, x220, x216, x3); + fiat_secp256k1_addcarryx_u32(&x223, &x224, 0x0, x199, x217); + fiat_secp256k1_addcarryx_u32(&x225, &x226, x224, x201, x219); + fiat_secp256k1_addcarryx_u32(&x227, &x228, x226, x203, x221); + fiat_secp256k1_addcarryx_u32(&x229, &x230, x228, x205, x222); + fiat_secp256k1_addcarryx_u32(&x231, &x232, x230, x207, 0x0); + fiat_secp256k1_addcarryx_u32(&x233, &x234, x232, x209, 0x0); + fiat_secp256k1_addcarryx_u32(&x235, &x236, x234, x211, 0x0); + fiat_secp256k1_addcarryx_u32(&x237, &x238, x236, x213, 0x0); + fiat_secp256k1_mulx_u32(&x239, &x240, x223, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x241, &x242, x239, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x243, &x244, x239, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x245, &x246, x239, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x247, &x248, x239, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x249, &x250, x239, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x251, &x252, x239, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x253, &x254, x239, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x255, &x256, x239, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x257, &x258, 0x0, x256, x253); + fiat_secp256k1_addcarryx_u32(&x259, &x260, x258, x254, x251); + fiat_secp256k1_addcarryx_u32(&x261, &x262, x260, x252, x249); + fiat_secp256k1_addcarryx_u32(&x263, &x264, x262, x250, x247); + fiat_secp256k1_addcarryx_u32(&x265, &x266, x264, x248, x245); + fiat_secp256k1_addcarryx_u32(&x267, &x268, x266, x246, x243); + fiat_secp256k1_addcarryx_u32(&x269, &x270, x268, x244, x241); + fiat_secp256k1_addcarryx_u32(&x271, &x272, 0x0, x223, x255); + fiat_secp256k1_addcarryx_u32(&x273, &x274, x272, x225, x257); + fiat_secp256k1_addcarryx_u32(&x275, &x276, x274, x227, x259); + fiat_secp256k1_addcarryx_u32(&x277, &x278, x276, x229, x261); + fiat_secp256k1_addcarryx_u32(&x279, &x280, x278, x231, x263); + fiat_secp256k1_addcarryx_u32(&x281, &x282, x280, x233, x265); + fiat_secp256k1_addcarryx_u32(&x283, &x284, x282, x235, x267); + fiat_secp256k1_addcarryx_u32(&x285, &x286, x284, x237, x269); + fiat_secp256k1_addcarryx_u32(&x287, &x288, x286, ((uint32_t)x238 + x214), (x270 + x242)); + fiat_secp256k1_mulx_u32(&x289, &x290, x4, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x291, &x292, x4, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x293, &x294, 0x0, x292, x289); + fiat_secp256k1_addcarryx_u32(&x295, &x296, x294, x290, x4); + fiat_secp256k1_addcarryx_u32(&x297, &x298, 0x0, x273, x291); + fiat_secp256k1_addcarryx_u32(&x299, &x300, x298, x275, x293); + fiat_secp256k1_addcarryx_u32(&x301, &x302, x300, x277, x295); + fiat_secp256k1_addcarryx_u32(&x303, &x304, x302, x279, x296); + fiat_secp256k1_addcarryx_u32(&x305, &x306, x304, x281, 0x0); + fiat_secp256k1_addcarryx_u32(&x307, &x308, x306, x283, 0x0); + fiat_secp256k1_addcarryx_u32(&x309, &x310, x308, x285, 0x0); + fiat_secp256k1_addcarryx_u32(&x311, &x312, x310, x287, 0x0); + fiat_secp256k1_mulx_u32(&x313, &x314, x297, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x315, &x316, x313, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x317, &x318, x313, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x319, &x320, x313, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x321, &x322, x313, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x323, &x324, x313, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x325, &x326, x313, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x327, &x328, x313, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x329, &x330, x313, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x331, &x332, 0x0, x330, x327); + fiat_secp256k1_addcarryx_u32(&x333, &x334, x332, x328, x325); + fiat_secp256k1_addcarryx_u32(&x335, &x336, x334, x326, x323); + fiat_secp256k1_addcarryx_u32(&x337, &x338, x336, x324, x321); + fiat_secp256k1_addcarryx_u32(&x339, &x340, x338, x322, x319); + fiat_secp256k1_addcarryx_u32(&x341, &x342, x340, x320, x317); + fiat_secp256k1_addcarryx_u32(&x343, &x344, x342, x318, x315); + fiat_secp256k1_addcarryx_u32(&x345, &x346, 0x0, x297, x329); + fiat_secp256k1_addcarryx_u32(&x347, &x348, x346, x299, x331); + fiat_secp256k1_addcarryx_u32(&x349, &x350, x348, x301, x333); + fiat_secp256k1_addcarryx_u32(&x351, &x352, x350, x303, x335); + fiat_secp256k1_addcarryx_u32(&x353, &x354, x352, x305, x337); + fiat_secp256k1_addcarryx_u32(&x355, &x356, x354, x307, x339); + fiat_secp256k1_addcarryx_u32(&x357, &x358, x356, x309, x341); + fiat_secp256k1_addcarryx_u32(&x359, &x360, x358, x311, x343); + fiat_secp256k1_addcarryx_u32(&x361, &x362, x360, ((uint32_t)x312 + x288), (x344 + x316)); + fiat_secp256k1_mulx_u32(&x363, &x364, x5, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x365, &x366, x5, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x367, &x368, 0x0, x366, x363); + fiat_secp256k1_addcarryx_u32(&x369, &x370, x368, x364, x5); + fiat_secp256k1_addcarryx_u32(&x371, &x372, 0x0, x347, x365); + fiat_secp256k1_addcarryx_u32(&x373, &x374, x372, x349, x367); + fiat_secp256k1_addcarryx_u32(&x375, &x376, x374, x351, x369); + fiat_secp256k1_addcarryx_u32(&x377, &x378, x376, x353, x370); + fiat_secp256k1_addcarryx_u32(&x379, &x380, x378, x355, 0x0); + fiat_secp256k1_addcarryx_u32(&x381, &x382, x380, x357, 0x0); + fiat_secp256k1_addcarryx_u32(&x383, &x384, x382, x359, 0x0); + fiat_secp256k1_addcarryx_u32(&x385, &x386, x384, x361, 0x0); + fiat_secp256k1_mulx_u32(&x387, &x388, x371, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x389, &x390, x387, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x391, &x392, x387, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x393, &x394, x387, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x395, &x396, x387, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x397, &x398, x387, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x399, &x400, x387, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x401, &x402, x387, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x403, &x404, x387, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x405, &x406, 0x0, x404, x401); + fiat_secp256k1_addcarryx_u32(&x407, &x408, x406, x402, x399); + fiat_secp256k1_addcarryx_u32(&x409, &x410, x408, x400, x397); + fiat_secp256k1_addcarryx_u32(&x411, &x412, x410, x398, x395); + fiat_secp256k1_addcarryx_u32(&x413, &x414, x412, x396, x393); + fiat_secp256k1_addcarryx_u32(&x415, &x416, x414, x394, x391); + fiat_secp256k1_addcarryx_u32(&x417, &x418, x416, x392, x389); + fiat_secp256k1_addcarryx_u32(&x419, &x420, 0x0, x371, x403); + fiat_secp256k1_addcarryx_u32(&x421, &x422, x420, x373, x405); + fiat_secp256k1_addcarryx_u32(&x423, &x424, x422, x375, x407); + fiat_secp256k1_addcarryx_u32(&x425, &x426, x424, x377, x409); + fiat_secp256k1_addcarryx_u32(&x427, &x428, x426, x379, x411); + fiat_secp256k1_addcarryx_u32(&x429, &x430, x428, x381, x413); + fiat_secp256k1_addcarryx_u32(&x431, &x432, x430, x383, x415); + fiat_secp256k1_addcarryx_u32(&x433, &x434, x432, x385, x417); + fiat_secp256k1_addcarryx_u32(&x435, &x436, x434, ((uint32_t)x386 + x362), (x418 + x390)); + fiat_secp256k1_mulx_u32(&x437, &x438, x6, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x439, &x440, x6, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x441, &x442, 0x0, x440, x437); + fiat_secp256k1_addcarryx_u32(&x443, &x444, x442, x438, x6); + fiat_secp256k1_addcarryx_u32(&x445, &x446, 0x0, x421, x439); + fiat_secp256k1_addcarryx_u32(&x447, &x448, x446, x423, x441); + fiat_secp256k1_addcarryx_u32(&x449, &x450, x448, x425, x443); + fiat_secp256k1_addcarryx_u32(&x451, &x452, x450, x427, x444); + fiat_secp256k1_addcarryx_u32(&x453, &x454, x452, x429, 0x0); + fiat_secp256k1_addcarryx_u32(&x455, &x456, x454, x431, 0x0); + fiat_secp256k1_addcarryx_u32(&x457, &x458, x456, x433, 0x0); + fiat_secp256k1_addcarryx_u32(&x459, &x460, x458, x435, 0x0); + fiat_secp256k1_mulx_u32(&x461, &x462, x445, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x463, &x464, x461, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x465, &x466, x461, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x467, &x468, x461, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x469, &x470, x461, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x471, &x472, x461, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x473, &x474, x461, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x475, &x476, x461, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x477, &x478, x461, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x479, &x480, 0x0, x478, x475); + fiat_secp256k1_addcarryx_u32(&x481, &x482, x480, x476, x473); + fiat_secp256k1_addcarryx_u32(&x483, &x484, x482, x474, x471); + fiat_secp256k1_addcarryx_u32(&x485, &x486, x484, x472, x469); + fiat_secp256k1_addcarryx_u32(&x487, &x488, x486, x470, x467); + fiat_secp256k1_addcarryx_u32(&x489, &x490, x488, x468, x465); + fiat_secp256k1_addcarryx_u32(&x491, &x492, x490, x466, x463); + fiat_secp256k1_addcarryx_u32(&x493, &x494, 0x0, x445, x477); + fiat_secp256k1_addcarryx_u32(&x495, &x496, x494, x447, x479); + fiat_secp256k1_addcarryx_u32(&x497, &x498, x496, x449, x481); + fiat_secp256k1_addcarryx_u32(&x499, &x500, x498, x451, x483); + fiat_secp256k1_addcarryx_u32(&x501, &x502, x500, x453, x485); + fiat_secp256k1_addcarryx_u32(&x503, &x504, x502, x455, x487); + fiat_secp256k1_addcarryx_u32(&x505, &x506, x504, x457, x489); + fiat_secp256k1_addcarryx_u32(&x507, &x508, x506, x459, x491); + fiat_secp256k1_addcarryx_u32(&x509, &x510, x508, ((uint32_t)x460 + x436), (x492 + x464)); + fiat_secp256k1_mulx_u32(&x511, &x512, x7, UINT16_C(0x7a2)); + fiat_secp256k1_mulx_u32(&x513, &x514, x7, UINT32_C(0xe90a1)); + fiat_secp256k1_addcarryx_u32(&x515, &x516, 0x0, x514, x511); + fiat_secp256k1_addcarryx_u32(&x517, &x518, x516, x512, x7); + fiat_secp256k1_addcarryx_u32(&x519, &x520, 0x0, x495, x513); + fiat_secp256k1_addcarryx_u32(&x521, &x522, x520, x497, x515); + fiat_secp256k1_addcarryx_u32(&x523, &x524, x522, x499, x517); + fiat_secp256k1_addcarryx_u32(&x525, &x526, x524, x501, x518); + fiat_secp256k1_addcarryx_u32(&x527, &x528, x526, x503, 0x0); + fiat_secp256k1_addcarryx_u32(&x529, &x530, x528, x505, 0x0); + fiat_secp256k1_addcarryx_u32(&x531, &x532, x530, x507, 0x0); + fiat_secp256k1_addcarryx_u32(&x533, &x534, x532, x509, 0x0); + fiat_secp256k1_mulx_u32(&x535, &x536, x519, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x537, &x538, x535, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x539, &x540, x535, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x541, &x542, x535, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x543, &x544, x535, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x545, &x546, x535, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x547, &x548, x535, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x549, &x550, x535, UINT32_C(0xfffffffe)); + fiat_secp256k1_mulx_u32(&x551, &x552, x535, UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x553, &x554, 0x0, x552, x549); + fiat_secp256k1_addcarryx_u32(&x555, &x556, x554, x550, x547); + fiat_secp256k1_addcarryx_u32(&x557, &x558, x556, x548, x545); + fiat_secp256k1_addcarryx_u32(&x559, &x560, x558, x546, x543); + fiat_secp256k1_addcarryx_u32(&x561, &x562, x560, x544, x541); + fiat_secp256k1_addcarryx_u32(&x563, &x564, x562, x542, x539); + fiat_secp256k1_addcarryx_u32(&x565, &x566, x564, x540, x537); + fiat_secp256k1_addcarryx_u32(&x567, &x568, 0x0, x519, x551); + fiat_secp256k1_addcarryx_u32(&x569, &x570, x568, x521, x553); + fiat_secp256k1_addcarryx_u32(&x571, &x572, x570, x523, x555); + fiat_secp256k1_addcarryx_u32(&x573, &x574, x572, x525, x557); + fiat_secp256k1_addcarryx_u32(&x575, &x576, x574, x527, x559); + fiat_secp256k1_addcarryx_u32(&x577, &x578, x576, x529, x561); + fiat_secp256k1_addcarryx_u32(&x579, &x580, x578, x531, x563); + fiat_secp256k1_addcarryx_u32(&x581, &x582, x580, x533, x565); + fiat_secp256k1_addcarryx_u32(&x583, &x584, x582, ((uint32_t)x534 + x510), (x566 + x538)); + fiat_secp256k1_subborrowx_u32(&x585, &x586, 0x0, x569, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x587, &x588, x586, x571, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x589, &x590, x588, x573, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x591, &x592, x590, x575, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x593, &x594, x592, x577, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x595, &x596, x594, x579, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x597, &x598, x596, x581, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x599, &x600, x598, x583, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x601, &x602, x600, x584, 0x0); + fiat_secp256k1_cmovznz_u32(&x603, x602, x585, x569); + fiat_secp256k1_cmovznz_u32(&x604, x602, x587, x571); + fiat_secp256k1_cmovznz_u32(&x605, x602, x589, x573); + fiat_secp256k1_cmovznz_u32(&x606, x602, x591, x575); + fiat_secp256k1_cmovznz_u32(&x607, x602, x593, x577); + fiat_secp256k1_cmovznz_u32(&x608, x602, x595, x579); + fiat_secp256k1_cmovznz_u32(&x609, x602, x597, x581); + fiat_secp256k1_cmovznz_u32(&x610, x602, x599, x583); + out1[0] = x603; + out1[1] = x604; + out1[2] = x605; + out1[3] = x606; + out1[4] = x607; + out1[5] = x608; + out1[6] = x609; + out1[7] = x610; +} + +/* + * The function fiat_secp256k1_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_nonzero(uint32_t* out1, const uint32_t arg1[8]) { + uint32_t x1; + x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); + *out1 = x1; +} + +/* + * The function fiat_secp256k1_selectznz is a multi-limb conditional select. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_selectznz(uint32_t out1[8], fiat_secp256k1_uint1 arg1, const uint32_t arg2[8], const uint32_t arg3[8]) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + fiat_secp256k1_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); + fiat_secp256k1_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); + fiat_secp256k1_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); + fiat_secp256k1_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); + fiat_secp256k1_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); + fiat_secp256k1_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); + fiat_secp256k1_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); + fiat_secp256k1_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/* + * The function fiat_secp256k1_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint8_t x9; + uint32_t x10; + uint8_t x11; + uint32_t x12; + uint8_t x13; + uint8_t x14; + uint8_t x15; + uint32_t x16; + uint8_t x17; + uint32_t x18; + uint8_t x19; + uint8_t x20; + uint8_t x21; + uint32_t x22; + uint8_t x23; + uint32_t x24; + uint8_t x25; + uint8_t x26; + uint8_t x27; + uint32_t x28; + uint8_t x29; + uint32_t x30; + uint8_t x31; + uint8_t x32; + uint8_t x33; + uint32_t x34; + uint8_t x35; + uint32_t x36; + uint8_t x37; + uint8_t x38; + uint8_t x39; + uint32_t x40; + uint8_t x41; + uint32_t x42; + uint8_t x43; + uint8_t x44; + uint8_t x45; + uint32_t x46; + uint8_t x47; + uint32_t x48; + uint8_t x49; + uint8_t x50; + uint8_t x51; + uint32_t x52; + uint8_t x53; + uint32_t x54; + uint8_t x55; + uint8_t x56; + x1 = (arg1[7]); + x2 = (arg1[6]); + x3 = (arg1[5]); + x4 = (arg1[4]); + x5 = (arg1[3]); + x6 = (arg1[2]); + x7 = (arg1[1]); + x8 = (arg1[0]); + x9 = (uint8_t)(x8 & UINT8_C(0xff)); + x10 = (x8 >> 8); + x11 = (uint8_t)(x10 & UINT8_C(0xff)); + x12 = (x10 >> 8); + x13 = (uint8_t)(x12 & UINT8_C(0xff)); + x14 = (uint8_t)(x12 >> 8); + x15 = (uint8_t)(x7 & UINT8_C(0xff)); + x16 = (x7 >> 8); + x17 = (uint8_t)(x16 & UINT8_C(0xff)); + x18 = (x16 >> 8); + x19 = (uint8_t)(x18 & UINT8_C(0xff)); + x20 = (uint8_t)(x18 >> 8); + x21 = (uint8_t)(x6 & UINT8_C(0xff)); + x22 = (x6 >> 8); + x23 = (uint8_t)(x22 & UINT8_C(0xff)); + x24 = (x22 >> 8); + x25 = (uint8_t)(x24 & UINT8_C(0xff)); + x26 = (uint8_t)(x24 >> 8); + x27 = (uint8_t)(x5 & UINT8_C(0xff)); + x28 = (x5 >> 8); + x29 = (uint8_t)(x28 & UINT8_C(0xff)); + x30 = (x28 >> 8); + x31 = (uint8_t)(x30 & UINT8_C(0xff)); + x32 = (uint8_t)(x30 >> 8); + x33 = (uint8_t)(x4 & UINT8_C(0xff)); + x34 = (x4 >> 8); + x35 = (uint8_t)(x34 & UINT8_C(0xff)); + x36 = (x34 >> 8); + x37 = (uint8_t)(x36 & UINT8_C(0xff)); + x38 = (uint8_t)(x36 >> 8); + x39 = (uint8_t)(x3 & UINT8_C(0xff)); + x40 = (x3 >> 8); + x41 = (uint8_t)(x40 & UINT8_C(0xff)); + x42 = (x40 >> 8); + x43 = (uint8_t)(x42 & UINT8_C(0xff)); + x44 = (uint8_t)(x42 >> 8); + x45 = (uint8_t)(x2 & UINT8_C(0xff)); + x46 = (x2 >> 8); + x47 = (uint8_t)(x46 & UINT8_C(0xff)); + x48 = (x46 >> 8); + x49 = (uint8_t)(x48 & UINT8_C(0xff)); + x50 = (uint8_t)(x48 >> 8); + x51 = (uint8_t)(x1 & UINT8_C(0xff)); + x52 = (x1 >> 8); + x53 = (uint8_t)(x52 & UINT8_C(0xff)); + x54 = (x52 >> 8); + x55 = (uint8_t)(x54 & UINT8_C(0xff)); + x56 = (uint8_t)(x54 >> 8); + out1[0] = x9; + out1[1] = x11; + out1[2] = x13; + out1[3] = x14; + out1[4] = x15; + out1[5] = x17; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x26; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x38; + out1[20] = x39; + out1[21] = x41; + out1[22] = x43; + out1[23] = x44; + out1[24] = x45; + out1[25] = x47; + out1[26] = x49; + out1[27] = x50; + out1[28] = x51; + out1[29] = x53; + out1[30] = x55; + out1[31] = x56; +} + +/* + * The function fiat_secp256k1_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. + * + * Preconditions: + * 0 ≤ bytes_eval arg1 < m + * Postconditions: + * eval out1 mod m = bytes_eval arg1 mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint8_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint8_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint8_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint8_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint8_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint8_t x24; + uint32_t x25; + uint32_t x26; + uint32_t x27; + uint8_t x28; + uint32_t x29; + uint32_t x30; + uint32_t x31; + uint8_t x32; + uint32_t x33; + uint32_t x34; + uint32_t x35; + uint32_t x36; + uint32_t x37; + uint32_t x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + x1 = ((uint32_t)(arg1[31]) << 24); + x2 = ((uint32_t)(arg1[30]) << 16); + x3 = ((uint32_t)(arg1[29]) << 8); + x4 = (arg1[28]); + x5 = ((uint32_t)(arg1[27]) << 24); + x6 = ((uint32_t)(arg1[26]) << 16); + x7 = ((uint32_t)(arg1[25]) << 8); + x8 = (arg1[24]); + x9 = ((uint32_t)(arg1[23]) << 24); + x10 = ((uint32_t)(arg1[22]) << 16); + x11 = ((uint32_t)(arg1[21]) << 8); + x12 = (arg1[20]); + x13 = ((uint32_t)(arg1[19]) << 24); + x14 = ((uint32_t)(arg1[18]) << 16); + x15 = ((uint32_t)(arg1[17]) << 8); + x16 = (arg1[16]); + x17 = ((uint32_t)(arg1[15]) << 24); + x18 = ((uint32_t)(arg1[14]) << 16); + x19 = ((uint32_t)(arg1[13]) << 8); + x20 = (arg1[12]); + x21 = ((uint32_t)(arg1[11]) << 24); + x22 = ((uint32_t)(arg1[10]) << 16); + x23 = ((uint32_t)(arg1[9]) << 8); + x24 = (arg1[8]); + x25 = ((uint32_t)(arg1[7]) << 24); + x26 = ((uint32_t)(arg1[6]) << 16); + x27 = ((uint32_t)(arg1[5]) << 8); + x28 = (arg1[4]); + x29 = ((uint32_t)(arg1[3]) << 24); + x30 = ((uint32_t)(arg1[2]) << 16); + x31 = ((uint32_t)(arg1[1]) << 8); + x32 = (arg1[0]); + x33 = (x31 + (uint32_t)x32); + x34 = (x30 + x33); + x35 = (x29 + x34); + x36 = (x27 + (uint32_t)x28); + x37 = (x26 + x36); + x38 = (x25 + x37); + x39 = (x23 + (uint32_t)x24); + x40 = (x22 + x39); + x41 = (x21 + x40); + x42 = (x19 + (uint32_t)x20); + x43 = (x18 + x42); + x44 = (x17 + x43); + x45 = (x15 + (uint32_t)x16); + x46 = (x14 + x45); + x47 = (x13 + x46); + x48 = (x11 + (uint32_t)x12); + x49 = (x10 + x48); + x50 = (x9 + x49); + x51 = (x7 + (uint32_t)x8); + x52 = (x6 + x51); + x53 = (x5 + x52); + x54 = (x3 + (uint32_t)x4); + x55 = (x2 + x54); + x56 = (x1 + x55); + out1[0] = x35; + out1[1] = x38; + out1[2] = x41; + out1[3] = x44; + out1[4] = x47; + out1[5] = x50; + out1[6] = x53; + out1[7] = x56; +} + +/* + * The function fiat_secp256k1_set_one returns the field element one in the Montgomery domain. + * + * Postconditions: + * eval (from_montgomery out1) mod m = 1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_set_one(fiat_secp256k1_montgomery_domain_field_element out1) { + out1[0] = UINT16_C(0x3d1); + out1[1] = 0x1; + out1[2] = 0x0; + out1[3] = 0x0; + out1[4] = 0x0; + out1[5] = 0x0; + out1[6] = 0x0; + out1[7] = 0x0; +} + +/* + * The function fiat_secp256k1_msat returns the saturated representation of the prime modulus. + * + * Postconditions: + * twos_complement_eval out1 = m + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_msat(uint32_t out1[9]) { + out1[0] = UINT32_C(0xfffffc2f); + out1[1] = UINT32_C(0xfffffffe); + out1[2] = UINT32_C(0xffffffff); + out1[3] = UINT32_C(0xffffffff); + out1[4] = UINT32_C(0xffffffff); + out1[5] = UINT32_C(0xffffffff); + out1[6] = UINT32_C(0xffffffff); + out1[7] = UINT32_C(0xffffffff); + out1[8] = 0x0; +} + +/* + * The function fiat_secp256k1_divstep computes a divstep. + * + * Preconditions: + * 0 ≤ eval arg4 < m + * 0 ≤ eval arg5 < m + * Postconditions: + * out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) + * twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) + * twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) + * eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) + * eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) + * 0 ≤ eval out5 < m + * 0 ≤ eval out5 < m + * 0 ≤ eval out2 < m + * 0 ≤ eval out3 < m + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffff] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_divstep(uint32_t* out1, uint32_t out2[9], uint32_t out3[9], uint32_t out4[8], uint32_t out5[8], uint32_t arg1, const uint32_t arg2[9], const uint32_t arg3[9], const uint32_t arg4[8], const uint32_t arg5[8]) { + uint32_t x1; + fiat_secp256k1_uint1 x2; + fiat_secp256k1_uint1 x3; + uint32_t x4; + fiat_secp256k1_uint1 x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + fiat_secp256k1_uint1 x17; + uint32_t x18; + fiat_secp256k1_uint1 x19; + uint32_t x20; + fiat_secp256k1_uint1 x21; + uint32_t x22; + fiat_secp256k1_uint1 x23; + uint32_t x24; + fiat_secp256k1_uint1 x25; + uint32_t x26; + fiat_secp256k1_uint1 x27; + uint32_t x28; + fiat_secp256k1_uint1 x29; + uint32_t x30; + fiat_secp256k1_uint1 x31; + uint32_t x32; + fiat_secp256k1_uint1 x33; + uint32_t x34; + uint32_t x35; + uint32_t x36; + uint32_t x37; + uint32_t x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + fiat_secp256k1_uint1 x52; + uint32_t x53; + fiat_secp256k1_uint1 x54; + uint32_t x55; + fiat_secp256k1_uint1 x56; + uint32_t x57; + fiat_secp256k1_uint1 x58; + uint32_t x59; + fiat_secp256k1_uint1 x60; + uint32_t x61; + fiat_secp256k1_uint1 x62; + uint32_t x63; + fiat_secp256k1_uint1 x64; + uint32_t x65; + fiat_secp256k1_uint1 x66; + uint32_t x67; + fiat_secp256k1_uint1 x68; + uint32_t x69; + fiat_secp256k1_uint1 x70; + uint32_t x71; + fiat_secp256k1_uint1 x72; + uint32_t x73; + fiat_secp256k1_uint1 x74; + uint32_t x75; + fiat_secp256k1_uint1 x76; + uint32_t x77; + fiat_secp256k1_uint1 x78; + uint32_t x79; + fiat_secp256k1_uint1 x80; + uint32_t x81; + fiat_secp256k1_uint1 x82; + uint32_t x83; + fiat_secp256k1_uint1 x84; + uint32_t x85; + uint32_t x86; + uint32_t x87; + uint32_t x88; + uint32_t x89; + uint32_t x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + fiat_secp256k1_uint1 x94; + uint32_t x95; + fiat_secp256k1_uint1 x96; + uint32_t x97; + fiat_secp256k1_uint1 x98; + uint32_t x99; + fiat_secp256k1_uint1 x100; + uint32_t x101; + fiat_secp256k1_uint1 x102; + uint32_t x103; + fiat_secp256k1_uint1 x104; + uint32_t x105; + fiat_secp256k1_uint1 x106; + uint32_t x107; + fiat_secp256k1_uint1 x108; + uint32_t x109; + uint32_t x110; + fiat_secp256k1_uint1 x111; + uint32_t x112; + fiat_secp256k1_uint1 x113; + uint32_t x114; + fiat_secp256k1_uint1 x115; + uint32_t x116; + fiat_secp256k1_uint1 x117; + uint32_t x118; + fiat_secp256k1_uint1 x119; + uint32_t x120; + fiat_secp256k1_uint1 x121; + uint32_t x122; + fiat_secp256k1_uint1 x123; + uint32_t x124; + fiat_secp256k1_uint1 x125; + uint32_t x126; + uint32_t x127; + uint32_t x128; + uint32_t x129; + uint32_t x130; + uint32_t x131; + uint32_t x132; + uint32_t x133; + fiat_secp256k1_uint1 x134; + uint32_t x135; + uint32_t x136; + uint32_t x137; + uint32_t x138; + uint32_t x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + fiat_secp256k1_uint1 x145; + uint32_t x146; + fiat_secp256k1_uint1 x147; + uint32_t x148; + fiat_secp256k1_uint1 x149; + uint32_t x150; + fiat_secp256k1_uint1 x151; + uint32_t x152; + fiat_secp256k1_uint1 x153; + uint32_t x154; + fiat_secp256k1_uint1 x155; + uint32_t x156; + fiat_secp256k1_uint1 x157; + uint32_t x158; + fiat_secp256k1_uint1 x159; + uint32_t x160; + fiat_secp256k1_uint1 x161; + uint32_t x162; + uint32_t x163; + uint32_t x164; + uint32_t x165; + uint32_t x166; + uint32_t x167; + uint32_t x168; + uint32_t x169; + uint32_t x170; + fiat_secp256k1_uint1 x171; + uint32_t x172; + fiat_secp256k1_uint1 x173; + uint32_t x174; + fiat_secp256k1_uint1 x175; + uint32_t x176; + fiat_secp256k1_uint1 x177; + uint32_t x178; + fiat_secp256k1_uint1 x179; + uint32_t x180; + fiat_secp256k1_uint1 x181; + uint32_t x182; + fiat_secp256k1_uint1 x183; + uint32_t x184; + fiat_secp256k1_uint1 x185; + uint32_t x186; + fiat_secp256k1_uint1 x187; + uint32_t x188; + fiat_secp256k1_uint1 x189; + uint32_t x190; + fiat_secp256k1_uint1 x191; + uint32_t x192; + fiat_secp256k1_uint1 x193; + uint32_t x194; + fiat_secp256k1_uint1 x195; + uint32_t x196; + fiat_secp256k1_uint1 x197; + uint32_t x198; + fiat_secp256k1_uint1 x199; + uint32_t x200; + fiat_secp256k1_uint1 x201; + uint32_t x202; + fiat_secp256k1_uint1 x203; + uint32_t x204; + fiat_secp256k1_uint1 x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + uint32_t x209; + uint32_t x210; + uint32_t x211; + uint32_t x212; + uint32_t x213; + uint32_t x214; + uint32_t x215; + uint32_t x216; + uint32_t x217; + uint32_t x218; + uint32_t x219; + uint32_t x220; + uint32_t x221; + uint32_t x222; + uint32_t x223; + uint32_t x224; + uint32_t x225; + uint32_t x226; + uint32_t x227; + uint32_t x228; + uint32_t x229; + uint32_t x230; + fiat_secp256k1_addcarryx_u32(&x1, &x2, 0x0, (~arg1), 0x1); + x3 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint1)(x1 >> 31) & (fiat_secp256k1_uint1)((arg3[0]) & 0x1)); + fiat_secp256k1_addcarryx_u32(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_secp256k1_cmovznz_u32(&x6, x3, arg1, x4); + fiat_secp256k1_cmovznz_u32(&x7, x3, (arg2[0]), (arg3[0])); + fiat_secp256k1_cmovznz_u32(&x8, x3, (arg2[1]), (arg3[1])); + fiat_secp256k1_cmovznz_u32(&x9, x3, (arg2[2]), (arg3[2])); + fiat_secp256k1_cmovznz_u32(&x10, x3, (arg2[3]), (arg3[3])); + fiat_secp256k1_cmovznz_u32(&x11, x3, (arg2[4]), (arg3[4])); + fiat_secp256k1_cmovznz_u32(&x12, x3, (arg2[5]), (arg3[5])); + fiat_secp256k1_cmovznz_u32(&x13, x3, (arg2[6]), (arg3[6])); + fiat_secp256k1_cmovznz_u32(&x14, x3, (arg2[7]), (arg3[7])); + fiat_secp256k1_cmovznz_u32(&x15, x3, (arg2[8]), (arg3[8])); + fiat_secp256k1_addcarryx_u32(&x16, &x17, 0x0, 0x1, (~(arg2[0]))); + fiat_secp256k1_addcarryx_u32(&x18, &x19, x17, 0x0, (~(arg2[1]))); + fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, 0x0, (~(arg2[2]))); + fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, 0x0, (~(arg2[3]))); + fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, 0x0, (~(arg2[4]))); + fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, 0x0, (~(arg2[5]))); + fiat_secp256k1_addcarryx_u32(&x28, &x29, x27, 0x0, (~(arg2[6]))); + fiat_secp256k1_addcarryx_u32(&x30, &x31, x29, 0x0, (~(arg2[7]))); + fiat_secp256k1_addcarryx_u32(&x32, &x33, x31, 0x0, (~(arg2[8]))); + fiat_secp256k1_cmovznz_u32(&x34, x3, (arg3[0]), x16); + fiat_secp256k1_cmovznz_u32(&x35, x3, (arg3[1]), x18); + fiat_secp256k1_cmovznz_u32(&x36, x3, (arg3[2]), x20); + fiat_secp256k1_cmovznz_u32(&x37, x3, (arg3[3]), x22); + fiat_secp256k1_cmovznz_u32(&x38, x3, (arg3[4]), x24); + fiat_secp256k1_cmovznz_u32(&x39, x3, (arg3[5]), x26); + fiat_secp256k1_cmovznz_u32(&x40, x3, (arg3[6]), x28); + fiat_secp256k1_cmovznz_u32(&x41, x3, (arg3[7]), x30); + fiat_secp256k1_cmovznz_u32(&x42, x3, (arg3[8]), x32); + fiat_secp256k1_cmovznz_u32(&x43, x3, (arg4[0]), (arg5[0])); + fiat_secp256k1_cmovznz_u32(&x44, x3, (arg4[1]), (arg5[1])); + fiat_secp256k1_cmovznz_u32(&x45, x3, (arg4[2]), (arg5[2])); + fiat_secp256k1_cmovznz_u32(&x46, x3, (arg4[3]), (arg5[3])); + fiat_secp256k1_cmovznz_u32(&x47, x3, (arg4[4]), (arg5[4])); + fiat_secp256k1_cmovznz_u32(&x48, x3, (arg4[5]), (arg5[5])); + fiat_secp256k1_cmovznz_u32(&x49, x3, (arg4[6]), (arg5[6])); + fiat_secp256k1_cmovznz_u32(&x50, x3, (arg4[7]), (arg5[7])); + fiat_secp256k1_addcarryx_u32(&x51, &x52, 0x0, x43, x43); + fiat_secp256k1_addcarryx_u32(&x53, &x54, x52, x44, x44); + fiat_secp256k1_addcarryx_u32(&x55, &x56, x54, x45, x45); + fiat_secp256k1_addcarryx_u32(&x57, &x58, x56, x46, x46); + fiat_secp256k1_addcarryx_u32(&x59, &x60, x58, x47, x47); + fiat_secp256k1_addcarryx_u32(&x61, &x62, x60, x48, x48); + fiat_secp256k1_addcarryx_u32(&x63, &x64, x62, x49, x49); + fiat_secp256k1_addcarryx_u32(&x65, &x66, x64, x50, x50); + fiat_secp256k1_subborrowx_u32(&x67, &x68, 0x0, x51, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x69, &x70, x68, x53, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x71, &x72, x70, x55, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x73, &x74, x72, x57, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x75, &x76, x74, x59, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x77, &x78, x76, x61, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x79, &x80, x78, x63, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x81, &x82, x80, x65, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x83, &x84, x82, x66, 0x0); + x85 = (arg4[7]); + x86 = (arg4[6]); + x87 = (arg4[5]); + x88 = (arg4[4]); + x89 = (arg4[3]); + x90 = (arg4[2]); + x91 = (arg4[1]); + x92 = (arg4[0]); + fiat_secp256k1_subborrowx_u32(&x93, &x94, 0x0, 0x0, x92); + fiat_secp256k1_subborrowx_u32(&x95, &x96, x94, 0x0, x91); + fiat_secp256k1_subborrowx_u32(&x97, &x98, x96, 0x0, x90); + fiat_secp256k1_subborrowx_u32(&x99, &x100, x98, 0x0, x89); + fiat_secp256k1_subborrowx_u32(&x101, &x102, x100, 0x0, x88); + fiat_secp256k1_subborrowx_u32(&x103, &x104, x102, 0x0, x87); + fiat_secp256k1_subborrowx_u32(&x105, &x106, x104, 0x0, x86); + fiat_secp256k1_subborrowx_u32(&x107, &x108, x106, 0x0, x85); + fiat_secp256k1_cmovznz_u32(&x109, x108, 0x0, UINT32_C(0xffffffff)); + fiat_secp256k1_addcarryx_u32(&x110, &x111, 0x0, x93, (x109 & UINT32_C(0xfffffc2f))); + fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x95, (x109 & UINT32_C(0xfffffffe))); + fiat_secp256k1_addcarryx_u32(&x114, &x115, x113, x97, x109); + fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, x99, x109); + fiat_secp256k1_addcarryx_u32(&x118, &x119, x117, x101, x109); + fiat_secp256k1_addcarryx_u32(&x120, &x121, x119, x103, x109); + fiat_secp256k1_addcarryx_u32(&x122, &x123, x121, x105, x109); + fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x107, x109); + fiat_secp256k1_cmovznz_u32(&x126, x3, (arg5[0]), x110); + fiat_secp256k1_cmovznz_u32(&x127, x3, (arg5[1]), x112); + fiat_secp256k1_cmovznz_u32(&x128, x3, (arg5[2]), x114); + fiat_secp256k1_cmovznz_u32(&x129, x3, (arg5[3]), x116); + fiat_secp256k1_cmovznz_u32(&x130, x3, (arg5[4]), x118); + fiat_secp256k1_cmovznz_u32(&x131, x3, (arg5[5]), x120); + fiat_secp256k1_cmovznz_u32(&x132, x3, (arg5[6]), x122); + fiat_secp256k1_cmovznz_u32(&x133, x3, (arg5[7]), x124); + x134 = (fiat_secp256k1_uint1)(x34 & 0x1); + fiat_secp256k1_cmovznz_u32(&x135, x134, 0x0, x7); + fiat_secp256k1_cmovznz_u32(&x136, x134, 0x0, x8); + fiat_secp256k1_cmovznz_u32(&x137, x134, 0x0, x9); + fiat_secp256k1_cmovznz_u32(&x138, x134, 0x0, x10); + fiat_secp256k1_cmovznz_u32(&x139, x134, 0x0, x11); + fiat_secp256k1_cmovznz_u32(&x140, x134, 0x0, x12); + fiat_secp256k1_cmovznz_u32(&x141, x134, 0x0, x13); + fiat_secp256k1_cmovznz_u32(&x142, x134, 0x0, x14); + fiat_secp256k1_cmovznz_u32(&x143, x134, 0x0, x15); + fiat_secp256k1_addcarryx_u32(&x144, &x145, 0x0, x34, x135); + fiat_secp256k1_addcarryx_u32(&x146, &x147, x145, x35, x136); + fiat_secp256k1_addcarryx_u32(&x148, &x149, x147, x36, x137); + fiat_secp256k1_addcarryx_u32(&x150, &x151, x149, x37, x138); + fiat_secp256k1_addcarryx_u32(&x152, &x153, x151, x38, x139); + fiat_secp256k1_addcarryx_u32(&x154, &x155, x153, x39, x140); + fiat_secp256k1_addcarryx_u32(&x156, &x157, x155, x40, x141); + fiat_secp256k1_addcarryx_u32(&x158, &x159, x157, x41, x142); + fiat_secp256k1_addcarryx_u32(&x160, &x161, x159, x42, x143); + fiat_secp256k1_cmovznz_u32(&x162, x134, 0x0, x43); + fiat_secp256k1_cmovznz_u32(&x163, x134, 0x0, x44); + fiat_secp256k1_cmovznz_u32(&x164, x134, 0x0, x45); + fiat_secp256k1_cmovznz_u32(&x165, x134, 0x0, x46); + fiat_secp256k1_cmovznz_u32(&x166, x134, 0x0, x47); + fiat_secp256k1_cmovznz_u32(&x167, x134, 0x0, x48); + fiat_secp256k1_cmovznz_u32(&x168, x134, 0x0, x49); + fiat_secp256k1_cmovznz_u32(&x169, x134, 0x0, x50); + fiat_secp256k1_addcarryx_u32(&x170, &x171, 0x0, x126, x162); + fiat_secp256k1_addcarryx_u32(&x172, &x173, x171, x127, x163); + fiat_secp256k1_addcarryx_u32(&x174, &x175, x173, x128, x164); + fiat_secp256k1_addcarryx_u32(&x176, &x177, x175, x129, x165); + fiat_secp256k1_addcarryx_u32(&x178, &x179, x177, x130, x166); + fiat_secp256k1_addcarryx_u32(&x180, &x181, x179, x131, x167); + fiat_secp256k1_addcarryx_u32(&x182, &x183, x181, x132, x168); + fiat_secp256k1_addcarryx_u32(&x184, &x185, x183, x133, x169); + fiat_secp256k1_subborrowx_u32(&x186, &x187, 0x0, x170, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x188, &x189, x187, x172, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x190, &x191, x189, x174, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x192, &x193, x191, x176, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x194, &x195, x193, x178, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x196, &x197, x195, x180, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x198, &x199, x197, x182, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x200, &x201, x199, x184, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x202, &x203, x201, x185, 0x0); + fiat_secp256k1_addcarryx_u32(&x204, &x205, 0x0, x6, 0x1); + x206 = ((x144 >> 1) | ((x146 << 31) & UINT32_C(0xffffffff))); + x207 = ((x146 >> 1) | ((x148 << 31) & UINT32_C(0xffffffff))); + x208 = ((x148 >> 1) | ((x150 << 31) & UINT32_C(0xffffffff))); + x209 = ((x150 >> 1) | ((x152 << 31) & UINT32_C(0xffffffff))); + x210 = ((x152 >> 1) | ((x154 << 31) & UINT32_C(0xffffffff))); + x211 = ((x154 >> 1) | ((x156 << 31) & UINT32_C(0xffffffff))); + x212 = ((x156 >> 1) | ((x158 << 31) & UINT32_C(0xffffffff))); + x213 = ((x158 >> 1) | ((x160 << 31) & UINT32_C(0xffffffff))); + x214 = ((x160 & UINT32_C(0x80000000)) | (x160 >> 1)); + fiat_secp256k1_cmovznz_u32(&x215, x84, x67, x51); + fiat_secp256k1_cmovznz_u32(&x216, x84, x69, x53); + fiat_secp256k1_cmovznz_u32(&x217, x84, x71, x55); + fiat_secp256k1_cmovznz_u32(&x218, x84, x73, x57); + fiat_secp256k1_cmovznz_u32(&x219, x84, x75, x59); + fiat_secp256k1_cmovznz_u32(&x220, x84, x77, x61); + fiat_secp256k1_cmovznz_u32(&x221, x84, x79, x63); + fiat_secp256k1_cmovznz_u32(&x222, x84, x81, x65); + fiat_secp256k1_cmovznz_u32(&x223, x203, x186, x170); + fiat_secp256k1_cmovznz_u32(&x224, x203, x188, x172); + fiat_secp256k1_cmovznz_u32(&x225, x203, x190, x174); + fiat_secp256k1_cmovznz_u32(&x226, x203, x192, x176); + fiat_secp256k1_cmovznz_u32(&x227, x203, x194, x178); + fiat_secp256k1_cmovznz_u32(&x228, x203, x196, x180); + fiat_secp256k1_cmovznz_u32(&x229, x203, x198, x182); + fiat_secp256k1_cmovznz_u32(&x230, x203, x200, x184); + *out1 = x204; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out2[8] = x15; + out3[0] = x206; + out3[1] = x207; + out3[2] = x208; + out3[3] = x209; + out3[4] = x210; + out3[5] = x211; + out3[6] = x212; + out3[7] = x213; + out3[8] = x214; + out4[0] = x215; + out4[1] = x216; + out4[2] = x217; + out4[3] = x218; + out4[4] = x219; + out4[5] = x220; + out4[6] = x221; + out4[7] = x222; + out5[0] = x223; + out5[1] = x224; + out5[2] = x225; + out5[3] = x226; + out5[4] = x227; + out5[5] = x228; + out5[6] = x229; + out5[7] = x230; +} + +/* + * The function fiat_secp256k1_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). + * + * Postconditions: + * eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_divstep_precomp(uint32_t out1[8]) { + out1[0] = UINT32_C(0x31525e0a); + out1[1] = UINT32_C(0xf201a418); + out1[2] = UINT32_C(0xcd648d85); + out1[3] = UINT32_C(0x9953f9dd); + out1[4] = UINT32_C(0x3db210a9); + out1[5] = UINT32_C(0xe8602946); + out1[6] = UINT32_C(0x4b03709); + out1[7] = UINT32_C(0x24fb8a31); +} + + +/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier secp256k1_montgomery_scalar 32 '2^256 - 432420386565659656852420866394968145599' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ +/* curve description: secp256k1_montgomery_scalar */ +/* machine_wordsize = 32 (from "32") */ +/* requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp */ +/* m = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 (from "2^256 - 432420386565659656852420866394968145599") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ +/* */ +/* Computed values: */ +/* eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) */ +/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */ +/* twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in */ +/* if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 */ + +#include +typedef unsigned char fiat_secp256k1_scalar_uint1; +typedef signed char fiat_secp256k1_scalar_int1; +#if defined(__GNUC__) || defined(__clang__) +# define FIAT_SECP256K1_SCALAR_FIAT_INLINE __inline__ +#else +# define FIAT_SECP256K1_SCALAR_FIAT_INLINE +#endif + +/* The type fiat_secp256k1_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ +typedef uint32_t fiat_secp256k1_scalar_montgomery_domain_field_element[8]; + +/* The type fiat_secp256k1_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ +/* Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ +typedef uint32_t fiat_secp256k1_scalar_non_montgomery_domain_field_element[8]; + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + +#if !defined(FIAT_SECP256K1_SCALAR_NO_ASM) && (defined(__GNUC__) || defined(__clang__)) +static __inline__ uint32_t fiat_secp256k1_scalar_value_barrier_u32(uint32_t a) { + __asm__("" : "+r"(a) : /* no inputs */); + return a; +} +#else +# define fiat_secp256k1_scalar_value_barrier_u32(x) (x) +#endif + + +/* + * The function fiat_secp256k1_scalar_addcarryx_u32 is an addition with carry. + * + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^32 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_addcarryx_u32(uint32_t* out1, fiat_secp256k1_scalar_uint1* out2, fiat_secp256k1_scalar_uint1 arg1, uint32_t arg2, uint32_t arg3) { + uint64_t x1; + uint32_t x2; + fiat_secp256k1_scalar_uint1 x3; + x1 = ((arg1 + (uint64_t)arg2) + arg3); + x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + x3 = (fiat_secp256k1_scalar_uint1)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_scalar_subborrowx_u32 is a subtraction with borrow. + * + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^32 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_subborrowx_u32(uint32_t* out1, fiat_secp256k1_scalar_uint1* out2, fiat_secp256k1_scalar_uint1 arg1, uint32_t arg2, uint32_t arg3) { + int64_t x1; + fiat_secp256k1_scalar_int1 x2; + uint32_t x3; + x1 = ((arg2 - (int64_t)arg1) - arg3); + x2 = (fiat_secp256k1_scalar_int1)(x1 >> 32); + x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + *out1 = x3; + *out2 = (fiat_secp256k1_scalar_uint1)(0x0 - x2); +} + +/* + * The function fiat_secp256k1_scalar_mulx_u32 is a multiplication, returning the full double-width result. + * + * Postconditions: + * out1 = (arg1 * arg2) mod 2^32 + * out2 = ⌊arg1 * arg2 / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffff] + * arg2: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0xffffffff] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, uint32_t arg2) { + uint64_t x1; + uint32_t x2; + uint32_t x3; + x1 = ((uint64_t)arg1 * arg2); + x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + x3 = (uint32_t)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_secp256k1_scalar_cmovznz_u32 is a single-word conditional move. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_cmovznz_u32(uint32_t* out1, fiat_secp256k1_scalar_uint1 arg1, uint32_t arg2, uint32_t arg3) { + fiat_secp256k1_scalar_uint1 x1; + uint32_t x2; + uint32_t x3; + x1 = (!(!arg1)); + x2 = ((fiat_secp256k1_scalar_int1)(0x0 - x1) & UINT32_C(0xffffffff)); + x3 = ((fiat_secp256k1_scalar_value_barrier_u32(x2) & arg3) | (fiat_secp256k1_scalar_value_barrier_u32((~x2)) & arg2)); + *out1 = x3; +} + +/* + * The function fiat_secp256k1_scalar_mul multiplies two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_mul(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg2) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint32_t x24; + uint32_t x25; + fiat_secp256k1_scalar_uint1 x26; + uint32_t x27; + fiat_secp256k1_scalar_uint1 x28; + uint32_t x29; + fiat_secp256k1_scalar_uint1 x30; + uint32_t x31; + fiat_secp256k1_scalar_uint1 x32; + uint32_t x33; + fiat_secp256k1_scalar_uint1 x34; + uint32_t x35; + fiat_secp256k1_scalar_uint1 x36; + uint32_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + uint32_t x57; + uint32_t x58; + fiat_secp256k1_scalar_uint1 x59; + uint32_t x60; + fiat_secp256k1_scalar_uint1 x61; + uint32_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint32_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint32_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint32_t x68; + fiat_secp256k1_scalar_uint1 x69; + uint32_t x70; + fiat_secp256k1_scalar_uint1 x71; + uint32_t x72; + uint32_t x73; + fiat_secp256k1_scalar_uint1 x74; + uint32_t x75; + fiat_secp256k1_scalar_uint1 x76; + uint32_t x77; + fiat_secp256k1_scalar_uint1 x78; + uint32_t x79; + fiat_secp256k1_scalar_uint1 x80; + uint32_t x81; + fiat_secp256k1_scalar_uint1 x82; + uint32_t x83; + fiat_secp256k1_scalar_uint1 x84; + uint32_t x85; + fiat_secp256k1_scalar_uint1 x86; + uint32_t x87; + fiat_secp256k1_scalar_uint1 x88; + uint32_t x89; + fiat_secp256k1_scalar_uint1 x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + uint32_t x94; + uint32_t x95; + uint32_t x96; + uint32_t x97; + uint32_t x98; + uint32_t x99; + uint32_t x100; + uint32_t x101; + uint32_t x102; + uint32_t x103; + uint32_t x104; + uint32_t x105; + uint32_t x106; + uint32_t x107; + fiat_secp256k1_scalar_uint1 x108; + uint32_t x109; + fiat_secp256k1_scalar_uint1 x110; + uint32_t x111; + fiat_secp256k1_scalar_uint1 x112; + uint32_t x113; + fiat_secp256k1_scalar_uint1 x114; + uint32_t x115; + fiat_secp256k1_scalar_uint1 x116; + uint32_t x117; + fiat_secp256k1_scalar_uint1 x118; + uint32_t x119; + fiat_secp256k1_scalar_uint1 x120; + uint32_t x121; + uint32_t x122; + fiat_secp256k1_scalar_uint1 x123; + uint32_t x124; + fiat_secp256k1_scalar_uint1 x125; + uint32_t x126; + fiat_secp256k1_scalar_uint1 x127; + uint32_t x128; + fiat_secp256k1_scalar_uint1 x129; + uint32_t x130; + fiat_secp256k1_scalar_uint1 x131; + uint32_t x132; + fiat_secp256k1_scalar_uint1 x133; + uint32_t x134; + fiat_secp256k1_scalar_uint1 x135; + uint32_t x136; + fiat_secp256k1_scalar_uint1 x137; + uint32_t x138; + fiat_secp256k1_scalar_uint1 x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + uint32_t x153; + uint32_t x154; + uint32_t x155; + uint32_t x156; + uint32_t x157; + uint32_t x158; + fiat_secp256k1_scalar_uint1 x159; + uint32_t x160; + fiat_secp256k1_scalar_uint1 x161; + uint32_t x162; + fiat_secp256k1_scalar_uint1 x163; + uint32_t x164; + fiat_secp256k1_scalar_uint1 x165; + uint32_t x166; + fiat_secp256k1_scalar_uint1 x167; + uint32_t x168; + fiat_secp256k1_scalar_uint1 x169; + uint32_t x170; + fiat_secp256k1_scalar_uint1 x171; + uint32_t x172; + uint32_t x173; + fiat_secp256k1_scalar_uint1 x174; + uint32_t x175; + fiat_secp256k1_scalar_uint1 x176; + uint32_t x177; + fiat_secp256k1_scalar_uint1 x178; + uint32_t x179; + fiat_secp256k1_scalar_uint1 x180; + uint32_t x181; + fiat_secp256k1_scalar_uint1 x182; + uint32_t x183; + fiat_secp256k1_scalar_uint1 x184; + uint32_t x185; + fiat_secp256k1_scalar_uint1 x186; + uint32_t x187; + fiat_secp256k1_scalar_uint1 x188; + uint32_t x189; + fiat_secp256k1_scalar_uint1 x190; + uint32_t x191; + uint32_t x192; + uint32_t x193; + uint32_t x194; + uint32_t x195; + uint32_t x196; + uint32_t x197; + uint32_t x198; + uint32_t x199; + uint32_t x200; + uint32_t x201; + uint32_t x202; + uint32_t x203; + uint32_t x204; + uint32_t x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + fiat_secp256k1_scalar_uint1 x209; + uint32_t x210; + fiat_secp256k1_scalar_uint1 x211; + uint32_t x212; + fiat_secp256k1_scalar_uint1 x213; + uint32_t x214; + fiat_secp256k1_scalar_uint1 x215; + uint32_t x216; + fiat_secp256k1_scalar_uint1 x217; + uint32_t x218; + fiat_secp256k1_scalar_uint1 x219; + uint32_t x220; + fiat_secp256k1_scalar_uint1 x221; + uint32_t x222; + uint32_t x223; + fiat_secp256k1_scalar_uint1 x224; + uint32_t x225; + fiat_secp256k1_scalar_uint1 x226; + uint32_t x227; + fiat_secp256k1_scalar_uint1 x228; + uint32_t x229; + fiat_secp256k1_scalar_uint1 x230; + uint32_t x231; + fiat_secp256k1_scalar_uint1 x232; + uint32_t x233; + fiat_secp256k1_scalar_uint1 x234; + uint32_t x235; + fiat_secp256k1_scalar_uint1 x236; + uint32_t x237; + fiat_secp256k1_scalar_uint1 x238; + uint32_t x239; + fiat_secp256k1_scalar_uint1 x240; + uint32_t x241; + uint32_t x242; + uint32_t x243; + uint32_t x244; + uint32_t x245; + uint32_t x246; + uint32_t x247; + uint32_t x248; + uint32_t x249; + uint32_t x250; + uint32_t x251; + uint32_t x252; + uint32_t x253; + uint32_t x254; + uint32_t x255; + uint32_t x256; + uint32_t x257; + uint32_t x258; + uint32_t x259; + fiat_secp256k1_scalar_uint1 x260; + uint32_t x261; + fiat_secp256k1_scalar_uint1 x262; + uint32_t x263; + fiat_secp256k1_scalar_uint1 x264; + uint32_t x265; + fiat_secp256k1_scalar_uint1 x266; + uint32_t x267; + fiat_secp256k1_scalar_uint1 x268; + uint32_t x269; + fiat_secp256k1_scalar_uint1 x270; + uint32_t x271; + fiat_secp256k1_scalar_uint1 x272; + uint32_t x273; + uint32_t x274; + fiat_secp256k1_scalar_uint1 x275; + uint32_t x276; + fiat_secp256k1_scalar_uint1 x277; + uint32_t x278; + fiat_secp256k1_scalar_uint1 x279; + uint32_t x280; + fiat_secp256k1_scalar_uint1 x281; + uint32_t x282; + fiat_secp256k1_scalar_uint1 x283; + uint32_t x284; + fiat_secp256k1_scalar_uint1 x285; + uint32_t x286; + fiat_secp256k1_scalar_uint1 x287; + uint32_t x288; + fiat_secp256k1_scalar_uint1 x289; + uint32_t x290; + fiat_secp256k1_scalar_uint1 x291; + uint32_t x292; + uint32_t x293; + uint32_t x294; + uint32_t x295; + uint32_t x296; + uint32_t x297; + uint32_t x298; + uint32_t x299; + uint32_t x300; + uint32_t x301; + uint32_t x302; + uint32_t x303; + uint32_t x304; + uint32_t x305; + uint32_t x306; + uint32_t x307; + uint32_t x308; + uint32_t x309; + fiat_secp256k1_scalar_uint1 x310; + uint32_t x311; + fiat_secp256k1_scalar_uint1 x312; + uint32_t x313; + fiat_secp256k1_scalar_uint1 x314; + uint32_t x315; + fiat_secp256k1_scalar_uint1 x316; + uint32_t x317; + fiat_secp256k1_scalar_uint1 x318; + uint32_t x319; + fiat_secp256k1_scalar_uint1 x320; + uint32_t x321; + fiat_secp256k1_scalar_uint1 x322; + uint32_t x323; + uint32_t x324; + fiat_secp256k1_scalar_uint1 x325; + uint32_t x326; + fiat_secp256k1_scalar_uint1 x327; + uint32_t x328; + fiat_secp256k1_scalar_uint1 x329; + uint32_t x330; + fiat_secp256k1_scalar_uint1 x331; + uint32_t x332; + fiat_secp256k1_scalar_uint1 x333; + uint32_t x334; + fiat_secp256k1_scalar_uint1 x335; + uint32_t x336; + fiat_secp256k1_scalar_uint1 x337; + uint32_t x338; + fiat_secp256k1_scalar_uint1 x339; + uint32_t x340; + fiat_secp256k1_scalar_uint1 x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + uint32_t x346; + uint32_t x347; + uint32_t x348; + uint32_t x349; + uint32_t x350; + uint32_t x351; + uint32_t x352; + uint32_t x353; + uint32_t x354; + uint32_t x355; + uint32_t x356; + uint32_t x357; + uint32_t x358; + uint32_t x359; + uint32_t x360; + fiat_secp256k1_scalar_uint1 x361; + uint32_t x362; + fiat_secp256k1_scalar_uint1 x363; + uint32_t x364; + fiat_secp256k1_scalar_uint1 x365; + uint32_t x366; + fiat_secp256k1_scalar_uint1 x367; + uint32_t x368; + fiat_secp256k1_scalar_uint1 x369; + uint32_t x370; + fiat_secp256k1_scalar_uint1 x371; + uint32_t x372; + fiat_secp256k1_scalar_uint1 x373; + uint32_t x374; + uint32_t x375; + fiat_secp256k1_scalar_uint1 x376; + uint32_t x377; + fiat_secp256k1_scalar_uint1 x378; + uint32_t x379; + fiat_secp256k1_scalar_uint1 x380; + uint32_t x381; + fiat_secp256k1_scalar_uint1 x382; + uint32_t x383; + fiat_secp256k1_scalar_uint1 x384; + uint32_t x385; + fiat_secp256k1_scalar_uint1 x386; + uint32_t x387; + fiat_secp256k1_scalar_uint1 x388; + uint32_t x389; + fiat_secp256k1_scalar_uint1 x390; + uint32_t x391; + fiat_secp256k1_scalar_uint1 x392; + uint32_t x393; + uint32_t x394; + uint32_t x395; + uint32_t x396; + uint32_t x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + uint32_t x406; + uint32_t x407; + uint32_t x408; + uint32_t x409; + uint32_t x410; + fiat_secp256k1_scalar_uint1 x411; + uint32_t x412; + fiat_secp256k1_scalar_uint1 x413; + uint32_t x414; + fiat_secp256k1_scalar_uint1 x415; + uint32_t x416; + fiat_secp256k1_scalar_uint1 x417; + uint32_t x418; + fiat_secp256k1_scalar_uint1 x419; + uint32_t x420; + fiat_secp256k1_scalar_uint1 x421; + uint32_t x422; + fiat_secp256k1_scalar_uint1 x423; + uint32_t x424; + uint32_t x425; + fiat_secp256k1_scalar_uint1 x426; + uint32_t x427; + fiat_secp256k1_scalar_uint1 x428; + uint32_t x429; + fiat_secp256k1_scalar_uint1 x430; + uint32_t x431; + fiat_secp256k1_scalar_uint1 x432; + uint32_t x433; + fiat_secp256k1_scalar_uint1 x434; + uint32_t x435; + fiat_secp256k1_scalar_uint1 x436; + uint32_t x437; + fiat_secp256k1_scalar_uint1 x438; + uint32_t x439; + fiat_secp256k1_scalar_uint1 x440; + uint32_t x441; + fiat_secp256k1_scalar_uint1 x442; + uint32_t x443; + uint32_t x444; + uint32_t x445; + uint32_t x446; + uint32_t x447; + uint32_t x448; + uint32_t x449; + uint32_t x450; + uint32_t x451; + uint32_t x452; + uint32_t x453; + uint32_t x454; + uint32_t x455; + uint32_t x456; + uint32_t x457; + uint32_t x458; + uint32_t x459; + uint32_t x460; + uint32_t x461; + fiat_secp256k1_scalar_uint1 x462; + uint32_t x463; + fiat_secp256k1_scalar_uint1 x464; + uint32_t x465; + fiat_secp256k1_scalar_uint1 x466; + uint32_t x467; + fiat_secp256k1_scalar_uint1 x468; + uint32_t x469; + fiat_secp256k1_scalar_uint1 x470; + uint32_t x471; + fiat_secp256k1_scalar_uint1 x472; + uint32_t x473; + fiat_secp256k1_scalar_uint1 x474; + uint32_t x475; + uint32_t x476; + fiat_secp256k1_scalar_uint1 x477; + uint32_t x478; + fiat_secp256k1_scalar_uint1 x479; + uint32_t x480; + fiat_secp256k1_scalar_uint1 x481; + uint32_t x482; + fiat_secp256k1_scalar_uint1 x483; + uint32_t x484; + fiat_secp256k1_scalar_uint1 x485; + uint32_t x486; + fiat_secp256k1_scalar_uint1 x487; + uint32_t x488; + fiat_secp256k1_scalar_uint1 x489; + uint32_t x490; + fiat_secp256k1_scalar_uint1 x491; + uint32_t x492; + fiat_secp256k1_scalar_uint1 x493; + uint32_t x494; + uint32_t x495; + uint32_t x496; + uint32_t x497; + uint32_t x498; + uint32_t x499; + uint32_t x500; + uint32_t x501; + uint32_t x502; + uint32_t x503; + uint32_t x504; + uint32_t x505; + uint32_t x506; + uint32_t x507; + uint32_t x508; + uint32_t x509; + uint32_t x510; + uint32_t x511; + fiat_secp256k1_scalar_uint1 x512; + uint32_t x513; + fiat_secp256k1_scalar_uint1 x514; + uint32_t x515; + fiat_secp256k1_scalar_uint1 x516; + uint32_t x517; + fiat_secp256k1_scalar_uint1 x518; + uint32_t x519; + fiat_secp256k1_scalar_uint1 x520; + uint32_t x521; + fiat_secp256k1_scalar_uint1 x522; + uint32_t x523; + fiat_secp256k1_scalar_uint1 x524; + uint32_t x525; + uint32_t x526; + fiat_secp256k1_scalar_uint1 x527; + uint32_t x528; + fiat_secp256k1_scalar_uint1 x529; + uint32_t x530; + fiat_secp256k1_scalar_uint1 x531; + uint32_t x532; + fiat_secp256k1_scalar_uint1 x533; + uint32_t x534; + fiat_secp256k1_scalar_uint1 x535; + uint32_t x536; + fiat_secp256k1_scalar_uint1 x537; + uint32_t x538; + fiat_secp256k1_scalar_uint1 x539; + uint32_t x540; + fiat_secp256k1_scalar_uint1 x541; + uint32_t x542; + fiat_secp256k1_scalar_uint1 x543; + uint32_t x544; + uint32_t x545; + uint32_t x546; + uint32_t x547; + uint32_t x548; + uint32_t x549; + uint32_t x550; + uint32_t x551; + uint32_t x552; + uint32_t x553; + uint32_t x554; + uint32_t x555; + uint32_t x556; + uint32_t x557; + uint32_t x558; + uint32_t x559; + uint32_t x560; + uint32_t x561; + uint32_t x562; + fiat_secp256k1_scalar_uint1 x563; + uint32_t x564; + fiat_secp256k1_scalar_uint1 x565; + uint32_t x566; + fiat_secp256k1_scalar_uint1 x567; + uint32_t x568; + fiat_secp256k1_scalar_uint1 x569; + uint32_t x570; + fiat_secp256k1_scalar_uint1 x571; + uint32_t x572; + fiat_secp256k1_scalar_uint1 x573; + uint32_t x574; + fiat_secp256k1_scalar_uint1 x575; + uint32_t x576; + uint32_t x577; + fiat_secp256k1_scalar_uint1 x578; + uint32_t x579; + fiat_secp256k1_scalar_uint1 x580; + uint32_t x581; + fiat_secp256k1_scalar_uint1 x582; + uint32_t x583; + fiat_secp256k1_scalar_uint1 x584; + uint32_t x585; + fiat_secp256k1_scalar_uint1 x586; + uint32_t x587; + fiat_secp256k1_scalar_uint1 x588; + uint32_t x589; + fiat_secp256k1_scalar_uint1 x590; + uint32_t x591; + fiat_secp256k1_scalar_uint1 x592; + uint32_t x593; + fiat_secp256k1_scalar_uint1 x594; + uint32_t x595; + uint32_t x596; + uint32_t x597; + uint32_t x598; + uint32_t x599; + uint32_t x600; + uint32_t x601; + uint32_t x602; + uint32_t x603; + uint32_t x604; + uint32_t x605; + uint32_t x606; + uint32_t x607; + uint32_t x608; + uint32_t x609; + uint32_t x610; + uint32_t x611; + uint32_t x612; + fiat_secp256k1_scalar_uint1 x613; + uint32_t x614; + fiat_secp256k1_scalar_uint1 x615; + uint32_t x616; + fiat_secp256k1_scalar_uint1 x617; + uint32_t x618; + fiat_secp256k1_scalar_uint1 x619; + uint32_t x620; + fiat_secp256k1_scalar_uint1 x621; + uint32_t x622; + fiat_secp256k1_scalar_uint1 x623; + uint32_t x624; + fiat_secp256k1_scalar_uint1 x625; + uint32_t x626; + uint32_t x627; + fiat_secp256k1_scalar_uint1 x628; + uint32_t x629; + fiat_secp256k1_scalar_uint1 x630; + uint32_t x631; + fiat_secp256k1_scalar_uint1 x632; + uint32_t x633; + fiat_secp256k1_scalar_uint1 x634; + uint32_t x635; + fiat_secp256k1_scalar_uint1 x636; + uint32_t x637; + fiat_secp256k1_scalar_uint1 x638; + uint32_t x639; + fiat_secp256k1_scalar_uint1 x640; + uint32_t x641; + fiat_secp256k1_scalar_uint1 x642; + uint32_t x643; + fiat_secp256k1_scalar_uint1 x644; + uint32_t x645; + uint32_t x646; + uint32_t x647; + uint32_t x648; + uint32_t x649; + uint32_t x650; + uint32_t x651; + uint32_t x652; + uint32_t x653; + uint32_t x654; + uint32_t x655; + uint32_t x656; + uint32_t x657; + uint32_t x658; + uint32_t x659; + uint32_t x660; + uint32_t x661; + uint32_t x662; + uint32_t x663; + fiat_secp256k1_scalar_uint1 x664; + uint32_t x665; + fiat_secp256k1_scalar_uint1 x666; + uint32_t x667; + fiat_secp256k1_scalar_uint1 x668; + uint32_t x669; + fiat_secp256k1_scalar_uint1 x670; + uint32_t x671; + fiat_secp256k1_scalar_uint1 x672; + uint32_t x673; + fiat_secp256k1_scalar_uint1 x674; + uint32_t x675; + fiat_secp256k1_scalar_uint1 x676; + uint32_t x677; + uint32_t x678; + fiat_secp256k1_scalar_uint1 x679; + uint32_t x680; + fiat_secp256k1_scalar_uint1 x681; + uint32_t x682; + fiat_secp256k1_scalar_uint1 x683; + uint32_t x684; + fiat_secp256k1_scalar_uint1 x685; + uint32_t x686; + fiat_secp256k1_scalar_uint1 x687; + uint32_t x688; + fiat_secp256k1_scalar_uint1 x689; + uint32_t x690; + fiat_secp256k1_scalar_uint1 x691; + uint32_t x692; + fiat_secp256k1_scalar_uint1 x693; + uint32_t x694; + fiat_secp256k1_scalar_uint1 x695; + uint32_t x696; + uint32_t x697; + uint32_t x698; + uint32_t x699; + uint32_t x700; + uint32_t x701; + uint32_t x702; + uint32_t x703; + uint32_t x704; + uint32_t x705; + uint32_t x706; + uint32_t x707; + uint32_t x708; + uint32_t x709; + uint32_t x710; + uint32_t x711; + uint32_t x712; + uint32_t x713; + fiat_secp256k1_scalar_uint1 x714; + uint32_t x715; + fiat_secp256k1_scalar_uint1 x716; + uint32_t x717; + fiat_secp256k1_scalar_uint1 x718; + uint32_t x719; + fiat_secp256k1_scalar_uint1 x720; + uint32_t x721; + fiat_secp256k1_scalar_uint1 x722; + uint32_t x723; + fiat_secp256k1_scalar_uint1 x724; + uint32_t x725; + fiat_secp256k1_scalar_uint1 x726; + uint32_t x727; + uint32_t x728; + fiat_secp256k1_scalar_uint1 x729; + uint32_t x730; + fiat_secp256k1_scalar_uint1 x731; + uint32_t x732; + fiat_secp256k1_scalar_uint1 x733; + uint32_t x734; + fiat_secp256k1_scalar_uint1 x735; + uint32_t x736; + fiat_secp256k1_scalar_uint1 x737; + uint32_t x738; + fiat_secp256k1_scalar_uint1 x739; + uint32_t x740; + fiat_secp256k1_scalar_uint1 x741; + uint32_t x742; + fiat_secp256k1_scalar_uint1 x743; + uint32_t x744; + fiat_secp256k1_scalar_uint1 x745; + uint32_t x746; + uint32_t x747; + uint32_t x748; + uint32_t x749; + uint32_t x750; + uint32_t x751; + uint32_t x752; + uint32_t x753; + uint32_t x754; + uint32_t x755; + uint32_t x756; + uint32_t x757; + uint32_t x758; + uint32_t x759; + uint32_t x760; + uint32_t x761; + uint32_t x762; + uint32_t x763; + uint32_t x764; + fiat_secp256k1_scalar_uint1 x765; + uint32_t x766; + fiat_secp256k1_scalar_uint1 x767; + uint32_t x768; + fiat_secp256k1_scalar_uint1 x769; + uint32_t x770; + fiat_secp256k1_scalar_uint1 x771; + uint32_t x772; + fiat_secp256k1_scalar_uint1 x773; + uint32_t x774; + fiat_secp256k1_scalar_uint1 x775; + uint32_t x776; + fiat_secp256k1_scalar_uint1 x777; + uint32_t x778; + uint32_t x779; + fiat_secp256k1_scalar_uint1 x780; + uint32_t x781; + fiat_secp256k1_scalar_uint1 x782; + uint32_t x783; + fiat_secp256k1_scalar_uint1 x784; + uint32_t x785; + fiat_secp256k1_scalar_uint1 x786; + uint32_t x787; + fiat_secp256k1_scalar_uint1 x788; + uint32_t x789; + fiat_secp256k1_scalar_uint1 x790; + uint32_t x791; + fiat_secp256k1_scalar_uint1 x792; + uint32_t x793; + fiat_secp256k1_scalar_uint1 x794; + uint32_t x795; + fiat_secp256k1_scalar_uint1 x796; + uint32_t x797; + uint32_t x798; + fiat_secp256k1_scalar_uint1 x799; + uint32_t x800; + fiat_secp256k1_scalar_uint1 x801; + uint32_t x802; + fiat_secp256k1_scalar_uint1 x803; + uint32_t x804; + fiat_secp256k1_scalar_uint1 x805; + uint32_t x806; + fiat_secp256k1_scalar_uint1 x807; + uint32_t x808; + fiat_secp256k1_scalar_uint1 x809; + uint32_t x810; + fiat_secp256k1_scalar_uint1 x811; + uint32_t x812; + fiat_secp256k1_scalar_uint1 x813; + uint32_t x814; + fiat_secp256k1_scalar_uint1 x815; + uint32_t x816; + uint32_t x817; + uint32_t x818; + uint32_t x819; + uint32_t x820; + uint32_t x821; + uint32_t x822; + uint32_t x823; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[4]); + x5 = (arg1[5]); + x6 = (arg1[6]); + x7 = (arg1[7]); + x8 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u32(&x9, &x10, x8, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x11, &x12, x8, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x13, &x14, x8, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x15, &x16, x8, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x17, &x18, x8, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x19, &x20, x8, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x21, &x22, x8, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x23, &x24, x8, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + fiat_secp256k1_scalar_addcarryx_u32(&x27, &x28, x26, x22, x19); + fiat_secp256k1_scalar_addcarryx_u32(&x29, &x30, x28, x20, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x31, &x32, x30, x18, x15); + fiat_secp256k1_scalar_addcarryx_u32(&x33, &x34, x32, x16, x13); + fiat_secp256k1_scalar_addcarryx_u32(&x35, &x36, x34, x14, x11); + fiat_secp256k1_scalar_addcarryx_u32(&x37, &x38, x36, x12, x9); + x39 = (x38 + x10); + fiat_secp256k1_scalar_mulx_u32(&x40, &x41, x23, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x46, &x47, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x48, &x49, x40, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x50, &x51, x40, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x52, &x53, x40, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x54, &x55, x40, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x56, &x57, x40, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x58, &x59, 0x0, x57, x54); + fiat_secp256k1_scalar_addcarryx_u32(&x60, &x61, x59, x55, x52); + fiat_secp256k1_scalar_addcarryx_u32(&x62, &x63, x61, x53, x50); + fiat_secp256k1_scalar_addcarryx_u32(&x64, &x65, x63, x51, x48); + fiat_secp256k1_scalar_addcarryx_u32(&x66, &x67, x65, x49, x46); + fiat_secp256k1_scalar_addcarryx_u32(&x68, &x69, x67, x47, x44); + fiat_secp256k1_scalar_addcarryx_u32(&x70, &x71, x69, x45, x42); + x72 = (x71 + x43); + fiat_secp256k1_scalar_addcarryx_u32(&x73, &x74, 0x0, x23, x56); + fiat_secp256k1_scalar_addcarryx_u32(&x75, &x76, x74, x25, x58); + fiat_secp256k1_scalar_addcarryx_u32(&x77, &x78, x76, x27, x60); + fiat_secp256k1_scalar_addcarryx_u32(&x79, &x80, x78, x29, x62); + fiat_secp256k1_scalar_addcarryx_u32(&x81, &x82, x80, x31, x64); + fiat_secp256k1_scalar_addcarryx_u32(&x83, &x84, x82, x33, x66); + fiat_secp256k1_scalar_addcarryx_u32(&x85, &x86, x84, x35, x68); + fiat_secp256k1_scalar_addcarryx_u32(&x87, &x88, x86, x37, x70); + fiat_secp256k1_scalar_addcarryx_u32(&x89, &x90, x88, x39, x72); + fiat_secp256k1_scalar_mulx_u32(&x91, &x92, x1, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x93, &x94, x1, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x95, &x96, x1, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x97, &x98, x1, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x99, &x100, x1, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x101, &x102, x1, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x103, &x104, x1, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x105, &x106, x1, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x107, &x108, 0x0, x106, x103); + fiat_secp256k1_scalar_addcarryx_u32(&x109, &x110, x108, x104, x101); + fiat_secp256k1_scalar_addcarryx_u32(&x111, &x112, x110, x102, x99); + fiat_secp256k1_scalar_addcarryx_u32(&x113, &x114, x112, x100, x97); + fiat_secp256k1_scalar_addcarryx_u32(&x115, &x116, x114, x98, x95); + fiat_secp256k1_scalar_addcarryx_u32(&x117, &x118, x116, x96, x93); + fiat_secp256k1_scalar_addcarryx_u32(&x119, &x120, x118, x94, x91); + x121 = (x120 + x92); + fiat_secp256k1_scalar_addcarryx_u32(&x122, &x123, 0x0, x75, x105); + fiat_secp256k1_scalar_addcarryx_u32(&x124, &x125, x123, x77, x107); + fiat_secp256k1_scalar_addcarryx_u32(&x126, &x127, x125, x79, x109); + fiat_secp256k1_scalar_addcarryx_u32(&x128, &x129, x127, x81, x111); + fiat_secp256k1_scalar_addcarryx_u32(&x130, &x131, x129, x83, x113); + fiat_secp256k1_scalar_addcarryx_u32(&x132, &x133, x131, x85, x115); + fiat_secp256k1_scalar_addcarryx_u32(&x134, &x135, x133, x87, x117); + fiat_secp256k1_scalar_addcarryx_u32(&x136, &x137, x135, x89, x119); + fiat_secp256k1_scalar_addcarryx_u32(&x138, &x139, x137, x90, x121); + fiat_secp256k1_scalar_mulx_u32(&x140, &x141, x122, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x142, &x143, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x144, &x145, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x146, &x147, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x148, &x149, x140, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x150, &x151, x140, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x152, &x153, x140, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x154, &x155, x140, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x156, &x157, x140, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x158, &x159, 0x0, x157, x154); + fiat_secp256k1_scalar_addcarryx_u32(&x160, &x161, x159, x155, x152); + fiat_secp256k1_scalar_addcarryx_u32(&x162, &x163, x161, x153, x150); + fiat_secp256k1_scalar_addcarryx_u32(&x164, &x165, x163, x151, x148); + fiat_secp256k1_scalar_addcarryx_u32(&x166, &x167, x165, x149, x146); + fiat_secp256k1_scalar_addcarryx_u32(&x168, &x169, x167, x147, x144); + fiat_secp256k1_scalar_addcarryx_u32(&x170, &x171, x169, x145, x142); + x172 = (x171 + x143); + fiat_secp256k1_scalar_addcarryx_u32(&x173, &x174, 0x0, x122, x156); + fiat_secp256k1_scalar_addcarryx_u32(&x175, &x176, x174, x124, x158); + fiat_secp256k1_scalar_addcarryx_u32(&x177, &x178, x176, x126, x160); + fiat_secp256k1_scalar_addcarryx_u32(&x179, &x180, x178, x128, x162); + fiat_secp256k1_scalar_addcarryx_u32(&x181, &x182, x180, x130, x164); + fiat_secp256k1_scalar_addcarryx_u32(&x183, &x184, x182, x132, x166); + fiat_secp256k1_scalar_addcarryx_u32(&x185, &x186, x184, x134, x168); + fiat_secp256k1_scalar_addcarryx_u32(&x187, &x188, x186, x136, x170); + fiat_secp256k1_scalar_addcarryx_u32(&x189, &x190, x188, x138, x172); + x191 = ((uint32_t)x190 + x139); + fiat_secp256k1_scalar_mulx_u32(&x192, &x193, x2, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x194, &x195, x2, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x196, &x197, x2, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x198, &x199, x2, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x200, &x201, x2, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x202, &x203, x2, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x204, &x205, x2, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x206, &x207, x2, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x208, &x209, 0x0, x207, x204); + fiat_secp256k1_scalar_addcarryx_u32(&x210, &x211, x209, x205, x202); + fiat_secp256k1_scalar_addcarryx_u32(&x212, &x213, x211, x203, x200); + fiat_secp256k1_scalar_addcarryx_u32(&x214, &x215, x213, x201, x198); + fiat_secp256k1_scalar_addcarryx_u32(&x216, &x217, x215, x199, x196); + fiat_secp256k1_scalar_addcarryx_u32(&x218, &x219, x217, x197, x194); + fiat_secp256k1_scalar_addcarryx_u32(&x220, &x221, x219, x195, x192); + x222 = (x221 + x193); + fiat_secp256k1_scalar_addcarryx_u32(&x223, &x224, 0x0, x175, x206); + fiat_secp256k1_scalar_addcarryx_u32(&x225, &x226, x224, x177, x208); + fiat_secp256k1_scalar_addcarryx_u32(&x227, &x228, x226, x179, x210); + fiat_secp256k1_scalar_addcarryx_u32(&x229, &x230, x228, x181, x212); + fiat_secp256k1_scalar_addcarryx_u32(&x231, &x232, x230, x183, x214); + fiat_secp256k1_scalar_addcarryx_u32(&x233, &x234, x232, x185, x216); + fiat_secp256k1_scalar_addcarryx_u32(&x235, &x236, x234, x187, x218); + fiat_secp256k1_scalar_addcarryx_u32(&x237, &x238, x236, x189, x220); + fiat_secp256k1_scalar_addcarryx_u32(&x239, &x240, x238, x191, x222); + fiat_secp256k1_scalar_mulx_u32(&x241, &x242, x223, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x243, &x244, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x245, &x246, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x247, &x248, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x249, &x250, x241, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x251, &x252, x241, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x253, &x254, x241, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x255, &x256, x241, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x257, &x258, x241, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x259, &x260, 0x0, x258, x255); + fiat_secp256k1_scalar_addcarryx_u32(&x261, &x262, x260, x256, x253); + fiat_secp256k1_scalar_addcarryx_u32(&x263, &x264, x262, x254, x251); + fiat_secp256k1_scalar_addcarryx_u32(&x265, &x266, x264, x252, x249); + fiat_secp256k1_scalar_addcarryx_u32(&x267, &x268, x266, x250, x247); + fiat_secp256k1_scalar_addcarryx_u32(&x269, &x270, x268, x248, x245); + fiat_secp256k1_scalar_addcarryx_u32(&x271, &x272, x270, x246, x243); + x273 = (x272 + x244); + fiat_secp256k1_scalar_addcarryx_u32(&x274, &x275, 0x0, x223, x257); + fiat_secp256k1_scalar_addcarryx_u32(&x276, &x277, x275, x225, x259); + fiat_secp256k1_scalar_addcarryx_u32(&x278, &x279, x277, x227, x261); + fiat_secp256k1_scalar_addcarryx_u32(&x280, &x281, x279, x229, x263); + fiat_secp256k1_scalar_addcarryx_u32(&x282, &x283, x281, x231, x265); + fiat_secp256k1_scalar_addcarryx_u32(&x284, &x285, x283, x233, x267); + fiat_secp256k1_scalar_addcarryx_u32(&x286, &x287, x285, x235, x269); + fiat_secp256k1_scalar_addcarryx_u32(&x288, &x289, x287, x237, x271); + fiat_secp256k1_scalar_addcarryx_u32(&x290, &x291, x289, x239, x273); + x292 = ((uint32_t)x291 + x240); + fiat_secp256k1_scalar_mulx_u32(&x293, &x294, x3, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x295, &x296, x3, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x297, &x298, x3, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x299, &x300, x3, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x301, &x302, x3, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x303, &x304, x3, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x305, &x306, x3, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x307, &x308, x3, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x309, &x310, 0x0, x308, x305); + fiat_secp256k1_scalar_addcarryx_u32(&x311, &x312, x310, x306, x303); + fiat_secp256k1_scalar_addcarryx_u32(&x313, &x314, x312, x304, x301); + fiat_secp256k1_scalar_addcarryx_u32(&x315, &x316, x314, x302, x299); + fiat_secp256k1_scalar_addcarryx_u32(&x317, &x318, x316, x300, x297); + fiat_secp256k1_scalar_addcarryx_u32(&x319, &x320, x318, x298, x295); + fiat_secp256k1_scalar_addcarryx_u32(&x321, &x322, x320, x296, x293); + x323 = (x322 + x294); + fiat_secp256k1_scalar_addcarryx_u32(&x324, &x325, 0x0, x276, x307); + fiat_secp256k1_scalar_addcarryx_u32(&x326, &x327, x325, x278, x309); + fiat_secp256k1_scalar_addcarryx_u32(&x328, &x329, x327, x280, x311); + fiat_secp256k1_scalar_addcarryx_u32(&x330, &x331, x329, x282, x313); + fiat_secp256k1_scalar_addcarryx_u32(&x332, &x333, x331, x284, x315); + fiat_secp256k1_scalar_addcarryx_u32(&x334, &x335, x333, x286, x317); + fiat_secp256k1_scalar_addcarryx_u32(&x336, &x337, x335, x288, x319); + fiat_secp256k1_scalar_addcarryx_u32(&x338, &x339, x337, x290, x321); + fiat_secp256k1_scalar_addcarryx_u32(&x340, &x341, x339, x292, x323); + fiat_secp256k1_scalar_mulx_u32(&x342, &x343, x324, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x344, &x345, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x346, &x347, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x348, &x349, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x350, &x351, x342, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x352, &x353, x342, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x354, &x355, x342, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x356, &x357, x342, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x358, &x359, x342, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x360, &x361, 0x0, x359, x356); + fiat_secp256k1_scalar_addcarryx_u32(&x362, &x363, x361, x357, x354); + fiat_secp256k1_scalar_addcarryx_u32(&x364, &x365, x363, x355, x352); + fiat_secp256k1_scalar_addcarryx_u32(&x366, &x367, x365, x353, x350); + fiat_secp256k1_scalar_addcarryx_u32(&x368, &x369, x367, x351, x348); + fiat_secp256k1_scalar_addcarryx_u32(&x370, &x371, x369, x349, x346); + fiat_secp256k1_scalar_addcarryx_u32(&x372, &x373, x371, x347, x344); + x374 = (x373 + x345); + fiat_secp256k1_scalar_addcarryx_u32(&x375, &x376, 0x0, x324, x358); + fiat_secp256k1_scalar_addcarryx_u32(&x377, &x378, x376, x326, x360); + fiat_secp256k1_scalar_addcarryx_u32(&x379, &x380, x378, x328, x362); + fiat_secp256k1_scalar_addcarryx_u32(&x381, &x382, x380, x330, x364); + fiat_secp256k1_scalar_addcarryx_u32(&x383, &x384, x382, x332, x366); + fiat_secp256k1_scalar_addcarryx_u32(&x385, &x386, x384, x334, x368); + fiat_secp256k1_scalar_addcarryx_u32(&x387, &x388, x386, x336, x370); + fiat_secp256k1_scalar_addcarryx_u32(&x389, &x390, x388, x338, x372); + fiat_secp256k1_scalar_addcarryx_u32(&x391, &x392, x390, x340, x374); + x393 = ((uint32_t)x392 + x341); + fiat_secp256k1_scalar_mulx_u32(&x394, &x395, x4, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x396, &x397, x4, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x398, &x399, x4, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x400, &x401, x4, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x402, &x403, x4, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x404, &x405, x4, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x406, &x407, x4, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x408, &x409, x4, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x410, &x411, 0x0, x409, x406); + fiat_secp256k1_scalar_addcarryx_u32(&x412, &x413, x411, x407, x404); + fiat_secp256k1_scalar_addcarryx_u32(&x414, &x415, x413, x405, x402); + fiat_secp256k1_scalar_addcarryx_u32(&x416, &x417, x415, x403, x400); + fiat_secp256k1_scalar_addcarryx_u32(&x418, &x419, x417, x401, x398); + fiat_secp256k1_scalar_addcarryx_u32(&x420, &x421, x419, x399, x396); + fiat_secp256k1_scalar_addcarryx_u32(&x422, &x423, x421, x397, x394); + x424 = (x423 + x395); + fiat_secp256k1_scalar_addcarryx_u32(&x425, &x426, 0x0, x377, x408); + fiat_secp256k1_scalar_addcarryx_u32(&x427, &x428, x426, x379, x410); + fiat_secp256k1_scalar_addcarryx_u32(&x429, &x430, x428, x381, x412); + fiat_secp256k1_scalar_addcarryx_u32(&x431, &x432, x430, x383, x414); + fiat_secp256k1_scalar_addcarryx_u32(&x433, &x434, x432, x385, x416); + fiat_secp256k1_scalar_addcarryx_u32(&x435, &x436, x434, x387, x418); + fiat_secp256k1_scalar_addcarryx_u32(&x437, &x438, x436, x389, x420); + fiat_secp256k1_scalar_addcarryx_u32(&x439, &x440, x438, x391, x422); + fiat_secp256k1_scalar_addcarryx_u32(&x441, &x442, x440, x393, x424); + fiat_secp256k1_scalar_mulx_u32(&x443, &x444, x425, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x445, &x446, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x447, &x448, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x449, &x450, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x451, &x452, x443, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x453, &x454, x443, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x455, &x456, x443, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x457, &x458, x443, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x459, &x460, x443, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x461, &x462, 0x0, x460, x457); + fiat_secp256k1_scalar_addcarryx_u32(&x463, &x464, x462, x458, x455); + fiat_secp256k1_scalar_addcarryx_u32(&x465, &x466, x464, x456, x453); + fiat_secp256k1_scalar_addcarryx_u32(&x467, &x468, x466, x454, x451); + fiat_secp256k1_scalar_addcarryx_u32(&x469, &x470, x468, x452, x449); + fiat_secp256k1_scalar_addcarryx_u32(&x471, &x472, x470, x450, x447); + fiat_secp256k1_scalar_addcarryx_u32(&x473, &x474, x472, x448, x445); + x475 = (x474 + x446); + fiat_secp256k1_scalar_addcarryx_u32(&x476, &x477, 0x0, x425, x459); + fiat_secp256k1_scalar_addcarryx_u32(&x478, &x479, x477, x427, x461); + fiat_secp256k1_scalar_addcarryx_u32(&x480, &x481, x479, x429, x463); + fiat_secp256k1_scalar_addcarryx_u32(&x482, &x483, x481, x431, x465); + fiat_secp256k1_scalar_addcarryx_u32(&x484, &x485, x483, x433, x467); + fiat_secp256k1_scalar_addcarryx_u32(&x486, &x487, x485, x435, x469); + fiat_secp256k1_scalar_addcarryx_u32(&x488, &x489, x487, x437, x471); + fiat_secp256k1_scalar_addcarryx_u32(&x490, &x491, x489, x439, x473); + fiat_secp256k1_scalar_addcarryx_u32(&x492, &x493, x491, x441, x475); + x494 = ((uint32_t)x493 + x442); + fiat_secp256k1_scalar_mulx_u32(&x495, &x496, x5, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x497, &x498, x5, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x499, &x500, x5, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x501, &x502, x5, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x503, &x504, x5, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x505, &x506, x5, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x507, &x508, x5, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x509, &x510, x5, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x511, &x512, 0x0, x510, x507); + fiat_secp256k1_scalar_addcarryx_u32(&x513, &x514, x512, x508, x505); + fiat_secp256k1_scalar_addcarryx_u32(&x515, &x516, x514, x506, x503); + fiat_secp256k1_scalar_addcarryx_u32(&x517, &x518, x516, x504, x501); + fiat_secp256k1_scalar_addcarryx_u32(&x519, &x520, x518, x502, x499); + fiat_secp256k1_scalar_addcarryx_u32(&x521, &x522, x520, x500, x497); + fiat_secp256k1_scalar_addcarryx_u32(&x523, &x524, x522, x498, x495); + x525 = (x524 + x496); + fiat_secp256k1_scalar_addcarryx_u32(&x526, &x527, 0x0, x478, x509); + fiat_secp256k1_scalar_addcarryx_u32(&x528, &x529, x527, x480, x511); + fiat_secp256k1_scalar_addcarryx_u32(&x530, &x531, x529, x482, x513); + fiat_secp256k1_scalar_addcarryx_u32(&x532, &x533, x531, x484, x515); + fiat_secp256k1_scalar_addcarryx_u32(&x534, &x535, x533, x486, x517); + fiat_secp256k1_scalar_addcarryx_u32(&x536, &x537, x535, x488, x519); + fiat_secp256k1_scalar_addcarryx_u32(&x538, &x539, x537, x490, x521); + fiat_secp256k1_scalar_addcarryx_u32(&x540, &x541, x539, x492, x523); + fiat_secp256k1_scalar_addcarryx_u32(&x542, &x543, x541, x494, x525); + fiat_secp256k1_scalar_mulx_u32(&x544, &x545, x526, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x546, &x547, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x548, &x549, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x550, &x551, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x552, &x553, x544, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x554, &x555, x544, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x556, &x557, x544, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x558, &x559, x544, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x560, &x561, x544, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x562, &x563, 0x0, x561, x558); + fiat_secp256k1_scalar_addcarryx_u32(&x564, &x565, x563, x559, x556); + fiat_secp256k1_scalar_addcarryx_u32(&x566, &x567, x565, x557, x554); + fiat_secp256k1_scalar_addcarryx_u32(&x568, &x569, x567, x555, x552); + fiat_secp256k1_scalar_addcarryx_u32(&x570, &x571, x569, x553, x550); + fiat_secp256k1_scalar_addcarryx_u32(&x572, &x573, x571, x551, x548); + fiat_secp256k1_scalar_addcarryx_u32(&x574, &x575, x573, x549, x546); + x576 = (x575 + x547); + fiat_secp256k1_scalar_addcarryx_u32(&x577, &x578, 0x0, x526, x560); + fiat_secp256k1_scalar_addcarryx_u32(&x579, &x580, x578, x528, x562); + fiat_secp256k1_scalar_addcarryx_u32(&x581, &x582, x580, x530, x564); + fiat_secp256k1_scalar_addcarryx_u32(&x583, &x584, x582, x532, x566); + fiat_secp256k1_scalar_addcarryx_u32(&x585, &x586, x584, x534, x568); + fiat_secp256k1_scalar_addcarryx_u32(&x587, &x588, x586, x536, x570); + fiat_secp256k1_scalar_addcarryx_u32(&x589, &x590, x588, x538, x572); + fiat_secp256k1_scalar_addcarryx_u32(&x591, &x592, x590, x540, x574); + fiat_secp256k1_scalar_addcarryx_u32(&x593, &x594, x592, x542, x576); + x595 = ((uint32_t)x594 + x543); + fiat_secp256k1_scalar_mulx_u32(&x596, &x597, x6, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x598, &x599, x6, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x600, &x601, x6, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x602, &x603, x6, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x604, &x605, x6, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x606, &x607, x6, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x608, &x609, x6, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x610, &x611, x6, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x612, &x613, 0x0, x611, x608); + fiat_secp256k1_scalar_addcarryx_u32(&x614, &x615, x613, x609, x606); + fiat_secp256k1_scalar_addcarryx_u32(&x616, &x617, x615, x607, x604); + fiat_secp256k1_scalar_addcarryx_u32(&x618, &x619, x617, x605, x602); + fiat_secp256k1_scalar_addcarryx_u32(&x620, &x621, x619, x603, x600); + fiat_secp256k1_scalar_addcarryx_u32(&x622, &x623, x621, x601, x598); + fiat_secp256k1_scalar_addcarryx_u32(&x624, &x625, x623, x599, x596); + x626 = (x625 + x597); + fiat_secp256k1_scalar_addcarryx_u32(&x627, &x628, 0x0, x579, x610); + fiat_secp256k1_scalar_addcarryx_u32(&x629, &x630, x628, x581, x612); + fiat_secp256k1_scalar_addcarryx_u32(&x631, &x632, x630, x583, x614); + fiat_secp256k1_scalar_addcarryx_u32(&x633, &x634, x632, x585, x616); + fiat_secp256k1_scalar_addcarryx_u32(&x635, &x636, x634, x587, x618); + fiat_secp256k1_scalar_addcarryx_u32(&x637, &x638, x636, x589, x620); + fiat_secp256k1_scalar_addcarryx_u32(&x639, &x640, x638, x591, x622); + fiat_secp256k1_scalar_addcarryx_u32(&x641, &x642, x640, x593, x624); + fiat_secp256k1_scalar_addcarryx_u32(&x643, &x644, x642, x595, x626); + fiat_secp256k1_scalar_mulx_u32(&x645, &x646, x627, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x647, &x648, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x649, &x650, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x651, &x652, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x653, &x654, x645, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x655, &x656, x645, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x657, &x658, x645, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x659, &x660, x645, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x661, &x662, x645, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x663, &x664, 0x0, x662, x659); + fiat_secp256k1_scalar_addcarryx_u32(&x665, &x666, x664, x660, x657); + fiat_secp256k1_scalar_addcarryx_u32(&x667, &x668, x666, x658, x655); + fiat_secp256k1_scalar_addcarryx_u32(&x669, &x670, x668, x656, x653); + fiat_secp256k1_scalar_addcarryx_u32(&x671, &x672, x670, x654, x651); + fiat_secp256k1_scalar_addcarryx_u32(&x673, &x674, x672, x652, x649); + fiat_secp256k1_scalar_addcarryx_u32(&x675, &x676, x674, x650, x647); + x677 = (x676 + x648); + fiat_secp256k1_scalar_addcarryx_u32(&x678, &x679, 0x0, x627, x661); + fiat_secp256k1_scalar_addcarryx_u32(&x680, &x681, x679, x629, x663); + fiat_secp256k1_scalar_addcarryx_u32(&x682, &x683, x681, x631, x665); + fiat_secp256k1_scalar_addcarryx_u32(&x684, &x685, x683, x633, x667); + fiat_secp256k1_scalar_addcarryx_u32(&x686, &x687, x685, x635, x669); + fiat_secp256k1_scalar_addcarryx_u32(&x688, &x689, x687, x637, x671); + fiat_secp256k1_scalar_addcarryx_u32(&x690, &x691, x689, x639, x673); + fiat_secp256k1_scalar_addcarryx_u32(&x692, &x693, x691, x641, x675); + fiat_secp256k1_scalar_addcarryx_u32(&x694, &x695, x693, x643, x677); + x696 = ((uint32_t)x695 + x644); + fiat_secp256k1_scalar_mulx_u32(&x697, &x698, x7, (arg2[7])); + fiat_secp256k1_scalar_mulx_u32(&x699, &x700, x7, (arg2[6])); + fiat_secp256k1_scalar_mulx_u32(&x701, &x702, x7, (arg2[5])); + fiat_secp256k1_scalar_mulx_u32(&x703, &x704, x7, (arg2[4])); + fiat_secp256k1_scalar_mulx_u32(&x705, &x706, x7, (arg2[3])); + fiat_secp256k1_scalar_mulx_u32(&x707, &x708, x7, (arg2[2])); + fiat_secp256k1_scalar_mulx_u32(&x709, &x710, x7, (arg2[1])); + fiat_secp256k1_scalar_mulx_u32(&x711, &x712, x7, (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x713, &x714, 0x0, x712, x709); + fiat_secp256k1_scalar_addcarryx_u32(&x715, &x716, x714, x710, x707); + fiat_secp256k1_scalar_addcarryx_u32(&x717, &x718, x716, x708, x705); + fiat_secp256k1_scalar_addcarryx_u32(&x719, &x720, x718, x706, x703); + fiat_secp256k1_scalar_addcarryx_u32(&x721, &x722, x720, x704, x701); + fiat_secp256k1_scalar_addcarryx_u32(&x723, &x724, x722, x702, x699); + fiat_secp256k1_scalar_addcarryx_u32(&x725, &x726, x724, x700, x697); + x727 = (x726 + x698); + fiat_secp256k1_scalar_addcarryx_u32(&x728, &x729, 0x0, x680, x711); + fiat_secp256k1_scalar_addcarryx_u32(&x730, &x731, x729, x682, x713); + fiat_secp256k1_scalar_addcarryx_u32(&x732, &x733, x731, x684, x715); + fiat_secp256k1_scalar_addcarryx_u32(&x734, &x735, x733, x686, x717); + fiat_secp256k1_scalar_addcarryx_u32(&x736, &x737, x735, x688, x719); + fiat_secp256k1_scalar_addcarryx_u32(&x738, &x739, x737, x690, x721); + fiat_secp256k1_scalar_addcarryx_u32(&x740, &x741, x739, x692, x723); + fiat_secp256k1_scalar_addcarryx_u32(&x742, &x743, x741, x694, x725); + fiat_secp256k1_scalar_addcarryx_u32(&x744, &x745, x743, x696, x727); + fiat_secp256k1_scalar_mulx_u32(&x746, &x747, x728, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x748, &x749, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x750, &x751, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x752, &x753, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x754, &x755, x746, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x756, &x757, x746, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x758, &x759, x746, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x760, &x761, x746, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x762, &x763, x746, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x764, &x765, 0x0, x763, x760); + fiat_secp256k1_scalar_addcarryx_u32(&x766, &x767, x765, x761, x758); + fiat_secp256k1_scalar_addcarryx_u32(&x768, &x769, x767, x759, x756); + fiat_secp256k1_scalar_addcarryx_u32(&x770, &x771, x769, x757, x754); + fiat_secp256k1_scalar_addcarryx_u32(&x772, &x773, x771, x755, x752); + fiat_secp256k1_scalar_addcarryx_u32(&x774, &x775, x773, x753, x750); + fiat_secp256k1_scalar_addcarryx_u32(&x776, &x777, x775, x751, x748); + x778 = (x777 + x749); + fiat_secp256k1_scalar_addcarryx_u32(&x779, &x780, 0x0, x728, x762); + fiat_secp256k1_scalar_addcarryx_u32(&x781, &x782, x780, x730, x764); + fiat_secp256k1_scalar_addcarryx_u32(&x783, &x784, x782, x732, x766); + fiat_secp256k1_scalar_addcarryx_u32(&x785, &x786, x784, x734, x768); + fiat_secp256k1_scalar_addcarryx_u32(&x787, &x788, x786, x736, x770); + fiat_secp256k1_scalar_addcarryx_u32(&x789, &x790, x788, x738, x772); + fiat_secp256k1_scalar_addcarryx_u32(&x791, &x792, x790, x740, x774); + fiat_secp256k1_scalar_addcarryx_u32(&x793, &x794, x792, x742, x776); + fiat_secp256k1_scalar_addcarryx_u32(&x795, &x796, x794, x744, x778); + x797 = ((uint32_t)x796 + x745); + fiat_secp256k1_scalar_subborrowx_u32(&x798, &x799, 0x0, x781, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x800, &x801, x799, x783, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x802, &x803, x801, x785, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x804, &x805, x803, x787, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x806, &x807, x805, x789, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x808, &x809, x807, x791, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x810, &x811, x809, x793, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x812, &x813, x811, x795, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x814, &x815, x813, x797, 0x0); + fiat_secp256k1_scalar_cmovznz_u32(&x816, x815, x798, x781); + fiat_secp256k1_scalar_cmovznz_u32(&x817, x815, x800, x783); + fiat_secp256k1_scalar_cmovznz_u32(&x818, x815, x802, x785); + fiat_secp256k1_scalar_cmovznz_u32(&x819, x815, x804, x787); + fiat_secp256k1_scalar_cmovznz_u32(&x820, x815, x806, x789); + fiat_secp256k1_scalar_cmovznz_u32(&x821, x815, x808, x791); + fiat_secp256k1_scalar_cmovznz_u32(&x822, x815, x810, x793); + fiat_secp256k1_scalar_cmovznz_u32(&x823, x815, x812, x795); + out1[0] = x816; + out1[1] = x817; + out1[2] = x818; + out1[3] = x819; + out1[4] = x820; + out1[5] = x821; + out1[6] = x822; + out1[7] = x823; +} + +/* + * The function fiat_secp256k1_scalar_square squares a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_square(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint32_t x24; + uint32_t x25; + fiat_secp256k1_scalar_uint1 x26; + uint32_t x27; + fiat_secp256k1_scalar_uint1 x28; + uint32_t x29; + fiat_secp256k1_scalar_uint1 x30; + uint32_t x31; + fiat_secp256k1_scalar_uint1 x32; + uint32_t x33; + fiat_secp256k1_scalar_uint1 x34; + uint32_t x35; + fiat_secp256k1_scalar_uint1 x36; + uint32_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + uint32_t x57; + uint32_t x58; + fiat_secp256k1_scalar_uint1 x59; + uint32_t x60; + fiat_secp256k1_scalar_uint1 x61; + uint32_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint32_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint32_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint32_t x68; + fiat_secp256k1_scalar_uint1 x69; + uint32_t x70; + fiat_secp256k1_scalar_uint1 x71; + uint32_t x72; + uint32_t x73; + fiat_secp256k1_scalar_uint1 x74; + uint32_t x75; + fiat_secp256k1_scalar_uint1 x76; + uint32_t x77; + fiat_secp256k1_scalar_uint1 x78; + uint32_t x79; + fiat_secp256k1_scalar_uint1 x80; + uint32_t x81; + fiat_secp256k1_scalar_uint1 x82; + uint32_t x83; + fiat_secp256k1_scalar_uint1 x84; + uint32_t x85; + fiat_secp256k1_scalar_uint1 x86; + uint32_t x87; + fiat_secp256k1_scalar_uint1 x88; + uint32_t x89; + fiat_secp256k1_scalar_uint1 x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + uint32_t x94; + uint32_t x95; + uint32_t x96; + uint32_t x97; + uint32_t x98; + uint32_t x99; + uint32_t x100; + uint32_t x101; + uint32_t x102; + uint32_t x103; + uint32_t x104; + uint32_t x105; + uint32_t x106; + uint32_t x107; + fiat_secp256k1_scalar_uint1 x108; + uint32_t x109; + fiat_secp256k1_scalar_uint1 x110; + uint32_t x111; + fiat_secp256k1_scalar_uint1 x112; + uint32_t x113; + fiat_secp256k1_scalar_uint1 x114; + uint32_t x115; + fiat_secp256k1_scalar_uint1 x116; + uint32_t x117; + fiat_secp256k1_scalar_uint1 x118; + uint32_t x119; + fiat_secp256k1_scalar_uint1 x120; + uint32_t x121; + uint32_t x122; + fiat_secp256k1_scalar_uint1 x123; + uint32_t x124; + fiat_secp256k1_scalar_uint1 x125; + uint32_t x126; + fiat_secp256k1_scalar_uint1 x127; + uint32_t x128; + fiat_secp256k1_scalar_uint1 x129; + uint32_t x130; + fiat_secp256k1_scalar_uint1 x131; + uint32_t x132; + fiat_secp256k1_scalar_uint1 x133; + uint32_t x134; + fiat_secp256k1_scalar_uint1 x135; + uint32_t x136; + fiat_secp256k1_scalar_uint1 x137; + uint32_t x138; + fiat_secp256k1_scalar_uint1 x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + uint32_t x153; + uint32_t x154; + uint32_t x155; + uint32_t x156; + uint32_t x157; + uint32_t x158; + fiat_secp256k1_scalar_uint1 x159; + uint32_t x160; + fiat_secp256k1_scalar_uint1 x161; + uint32_t x162; + fiat_secp256k1_scalar_uint1 x163; + uint32_t x164; + fiat_secp256k1_scalar_uint1 x165; + uint32_t x166; + fiat_secp256k1_scalar_uint1 x167; + uint32_t x168; + fiat_secp256k1_scalar_uint1 x169; + uint32_t x170; + fiat_secp256k1_scalar_uint1 x171; + uint32_t x172; + uint32_t x173; + fiat_secp256k1_scalar_uint1 x174; + uint32_t x175; + fiat_secp256k1_scalar_uint1 x176; + uint32_t x177; + fiat_secp256k1_scalar_uint1 x178; + uint32_t x179; + fiat_secp256k1_scalar_uint1 x180; + uint32_t x181; + fiat_secp256k1_scalar_uint1 x182; + uint32_t x183; + fiat_secp256k1_scalar_uint1 x184; + uint32_t x185; + fiat_secp256k1_scalar_uint1 x186; + uint32_t x187; + fiat_secp256k1_scalar_uint1 x188; + uint32_t x189; + fiat_secp256k1_scalar_uint1 x190; + uint32_t x191; + uint32_t x192; + uint32_t x193; + uint32_t x194; + uint32_t x195; + uint32_t x196; + uint32_t x197; + uint32_t x198; + uint32_t x199; + uint32_t x200; + uint32_t x201; + uint32_t x202; + uint32_t x203; + uint32_t x204; + uint32_t x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + fiat_secp256k1_scalar_uint1 x209; + uint32_t x210; + fiat_secp256k1_scalar_uint1 x211; + uint32_t x212; + fiat_secp256k1_scalar_uint1 x213; + uint32_t x214; + fiat_secp256k1_scalar_uint1 x215; + uint32_t x216; + fiat_secp256k1_scalar_uint1 x217; + uint32_t x218; + fiat_secp256k1_scalar_uint1 x219; + uint32_t x220; + fiat_secp256k1_scalar_uint1 x221; + uint32_t x222; + uint32_t x223; + fiat_secp256k1_scalar_uint1 x224; + uint32_t x225; + fiat_secp256k1_scalar_uint1 x226; + uint32_t x227; + fiat_secp256k1_scalar_uint1 x228; + uint32_t x229; + fiat_secp256k1_scalar_uint1 x230; + uint32_t x231; + fiat_secp256k1_scalar_uint1 x232; + uint32_t x233; + fiat_secp256k1_scalar_uint1 x234; + uint32_t x235; + fiat_secp256k1_scalar_uint1 x236; + uint32_t x237; + fiat_secp256k1_scalar_uint1 x238; + uint32_t x239; + fiat_secp256k1_scalar_uint1 x240; + uint32_t x241; + uint32_t x242; + uint32_t x243; + uint32_t x244; + uint32_t x245; + uint32_t x246; + uint32_t x247; + uint32_t x248; + uint32_t x249; + uint32_t x250; + uint32_t x251; + uint32_t x252; + uint32_t x253; + uint32_t x254; + uint32_t x255; + uint32_t x256; + uint32_t x257; + uint32_t x258; + uint32_t x259; + fiat_secp256k1_scalar_uint1 x260; + uint32_t x261; + fiat_secp256k1_scalar_uint1 x262; + uint32_t x263; + fiat_secp256k1_scalar_uint1 x264; + uint32_t x265; + fiat_secp256k1_scalar_uint1 x266; + uint32_t x267; + fiat_secp256k1_scalar_uint1 x268; + uint32_t x269; + fiat_secp256k1_scalar_uint1 x270; + uint32_t x271; + fiat_secp256k1_scalar_uint1 x272; + uint32_t x273; + uint32_t x274; + fiat_secp256k1_scalar_uint1 x275; + uint32_t x276; + fiat_secp256k1_scalar_uint1 x277; + uint32_t x278; + fiat_secp256k1_scalar_uint1 x279; + uint32_t x280; + fiat_secp256k1_scalar_uint1 x281; + uint32_t x282; + fiat_secp256k1_scalar_uint1 x283; + uint32_t x284; + fiat_secp256k1_scalar_uint1 x285; + uint32_t x286; + fiat_secp256k1_scalar_uint1 x287; + uint32_t x288; + fiat_secp256k1_scalar_uint1 x289; + uint32_t x290; + fiat_secp256k1_scalar_uint1 x291; + uint32_t x292; + uint32_t x293; + uint32_t x294; + uint32_t x295; + uint32_t x296; + uint32_t x297; + uint32_t x298; + uint32_t x299; + uint32_t x300; + uint32_t x301; + uint32_t x302; + uint32_t x303; + uint32_t x304; + uint32_t x305; + uint32_t x306; + uint32_t x307; + uint32_t x308; + uint32_t x309; + fiat_secp256k1_scalar_uint1 x310; + uint32_t x311; + fiat_secp256k1_scalar_uint1 x312; + uint32_t x313; + fiat_secp256k1_scalar_uint1 x314; + uint32_t x315; + fiat_secp256k1_scalar_uint1 x316; + uint32_t x317; + fiat_secp256k1_scalar_uint1 x318; + uint32_t x319; + fiat_secp256k1_scalar_uint1 x320; + uint32_t x321; + fiat_secp256k1_scalar_uint1 x322; + uint32_t x323; + uint32_t x324; + fiat_secp256k1_scalar_uint1 x325; + uint32_t x326; + fiat_secp256k1_scalar_uint1 x327; + uint32_t x328; + fiat_secp256k1_scalar_uint1 x329; + uint32_t x330; + fiat_secp256k1_scalar_uint1 x331; + uint32_t x332; + fiat_secp256k1_scalar_uint1 x333; + uint32_t x334; + fiat_secp256k1_scalar_uint1 x335; + uint32_t x336; + fiat_secp256k1_scalar_uint1 x337; + uint32_t x338; + fiat_secp256k1_scalar_uint1 x339; + uint32_t x340; + fiat_secp256k1_scalar_uint1 x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + uint32_t x346; + uint32_t x347; + uint32_t x348; + uint32_t x349; + uint32_t x350; + uint32_t x351; + uint32_t x352; + uint32_t x353; + uint32_t x354; + uint32_t x355; + uint32_t x356; + uint32_t x357; + uint32_t x358; + uint32_t x359; + uint32_t x360; + fiat_secp256k1_scalar_uint1 x361; + uint32_t x362; + fiat_secp256k1_scalar_uint1 x363; + uint32_t x364; + fiat_secp256k1_scalar_uint1 x365; + uint32_t x366; + fiat_secp256k1_scalar_uint1 x367; + uint32_t x368; + fiat_secp256k1_scalar_uint1 x369; + uint32_t x370; + fiat_secp256k1_scalar_uint1 x371; + uint32_t x372; + fiat_secp256k1_scalar_uint1 x373; + uint32_t x374; + uint32_t x375; + fiat_secp256k1_scalar_uint1 x376; + uint32_t x377; + fiat_secp256k1_scalar_uint1 x378; + uint32_t x379; + fiat_secp256k1_scalar_uint1 x380; + uint32_t x381; + fiat_secp256k1_scalar_uint1 x382; + uint32_t x383; + fiat_secp256k1_scalar_uint1 x384; + uint32_t x385; + fiat_secp256k1_scalar_uint1 x386; + uint32_t x387; + fiat_secp256k1_scalar_uint1 x388; + uint32_t x389; + fiat_secp256k1_scalar_uint1 x390; + uint32_t x391; + fiat_secp256k1_scalar_uint1 x392; + uint32_t x393; + uint32_t x394; + uint32_t x395; + uint32_t x396; + uint32_t x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + uint32_t x406; + uint32_t x407; + uint32_t x408; + uint32_t x409; + uint32_t x410; + fiat_secp256k1_scalar_uint1 x411; + uint32_t x412; + fiat_secp256k1_scalar_uint1 x413; + uint32_t x414; + fiat_secp256k1_scalar_uint1 x415; + uint32_t x416; + fiat_secp256k1_scalar_uint1 x417; + uint32_t x418; + fiat_secp256k1_scalar_uint1 x419; + uint32_t x420; + fiat_secp256k1_scalar_uint1 x421; + uint32_t x422; + fiat_secp256k1_scalar_uint1 x423; + uint32_t x424; + uint32_t x425; + fiat_secp256k1_scalar_uint1 x426; + uint32_t x427; + fiat_secp256k1_scalar_uint1 x428; + uint32_t x429; + fiat_secp256k1_scalar_uint1 x430; + uint32_t x431; + fiat_secp256k1_scalar_uint1 x432; + uint32_t x433; + fiat_secp256k1_scalar_uint1 x434; + uint32_t x435; + fiat_secp256k1_scalar_uint1 x436; + uint32_t x437; + fiat_secp256k1_scalar_uint1 x438; + uint32_t x439; + fiat_secp256k1_scalar_uint1 x440; + uint32_t x441; + fiat_secp256k1_scalar_uint1 x442; + uint32_t x443; + uint32_t x444; + uint32_t x445; + uint32_t x446; + uint32_t x447; + uint32_t x448; + uint32_t x449; + uint32_t x450; + uint32_t x451; + uint32_t x452; + uint32_t x453; + uint32_t x454; + uint32_t x455; + uint32_t x456; + uint32_t x457; + uint32_t x458; + uint32_t x459; + uint32_t x460; + uint32_t x461; + fiat_secp256k1_scalar_uint1 x462; + uint32_t x463; + fiat_secp256k1_scalar_uint1 x464; + uint32_t x465; + fiat_secp256k1_scalar_uint1 x466; + uint32_t x467; + fiat_secp256k1_scalar_uint1 x468; + uint32_t x469; + fiat_secp256k1_scalar_uint1 x470; + uint32_t x471; + fiat_secp256k1_scalar_uint1 x472; + uint32_t x473; + fiat_secp256k1_scalar_uint1 x474; + uint32_t x475; + uint32_t x476; + fiat_secp256k1_scalar_uint1 x477; + uint32_t x478; + fiat_secp256k1_scalar_uint1 x479; + uint32_t x480; + fiat_secp256k1_scalar_uint1 x481; + uint32_t x482; + fiat_secp256k1_scalar_uint1 x483; + uint32_t x484; + fiat_secp256k1_scalar_uint1 x485; + uint32_t x486; + fiat_secp256k1_scalar_uint1 x487; + uint32_t x488; + fiat_secp256k1_scalar_uint1 x489; + uint32_t x490; + fiat_secp256k1_scalar_uint1 x491; + uint32_t x492; + fiat_secp256k1_scalar_uint1 x493; + uint32_t x494; + uint32_t x495; + uint32_t x496; + uint32_t x497; + uint32_t x498; + uint32_t x499; + uint32_t x500; + uint32_t x501; + uint32_t x502; + uint32_t x503; + uint32_t x504; + uint32_t x505; + uint32_t x506; + uint32_t x507; + uint32_t x508; + uint32_t x509; + uint32_t x510; + uint32_t x511; + fiat_secp256k1_scalar_uint1 x512; + uint32_t x513; + fiat_secp256k1_scalar_uint1 x514; + uint32_t x515; + fiat_secp256k1_scalar_uint1 x516; + uint32_t x517; + fiat_secp256k1_scalar_uint1 x518; + uint32_t x519; + fiat_secp256k1_scalar_uint1 x520; + uint32_t x521; + fiat_secp256k1_scalar_uint1 x522; + uint32_t x523; + fiat_secp256k1_scalar_uint1 x524; + uint32_t x525; + uint32_t x526; + fiat_secp256k1_scalar_uint1 x527; + uint32_t x528; + fiat_secp256k1_scalar_uint1 x529; + uint32_t x530; + fiat_secp256k1_scalar_uint1 x531; + uint32_t x532; + fiat_secp256k1_scalar_uint1 x533; + uint32_t x534; + fiat_secp256k1_scalar_uint1 x535; + uint32_t x536; + fiat_secp256k1_scalar_uint1 x537; + uint32_t x538; + fiat_secp256k1_scalar_uint1 x539; + uint32_t x540; + fiat_secp256k1_scalar_uint1 x541; + uint32_t x542; + fiat_secp256k1_scalar_uint1 x543; + uint32_t x544; + uint32_t x545; + uint32_t x546; + uint32_t x547; + uint32_t x548; + uint32_t x549; + uint32_t x550; + uint32_t x551; + uint32_t x552; + uint32_t x553; + uint32_t x554; + uint32_t x555; + uint32_t x556; + uint32_t x557; + uint32_t x558; + uint32_t x559; + uint32_t x560; + uint32_t x561; + uint32_t x562; + fiat_secp256k1_scalar_uint1 x563; + uint32_t x564; + fiat_secp256k1_scalar_uint1 x565; + uint32_t x566; + fiat_secp256k1_scalar_uint1 x567; + uint32_t x568; + fiat_secp256k1_scalar_uint1 x569; + uint32_t x570; + fiat_secp256k1_scalar_uint1 x571; + uint32_t x572; + fiat_secp256k1_scalar_uint1 x573; + uint32_t x574; + fiat_secp256k1_scalar_uint1 x575; + uint32_t x576; + uint32_t x577; + fiat_secp256k1_scalar_uint1 x578; + uint32_t x579; + fiat_secp256k1_scalar_uint1 x580; + uint32_t x581; + fiat_secp256k1_scalar_uint1 x582; + uint32_t x583; + fiat_secp256k1_scalar_uint1 x584; + uint32_t x585; + fiat_secp256k1_scalar_uint1 x586; + uint32_t x587; + fiat_secp256k1_scalar_uint1 x588; + uint32_t x589; + fiat_secp256k1_scalar_uint1 x590; + uint32_t x591; + fiat_secp256k1_scalar_uint1 x592; + uint32_t x593; + fiat_secp256k1_scalar_uint1 x594; + uint32_t x595; + uint32_t x596; + uint32_t x597; + uint32_t x598; + uint32_t x599; + uint32_t x600; + uint32_t x601; + uint32_t x602; + uint32_t x603; + uint32_t x604; + uint32_t x605; + uint32_t x606; + uint32_t x607; + uint32_t x608; + uint32_t x609; + uint32_t x610; + uint32_t x611; + uint32_t x612; + fiat_secp256k1_scalar_uint1 x613; + uint32_t x614; + fiat_secp256k1_scalar_uint1 x615; + uint32_t x616; + fiat_secp256k1_scalar_uint1 x617; + uint32_t x618; + fiat_secp256k1_scalar_uint1 x619; + uint32_t x620; + fiat_secp256k1_scalar_uint1 x621; + uint32_t x622; + fiat_secp256k1_scalar_uint1 x623; + uint32_t x624; + fiat_secp256k1_scalar_uint1 x625; + uint32_t x626; + uint32_t x627; + fiat_secp256k1_scalar_uint1 x628; + uint32_t x629; + fiat_secp256k1_scalar_uint1 x630; + uint32_t x631; + fiat_secp256k1_scalar_uint1 x632; + uint32_t x633; + fiat_secp256k1_scalar_uint1 x634; + uint32_t x635; + fiat_secp256k1_scalar_uint1 x636; + uint32_t x637; + fiat_secp256k1_scalar_uint1 x638; + uint32_t x639; + fiat_secp256k1_scalar_uint1 x640; + uint32_t x641; + fiat_secp256k1_scalar_uint1 x642; + uint32_t x643; + fiat_secp256k1_scalar_uint1 x644; + uint32_t x645; + uint32_t x646; + uint32_t x647; + uint32_t x648; + uint32_t x649; + uint32_t x650; + uint32_t x651; + uint32_t x652; + uint32_t x653; + uint32_t x654; + uint32_t x655; + uint32_t x656; + uint32_t x657; + uint32_t x658; + uint32_t x659; + uint32_t x660; + uint32_t x661; + uint32_t x662; + uint32_t x663; + fiat_secp256k1_scalar_uint1 x664; + uint32_t x665; + fiat_secp256k1_scalar_uint1 x666; + uint32_t x667; + fiat_secp256k1_scalar_uint1 x668; + uint32_t x669; + fiat_secp256k1_scalar_uint1 x670; + uint32_t x671; + fiat_secp256k1_scalar_uint1 x672; + uint32_t x673; + fiat_secp256k1_scalar_uint1 x674; + uint32_t x675; + fiat_secp256k1_scalar_uint1 x676; + uint32_t x677; + uint32_t x678; + fiat_secp256k1_scalar_uint1 x679; + uint32_t x680; + fiat_secp256k1_scalar_uint1 x681; + uint32_t x682; + fiat_secp256k1_scalar_uint1 x683; + uint32_t x684; + fiat_secp256k1_scalar_uint1 x685; + uint32_t x686; + fiat_secp256k1_scalar_uint1 x687; + uint32_t x688; + fiat_secp256k1_scalar_uint1 x689; + uint32_t x690; + fiat_secp256k1_scalar_uint1 x691; + uint32_t x692; + fiat_secp256k1_scalar_uint1 x693; + uint32_t x694; + fiat_secp256k1_scalar_uint1 x695; + uint32_t x696; + uint32_t x697; + uint32_t x698; + uint32_t x699; + uint32_t x700; + uint32_t x701; + uint32_t x702; + uint32_t x703; + uint32_t x704; + uint32_t x705; + uint32_t x706; + uint32_t x707; + uint32_t x708; + uint32_t x709; + uint32_t x710; + uint32_t x711; + uint32_t x712; + uint32_t x713; + fiat_secp256k1_scalar_uint1 x714; + uint32_t x715; + fiat_secp256k1_scalar_uint1 x716; + uint32_t x717; + fiat_secp256k1_scalar_uint1 x718; + uint32_t x719; + fiat_secp256k1_scalar_uint1 x720; + uint32_t x721; + fiat_secp256k1_scalar_uint1 x722; + uint32_t x723; + fiat_secp256k1_scalar_uint1 x724; + uint32_t x725; + fiat_secp256k1_scalar_uint1 x726; + uint32_t x727; + uint32_t x728; + fiat_secp256k1_scalar_uint1 x729; + uint32_t x730; + fiat_secp256k1_scalar_uint1 x731; + uint32_t x732; + fiat_secp256k1_scalar_uint1 x733; + uint32_t x734; + fiat_secp256k1_scalar_uint1 x735; + uint32_t x736; + fiat_secp256k1_scalar_uint1 x737; + uint32_t x738; + fiat_secp256k1_scalar_uint1 x739; + uint32_t x740; + fiat_secp256k1_scalar_uint1 x741; + uint32_t x742; + fiat_secp256k1_scalar_uint1 x743; + uint32_t x744; + fiat_secp256k1_scalar_uint1 x745; + uint32_t x746; + uint32_t x747; + uint32_t x748; + uint32_t x749; + uint32_t x750; + uint32_t x751; + uint32_t x752; + uint32_t x753; + uint32_t x754; + uint32_t x755; + uint32_t x756; + uint32_t x757; + uint32_t x758; + uint32_t x759; + uint32_t x760; + uint32_t x761; + uint32_t x762; + uint32_t x763; + uint32_t x764; + fiat_secp256k1_scalar_uint1 x765; + uint32_t x766; + fiat_secp256k1_scalar_uint1 x767; + uint32_t x768; + fiat_secp256k1_scalar_uint1 x769; + uint32_t x770; + fiat_secp256k1_scalar_uint1 x771; + uint32_t x772; + fiat_secp256k1_scalar_uint1 x773; + uint32_t x774; + fiat_secp256k1_scalar_uint1 x775; + uint32_t x776; + fiat_secp256k1_scalar_uint1 x777; + uint32_t x778; + uint32_t x779; + fiat_secp256k1_scalar_uint1 x780; + uint32_t x781; + fiat_secp256k1_scalar_uint1 x782; + uint32_t x783; + fiat_secp256k1_scalar_uint1 x784; + uint32_t x785; + fiat_secp256k1_scalar_uint1 x786; + uint32_t x787; + fiat_secp256k1_scalar_uint1 x788; + uint32_t x789; + fiat_secp256k1_scalar_uint1 x790; + uint32_t x791; + fiat_secp256k1_scalar_uint1 x792; + uint32_t x793; + fiat_secp256k1_scalar_uint1 x794; + uint32_t x795; + fiat_secp256k1_scalar_uint1 x796; + uint32_t x797; + uint32_t x798; + fiat_secp256k1_scalar_uint1 x799; + uint32_t x800; + fiat_secp256k1_scalar_uint1 x801; + uint32_t x802; + fiat_secp256k1_scalar_uint1 x803; + uint32_t x804; + fiat_secp256k1_scalar_uint1 x805; + uint32_t x806; + fiat_secp256k1_scalar_uint1 x807; + uint32_t x808; + fiat_secp256k1_scalar_uint1 x809; + uint32_t x810; + fiat_secp256k1_scalar_uint1 x811; + uint32_t x812; + fiat_secp256k1_scalar_uint1 x813; + uint32_t x814; + fiat_secp256k1_scalar_uint1 x815; + uint32_t x816; + uint32_t x817; + uint32_t x818; + uint32_t x819; + uint32_t x820; + uint32_t x821; + uint32_t x822; + uint32_t x823; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[4]); + x5 = (arg1[5]); + x6 = (arg1[6]); + x7 = (arg1[7]); + x8 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u32(&x9, &x10, x8, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x11, &x12, x8, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x13, &x14, x8, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x15, &x16, x8, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x17, &x18, x8, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x19, &x20, x8, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x21, &x22, x8, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x23, &x24, x8, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + fiat_secp256k1_scalar_addcarryx_u32(&x27, &x28, x26, x22, x19); + fiat_secp256k1_scalar_addcarryx_u32(&x29, &x30, x28, x20, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x31, &x32, x30, x18, x15); + fiat_secp256k1_scalar_addcarryx_u32(&x33, &x34, x32, x16, x13); + fiat_secp256k1_scalar_addcarryx_u32(&x35, &x36, x34, x14, x11); + fiat_secp256k1_scalar_addcarryx_u32(&x37, &x38, x36, x12, x9); + x39 = (x38 + x10); + fiat_secp256k1_scalar_mulx_u32(&x40, &x41, x23, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x46, &x47, x40, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x48, &x49, x40, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x50, &x51, x40, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x52, &x53, x40, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x54, &x55, x40, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x56, &x57, x40, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x58, &x59, 0x0, x57, x54); + fiat_secp256k1_scalar_addcarryx_u32(&x60, &x61, x59, x55, x52); + fiat_secp256k1_scalar_addcarryx_u32(&x62, &x63, x61, x53, x50); + fiat_secp256k1_scalar_addcarryx_u32(&x64, &x65, x63, x51, x48); + fiat_secp256k1_scalar_addcarryx_u32(&x66, &x67, x65, x49, x46); + fiat_secp256k1_scalar_addcarryx_u32(&x68, &x69, x67, x47, x44); + fiat_secp256k1_scalar_addcarryx_u32(&x70, &x71, x69, x45, x42); + x72 = (x71 + x43); + fiat_secp256k1_scalar_addcarryx_u32(&x73, &x74, 0x0, x23, x56); + fiat_secp256k1_scalar_addcarryx_u32(&x75, &x76, x74, x25, x58); + fiat_secp256k1_scalar_addcarryx_u32(&x77, &x78, x76, x27, x60); + fiat_secp256k1_scalar_addcarryx_u32(&x79, &x80, x78, x29, x62); + fiat_secp256k1_scalar_addcarryx_u32(&x81, &x82, x80, x31, x64); + fiat_secp256k1_scalar_addcarryx_u32(&x83, &x84, x82, x33, x66); + fiat_secp256k1_scalar_addcarryx_u32(&x85, &x86, x84, x35, x68); + fiat_secp256k1_scalar_addcarryx_u32(&x87, &x88, x86, x37, x70); + fiat_secp256k1_scalar_addcarryx_u32(&x89, &x90, x88, x39, x72); + fiat_secp256k1_scalar_mulx_u32(&x91, &x92, x1, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x93, &x94, x1, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x95, &x96, x1, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x97, &x98, x1, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x99, &x100, x1, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x101, &x102, x1, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x103, &x104, x1, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x105, &x106, x1, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x107, &x108, 0x0, x106, x103); + fiat_secp256k1_scalar_addcarryx_u32(&x109, &x110, x108, x104, x101); + fiat_secp256k1_scalar_addcarryx_u32(&x111, &x112, x110, x102, x99); + fiat_secp256k1_scalar_addcarryx_u32(&x113, &x114, x112, x100, x97); + fiat_secp256k1_scalar_addcarryx_u32(&x115, &x116, x114, x98, x95); + fiat_secp256k1_scalar_addcarryx_u32(&x117, &x118, x116, x96, x93); + fiat_secp256k1_scalar_addcarryx_u32(&x119, &x120, x118, x94, x91); + x121 = (x120 + x92); + fiat_secp256k1_scalar_addcarryx_u32(&x122, &x123, 0x0, x75, x105); + fiat_secp256k1_scalar_addcarryx_u32(&x124, &x125, x123, x77, x107); + fiat_secp256k1_scalar_addcarryx_u32(&x126, &x127, x125, x79, x109); + fiat_secp256k1_scalar_addcarryx_u32(&x128, &x129, x127, x81, x111); + fiat_secp256k1_scalar_addcarryx_u32(&x130, &x131, x129, x83, x113); + fiat_secp256k1_scalar_addcarryx_u32(&x132, &x133, x131, x85, x115); + fiat_secp256k1_scalar_addcarryx_u32(&x134, &x135, x133, x87, x117); + fiat_secp256k1_scalar_addcarryx_u32(&x136, &x137, x135, x89, x119); + fiat_secp256k1_scalar_addcarryx_u32(&x138, &x139, x137, x90, x121); + fiat_secp256k1_scalar_mulx_u32(&x140, &x141, x122, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x142, &x143, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x144, &x145, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x146, &x147, x140, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x148, &x149, x140, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x150, &x151, x140, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x152, &x153, x140, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x154, &x155, x140, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x156, &x157, x140, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x158, &x159, 0x0, x157, x154); + fiat_secp256k1_scalar_addcarryx_u32(&x160, &x161, x159, x155, x152); + fiat_secp256k1_scalar_addcarryx_u32(&x162, &x163, x161, x153, x150); + fiat_secp256k1_scalar_addcarryx_u32(&x164, &x165, x163, x151, x148); + fiat_secp256k1_scalar_addcarryx_u32(&x166, &x167, x165, x149, x146); + fiat_secp256k1_scalar_addcarryx_u32(&x168, &x169, x167, x147, x144); + fiat_secp256k1_scalar_addcarryx_u32(&x170, &x171, x169, x145, x142); + x172 = (x171 + x143); + fiat_secp256k1_scalar_addcarryx_u32(&x173, &x174, 0x0, x122, x156); + fiat_secp256k1_scalar_addcarryx_u32(&x175, &x176, x174, x124, x158); + fiat_secp256k1_scalar_addcarryx_u32(&x177, &x178, x176, x126, x160); + fiat_secp256k1_scalar_addcarryx_u32(&x179, &x180, x178, x128, x162); + fiat_secp256k1_scalar_addcarryx_u32(&x181, &x182, x180, x130, x164); + fiat_secp256k1_scalar_addcarryx_u32(&x183, &x184, x182, x132, x166); + fiat_secp256k1_scalar_addcarryx_u32(&x185, &x186, x184, x134, x168); + fiat_secp256k1_scalar_addcarryx_u32(&x187, &x188, x186, x136, x170); + fiat_secp256k1_scalar_addcarryx_u32(&x189, &x190, x188, x138, x172); + x191 = ((uint32_t)x190 + x139); + fiat_secp256k1_scalar_mulx_u32(&x192, &x193, x2, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x194, &x195, x2, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x196, &x197, x2, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x198, &x199, x2, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x200, &x201, x2, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x202, &x203, x2, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x204, &x205, x2, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x206, &x207, x2, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x208, &x209, 0x0, x207, x204); + fiat_secp256k1_scalar_addcarryx_u32(&x210, &x211, x209, x205, x202); + fiat_secp256k1_scalar_addcarryx_u32(&x212, &x213, x211, x203, x200); + fiat_secp256k1_scalar_addcarryx_u32(&x214, &x215, x213, x201, x198); + fiat_secp256k1_scalar_addcarryx_u32(&x216, &x217, x215, x199, x196); + fiat_secp256k1_scalar_addcarryx_u32(&x218, &x219, x217, x197, x194); + fiat_secp256k1_scalar_addcarryx_u32(&x220, &x221, x219, x195, x192); + x222 = (x221 + x193); + fiat_secp256k1_scalar_addcarryx_u32(&x223, &x224, 0x0, x175, x206); + fiat_secp256k1_scalar_addcarryx_u32(&x225, &x226, x224, x177, x208); + fiat_secp256k1_scalar_addcarryx_u32(&x227, &x228, x226, x179, x210); + fiat_secp256k1_scalar_addcarryx_u32(&x229, &x230, x228, x181, x212); + fiat_secp256k1_scalar_addcarryx_u32(&x231, &x232, x230, x183, x214); + fiat_secp256k1_scalar_addcarryx_u32(&x233, &x234, x232, x185, x216); + fiat_secp256k1_scalar_addcarryx_u32(&x235, &x236, x234, x187, x218); + fiat_secp256k1_scalar_addcarryx_u32(&x237, &x238, x236, x189, x220); + fiat_secp256k1_scalar_addcarryx_u32(&x239, &x240, x238, x191, x222); + fiat_secp256k1_scalar_mulx_u32(&x241, &x242, x223, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x243, &x244, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x245, &x246, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x247, &x248, x241, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x249, &x250, x241, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x251, &x252, x241, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x253, &x254, x241, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x255, &x256, x241, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x257, &x258, x241, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x259, &x260, 0x0, x258, x255); + fiat_secp256k1_scalar_addcarryx_u32(&x261, &x262, x260, x256, x253); + fiat_secp256k1_scalar_addcarryx_u32(&x263, &x264, x262, x254, x251); + fiat_secp256k1_scalar_addcarryx_u32(&x265, &x266, x264, x252, x249); + fiat_secp256k1_scalar_addcarryx_u32(&x267, &x268, x266, x250, x247); + fiat_secp256k1_scalar_addcarryx_u32(&x269, &x270, x268, x248, x245); + fiat_secp256k1_scalar_addcarryx_u32(&x271, &x272, x270, x246, x243); + x273 = (x272 + x244); + fiat_secp256k1_scalar_addcarryx_u32(&x274, &x275, 0x0, x223, x257); + fiat_secp256k1_scalar_addcarryx_u32(&x276, &x277, x275, x225, x259); + fiat_secp256k1_scalar_addcarryx_u32(&x278, &x279, x277, x227, x261); + fiat_secp256k1_scalar_addcarryx_u32(&x280, &x281, x279, x229, x263); + fiat_secp256k1_scalar_addcarryx_u32(&x282, &x283, x281, x231, x265); + fiat_secp256k1_scalar_addcarryx_u32(&x284, &x285, x283, x233, x267); + fiat_secp256k1_scalar_addcarryx_u32(&x286, &x287, x285, x235, x269); + fiat_secp256k1_scalar_addcarryx_u32(&x288, &x289, x287, x237, x271); + fiat_secp256k1_scalar_addcarryx_u32(&x290, &x291, x289, x239, x273); + x292 = ((uint32_t)x291 + x240); + fiat_secp256k1_scalar_mulx_u32(&x293, &x294, x3, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x295, &x296, x3, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x297, &x298, x3, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x299, &x300, x3, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x301, &x302, x3, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x303, &x304, x3, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x305, &x306, x3, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x307, &x308, x3, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x309, &x310, 0x0, x308, x305); + fiat_secp256k1_scalar_addcarryx_u32(&x311, &x312, x310, x306, x303); + fiat_secp256k1_scalar_addcarryx_u32(&x313, &x314, x312, x304, x301); + fiat_secp256k1_scalar_addcarryx_u32(&x315, &x316, x314, x302, x299); + fiat_secp256k1_scalar_addcarryx_u32(&x317, &x318, x316, x300, x297); + fiat_secp256k1_scalar_addcarryx_u32(&x319, &x320, x318, x298, x295); + fiat_secp256k1_scalar_addcarryx_u32(&x321, &x322, x320, x296, x293); + x323 = (x322 + x294); + fiat_secp256k1_scalar_addcarryx_u32(&x324, &x325, 0x0, x276, x307); + fiat_secp256k1_scalar_addcarryx_u32(&x326, &x327, x325, x278, x309); + fiat_secp256k1_scalar_addcarryx_u32(&x328, &x329, x327, x280, x311); + fiat_secp256k1_scalar_addcarryx_u32(&x330, &x331, x329, x282, x313); + fiat_secp256k1_scalar_addcarryx_u32(&x332, &x333, x331, x284, x315); + fiat_secp256k1_scalar_addcarryx_u32(&x334, &x335, x333, x286, x317); + fiat_secp256k1_scalar_addcarryx_u32(&x336, &x337, x335, x288, x319); + fiat_secp256k1_scalar_addcarryx_u32(&x338, &x339, x337, x290, x321); + fiat_secp256k1_scalar_addcarryx_u32(&x340, &x341, x339, x292, x323); + fiat_secp256k1_scalar_mulx_u32(&x342, &x343, x324, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x344, &x345, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x346, &x347, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x348, &x349, x342, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x350, &x351, x342, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x352, &x353, x342, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x354, &x355, x342, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x356, &x357, x342, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x358, &x359, x342, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x360, &x361, 0x0, x359, x356); + fiat_secp256k1_scalar_addcarryx_u32(&x362, &x363, x361, x357, x354); + fiat_secp256k1_scalar_addcarryx_u32(&x364, &x365, x363, x355, x352); + fiat_secp256k1_scalar_addcarryx_u32(&x366, &x367, x365, x353, x350); + fiat_secp256k1_scalar_addcarryx_u32(&x368, &x369, x367, x351, x348); + fiat_secp256k1_scalar_addcarryx_u32(&x370, &x371, x369, x349, x346); + fiat_secp256k1_scalar_addcarryx_u32(&x372, &x373, x371, x347, x344); + x374 = (x373 + x345); + fiat_secp256k1_scalar_addcarryx_u32(&x375, &x376, 0x0, x324, x358); + fiat_secp256k1_scalar_addcarryx_u32(&x377, &x378, x376, x326, x360); + fiat_secp256k1_scalar_addcarryx_u32(&x379, &x380, x378, x328, x362); + fiat_secp256k1_scalar_addcarryx_u32(&x381, &x382, x380, x330, x364); + fiat_secp256k1_scalar_addcarryx_u32(&x383, &x384, x382, x332, x366); + fiat_secp256k1_scalar_addcarryx_u32(&x385, &x386, x384, x334, x368); + fiat_secp256k1_scalar_addcarryx_u32(&x387, &x388, x386, x336, x370); + fiat_secp256k1_scalar_addcarryx_u32(&x389, &x390, x388, x338, x372); + fiat_secp256k1_scalar_addcarryx_u32(&x391, &x392, x390, x340, x374); + x393 = ((uint32_t)x392 + x341); + fiat_secp256k1_scalar_mulx_u32(&x394, &x395, x4, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x396, &x397, x4, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x398, &x399, x4, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x400, &x401, x4, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x402, &x403, x4, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x404, &x405, x4, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x406, &x407, x4, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x408, &x409, x4, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x410, &x411, 0x0, x409, x406); + fiat_secp256k1_scalar_addcarryx_u32(&x412, &x413, x411, x407, x404); + fiat_secp256k1_scalar_addcarryx_u32(&x414, &x415, x413, x405, x402); + fiat_secp256k1_scalar_addcarryx_u32(&x416, &x417, x415, x403, x400); + fiat_secp256k1_scalar_addcarryx_u32(&x418, &x419, x417, x401, x398); + fiat_secp256k1_scalar_addcarryx_u32(&x420, &x421, x419, x399, x396); + fiat_secp256k1_scalar_addcarryx_u32(&x422, &x423, x421, x397, x394); + x424 = (x423 + x395); + fiat_secp256k1_scalar_addcarryx_u32(&x425, &x426, 0x0, x377, x408); + fiat_secp256k1_scalar_addcarryx_u32(&x427, &x428, x426, x379, x410); + fiat_secp256k1_scalar_addcarryx_u32(&x429, &x430, x428, x381, x412); + fiat_secp256k1_scalar_addcarryx_u32(&x431, &x432, x430, x383, x414); + fiat_secp256k1_scalar_addcarryx_u32(&x433, &x434, x432, x385, x416); + fiat_secp256k1_scalar_addcarryx_u32(&x435, &x436, x434, x387, x418); + fiat_secp256k1_scalar_addcarryx_u32(&x437, &x438, x436, x389, x420); + fiat_secp256k1_scalar_addcarryx_u32(&x439, &x440, x438, x391, x422); + fiat_secp256k1_scalar_addcarryx_u32(&x441, &x442, x440, x393, x424); + fiat_secp256k1_scalar_mulx_u32(&x443, &x444, x425, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x445, &x446, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x447, &x448, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x449, &x450, x443, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x451, &x452, x443, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x453, &x454, x443, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x455, &x456, x443, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x457, &x458, x443, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x459, &x460, x443, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x461, &x462, 0x0, x460, x457); + fiat_secp256k1_scalar_addcarryx_u32(&x463, &x464, x462, x458, x455); + fiat_secp256k1_scalar_addcarryx_u32(&x465, &x466, x464, x456, x453); + fiat_secp256k1_scalar_addcarryx_u32(&x467, &x468, x466, x454, x451); + fiat_secp256k1_scalar_addcarryx_u32(&x469, &x470, x468, x452, x449); + fiat_secp256k1_scalar_addcarryx_u32(&x471, &x472, x470, x450, x447); + fiat_secp256k1_scalar_addcarryx_u32(&x473, &x474, x472, x448, x445); + x475 = (x474 + x446); + fiat_secp256k1_scalar_addcarryx_u32(&x476, &x477, 0x0, x425, x459); + fiat_secp256k1_scalar_addcarryx_u32(&x478, &x479, x477, x427, x461); + fiat_secp256k1_scalar_addcarryx_u32(&x480, &x481, x479, x429, x463); + fiat_secp256k1_scalar_addcarryx_u32(&x482, &x483, x481, x431, x465); + fiat_secp256k1_scalar_addcarryx_u32(&x484, &x485, x483, x433, x467); + fiat_secp256k1_scalar_addcarryx_u32(&x486, &x487, x485, x435, x469); + fiat_secp256k1_scalar_addcarryx_u32(&x488, &x489, x487, x437, x471); + fiat_secp256k1_scalar_addcarryx_u32(&x490, &x491, x489, x439, x473); + fiat_secp256k1_scalar_addcarryx_u32(&x492, &x493, x491, x441, x475); + x494 = ((uint32_t)x493 + x442); + fiat_secp256k1_scalar_mulx_u32(&x495, &x496, x5, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x497, &x498, x5, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x499, &x500, x5, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x501, &x502, x5, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x503, &x504, x5, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x505, &x506, x5, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x507, &x508, x5, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x509, &x510, x5, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x511, &x512, 0x0, x510, x507); + fiat_secp256k1_scalar_addcarryx_u32(&x513, &x514, x512, x508, x505); + fiat_secp256k1_scalar_addcarryx_u32(&x515, &x516, x514, x506, x503); + fiat_secp256k1_scalar_addcarryx_u32(&x517, &x518, x516, x504, x501); + fiat_secp256k1_scalar_addcarryx_u32(&x519, &x520, x518, x502, x499); + fiat_secp256k1_scalar_addcarryx_u32(&x521, &x522, x520, x500, x497); + fiat_secp256k1_scalar_addcarryx_u32(&x523, &x524, x522, x498, x495); + x525 = (x524 + x496); + fiat_secp256k1_scalar_addcarryx_u32(&x526, &x527, 0x0, x478, x509); + fiat_secp256k1_scalar_addcarryx_u32(&x528, &x529, x527, x480, x511); + fiat_secp256k1_scalar_addcarryx_u32(&x530, &x531, x529, x482, x513); + fiat_secp256k1_scalar_addcarryx_u32(&x532, &x533, x531, x484, x515); + fiat_secp256k1_scalar_addcarryx_u32(&x534, &x535, x533, x486, x517); + fiat_secp256k1_scalar_addcarryx_u32(&x536, &x537, x535, x488, x519); + fiat_secp256k1_scalar_addcarryx_u32(&x538, &x539, x537, x490, x521); + fiat_secp256k1_scalar_addcarryx_u32(&x540, &x541, x539, x492, x523); + fiat_secp256k1_scalar_addcarryx_u32(&x542, &x543, x541, x494, x525); + fiat_secp256k1_scalar_mulx_u32(&x544, &x545, x526, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x546, &x547, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x548, &x549, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x550, &x551, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x552, &x553, x544, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x554, &x555, x544, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x556, &x557, x544, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x558, &x559, x544, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x560, &x561, x544, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x562, &x563, 0x0, x561, x558); + fiat_secp256k1_scalar_addcarryx_u32(&x564, &x565, x563, x559, x556); + fiat_secp256k1_scalar_addcarryx_u32(&x566, &x567, x565, x557, x554); + fiat_secp256k1_scalar_addcarryx_u32(&x568, &x569, x567, x555, x552); + fiat_secp256k1_scalar_addcarryx_u32(&x570, &x571, x569, x553, x550); + fiat_secp256k1_scalar_addcarryx_u32(&x572, &x573, x571, x551, x548); + fiat_secp256k1_scalar_addcarryx_u32(&x574, &x575, x573, x549, x546); + x576 = (x575 + x547); + fiat_secp256k1_scalar_addcarryx_u32(&x577, &x578, 0x0, x526, x560); + fiat_secp256k1_scalar_addcarryx_u32(&x579, &x580, x578, x528, x562); + fiat_secp256k1_scalar_addcarryx_u32(&x581, &x582, x580, x530, x564); + fiat_secp256k1_scalar_addcarryx_u32(&x583, &x584, x582, x532, x566); + fiat_secp256k1_scalar_addcarryx_u32(&x585, &x586, x584, x534, x568); + fiat_secp256k1_scalar_addcarryx_u32(&x587, &x588, x586, x536, x570); + fiat_secp256k1_scalar_addcarryx_u32(&x589, &x590, x588, x538, x572); + fiat_secp256k1_scalar_addcarryx_u32(&x591, &x592, x590, x540, x574); + fiat_secp256k1_scalar_addcarryx_u32(&x593, &x594, x592, x542, x576); + x595 = ((uint32_t)x594 + x543); + fiat_secp256k1_scalar_mulx_u32(&x596, &x597, x6, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x598, &x599, x6, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x600, &x601, x6, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x602, &x603, x6, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x604, &x605, x6, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x606, &x607, x6, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x608, &x609, x6, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x610, &x611, x6, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x612, &x613, 0x0, x611, x608); + fiat_secp256k1_scalar_addcarryx_u32(&x614, &x615, x613, x609, x606); + fiat_secp256k1_scalar_addcarryx_u32(&x616, &x617, x615, x607, x604); + fiat_secp256k1_scalar_addcarryx_u32(&x618, &x619, x617, x605, x602); + fiat_secp256k1_scalar_addcarryx_u32(&x620, &x621, x619, x603, x600); + fiat_secp256k1_scalar_addcarryx_u32(&x622, &x623, x621, x601, x598); + fiat_secp256k1_scalar_addcarryx_u32(&x624, &x625, x623, x599, x596); + x626 = (x625 + x597); + fiat_secp256k1_scalar_addcarryx_u32(&x627, &x628, 0x0, x579, x610); + fiat_secp256k1_scalar_addcarryx_u32(&x629, &x630, x628, x581, x612); + fiat_secp256k1_scalar_addcarryx_u32(&x631, &x632, x630, x583, x614); + fiat_secp256k1_scalar_addcarryx_u32(&x633, &x634, x632, x585, x616); + fiat_secp256k1_scalar_addcarryx_u32(&x635, &x636, x634, x587, x618); + fiat_secp256k1_scalar_addcarryx_u32(&x637, &x638, x636, x589, x620); + fiat_secp256k1_scalar_addcarryx_u32(&x639, &x640, x638, x591, x622); + fiat_secp256k1_scalar_addcarryx_u32(&x641, &x642, x640, x593, x624); + fiat_secp256k1_scalar_addcarryx_u32(&x643, &x644, x642, x595, x626); + fiat_secp256k1_scalar_mulx_u32(&x645, &x646, x627, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x647, &x648, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x649, &x650, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x651, &x652, x645, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x653, &x654, x645, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x655, &x656, x645, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x657, &x658, x645, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x659, &x660, x645, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x661, &x662, x645, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x663, &x664, 0x0, x662, x659); + fiat_secp256k1_scalar_addcarryx_u32(&x665, &x666, x664, x660, x657); + fiat_secp256k1_scalar_addcarryx_u32(&x667, &x668, x666, x658, x655); + fiat_secp256k1_scalar_addcarryx_u32(&x669, &x670, x668, x656, x653); + fiat_secp256k1_scalar_addcarryx_u32(&x671, &x672, x670, x654, x651); + fiat_secp256k1_scalar_addcarryx_u32(&x673, &x674, x672, x652, x649); + fiat_secp256k1_scalar_addcarryx_u32(&x675, &x676, x674, x650, x647); + x677 = (x676 + x648); + fiat_secp256k1_scalar_addcarryx_u32(&x678, &x679, 0x0, x627, x661); + fiat_secp256k1_scalar_addcarryx_u32(&x680, &x681, x679, x629, x663); + fiat_secp256k1_scalar_addcarryx_u32(&x682, &x683, x681, x631, x665); + fiat_secp256k1_scalar_addcarryx_u32(&x684, &x685, x683, x633, x667); + fiat_secp256k1_scalar_addcarryx_u32(&x686, &x687, x685, x635, x669); + fiat_secp256k1_scalar_addcarryx_u32(&x688, &x689, x687, x637, x671); + fiat_secp256k1_scalar_addcarryx_u32(&x690, &x691, x689, x639, x673); + fiat_secp256k1_scalar_addcarryx_u32(&x692, &x693, x691, x641, x675); + fiat_secp256k1_scalar_addcarryx_u32(&x694, &x695, x693, x643, x677); + x696 = ((uint32_t)x695 + x644); + fiat_secp256k1_scalar_mulx_u32(&x697, &x698, x7, (arg1[7])); + fiat_secp256k1_scalar_mulx_u32(&x699, &x700, x7, (arg1[6])); + fiat_secp256k1_scalar_mulx_u32(&x701, &x702, x7, (arg1[5])); + fiat_secp256k1_scalar_mulx_u32(&x703, &x704, x7, (arg1[4])); + fiat_secp256k1_scalar_mulx_u32(&x705, &x706, x7, (arg1[3])); + fiat_secp256k1_scalar_mulx_u32(&x707, &x708, x7, (arg1[2])); + fiat_secp256k1_scalar_mulx_u32(&x709, &x710, x7, (arg1[1])); + fiat_secp256k1_scalar_mulx_u32(&x711, &x712, x7, (arg1[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x713, &x714, 0x0, x712, x709); + fiat_secp256k1_scalar_addcarryx_u32(&x715, &x716, x714, x710, x707); + fiat_secp256k1_scalar_addcarryx_u32(&x717, &x718, x716, x708, x705); + fiat_secp256k1_scalar_addcarryx_u32(&x719, &x720, x718, x706, x703); + fiat_secp256k1_scalar_addcarryx_u32(&x721, &x722, x720, x704, x701); + fiat_secp256k1_scalar_addcarryx_u32(&x723, &x724, x722, x702, x699); + fiat_secp256k1_scalar_addcarryx_u32(&x725, &x726, x724, x700, x697); + x727 = (x726 + x698); + fiat_secp256k1_scalar_addcarryx_u32(&x728, &x729, 0x0, x680, x711); + fiat_secp256k1_scalar_addcarryx_u32(&x730, &x731, x729, x682, x713); + fiat_secp256k1_scalar_addcarryx_u32(&x732, &x733, x731, x684, x715); + fiat_secp256k1_scalar_addcarryx_u32(&x734, &x735, x733, x686, x717); + fiat_secp256k1_scalar_addcarryx_u32(&x736, &x737, x735, x688, x719); + fiat_secp256k1_scalar_addcarryx_u32(&x738, &x739, x737, x690, x721); + fiat_secp256k1_scalar_addcarryx_u32(&x740, &x741, x739, x692, x723); + fiat_secp256k1_scalar_addcarryx_u32(&x742, &x743, x741, x694, x725); + fiat_secp256k1_scalar_addcarryx_u32(&x744, &x745, x743, x696, x727); + fiat_secp256k1_scalar_mulx_u32(&x746, &x747, x728, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x748, &x749, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x750, &x751, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x752, &x753, x746, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x754, &x755, x746, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x756, &x757, x746, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x758, &x759, x746, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x760, &x761, x746, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x762, &x763, x746, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x764, &x765, 0x0, x763, x760); + fiat_secp256k1_scalar_addcarryx_u32(&x766, &x767, x765, x761, x758); + fiat_secp256k1_scalar_addcarryx_u32(&x768, &x769, x767, x759, x756); + fiat_secp256k1_scalar_addcarryx_u32(&x770, &x771, x769, x757, x754); + fiat_secp256k1_scalar_addcarryx_u32(&x772, &x773, x771, x755, x752); + fiat_secp256k1_scalar_addcarryx_u32(&x774, &x775, x773, x753, x750); + fiat_secp256k1_scalar_addcarryx_u32(&x776, &x777, x775, x751, x748); + x778 = (x777 + x749); + fiat_secp256k1_scalar_addcarryx_u32(&x779, &x780, 0x0, x728, x762); + fiat_secp256k1_scalar_addcarryx_u32(&x781, &x782, x780, x730, x764); + fiat_secp256k1_scalar_addcarryx_u32(&x783, &x784, x782, x732, x766); + fiat_secp256k1_scalar_addcarryx_u32(&x785, &x786, x784, x734, x768); + fiat_secp256k1_scalar_addcarryx_u32(&x787, &x788, x786, x736, x770); + fiat_secp256k1_scalar_addcarryx_u32(&x789, &x790, x788, x738, x772); + fiat_secp256k1_scalar_addcarryx_u32(&x791, &x792, x790, x740, x774); + fiat_secp256k1_scalar_addcarryx_u32(&x793, &x794, x792, x742, x776); + fiat_secp256k1_scalar_addcarryx_u32(&x795, &x796, x794, x744, x778); + x797 = ((uint32_t)x796 + x745); + fiat_secp256k1_scalar_subborrowx_u32(&x798, &x799, 0x0, x781, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x800, &x801, x799, x783, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x802, &x803, x801, x785, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x804, &x805, x803, x787, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x806, &x807, x805, x789, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x808, &x809, x807, x791, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x810, &x811, x809, x793, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x812, &x813, x811, x795, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x814, &x815, x813, x797, 0x0); + fiat_secp256k1_scalar_cmovznz_u32(&x816, x815, x798, x781); + fiat_secp256k1_scalar_cmovznz_u32(&x817, x815, x800, x783); + fiat_secp256k1_scalar_cmovznz_u32(&x818, x815, x802, x785); + fiat_secp256k1_scalar_cmovznz_u32(&x819, x815, x804, x787); + fiat_secp256k1_scalar_cmovznz_u32(&x820, x815, x806, x789); + fiat_secp256k1_scalar_cmovznz_u32(&x821, x815, x808, x791); + fiat_secp256k1_scalar_cmovznz_u32(&x822, x815, x810, x793); + fiat_secp256k1_scalar_cmovznz_u32(&x823, x815, x812, x795); + out1[0] = x816; + out1[1] = x817; + out1[2] = x818; + out1[3] = x819; + out1[4] = x820; + out1[5] = x821; + out1[6] = x822; + out1[7] = x823; +} + +/* + * The function fiat_secp256k1_scalar_add adds two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_add(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg2) { + uint32_t x1; + fiat_secp256k1_scalar_uint1 x2; + uint32_t x3; + fiat_secp256k1_scalar_uint1 x4; + uint32_t x5; + fiat_secp256k1_scalar_uint1 x6; + uint32_t x7; + fiat_secp256k1_scalar_uint1 x8; + uint32_t x9; + fiat_secp256k1_scalar_uint1 x10; + uint32_t x11; + fiat_secp256k1_scalar_uint1 x12; + uint32_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint32_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint32_t x17; + fiat_secp256k1_scalar_uint1 x18; + uint32_t x19; + fiat_secp256k1_scalar_uint1 x20; + uint32_t x21; + fiat_secp256k1_scalar_uint1 x22; + uint32_t x23; + fiat_secp256k1_scalar_uint1 x24; + uint32_t x25; + fiat_secp256k1_scalar_uint1 x26; + uint32_t x27; + fiat_secp256k1_scalar_uint1 x28; + uint32_t x29; + fiat_secp256k1_scalar_uint1 x30; + uint32_t x31; + fiat_secp256k1_scalar_uint1 x32; + uint32_t x33; + fiat_secp256k1_scalar_uint1 x34; + uint32_t x35; + uint32_t x36; + uint32_t x37; + uint32_t x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + fiat_secp256k1_scalar_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_scalar_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_scalar_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_scalar_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_scalar_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + fiat_secp256k1_scalar_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + fiat_secp256k1_scalar_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_secp256k1_scalar_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_secp256k1_scalar_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x19, &x20, x18, x3, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x21, &x22, x20, x5, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x23, &x24, x22, x7, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x25, &x26, x24, x9, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x27, &x28, x26, x11, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x29, &x30, x28, x13, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x31, &x32, x30, x15, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x33, &x34, x32, x16, 0x0); + fiat_secp256k1_scalar_cmovznz_u32(&x35, x34, x17, x1); + fiat_secp256k1_scalar_cmovznz_u32(&x36, x34, x19, x3); + fiat_secp256k1_scalar_cmovznz_u32(&x37, x34, x21, x5); + fiat_secp256k1_scalar_cmovznz_u32(&x38, x34, x23, x7); + fiat_secp256k1_scalar_cmovznz_u32(&x39, x34, x25, x9); + fiat_secp256k1_scalar_cmovznz_u32(&x40, x34, x27, x11); + fiat_secp256k1_scalar_cmovznz_u32(&x41, x34, x29, x13); + fiat_secp256k1_scalar_cmovznz_u32(&x42, x34, x31, x15); + out1[0] = x35; + out1[1] = x36; + out1[2] = x37; + out1[3] = x38; + out1[4] = x39; + out1[5] = x40; + out1[6] = x41; + out1[7] = x42; +} + +/* + * The function fiat_secp256k1_scalar_sub subtracts two field elements in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_sub(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg2) { + uint32_t x1; + fiat_secp256k1_scalar_uint1 x2; + uint32_t x3; + fiat_secp256k1_scalar_uint1 x4; + uint32_t x5; + fiat_secp256k1_scalar_uint1 x6; + uint32_t x7; + fiat_secp256k1_scalar_uint1 x8; + uint32_t x9; + fiat_secp256k1_scalar_uint1 x10; + uint32_t x11; + fiat_secp256k1_scalar_uint1 x12; + uint32_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint32_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint32_t x17; + uint32_t x18; + fiat_secp256k1_scalar_uint1 x19; + uint32_t x20; + fiat_secp256k1_scalar_uint1 x21; + uint32_t x22; + fiat_secp256k1_scalar_uint1 x23; + uint32_t x24; + fiat_secp256k1_scalar_uint1 x25; + uint32_t x26; + fiat_secp256k1_scalar_uint1 x27; + uint32_t x28; + fiat_secp256k1_scalar_uint1 x29; + uint32_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint32_t x32; + fiat_secp256k1_scalar_uint1 x33; + fiat_secp256k1_scalar_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + fiat_secp256k1_scalar_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + fiat_secp256k1_scalar_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + fiat_secp256k1_scalar_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_scalar_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + fiat_secp256k1_scalar_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + fiat_secp256k1_scalar_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_secp256k1_scalar_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_secp256k1_scalar_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xd0364141))); + fiat_secp256k1_scalar_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xbfd25e8c))); + fiat_secp256k1_scalar_addcarryx_u32(&x22, &x23, x21, x5, (x17 & UINT32_C(0xaf48a03b))); + fiat_secp256k1_scalar_addcarryx_u32(&x24, &x25, x23, x7, (x17 & UINT32_C(0xbaaedce6))); + fiat_secp256k1_scalar_addcarryx_u32(&x26, &x27, x25, x9, (x17 & UINT32_C(0xfffffffe))); + fiat_secp256k1_scalar_addcarryx_u32(&x28, &x29, x27, x11, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x30, &x31, x29, x13, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * The function fiat_secp256k1_scalar_opp negates a field element in the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_opp(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1) { + uint32_t x1; + fiat_secp256k1_scalar_uint1 x2; + uint32_t x3; + fiat_secp256k1_scalar_uint1 x4; + uint32_t x5; + fiat_secp256k1_scalar_uint1 x6; + uint32_t x7; + fiat_secp256k1_scalar_uint1 x8; + uint32_t x9; + fiat_secp256k1_scalar_uint1 x10; + uint32_t x11; + fiat_secp256k1_scalar_uint1 x12; + uint32_t x13; + fiat_secp256k1_scalar_uint1 x14; + uint32_t x15; + fiat_secp256k1_scalar_uint1 x16; + uint32_t x17; + uint32_t x18; + fiat_secp256k1_scalar_uint1 x19; + uint32_t x20; + fiat_secp256k1_scalar_uint1 x21; + uint32_t x22; + fiat_secp256k1_scalar_uint1 x23; + uint32_t x24; + fiat_secp256k1_scalar_uint1 x25; + uint32_t x26; + fiat_secp256k1_scalar_uint1 x27; + uint32_t x28; + fiat_secp256k1_scalar_uint1 x29; + uint32_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint32_t x32; + fiat_secp256k1_scalar_uint1 x33; + fiat_secp256k1_scalar_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); + fiat_secp256k1_scalar_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); + fiat_secp256k1_scalar_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); + fiat_secp256k1_scalar_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_secp256k1_scalar_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); + fiat_secp256k1_scalar_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); + fiat_secp256k1_scalar_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); + fiat_secp256k1_scalar_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); + fiat_secp256k1_scalar_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xd0364141))); + fiat_secp256k1_scalar_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xbfd25e8c))); + fiat_secp256k1_scalar_addcarryx_u32(&x22, &x23, x21, x5, (x17 & UINT32_C(0xaf48a03b))); + fiat_secp256k1_scalar_addcarryx_u32(&x24, &x25, x23, x7, (x17 & UINT32_C(0xbaaedce6))); + fiat_secp256k1_scalar_addcarryx_u32(&x26, &x27, x25, x9, (x17 & UINT32_C(0xfffffffe))); + fiat_secp256k1_scalar_addcarryx_u32(&x28, &x29, x27, x11, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x30, &x31, x29, x13, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * The function fiat_secp256k1_scalar_from_montgomery translates a field element out of the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_from_montgomery(fiat_secp256k1_scalar_non_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_montgomery_domain_field_element arg1) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + fiat_secp256k1_scalar_uint1 x21; + uint32_t x22; + fiat_secp256k1_scalar_uint1 x23; + uint32_t x24; + fiat_secp256k1_scalar_uint1 x25; + uint32_t x26; + fiat_secp256k1_scalar_uint1 x27; + uint32_t x28; + fiat_secp256k1_scalar_uint1 x29; + uint32_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint32_t x32; + fiat_secp256k1_scalar_uint1 x33; + uint32_t x34; + fiat_secp256k1_scalar_uint1 x35; + uint32_t x36; + fiat_secp256k1_scalar_uint1 x37; + uint32_t x38; + fiat_secp256k1_scalar_uint1 x39; + uint32_t x40; + fiat_secp256k1_scalar_uint1 x41; + uint32_t x42; + fiat_secp256k1_scalar_uint1 x43; + uint32_t x44; + fiat_secp256k1_scalar_uint1 x45; + uint32_t x46; + fiat_secp256k1_scalar_uint1 x47; + uint32_t x48; + fiat_secp256k1_scalar_uint1 x49; + uint32_t x50; + fiat_secp256k1_scalar_uint1 x51; + uint32_t x52; + fiat_secp256k1_scalar_uint1 x53; + uint32_t x54; + fiat_secp256k1_scalar_uint1 x55; + uint32_t x56; + fiat_secp256k1_scalar_uint1 x57; + uint32_t x58; + fiat_secp256k1_scalar_uint1 x59; + uint32_t x60; + fiat_secp256k1_scalar_uint1 x61; + uint32_t x62; + fiat_secp256k1_scalar_uint1 x63; + uint32_t x64; + fiat_secp256k1_scalar_uint1 x65; + uint32_t x66; + fiat_secp256k1_scalar_uint1 x67; + uint32_t x68; + uint32_t x69; + uint32_t x70; + uint32_t x71; + uint32_t x72; + uint32_t x73; + uint32_t x74; + uint32_t x75; + uint32_t x76; + uint32_t x77; + uint32_t x78; + uint32_t x79; + uint32_t x80; + uint32_t x81; + uint32_t x82; + uint32_t x83; + uint32_t x84; + uint32_t x85; + uint32_t x86; + fiat_secp256k1_scalar_uint1 x87; + uint32_t x88; + fiat_secp256k1_scalar_uint1 x89; + uint32_t x90; + fiat_secp256k1_scalar_uint1 x91; + uint32_t x92; + fiat_secp256k1_scalar_uint1 x93; + uint32_t x94; + fiat_secp256k1_scalar_uint1 x95; + uint32_t x96; + fiat_secp256k1_scalar_uint1 x97; + uint32_t x98; + fiat_secp256k1_scalar_uint1 x99; + uint32_t x100; + fiat_secp256k1_scalar_uint1 x101; + uint32_t x102; + fiat_secp256k1_scalar_uint1 x103; + uint32_t x104; + fiat_secp256k1_scalar_uint1 x105; + uint32_t x106; + fiat_secp256k1_scalar_uint1 x107; + uint32_t x108; + fiat_secp256k1_scalar_uint1 x109; + uint32_t x110; + fiat_secp256k1_scalar_uint1 x111; + uint32_t x112; + fiat_secp256k1_scalar_uint1 x113; + uint32_t x114; + fiat_secp256k1_scalar_uint1 x115; + uint32_t x116; + fiat_secp256k1_scalar_uint1 x117; + uint32_t x118; + fiat_secp256k1_scalar_uint1 x119; + uint32_t x120; + fiat_secp256k1_scalar_uint1 x121; + uint32_t x122; + fiat_secp256k1_scalar_uint1 x123; + uint32_t x124; + fiat_secp256k1_scalar_uint1 x125; + uint32_t x126; + fiat_secp256k1_scalar_uint1 x127; + uint32_t x128; + fiat_secp256k1_scalar_uint1 x129; + uint32_t x130; + fiat_secp256k1_scalar_uint1 x131; + uint32_t x132; + fiat_secp256k1_scalar_uint1 x133; + uint32_t x134; + uint32_t x135; + uint32_t x136; + uint32_t x137; + uint32_t x138; + uint32_t x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + fiat_secp256k1_scalar_uint1 x153; + uint32_t x154; + fiat_secp256k1_scalar_uint1 x155; + uint32_t x156; + fiat_secp256k1_scalar_uint1 x157; + uint32_t x158; + fiat_secp256k1_scalar_uint1 x159; + uint32_t x160; + fiat_secp256k1_scalar_uint1 x161; + uint32_t x162; + fiat_secp256k1_scalar_uint1 x163; + uint32_t x164; + fiat_secp256k1_scalar_uint1 x165; + uint32_t x166; + fiat_secp256k1_scalar_uint1 x167; + uint32_t x168; + fiat_secp256k1_scalar_uint1 x169; + uint32_t x170; + fiat_secp256k1_scalar_uint1 x171; + uint32_t x172; + fiat_secp256k1_scalar_uint1 x173; + uint32_t x174; + fiat_secp256k1_scalar_uint1 x175; + uint32_t x176; + fiat_secp256k1_scalar_uint1 x177; + uint32_t x178; + fiat_secp256k1_scalar_uint1 x179; + uint32_t x180; + fiat_secp256k1_scalar_uint1 x181; + uint32_t x182; + fiat_secp256k1_scalar_uint1 x183; + uint32_t x184; + fiat_secp256k1_scalar_uint1 x185; + uint32_t x186; + fiat_secp256k1_scalar_uint1 x187; + uint32_t x188; + fiat_secp256k1_scalar_uint1 x189; + uint32_t x190; + fiat_secp256k1_scalar_uint1 x191; + uint32_t x192; + fiat_secp256k1_scalar_uint1 x193; + uint32_t x194; + fiat_secp256k1_scalar_uint1 x195; + uint32_t x196; + fiat_secp256k1_scalar_uint1 x197; + uint32_t x198; + fiat_secp256k1_scalar_uint1 x199; + uint32_t x200; + uint32_t x201; + uint32_t x202; + uint32_t x203; + uint32_t x204; + uint32_t x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + uint32_t x209; + uint32_t x210; + uint32_t x211; + uint32_t x212; + uint32_t x213; + uint32_t x214; + uint32_t x215; + uint32_t x216; + uint32_t x217; + uint32_t x218; + fiat_secp256k1_scalar_uint1 x219; + uint32_t x220; + fiat_secp256k1_scalar_uint1 x221; + uint32_t x222; + fiat_secp256k1_scalar_uint1 x223; + uint32_t x224; + fiat_secp256k1_scalar_uint1 x225; + uint32_t x226; + fiat_secp256k1_scalar_uint1 x227; + uint32_t x228; + fiat_secp256k1_scalar_uint1 x229; + uint32_t x230; + fiat_secp256k1_scalar_uint1 x231; + uint32_t x232; + fiat_secp256k1_scalar_uint1 x233; + uint32_t x234; + fiat_secp256k1_scalar_uint1 x235; + uint32_t x236; + fiat_secp256k1_scalar_uint1 x237; + uint32_t x238; + fiat_secp256k1_scalar_uint1 x239; + uint32_t x240; + fiat_secp256k1_scalar_uint1 x241; + uint32_t x242; + fiat_secp256k1_scalar_uint1 x243; + uint32_t x244; + fiat_secp256k1_scalar_uint1 x245; + uint32_t x246; + fiat_secp256k1_scalar_uint1 x247; + uint32_t x248; + fiat_secp256k1_scalar_uint1 x249; + uint32_t x250; + fiat_secp256k1_scalar_uint1 x251; + uint32_t x252; + fiat_secp256k1_scalar_uint1 x253; + uint32_t x254; + fiat_secp256k1_scalar_uint1 x255; + uint32_t x256; + fiat_secp256k1_scalar_uint1 x257; + uint32_t x258; + fiat_secp256k1_scalar_uint1 x259; + uint32_t x260; + fiat_secp256k1_scalar_uint1 x261; + uint32_t x262; + fiat_secp256k1_scalar_uint1 x263; + uint32_t x264; + fiat_secp256k1_scalar_uint1 x265; + uint32_t x266; + uint32_t x267; + uint32_t x268; + uint32_t x269; + uint32_t x270; + uint32_t x271; + uint32_t x272; + uint32_t x273; + uint32_t x274; + uint32_t x275; + uint32_t x276; + uint32_t x277; + uint32_t x278; + uint32_t x279; + uint32_t x280; + uint32_t x281; + uint32_t x282; + uint32_t x283; + uint32_t x284; + fiat_secp256k1_scalar_uint1 x285; + uint32_t x286; + fiat_secp256k1_scalar_uint1 x287; + uint32_t x288; + fiat_secp256k1_scalar_uint1 x289; + uint32_t x290; + fiat_secp256k1_scalar_uint1 x291; + uint32_t x292; + fiat_secp256k1_scalar_uint1 x293; + uint32_t x294; + fiat_secp256k1_scalar_uint1 x295; + uint32_t x296; + fiat_secp256k1_scalar_uint1 x297; + uint32_t x298; + fiat_secp256k1_scalar_uint1 x299; + uint32_t x300; + fiat_secp256k1_scalar_uint1 x301; + uint32_t x302; + fiat_secp256k1_scalar_uint1 x303; + uint32_t x304; + fiat_secp256k1_scalar_uint1 x305; + uint32_t x306; + fiat_secp256k1_scalar_uint1 x307; + uint32_t x308; + fiat_secp256k1_scalar_uint1 x309; + uint32_t x310; + fiat_secp256k1_scalar_uint1 x311; + uint32_t x312; + fiat_secp256k1_scalar_uint1 x313; + uint32_t x314; + fiat_secp256k1_scalar_uint1 x315; + uint32_t x316; + fiat_secp256k1_scalar_uint1 x317; + uint32_t x318; + fiat_secp256k1_scalar_uint1 x319; + uint32_t x320; + fiat_secp256k1_scalar_uint1 x321; + uint32_t x322; + fiat_secp256k1_scalar_uint1 x323; + uint32_t x324; + fiat_secp256k1_scalar_uint1 x325; + uint32_t x326; + fiat_secp256k1_scalar_uint1 x327; + uint32_t x328; + fiat_secp256k1_scalar_uint1 x329; + uint32_t x330; + fiat_secp256k1_scalar_uint1 x331; + uint32_t x332; + uint32_t x333; + uint32_t x334; + uint32_t x335; + uint32_t x336; + uint32_t x337; + uint32_t x338; + uint32_t x339; + uint32_t x340; + uint32_t x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + uint32_t x346; + uint32_t x347; + uint32_t x348; + uint32_t x349; + uint32_t x350; + fiat_secp256k1_scalar_uint1 x351; + uint32_t x352; + fiat_secp256k1_scalar_uint1 x353; + uint32_t x354; + fiat_secp256k1_scalar_uint1 x355; + uint32_t x356; + fiat_secp256k1_scalar_uint1 x357; + uint32_t x358; + fiat_secp256k1_scalar_uint1 x359; + uint32_t x360; + fiat_secp256k1_scalar_uint1 x361; + uint32_t x362; + fiat_secp256k1_scalar_uint1 x363; + uint32_t x364; + fiat_secp256k1_scalar_uint1 x365; + uint32_t x366; + fiat_secp256k1_scalar_uint1 x367; + uint32_t x368; + fiat_secp256k1_scalar_uint1 x369; + uint32_t x370; + fiat_secp256k1_scalar_uint1 x371; + uint32_t x372; + fiat_secp256k1_scalar_uint1 x373; + uint32_t x374; + fiat_secp256k1_scalar_uint1 x375; + uint32_t x376; + fiat_secp256k1_scalar_uint1 x377; + uint32_t x378; + fiat_secp256k1_scalar_uint1 x379; + uint32_t x380; + fiat_secp256k1_scalar_uint1 x381; + uint32_t x382; + fiat_secp256k1_scalar_uint1 x383; + uint32_t x384; + fiat_secp256k1_scalar_uint1 x385; + uint32_t x386; + fiat_secp256k1_scalar_uint1 x387; + uint32_t x388; + fiat_secp256k1_scalar_uint1 x389; + uint32_t x390; + fiat_secp256k1_scalar_uint1 x391; + uint32_t x392; + fiat_secp256k1_scalar_uint1 x393; + uint32_t x394; + fiat_secp256k1_scalar_uint1 x395; + uint32_t x396; + fiat_secp256k1_scalar_uint1 x397; + uint32_t x398; + uint32_t x399; + uint32_t x400; + uint32_t x401; + uint32_t x402; + uint32_t x403; + uint32_t x404; + uint32_t x405; + uint32_t x406; + uint32_t x407; + uint32_t x408; + uint32_t x409; + uint32_t x410; + uint32_t x411; + uint32_t x412; + uint32_t x413; + uint32_t x414; + uint32_t x415; + uint32_t x416; + fiat_secp256k1_scalar_uint1 x417; + uint32_t x418; + fiat_secp256k1_scalar_uint1 x419; + uint32_t x420; + fiat_secp256k1_scalar_uint1 x421; + uint32_t x422; + fiat_secp256k1_scalar_uint1 x423; + uint32_t x424; + fiat_secp256k1_scalar_uint1 x425; + uint32_t x426; + fiat_secp256k1_scalar_uint1 x427; + uint32_t x428; + fiat_secp256k1_scalar_uint1 x429; + uint32_t x430; + fiat_secp256k1_scalar_uint1 x431; + uint32_t x432; + fiat_secp256k1_scalar_uint1 x433; + uint32_t x434; + fiat_secp256k1_scalar_uint1 x435; + uint32_t x436; + fiat_secp256k1_scalar_uint1 x437; + uint32_t x438; + fiat_secp256k1_scalar_uint1 x439; + uint32_t x440; + fiat_secp256k1_scalar_uint1 x441; + uint32_t x442; + fiat_secp256k1_scalar_uint1 x443; + uint32_t x444; + fiat_secp256k1_scalar_uint1 x445; + uint32_t x446; + fiat_secp256k1_scalar_uint1 x447; + uint32_t x448; + fiat_secp256k1_scalar_uint1 x449; + uint32_t x450; + fiat_secp256k1_scalar_uint1 x451; + uint32_t x452; + fiat_secp256k1_scalar_uint1 x453; + uint32_t x454; + fiat_secp256k1_scalar_uint1 x455; + uint32_t x456; + fiat_secp256k1_scalar_uint1 x457; + uint32_t x458; + fiat_secp256k1_scalar_uint1 x459; + uint32_t x460; + fiat_secp256k1_scalar_uint1 x461; + uint32_t x462; + fiat_secp256k1_scalar_uint1 x463; + uint32_t x464; + uint32_t x465; + uint32_t x466; + uint32_t x467; + uint32_t x468; + uint32_t x469; + uint32_t x470; + uint32_t x471; + uint32_t x472; + uint32_t x473; + uint32_t x474; + uint32_t x475; + uint32_t x476; + uint32_t x477; + uint32_t x478; + uint32_t x479; + uint32_t x480; + uint32_t x481; + uint32_t x482; + fiat_secp256k1_scalar_uint1 x483; + uint32_t x484; + fiat_secp256k1_scalar_uint1 x485; + uint32_t x486; + fiat_secp256k1_scalar_uint1 x487; + uint32_t x488; + fiat_secp256k1_scalar_uint1 x489; + uint32_t x490; + fiat_secp256k1_scalar_uint1 x491; + uint32_t x492; + fiat_secp256k1_scalar_uint1 x493; + uint32_t x494; + fiat_secp256k1_scalar_uint1 x495; + uint32_t x496; + fiat_secp256k1_scalar_uint1 x497; + uint32_t x498; + fiat_secp256k1_scalar_uint1 x499; + uint32_t x500; + fiat_secp256k1_scalar_uint1 x501; + uint32_t x502; + fiat_secp256k1_scalar_uint1 x503; + uint32_t x504; + fiat_secp256k1_scalar_uint1 x505; + uint32_t x506; + fiat_secp256k1_scalar_uint1 x507; + uint32_t x508; + fiat_secp256k1_scalar_uint1 x509; + uint32_t x510; + fiat_secp256k1_scalar_uint1 x511; + uint32_t x512; + fiat_secp256k1_scalar_uint1 x513; + uint32_t x514; + fiat_secp256k1_scalar_uint1 x515; + uint32_t x516; + fiat_secp256k1_scalar_uint1 x517; + uint32_t x518; + fiat_secp256k1_scalar_uint1 x519; + uint32_t x520; + fiat_secp256k1_scalar_uint1 x521; + uint32_t x522; + fiat_secp256k1_scalar_uint1 x523; + uint32_t x524; + fiat_secp256k1_scalar_uint1 x525; + uint32_t x526; + fiat_secp256k1_scalar_uint1 x527; + uint32_t x528; + fiat_secp256k1_scalar_uint1 x529; + uint32_t x530; + fiat_secp256k1_scalar_uint1 x531; + uint32_t x532; + uint32_t x533; + uint32_t x534; + uint32_t x535; + uint32_t x536; + uint32_t x537; + uint32_t x538; + uint32_t x539; + x1 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u32(&x2, &x3, x1, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x4, &x5, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x6, &x7, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x8, &x9, x2, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x10, &x11, x2, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x12, &x13, x2, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x14, &x15, x2, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x16, &x17, x2, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x18, &x19, x2, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x20, &x21, 0x0, x19, x16); + fiat_secp256k1_scalar_addcarryx_u32(&x22, &x23, x21, x17, x14); + fiat_secp256k1_scalar_addcarryx_u32(&x24, &x25, x23, x15, x12); + fiat_secp256k1_scalar_addcarryx_u32(&x26, &x27, x25, x13, x10); + fiat_secp256k1_scalar_addcarryx_u32(&x28, &x29, x27, x11, x8); + fiat_secp256k1_scalar_addcarryx_u32(&x30, &x31, x29, x9, x6); + fiat_secp256k1_scalar_addcarryx_u32(&x32, &x33, x31, x7, x4); + fiat_secp256k1_scalar_addcarryx_u32(&x34, &x35, 0x0, x1, x18); + fiat_secp256k1_scalar_addcarryx_u32(&x36, &x37, x35, 0x0, x20); + fiat_secp256k1_scalar_addcarryx_u32(&x38, &x39, x37, 0x0, x22); + fiat_secp256k1_scalar_addcarryx_u32(&x40, &x41, x39, 0x0, x24); + fiat_secp256k1_scalar_addcarryx_u32(&x42, &x43, x41, 0x0, x26); + fiat_secp256k1_scalar_addcarryx_u32(&x44, &x45, x43, 0x0, x28); + fiat_secp256k1_scalar_addcarryx_u32(&x46, &x47, x45, 0x0, x30); + fiat_secp256k1_scalar_addcarryx_u32(&x48, &x49, x47, 0x0, x32); + fiat_secp256k1_scalar_addcarryx_u32(&x50, &x51, x49, 0x0, (x33 + x5)); + fiat_secp256k1_scalar_addcarryx_u32(&x52, &x53, 0x0, x36, (arg1[1])); + fiat_secp256k1_scalar_addcarryx_u32(&x54, &x55, x53, x38, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x56, &x57, x55, x40, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x58, &x59, x57, x42, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x60, &x61, x59, x44, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x62, &x63, x61, x46, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x64, &x65, x63, x48, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x66, &x67, x65, x50, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x68, &x69, x52, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x70, &x71, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x72, &x73, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x74, &x75, x68, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x76, &x77, x68, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x78, &x79, x68, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x80, &x81, x68, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x82, &x83, x68, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x84, &x85, x68, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x86, &x87, 0x0, x85, x82); + fiat_secp256k1_scalar_addcarryx_u32(&x88, &x89, x87, x83, x80); + fiat_secp256k1_scalar_addcarryx_u32(&x90, &x91, x89, x81, x78); + fiat_secp256k1_scalar_addcarryx_u32(&x92, &x93, x91, x79, x76); + fiat_secp256k1_scalar_addcarryx_u32(&x94, &x95, x93, x77, x74); + fiat_secp256k1_scalar_addcarryx_u32(&x96, &x97, x95, x75, x72); + fiat_secp256k1_scalar_addcarryx_u32(&x98, &x99, x97, x73, x70); + fiat_secp256k1_scalar_addcarryx_u32(&x100, &x101, 0x0, x52, x84); + fiat_secp256k1_scalar_addcarryx_u32(&x102, &x103, x101, x54, x86); + fiat_secp256k1_scalar_addcarryx_u32(&x104, &x105, x103, x56, x88); + fiat_secp256k1_scalar_addcarryx_u32(&x106, &x107, x105, x58, x90); + fiat_secp256k1_scalar_addcarryx_u32(&x108, &x109, x107, x60, x92); + fiat_secp256k1_scalar_addcarryx_u32(&x110, &x111, x109, x62, x94); + fiat_secp256k1_scalar_addcarryx_u32(&x112, &x113, x111, x64, x96); + fiat_secp256k1_scalar_addcarryx_u32(&x114, &x115, x113, x66, x98); + fiat_secp256k1_scalar_addcarryx_u32(&x116, &x117, x115, ((uint32_t)x67 + x51), (x99 + x71)); + fiat_secp256k1_scalar_addcarryx_u32(&x118, &x119, 0x0, x102, (arg1[2])); + fiat_secp256k1_scalar_addcarryx_u32(&x120, &x121, x119, x104, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x122, &x123, x121, x106, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x124, &x125, x123, x108, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x126, &x127, x125, x110, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x128, &x129, x127, x112, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x130, &x131, x129, x114, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x132, &x133, x131, x116, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x134, &x135, x118, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x136, &x137, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x138, &x139, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x140, &x141, x134, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x142, &x143, x134, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x144, &x145, x134, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x146, &x147, x134, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x148, &x149, x134, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x150, &x151, x134, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x152, &x153, 0x0, x151, x148); + fiat_secp256k1_scalar_addcarryx_u32(&x154, &x155, x153, x149, x146); + fiat_secp256k1_scalar_addcarryx_u32(&x156, &x157, x155, x147, x144); + fiat_secp256k1_scalar_addcarryx_u32(&x158, &x159, x157, x145, x142); + fiat_secp256k1_scalar_addcarryx_u32(&x160, &x161, x159, x143, x140); + fiat_secp256k1_scalar_addcarryx_u32(&x162, &x163, x161, x141, x138); + fiat_secp256k1_scalar_addcarryx_u32(&x164, &x165, x163, x139, x136); + fiat_secp256k1_scalar_addcarryx_u32(&x166, &x167, 0x0, x118, x150); + fiat_secp256k1_scalar_addcarryx_u32(&x168, &x169, x167, x120, x152); + fiat_secp256k1_scalar_addcarryx_u32(&x170, &x171, x169, x122, x154); + fiat_secp256k1_scalar_addcarryx_u32(&x172, &x173, x171, x124, x156); + fiat_secp256k1_scalar_addcarryx_u32(&x174, &x175, x173, x126, x158); + fiat_secp256k1_scalar_addcarryx_u32(&x176, &x177, x175, x128, x160); + fiat_secp256k1_scalar_addcarryx_u32(&x178, &x179, x177, x130, x162); + fiat_secp256k1_scalar_addcarryx_u32(&x180, &x181, x179, x132, x164); + fiat_secp256k1_scalar_addcarryx_u32(&x182, &x183, x181, ((uint32_t)x133 + x117), (x165 + x137)); + fiat_secp256k1_scalar_addcarryx_u32(&x184, &x185, 0x0, x168, (arg1[3])); + fiat_secp256k1_scalar_addcarryx_u32(&x186, &x187, x185, x170, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x188, &x189, x187, x172, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x190, &x191, x189, x174, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x192, &x193, x191, x176, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x194, &x195, x193, x178, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x196, &x197, x195, x180, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x198, &x199, x197, x182, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x200, &x201, x184, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x202, &x203, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x204, &x205, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x206, &x207, x200, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x208, &x209, x200, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x210, &x211, x200, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x212, &x213, x200, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x214, &x215, x200, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x216, &x217, x200, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x218, &x219, 0x0, x217, x214); + fiat_secp256k1_scalar_addcarryx_u32(&x220, &x221, x219, x215, x212); + fiat_secp256k1_scalar_addcarryx_u32(&x222, &x223, x221, x213, x210); + fiat_secp256k1_scalar_addcarryx_u32(&x224, &x225, x223, x211, x208); + fiat_secp256k1_scalar_addcarryx_u32(&x226, &x227, x225, x209, x206); + fiat_secp256k1_scalar_addcarryx_u32(&x228, &x229, x227, x207, x204); + fiat_secp256k1_scalar_addcarryx_u32(&x230, &x231, x229, x205, x202); + fiat_secp256k1_scalar_addcarryx_u32(&x232, &x233, 0x0, x184, x216); + fiat_secp256k1_scalar_addcarryx_u32(&x234, &x235, x233, x186, x218); + fiat_secp256k1_scalar_addcarryx_u32(&x236, &x237, x235, x188, x220); + fiat_secp256k1_scalar_addcarryx_u32(&x238, &x239, x237, x190, x222); + fiat_secp256k1_scalar_addcarryx_u32(&x240, &x241, x239, x192, x224); + fiat_secp256k1_scalar_addcarryx_u32(&x242, &x243, x241, x194, x226); + fiat_secp256k1_scalar_addcarryx_u32(&x244, &x245, x243, x196, x228); + fiat_secp256k1_scalar_addcarryx_u32(&x246, &x247, x245, x198, x230); + fiat_secp256k1_scalar_addcarryx_u32(&x248, &x249, x247, ((uint32_t)x199 + x183), (x231 + x203)); + fiat_secp256k1_scalar_addcarryx_u32(&x250, &x251, 0x0, x234, (arg1[4])); + fiat_secp256k1_scalar_addcarryx_u32(&x252, &x253, x251, x236, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x254, &x255, x253, x238, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x256, &x257, x255, x240, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x258, &x259, x257, x242, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x260, &x261, x259, x244, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x262, &x263, x261, x246, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x264, &x265, x263, x248, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x266, &x267, x250, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x268, &x269, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x270, &x271, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x272, &x273, x266, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x274, &x275, x266, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x276, &x277, x266, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x278, &x279, x266, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x280, &x281, x266, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x282, &x283, x266, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x284, &x285, 0x0, x283, x280); + fiat_secp256k1_scalar_addcarryx_u32(&x286, &x287, x285, x281, x278); + fiat_secp256k1_scalar_addcarryx_u32(&x288, &x289, x287, x279, x276); + fiat_secp256k1_scalar_addcarryx_u32(&x290, &x291, x289, x277, x274); + fiat_secp256k1_scalar_addcarryx_u32(&x292, &x293, x291, x275, x272); + fiat_secp256k1_scalar_addcarryx_u32(&x294, &x295, x293, x273, x270); + fiat_secp256k1_scalar_addcarryx_u32(&x296, &x297, x295, x271, x268); + fiat_secp256k1_scalar_addcarryx_u32(&x298, &x299, 0x0, x250, x282); + fiat_secp256k1_scalar_addcarryx_u32(&x300, &x301, x299, x252, x284); + fiat_secp256k1_scalar_addcarryx_u32(&x302, &x303, x301, x254, x286); + fiat_secp256k1_scalar_addcarryx_u32(&x304, &x305, x303, x256, x288); + fiat_secp256k1_scalar_addcarryx_u32(&x306, &x307, x305, x258, x290); + fiat_secp256k1_scalar_addcarryx_u32(&x308, &x309, x307, x260, x292); + fiat_secp256k1_scalar_addcarryx_u32(&x310, &x311, x309, x262, x294); + fiat_secp256k1_scalar_addcarryx_u32(&x312, &x313, x311, x264, x296); + fiat_secp256k1_scalar_addcarryx_u32(&x314, &x315, x313, ((uint32_t)x265 + x249), (x297 + x269)); + fiat_secp256k1_scalar_addcarryx_u32(&x316, &x317, 0x0, x300, (arg1[5])); + fiat_secp256k1_scalar_addcarryx_u32(&x318, &x319, x317, x302, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x320, &x321, x319, x304, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x322, &x323, x321, x306, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x324, &x325, x323, x308, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x326, &x327, x325, x310, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x328, &x329, x327, x312, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x330, &x331, x329, x314, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x332, &x333, x316, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x334, &x335, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x336, &x337, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x338, &x339, x332, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x340, &x341, x332, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x342, &x343, x332, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x344, &x345, x332, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x346, &x347, x332, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x348, &x349, x332, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x350, &x351, 0x0, x349, x346); + fiat_secp256k1_scalar_addcarryx_u32(&x352, &x353, x351, x347, x344); + fiat_secp256k1_scalar_addcarryx_u32(&x354, &x355, x353, x345, x342); + fiat_secp256k1_scalar_addcarryx_u32(&x356, &x357, x355, x343, x340); + fiat_secp256k1_scalar_addcarryx_u32(&x358, &x359, x357, x341, x338); + fiat_secp256k1_scalar_addcarryx_u32(&x360, &x361, x359, x339, x336); + fiat_secp256k1_scalar_addcarryx_u32(&x362, &x363, x361, x337, x334); + fiat_secp256k1_scalar_addcarryx_u32(&x364, &x365, 0x0, x316, x348); + fiat_secp256k1_scalar_addcarryx_u32(&x366, &x367, x365, x318, x350); + fiat_secp256k1_scalar_addcarryx_u32(&x368, &x369, x367, x320, x352); + fiat_secp256k1_scalar_addcarryx_u32(&x370, &x371, x369, x322, x354); + fiat_secp256k1_scalar_addcarryx_u32(&x372, &x373, x371, x324, x356); + fiat_secp256k1_scalar_addcarryx_u32(&x374, &x375, x373, x326, x358); + fiat_secp256k1_scalar_addcarryx_u32(&x376, &x377, x375, x328, x360); + fiat_secp256k1_scalar_addcarryx_u32(&x378, &x379, x377, x330, x362); + fiat_secp256k1_scalar_addcarryx_u32(&x380, &x381, x379, ((uint32_t)x331 + x315), (x363 + x335)); + fiat_secp256k1_scalar_addcarryx_u32(&x382, &x383, 0x0, x366, (arg1[6])); + fiat_secp256k1_scalar_addcarryx_u32(&x384, &x385, x383, x368, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x386, &x387, x385, x370, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x388, &x389, x387, x372, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x390, &x391, x389, x374, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x392, &x393, x391, x376, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x394, &x395, x393, x378, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x396, &x397, x395, x380, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x398, &x399, x382, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x400, &x401, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x402, &x403, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x404, &x405, x398, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x406, &x407, x398, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x408, &x409, x398, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x410, &x411, x398, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x412, &x413, x398, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x414, &x415, x398, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x416, &x417, 0x0, x415, x412); + fiat_secp256k1_scalar_addcarryx_u32(&x418, &x419, x417, x413, x410); + fiat_secp256k1_scalar_addcarryx_u32(&x420, &x421, x419, x411, x408); + fiat_secp256k1_scalar_addcarryx_u32(&x422, &x423, x421, x409, x406); + fiat_secp256k1_scalar_addcarryx_u32(&x424, &x425, x423, x407, x404); + fiat_secp256k1_scalar_addcarryx_u32(&x426, &x427, x425, x405, x402); + fiat_secp256k1_scalar_addcarryx_u32(&x428, &x429, x427, x403, x400); + fiat_secp256k1_scalar_addcarryx_u32(&x430, &x431, 0x0, x382, x414); + fiat_secp256k1_scalar_addcarryx_u32(&x432, &x433, x431, x384, x416); + fiat_secp256k1_scalar_addcarryx_u32(&x434, &x435, x433, x386, x418); + fiat_secp256k1_scalar_addcarryx_u32(&x436, &x437, x435, x388, x420); + fiat_secp256k1_scalar_addcarryx_u32(&x438, &x439, x437, x390, x422); + fiat_secp256k1_scalar_addcarryx_u32(&x440, &x441, x439, x392, x424); + fiat_secp256k1_scalar_addcarryx_u32(&x442, &x443, x441, x394, x426); + fiat_secp256k1_scalar_addcarryx_u32(&x444, &x445, x443, x396, x428); + fiat_secp256k1_scalar_addcarryx_u32(&x446, &x447, x445, ((uint32_t)x397 + x381), (x429 + x401)); + fiat_secp256k1_scalar_addcarryx_u32(&x448, &x449, 0x0, x432, (arg1[7])); + fiat_secp256k1_scalar_addcarryx_u32(&x450, &x451, x449, x434, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x452, &x453, x451, x436, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x454, &x455, x453, x438, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x456, &x457, x455, x440, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x458, &x459, x457, x442, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x460, &x461, x459, x444, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x462, &x463, x461, x446, 0x0); + fiat_secp256k1_scalar_mulx_u32(&x464, &x465, x448, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x466, &x467, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x468, &x469, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x470, &x471, x464, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x472, &x473, x464, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x474, &x475, x464, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x476, &x477, x464, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x478, &x479, x464, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x480, &x481, x464, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x482, &x483, 0x0, x481, x478); + fiat_secp256k1_scalar_addcarryx_u32(&x484, &x485, x483, x479, x476); + fiat_secp256k1_scalar_addcarryx_u32(&x486, &x487, x485, x477, x474); + fiat_secp256k1_scalar_addcarryx_u32(&x488, &x489, x487, x475, x472); + fiat_secp256k1_scalar_addcarryx_u32(&x490, &x491, x489, x473, x470); + fiat_secp256k1_scalar_addcarryx_u32(&x492, &x493, x491, x471, x468); + fiat_secp256k1_scalar_addcarryx_u32(&x494, &x495, x493, x469, x466); + fiat_secp256k1_scalar_addcarryx_u32(&x496, &x497, 0x0, x448, x480); + fiat_secp256k1_scalar_addcarryx_u32(&x498, &x499, x497, x450, x482); + fiat_secp256k1_scalar_addcarryx_u32(&x500, &x501, x499, x452, x484); + fiat_secp256k1_scalar_addcarryx_u32(&x502, &x503, x501, x454, x486); + fiat_secp256k1_scalar_addcarryx_u32(&x504, &x505, x503, x456, x488); + fiat_secp256k1_scalar_addcarryx_u32(&x506, &x507, x505, x458, x490); + fiat_secp256k1_scalar_addcarryx_u32(&x508, &x509, x507, x460, x492); + fiat_secp256k1_scalar_addcarryx_u32(&x510, &x511, x509, x462, x494); + fiat_secp256k1_scalar_addcarryx_u32(&x512, &x513, x511, ((uint32_t)x463 + x447), (x495 + x467)); + fiat_secp256k1_scalar_subborrowx_u32(&x514, &x515, 0x0, x498, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x516, &x517, x515, x500, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x518, &x519, x517, x502, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x520, &x521, x519, x504, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x522, &x523, x521, x506, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x524, &x525, x523, x508, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x526, &x527, x525, x510, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x528, &x529, x527, x512, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x530, &x531, x529, x513, 0x0); + fiat_secp256k1_scalar_cmovznz_u32(&x532, x531, x514, x498); + fiat_secp256k1_scalar_cmovznz_u32(&x533, x531, x516, x500); + fiat_secp256k1_scalar_cmovznz_u32(&x534, x531, x518, x502); + fiat_secp256k1_scalar_cmovznz_u32(&x535, x531, x520, x504); + fiat_secp256k1_scalar_cmovznz_u32(&x536, x531, x522, x506); + fiat_secp256k1_scalar_cmovznz_u32(&x537, x531, x524, x508); + fiat_secp256k1_scalar_cmovznz_u32(&x538, x531, x526, x510); + fiat_secp256k1_scalar_cmovznz_u32(&x539, x531, x528, x512); + out1[0] = x532; + out1[1] = x533; + out1[2] = x534; + out1[3] = x535; + out1[4] = x536; + out1[5] = x537; + out1[6] = x538; + out1[7] = x539; +} + +/* + * The function fiat_secp256k1_scalar_to_montgomery translates a field element into the Montgomery domain. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = eval arg1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_to_montgomery(fiat_secp256k1_scalar_montgomery_domain_field_element out1, const fiat_secp256k1_scalar_non_montgomery_domain_field_element arg1) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint32_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint32_t x24; + uint32_t x25; + fiat_secp256k1_scalar_uint1 x26; + uint32_t x27; + fiat_secp256k1_scalar_uint1 x28; + uint32_t x29; + fiat_secp256k1_scalar_uint1 x30; + uint32_t x31; + fiat_secp256k1_scalar_uint1 x32; + uint32_t x33; + fiat_secp256k1_scalar_uint1 x34; + uint32_t x35; + fiat_secp256k1_scalar_uint1 x36; + uint32_t x37; + fiat_secp256k1_scalar_uint1 x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + uint32_t x57; + fiat_secp256k1_scalar_uint1 x58; + uint32_t x59; + fiat_secp256k1_scalar_uint1 x60; + uint32_t x61; + fiat_secp256k1_scalar_uint1 x62; + uint32_t x63; + fiat_secp256k1_scalar_uint1 x64; + uint32_t x65; + fiat_secp256k1_scalar_uint1 x66; + uint32_t x67; + fiat_secp256k1_scalar_uint1 x68; + uint32_t x69; + fiat_secp256k1_scalar_uint1 x70; + uint32_t x71; + fiat_secp256k1_scalar_uint1 x72; + uint32_t x73; + fiat_secp256k1_scalar_uint1 x74; + uint32_t x75; + fiat_secp256k1_scalar_uint1 x76; + uint32_t x77; + fiat_secp256k1_scalar_uint1 x78; + uint32_t x79; + fiat_secp256k1_scalar_uint1 x80; + uint32_t x81; + fiat_secp256k1_scalar_uint1 x82; + uint32_t x83; + fiat_secp256k1_scalar_uint1 x84; + uint32_t x85; + fiat_secp256k1_scalar_uint1 x86; + uint32_t x87; + fiat_secp256k1_scalar_uint1 x88; + uint32_t x89; + uint32_t x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + uint32_t x94; + uint32_t x95; + uint32_t x96; + uint32_t x97; + uint32_t x98; + uint32_t x99; + uint32_t x100; + uint32_t x101; + uint32_t x102; + uint32_t x103; + uint32_t x104; + uint32_t x105; + fiat_secp256k1_scalar_uint1 x106; + uint32_t x107; + fiat_secp256k1_scalar_uint1 x108; + uint32_t x109; + fiat_secp256k1_scalar_uint1 x110; + uint32_t x111; + fiat_secp256k1_scalar_uint1 x112; + uint32_t x113; + fiat_secp256k1_scalar_uint1 x114; + uint32_t x115; + fiat_secp256k1_scalar_uint1 x116; + uint32_t x117; + fiat_secp256k1_scalar_uint1 x118; + uint32_t x119; + fiat_secp256k1_scalar_uint1 x120; + uint32_t x121; + fiat_secp256k1_scalar_uint1 x122; + uint32_t x123; + fiat_secp256k1_scalar_uint1 x124; + uint32_t x125; + fiat_secp256k1_scalar_uint1 x126; + uint32_t x127; + fiat_secp256k1_scalar_uint1 x128; + uint32_t x129; + fiat_secp256k1_scalar_uint1 x130; + uint32_t x131; + fiat_secp256k1_scalar_uint1 x132; + uint32_t x133; + fiat_secp256k1_scalar_uint1 x134; + uint32_t x135; + uint32_t x136; + uint32_t x137; + uint32_t x138; + uint32_t x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + uint32_t x145; + uint32_t x146; + uint32_t x147; + uint32_t x148; + uint32_t x149; + uint32_t x150; + uint32_t x151; + uint32_t x152; + uint32_t x153; + fiat_secp256k1_scalar_uint1 x154; + uint32_t x155; + fiat_secp256k1_scalar_uint1 x156; + uint32_t x157; + fiat_secp256k1_scalar_uint1 x158; + uint32_t x159; + fiat_secp256k1_scalar_uint1 x160; + uint32_t x161; + fiat_secp256k1_scalar_uint1 x162; + uint32_t x163; + fiat_secp256k1_scalar_uint1 x164; + uint32_t x165; + fiat_secp256k1_scalar_uint1 x166; + uint32_t x167; + fiat_secp256k1_scalar_uint1 x168; + uint32_t x169; + fiat_secp256k1_scalar_uint1 x170; + uint32_t x171; + fiat_secp256k1_scalar_uint1 x172; + uint32_t x173; + fiat_secp256k1_scalar_uint1 x174; + uint32_t x175; + fiat_secp256k1_scalar_uint1 x176; + uint32_t x177; + fiat_secp256k1_scalar_uint1 x178; + uint32_t x179; + fiat_secp256k1_scalar_uint1 x180; + uint32_t x181; + fiat_secp256k1_scalar_uint1 x182; + uint32_t x183; + fiat_secp256k1_scalar_uint1 x184; + uint32_t x185; + uint32_t x186; + uint32_t x187; + uint32_t x188; + uint32_t x189; + uint32_t x190; + uint32_t x191; + uint32_t x192; + uint32_t x193; + uint32_t x194; + uint32_t x195; + uint32_t x196; + uint32_t x197; + uint32_t x198; + uint32_t x199; + uint32_t x200; + uint32_t x201; + fiat_secp256k1_scalar_uint1 x202; + uint32_t x203; + fiat_secp256k1_scalar_uint1 x204; + uint32_t x205; + fiat_secp256k1_scalar_uint1 x206; + uint32_t x207; + fiat_secp256k1_scalar_uint1 x208; + uint32_t x209; + fiat_secp256k1_scalar_uint1 x210; + uint32_t x211; + fiat_secp256k1_scalar_uint1 x212; + uint32_t x213; + fiat_secp256k1_scalar_uint1 x214; + uint32_t x215; + fiat_secp256k1_scalar_uint1 x216; + uint32_t x217; + fiat_secp256k1_scalar_uint1 x218; + uint32_t x219; + fiat_secp256k1_scalar_uint1 x220; + uint32_t x221; + fiat_secp256k1_scalar_uint1 x222; + uint32_t x223; + fiat_secp256k1_scalar_uint1 x224; + uint32_t x225; + fiat_secp256k1_scalar_uint1 x226; + uint32_t x227; + fiat_secp256k1_scalar_uint1 x228; + uint32_t x229; + fiat_secp256k1_scalar_uint1 x230; + uint32_t x231; + uint32_t x232; + uint32_t x233; + uint32_t x234; + uint32_t x235; + uint32_t x236; + uint32_t x237; + uint32_t x238; + uint32_t x239; + uint32_t x240; + uint32_t x241; + uint32_t x242; + uint32_t x243; + uint32_t x244; + uint32_t x245; + uint32_t x246; + uint32_t x247; + uint32_t x248; + uint32_t x249; + fiat_secp256k1_scalar_uint1 x250; + uint32_t x251; + fiat_secp256k1_scalar_uint1 x252; + uint32_t x253; + fiat_secp256k1_scalar_uint1 x254; + uint32_t x255; + fiat_secp256k1_scalar_uint1 x256; + uint32_t x257; + fiat_secp256k1_scalar_uint1 x258; + uint32_t x259; + fiat_secp256k1_scalar_uint1 x260; + uint32_t x261; + fiat_secp256k1_scalar_uint1 x262; + uint32_t x263; + fiat_secp256k1_scalar_uint1 x264; + uint32_t x265; + fiat_secp256k1_scalar_uint1 x266; + uint32_t x267; + fiat_secp256k1_scalar_uint1 x268; + uint32_t x269; + fiat_secp256k1_scalar_uint1 x270; + uint32_t x271; + fiat_secp256k1_scalar_uint1 x272; + uint32_t x273; + fiat_secp256k1_scalar_uint1 x274; + uint32_t x275; + fiat_secp256k1_scalar_uint1 x276; + uint32_t x277; + fiat_secp256k1_scalar_uint1 x278; + uint32_t x279; + fiat_secp256k1_scalar_uint1 x280; + uint32_t x281; + uint32_t x282; + uint32_t x283; + uint32_t x284; + uint32_t x285; + uint32_t x286; + uint32_t x287; + uint32_t x288; + uint32_t x289; + uint32_t x290; + uint32_t x291; + uint32_t x292; + uint32_t x293; + uint32_t x294; + uint32_t x295; + uint32_t x296; + uint32_t x297; + fiat_secp256k1_scalar_uint1 x298; + uint32_t x299; + fiat_secp256k1_scalar_uint1 x300; + uint32_t x301; + fiat_secp256k1_scalar_uint1 x302; + uint32_t x303; + fiat_secp256k1_scalar_uint1 x304; + uint32_t x305; + fiat_secp256k1_scalar_uint1 x306; + uint32_t x307; + fiat_secp256k1_scalar_uint1 x308; + uint32_t x309; + fiat_secp256k1_scalar_uint1 x310; + uint32_t x311; + fiat_secp256k1_scalar_uint1 x312; + uint32_t x313; + fiat_secp256k1_scalar_uint1 x314; + uint32_t x315; + fiat_secp256k1_scalar_uint1 x316; + uint32_t x317; + fiat_secp256k1_scalar_uint1 x318; + uint32_t x319; + fiat_secp256k1_scalar_uint1 x320; + uint32_t x321; + fiat_secp256k1_scalar_uint1 x322; + uint32_t x323; + fiat_secp256k1_scalar_uint1 x324; + uint32_t x325; + fiat_secp256k1_scalar_uint1 x326; + uint32_t x327; + uint32_t x328; + uint32_t x329; + uint32_t x330; + uint32_t x331; + uint32_t x332; + uint32_t x333; + uint32_t x334; + uint32_t x335; + uint32_t x336; + uint32_t x337; + uint32_t x338; + uint32_t x339; + uint32_t x340; + uint32_t x341; + uint32_t x342; + uint32_t x343; + uint32_t x344; + uint32_t x345; + fiat_secp256k1_scalar_uint1 x346; + uint32_t x347; + fiat_secp256k1_scalar_uint1 x348; + uint32_t x349; + fiat_secp256k1_scalar_uint1 x350; + uint32_t x351; + fiat_secp256k1_scalar_uint1 x352; + uint32_t x353; + fiat_secp256k1_scalar_uint1 x354; + uint32_t x355; + fiat_secp256k1_scalar_uint1 x356; + uint32_t x357; + fiat_secp256k1_scalar_uint1 x358; + uint32_t x359; + fiat_secp256k1_scalar_uint1 x360; + uint32_t x361; + fiat_secp256k1_scalar_uint1 x362; + uint32_t x363; + fiat_secp256k1_scalar_uint1 x364; + uint32_t x365; + fiat_secp256k1_scalar_uint1 x366; + uint32_t x367; + fiat_secp256k1_scalar_uint1 x368; + uint32_t x369; + fiat_secp256k1_scalar_uint1 x370; + uint32_t x371; + fiat_secp256k1_scalar_uint1 x372; + uint32_t x373; + fiat_secp256k1_scalar_uint1 x374; + uint32_t x375; + fiat_secp256k1_scalar_uint1 x376; + uint32_t x377; + uint32_t x378; + uint32_t x379; + uint32_t x380; + uint32_t x381; + uint32_t x382; + uint32_t x383; + uint32_t x384; + uint32_t x385; + uint32_t x386; + uint32_t x387; + uint32_t x388; + uint32_t x389; + uint32_t x390; + uint32_t x391; + uint32_t x392; + uint32_t x393; + fiat_secp256k1_scalar_uint1 x394; + uint32_t x395; + fiat_secp256k1_scalar_uint1 x396; + uint32_t x397; + fiat_secp256k1_scalar_uint1 x398; + uint32_t x399; + fiat_secp256k1_scalar_uint1 x400; + uint32_t x401; + fiat_secp256k1_scalar_uint1 x402; + uint32_t x403; + fiat_secp256k1_scalar_uint1 x404; + uint32_t x405; + fiat_secp256k1_scalar_uint1 x406; + uint32_t x407; + fiat_secp256k1_scalar_uint1 x408; + uint32_t x409; + fiat_secp256k1_scalar_uint1 x410; + uint32_t x411; + fiat_secp256k1_scalar_uint1 x412; + uint32_t x413; + fiat_secp256k1_scalar_uint1 x414; + uint32_t x415; + fiat_secp256k1_scalar_uint1 x416; + uint32_t x417; + fiat_secp256k1_scalar_uint1 x418; + uint32_t x419; + fiat_secp256k1_scalar_uint1 x420; + uint32_t x421; + fiat_secp256k1_scalar_uint1 x422; + uint32_t x423; + uint32_t x424; + uint32_t x425; + uint32_t x426; + uint32_t x427; + uint32_t x428; + uint32_t x429; + uint32_t x430; + uint32_t x431; + uint32_t x432; + uint32_t x433; + uint32_t x434; + uint32_t x435; + uint32_t x436; + uint32_t x437; + uint32_t x438; + uint32_t x439; + uint32_t x440; + uint32_t x441; + fiat_secp256k1_scalar_uint1 x442; + uint32_t x443; + fiat_secp256k1_scalar_uint1 x444; + uint32_t x445; + fiat_secp256k1_scalar_uint1 x446; + uint32_t x447; + fiat_secp256k1_scalar_uint1 x448; + uint32_t x449; + fiat_secp256k1_scalar_uint1 x450; + uint32_t x451; + fiat_secp256k1_scalar_uint1 x452; + uint32_t x453; + fiat_secp256k1_scalar_uint1 x454; + uint32_t x455; + fiat_secp256k1_scalar_uint1 x456; + uint32_t x457; + fiat_secp256k1_scalar_uint1 x458; + uint32_t x459; + fiat_secp256k1_scalar_uint1 x460; + uint32_t x461; + fiat_secp256k1_scalar_uint1 x462; + uint32_t x463; + fiat_secp256k1_scalar_uint1 x464; + uint32_t x465; + fiat_secp256k1_scalar_uint1 x466; + uint32_t x467; + fiat_secp256k1_scalar_uint1 x468; + uint32_t x469; + fiat_secp256k1_scalar_uint1 x470; + uint32_t x471; + fiat_secp256k1_scalar_uint1 x472; + uint32_t x473; + uint32_t x474; + uint32_t x475; + uint32_t x476; + uint32_t x477; + uint32_t x478; + uint32_t x479; + uint32_t x480; + uint32_t x481; + uint32_t x482; + uint32_t x483; + uint32_t x484; + uint32_t x485; + uint32_t x486; + uint32_t x487; + uint32_t x488; + uint32_t x489; + fiat_secp256k1_scalar_uint1 x490; + uint32_t x491; + fiat_secp256k1_scalar_uint1 x492; + uint32_t x493; + fiat_secp256k1_scalar_uint1 x494; + uint32_t x495; + fiat_secp256k1_scalar_uint1 x496; + uint32_t x497; + fiat_secp256k1_scalar_uint1 x498; + uint32_t x499; + fiat_secp256k1_scalar_uint1 x500; + uint32_t x501; + fiat_secp256k1_scalar_uint1 x502; + uint32_t x503; + fiat_secp256k1_scalar_uint1 x504; + uint32_t x505; + fiat_secp256k1_scalar_uint1 x506; + uint32_t x507; + fiat_secp256k1_scalar_uint1 x508; + uint32_t x509; + fiat_secp256k1_scalar_uint1 x510; + uint32_t x511; + fiat_secp256k1_scalar_uint1 x512; + uint32_t x513; + fiat_secp256k1_scalar_uint1 x514; + uint32_t x515; + fiat_secp256k1_scalar_uint1 x516; + uint32_t x517; + fiat_secp256k1_scalar_uint1 x518; + uint32_t x519; + uint32_t x520; + uint32_t x521; + uint32_t x522; + uint32_t x523; + uint32_t x524; + uint32_t x525; + uint32_t x526; + uint32_t x527; + uint32_t x528; + uint32_t x529; + uint32_t x530; + uint32_t x531; + uint32_t x532; + uint32_t x533; + uint32_t x534; + uint32_t x535; + uint32_t x536; + uint32_t x537; + fiat_secp256k1_scalar_uint1 x538; + uint32_t x539; + fiat_secp256k1_scalar_uint1 x540; + uint32_t x541; + fiat_secp256k1_scalar_uint1 x542; + uint32_t x543; + fiat_secp256k1_scalar_uint1 x544; + uint32_t x545; + fiat_secp256k1_scalar_uint1 x546; + uint32_t x547; + fiat_secp256k1_scalar_uint1 x548; + uint32_t x549; + fiat_secp256k1_scalar_uint1 x550; + uint32_t x551; + fiat_secp256k1_scalar_uint1 x552; + uint32_t x553; + fiat_secp256k1_scalar_uint1 x554; + uint32_t x555; + fiat_secp256k1_scalar_uint1 x556; + uint32_t x557; + fiat_secp256k1_scalar_uint1 x558; + uint32_t x559; + fiat_secp256k1_scalar_uint1 x560; + uint32_t x561; + fiat_secp256k1_scalar_uint1 x562; + uint32_t x563; + fiat_secp256k1_scalar_uint1 x564; + uint32_t x565; + fiat_secp256k1_scalar_uint1 x566; + uint32_t x567; + fiat_secp256k1_scalar_uint1 x568; + uint32_t x569; + uint32_t x570; + uint32_t x571; + uint32_t x572; + uint32_t x573; + uint32_t x574; + uint32_t x575; + uint32_t x576; + uint32_t x577; + uint32_t x578; + uint32_t x579; + uint32_t x580; + uint32_t x581; + uint32_t x582; + uint32_t x583; + uint32_t x584; + uint32_t x585; + fiat_secp256k1_scalar_uint1 x586; + uint32_t x587; + fiat_secp256k1_scalar_uint1 x588; + uint32_t x589; + fiat_secp256k1_scalar_uint1 x590; + uint32_t x591; + fiat_secp256k1_scalar_uint1 x592; + uint32_t x593; + fiat_secp256k1_scalar_uint1 x594; + uint32_t x595; + fiat_secp256k1_scalar_uint1 x596; + uint32_t x597; + fiat_secp256k1_scalar_uint1 x598; + uint32_t x599; + fiat_secp256k1_scalar_uint1 x600; + uint32_t x601; + fiat_secp256k1_scalar_uint1 x602; + uint32_t x603; + fiat_secp256k1_scalar_uint1 x604; + uint32_t x605; + fiat_secp256k1_scalar_uint1 x606; + uint32_t x607; + fiat_secp256k1_scalar_uint1 x608; + uint32_t x609; + fiat_secp256k1_scalar_uint1 x610; + uint32_t x611; + fiat_secp256k1_scalar_uint1 x612; + uint32_t x613; + fiat_secp256k1_scalar_uint1 x614; + uint32_t x615; + uint32_t x616; + uint32_t x617; + uint32_t x618; + uint32_t x619; + uint32_t x620; + uint32_t x621; + uint32_t x622; + uint32_t x623; + uint32_t x624; + uint32_t x625; + uint32_t x626; + uint32_t x627; + uint32_t x628; + uint32_t x629; + uint32_t x630; + uint32_t x631; + uint32_t x632; + uint32_t x633; + fiat_secp256k1_scalar_uint1 x634; + uint32_t x635; + fiat_secp256k1_scalar_uint1 x636; + uint32_t x637; + fiat_secp256k1_scalar_uint1 x638; + uint32_t x639; + fiat_secp256k1_scalar_uint1 x640; + uint32_t x641; + fiat_secp256k1_scalar_uint1 x642; + uint32_t x643; + fiat_secp256k1_scalar_uint1 x644; + uint32_t x645; + fiat_secp256k1_scalar_uint1 x646; + uint32_t x647; + fiat_secp256k1_scalar_uint1 x648; + uint32_t x649; + fiat_secp256k1_scalar_uint1 x650; + uint32_t x651; + fiat_secp256k1_scalar_uint1 x652; + uint32_t x653; + fiat_secp256k1_scalar_uint1 x654; + uint32_t x655; + fiat_secp256k1_scalar_uint1 x656; + uint32_t x657; + fiat_secp256k1_scalar_uint1 x658; + uint32_t x659; + fiat_secp256k1_scalar_uint1 x660; + uint32_t x661; + fiat_secp256k1_scalar_uint1 x662; + uint32_t x663; + fiat_secp256k1_scalar_uint1 x664; + uint32_t x665; + uint32_t x666; + uint32_t x667; + uint32_t x668; + uint32_t x669; + uint32_t x670; + uint32_t x671; + uint32_t x672; + uint32_t x673; + uint32_t x674; + uint32_t x675; + uint32_t x676; + uint32_t x677; + uint32_t x678; + uint32_t x679; + uint32_t x680; + uint32_t x681; + fiat_secp256k1_scalar_uint1 x682; + uint32_t x683; + fiat_secp256k1_scalar_uint1 x684; + uint32_t x685; + fiat_secp256k1_scalar_uint1 x686; + uint32_t x687; + fiat_secp256k1_scalar_uint1 x688; + uint32_t x689; + fiat_secp256k1_scalar_uint1 x690; + uint32_t x691; + fiat_secp256k1_scalar_uint1 x692; + uint32_t x693; + fiat_secp256k1_scalar_uint1 x694; + uint32_t x695; + fiat_secp256k1_scalar_uint1 x696; + uint32_t x697; + fiat_secp256k1_scalar_uint1 x698; + uint32_t x699; + fiat_secp256k1_scalar_uint1 x700; + uint32_t x701; + fiat_secp256k1_scalar_uint1 x702; + uint32_t x703; + fiat_secp256k1_scalar_uint1 x704; + uint32_t x705; + fiat_secp256k1_scalar_uint1 x706; + uint32_t x707; + fiat_secp256k1_scalar_uint1 x708; + uint32_t x709; + fiat_secp256k1_scalar_uint1 x710; + uint32_t x711; + uint32_t x712; + uint32_t x713; + uint32_t x714; + uint32_t x715; + uint32_t x716; + uint32_t x717; + uint32_t x718; + uint32_t x719; + uint32_t x720; + uint32_t x721; + uint32_t x722; + uint32_t x723; + uint32_t x724; + uint32_t x725; + uint32_t x726; + uint32_t x727; + uint32_t x728; + uint32_t x729; + fiat_secp256k1_scalar_uint1 x730; + uint32_t x731; + fiat_secp256k1_scalar_uint1 x732; + uint32_t x733; + fiat_secp256k1_scalar_uint1 x734; + uint32_t x735; + fiat_secp256k1_scalar_uint1 x736; + uint32_t x737; + fiat_secp256k1_scalar_uint1 x738; + uint32_t x739; + fiat_secp256k1_scalar_uint1 x740; + uint32_t x741; + fiat_secp256k1_scalar_uint1 x742; + uint32_t x743; + fiat_secp256k1_scalar_uint1 x744; + uint32_t x745; + fiat_secp256k1_scalar_uint1 x746; + uint32_t x747; + fiat_secp256k1_scalar_uint1 x748; + uint32_t x749; + fiat_secp256k1_scalar_uint1 x750; + uint32_t x751; + fiat_secp256k1_scalar_uint1 x752; + uint32_t x753; + fiat_secp256k1_scalar_uint1 x754; + uint32_t x755; + fiat_secp256k1_scalar_uint1 x756; + uint32_t x757; + fiat_secp256k1_scalar_uint1 x758; + uint32_t x759; + fiat_secp256k1_scalar_uint1 x760; + uint32_t x761; + fiat_secp256k1_scalar_uint1 x762; + uint32_t x763; + fiat_secp256k1_scalar_uint1 x764; + uint32_t x765; + fiat_secp256k1_scalar_uint1 x766; + uint32_t x767; + fiat_secp256k1_scalar_uint1 x768; + uint32_t x769; + fiat_secp256k1_scalar_uint1 x770; + uint32_t x771; + fiat_secp256k1_scalar_uint1 x772; + uint32_t x773; + fiat_secp256k1_scalar_uint1 x774; + uint32_t x775; + fiat_secp256k1_scalar_uint1 x776; + uint32_t x777; + fiat_secp256k1_scalar_uint1 x778; + uint32_t x779; + uint32_t x780; + uint32_t x781; + uint32_t x782; + uint32_t x783; + uint32_t x784; + uint32_t x785; + uint32_t x786; + x1 = (arg1[1]); + x2 = (arg1[2]); + x3 = (arg1[3]); + x4 = (arg1[4]); + x5 = (arg1[5]); + x6 = (arg1[6]); + x7 = (arg1[7]); + x8 = (arg1[0]); + fiat_secp256k1_scalar_mulx_u32(&x9, &x10, x8, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x11, &x12, x8, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x13, &x14, x8, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x15, &x16, x8, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x17, &x18, x8, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x19, &x20, x8, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x21, &x22, x8, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x23, &x24, x8, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + fiat_secp256k1_scalar_addcarryx_u32(&x27, &x28, x26, x22, x19); + fiat_secp256k1_scalar_addcarryx_u32(&x29, &x30, x28, x20, x17); + fiat_secp256k1_scalar_addcarryx_u32(&x31, &x32, x30, x18, x15); + fiat_secp256k1_scalar_addcarryx_u32(&x33, &x34, x32, x16, x13); + fiat_secp256k1_scalar_addcarryx_u32(&x35, &x36, x34, x14, x11); + fiat_secp256k1_scalar_addcarryx_u32(&x37, &x38, x36, x12, x9); + fiat_secp256k1_scalar_mulx_u32(&x39, &x40, x23, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x41, &x42, x39, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x43, &x44, x39, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x45, &x46, x39, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x47, &x48, x39, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x49, &x50, x39, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x51, &x52, x39, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x53, &x54, x39, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x55, &x56, x39, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x57, &x58, 0x0, x56, x53); + fiat_secp256k1_scalar_addcarryx_u32(&x59, &x60, x58, x54, x51); + fiat_secp256k1_scalar_addcarryx_u32(&x61, &x62, x60, x52, x49); + fiat_secp256k1_scalar_addcarryx_u32(&x63, &x64, x62, x50, x47); + fiat_secp256k1_scalar_addcarryx_u32(&x65, &x66, x64, x48, x45); + fiat_secp256k1_scalar_addcarryx_u32(&x67, &x68, x66, x46, x43); + fiat_secp256k1_scalar_addcarryx_u32(&x69, &x70, x68, x44, x41); + fiat_secp256k1_scalar_addcarryx_u32(&x71, &x72, 0x0, x23, x55); + fiat_secp256k1_scalar_addcarryx_u32(&x73, &x74, x72, x25, x57); + fiat_secp256k1_scalar_addcarryx_u32(&x75, &x76, x74, x27, x59); + fiat_secp256k1_scalar_addcarryx_u32(&x77, &x78, x76, x29, x61); + fiat_secp256k1_scalar_addcarryx_u32(&x79, &x80, x78, x31, x63); + fiat_secp256k1_scalar_addcarryx_u32(&x81, &x82, x80, x33, x65); + fiat_secp256k1_scalar_addcarryx_u32(&x83, &x84, x82, x35, x67); + fiat_secp256k1_scalar_addcarryx_u32(&x85, &x86, x84, x37, x69); + fiat_secp256k1_scalar_addcarryx_u32(&x87, &x88, x86, (x38 + x10), (x70 + x42)); + fiat_secp256k1_scalar_mulx_u32(&x89, &x90, x1, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x91, &x92, x1, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x93, &x94, x1, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x95, &x96, x1, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x97, &x98, x1, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x99, &x100, x1, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x101, &x102, x1, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x103, &x104, x1, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x105, &x106, 0x0, x104, x101); + fiat_secp256k1_scalar_addcarryx_u32(&x107, &x108, x106, x102, x99); + fiat_secp256k1_scalar_addcarryx_u32(&x109, &x110, x108, x100, x97); + fiat_secp256k1_scalar_addcarryx_u32(&x111, &x112, x110, x98, x95); + fiat_secp256k1_scalar_addcarryx_u32(&x113, &x114, x112, x96, x93); + fiat_secp256k1_scalar_addcarryx_u32(&x115, &x116, x114, x94, x91); + fiat_secp256k1_scalar_addcarryx_u32(&x117, &x118, x116, x92, x89); + fiat_secp256k1_scalar_addcarryx_u32(&x119, &x120, 0x0, x73, x103); + fiat_secp256k1_scalar_addcarryx_u32(&x121, &x122, x120, x75, x105); + fiat_secp256k1_scalar_addcarryx_u32(&x123, &x124, x122, x77, x107); + fiat_secp256k1_scalar_addcarryx_u32(&x125, &x126, x124, x79, x109); + fiat_secp256k1_scalar_addcarryx_u32(&x127, &x128, x126, x81, x111); + fiat_secp256k1_scalar_addcarryx_u32(&x129, &x130, x128, x83, x113); + fiat_secp256k1_scalar_addcarryx_u32(&x131, &x132, x130, x85, x115); + fiat_secp256k1_scalar_addcarryx_u32(&x133, &x134, x132, x87, x117); + fiat_secp256k1_scalar_mulx_u32(&x135, &x136, x119, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x137, &x138, x135, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x139, &x140, x135, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x141, &x142, x135, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x143, &x144, x135, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x145, &x146, x135, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x147, &x148, x135, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x149, &x150, x135, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x151, &x152, x135, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x153, &x154, 0x0, x152, x149); + fiat_secp256k1_scalar_addcarryx_u32(&x155, &x156, x154, x150, x147); + fiat_secp256k1_scalar_addcarryx_u32(&x157, &x158, x156, x148, x145); + fiat_secp256k1_scalar_addcarryx_u32(&x159, &x160, x158, x146, x143); + fiat_secp256k1_scalar_addcarryx_u32(&x161, &x162, x160, x144, x141); + fiat_secp256k1_scalar_addcarryx_u32(&x163, &x164, x162, x142, x139); + fiat_secp256k1_scalar_addcarryx_u32(&x165, &x166, x164, x140, x137); + fiat_secp256k1_scalar_addcarryx_u32(&x167, &x168, 0x0, x119, x151); + fiat_secp256k1_scalar_addcarryx_u32(&x169, &x170, x168, x121, x153); + fiat_secp256k1_scalar_addcarryx_u32(&x171, &x172, x170, x123, x155); + fiat_secp256k1_scalar_addcarryx_u32(&x173, &x174, x172, x125, x157); + fiat_secp256k1_scalar_addcarryx_u32(&x175, &x176, x174, x127, x159); + fiat_secp256k1_scalar_addcarryx_u32(&x177, &x178, x176, x129, x161); + fiat_secp256k1_scalar_addcarryx_u32(&x179, &x180, x178, x131, x163); + fiat_secp256k1_scalar_addcarryx_u32(&x181, &x182, x180, x133, x165); + fiat_secp256k1_scalar_addcarryx_u32(&x183, &x184, x182, (((uint32_t)x134 + x88) + (x118 + x90)), (x166 + x138)); + fiat_secp256k1_scalar_mulx_u32(&x185, &x186, x2, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x187, &x188, x2, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x189, &x190, x2, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x191, &x192, x2, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x193, &x194, x2, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x195, &x196, x2, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x197, &x198, x2, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x199, &x200, x2, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x201, &x202, 0x0, x200, x197); + fiat_secp256k1_scalar_addcarryx_u32(&x203, &x204, x202, x198, x195); + fiat_secp256k1_scalar_addcarryx_u32(&x205, &x206, x204, x196, x193); + fiat_secp256k1_scalar_addcarryx_u32(&x207, &x208, x206, x194, x191); + fiat_secp256k1_scalar_addcarryx_u32(&x209, &x210, x208, x192, x189); + fiat_secp256k1_scalar_addcarryx_u32(&x211, &x212, x210, x190, x187); + fiat_secp256k1_scalar_addcarryx_u32(&x213, &x214, x212, x188, x185); + fiat_secp256k1_scalar_addcarryx_u32(&x215, &x216, 0x0, x169, x199); + fiat_secp256k1_scalar_addcarryx_u32(&x217, &x218, x216, x171, x201); + fiat_secp256k1_scalar_addcarryx_u32(&x219, &x220, x218, x173, x203); + fiat_secp256k1_scalar_addcarryx_u32(&x221, &x222, x220, x175, x205); + fiat_secp256k1_scalar_addcarryx_u32(&x223, &x224, x222, x177, x207); + fiat_secp256k1_scalar_addcarryx_u32(&x225, &x226, x224, x179, x209); + fiat_secp256k1_scalar_addcarryx_u32(&x227, &x228, x226, x181, x211); + fiat_secp256k1_scalar_addcarryx_u32(&x229, &x230, x228, x183, x213); + fiat_secp256k1_scalar_mulx_u32(&x231, &x232, x215, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x233, &x234, x231, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x235, &x236, x231, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x237, &x238, x231, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x239, &x240, x231, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x241, &x242, x231, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x243, &x244, x231, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x245, &x246, x231, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x247, &x248, x231, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x249, &x250, 0x0, x248, x245); + fiat_secp256k1_scalar_addcarryx_u32(&x251, &x252, x250, x246, x243); + fiat_secp256k1_scalar_addcarryx_u32(&x253, &x254, x252, x244, x241); + fiat_secp256k1_scalar_addcarryx_u32(&x255, &x256, x254, x242, x239); + fiat_secp256k1_scalar_addcarryx_u32(&x257, &x258, x256, x240, x237); + fiat_secp256k1_scalar_addcarryx_u32(&x259, &x260, x258, x238, x235); + fiat_secp256k1_scalar_addcarryx_u32(&x261, &x262, x260, x236, x233); + fiat_secp256k1_scalar_addcarryx_u32(&x263, &x264, 0x0, x215, x247); + fiat_secp256k1_scalar_addcarryx_u32(&x265, &x266, x264, x217, x249); + fiat_secp256k1_scalar_addcarryx_u32(&x267, &x268, x266, x219, x251); + fiat_secp256k1_scalar_addcarryx_u32(&x269, &x270, x268, x221, x253); + fiat_secp256k1_scalar_addcarryx_u32(&x271, &x272, x270, x223, x255); + fiat_secp256k1_scalar_addcarryx_u32(&x273, &x274, x272, x225, x257); + fiat_secp256k1_scalar_addcarryx_u32(&x275, &x276, x274, x227, x259); + fiat_secp256k1_scalar_addcarryx_u32(&x277, &x278, x276, x229, x261); + fiat_secp256k1_scalar_addcarryx_u32(&x279, &x280, x278, (((uint32_t)x230 + x184) + (x214 + x186)), (x262 + x234)); + fiat_secp256k1_scalar_mulx_u32(&x281, &x282, x3, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x283, &x284, x3, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x285, &x286, x3, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x287, &x288, x3, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x289, &x290, x3, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x291, &x292, x3, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x293, &x294, x3, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x295, &x296, x3, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x297, &x298, 0x0, x296, x293); + fiat_secp256k1_scalar_addcarryx_u32(&x299, &x300, x298, x294, x291); + fiat_secp256k1_scalar_addcarryx_u32(&x301, &x302, x300, x292, x289); + fiat_secp256k1_scalar_addcarryx_u32(&x303, &x304, x302, x290, x287); + fiat_secp256k1_scalar_addcarryx_u32(&x305, &x306, x304, x288, x285); + fiat_secp256k1_scalar_addcarryx_u32(&x307, &x308, x306, x286, x283); + fiat_secp256k1_scalar_addcarryx_u32(&x309, &x310, x308, x284, x281); + fiat_secp256k1_scalar_addcarryx_u32(&x311, &x312, 0x0, x265, x295); + fiat_secp256k1_scalar_addcarryx_u32(&x313, &x314, x312, x267, x297); + fiat_secp256k1_scalar_addcarryx_u32(&x315, &x316, x314, x269, x299); + fiat_secp256k1_scalar_addcarryx_u32(&x317, &x318, x316, x271, x301); + fiat_secp256k1_scalar_addcarryx_u32(&x319, &x320, x318, x273, x303); + fiat_secp256k1_scalar_addcarryx_u32(&x321, &x322, x320, x275, x305); + fiat_secp256k1_scalar_addcarryx_u32(&x323, &x324, x322, x277, x307); + fiat_secp256k1_scalar_addcarryx_u32(&x325, &x326, x324, x279, x309); + fiat_secp256k1_scalar_mulx_u32(&x327, &x328, x311, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x329, &x330, x327, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x331, &x332, x327, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x333, &x334, x327, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x335, &x336, x327, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x337, &x338, x327, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x339, &x340, x327, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x341, &x342, x327, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x343, &x344, x327, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x345, &x346, 0x0, x344, x341); + fiat_secp256k1_scalar_addcarryx_u32(&x347, &x348, x346, x342, x339); + fiat_secp256k1_scalar_addcarryx_u32(&x349, &x350, x348, x340, x337); + fiat_secp256k1_scalar_addcarryx_u32(&x351, &x352, x350, x338, x335); + fiat_secp256k1_scalar_addcarryx_u32(&x353, &x354, x352, x336, x333); + fiat_secp256k1_scalar_addcarryx_u32(&x355, &x356, x354, x334, x331); + fiat_secp256k1_scalar_addcarryx_u32(&x357, &x358, x356, x332, x329); + fiat_secp256k1_scalar_addcarryx_u32(&x359, &x360, 0x0, x311, x343); + fiat_secp256k1_scalar_addcarryx_u32(&x361, &x362, x360, x313, x345); + fiat_secp256k1_scalar_addcarryx_u32(&x363, &x364, x362, x315, x347); + fiat_secp256k1_scalar_addcarryx_u32(&x365, &x366, x364, x317, x349); + fiat_secp256k1_scalar_addcarryx_u32(&x367, &x368, x366, x319, x351); + fiat_secp256k1_scalar_addcarryx_u32(&x369, &x370, x368, x321, x353); + fiat_secp256k1_scalar_addcarryx_u32(&x371, &x372, x370, x323, x355); + fiat_secp256k1_scalar_addcarryx_u32(&x373, &x374, x372, x325, x357); + fiat_secp256k1_scalar_addcarryx_u32(&x375, &x376, x374, (((uint32_t)x326 + x280) + (x310 + x282)), (x358 + x330)); + fiat_secp256k1_scalar_mulx_u32(&x377, &x378, x4, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x379, &x380, x4, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x381, &x382, x4, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x383, &x384, x4, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x385, &x386, x4, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x387, &x388, x4, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x389, &x390, x4, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x391, &x392, x4, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x393, &x394, 0x0, x392, x389); + fiat_secp256k1_scalar_addcarryx_u32(&x395, &x396, x394, x390, x387); + fiat_secp256k1_scalar_addcarryx_u32(&x397, &x398, x396, x388, x385); + fiat_secp256k1_scalar_addcarryx_u32(&x399, &x400, x398, x386, x383); + fiat_secp256k1_scalar_addcarryx_u32(&x401, &x402, x400, x384, x381); + fiat_secp256k1_scalar_addcarryx_u32(&x403, &x404, x402, x382, x379); + fiat_secp256k1_scalar_addcarryx_u32(&x405, &x406, x404, x380, x377); + fiat_secp256k1_scalar_addcarryx_u32(&x407, &x408, 0x0, x361, x391); + fiat_secp256k1_scalar_addcarryx_u32(&x409, &x410, x408, x363, x393); + fiat_secp256k1_scalar_addcarryx_u32(&x411, &x412, x410, x365, x395); + fiat_secp256k1_scalar_addcarryx_u32(&x413, &x414, x412, x367, x397); + fiat_secp256k1_scalar_addcarryx_u32(&x415, &x416, x414, x369, x399); + fiat_secp256k1_scalar_addcarryx_u32(&x417, &x418, x416, x371, x401); + fiat_secp256k1_scalar_addcarryx_u32(&x419, &x420, x418, x373, x403); + fiat_secp256k1_scalar_addcarryx_u32(&x421, &x422, x420, x375, x405); + fiat_secp256k1_scalar_mulx_u32(&x423, &x424, x407, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x425, &x426, x423, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x427, &x428, x423, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x429, &x430, x423, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x431, &x432, x423, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x433, &x434, x423, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x435, &x436, x423, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x437, &x438, x423, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x439, &x440, x423, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x441, &x442, 0x0, x440, x437); + fiat_secp256k1_scalar_addcarryx_u32(&x443, &x444, x442, x438, x435); + fiat_secp256k1_scalar_addcarryx_u32(&x445, &x446, x444, x436, x433); + fiat_secp256k1_scalar_addcarryx_u32(&x447, &x448, x446, x434, x431); + fiat_secp256k1_scalar_addcarryx_u32(&x449, &x450, x448, x432, x429); + fiat_secp256k1_scalar_addcarryx_u32(&x451, &x452, x450, x430, x427); + fiat_secp256k1_scalar_addcarryx_u32(&x453, &x454, x452, x428, x425); + fiat_secp256k1_scalar_addcarryx_u32(&x455, &x456, 0x0, x407, x439); + fiat_secp256k1_scalar_addcarryx_u32(&x457, &x458, x456, x409, x441); + fiat_secp256k1_scalar_addcarryx_u32(&x459, &x460, x458, x411, x443); + fiat_secp256k1_scalar_addcarryx_u32(&x461, &x462, x460, x413, x445); + fiat_secp256k1_scalar_addcarryx_u32(&x463, &x464, x462, x415, x447); + fiat_secp256k1_scalar_addcarryx_u32(&x465, &x466, x464, x417, x449); + fiat_secp256k1_scalar_addcarryx_u32(&x467, &x468, x466, x419, x451); + fiat_secp256k1_scalar_addcarryx_u32(&x469, &x470, x468, x421, x453); + fiat_secp256k1_scalar_addcarryx_u32(&x471, &x472, x470, (((uint32_t)x422 + x376) + (x406 + x378)), (x454 + x426)); + fiat_secp256k1_scalar_mulx_u32(&x473, &x474, x5, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x475, &x476, x5, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x477, &x478, x5, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x479, &x480, x5, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x481, &x482, x5, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x483, &x484, x5, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x485, &x486, x5, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x487, &x488, x5, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x489, &x490, 0x0, x488, x485); + fiat_secp256k1_scalar_addcarryx_u32(&x491, &x492, x490, x486, x483); + fiat_secp256k1_scalar_addcarryx_u32(&x493, &x494, x492, x484, x481); + fiat_secp256k1_scalar_addcarryx_u32(&x495, &x496, x494, x482, x479); + fiat_secp256k1_scalar_addcarryx_u32(&x497, &x498, x496, x480, x477); + fiat_secp256k1_scalar_addcarryx_u32(&x499, &x500, x498, x478, x475); + fiat_secp256k1_scalar_addcarryx_u32(&x501, &x502, x500, x476, x473); + fiat_secp256k1_scalar_addcarryx_u32(&x503, &x504, 0x0, x457, x487); + fiat_secp256k1_scalar_addcarryx_u32(&x505, &x506, x504, x459, x489); + fiat_secp256k1_scalar_addcarryx_u32(&x507, &x508, x506, x461, x491); + fiat_secp256k1_scalar_addcarryx_u32(&x509, &x510, x508, x463, x493); + fiat_secp256k1_scalar_addcarryx_u32(&x511, &x512, x510, x465, x495); + fiat_secp256k1_scalar_addcarryx_u32(&x513, &x514, x512, x467, x497); + fiat_secp256k1_scalar_addcarryx_u32(&x515, &x516, x514, x469, x499); + fiat_secp256k1_scalar_addcarryx_u32(&x517, &x518, x516, x471, x501); + fiat_secp256k1_scalar_mulx_u32(&x519, &x520, x503, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x521, &x522, x519, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x523, &x524, x519, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x525, &x526, x519, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x527, &x528, x519, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x529, &x530, x519, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x531, &x532, x519, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x533, &x534, x519, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x535, &x536, x519, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x537, &x538, 0x0, x536, x533); + fiat_secp256k1_scalar_addcarryx_u32(&x539, &x540, x538, x534, x531); + fiat_secp256k1_scalar_addcarryx_u32(&x541, &x542, x540, x532, x529); + fiat_secp256k1_scalar_addcarryx_u32(&x543, &x544, x542, x530, x527); + fiat_secp256k1_scalar_addcarryx_u32(&x545, &x546, x544, x528, x525); + fiat_secp256k1_scalar_addcarryx_u32(&x547, &x548, x546, x526, x523); + fiat_secp256k1_scalar_addcarryx_u32(&x549, &x550, x548, x524, x521); + fiat_secp256k1_scalar_addcarryx_u32(&x551, &x552, 0x0, x503, x535); + fiat_secp256k1_scalar_addcarryx_u32(&x553, &x554, x552, x505, x537); + fiat_secp256k1_scalar_addcarryx_u32(&x555, &x556, x554, x507, x539); + fiat_secp256k1_scalar_addcarryx_u32(&x557, &x558, x556, x509, x541); + fiat_secp256k1_scalar_addcarryx_u32(&x559, &x560, x558, x511, x543); + fiat_secp256k1_scalar_addcarryx_u32(&x561, &x562, x560, x513, x545); + fiat_secp256k1_scalar_addcarryx_u32(&x563, &x564, x562, x515, x547); + fiat_secp256k1_scalar_addcarryx_u32(&x565, &x566, x564, x517, x549); + fiat_secp256k1_scalar_addcarryx_u32(&x567, &x568, x566, (((uint32_t)x518 + x472) + (x502 + x474)), (x550 + x522)); + fiat_secp256k1_scalar_mulx_u32(&x569, &x570, x6, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x571, &x572, x6, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x573, &x574, x6, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x575, &x576, x6, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x577, &x578, x6, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x579, &x580, x6, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x581, &x582, x6, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x583, &x584, x6, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x585, &x586, 0x0, x584, x581); + fiat_secp256k1_scalar_addcarryx_u32(&x587, &x588, x586, x582, x579); + fiat_secp256k1_scalar_addcarryx_u32(&x589, &x590, x588, x580, x577); + fiat_secp256k1_scalar_addcarryx_u32(&x591, &x592, x590, x578, x575); + fiat_secp256k1_scalar_addcarryx_u32(&x593, &x594, x592, x576, x573); + fiat_secp256k1_scalar_addcarryx_u32(&x595, &x596, x594, x574, x571); + fiat_secp256k1_scalar_addcarryx_u32(&x597, &x598, x596, x572, x569); + fiat_secp256k1_scalar_addcarryx_u32(&x599, &x600, 0x0, x553, x583); + fiat_secp256k1_scalar_addcarryx_u32(&x601, &x602, x600, x555, x585); + fiat_secp256k1_scalar_addcarryx_u32(&x603, &x604, x602, x557, x587); + fiat_secp256k1_scalar_addcarryx_u32(&x605, &x606, x604, x559, x589); + fiat_secp256k1_scalar_addcarryx_u32(&x607, &x608, x606, x561, x591); + fiat_secp256k1_scalar_addcarryx_u32(&x609, &x610, x608, x563, x593); + fiat_secp256k1_scalar_addcarryx_u32(&x611, &x612, x610, x565, x595); + fiat_secp256k1_scalar_addcarryx_u32(&x613, &x614, x612, x567, x597); + fiat_secp256k1_scalar_mulx_u32(&x615, &x616, x599, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x617, &x618, x615, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x619, &x620, x615, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x621, &x622, x615, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x623, &x624, x615, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x625, &x626, x615, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x627, &x628, x615, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x629, &x630, x615, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x631, &x632, x615, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x633, &x634, 0x0, x632, x629); + fiat_secp256k1_scalar_addcarryx_u32(&x635, &x636, x634, x630, x627); + fiat_secp256k1_scalar_addcarryx_u32(&x637, &x638, x636, x628, x625); + fiat_secp256k1_scalar_addcarryx_u32(&x639, &x640, x638, x626, x623); + fiat_secp256k1_scalar_addcarryx_u32(&x641, &x642, x640, x624, x621); + fiat_secp256k1_scalar_addcarryx_u32(&x643, &x644, x642, x622, x619); + fiat_secp256k1_scalar_addcarryx_u32(&x645, &x646, x644, x620, x617); + fiat_secp256k1_scalar_addcarryx_u32(&x647, &x648, 0x0, x599, x631); + fiat_secp256k1_scalar_addcarryx_u32(&x649, &x650, x648, x601, x633); + fiat_secp256k1_scalar_addcarryx_u32(&x651, &x652, x650, x603, x635); + fiat_secp256k1_scalar_addcarryx_u32(&x653, &x654, x652, x605, x637); + fiat_secp256k1_scalar_addcarryx_u32(&x655, &x656, x654, x607, x639); + fiat_secp256k1_scalar_addcarryx_u32(&x657, &x658, x656, x609, x641); + fiat_secp256k1_scalar_addcarryx_u32(&x659, &x660, x658, x611, x643); + fiat_secp256k1_scalar_addcarryx_u32(&x661, &x662, x660, x613, x645); + fiat_secp256k1_scalar_addcarryx_u32(&x663, &x664, x662, (((uint32_t)x614 + x568) + (x598 + x570)), (x646 + x618)); + fiat_secp256k1_scalar_mulx_u32(&x665, &x666, x7, UINT32_C(0x9d671cd5)); + fiat_secp256k1_scalar_mulx_u32(&x667, &x668, x7, UINT32_C(0x81c69bc5)); + fiat_secp256k1_scalar_mulx_u32(&x669, &x670, x7, UINT32_C(0xe697f5e4)); + fiat_secp256k1_scalar_mulx_u32(&x671, &x672, x7, UINT32_C(0x5bcd07c6)); + fiat_secp256k1_scalar_mulx_u32(&x673, &x674, x7, UINT32_C(0x741496c2)); + fiat_secp256k1_scalar_mulx_u32(&x675, &x676, x7, UINT32_C(0xe7cf878)); + fiat_secp256k1_scalar_mulx_u32(&x677, &x678, x7, UINT32_C(0x896cf214)); + fiat_secp256k1_scalar_mulx_u32(&x679, &x680, x7, UINT32_C(0x67d7d140)); + fiat_secp256k1_scalar_addcarryx_u32(&x681, &x682, 0x0, x680, x677); + fiat_secp256k1_scalar_addcarryx_u32(&x683, &x684, x682, x678, x675); + fiat_secp256k1_scalar_addcarryx_u32(&x685, &x686, x684, x676, x673); + fiat_secp256k1_scalar_addcarryx_u32(&x687, &x688, x686, x674, x671); + fiat_secp256k1_scalar_addcarryx_u32(&x689, &x690, x688, x672, x669); + fiat_secp256k1_scalar_addcarryx_u32(&x691, &x692, x690, x670, x667); + fiat_secp256k1_scalar_addcarryx_u32(&x693, &x694, x692, x668, x665); + fiat_secp256k1_scalar_addcarryx_u32(&x695, &x696, 0x0, x649, x679); + fiat_secp256k1_scalar_addcarryx_u32(&x697, &x698, x696, x651, x681); + fiat_secp256k1_scalar_addcarryx_u32(&x699, &x700, x698, x653, x683); + fiat_secp256k1_scalar_addcarryx_u32(&x701, &x702, x700, x655, x685); + fiat_secp256k1_scalar_addcarryx_u32(&x703, &x704, x702, x657, x687); + fiat_secp256k1_scalar_addcarryx_u32(&x705, &x706, x704, x659, x689); + fiat_secp256k1_scalar_addcarryx_u32(&x707, &x708, x706, x661, x691); + fiat_secp256k1_scalar_addcarryx_u32(&x709, &x710, x708, x663, x693); + fiat_secp256k1_scalar_mulx_u32(&x711, &x712, x695, UINT32_C(0x5588b13f)); + fiat_secp256k1_scalar_mulx_u32(&x713, &x714, x711, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x715, &x716, x711, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x717, &x718, x711, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_mulx_u32(&x719, &x720, x711, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_mulx_u32(&x721, &x722, x711, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_mulx_u32(&x723, &x724, x711, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_mulx_u32(&x725, &x726, x711, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_mulx_u32(&x727, &x728, x711, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_addcarryx_u32(&x729, &x730, 0x0, x728, x725); + fiat_secp256k1_scalar_addcarryx_u32(&x731, &x732, x730, x726, x723); + fiat_secp256k1_scalar_addcarryx_u32(&x733, &x734, x732, x724, x721); + fiat_secp256k1_scalar_addcarryx_u32(&x735, &x736, x734, x722, x719); + fiat_secp256k1_scalar_addcarryx_u32(&x737, &x738, x736, x720, x717); + fiat_secp256k1_scalar_addcarryx_u32(&x739, &x740, x738, x718, x715); + fiat_secp256k1_scalar_addcarryx_u32(&x741, &x742, x740, x716, x713); + fiat_secp256k1_scalar_addcarryx_u32(&x743, &x744, 0x0, x695, x727); + fiat_secp256k1_scalar_addcarryx_u32(&x745, &x746, x744, x697, x729); + fiat_secp256k1_scalar_addcarryx_u32(&x747, &x748, x746, x699, x731); + fiat_secp256k1_scalar_addcarryx_u32(&x749, &x750, x748, x701, x733); + fiat_secp256k1_scalar_addcarryx_u32(&x751, &x752, x750, x703, x735); + fiat_secp256k1_scalar_addcarryx_u32(&x753, &x754, x752, x705, x737); + fiat_secp256k1_scalar_addcarryx_u32(&x755, &x756, x754, x707, x739); + fiat_secp256k1_scalar_addcarryx_u32(&x757, &x758, x756, x709, x741); + fiat_secp256k1_scalar_addcarryx_u32(&x759, &x760, x758, (((uint32_t)x710 + x664) + (x694 + x666)), (x742 + x714)); + fiat_secp256k1_scalar_subborrowx_u32(&x761, &x762, 0x0, x745, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x763, &x764, x762, x747, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x765, &x766, x764, x749, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x767, &x768, x766, x751, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x769, &x770, x768, x753, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x771, &x772, x770, x755, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x773, &x774, x772, x757, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x775, &x776, x774, x759, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x777, &x778, x776, x760, 0x0); + fiat_secp256k1_scalar_cmovznz_u32(&x779, x778, x761, x745); + fiat_secp256k1_scalar_cmovznz_u32(&x780, x778, x763, x747); + fiat_secp256k1_scalar_cmovznz_u32(&x781, x778, x765, x749); + fiat_secp256k1_scalar_cmovznz_u32(&x782, x778, x767, x751); + fiat_secp256k1_scalar_cmovznz_u32(&x783, x778, x769, x753); + fiat_secp256k1_scalar_cmovznz_u32(&x784, x778, x771, x755); + fiat_secp256k1_scalar_cmovznz_u32(&x785, x778, x773, x757); + fiat_secp256k1_scalar_cmovznz_u32(&x786, x778, x775, x759); + out1[0] = x779; + out1[1] = x780; + out1[2] = x781; + out1[3] = x782; + out1[4] = x783; + out1[5] = x784; + out1[6] = x785; + out1[7] = x786; +} + +/* + * The function fiat_secp256k1_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_nonzero(uint32_t* out1, const uint32_t arg1[8]) { + uint32_t x1; + x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); + *out1 = x1; +} + +/* + * The function fiat_secp256k1_scalar_selectznz is a multi-limb conditional select. + * + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_selectznz(uint32_t out1[8], fiat_secp256k1_scalar_uint1 arg1, const uint32_t arg2[8], const uint32_t arg3[8]) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + fiat_secp256k1_scalar_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); + fiat_secp256k1_scalar_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); + fiat_secp256k1_scalar_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); + fiat_secp256k1_scalar_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); + fiat_secp256k1_scalar_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); + fiat_secp256k1_scalar_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); + fiat_secp256k1_scalar_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); + fiat_secp256k1_scalar_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/* + * The function fiat_secp256k1_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. + * + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint32_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint8_t x9; + uint32_t x10; + uint8_t x11; + uint32_t x12; + uint8_t x13; + uint8_t x14; + uint8_t x15; + uint32_t x16; + uint8_t x17; + uint32_t x18; + uint8_t x19; + uint8_t x20; + uint8_t x21; + uint32_t x22; + uint8_t x23; + uint32_t x24; + uint8_t x25; + uint8_t x26; + uint8_t x27; + uint32_t x28; + uint8_t x29; + uint32_t x30; + uint8_t x31; + uint8_t x32; + uint8_t x33; + uint32_t x34; + uint8_t x35; + uint32_t x36; + uint8_t x37; + uint8_t x38; + uint8_t x39; + uint32_t x40; + uint8_t x41; + uint32_t x42; + uint8_t x43; + uint8_t x44; + uint8_t x45; + uint32_t x46; + uint8_t x47; + uint32_t x48; + uint8_t x49; + uint8_t x50; + uint8_t x51; + uint32_t x52; + uint8_t x53; + uint32_t x54; + uint8_t x55; + uint8_t x56; + x1 = (arg1[7]); + x2 = (arg1[6]); + x3 = (arg1[5]); + x4 = (arg1[4]); + x5 = (arg1[3]); + x6 = (arg1[2]); + x7 = (arg1[1]); + x8 = (arg1[0]); + x9 = (uint8_t)(x8 & UINT8_C(0xff)); + x10 = (x8 >> 8); + x11 = (uint8_t)(x10 & UINT8_C(0xff)); + x12 = (x10 >> 8); + x13 = (uint8_t)(x12 & UINT8_C(0xff)); + x14 = (uint8_t)(x12 >> 8); + x15 = (uint8_t)(x7 & UINT8_C(0xff)); + x16 = (x7 >> 8); + x17 = (uint8_t)(x16 & UINT8_C(0xff)); + x18 = (x16 >> 8); + x19 = (uint8_t)(x18 & UINT8_C(0xff)); + x20 = (uint8_t)(x18 >> 8); + x21 = (uint8_t)(x6 & UINT8_C(0xff)); + x22 = (x6 >> 8); + x23 = (uint8_t)(x22 & UINT8_C(0xff)); + x24 = (x22 >> 8); + x25 = (uint8_t)(x24 & UINT8_C(0xff)); + x26 = (uint8_t)(x24 >> 8); + x27 = (uint8_t)(x5 & UINT8_C(0xff)); + x28 = (x5 >> 8); + x29 = (uint8_t)(x28 & UINT8_C(0xff)); + x30 = (x28 >> 8); + x31 = (uint8_t)(x30 & UINT8_C(0xff)); + x32 = (uint8_t)(x30 >> 8); + x33 = (uint8_t)(x4 & UINT8_C(0xff)); + x34 = (x4 >> 8); + x35 = (uint8_t)(x34 & UINT8_C(0xff)); + x36 = (x34 >> 8); + x37 = (uint8_t)(x36 & UINT8_C(0xff)); + x38 = (uint8_t)(x36 >> 8); + x39 = (uint8_t)(x3 & UINT8_C(0xff)); + x40 = (x3 >> 8); + x41 = (uint8_t)(x40 & UINT8_C(0xff)); + x42 = (x40 >> 8); + x43 = (uint8_t)(x42 & UINT8_C(0xff)); + x44 = (uint8_t)(x42 >> 8); + x45 = (uint8_t)(x2 & UINT8_C(0xff)); + x46 = (x2 >> 8); + x47 = (uint8_t)(x46 & UINT8_C(0xff)); + x48 = (x46 >> 8); + x49 = (uint8_t)(x48 & UINT8_C(0xff)); + x50 = (uint8_t)(x48 >> 8); + x51 = (uint8_t)(x1 & UINT8_C(0xff)); + x52 = (x1 >> 8); + x53 = (uint8_t)(x52 & UINT8_C(0xff)); + x54 = (x52 >> 8); + x55 = (uint8_t)(x54 & UINT8_C(0xff)); + x56 = (uint8_t)(x54 >> 8); + out1[0] = x9; + out1[1] = x11; + out1[2] = x13; + out1[3] = x14; + out1[4] = x15; + out1[5] = x17; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x26; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x38; + out1[20] = x39; + out1[21] = x41; + out1[22] = x43; + out1[23] = x44; + out1[24] = x45; + out1[25] = x47; + out1[26] = x49; + out1[27] = x50; + out1[28] = x51; + out1[29] = x53; + out1[30] = x55; + out1[31] = x56; +} + +/* + * The function fiat_secp256k1_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. + * + * Preconditions: + * 0 ≤ bytes_eval arg1 < m + * Postconditions: + * eval out1 mod m = bytes_eval arg1 mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) { + uint32_t x1; + uint32_t x2; + uint32_t x3; + uint8_t x4; + uint32_t x5; + uint32_t x6; + uint32_t x7; + uint8_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint8_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint8_t x16; + uint32_t x17; + uint32_t x18; + uint32_t x19; + uint8_t x20; + uint32_t x21; + uint32_t x22; + uint32_t x23; + uint8_t x24; + uint32_t x25; + uint32_t x26; + uint32_t x27; + uint8_t x28; + uint32_t x29; + uint32_t x30; + uint32_t x31; + uint8_t x32; + uint32_t x33; + uint32_t x34; + uint32_t x35; + uint32_t x36; + uint32_t x37; + uint32_t x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + uint32_t x52; + uint32_t x53; + uint32_t x54; + uint32_t x55; + uint32_t x56; + x1 = ((uint32_t)(arg1[31]) << 24); + x2 = ((uint32_t)(arg1[30]) << 16); + x3 = ((uint32_t)(arg1[29]) << 8); + x4 = (arg1[28]); + x5 = ((uint32_t)(arg1[27]) << 24); + x6 = ((uint32_t)(arg1[26]) << 16); + x7 = ((uint32_t)(arg1[25]) << 8); + x8 = (arg1[24]); + x9 = ((uint32_t)(arg1[23]) << 24); + x10 = ((uint32_t)(arg1[22]) << 16); + x11 = ((uint32_t)(arg1[21]) << 8); + x12 = (arg1[20]); + x13 = ((uint32_t)(arg1[19]) << 24); + x14 = ((uint32_t)(arg1[18]) << 16); + x15 = ((uint32_t)(arg1[17]) << 8); + x16 = (arg1[16]); + x17 = ((uint32_t)(arg1[15]) << 24); + x18 = ((uint32_t)(arg1[14]) << 16); + x19 = ((uint32_t)(arg1[13]) << 8); + x20 = (arg1[12]); + x21 = ((uint32_t)(arg1[11]) << 24); + x22 = ((uint32_t)(arg1[10]) << 16); + x23 = ((uint32_t)(arg1[9]) << 8); + x24 = (arg1[8]); + x25 = ((uint32_t)(arg1[7]) << 24); + x26 = ((uint32_t)(arg1[6]) << 16); + x27 = ((uint32_t)(arg1[5]) << 8); + x28 = (arg1[4]); + x29 = ((uint32_t)(arg1[3]) << 24); + x30 = ((uint32_t)(arg1[2]) << 16); + x31 = ((uint32_t)(arg1[1]) << 8); + x32 = (arg1[0]); + x33 = (x31 + (uint32_t)x32); + x34 = (x30 + x33); + x35 = (x29 + x34); + x36 = (x27 + (uint32_t)x28); + x37 = (x26 + x36); + x38 = (x25 + x37); + x39 = (x23 + (uint32_t)x24); + x40 = (x22 + x39); + x41 = (x21 + x40); + x42 = (x19 + (uint32_t)x20); + x43 = (x18 + x42); + x44 = (x17 + x43); + x45 = (x15 + (uint32_t)x16); + x46 = (x14 + x45); + x47 = (x13 + x46); + x48 = (x11 + (uint32_t)x12); + x49 = (x10 + x48); + x50 = (x9 + x49); + x51 = (x7 + (uint32_t)x8); + x52 = (x6 + x51); + x53 = (x5 + x52); + x54 = (x3 + (uint32_t)x4); + x55 = (x2 + x54); + x56 = (x1 + x55); + out1[0] = x35; + out1[1] = x38; + out1[2] = x41; + out1[3] = x44; + out1[4] = x47; + out1[5] = x50; + out1[6] = x53; + out1[7] = x56; +} + +/* + * The function fiat_secp256k1_scalar_set_one returns the field element one in the Montgomery domain. + * + * Postconditions: + * eval (from_montgomery out1) mod m = 1 mod m + * 0 ≤ eval out1 < m + * + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_set_one(fiat_secp256k1_scalar_montgomery_domain_field_element out1) { + out1[0] = UINT32_C(0x2fc9bebf); + out1[1] = UINT32_C(0x402da173); + out1[2] = UINT32_C(0x50b75fc4); + out1[3] = UINT32_C(0x45512319); + out1[4] = 0x1; + out1[5] = 0x0; + out1[6] = 0x0; + out1[7] = 0x0; +} + +/* + * The function fiat_secp256k1_scalar_msat returns the saturated representation of the prime modulus. + * + * Postconditions: + * twos_complement_eval out1 = m + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_msat(uint32_t out1[9]) { + out1[0] = UINT32_C(0xd0364141); + out1[1] = UINT32_C(0xbfd25e8c); + out1[2] = UINT32_C(0xaf48a03b); + out1[3] = UINT32_C(0xbaaedce6); + out1[4] = UINT32_C(0xfffffffe); + out1[5] = UINT32_C(0xffffffff); + out1[6] = UINT32_C(0xffffffff); + out1[7] = UINT32_C(0xffffffff); + out1[8] = 0x0; +} + +/* + * The function fiat_secp256k1_scalar_divstep computes a divstep. + * + * Preconditions: + * 0 ≤ eval arg4 < m + * 0 ≤ eval arg5 < m + * Postconditions: + * out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) + * twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) + * twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) + * eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) + * eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) + * 0 ≤ eval out5 < m + * 0 ≤ eval out5 < m + * 0 ≤ eval out2 < m + * 0 ≤ eval out3 < m + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffff] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_divstep(uint32_t* out1, uint32_t out2[9], uint32_t out3[9], uint32_t out4[8], uint32_t out5[8], uint32_t arg1, const uint32_t arg2[9], const uint32_t arg3[9], const uint32_t arg4[8], const uint32_t arg5[8]) { + uint32_t x1; + fiat_secp256k1_scalar_uint1 x2; + fiat_secp256k1_scalar_uint1 x3; + uint32_t x4; + fiat_secp256k1_scalar_uint1 x5; + uint32_t x6; + uint32_t x7; + uint32_t x8; + uint32_t x9; + uint32_t x10; + uint32_t x11; + uint32_t x12; + uint32_t x13; + uint32_t x14; + uint32_t x15; + uint32_t x16; + fiat_secp256k1_scalar_uint1 x17; + uint32_t x18; + fiat_secp256k1_scalar_uint1 x19; + uint32_t x20; + fiat_secp256k1_scalar_uint1 x21; + uint32_t x22; + fiat_secp256k1_scalar_uint1 x23; + uint32_t x24; + fiat_secp256k1_scalar_uint1 x25; + uint32_t x26; + fiat_secp256k1_scalar_uint1 x27; + uint32_t x28; + fiat_secp256k1_scalar_uint1 x29; + uint32_t x30; + fiat_secp256k1_scalar_uint1 x31; + uint32_t x32; + fiat_secp256k1_scalar_uint1 x33; + uint32_t x34; + uint32_t x35; + uint32_t x36; + uint32_t x37; + uint32_t x38; + uint32_t x39; + uint32_t x40; + uint32_t x41; + uint32_t x42; + uint32_t x43; + uint32_t x44; + uint32_t x45; + uint32_t x46; + uint32_t x47; + uint32_t x48; + uint32_t x49; + uint32_t x50; + uint32_t x51; + fiat_secp256k1_scalar_uint1 x52; + uint32_t x53; + fiat_secp256k1_scalar_uint1 x54; + uint32_t x55; + fiat_secp256k1_scalar_uint1 x56; + uint32_t x57; + fiat_secp256k1_scalar_uint1 x58; + uint32_t x59; + fiat_secp256k1_scalar_uint1 x60; + uint32_t x61; + fiat_secp256k1_scalar_uint1 x62; + uint32_t x63; + fiat_secp256k1_scalar_uint1 x64; + uint32_t x65; + fiat_secp256k1_scalar_uint1 x66; + uint32_t x67; + fiat_secp256k1_scalar_uint1 x68; + uint32_t x69; + fiat_secp256k1_scalar_uint1 x70; + uint32_t x71; + fiat_secp256k1_scalar_uint1 x72; + uint32_t x73; + fiat_secp256k1_scalar_uint1 x74; + uint32_t x75; + fiat_secp256k1_scalar_uint1 x76; + uint32_t x77; + fiat_secp256k1_scalar_uint1 x78; + uint32_t x79; + fiat_secp256k1_scalar_uint1 x80; + uint32_t x81; + fiat_secp256k1_scalar_uint1 x82; + uint32_t x83; + fiat_secp256k1_scalar_uint1 x84; + uint32_t x85; + uint32_t x86; + uint32_t x87; + uint32_t x88; + uint32_t x89; + uint32_t x90; + uint32_t x91; + uint32_t x92; + uint32_t x93; + fiat_secp256k1_scalar_uint1 x94; + uint32_t x95; + fiat_secp256k1_scalar_uint1 x96; + uint32_t x97; + fiat_secp256k1_scalar_uint1 x98; + uint32_t x99; + fiat_secp256k1_scalar_uint1 x100; + uint32_t x101; + fiat_secp256k1_scalar_uint1 x102; + uint32_t x103; + fiat_secp256k1_scalar_uint1 x104; + uint32_t x105; + fiat_secp256k1_scalar_uint1 x106; + uint32_t x107; + fiat_secp256k1_scalar_uint1 x108; + uint32_t x109; + uint32_t x110; + fiat_secp256k1_scalar_uint1 x111; + uint32_t x112; + fiat_secp256k1_scalar_uint1 x113; + uint32_t x114; + fiat_secp256k1_scalar_uint1 x115; + uint32_t x116; + fiat_secp256k1_scalar_uint1 x117; + uint32_t x118; + fiat_secp256k1_scalar_uint1 x119; + uint32_t x120; + fiat_secp256k1_scalar_uint1 x121; + uint32_t x122; + fiat_secp256k1_scalar_uint1 x123; + uint32_t x124; + fiat_secp256k1_scalar_uint1 x125; + uint32_t x126; + uint32_t x127; + uint32_t x128; + uint32_t x129; + uint32_t x130; + uint32_t x131; + uint32_t x132; + uint32_t x133; + fiat_secp256k1_scalar_uint1 x134; + uint32_t x135; + uint32_t x136; + uint32_t x137; + uint32_t x138; + uint32_t x139; + uint32_t x140; + uint32_t x141; + uint32_t x142; + uint32_t x143; + uint32_t x144; + fiat_secp256k1_scalar_uint1 x145; + uint32_t x146; + fiat_secp256k1_scalar_uint1 x147; + uint32_t x148; + fiat_secp256k1_scalar_uint1 x149; + uint32_t x150; + fiat_secp256k1_scalar_uint1 x151; + uint32_t x152; + fiat_secp256k1_scalar_uint1 x153; + uint32_t x154; + fiat_secp256k1_scalar_uint1 x155; + uint32_t x156; + fiat_secp256k1_scalar_uint1 x157; + uint32_t x158; + fiat_secp256k1_scalar_uint1 x159; + uint32_t x160; + fiat_secp256k1_scalar_uint1 x161; + uint32_t x162; + uint32_t x163; + uint32_t x164; + uint32_t x165; + uint32_t x166; + uint32_t x167; + uint32_t x168; + uint32_t x169; + uint32_t x170; + fiat_secp256k1_scalar_uint1 x171; + uint32_t x172; + fiat_secp256k1_scalar_uint1 x173; + uint32_t x174; + fiat_secp256k1_scalar_uint1 x175; + uint32_t x176; + fiat_secp256k1_scalar_uint1 x177; + uint32_t x178; + fiat_secp256k1_scalar_uint1 x179; + uint32_t x180; + fiat_secp256k1_scalar_uint1 x181; + uint32_t x182; + fiat_secp256k1_scalar_uint1 x183; + uint32_t x184; + fiat_secp256k1_scalar_uint1 x185; + uint32_t x186; + fiat_secp256k1_scalar_uint1 x187; + uint32_t x188; + fiat_secp256k1_scalar_uint1 x189; + uint32_t x190; + fiat_secp256k1_scalar_uint1 x191; + uint32_t x192; + fiat_secp256k1_scalar_uint1 x193; + uint32_t x194; + fiat_secp256k1_scalar_uint1 x195; + uint32_t x196; + fiat_secp256k1_scalar_uint1 x197; + uint32_t x198; + fiat_secp256k1_scalar_uint1 x199; + uint32_t x200; + fiat_secp256k1_scalar_uint1 x201; + uint32_t x202; + fiat_secp256k1_scalar_uint1 x203; + uint32_t x204; + fiat_secp256k1_scalar_uint1 x205; + uint32_t x206; + uint32_t x207; + uint32_t x208; + uint32_t x209; + uint32_t x210; + uint32_t x211; + uint32_t x212; + uint32_t x213; + uint32_t x214; + uint32_t x215; + uint32_t x216; + uint32_t x217; + uint32_t x218; + uint32_t x219; + uint32_t x220; + uint32_t x221; + uint32_t x222; + uint32_t x223; + uint32_t x224; + uint32_t x225; + uint32_t x226; + uint32_t x227; + uint32_t x228; + uint32_t x229; + uint32_t x230; + fiat_secp256k1_scalar_addcarryx_u32(&x1, &x2, 0x0, (~arg1), 0x1); + x3 = (fiat_secp256k1_scalar_uint1)((fiat_secp256k1_scalar_uint1)(x1 >> 31) & (fiat_secp256k1_scalar_uint1)((arg3[0]) & 0x1)); + fiat_secp256k1_scalar_addcarryx_u32(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_secp256k1_scalar_cmovznz_u32(&x6, x3, arg1, x4); + fiat_secp256k1_scalar_cmovznz_u32(&x7, x3, (arg2[0]), (arg3[0])); + fiat_secp256k1_scalar_cmovznz_u32(&x8, x3, (arg2[1]), (arg3[1])); + fiat_secp256k1_scalar_cmovznz_u32(&x9, x3, (arg2[2]), (arg3[2])); + fiat_secp256k1_scalar_cmovznz_u32(&x10, x3, (arg2[3]), (arg3[3])); + fiat_secp256k1_scalar_cmovznz_u32(&x11, x3, (arg2[4]), (arg3[4])); + fiat_secp256k1_scalar_cmovznz_u32(&x12, x3, (arg2[5]), (arg3[5])); + fiat_secp256k1_scalar_cmovznz_u32(&x13, x3, (arg2[6]), (arg3[6])); + fiat_secp256k1_scalar_cmovznz_u32(&x14, x3, (arg2[7]), (arg3[7])); + fiat_secp256k1_scalar_cmovznz_u32(&x15, x3, (arg2[8]), (arg3[8])); + fiat_secp256k1_scalar_addcarryx_u32(&x16, &x17, 0x0, 0x1, (~(arg2[0]))); + fiat_secp256k1_scalar_addcarryx_u32(&x18, &x19, x17, 0x0, (~(arg2[1]))); + fiat_secp256k1_scalar_addcarryx_u32(&x20, &x21, x19, 0x0, (~(arg2[2]))); + fiat_secp256k1_scalar_addcarryx_u32(&x22, &x23, x21, 0x0, (~(arg2[3]))); + fiat_secp256k1_scalar_addcarryx_u32(&x24, &x25, x23, 0x0, (~(arg2[4]))); + fiat_secp256k1_scalar_addcarryx_u32(&x26, &x27, x25, 0x0, (~(arg2[5]))); + fiat_secp256k1_scalar_addcarryx_u32(&x28, &x29, x27, 0x0, (~(arg2[6]))); + fiat_secp256k1_scalar_addcarryx_u32(&x30, &x31, x29, 0x0, (~(arg2[7]))); + fiat_secp256k1_scalar_addcarryx_u32(&x32, &x33, x31, 0x0, (~(arg2[8]))); + fiat_secp256k1_scalar_cmovznz_u32(&x34, x3, (arg3[0]), x16); + fiat_secp256k1_scalar_cmovznz_u32(&x35, x3, (arg3[1]), x18); + fiat_secp256k1_scalar_cmovznz_u32(&x36, x3, (arg3[2]), x20); + fiat_secp256k1_scalar_cmovznz_u32(&x37, x3, (arg3[3]), x22); + fiat_secp256k1_scalar_cmovznz_u32(&x38, x3, (arg3[4]), x24); + fiat_secp256k1_scalar_cmovznz_u32(&x39, x3, (arg3[5]), x26); + fiat_secp256k1_scalar_cmovznz_u32(&x40, x3, (arg3[6]), x28); + fiat_secp256k1_scalar_cmovznz_u32(&x41, x3, (arg3[7]), x30); + fiat_secp256k1_scalar_cmovznz_u32(&x42, x3, (arg3[8]), x32); + fiat_secp256k1_scalar_cmovznz_u32(&x43, x3, (arg4[0]), (arg5[0])); + fiat_secp256k1_scalar_cmovznz_u32(&x44, x3, (arg4[1]), (arg5[1])); + fiat_secp256k1_scalar_cmovznz_u32(&x45, x3, (arg4[2]), (arg5[2])); + fiat_secp256k1_scalar_cmovznz_u32(&x46, x3, (arg4[3]), (arg5[3])); + fiat_secp256k1_scalar_cmovznz_u32(&x47, x3, (arg4[4]), (arg5[4])); + fiat_secp256k1_scalar_cmovznz_u32(&x48, x3, (arg4[5]), (arg5[5])); + fiat_secp256k1_scalar_cmovznz_u32(&x49, x3, (arg4[6]), (arg5[6])); + fiat_secp256k1_scalar_cmovznz_u32(&x50, x3, (arg4[7]), (arg5[7])); + fiat_secp256k1_scalar_addcarryx_u32(&x51, &x52, 0x0, x43, x43); + fiat_secp256k1_scalar_addcarryx_u32(&x53, &x54, x52, x44, x44); + fiat_secp256k1_scalar_addcarryx_u32(&x55, &x56, x54, x45, x45); + fiat_secp256k1_scalar_addcarryx_u32(&x57, &x58, x56, x46, x46); + fiat_secp256k1_scalar_addcarryx_u32(&x59, &x60, x58, x47, x47); + fiat_secp256k1_scalar_addcarryx_u32(&x61, &x62, x60, x48, x48); + fiat_secp256k1_scalar_addcarryx_u32(&x63, &x64, x62, x49, x49); + fiat_secp256k1_scalar_addcarryx_u32(&x65, &x66, x64, x50, x50); + fiat_secp256k1_scalar_subborrowx_u32(&x67, &x68, 0x0, x51, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x69, &x70, x68, x53, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x71, &x72, x70, x55, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x73, &x74, x72, x57, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x75, &x76, x74, x59, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x77, &x78, x76, x61, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x79, &x80, x78, x63, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x81, &x82, x80, x65, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x83, &x84, x82, x66, 0x0); + x85 = (arg4[7]); + x86 = (arg4[6]); + x87 = (arg4[5]); + x88 = (arg4[4]); + x89 = (arg4[3]); + x90 = (arg4[2]); + x91 = (arg4[1]); + x92 = (arg4[0]); + fiat_secp256k1_scalar_subborrowx_u32(&x93, &x94, 0x0, 0x0, x92); + fiat_secp256k1_scalar_subborrowx_u32(&x95, &x96, x94, 0x0, x91); + fiat_secp256k1_scalar_subborrowx_u32(&x97, &x98, x96, 0x0, x90); + fiat_secp256k1_scalar_subborrowx_u32(&x99, &x100, x98, 0x0, x89); + fiat_secp256k1_scalar_subborrowx_u32(&x101, &x102, x100, 0x0, x88); + fiat_secp256k1_scalar_subborrowx_u32(&x103, &x104, x102, 0x0, x87); + fiat_secp256k1_scalar_subborrowx_u32(&x105, &x106, x104, 0x0, x86); + fiat_secp256k1_scalar_subborrowx_u32(&x107, &x108, x106, 0x0, x85); + fiat_secp256k1_scalar_cmovznz_u32(&x109, x108, 0x0, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_addcarryx_u32(&x110, &x111, 0x0, x93, (x109 & UINT32_C(0xd0364141))); + fiat_secp256k1_scalar_addcarryx_u32(&x112, &x113, x111, x95, (x109 & UINT32_C(0xbfd25e8c))); + fiat_secp256k1_scalar_addcarryx_u32(&x114, &x115, x113, x97, (x109 & UINT32_C(0xaf48a03b))); + fiat_secp256k1_scalar_addcarryx_u32(&x116, &x117, x115, x99, (x109 & UINT32_C(0xbaaedce6))); + fiat_secp256k1_scalar_addcarryx_u32(&x118, &x119, x117, x101, (x109 & UINT32_C(0xfffffffe))); + fiat_secp256k1_scalar_addcarryx_u32(&x120, &x121, x119, x103, x109); + fiat_secp256k1_scalar_addcarryx_u32(&x122, &x123, x121, x105, x109); + fiat_secp256k1_scalar_addcarryx_u32(&x124, &x125, x123, x107, x109); + fiat_secp256k1_scalar_cmovznz_u32(&x126, x3, (arg5[0]), x110); + fiat_secp256k1_scalar_cmovznz_u32(&x127, x3, (arg5[1]), x112); + fiat_secp256k1_scalar_cmovznz_u32(&x128, x3, (arg5[2]), x114); + fiat_secp256k1_scalar_cmovznz_u32(&x129, x3, (arg5[3]), x116); + fiat_secp256k1_scalar_cmovznz_u32(&x130, x3, (arg5[4]), x118); + fiat_secp256k1_scalar_cmovznz_u32(&x131, x3, (arg5[5]), x120); + fiat_secp256k1_scalar_cmovznz_u32(&x132, x3, (arg5[6]), x122); + fiat_secp256k1_scalar_cmovznz_u32(&x133, x3, (arg5[7]), x124); + x134 = (fiat_secp256k1_scalar_uint1)(x34 & 0x1); + fiat_secp256k1_scalar_cmovznz_u32(&x135, x134, 0x0, x7); + fiat_secp256k1_scalar_cmovznz_u32(&x136, x134, 0x0, x8); + fiat_secp256k1_scalar_cmovznz_u32(&x137, x134, 0x0, x9); + fiat_secp256k1_scalar_cmovznz_u32(&x138, x134, 0x0, x10); + fiat_secp256k1_scalar_cmovznz_u32(&x139, x134, 0x0, x11); + fiat_secp256k1_scalar_cmovznz_u32(&x140, x134, 0x0, x12); + fiat_secp256k1_scalar_cmovznz_u32(&x141, x134, 0x0, x13); + fiat_secp256k1_scalar_cmovznz_u32(&x142, x134, 0x0, x14); + fiat_secp256k1_scalar_cmovznz_u32(&x143, x134, 0x0, x15); + fiat_secp256k1_scalar_addcarryx_u32(&x144, &x145, 0x0, x34, x135); + fiat_secp256k1_scalar_addcarryx_u32(&x146, &x147, x145, x35, x136); + fiat_secp256k1_scalar_addcarryx_u32(&x148, &x149, x147, x36, x137); + fiat_secp256k1_scalar_addcarryx_u32(&x150, &x151, x149, x37, x138); + fiat_secp256k1_scalar_addcarryx_u32(&x152, &x153, x151, x38, x139); + fiat_secp256k1_scalar_addcarryx_u32(&x154, &x155, x153, x39, x140); + fiat_secp256k1_scalar_addcarryx_u32(&x156, &x157, x155, x40, x141); + fiat_secp256k1_scalar_addcarryx_u32(&x158, &x159, x157, x41, x142); + fiat_secp256k1_scalar_addcarryx_u32(&x160, &x161, x159, x42, x143); + fiat_secp256k1_scalar_cmovznz_u32(&x162, x134, 0x0, x43); + fiat_secp256k1_scalar_cmovznz_u32(&x163, x134, 0x0, x44); + fiat_secp256k1_scalar_cmovznz_u32(&x164, x134, 0x0, x45); + fiat_secp256k1_scalar_cmovznz_u32(&x165, x134, 0x0, x46); + fiat_secp256k1_scalar_cmovznz_u32(&x166, x134, 0x0, x47); + fiat_secp256k1_scalar_cmovznz_u32(&x167, x134, 0x0, x48); + fiat_secp256k1_scalar_cmovznz_u32(&x168, x134, 0x0, x49); + fiat_secp256k1_scalar_cmovznz_u32(&x169, x134, 0x0, x50); + fiat_secp256k1_scalar_addcarryx_u32(&x170, &x171, 0x0, x126, x162); + fiat_secp256k1_scalar_addcarryx_u32(&x172, &x173, x171, x127, x163); + fiat_secp256k1_scalar_addcarryx_u32(&x174, &x175, x173, x128, x164); + fiat_secp256k1_scalar_addcarryx_u32(&x176, &x177, x175, x129, x165); + fiat_secp256k1_scalar_addcarryx_u32(&x178, &x179, x177, x130, x166); + fiat_secp256k1_scalar_addcarryx_u32(&x180, &x181, x179, x131, x167); + fiat_secp256k1_scalar_addcarryx_u32(&x182, &x183, x181, x132, x168); + fiat_secp256k1_scalar_addcarryx_u32(&x184, &x185, x183, x133, x169); + fiat_secp256k1_scalar_subborrowx_u32(&x186, &x187, 0x0, x170, UINT32_C(0xd0364141)); + fiat_secp256k1_scalar_subborrowx_u32(&x188, &x189, x187, x172, UINT32_C(0xbfd25e8c)); + fiat_secp256k1_scalar_subborrowx_u32(&x190, &x191, x189, x174, UINT32_C(0xaf48a03b)); + fiat_secp256k1_scalar_subborrowx_u32(&x192, &x193, x191, x176, UINT32_C(0xbaaedce6)); + fiat_secp256k1_scalar_subborrowx_u32(&x194, &x195, x193, x178, UINT32_C(0xfffffffe)); + fiat_secp256k1_scalar_subborrowx_u32(&x196, &x197, x195, x180, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x198, &x199, x197, x182, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x200, &x201, x199, x184, UINT32_C(0xffffffff)); + fiat_secp256k1_scalar_subborrowx_u32(&x202, &x203, x201, x185, 0x0); + fiat_secp256k1_scalar_addcarryx_u32(&x204, &x205, 0x0, x6, 0x1); + x206 = ((x144 >> 1) | ((x146 << 31) & UINT32_C(0xffffffff))); + x207 = ((x146 >> 1) | ((x148 << 31) & UINT32_C(0xffffffff))); + x208 = ((x148 >> 1) | ((x150 << 31) & UINT32_C(0xffffffff))); + x209 = ((x150 >> 1) | ((x152 << 31) & UINT32_C(0xffffffff))); + x210 = ((x152 >> 1) | ((x154 << 31) & UINT32_C(0xffffffff))); + x211 = ((x154 >> 1) | ((x156 << 31) & UINT32_C(0xffffffff))); + x212 = ((x156 >> 1) | ((x158 << 31) & UINT32_C(0xffffffff))); + x213 = ((x158 >> 1) | ((x160 << 31) & UINT32_C(0xffffffff))); + x214 = ((x160 & UINT32_C(0x80000000)) | (x160 >> 1)); + fiat_secp256k1_scalar_cmovznz_u32(&x215, x84, x67, x51); + fiat_secp256k1_scalar_cmovznz_u32(&x216, x84, x69, x53); + fiat_secp256k1_scalar_cmovznz_u32(&x217, x84, x71, x55); + fiat_secp256k1_scalar_cmovznz_u32(&x218, x84, x73, x57); + fiat_secp256k1_scalar_cmovznz_u32(&x219, x84, x75, x59); + fiat_secp256k1_scalar_cmovznz_u32(&x220, x84, x77, x61); + fiat_secp256k1_scalar_cmovznz_u32(&x221, x84, x79, x63); + fiat_secp256k1_scalar_cmovznz_u32(&x222, x84, x81, x65); + fiat_secp256k1_scalar_cmovznz_u32(&x223, x203, x186, x170); + fiat_secp256k1_scalar_cmovznz_u32(&x224, x203, x188, x172); + fiat_secp256k1_scalar_cmovznz_u32(&x225, x203, x190, x174); + fiat_secp256k1_scalar_cmovznz_u32(&x226, x203, x192, x176); + fiat_secp256k1_scalar_cmovznz_u32(&x227, x203, x194, x178); + fiat_secp256k1_scalar_cmovznz_u32(&x228, x203, x196, x180); + fiat_secp256k1_scalar_cmovznz_u32(&x229, x203, x198, x182); + fiat_secp256k1_scalar_cmovznz_u32(&x230, x203, x200, x184); + *out1 = x204; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out2[8] = x15; + out3[0] = x206; + out3[1] = x207; + out3[2] = x208; + out3[3] = x209; + out3[4] = x210; + out3[5] = x211; + out3[6] = x212; + out3[7] = x213; + out3[8] = x214; + out4[0] = x215; + out4[1] = x216; + out4[2] = x217; + out4[3] = x218; + out4[4] = x219; + out4[5] = x220; + out4[6] = x221; + out4[7] = x222; + out5[0] = x223; + out5[1] = x224; + out5[2] = x225; + out5[3] = x226; + out5[4] = x227; + out5[5] = x228; + out5[6] = x229; + out5[7] = x230; +} + +/* + * The function fiat_secp256k1_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). + * + * Postconditions: + * eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) + * 0 ≤ eval out1 < m + * + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static FIAT_SECP256K1_SCALAR_FIAT_INLINE void fiat_secp256k1_scalar_divstep_precomp(uint32_t out1[8]) { + out1[0] = UINT32_C(0x2b9cb4e9); + out1[1] = UINT32_C(0xd7431a4d); + out1[2] = UINT32_C(0x32d9c503); + out1[3] = UINT32_C(0xab67d35a); + out1[4] = UINT32_C(0x859ce35f); + out1[5] = UINT32_C(0xadf6c7e5); + out1[6] = UINT32_C(0x1df6c379); + out1[7] = UINT32_C(0x61544145); +} + + +/* END verbatim fiat code */ + +/* curve-related constants */ + +static const limb_t const_one[8] = {UINT32_C(0x000003D1), UINT32_C(0x00000001), + UINT32_C(0x00000000), UINT32_C(0x00000000), + UINT32_C(0x00000000), UINT32_C(0x00000000), + UINT32_C(0x00000000), UINT32_C(0x00000000)}; + +static const limb_t const_b3[8] = {UINT32_C(0x00005025), UINT32_C(0x00000015), + UINT32_C(0x00000000), UINT32_C(0x00000000), + UINT32_C(0x00000000), UINT32_C(0x00000000), + UINT32_C(0x00000000), UINT32_C(0x00000000)}; + +static const limb_t const_divstep[8] = { + UINT32_C(0x5F556348), UINT32_C(0xEE9129A9), UINT32_C(0xCEC1C048), + UINT32_C(0xF6E12502), UINT32_C(0x0DE5911F), UINT32_C(0x14AF95BB), + UINT32_C(0xCCE23616), UINT32_C(0x28AA9C1C)}; + +static const limb_t const_psat[8] = { + UINT32_C(0xFFFFFC2F), UINT32_C(0xFFFFFFFE), UINT32_C(0xFFFFFFFF), + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF)}; + +/* LUT for scalar multiplication by comb interleaving */ +static const pt_aff_t lut_cmb[27][16] = { + { + {{UINT32_C(0x487E2097), UINT32_C(0xD7362E5A), UINT32_C(0x29BC66DB), + UINT32_C(0x231E2953), UINT32_C(0x33FD129C), UINT32_C(0x979F48C0), + UINT32_C(0xE9089F48), UINT32_C(0x9981E643)}, + {UINT32_C(0xD3DBABE2), UINT32_C(0xB15EA6D2), UINT32_C(0x1F1DC64D), + UINT32_C(0x8DFC5D5D), UINT32_C(0xAC19C136), UINT32_C(0x70B6B59A), + UINT32_C(0xD4A582D6), UINT32_C(0xCF3F851F)}}, + {{UINT32_C(0xD5FEA781), UINT32_C(0x2379D4BB), UINT32_C(0x22EB7BC4), + UINT32_C(0x066CEAFB), UINT32_C(0x85985972), UINT32_C(0x5940D073), + UINT32_C(0xCDF4C0AD), UINT32_C(0x9497730F)}, + {UINT32_C(0x613F55A9), UINT32_C(0xAF18B0B0), UINT32_C(0xC5A1F91F), + UINT32_C(0xAC4964CD), UINT32_C(0x84885650), UINT32_C(0xCC6048BD), + UINT32_C(0x9215EC76), UINT32_C(0x3EC28DCD)}}, + {{UINT32_C(0xBEA19BC6), UINT32_C(0x212347FC), UINT32_C(0xDC284CDA), + UINT32_C(0x58D7334D), UINT32_C(0x72DD41DD), UINT32_C(0x20CE3585), + UINT32_C(0xAAE7F96F), UINT32_C(0x8ED284D3)}, + {UINT32_C(0x00DFD9E7), UINT32_C(0x9E5E7848), UINT32_C(0xAAD35CC5), + UINT32_C(0x59AAA8D8), UINT32_C(0x7F8DBFD2), UINT32_C(0x011D0B10), + UINT32_C(0x583630C0), UINT32_C(0x1FD437AE)}}, + {{UINT32_C(0xCAA4CB22), UINT32_C(0x07ECE566), UINT32_C(0x16C087C4), + UINT32_C(0xCA934F87), UINT32_C(0x4E1D6BD5), UINT32_C(0x4DA36222), + UINT32_C(0xD73866E0), UINT32_C(0x5F402433)}, + {UINT32_C(0x4A77D752), UINT32_C(0x4777D112), UINT32_C(0xF1097263), + UINT32_C(0x879D7639), UINT32_C(0x7291AB04), UINT32_C(0xF2FD13D8), + UINT32_C(0x0BA1A73B), UINT32_C(0xC8043A67)}}, + {{UINT32_C(0xEAFD5A74), UINT32_C(0x46CC6D26), UINT32_C(0x1ED7F74C), + UINT32_C(0x6EDD9E7F), UINT32_C(0xF64B253D), UINT32_C(0x8CEC72C7), + UINT32_C(0xF4D02A72), UINT32_C(0x87D71C6B)}, + {UINT32_C(0x268D25A4), UINT32_C(0xB2A0D4AE), UINT32_C(0x59794D80), + UINT32_C(0xAEC108C6), UINT32_C(0xE6793574), UINT32_C(0xF0176BED), + UINT32_C(0x94CEF97C), UINT32_C(0x01563390)}}, + {{UINT32_C(0x94A7A0AA), UINT32_C(0x04F0C78F), UINT32_C(0x93493BB8), + UINT32_C(0x349EBDF9), UINT32_C(0xBB49A3C1), UINT32_C(0xD28558B5), + UINT32_C(0xBCE5A953), UINT32_C(0x9D888BE8)}, + {UINT32_C(0x7BEACF4C), UINT32_C(0x434322E3), UINT32_C(0xF899ACAA), + UINT32_C(0x755DB980), UINT32_C(0x7B41572A), UINT32_C(0x7CB76BD2), + UINT32_C(0x7705FAC8), UINT32_C(0x0E92C06D)}}, + {{UINT32_C(0xF5989088), UINT32_C(0xD59A06C4), UINT32_C(0x46AEC93F), + UINT32_C(0xD35438E6), UINT32_C(0xA02A9988), UINT32_C(0x5B370E50), + UINT32_C(0xAFF18F7B), UINT32_C(0x7065F32B)}, + {UINT32_C(0xA5D44558), UINT32_C(0x14817536), UINT32_C(0x948A3B41), + UINT32_C(0x0F73D052), UINT32_C(0xC013F5AF), UINT32_C(0xDB37E3A6), + UINT32_C(0x99B24984), UINT32_C(0x595E4C33)}}, + {{UINT32_C(0x18620CD4), UINT32_C(0xD51E8DA3), UINT32_C(0x3FF3BFFD), + UINT32_C(0xA9B17424), UINT32_C(0xF9180A0E), UINT32_C(0x8FE0D087), + UINT32_C(0x6A78A2B1), UINT32_C(0x329CF6F3)}, + {UINT32_C(0x8CF9083A), UINT32_C(0x364E94E6), UINT32_C(0x5CA29845), + UINT32_C(0xD97359FB), UINT32_C(0x9E703FC8), UINT32_C(0x1442E0ED), + UINT32_C(0x4965BC3E), UINT32_C(0xF384D03B)}}, + {{UINT32_C(0x1DF00C43), UINT32_C(0xD90BB8E1), UINT32_C(0xF3B25560), + UINT32_C(0x9B182865), UINT32_C(0x22B91922), UINT32_C(0x69D7A2A8), + UINT32_C(0xF9FF59AA), UINT32_C(0xE272A6A1)}, + {UINT32_C(0x6F2A14C9), UINT32_C(0x85352EA7), UINT32_C(0x753707E5), + UINT32_C(0x99DC58B3), UINT32_C(0xC6B65CC3), UINT32_C(0x4E936DDC), + UINT32_C(0x38A1624E), UINT32_C(0xB9D10585)}}, + {{UINT32_C(0xD62A7A38), UINT32_C(0xD78EE564), UINT32_C(0x727DF8F4), + UINT32_C(0x5F8BF03A), UINT32_C(0xA3023A4A), UINT32_C(0xD8D133AD), + UINT32_C(0x4DD633A5), UINT32_C(0xDEB7636C)}, + {UINT32_C(0xE0D36289), UINT32_C(0xDF15C738), UINT32_C(0x98B88BDC), + UINT32_C(0x91A29C61), UINT32_C(0x00DDA4F2), UINT32_C(0x7CEEF096), + UINT32_C(0xD07C28EA), UINT32_C(0x444EC627)}}, + {{UINT32_C(0xF76CE60A), UINT32_C(0x7287D563), UINT32_C(0x74EACC1D), + UINT32_C(0x6DDB2DC6), UINT32_C(0x6CB12EA3), UINT32_C(0xE0A1107E), + UINT32_C(0xA746F598), UINT32_C(0x38D21CE5)}, + {UINT32_C(0x34CAE6F2), UINT32_C(0xEAD831A4), UINT32_C(0x4C4C0573), + UINT32_C(0x439DDFDC), UINT32_C(0xB8025098), UINT32_C(0xD69265AE), + UINT32_C(0xAF0BE6C8), UINT32_C(0x9A760529)}}, + {{UINT32_C(0x7D7868E2), UINT32_C(0x710C2491), UINT32_C(0xA66FA9A0), + UINT32_C(0xB7018DCC), UINT32_C(0x928BA6AA), UINT32_C(0xB2BB768F), + UINT32_C(0x36060918), UINT32_C(0x34B90891)}, + {UINT32_C(0x5A765CFA), UINT32_C(0x1BB37E7D), UINT32_C(0x05D5C130), + UINT32_C(0x04E41EB8), UINT32_C(0x934FC6C9), UINT32_C(0xFABC5A81), + UINT32_C(0x956C455F), UINT32_C(0x1ADA75EB)}}, + {{UINT32_C(0x528EAB6D), UINT32_C(0x43A8673A), UINT32_C(0x84257EEE), + UINT32_C(0xCC7C3AFF), UINT32_C(0xF7FB2C09), UINT32_C(0x826674BB), + UINT32_C(0xB6487C5A), UINT32_C(0x4F13FD3D)}, + {UINT32_C(0x37027B74), UINT32_C(0x1AF88D5C), UINT32_C(0xBB5BB569), + UINT32_C(0xD788F352), UINT32_C(0xEAAA2D4C), UINT32_C(0x315A735B), + UINT32_C(0xB81AC1BD), UINT32_C(0xDAAF22E5)}}, + {{UINT32_C(0xDF096D18), UINT32_C(0x4065DE4B), UINT32_C(0x64C270E8), + UINT32_C(0xF732D136), UINT32_C(0xB730AEBA), UINT32_C(0x4A77F053), + UINT32_C(0x65719926), UINT32_C(0x6753E5A7)}, + {UINT32_C(0x45D3E40B), UINT32_C(0xCA066881), UINT32_C(0xAC9DCFB6), + UINT32_C(0x5987C3F8), UINT32_C(0xD3304A23), UINT32_C(0xFBFCC60C), + UINT32_C(0x80153D3B), UINT32_C(0x5DACE331)}}, + {{UINT32_C(0xBC66AEBF), UINT32_C(0x78393CC1), UINT32_C(0x1124AA09), + UINT32_C(0x66DE27B3), UINT32_C(0x72CECEBE), UINT32_C(0x8C4C7F20), + UINT32_C(0xD5A92B77), UINT32_C(0x30822ABD)}, + {UINT32_C(0xF7CBCB31), UINT32_C(0xA8C8E083), UINT32_C(0x72BD2977), + UINT32_C(0xCB952FA1), UINT32_C(0x1AFA8C27), UINT32_C(0x0CDB3AB3), + UINT32_C(0x6535CE88), UINT32_C(0x210EC24F)}}, + {{UINT32_C(0x1AF2746F), UINT32_C(0x3EEEC4B2), UINT32_C(0xB2686256), + UINT32_C(0x016F76F7), UINT32_C(0x84012E67), UINT32_C(0x730D41A4), + UINT32_C(0xF74EC811), UINT32_C(0xF12C7E23)}, + {UINT32_C(0xA89357DC), UINT32_C(0xE5694678), UINT32_C(0xCA2335DD), + UINT32_C(0x10AC2B51), UINT32_C(0xE149B499), UINT32_C(0x5E0EDA4C), + UINT32_C(0xBFA868AA), UINT32_C(0x27964839)}}, + }, + { + {{UINT32_C(0x5BB2A131), UINT32_C(0xADB47B9D), UINT32_C(0x68DDBBEA), + UINT32_C(0x18668FE1), UINT32_C(0x86A0679A), UINT32_C(0x9CB9F687), + UINT32_C(0x4033B7E8), UINT32_C(0xC00F5A0F)}, + {UINT32_C(0xEDCE153C), UINT32_C(0xC215EBE6), UINT32_C(0x293549DD), + UINT32_C(0x4F227EC0), UINT32_C(0x94DB5F97), UINT32_C(0xB6190F90), + UINT32_C(0x3E4DC133), UINT32_C(0xE50530CC)}}, + {{UINT32_C(0x7AB0A263), UINT32_C(0xDC772F16), UINT32_C(0x8DD11538), + UINT32_C(0x46F341F6), UINT32_C(0x686BD6FC), UINT32_C(0x07660582), + UINT32_C(0x390FC89F), UINT32_C(0xDDCBD7C1)}, + {UINT32_C(0x29BA2017), UINT32_C(0x634A8D7F), UINT32_C(0x6745BF3F), + UINT32_C(0x198EF17D), UINT32_C(0x0347FC10), UINT32_C(0x2A475127), + UINT32_C(0xA7944C7C), UINT32_C(0xDD0AC964)}}, + {{UINT32_C(0x6E1DE804), UINT32_C(0x12F838ED), UINT32_C(0x91447472), + UINT32_C(0x8AB192A5), UINT32_C(0x3221B010), UINT32_C(0xFCC20574), + UINT32_C(0x8042009C), UINT32_C(0x652AE267)}, + {UINT32_C(0x06819F10), UINT32_C(0xBD830BF9), UINT32_C(0x29FDC18A), + UINT32_C(0xD43AF551), UINT32_C(0x6C7E5F2F), UINT32_C(0x6DBBA7F1), + UINT32_C(0xC43D7C7D), UINT32_C(0xE2057C4F)}}, + {{UINT32_C(0xC4AE2691), UINT32_C(0x1B184D85), UINT32_C(0xB0A8A9CF), + UINT32_C(0x132DBDB0), UINT32_C(0xFCE576EE), UINT32_C(0x7D5789BF), + UINT32_C(0x12898C50), UINT32_C(0x0A077398)}, + {UINT32_C(0xD4DDBE0A), UINT32_C(0x9FDAE028), UINT32_C(0xFDCB1E2D), + UINT32_C(0xD1AB29D6), UINT32_C(0xA748809B), UINT32_C(0x1CFBE8A0), + UINT32_C(0x32371D99), UINT32_C(0x1827DDD9)}}, + {{UINT32_C(0xB8C213A9), UINT32_C(0x9CCE6EB6), UINT32_C(0x20B781D0), + UINT32_C(0xF8E9D0EF), UINT32_C(0x6F2D52B0), UINT32_C(0x1D80DC10), + UINT32_C(0xBBE471F4), UINT32_C(0xFA2C5362)}, + {UINT32_C(0x9400FE98), UINT32_C(0xC8DEA3D7), UINT32_C(0x50E2EE83), + UINT32_C(0xD3930B3C), UINT32_C(0x3423F1F4), UINT32_C(0x8A2BCEAA), + UINT32_C(0x48F261C2), UINT32_C(0x086F92EB)}}, + {{UINT32_C(0x8203E535), UINT32_C(0xDA54C36C), UINT32_C(0xD59AF0DA), + UINT32_C(0x9C9EF006), UINT32_C(0xD912D1F7), UINT32_C(0x79CB51B9), + UINT32_C(0xF424ABF2), UINT32_C(0x9BDE1E92)}, + {UINT32_C(0x408425B9), UINT32_C(0x252014FA), UINT32_C(0x69D677F5), + UINT32_C(0xE2BD92B7), UINT32_C(0x399526D9), UINT32_C(0x55E8423D), + UINT32_C(0xAF0015C7), UINT32_C(0xF91FD1CF)}}, + {{UINT32_C(0x264593FA), UINT32_C(0x9DE9505F), UINT32_C(0x96E33B09), + UINT32_C(0x78132A36), UINT32_C(0x16F63FFA), UINT32_C(0xFE348628), + UINT32_C(0xA796D533), UINT32_C(0x6038E103)}, + {UINT32_C(0x4D96A7EE), UINT32_C(0xC813DC99), UINT32_C(0x6169424E), + UINT32_C(0x4FEBC0B1), UINT32_C(0xA40EFB63), UINT32_C(0x4B962AF4), + UINT32_C(0x094516B3), UINT32_C(0x52E0D46D)}}, + {{UINT32_C(0x4E84AB6D), UINT32_C(0xD3C495BB), UINT32_C(0xE0713C82), + UINT32_C(0x7A736E55), UINT32_C(0x6F4CC6FE), UINT32_C(0x9024A729), + UINT32_C(0x13AFC3C3), UINT32_C(0x958AC19B)}, + {UINT32_C(0xF8F6CD1C), UINT32_C(0x54895A5A), UINT32_C(0x5CD04824), + UINT32_C(0x102C29F3), UINT32_C(0xA29A46FD), UINT32_C(0xD9F6C2C3), + UINT32_C(0x4539FE06), UINT32_C(0x49A53D7D)}}, + {{UINT32_C(0x89D67F7F), UINT32_C(0x76ED4FCD), UINT32_C(0xBFA7390B), + UINT32_C(0xF558F995), UINT32_C(0x02CAD114), UINT32_C(0xD4F84FEC), + UINT32_C(0xD564379E), UINT32_C(0x95668D58)}, + {UINT32_C(0xDA52E321), UINT32_C(0x6EE347B2), UINT32_C(0xD7082BDB), + UINT32_C(0x1375F05B), UINT32_C(0x5506ADBA), UINT32_C(0xA7199D0B), + UINT32_C(0x1AD75B7E), UINT32_C(0x1F9E8D78)}}, + {{UINT32_C(0xC0EF5AC2), UINT32_C(0x722AEDC3), UINT32_C(0x1B4A13C4), + UINT32_C(0x1A79BBE9), UINT32_C(0xB4E5B4AC), UINT32_C(0xC91560C8), + UINT32_C(0x1998C957), UINT32_C(0xB0DC200C)}, + {UINT32_C(0x5A6B5ECD), UINT32_C(0xF7771794), UINT32_C(0xDE37586A), + UINT32_C(0x251720BA), UINT32_C(0xA9DC2FBD), UINT32_C(0x81E1CB1B), + UINT32_C(0xF282AB9C), UINT32_C(0xEDBA02AC)}}, + {{UINT32_C(0xA05E7F4B), UINT32_C(0x8C4949CB), UINT32_C(0xE2687A19), + UINT32_C(0xF8B4C0D2), UINT32_C(0xC3F11770), UINT32_C(0x3C83C92B), + UINT32_C(0x4F9EC1AA), UINT32_C(0x2E5564E6)}, + {UINT32_C(0xCA4CC477), UINT32_C(0x66DB0E44), UINT32_C(0x629BDB96), + UINT32_C(0x620E3FA9), UINT32_C(0x1358F998), UINT32_C(0x9596E1FD), + UINT32_C(0xCCEC2C26), UINT32_C(0xAA987302)}}, + {{UINT32_C(0xC7241FC0), UINT32_C(0x8B1CD761), UINT32_C(0xBC9601A1), + UINT32_C(0x53BD24E1), UINT32_C(0x144B11D2), UINT32_C(0xBC2E872D), + UINT32_C(0xAC76FE3B), UINT32_C(0x26CA8DE5)}, + {UINT32_C(0xAE6FA369), UINT32_C(0x44C5DCBD), UINT32_C(0x33B04317), + UINT32_C(0x1D0BE742), UINT32_C(0xA7AC77CB), UINT32_C(0x60301C5F), + UINT32_C(0xCA1DD56A), UINT32_C(0xA657D2DC)}}, + {{UINT32_C(0xDD208EA5), UINT32_C(0x73C8D8F9), UINT32_C(0x01618745), + UINT32_C(0x743E7489), UINT32_C(0x70EDDDD6), UINT32_C(0x72588160), + UINT32_C(0x8F05ABCE), UINT32_C(0x18B3A00C)}, + {UINT32_C(0xECFD9054), UINT32_C(0x7F4CE6B7), UINT32_C(0xA806F3C4), + UINT32_C(0xBB4373E8), UINT32_C(0xA45FA053), UINT32_C(0x90DDD252), + UINT32_C(0x85E689FE), UINT32_C(0x810954C5)}}, + {{UINT32_C(0xE6CF4CC2), UINT32_C(0xE1427B2F), UINT32_C(0xCB880C74), + UINT32_C(0x7E83DF80), UINT32_C(0x1701C0D5), UINT32_C(0x61172937), + UINT32_C(0xC74B3852), UINT32_C(0xD261D859)}, + {UINT32_C(0xD5E12E6F), UINT32_C(0x892F60D2), UINT32_C(0x89359CE6), + UINT32_C(0xEBB81149), UINT32_C(0x9797B2D1), UINT32_C(0x43179C13), + UINT32_C(0x30F6CA2F), UINT32_C(0xF23B6117)}}, + {{UINT32_C(0x1ACD789C), UINT32_C(0xFDCA182C), UINT32_C(0xC56C9A51), + UINT32_C(0x9715AD57), UINT32_C(0xC4B42FE8), UINT32_C(0xA42D8CE0), + UINT32_C(0x5AACCC6D), UINT32_C(0xB87D4638)}, + {UINT32_C(0x3ADC27FD), UINT32_C(0x82A846F4), UINT32_C(0x67437B33), + UINT32_C(0x7493C034), UINT32_C(0x20F23D3C), UINT32_C(0xF27F0FB9), + UINT32_C(0x772E22A8), UINT32_C(0xEBEBD682)}}, + {{UINT32_C(0x408F77DE), UINT32_C(0x1ECE3DB4), UINT32_C(0x44EEBCA7), + UINT32_C(0xBA056F8A), UINT32_C(0x651263E2), UINT32_C(0xA977CB6E), + UINT32_C(0x395C54A3), UINT32_C(0xE6CC43D7)}, + {UINT32_C(0x4ADFB5CB), UINT32_C(0x10572FAF), UINT32_C(0x2EB5E269), + UINT32_C(0x96B18CBC), UINT32_C(0xEA461B59), UINT32_C(0x2181A249), + UINT32_C(0x784E1003), UINT32_C(0xDA590102)}}, + }, + { + {{UINT32_C(0x72ED7345), UINT32_C(0xD53D5D04), UINT32_C(0x39515FF5), + UINT32_C(0xBCFF12D4), UINT32_C(0xB3B5828C), UINT32_C(0x7A4D9D08), + UINT32_C(0x1BAC7DEB), UINT32_C(0xF899A71B)}, + {UINT32_C(0xBA436C62), UINT32_C(0x6137EEF2), UINT32_C(0x5E7F89AB), + UINT32_C(0x0D85465E), UINT32_C(0xF6D34352), UINT32_C(0x1ED24E35), + UINT32_C(0xC1601124), UINT32_C(0x6737DBE3)}}, + {{UINT32_C(0x64727D73), UINT32_C(0x723B7C79), UINT32_C(0xB21A366A), + UINT32_C(0x273ACEBA), UINT32_C(0x50CD2CFB), UINT32_C(0x52BB4922), + UINT32_C(0x0B64B761), UINT32_C(0xA24B55FA)}, + {UINT32_C(0x266F7BB5), UINT32_C(0x4AED6807), UINT32_C(0xCF67241B), + UINT32_C(0x7E232C20), UINT32_C(0xB3B76CC0), UINT32_C(0x21FE3578), + UINT32_C(0x82EC9A9D), UINT32_C(0x3DF41195)}}, + {{UINT32_C(0xD7025992), UINT32_C(0x06908E0D), UINT32_C(0x2C613728), + UINT32_C(0x5A83405C), UINT32_C(0xC704B367), UINT32_C(0x30F4ABF4), + UINT32_C(0x79C4A4F5), UINT32_C(0x6070E003)}, + {UINT32_C(0xF02BA458), UINT32_C(0x126CE1F0), UINT32_C(0x5CB90F5F), + UINT32_C(0x4CD496DD), UINT32_C(0x6EE31CC4), UINT32_C(0xFB4884DC), + UINT32_C(0x185E0F36), UINT32_C(0x2DF0BFFB)}}, + {{UINT32_C(0x1235FF02), UINT32_C(0x84F73C28), UINT32_C(0x28E0D879), + UINT32_C(0x82AD64D4), UINT32_C(0x41FEB6FC), UINT32_C(0x0695CF54), + UINT32_C(0x01B30F63), UINT32_C(0x0D1B80F5)}, + {UINT32_C(0x6200C5FA), UINT32_C(0x14823EC4), UINT32_C(0x9489B1DB), + UINT32_C(0x55F3A7C7), UINT32_C(0xF32A660E), UINT32_C(0x26DC42CA), + UINT32_C(0x6B59093A), UINT32_C(0x9A8F9A71)}}, + {{UINT32_C(0xA7358CD9), UINT32_C(0x2A5E192A), UINT32_C(0x3920B3FB), + UINT32_C(0xE65C68FD), UINT32_C(0x7D733D8C), UINT32_C(0xCA019F56), + UINT32_C(0x1B1F3740), UINT32_C(0xEA4E5954)}, + {UINT32_C(0x3D2B3E78), UINT32_C(0xCC4019C2), UINT32_C(0x38246B34), + UINT32_C(0x5C016287), UINT32_C(0x3701A79C), UINT32_C(0x5A2E1C76), + UINT32_C(0x44E2E24E), UINT32_C(0x578D7C77)}}, + {{UINT32_C(0x5978E10C), UINT32_C(0x8399142C), UINT32_C(0x031F1DF4), + UINT32_C(0xCD7AE5E6), UINT32_C(0xAB4575BE), UINT32_C(0xBEA538DB), + UINT32_C(0xE11BFD96), UINT32_C(0x327A46CA)}, + {UINT32_C(0x366BF920), UINT32_C(0xA85F0725), UINT32_C(0x3832FDC4), + UINT32_C(0x42CB6DE9), UINT32_C(0xA50F7B4A), UINT32_C(0x54FDA13E), + UINT32_C(0x5B443C4D), UINT32_C(0x7DAD8BF5)}}, + {{UINT32_C(0x01571197), UINT32_C(0x9A509DA0), UINT32_C(0x6CDAB45B), + UINT32_C(0x8566B491), UINT32_C(0xDA6682D0), UINT32_C(0x761CD707), + UINT32_C(0xAD99DFF7), UINT32_C(0x02BE866C)}, + {UINT32_C(0x87328D26), UINT32_C(0xEFB393AC), UINT32_C(0x1BAE26CB), + UINT32_C(0x253C3F16), UINT32_C(0x0CAC62E9), UINT32_C(0xC2619E0A), + UINT32_C(0x95BE5A85), UINT32_C(0xC6F788C5)}}, + {{UINT32_C(0x1CE167B3), UINT32_C(0xAEF4DDEB), UINT32_C(0xC91926C1), + UINT32_C(0x43BB8C25), UINT32_C(0x785102C6), UINT32_C(0xCAFF0648), + UINT32_C(0x4EC7D940), UINT32_C(0xEAE000F9)}, + {UINT32_C(0xEE85E592), UINT32_C(0xD805C63C), UINT32_C(0x3CD2EBF6), + UINT32_C(0x20752D50), UINT32_C(0x2C0D121F), UINT32_C(0x5323BF05), + UINT32_C(0xAC16F19D), UINT32_C(0xAC71D5E4)}}, + {{UINT32_C(0xF005EE4D), UINT32_C(0x5E1389B6), UINT32_C(0x93E54158), + UINT32_C(0xFC3F344F), UINT32_C(0xE6B37488), UINT32_C(0x3B5E52C6), + UINT32_C(0x7FB8723C), UINT32_C(0xB3BC46C9)}, + {UINT32_C(0xE4AD666E), UINT32_C(0x4EF52C80), UINT32_C(0x5DE515BA), + UINT32_C(0x9676BD48), UINT32_C(0xE4051BB8), UINT32_C(0x15E09BCF), + UINT32_C(0xFB192FDD), UINT32_C(0xF493E1A8)}}, + {{UINT32_C(0x41510252), UINT32_C(0x0D826FEB), UINT32_C(0x7340E66B), + UINT32_C(0xCC030EB7), UINT32_C(0xD569D4A8), UINT32_C(0x1FC4FA66), + UINT32_C(0x137BA31E), UINT32_C(0x10FFC3E6)}, + {UINT32_C(0xEB54E5D9), UINT32_C(0xD1039C86), UINT32_C(0xFA21D262), + UINT32_C(0x29CB8CD8), UINT32_C(0xE4EA33CC), UINT32_C(0x3DEFC889), + UINT32_C(0xF71FFB3F), UINT32_C(0x0BF2C7B0)}}, + {{UINT32_C(0x3856B5F6), UINT32_C(0x0582D418), UINT32_C(0xE4A22D22), + UINT32_C(0x443C661A), UINT32_C(0x070E2575), UINT32_C(0x49662D3B), + UINT32_C(0xB3E9CB59), UINT32_C(0x74958067)}, + {UINT32_C(0x4BAA8436), UINT32_C(0x2CACF10A), UINT32_C(0x46E39579), + UINT32_C(0x0DCB4CDA), UINT32_C(0x56267016), UINT32_C(0x3C812B6B), + UINT32_C(0x96302E24), UINT32_C(0xE63279DC)}}, + {{UINT32_C(0x58EF5133), UINT32_C(0x5E168369), UINT32_C(0x61470D73), + UINT32_C(0x775F6E7E), UINT32_C(0x82AD34A0), UINT32_C(0x704D3828), + UINT32_C(0x975ADAC7), UINT32_C(0x93B38254)}, + {UINT32_C(0x00E04509), UINT32_C(0xED368C1A), UINT32_C(0x1775C0B9), + UINT32_C(0x9C761250), UINT32_C(0x79CA225E), UINT32_C(0xEDA3FA7A), + UINT32_C(0x571F0C77), UINT32_C(0xB4C5742A)}}, + {{UINT32_C(0xB4B43FE5), UINT32_C(0xECB9D3A3), UINT32_C(0xEC17F04E), + UINT32_C(0x5E1FB120), UINT32_C(0x50E18FD5), UINT32_C(0xE14CD21D), + UINT32_C(0xEFB7CBB0), UINT32_C(0x96D0E4D7)}, + {UINT32_C(0xE1F2F0DC), UINT32_C(0x6114F5E9), UINT32_C(0x1CB1664D), + UINT32_C(0x266DEECC), UINT32_C(0x53B6B3A5), UINT32_C(0x1D956E75), + UINT32_C(0x3FDDA52B), UINT32_C(0x5926066B)}}, + {{UINT32_C(0x4936887C), UINT32_C(0x7AF9DCE6), UINT32_C(0xBC9422BC), + UINT32_C(0x89F32762), UINT32_C(0xCBC2FEB9), UINT32_C(0x0B6384DF), + UINT32_C(0x3D364641), UINT32_C(0x077AD3F2)}, + {UINT32_C(0xB087C470), UINT32_C(0x395E829A), UINT32_C(0x0A57B70C), + UINT32_C(0xF11F265F), UINT32_C(0xAF1E1E65), UINT32_C(0x98ABE3C3), + UINT32_C(0x7EF88793), UINT32_C(0x992AC4ED)}}, + {{UINT32_C(0xD22E0631), UINT32_C(0x3C996D0E), UINT32_C(0x67C90FB2), + UINT32_C(0x4A33C99C), UINT32_C(0x69FB16D8), UINT32_C(0xD237AA0F), + UINT32_C(0x05B2F5B9), UINT32_C(0x50E5129E)}, + {UINT32_C(0x87D3A5E8), UINT32_C(0x92365378), UINT32_C(0xC2FFA5DE), + UINT32_C(0x5B8A3476), UINT32_C(0x6E950529), UINT32_C(0xDAD4E0FD), + UINT32_C(0xCE23F3FA), UINT32_C(0xDEC58E35)}}, + {{UINT32_C(0xA5D6631E), UINT32_C(0x3B8715F1), UINT32_C(0x50E938BD), + UINT32_C(0x0625981E), UINT32_C(0x3B117BDD), UINT32_C(0xFC5973DB), + UINT32_C(0x4D1207FB), UINT32_C(0x452BF05F)}, + {UINT32_C(0x904E00BF), UINT32_C(0x6264C5FB), UINT32_C(0x87BD746F), + UINT32_C(0x15BE791B), UINT32_C(0xB71D04AE), UINT32_C(0xBC2E344D), + UINT32_C(0xE4452259), UINT32_C(0x48EC77B6)}}, + }, + { + {{UINT32_C(0x22376827), UINT32_C(0xB097726A), UINT32_C(0xAF1BA09A), + UINT32_C(0xE6B946D4), UINT32_C(0x04CC2DAD), UINT32_C(0xC023D286), + UINT32_C(0x7912926A), UINT32_C(0x4991DDAE)}, + {UINT32_C(0xC7F90D00), UINT32_C(0x564DB45E), UINT32_C(0x720DDC70), + UINT32_C(0xF810ACCA), UINT32_C(0xB4F4F9E3), UINT32_C(0xFF8EF73C), + UINT32_C(0xA6474B56), UINT32_C(0x4E72AB52)}}, + {{UINT32_C(0x722E27CA), UINT32_C(0x1AC9EDB0), UINT32_C(0x2A77E573), + UINT32_C(0x9B55C43E), UINT32_C(0x33CF218A), UINT32_C(0xE68AD58B), + UINT32_C(0xFF2682C9), UINT32_C(0xB7810094)}, + {UINT32_C(0x108DBA84), UINT32_C(0x64E8CF9C), UINT32_C(0x554F1C61), + UINT32_C(0x7904CCE9), UINT32_C(0xD5494562), UINT32_C(0x433BA21C), + UINT32_C(0xE605F805), UINT32_C(0x0368F033)}}, + {{UINT32_C(0x7AA43A10), UINT32_C(0x93A9416E), UINT32_C(0x73CEDB71), + UINT32_C(0x624E8013), UINT32_C(0x2BA7B976), UINT32_C(0x48A18759), + UINT32_C(0x4BF11460), UINT32_C(0x9B0BEAF2)}, + {UINT32_C(0x862A583D), UINT32_C(0xEEFEC18B), UINT32_C(0x88CDF386), + UINT32_C(0xACB601A2), UINT32_C(0x129E050D), UINT32_C(0xBBA8D65B), + UINT32_C(0x7EC732D0), UINT32_C(0xB6AB2118)}}, + {{UINT32_C(0x2C35F231), UINT32_C(0x3CD9CF9C), UINT32_C(0xAAD0B513), + UINT32_C(0x8D89595B), UINT32_C(0xEE1574EC), UINT32_C(0x90A4E9A8), + UINT32_C(0xC23311C0), UINT32_C(0x84DC9A3F)}, + {UINT32_C(0x48599220), UINT32_C(0x5C284CAE), UINT32_C(0x824625B1), + UINT32_C(0x17479E47), UINT32_C(0xE79C5F1B), UINT32_C(0x46A41EF7), + UINT32_C(0x195F87CB), UINT32_C(0x8534BCE9)}}, + {{UINT32_C(0x25805A67), UINT32_C(0x9FC7CE22), UINT32_C(0xC92A9434), + UINT32_C(0x0F13CEA9), UINT32_C(0xEE6EFE7A), UINT32_C(0xF40822FB), + UINT32_C(0x6887531C), UINT32_C(0x07BC438F)}, + {UINT32_C(0x69FA017E), UINT32_C(0x0F6CCD49), UINT32_C(0xC28AEE92), + UINT32_C(0x8E979E5A), UINT32_C(0x7CF48445), UINT32_C(0x36D6B03D), + UINT32_C(0xAE0B26E2), UINT32_C(0xCBA8C9D7)}}, + {{UINT32_C(0x71FFD978), UINT32_C(0x4E05D13B), UINT32_C(0xEAE6A8A7), + UINT32_C(0x67220F5F), UINT32_C(0x7FE498A9), UINT32_C(0x579EDFE4), + UINT32_C(0xE866D9A1), UINT32_C(0x13469C4B)}, + {UINT32_C(0xCEC8133C), UINT32_C(0x87C7ACA2), UINT32_C(0x082DE8D3), + UINT32_C(0x0A0EDF37), UINT32_C(0x1251E1CE), UINT32_C(0xD1E8B153), + UINT32_C(0xFEFD964F), UINT32_C(0x9FCFF173)}}, + {{UINT32_C(0xF94F8735), UINT32_C(0x938E3207), UINT32_C(0x678F448C), + UINT32_C(0x1B865BE5), UINT32_C(0x1893BE5E), UINT32_C(0x831A5FE8), + UINT32_C(0x88A6330F), UINT32_C(0xE1DC8555)}, + {UINT32_C(0x806FD401), UINT32_C(0x9797B27B), UINT32_C(0x3FF777E3), + UINT32_C(0x894A619D), UINT32_C(0xFDB0CBBD), UINT32_C(0x8ADEF55B), + UINT32_C(0x2424DEE8), UINT32_C(0xE8253728)}}, + {{UINT32_C(0x3AD37F5D), UINT32_C(0x045B521B), UINT32_C(0x7941BC49), + UINT32_C(0x1E9B8951), UINT32_C(0xDE1940C9), UINT32_C(0xD7003802), + UINT32_C(0xBB046081), UINT32_C(0x31E1701E)}, + {UINT32_C(0x37108972), UINT32_C(0x44A1E144), UINT32_C(0x82ECAE12), + UINT32_C(0x7853DE83), UINT32_C(0xE24FB978), UINT32_C(0x1785856C), + UINT32_C(0xC94BBE6F), UINT32_C(0x97C51F6E)}}, + {{UINT32_C(0x8562F55C), UINT32_C(0x7E7413C3), UINT32_C(0x08901C7A), + UINT32_C(0x43306DDD), UINT32_C(0x04F2B431), UINT32_C(0xF1234C31), + UINT32_C(0x8D2736E0), UINT32_C(0x18DFEC26)}, + {UINT32_C(0x1B7FE16D), UINT32_C(0x7030FB80), UINT32_C(0xBFC4FEFE), + UINT32_C(0x302C1CD9), UINT32_C(0xFFBF2ABE), UINT32_C(0xF2023AE2), + UINT32_C(0xAA8C9C85), UINT32_C(0x66FF8497)}}, + {{UINT32_C(0x97DB392F), UINT32_C(0xACA99522), UINT32_C(0x2368EAA0), + UINT32_C(0xC7000A60), UINT32_C(0x67140277), UINT32_C(0x41E8E4F1), + UINT32_C(0x566C7D38), UINT32_C(0x98A6EBCA)}, + {UINT32_C(0x0DED8A0A), UINT32_C(0x5B04290E), UINT32_C(0x0E100942), + UINT32_C(0xD38222E9), UINT32_C(0x9ED5B686), UINT32_C(0x9D107080), + UINT32_C(0x58F2D502), UINT32_C(0xFBBD8A0E)}}, + {{UINT32_C(0xBE63A8D7), UINT32_C(0xDEDFB3CD), UINT32_C(0x5C46E440), + UINT32_C(0x0C3E84F6), UINT32_C(0xEA88946E), UINT32_C(0x58560A19), + UINT32_C(0x126D33D7), UINT32_C(0xE5455AF4)}, + {UINT32_C(0x306B77E5), UINT32_C(0xD12198D5), UINT32_C(0x79412EC2), + UINT32_C(0xE31EB152), UINT32_C(0xE5EE1BD9), UINT32_C(0x3FCC853B), + UINT32_C(0xB238C1AE), UINT32_C(0x692465D2)}}, + {{UINT32_C(0x29B6AB66), UINT32_C(0x052C6394), UINT32_C(0xC2E958AA), + UINT32_C(0x1CE2B5AD), UINT32_C(0x8B5B9D2C), UINT32_C(0x52191A42), + UINT32_C(0x73DA0387), UINT32_C(0x694AD264)}, + {UINT32_C(0xE23BBD38), UINT32_C(0x50BF347A), UINT32_C(0x0E0A8426), + UINT32_C(0x539C49D9), UINT32_C(0x2CF0816E), UINT32_C(0x9963D077), + UINT32_C(0x82853FB5), UINT32_C(0xAA34BAE7)}}, + {{UINT32_C(0xFADCA93A), UINT32_C(0xC1611F9C), UINT32_C(0x493ED44A), + UINT32_C(0x9EA92C72), UINT32_C(0x289A5402), UINT32_C(0x35EB5861), + UINT32_C(0xE3F5F444), UINT32_C(0x1DA553EB)}, + {UINT32_C(0xD9752CE7), UINT32_C(0x1E9CEAD9), UINT32_C(0x38A940D5), + UINT32_C(0xF2772011), UINT32_C(0xA63C86EA), UINT32_C(0xE3A0D936), + UINT32_C(0x026B28F8), UINT32_C(0x6327A74A)}}, + {{UINT32_C(0x5F27751D), UINT32_C(0x82E76F01), UINT32_C(0x39643F2A), + UINT32_C(0x1E8AFC22), UINT32_C(0x279BF43A), UINT32_C(0x74207427), + UINT32_C(0x967D9933), UINT32_C(0x74A3AA86)}, + {UINT32_C(0x8AF03E8D), UINT32_C(0xE9A51180), UINT32_C(0xC4117153), + UINT32_C(0x11A3459F), UINT32_C(0xF7307F0A), UINT32_C(0x78A2C363), + UINT32_C(0x3E1DBC71), UINT32_C(0x53F482FC)}}, + {{UINT32_C(0xED63E873), UINT32_C(0x1BED8CFB), UINT32_C(0xB075EE92), + UINT32_C(0xF951BE41), UINT32_C(0xF3D7483E), UINT32_C(0x01E2E2FD), + UINT32_C(0x92CCEEDB), UINT32_C(0xA0045858)}, + {UINT32_C(0xD7650268), UINT32_C(0xBE085F4B), UINT32_C(0x06F37445), + UINT32_C(0x9D9C949C), UINT32_C(0xE6638C85), UINT32_C(0x9285C316), + UINT32_C(0xFEE72012), UINT32_C(0x9DA46B59)}}, + {{UINT32_C(0xC7953D7A), UINT32_C(0x3C10FDEF), UINT32_C(0x3156B224), + UINT32_C(0x229FEDAA), UINT32_C(0x8FD2A3BD), UINT32_C(0x3DE7DC2B), + UINT32_C(0x4C395FD0), UINT32_C(0xB8DFFAA3)}, + {UINT32_C(0x43A96164), UINT32_C(0x74F8C4FE), UINT32_C(0x3C3A22F7), + UINT32_C(0xEB08C13E), UINT32_C(0x17E9ECD5), UINT32_C(0x3A41F1BA), + UINT32_C(0x9A56B9F0), UINT32_C(0x98FC0E6E)}}, + }, + { + {{UINT32_C(0xA31D9E68), UINT32_C(0xB4CBE1F9), UINT32_C(0x81A39A40), + UINT32_C(0x753E44AD), UINT32_C(0x955BBF75), UINT32_C(0x24942A08), + UINT32_C(0x5F040B8B), UINT32_C(0x237E206F)}, + {UINT32_C(0x8A3E0D60), UINT32_C(0x463C8A16), UINT32_C(0xB66B0F39), + UINT32_C(0x51296C3F), UINT32_C(0x76CA47B8), UINT32_C(0x1436C2E8), + UINT32_C(0x4267C78E), UINT32_C(0x67B2DB2A)}}, + {{UINT32_C(0x68B5D6E5), UINT32_C(0x82DC87C9), UINT32_C(0xC0D5B00E), + UINT32_C(0x767AD90F), UINT32_C(0xF430D85F), UINT32_C(0xA22FC4A2), + UINT32_C(0x44EDDDED), UINT32_C(0xF767AE2A)}, + {UINT32_C(0x6AA4AE2C), UINT32_C(0x6534930E), UINT32_C(0x83835E85), + UINT32_C(0x0FD06A4F), UINT32_C(0x5FC5DCBD), UINT32_C(0xD45FA9D4), + UINT32_C(0x52E5003D), UINT32_C(0x180B43DC)}}, + {{UINT32_C(0x147E2901), UINT32_C(0x8AAA5564), UINT32_C(0xAC0BA42F), + UINT32_C(0xF35D4745), UINT32_C(0x84D90619), UINT32_C(0x53695997), + UINT32_C(0x390DA26A), UINT32_C(0xD47482A0)}, + {UINT32_C(0xA551B4FE), UINT32_C(0xCE0C2719), UINT32_C(0x03889A62), + UINT32_C(0xE7A7ED50), UINT32_C(0xE6F268D3), UINT32_C(0x28E6B681), + UINT32_C(0x25AF46D8), UINT32_C(0x75843CC2)}}, + {{UINT32_C(0x2CF3F659), UINT32_C(0xC415DB9E), UINT32_C(0x8992A840), + UINT32_C(0xB199014D), UINT32_C(0xF4B0B18A), UINT32_C(0xC0000D26), + UINT32_C(0x66E954D3), UINT32_C(0xC964B8C9)}, + {UINT32_C(0xEC7DA8F2), UINT32_C(0x2794CB2C), UINT32_C(0xDC3377DC), + UINT32_C(0xCB22251C), UINT32_C(0x6FF18F63), UINT32_C(0xF82A51C4), + UINT32_C(0x9020BE85), UINT32_C(0x57B660EC)}}, + {{UINT32_C(0xA4BBE4B7), UINT32_C(0xD7731817), UINT32_C(0x5F40B3ED), + UINT32_C(0x84EE0E6A), UINT32_C(0x8FCADFA7), UINT32_C(0xB70FBA5F), + UINT32_C(0xE7152792), UINT32_C(0x054709DC)}, + {UINT32_C(0xA1228915), UINT32_C(0x3BB24B69), UINT32_C(0xFDCDFBA4), + UINT32_C(0xCC7A1EB4), UINT32_C(0x8F210079), UINT32_C(0x50E63E74), + UINT32_C(0xC1E2FB3E), UINT32_C(0xB812E59D)}}, + {{UINT32_C(0x29F88B93), UINT32_C(0x86692738), UINT32_C(0xA7C0AE0C), + UINT32_C(0x0F7359BB), UINT32_C(0x9184E302), UINT32_C(0x39F73CAA), + UINT32_C(0x50E49E86), UINT32_C(0x22788554)}, + {UINT32_C(0xC874D7E0), UINT32_C(0xDBD59CDE), UINT32_C(0xD420FDDE), + UINT32_C(0xAF483075), UINT32_C(0x97C0BA77), UINT32_C(0x8950699D), + UINT32_C(0x7E19757F), UINT32_C(0x3590EB11)}}, + {{UINT32_C(0x3B6724E1), UINT32_C(0x54D9E0EA), UINT32_C(0xF13C9B20), + UINT32_C(0xBC36BF06), UINT32_C(0x2605D1E7), UINT32_C(0xF1E6D470), + UINT32_C(0x7DDFA99A), UINT32_C(0x9844B73D)}, + {UINT32_C(0x52ED79D6), UINT32_C(0xB8B997E4), UINT32_C(0x7A85F0E9), + UINT32_C(0xF89A4A37), UINT32_C(0x15C0A1A6), UINT32_C(0x473EA7BB), + UINT32_C(0x9A03C92A), UINT32_C(0xD0DC0464)}}, + {{UINT32_C(0xC57210CD), UINT32_C(0x2872A5B4), UINT32_C(0xC752F0A4), + UINT32_C(0xB9F47934), UINT32_C(0xC8C6DA09), UINT32_C(0x15706795), + UINT32_C(0x4C286C02), UINT32_C(0x6164580B)}, + {UINT32_C(0x2C860B9F), UINT32_C(0x3A4B59E0), UINT32_C(0x199571DC), + UINT32_C(0x19F4D685), UINT32_C(0xBECF297B), UINT32_C(0x29AA5C58), + UINT32_C(0xB7768952), UINT32_C(0x7A046A57)}}, + {{UINT32_C(0xA007B7F4), UINT32_C(0xC53EC390), UINT32_C(0x1AECA631), + UINT32_C(0xA521B1B6), UINT32_C(0xEDA4C81E), UINT32_C(0xA1D64AF8), + UINT32_C(0xFD63BBF2), UINT32_C(0xA2D678FE)}, + {UINT32_C(0x9A7FB89D), UINT32_C(0xB96C2C12), UINT32_C(0xDE0BB7DE), + UINT32_C(0x083BAE5C), UINT32_C(0xABB2BBE3), UINT32_C(0x8A97D0C4), + UINT32_C(0xF788A09B), UINT32_C(0x83C6D29F)}}, + {{UINT32_C(0x4C26B7FD), UINT32_C(0x7E923C15), UINT32_C(0x18E96B8F), + UINT32_C(0x6AE7AD03), UINT32_C(0x54358A27), UINT32_C(0x5B0B77BF), + UINT32_C(0x33696A6A), UINT32_C(0xFA26D2FA)}, + {UINT32_C(0x37822B46), UINT32_C(0xA6CC36EF), UINT32_C(0x86D9CA8D), + UINT32_C(0xFEA25976), UINT32_C(0x5BC3F869), UINT32_C(0x966CB42C), + UINT32_C(0xF4C15C52), UINT32_C(0x33E40A72)}}, + {{UINT32_C(0xABA41F41), UINT32_C(0x614DFC5F), UINT32_C(0xD1BDD857), + UINT32_C(0xCAA473F2), UINT32_C(0x5C4419B4), UINT32_C(0x5A0F506A), + UINT32_C(0x285953D1), UINT32_C(0x40545B7D)}, + {UINT32_C(0xF5822883), UINT32_C(0x453857C5), UINT32_C(0xD32772AB), + UINT32_C(0xA0E5764E), UINT32_C(0x71233025), UINT32_C(0xE8CE67A2), + UINT32_C(0x48078BCE), UINT32_C(0x77B626C6)}}, + {{UINT32_C(0xBF6BA9E8), UINT32_C(0xA58D1A72), UINT32_C(0xCDEADBC2), + UINT32_C(0xDBCA7B89), UINT32_C(0xC2CC421D), UINT32_C(0xFA0EB696), + UINT32_C(0x50296C01), UINT32_C(0xA07BA9EA)}, + {UINT32_C(0x3B26B9E9), UINT32_C(0x89FEFCDE), UINT32_C(0xFA959E64), + UINT32_C(0x52699A3D), UINT32_C(0x1B0CC9FC), UINT32_C(0x3C7F218F), + UINT32_C(0xFA91A2D1), UINT32_C(0x36FCCCF4)}}, + {{UINT32_C(0x7F74F18F), UINT32_C(0x55E430C0), UINT32_C(0x46F7CDD6), + UINT32_C(0x6E30808F), UINT32_C(0xDB12613F), UINT32_C(0xA324ABDA), + UINT32_C(0xD2C95B5D), UINT32_C(0xF3F24158)}, + {UINT32_C(0xB4FD892F), UINT32_C(0xF8669E90), UINT32_C(0x2BB07B3E), + UINT32_C(0xDA7F5086), UINT32_C(0x328CA4F3), UINT32_C(0x9F1714B6), + UINT32_C(0xDCE28C82), UINT32_C(0x577C9BD9)}}, + {{UINT32_C(0x3CE0034B), UINT32_C(0x71D47A7D), UINT32_C(0xBF1F479E), + UINT32_C(0xE3151BB5), UINT32_C(0x796951A7), UINT32_C(0xA8560D27), + UINT32_C(0x9D0A0A46), UINT32_C(0x66B47418)}, + {UINT32_C(0xBABCCB3A), UINT32_C(0x9B92865B), UINT32_C(0x15060BD8), + UINT32_C(0x7C371945), UINT32_C(0x915FD78C), UINT32_C(0x977626AF), + UINT32_C(0x6E13CFB7), UINT32_C(0xEA45CB83)}}, + {{UINT32_C(0xC63D691D), UINT32_C(0x862B5471), UINT32_C(0x1AA121C8), + UINT32_C(0x799C141E), UINT32_C(0x591CBDA1), UINT32_C(0xC1D8C23B), + UINT32_C(0xFC7D54B4), UINT32_C(0x38EC077B)}, + {UINT32_C(0xE2EE2CD6), UINT32_C(0xC6771DBB), UINT32_C(0x1EB976D6), + UINT32_C(0x499B5DCB), UINT32_C(0x528DCC06), UINT32_C(0x73224683), + UINT32_C(0xFAD4626B), UINT32_C(0x66FA72A3)}}, + {{UINT32_C(0x4AA8EFCF), UINT32_C(0x46D5E211), UINT32_C(0x217E2CAE), + UINT32_C(0x4687605E), UINT32_C(0x20387543), UINT32_C(0xFAE20BA7), + UINT32_C(0x9B0CA212), UINT32_C(0xFA9BA7E5)}, + {UINT32_C(0xDF662D3D), UINT32_C(0x41384EB3), UINT32_C(0x978AB224), + UINT32_C(0x0604531C), UINT32_C(0x4D8171BA), UINT32_C(0x00118E0B), + UINT32_C(0x8D58272A), UINT32_C(0xB12F7EAE)}}, + }, + { + {{UINT32_C(0x40C47099), UINT32_C(0x51950CBB), UINT32_C(0x0A9B4A87), + UINT32_C(0x90AD3D8A), UINT32_C(0xAE1EB361), UINT32_C(0x544C3E23), + UINT32_C(0xA18CE64F), UINT32_C(0x1269B5AF)}, + {UINT32_C(0xDA9AC0AF), UINT32_C(0x584BED44), UINT32_C(0x3D717C65), + UINT32_C(0xCE3BEEE9), UINT32_C(0xF1A3D771), UINT32_C(0x63F33D45), + UINT32_C(0x6BAF45DC), UINT32_C(0x79542C04)}}, + {{UINT32_C(0x382FB0B0), UINT32_C(0x48B6FEAC), UINT32_C(0x2CBB9B65), + UINT32_C(0x41EC4814), UINT32_C(0x3EF55415), UINT32_C(0x9788C2DC), + UINT32_C(0x7765B527), UINT32_C(0x39839E63)}, + {UINT32_C(0xC7A481DE), UINT32_C(0xA3EEBF02), UINT32_C(0x0F4533CD), + UINT32_C(0x24B2923B), UINT32_C(0x734D205B), UINT32_C(0xCADE127D), + UINT32_C(0x3A82BEAD), UINT32_C(0xB9E27378)}}, + {{UINT32_C(0x211F2509), UINT32_C(0xA117AC22), UINT32_C(0x7E6A8CC6), + UINT32_C(0x2F41B55F), UINT32_C(0x4EA371D8), UINT32_C(0x5ECCEB27), + UINT32_C(0xD483305C), UINT32_C(0x7189FA01)}, + {UINT32_C(0x88E14674), UINT32_C(0x9CEBFCC3), UINT32_C(0x6C1620FB), + UINT32_C(0xFDFD5A50), UINT32_C(0x2E2975CF), UINT32_C(0xDDFB0F80), + UINT32_C(0xA9A902D5), UINT32_C(0xC997846E)}}, + {{UINT32_C(0x68DD3194), UINT32_C(0x7EBA53EB), UINT32_C(0x746F8AF2), + UINT32_C(0x905AAB30), UINT32_C(0x9705D86E), UINT32_C(0x995618F9), + UINT32_C(0xDCBA13D1), UINT32_C(0x7110614D)}, + {UINT32_C(0xC53F4FED), UINT32_C(0xB09B660F), UINT32_C(0xF13C318F), + UINT32_C(0xF51C1985), UINT32_C(0x7C86DF88), UINT32_C(0x122B674C), + UINT32_C(0x2BCF8EC5), UINT32_C(0x8FB7A0A4)}}, + {{UINT32_C(0x535E7777), UINT32_C(0x833C2AD7), UINT32_C(0xCECE3D05), + UINT32_C(0xC28AE919), UINT32_C(0x3A3EF6BD), UINT32_C(0xBABCD389), + UINT32_C(0xA5DFB028), UINT32_C(0x865BFF3B)}, + {UINT32_C(0x37685655), UINT32_C(0xA3C2AE84), UINT32_C(0x9163CA7B), + UINT32_C(0xE06CAB4A), UINT32_C(0x6EBB4335), UINT32_C(0xE846C125), + UINT32_C(0x6A728728), UINT32_C(0x2198F30B)}}, + {{UINT32_C(0x6C268178), UINT32_C(0x27A81F1F), UINT32_C(0x49EC264D), + UINT32_C(0x467A3764), UINT32_C(0xB12A182B), UINT32_C(0x9733CBBF), + UINT32_C(0xFDD1455E), UINT32_C(0xA7E632C8)}, + {UINT32_C(0x6A61C342), UINT32_C(0xE8463C5D), UINT32_C(0xDF19ACE7), + UINT32_C(0xD75ADB80), UINT32_C(0x54134C15), UINT32_C(0x90D581FC), + UINT32_C(0x478BFC4C), UINT32_C(0x42D47645)}}, + {{UINT32_C(0x736BFD9D), UINT32_C(0x528E2979), UINT32_C(0xBD43B9A0), + UINT32_C(0x2E2B3691), UINT32_C(0x20C774FB), UINT32_C(0x9AF895C2), + UINT32_C(0x6D7E424A), UINT32_C(0x076B26A1)}, + {UINT32_C(0xAAD6D339), UINT32_C(0xEBF7C6C5), UINT32_C(0xDBB7E80C), + UINT32_C(0x0B0D2C07), UINT32_C(0xC4AF6E33), UINT32_C(0x617D43A5), + UINT32_C(0xAF18F263), UINT32_C(0x61C4DE18)}}, + {{UINT32_C(0xBF11E94C), UINT32_C(0x68FBBED2), UINT32_C(0x2FB4B105), + UINT32_C(0x5D9F55A4), UINT32_C(0xA30EEF14), UINT32_C(0xD61E63C5), + UINT32_C(0xEDC00DF3), UINT32_C(0x8E1205AC)}, + {UINT32_C(0xDC17A985), UINT32_C(0x161BD942), UINT32_C(0x8A9CF54F), + UINT32_C(0x2424DEF1), UINT32_C(0xC4E33EF7), UINT32_C(0xE43DB8FF), + UINT32_C(0xB4AC188F), UINT32_C(0xD459F65D)}}, + {{UINT32_C(0x135AC7BD), UINT32_C(0xF09C734A), UINT32_C(0xA6C25AC0), + UINT32_C(0x7483609C), UINT32_C(0x8B4057D2), UINT32_C(0xE679619E), + UINT32_C(0x512DBBA4), UINT32_C(0x9ED96BDC)}, + {UINT32_C(0xB17642C1), UINT32_C(0xB98AC745), UINT32_C(0x6B062307), + UINT32_C(0x29ACACE3), UINT32_C(0x7D8F95F0), UINT32_C(0x34D7B3F2), + UINT32_C(0xA625176B), UINT32_C(0x5154A2E6)}}, + {{UINT32_C(0x7B63E1A5), UINT32_C(0xED31862F), UINT32_C(0x17A13E12), + UINT32_C(0xE6A86F3B), UINT32_C(0x5B609CE8), UINT32_C(0x4F81B920), + UINT32_C(0xCE25F81C), UINT32_C(0x0A45CFA8)}, + {UINT32_C(0xA872E892), UINT32_C(0x4AA3BB5B), UINT32_C(0xA4750ABE), + UINT32_C(0xC6020564), UINT32_C(0xE2244773), UINT32_C(0x61DE3D3F), + UINT32_C(0x10CA3FA2), UINT32_C(0x9CC3D627)}}, + {{UINT32_C(0x99E9994A), UINT32_C(0x819A3BC7), UINT32_C(0xC61C8B71), + UINT32_C(0x0F79A8D1), UINT32_C(0x935751E9), UINT32_C(0x77A7038D), + UINT32_C(0x42FC0D27), UINT32_C(0xF5DDC5CD)}, + {UINT32_C(0x2B2BB23B), UINT32_C(0xA8771B82), UINT32_C(0x2286F0F7), + UINT32_C(0x6E85221F), UINT32_C(0xF1D1D3DD), UINT32_C(0xF009DFBD), + UINT32_C(0xC9021146), UINT32_C(0xFF586AD1)}}, + {{UINT32_C(0x5949DFCB), UINT32_C(0xDD0D52B3), UINT32_C(0x130072AF), + UINT32_C(0x81F38318), UINT32_C(0xB3B4C1CA), UINT32_C(0x8822ED39), + UINT32_C(0xA66F4434), UINT32_C(0x211ED088)}, + {UINT32_C(0xC20687D2), UINT32_C(0x27BE39A3), UINT32_C(0xAE0945DA), + UINT32_C(0xBB4F2228), UINT32_C(0x512CE23F), UINT32_C(0x3A50E01C), + UINT32_C(0x8C4FF67E), UINT32_C(0x55D9A4D8)}}, + {{UINT32_C(0xDD97F076), UINT32_C(0x04E8FBF8), UINT32_C(0x483B4FD9), + UINT32_C(0x8D419976), UINT32_C(0x9CC344BA), UINT32_C(0x364DAF96), + UINT32_C(0x4D0BAB91), UINT32_C(0xACB89D4B)}, + {UINT32_C(0x28903B31), UINT32_C(0xB25952E5), UINT32_C(0xACEA03D9), + UINT32_C(0xC4812DFA), UINT32_C(0x7F05DD9F), UINT32_C(0x18A72A77), + UINT32_C(0x3EB2478B), UINT32_C(0x0BB58AAF)}}, + {{UINT32_C(0x5E39F117), UINT32_C(0xDC378421), UINT32_C(0x639CEF28), + UINT32_C(0xD5698D4A), UINT32_C(0xE4D1143F), UINT32_C(0x4E870B7B), + UINT32_C(0xC98A9676), UINT32_C(0x70F9C856)}, + {UINT32_C(0x7A56D720), UINT32_C(0x6BF17724), UINT32_C(0x0E4247D5), + UINT32_C(0x4F32D20F), UINT32_C(0x1DC73435), UINT32_C(0xCDDF6CAF), + UINT32_C(0x5F927ABD), UINT32_C(0x8876CEB8)}}, + {{UINT32_C(0xD57A7EE3), UINT32_C(0xF76EA7B1), UINT32_C(0x77880D2C), + UINT32_C(0x99AA11D0), UINT32_C(0x5CB4CECF), UINT32_C(0xA752265D), + UINT32_C(0xBAD097F5), UINT32_C(0x1C77BA6C)}, + {UINT32_C(0x371DA1DE), UINT32_C(0x8464C1B5), UINT32_C(0xAAEFE6D8), + UINT32_C(0x47092846), UINT32_C(0xE05B696C), UINT32_C(0x26C4A50E), + UINT32_C(0xAE49A9D6), UINT32_C(0xDB16A174)}}, + {{UINT32_C(0xD7C4EA8C), UINT32_C(0x0AED484F), UINT32_C(0xDFA66305), + UINT32_C(0x60B30298), UINT32_C(0x9B478201), UINT32_C(0x1A03DFD0), + UINT32_C(0x21FE2588), UINT32_C(0xE7F87BC9)}, + {UINT32_C(0x87150A21), UINT32_C(0xC08F648E), UINT32_C(0x652D91F8), + UINT32_C(0x4C1ED208), UINT32_C(0x4276A7F6), UINT32_C(0xBFBAF51F), + UINT32_C(0xCF2D124F), UINT32_C(0x8C66D0FF)}}, + }, + { + {{UINT32_C(0x8F8CFAC9), UINT32_C(0x8B651CE5), UINT32_C(0x81BEDA93), + UINT32_C(0xE7688F88), UINT32_C(0x0D656E1E), UINT32_C(0xEF334FF5), + UINT32_C(0x5EC25F80), UINT32_C(0xA374D8D8)}, + {UINT32_C(0x79C03819), UINT32_C(0x9E13EAE3), UINT32_C(0x8D4DAB3C), + UINT32_C(0xAF5831C1), UINT32_C(0xF6E90C26), UINT32_C(0x88DEB51D), + UINT32_C(0x823F5310), UINT32_C(0x87A61F17)}}, + {{UINT32_C(0x97239C58), UINT32_C(0x04262364), UINT32_C(0x9181765B), + UINT32_C(0x124DB7C0), UINT32_C(0x8BDC8297), UINT32_C(0xA7B5D21A), + UINT32_C(0x684F23C3), UINT32_C(0x1998F669)}, + {UINT32_C(0x39FD52B8), UINT32_C(0xF27A6063), UINT32_C(0xF77C78A1), + UINT32_C(0xB234C77A), UINT32_C(0x78F05350), UINT32_C(0x768C0FB0), + UINT32_C(0x1B5E5D18), UINT32_C(0xFDD39180)}}, + {{UINT32_C(0x951AB7AD), UINT32_C(0xF15ADFE1), UINT32_C(0x91F8BE57), + UINT32_C(0xD760A270), UINT32_C(0xE2DA421E), UINT32_C(0x974F7ECB), + UINT32_C(0x83E7BBE0), UINT32_C(0x6B41A298)}, + {UINT32_C(0x0467E682), UINT32_C(0xAAF40BB4), UINT32_C(0x1BF34E2D), + UINT32_C(0x735ED4B6), UINT32_C(0x40689777), UINT32_C(0x8D7CEC0F), + UINT32_C(0x9A20CFB3), UINT32_C(0xF8EF58A5)}}, + {{UINT32_C(0x3A134039), UINT32_C(0x33BE6909), UINT32_C(0xF04DD006), + UINT32_C(0x84255B1D), UINT32_C(0xFB23FDE9), UINT32_C(0xBE2DA53D), + UINT32_C(0x1D7272B0), UINT32_C(0xAA922762)}, + {UINT32_C(0x9D836751), UINT32_C(0x4512E3BA), UINT32_C(0xEA4D6DAD), + UINT32_C(0xB204522C), UINT32_C(0xAA016939), UINT32_C(0x87DF6050), + UINT32_C(0x2F7D3B93), UINT32_C(0xB9007221)}}, + {{UINT32_C(0x35485CDF), UINT32_C(0x25F2A393), UINT32_C(0x3DD4547E), + UINT32_C(0xBADD4A89), UINT32_C(0x2F69714D), UINT32_C(0xA1E69BDA), + UINT32_C(0x8624204F), UINT32_C(0xE7803AA4)}, + {UINT32_C(0x19344722), UINT32_C(0x187016EF), UINT32_C(0xA10D5D54), + UINT32_C(0xB9B81E43), UINT32_C(0xD0A58DD7), UINT32_C(0x85514FD9), + UINT32_C(0x939945EC), UINT32_C(0xFF291F5E)}}, + {{UINT32_C(0xEC8630FF), UINT32_C(0x098E11B1), UINT32_C(0xB49DBF4B), + UINT32_C(0xC7CB1E86), UINT32_C(0xC8D03872), UINT32_C(0x28ACEF09), + UINT32_C(0xD3432F5D), UINT32_C(0x306CC71E)}, + {UINT32_C(0x75BE7D37), UINT32_C(0xAE45E3E9), UINT32_C(0x166FA905), + UINT32_C(0x5C20C374), UINT32_C(0x77FDB46D), UINT32_C(0x3F31F051), + UINT32_C(0x0BD1DCBC), UINT32_C(0xB9D61E48)}}, + {{UINT32_C(0x3A7854A6), UINT32_C(0xF3FF066A), UINT32_C(0x79D9C31C), + UINT32_C(0x01FDBA63), UINT32_C(0xCC8220E2), UINT32_C(0x7F93EF7F), + UINT32_C(0x4844B55A), UINT32_C(0xA70E18F2)}, + {UINT32_C(0x4BC3C084), UINT32_C(0x3ADDF841), UINT32_C(0xDC378009), + UINT32_C(0xD4405377), UINT32_C(0xDED5EAE7), UINT32_C(0xB3C0DCF6), + UINT32_C(0x99BA8D32), UINT32_C(0x9C8D2EE1)}}, + {{UINT32_C(0xD09D724E), UINT32_C(0xA2A1CA13), UINT32_C(0x03C89D26), + UINT32_C(0x410F5C9C), UINT32_C(0x21497E67), UINT32_C(0x061A88D9), + UINT32_C(0x5EEFEC86), UINT32_C(0xA83F216C)}, + {UINT32_C(0x3B0ED3BD), UINT32_C(0xE3C61B9A), UINT32_C(0xA8B7BF87), + UINT32_C(0xA0BF9448), UINT32_C(0x4720C8E3), UINT32_C(0x4EA60D49), + UINT32_C(0x25BF7B91), UINT32_C(0xCECB54B6)}}, + {{UINT32_C(0x563BD88F), UINT32_C(0xC71AF8D0), UINT32_C(0x84BC872B), + UINT32_C(0xA9A76934), UINT32_C(0x4139F60F), UINT32_C(0x9C4EA691), + UINT32_C(0x50ACBD40), UINT32_C(0x14B7565C)}, + {UINT32_C(0xDE1E988D), UINT32_C(0x55BBE389), UINT32_C(0x383D8F04), + UINT32_C(0x85AB1EC0), UINT32_C(0x47BDA26E), UINT32_C(0x1E6FBEE6), + UINT32_C(0x830D04A4), UINT32_C(0x1B5520CE)}}, + {{UINT32_C(0x49D2ECE6), UINT32_C(0x5EC3985B), UINT32_C(0x7FD3A325), + UINT32_C(0x7AE8A664), UINT32_C(0x8A7B7BF0), UINT32_C(0xAE3CD9BB), + UINT32_C(0x167B5735), UINT32_C(0x6D1B6C6F)}, + {UINT32_C(0xCBD66CFA), UINT32_C(0x75F8E09D), UINT32_C(0x9472F6E2), + UINT32_C(0xFC74389B), UINT32_C(0x6A605B67), UINT32_C(0xE4C0FBCE), + UINT32_C(0x66835600), UINT32_C(0xA1C97990)}}, + {{UINT32_C(0x37345DFF), UINT32_C(0xB82BA5DB), UINT32_C(0xA53F2F79), + UINT32_C(0x3FE94956), UINT32_C(0xB05FFA72), UINT32_C(0x00BE25CF), + UINT32_C(0x1839B33A), UINT32_C(0xF32719E7)}, + {UINT32_C(0x92A9AA2D), UINT32_C(0x3FB293CB), UINT32_C(0xB0566C21), + UINT32_C(0x7456E8C5), UINT32_C(0xFFA49A71), UINT32_C(0xAB80C96C), + UINT32_C(0xD2926ACA), UINT32_C(0x9A0CF729)}}, + {{UINT32_C(0x83EF498A), UINT32_C(0x7EB98D92), UINT32_C(0x08480078), + UINT32_C(0xFFB2C212), UINT32_C(0x4F6BBBB5), UINT32_C(0xC6343AC3), + UINT32_C(0xD699167D), UINT32_C(0x8711C0FE)}, + {UINT32_C(0x30B94D4E), UINT32_C(0xA0185745), UINT32_C(0x645A0305), + UINT32_C(0xC960B153), UINT32_C(0xCCF6F684), UINT32_C(0xCA2CDCA6), + UINT32_C(0xFDD84305), UINT32_C(0x23172462)}}, + {{UINT32_C(0x267FEC34), UINT32_C(0xCCE6FFAE), UINT32_C(0x1478AD32), + UINT32_C(0x16089E75), UINT32_C(0x5FACA18F), UINT32_C(0x0EAFE6A4), + UINT32_C(0x3B37922A), UINT32_C(0x84C39A7E)}, + {UINT32_C(0xADE43C26), UINT32_C(0x06F020A5), UINT32_C(0xF21E7A3D), + UINT32_C(0xD3FDECC6), UINT32_C(0x39DA18D6), UINT32_C(0xA3B69284), + UINT32_C(0x797E167C), UINT32_C(0xE0F55227)}}, + {{UINT32_C(0x31838DB4), UINT32_C(0x60309BCA), UINT32_C(0xCAE99AEF), + UINT32_C(0x10A4434E), UINT32_C(0x2EF5BF3A), UINT32_C(0x9323FBE3), + UINT32_C(0x5D81B491), UINT32_C(0x2CA2AF36)}, + {UINT32_C(0xB1A87E49), UINT32_C(0x3B7BB0D5), UINT32_C(0x465B9F2B), + UINT32_C(0x9F085302), UINT32_C(0xD2226F46), UINT32_C(0x857D173E), + UINT32_C(0x0FD5B231), UINT32_C(0x270806C8)}}, + {{UINT32_C(0x29ADC92A), UINT32_C(0x19F14797), UINT32_C(0x381351CA), + UINT32_C(0x95496E1D), UINT32_C(0xE2C7BEF7), UINT32_C(0xFA1ED992), + UINT32_C(0x1460A635), UINT32_C(0x1B7C0F84)}, + {UINT32_C(0x589B215F), UINT32_C(0x24AE4082), UINT32_C(0xB3D41491), + UINT32_C(0x1CE037FE), UINT32_C(0x8C11A33B), UINT32_C(0x68F840AF), + UINT32_C(0xC3E7D3C2), UINT32_C(0xB3454D4D)}}, + {{UINT32_C(0xFC57CE5F), UINT32_C(0x1CEEB5E2), UINT32_C(0x6E556841), + UINT32_C(0x9BFC0072), UINT32_C(0x3289795F), UINT32_C(0x1D03E722), + UINT32_C(0x8B121FE5), UINT32_C(0x0B93783B)}, + {UINT32_C(0xAB212042), UINT32_C(0xD096C7CC), UINT32_C(0x5340E070), + UINT32_C(0x31F2E239), UINT32_C(0xAC6A5122), UINT32_C(0x74F37C12), + UINT32_C(0xED5EB5C6), UINT32_C(0xD6F86CD5)}}, + }, + { + {{UINT32_C(0xA8C46E18), UINT32_C(0x60C5EF28), UINT32_C(0x3400758E), + UINT32_C(0xBDD07852), UINT32_C(0xC6066192), UINT32_C(0x13C3796C), + UINT32_C(0x5C131AA2), UINT32_C(0x56AC699D)}, + {UINT32_C(0xEC5D028C), UINT32_C(0x9EB3FA4A), UINT32_C(0x1B30F5E0), + UINT32_C(0xDBD7486C), UINT32_C(0xA82244A3), UINT32_C(0x0929AB49), + UINT32_C(0x31A1D3D3), UINT32_C(0xA6498DF1)}}, + {{UINT32_C(0xA3FCD07D), UINT32_C(0xA24DF2F2), UINT32_C(0xED81EFAF), + UINT32_C(0x72C1A0E4), UINT32_C(0xD724648E), UINT32_C(0xD1DBF5E4), + UINT32_C(0x191CE28C), UINT32_C(0x624DDF85)}, + {UINT32_C(0xFAC1EDFA), UINT32_C(0x628169F3), UINT32_C(0xBABD8CB9), + UINT32_C(0xE35B42A7), UINT32_C(0x4748893D), UINT32_C(0x658C4AA4), + UINT32_C(0xFC093F18), UINT32_C(0xB68832C2)}}, + {{UINT32_C(0xB7B4AC46), UINT32_C(0xB87FBCC6), UINT32_C(0x8527A86A), + UINT32_C(0x132ABB4E), UINT32_C(0xBFD88B11), UINT32_C(0xE78670D1), + UINT32_C(0xA352932B), UINT32_C(0x4212CFAA)}, + {UINT32_C(0x35003688), UINT32_C(0x83D7E5E1), UINT32_C(0xB79FD125), + UINT32_C(0xA7E4BA84), UINT32_C(0x919FD264), UINT32_C(0xDAD2027B), + UINT32_C(0x87ADA394), UINT32_C(0x1A985173)}}, + {{UINT32_C(0x7D178F3D), UINT32_C(0x1F3E0717), UINT32_C(0x02ED45AA), + UINT32_C(0xB40D6333), UINT32_C(0xA929F102), UINT32_C(0x20549C3A), + UINT32_C(0x389A6596), UINT32_C(0x8EA303CD)}, + {UINT32_C(0x435C0708), UINT32_C(0x7D49F30A), UINT32_C(0x08DF9773), + UINT32_C(0x72F8D34E), UINT32_C(0x14840CDE), UINT32_C(0x53B95B72), + UINT32_C(0x6CB0E1FF), UINT32_C(0xDA217E19)}}, + {{UINT32_C(0xB6CDB3BB), UINT32_C(0x04E4BD5A), UINT32_C(0xE9AF899A), + UINT32_C(0x06864C71), UINT32_C(0x43F993CF), UINT32_C(0x65F442BA), + UINT32_C(0x21316E34), UINT32_C(0xCF9321AF)}, + {UINT32_C(0xF2398BD4), UINT32_C(0x6870D661), UINT32_C(0x007FE273), + UINT32_C(0xDC393BB3), UINT32_C(0x56270871), UINT32_C(0x75E0F15E), + UINT32_C(0x024F529F), UINT32_C(0xB38FD2F4)}}, + {{UINT32_C(0x7A77CB69), UINT32_C(0xB6AB69BB), UINT32_C(0xD83A4655), + UINT32_C(0x356710DD), UINT32_C(0x590E5655), UINT32_C(0x080726AB), + UINT32_C(0x0D39C69B), UINT32_C(0xB5B6E291)}, + {UINT32_C(0xF369E23B), UINT32_C(0xD8CF22FE), UINT32_C(0x5F1E5201), + UINT32_C(0xAE3EAB18), UINT32_C(0xE7D09526), UINT32_C(0x5C1110DB), + UINT32_C(0x25AAB9DE), UINT32_C(0x34025BCB)}}, + {{UINT32_C(0x385A47CE), UINT32_C(0xF07BA22A), UINT32_C(0xEF13BE2B), + UINT32_C(0xB7374A1F), UINT32_C(0x13686D7C), UINT32_C(0xB6708544), + UINT32_C(0x969123FA), UINT32_C(0x6DA6A6D0)}, + {UINT32_C(0x77315C57), UINT32_C(0x8F3E2716), UINT32_C(0x66B75734), + UINT32_C(0xE303886E), UINT32_C(0x5FAC48BF), UINT32_C(0x412C7E39), + UINT32_C(0xA2375284), UINT32_C(0xE64057B0)}}, + {{UINT32_C(0xDE75DB6F), UINT32_C(0xE55869AB), UINT32_C(0xE2BFB67E), + UINT32_C(0x0502E775), UINT32_C(0xD3BAFF50), UINT32_C(0x16AEA992), + UINT32_C(0xFA5AEACB), UINT32_C(0xC2E59CE2)}, + {UINT32_C(0xEFE72786), UINT32_C(0x4A2C11B0), UINT32_C(0xC36127CD), + UINT32_C(0xEE3E2EE7), UINT32_C(0xEDD288F0), UINT32_C(0xA274E02B), + UINT32_C(0x40280563), UINT32_C(0x97562DCF)}}, + {{UINT32_C(0xC99BF4EA), UINT32_C(0x140BA70D), UINT32_C(0x5FA7A58D), + UINT32_C(0x3EDF7CB3), UINT32_C(0x2BDA5832), UINT32_C(0xE5A0D410), + UINT32_C(0x051D41C0), UINT32_C(0x0EE03DC1)}, + {UINT32_C(0xE37CB7AD), UINT32_C(0xCE3E2C28), UINT32_C(0x8ADFD406), + UINT32_C(0x2886491A), UINT32_C(0xB68992CB), UINT32_C(0x7C40DEBC), + UINT32_C(0xD80D6F75), UINT32_C(0xC0B115B8)}}, + {{UINT32_C(0x3A38541D), UINT32_C(0x16EC6C3A), UINT32_C(0x39ED09F3), + UINT32_C(0xFCBE786D), UINT32_C(0xE12082E5), UINT32_C(0xD2CD1238), + UINT32_C(0x9F13CDB2), UINT32_C(0xF2AF2AC9)}, + {UINT32_C(0x601C85C5), UINT32_C(0xAA7625DA), UINT32_C(0xD503B778), + UINT32_C(0xD4B22A2D), UINT32_C(0x48515493), UINT32_C(0x9E40E5D7), + UINT32_C(0xCD08A785), UINT32_C(0x52066F28)}}, + {{UINT32_C(0x2BCA2883), UINT32_C(0x22E41987), UINT32_C(0xD4029901), + UINT32_C(0x1BE5512B), UINT32_C(0x9D808270), UINT32_C(0xBDB94F89), + UINT32_C(0xEBE7C2EF), UINT32_C(0x9D6ACA03)}, + {UINT32_C(0xE0D0DE42), UINT32_C(0x2B7366DE), UINT32_C(0x33A3DA60), + UINT32_C(0x0C1ADE33), UINT32_C(0xB83228B3), UINT32_C(0x8FFB5C8F), + UINT32_C(0x92381C79), UINT32_C(0x4A9A8BF2)}}, + {{UINT32_C(0xF599C194), UINT32_C(0x5B04B607), UINT32_C(0x41789337), + UINT32_C(0xED176FD8), UINT32_C(0x836C7384), UINT32_C(0x55D07DFC), + UINT32_C(0x8D16BEAB), UINT32_C(0x02EF7F8B)}, + {UINT32_C(0x2A2FB582), UINT32_C(0x30E2ECFE), UINT32_C(0x42239D80), + UINT32_C(0x5F858850), UINT32_C(0x47311BF3), UINT32_C(0x6DE69A97), + UINT32_C(0xD6537CB4), UINT32_C(0xE5035B08)}}, + {{UINT32_C(0xCA5D29AA), UINT32_C(0xC1CDBA5D), UINT32_C(0x2A9C1167), + UINT32_C(0x7B3BF6D8), UINT32_C(0xEB99C693), UINT32_C(0xBA44D295), + UINT32_C(0xD7702F67), UINT32_C(0xDD8B6C90)}, + {UINT32_C(0xC9020430), UINT32_C(0x1880B1D2), UINT32_C(0xA3CF8D35), + UINT32_C(0x9023C1A6), UINT32_C(0x3680E4BA), UINT32_C(0x3859F398), + UINT32_C(0x9C13BD00), UINT32_C(0xA0D6D252)}}, + {{UINT32_C(0xD7FC5662), UINT32_C(0xA7BB8005), UINT32_C(0xD826EAD2), + UINT32_C(0xF5D3C12B), UINT32_C(0x52A7C9D3), UINT32_C(0xB7EF2A4E), + UINT32_C(0x7F284391), UINT32_C(0x068A2D3E)}, + {UINT32_C(0xFD32B95B), UINT32_C(0x8B31EBCF), UINT32_C(0xAE817CBE), + UINT32_C(0xE8A198E3), UINT32_C(0x709622F1), UINT32_C(0x4FE885AF), + UINT32_C(0x4B85FED3), UINT32_C(0x359B9BD1)}}, + {{UINT32_C(0x38560DD4), UINT32_C(0xB92BF25E), UINT32_C(0xF8DBAFA4), + UINT32_C(0x705A108A), UINT32_C(0xDD457DB3), UINT32_C(0x21A8DCEA), + UINT32_C(0x31567166), UINT32_C(0xA6B8362C)}, + {UINT32_C(0xB5CC9AB3), UINT32_C(0x2403897C), UINT32_C(0x2732888B), + UINT32_C(0xF6FAB357), UINT32_C(0x6670B41F), UINT32_C(0x098C7E03), + UINT32_C(0x3B7DAC32), UINT32_C(0x746557E9)}}, + {{UINT32_C(0x661AAB9C), UINT32_C(0xAEC530AB), UINT32_C(0xC09081DB), + UINT32_C(0x69E829DF), UINT32_C(0xABD8573E), UINT32_C(0xEEC2A176), + UINT32_C(0xE49C7434), UINT32_C(0xFD66E1DC)}, + {UINT32_C(0x3C3022FD), UINT32_C(0x7CD3374E), UINT32_C(0x782A5EE9), + UINT32_C(0x57F4AAD9), UINT32_C(0xCCF4C17C), UINT32_C(0xC4895756), + UINT32_C(0xDFCF2F68), UINT32_C(0x8C2C2238)}}, + }, + { + {{UINT32_C(0xF8023127), UINT32_C(0xBE0B2578), UINT32_C(0x8A8B68DE), + UINT32_C(0xA95CCD09), UINT32_C(0x1925E578), UINT32_C(0x0DC60235), + UINT32_C(0x004FCA40), UINT32_C(0xB2153F53)}, + {UINT32_C(0x72665F8E), UINT32_C(0xB025456B), UINT32_C(0xA0246BEE), + UINT32_C(0xA5327909), UINT32_C(0xF075A443), UINT32_C(0xFCFC4EF6), + UINT32_C(0xFBF58688), UINT32_C(0xB013B77B)}}, + {{UINT32_C(0xE31D4659), UINT32_C(0x7DC23489), UINT32_C(0xCB43DB1C), + UINT32_C(0xA9E52E03), UINT32_C(0xEFFF5157), UINT32_C(0xC0EA0D9F), + UINT32_C(0x51C0FC54), UINT32_C(0x39049EF8)}, + {UINT32_C(0x87926762), UINT32_C(0xCE36F42F), UINT32_C(0xBA4686F9), + UINT32_C(0x9592667A), UINT32_C(0x2E18E003), UINT32_C(0xC10AC0AF), + UINT32_C(0x1D5B8020), UINT32_C(0xD8331F21)}}, + {{UINT32_C(0x27AB3B85), UINT32_C(0x9DA2838D), UINT32_C(0xA5619978), + UINT32_C(0x28CB26B3), UINT32_C(0x1C50FC16), UINT32_C(0x83856B95), + UINT32_C(0x66B521A6), UINT32_C(0xFBAEFD90)}, + {UINT32_C(0xB120CA34), UINT32_C(0xEA3368D4), UINT32_C(0x7A2FD88D), + UINT32_C(0x035416C2), UINT32_C(0x682644B8), UINT32_C(0xC5138982), + UINT32_C(0x402255F2), UINT32_C(0xFCAB1A3B)}}, + {{UINT32_C(0xAEABBAF7), UINT32_C(0x84E0DCD6), UINT32_C(0x7CFD0130), + UINT32_C(0x50D114CD), UINT32_C(0x160841FC), UINT32_C(0x08D645A7), + UINT32_C(0x84787649), UINT32_C(0x0B3484D4)}, + {UINT32_C(0xB36D4CD3), UINT32_C(0x887546E0), UINT32_C(0xE57D6C61), + UINT32_C(0x3EA2DCBF), UINT32_C(0xCCF12537), UINT32_C(0x5AC69355), + UINT32_C(0x8D9EA7E8), UINT32_C(0x2C073871)}}, + {{UINT32_C(0xD37D6A85), UINT32_C(0x28FCD9B5), UINT32_C(0x3E25A01B), + UINT32_C(0xAC6DF375), UINT32_C(0x09581C8D), UINT32_C(0x3A88D67C), + UINT32_C(0xC91E80C1), UINT32_C(0x3DE489A2)}, + {UINT32_C(0xFEF28D61), UINT32_C(0x6698CF2C), UINT32_C(0x7EC55F12), + UINT32_C(0xFB519FC6), UINT32_C(0x7D0A60F7), UINT32_C(0xBC25CC56), + UINT32_C(0x1FC0D1EF), UINT32_C(0x3815B578)}}, + {{UINT32_C(0xF6BC53D1), UINT32_C(0x987FBF19), UINT32_C(0x7640CCDC), + UINT32_C(0x463F6264), UINT32_C(0x6D77F958), UINT32_C(0x906C6CA1), + UINT32_C(0x7E034231), UINT32_C(0x40155721)}, + {UINT32_C(0x1D5BED33), UINT32_C(0x6A97B3C9), UINT32_C(0x5523BFF1), + UINT32_C(0xFEDE8236), UINT32_C(0x1B99BD54), UINT32_C(0x5FE71BC7), + UINT32_C(0xEFC4797C), UINT32_C(0x090B2BDA)}}, + {{UINT32_C(0xC5D95F3E), UINT32_C(0x35630AFE), UINT32_C(0xD1D2C22D), + UINT32_C(0x90562D89), UINT32_C(0xEA7241D3), UINT32_C(0x4CE69FE4), + UINT32_C(0xC1F398F7), UINT32_C(0xDFE26EF1)}, + {UINT32_C(0x4CC07AFB), UINT32_C(0xA3B35405), UINT32_C(0x068D5928), + UINT32_C(0xC4DC0AF8), UINT32_C(0x341E982C), UINT32_C(0x35124E9D), + UINT32_C(0xADF07AFC), UINT32_C(0x7BD8B508)}}, + {{UINT32_C(0x1BDE66EC), UINT32_C(0xC6122380), UINT32_C(0x7EA38576), + UINT32_C(0x0FD72607), UINT32_C(0x804A44E6), UINT32_C(0xE10000E4), + UINT32_C(0x3607BF1B), UINT32_C(0x89C6D7FC)}, + {UINT32_C(0x56FBBE3C), UINT32_C(0x24447661), UINT32_C(0x34E83784), + UINT32_C(0x7A6E60BE), UINT32_C(0x65AC0D58), UINT32_C(0x01C2E35C), + UINT32_C(0xF66DF727), UINT32_C(0x5EABF057)}}, + {{UINT32_C(0x5C36695F), UINT32_C(0xD59E953C), UINT32_C(0x1BF513D9), + UINT32_C(0xF7A62DCC), UINT32_C(0x58DC462E), UINT32_C(0x9D19C304), + UINT32_C(0x2287BAE1), UINT32_C(0x1F29B6B1)}, + {UINT32_C(0x8EB7665A), UINT32_C(0x2897347C), UINT32_C(0x3CF945FD), + UINT32_C(0x9E4E6512), UINT32_C(0xB8100515), UINT32_C(0x3F9D9AC2), + UINT32_C(0x5F3FCA4A), UINT32_C(0x7F7D0BD9)}}, + {{UINT32_C(0xD21CD4A1), UINT32_C(0x86809C20), UINT32_C(0x35CC7D3D), + UINT32_C(0x88D53A69), UINT32_C(0xAEAEECF9), UINT32_C(0x6EA15230), + UINT32_C(0x0D4B8E41), UINT32_C(0x5F9C845E)}, + {UINT32_C(0x80012703), UINT32_C(0x50150E19), UINT32_C(0xB59EECFC), + UINT32_C(0x2B815B54), UINT32_C(0x5F185F6E), UINT32_C(0x4CF3F808), + UINT32_C(0x71A0DC04), UINT32_C(0xC4EE5643)}}, + {{UINT32_C(0x8F6C4286), UINT32_C(0x693E7452), UINT32_C(0x588012DE), + UINT32_C(0x8FE2725C), UINT32_C(0x71F135DC), UINT32_C(0xF20FBD9B), + UINT32_C(0x3956BC1C), UINT32_C(0x29674A5A)}, + {UINT32_C(0x07269D70), UINT32_C(0x45A6AB55), UINT32_C(0xB5CDD43C), + UINT32_C(0xD16E80CB), UINT32_C(0x435D1CC8), UINT32_C(0xBEEFF7F7), + UINT32_C(0x16E22EC2), UINT32_C(0x058CEC1D)}}, + {{UINT32_C(0x620E02F4), UINT32_C(0x054B3E2F), UINT32_C(0x6789F6F4), + UINT32_C(0x55B69960), UINT32_C(0xF6171139), UINT32_C(0x9C1B023D), + UINT32_C(0xFA0DF29D), UINT32_C(0x1D57F164)}, + {UINT32_C(0xE1FCD4F4), UINT32_C(0x84940A21), UINT32_C(0x889B6C0F), + UINT32_C(0xA72CB6BC), UINT32_C(0x4B0E77F6), UINT32_C(0xF6B3D64B), + UINT32_C(0x2534B793), UINT32_C(0xDF6286BF)}}, + {{UINT32_C(0xC4935F08), UINT32_C(0xAC5731CB), UINT32_C(0x3C04006B), + UINT32_C(0xA949F258), UINT32_C(0x136A1064), UINT32_C(0x980C9C9F), + UINT32_C(0xAF7448CB), UINT32_C(0x7AAD87C0)}, + {UINT32_C(0x2BAFC88A), UINT32_C(0xCC1DFEA2), UINT32_C(0x85CA1701), + UINT32_C(0x396E9BE5), UINT32_C(0x981EE32C), UINT32_C(0x04F4F2B3), + UINT32_C(0x40F60D30), UINT32_C(0x07075D0F)}}, + {{UINT32_C(0xA86031B8), UINT32_C(0xCDC1B94D), UINT32_C(0xE3B8A8CF), + UINT32_C(0x84D8D43F), UINT32_C(0x9ACEBBB6), UINT32_C(0xA6E1EAC7), + UINT32_C(0xE2AAEA77), UINT32_C(0x83F89B9B)}, + {UINT32_C(0x7A25D5C8), UINT32_C(0x8C1BFC69), UINT32_C(0x38CE54FD), + UINT32_C(0x0AF7DDF2), UINT32_C(0xF2CAF5C4), UINT32_C(0x6ED6B61D), + UINT32_C(0xE192FDE4), UINT32_C(0xD0FC60FE)}}, + {{UINT32_C(0xB024F605), UINT32_C(0x0F14DDDA), UINT32_C(0x5343EE3A), + UINT32_C(0x2A255F7A), UINT32_C(0xFDD033D7), UINT32_C(0x415BE312), + UINT32_C(0xF1B98FED), UINT32_C(0x97770222)}, + {UINT32_C(0x5ECFC5C8), UINT32_C(0x90D32B2F), UINT32_C(0x512231B0), + UINT32_C(0xE899ADFB), UINT32_C(0xA6C92274), UINT32_C(0x135E299B), + UINT32_C(0x39F0CEB3), UINT32_C(0xC85CDFDA)}}, + {{UINT32_C(0xC786CECB), UINT32_C(0xEBE3D2F1), UINT32_C(0xBA007DEA), + UINT32_C(0xFF6D01CD), UINT32_C(0x40F25660), UINT32_C(0x6D79C4BA), + UINT32_C(0x65C69060), UINT32_C(0x021A16C6)}, + {UINT32_C(0x49BD9B07), UINT32_C(0xE68F7D76), UINT32_C(0x1CD0FC22), + UINT32_C(0x675A2E2C), UINT32_C(0x8D336524), UINT32_C(0x2FF660AA), + UINT32_C(0x67EA395A), UINT32_C(0x08F90F20)}}, + }, + { + {{UINT32_C(0x0DAF895D), UINT32_C(0xD8C2B174), UINT32_C(0x6FF59370), + UINT32_C(0x73D108A6), UINT32_C(0xFC35A5C0), UINT32_C(0xFD0BFCEF), + UINT32_C(0x72534CB1), UINT32_C(0xBF3C7A7E)}, + {UINT32_C(0x214C9CFC), UINT32_C(0x87848D09), UINT32_C(0x3C07F690), + UINT32_C(0xADF4BB55), UINT32_C(0x85B373FD), UINT32_C(0x5E0AB41C), + UINT32_C(0x81F666DA), UINT32_C(0x7D70B146)}}, + {{UINT32_C(0xF02FAD0E), UINT32_C(0x6269AEE1), UINT32_C(0x9BE76F26), + UINT32_C(0x40F14A5E), UINT32_C(0xFD6CCF45), UINT32_C(0x0F93DF26), + UINT32_C(0xB81BAB74), UINT32_C(0xA3AAAFC6)}, + {UINT32_C(0xCC898EC4), UINT32_C(0xE7871C96), UINT32_C(0x00E38C87), + UINT32_C(0xC8D4F253), UINT32_C(0xB16ABB26), UINT32_C(0x009C4B82), + UINT32_C(0x461DECCE), UINT32_C(0x38A2E5A6)}}, + {{UINT32_C(0x7944B90E), UINT32_C(0x7A50CD9E), UINT32_C(0x76945527), + UINT32_C(0x42FCAA54), UINT32_C(0x9444BB9E), UINT32_C(0xC7FD6985), + UINT32_C(0x7B2D9176), UINT32_C(0x8BF279D2)}, + {UINT32_C(0x1F131F58), UINT32_C(0x4B9AD4E6), UINT32_C(0xF2B71FDD), + UINT32_C(0x65532ECA), UINT32_C(0x323C4EC1), UINT32_C(0xB8D482FB), + UINT32_C(0xBA9A8C88), UINT32_C(0x6218E700)}}, + {{UINT32_C(0x5A6FC633), UINT32_C(0x1DE597A6), UINT32_C(0x4BEB5087), + UINT32_C(0x84F87C8E), UINT32_C(0x52FC4B5B), UINT32_C(0x3DF9A4A2), + UINT32_C(0xE9AF1FDF), UINT32_C(0x3384FD69)}, + {UINT32_C(0xA3227E12), UINT32_C(0xFD4F521F), UINT32_C(0xA88ED0B1), + UINT32_C(0x7CC87430), UINT32_C(0xCE650F29), UINT32_C(0xECBE91C0), + UINT32_C(0xDE0E5CD4), UINT32_C(0x7CA41CD2)}}, + {{UINT32_C(0x0914E73C), UINT32_C(0xD290F1FD), UINT32_C(0xF91E0416), + UINT32_C(0x0B1E3FC6), UINT32_C(0xC38EF29F), UINT32_C(0xD6B4A7C2), + UINT32_C(0x0C0AB812), UINT32_C(0xF24B1877)}, + {UINT32_C(0xC8A065F4), UINT32_C(0x90414EC2), UINT32_C(0xD65763B5), + UINT32_C(0x214B72B2), UINT32_C(0x938FFAC7), UINT32_C(0xB273FB70), + UINT32_C(0x8588175C), UINT32_C(0xC69CE988)}}, + {{UINT32_C(0xBF58685C), UINT32_C(0x2B3A731F), UINT32_C(0xAAB1B7DC), + UINT32_C(0x2C018AD9), UINT32_C(0x3315F85B), UINT32_C(0x2D1600F1), + UINT32_C(0x36D69A42), UINT32_C(0xB4AE4208)}, + {UINT32_C(0xC7915A74), UINT32_C(0x667297F9), UINT32_C(0xDD1460C2), + UINT32_C(0x45090D46), UINT32_C(0x05BD0C15), UINT32_C(0xB9995CB1), + UINT32_C(0xA1620CDB), UINT32_C(0x1C906B58)}}, + {{UINT32_C(0xA785FEED), UINT32_C(0x15A6DF87), UINT32_C(0x5BAD4605), + UINT32_C(0xB64CF503), UINT32_C(0xDD61B060), UINT32_C(0xEB40AFB3), + UINT32_C(0x60FD1CBC), UINT32_C(0xA677A306)}, + {UINT32_C(0x8B195250), UINT32_C(0x936F8162), UINT32_C(0x1FC84A26), + UINT32_C(0x80F92255), UINT32_C(0x3C5EEF41), UINT32_C(0xC9277E42), + UINT32_C(0xB82B644E), UINT32_C(0xF635F1E6)}}, + {{UINT32_C(0xB1D6B229), UINT32_C(0x4474D8DF), UINT32_C(0x5B4F742B), + UINT32_C(0x0902F46E), UINT32_C(0x76259A3E), UINT32_C(0x154E37F9), + UINT32_C(0xC182C634), UINT32_C(0xF4323FD1)}, + {UINT32_C(0x9B7FEC08), UINT32_C(0xA2C6D7A5), UINT32_C(0x974A0338), + UINT32_C(0x7ADA35DF), UINT32_C(0x747500A7), UINT32_C(0x1824ECDB), + UINT32_C(0x0D79FB22), UINT32_C(0x570BC275)}}, + {{UINT32_C(0xE535C8F1), UINT32_C(0x61ECD53A), UINT32_C(0x9FBC7E57), + UINT32_C(0x95F720E0), UINT32_C(0xB2794F3D), UINT32_C(0x9C31560E), + UINT32_C(0xD90E834E), UINT32_C(0x02602E06)}, + {UINT32_C(0x1609F976), UINT32_C(0xEB8C3A28), UINT32_C(0x77B8B898), + UINT32_C(0x3E1F77FA), UINT32_C(0x81C13275), UINT32_C(0x1296CA7B), + UINT32_C(0x8B9EA97B), UINT32_C(0x2FC07B71)}}, + {{UINT32_C(0x5A6594A7), UINT32_C(0x964B4B4B), UINT32_C(0xC6CBB480), + UINT32_C(0x818244FB), UINT32_C(0xD8501BA4), UINT32_C(0xA640926B), + UINT32_C(0x3416BFC7), UINT32_C(0xA7D0ECCE)}, + {UINT32_C(0x25373C07), UINT32_C(0x07C6D951), UINT32_C(0x0BBFF1D1), + UINT32_C(0x11109772), UINT32_C(0x80666734), UINT32_C(0x3B9F750A), + UINT32_C(0xDBA11EF3), UINT32_C(0xB6B6AC23)}}, + {{UINT32_C(0xFF1C032B), UINT32_C(0x61FD0C30), UINT32_C(0x0C6D90DE), + UINT32_C(0x2CC7FAB3), UINT32_C(0x82C63A1F), UINT32_C(0xBC0749C2), + UINT32_C(0xBF07B163), UINT32_C(0xEC366046)}, + {UINT32_C(0xD5161068), UINT32_C(0x450BA6A7), UINT32_C(0x7576E002), + UINT32_C(0x935D8AAB), UINT32_C(0x38BC740B), UINT32_C(0x45FCBBD6), + UINT32_C(0x67A8265E), UINT32_C(0x47A3CDBB)}}, + {{UINT32_C(0xA09794ED), UINT32_C(0x2F10C602), UINT32_C(0x34DA9558), + UINT32_C(0xE7E72181), UINT32_C(0x25EAB8B2), UINT32_C(0x16667405), + UINT32_C(0x4904159E), UINT32_C(0x06C54665)}, + {UINT32_C(0x9691C8C0), UINT32_C(0xD09DE96E), UINT32_C(0xDD106E67), + UINT32_C(0xEC7E4311), UINT32_C(0x9E815B70), UINT32_C(0x3360EB1C), + UINT32_C(0xAAAE2F91), UINT32_C(0xAADF5E76)}}, + {{UINT32_C(0x509878E0), UINT32_C(0x533956C2), UINT32_C(0x449C2742), + UINT32_C(0xBFC4FE09), UINT32_C(0x5F46F112), UINT32_C(0xE1C73A2F), + UINT32_C(0x6FD7DF35), UINT32_C(0x5CE874FB)}, + {UINT32_C(0xE44B85AB), UINT32_C(0x155E3C3B), UINT32_C(0xE7EEF05B), + UINT32_C(0x86117DB5), UINT32_C(0x40D80BF7), UINT32_C(0x7D8320A0), + UINT32_C(0xDEEBBB9C), UINT32_C(0xAA462DAF)}}, + {{UINT32_C(0x7A4CA995), UINT32_C(0x5884D29B), UINT32_C(0xBB3FB571), + UINT32_C(0xF3B0FA46), UINT32_C(0x58DAAE35), UINT32_C(0x41EF21C2), + UINT32_C(0x5EB796EE), UINT32_C(0xD990D392)}, + {UINT32_C(0xC73B2170), UINT32_C(0x0ED99779), UINT32_C(0x0C457943), + UINT32_C(0x33859F1D), UINT32_C(0xE1B9FC60), UINT32_C(0x0D26DF31), + UINT32_C(0xE6516083), UINT32_C(0xCFAC4E7C)}}, + {{UINT32_C(0x3FC2B97D), UINT32_C(0xF6179F25), UINT32_C(0x525E4654), + UINT32_C(0xF17FFB38), UINT32_C(0x37EF8394), UINT32_C(0x422B7996), + UINT32_C(0x1AAA1ADB), UINT32_C(0xDEABCFB3)}, + {UINT32_C(0x69C1CBCB), UINT32_C(0xBF8EDA3D), UINT32_C(0xD3372892), + UINT32_C(0x5EC8B947), UINT32_C(0xD0EC2E20), UINT32_C(0xD0A25581), + UINT32_C(0x945F570A), UINT32_C(0x447104C5)}}, + {{UINT32_C(0x2177D41C), UINT32_C(0x8884DB3F), UINT32_C(0x4FD364BF), + UINT32_C(0xE36729DC), UINT32_C(0x7979ABD1), UINT32_C(0x49D9DE1F), + UINT32_C(0xC43D4B39), UINT32_C(0xCFA9D9F5)}, + {UINT32_C(0x2F500D7C), UINT32_C(0x459B637B), UINT32_C(0x98BB12AA), + UINT32_C(0x7ED60314), UINT32_C(0xA304C11A), UINT32_C(0x466F3486), + UINT32_C(0x69CD5770), UINT32_C(0x7F430827)}}, + }, + { + {{UINT32_C(0x606235B2), UINT32_C(0x5E0570B6), UINT32_C(0x29207AF9), + UINT32_C(0xE340C4AE), UINT32_C(0x07BDEF0D), UINT32_C(0xD527A2C6), + UINT32_C(0xAFDF8BBA), UINT32_C(0xBB362C3D)}, + {UINT32_C(0xBD5F0BEE), UINT32_C(0x7B4FC2A9), UINT32_C(0x1A2956B1), + UINT32_C(0x147CE759), UINT32_C(0x34124A7D), UINT32_C(0xBA7A6B73), + UINT32_C(0xD15A2323), UINT32_C(0x3C40C279)}}, + {{UINT32_C(0x7CCEE136), UINT32_C(0x033F132C), UINT32_C(0x101E7655), + UINT32_C(0xD7D54CA5), UINT32_C(0x697B4BD0), UINT32_C(0xAE7EDE54), + UINT32_C(0x14B44112), UINT32_C(0x74DA46F9)}, + {UINT32_C(0x7E4CBB3A), UINT32_C(0x2FC25660), UINT32_C(0x42E4CC85), + UINT32_C(0x3672ACD2), UINT32_C(0x79C09849), UINT32_C(0xA6660E02), + UINT32_C(0x485FB022), UINT32_C(0x9185150C)}}, + {{UINT32_C(0x956CE121), UINT32_C(0x0FA5C09E), UINT32_C(0xA6E78E8B), + UINT32_C(0x833695BA), UINT32_C(0xDE600687), UINT32_C(0xCE82270F), + UINT32_C(0xAD9331C3), UINT32_C(0x6E390C25)}, + {UINT32_C(0x246A3D4F), UINT32_C(0xB05D89DA), UINT32_C(0x838C1EEF), + UINT32_C(0xAE711914), UINT32_C(0xF1D67085), UINT32_C(0xD8CAE58C), + UINT32_C(0xFDADE743), UINT32_C(0x325A0777)}}, + {{UINT32_C(0x4FA3E53A), UINT32_C(0x5854321E), UINT32_C(0x48595CFE), + UINT32_C(0x27634743), UINT32_C(0x64EE4CBE), UINT32_C(0x86AD6FF7), + UINT32_C(0x0A265250), UINT32_C(0xA1BA6817)}, + {UINT32_C(0x6BCAE29D), UINT32_C(0xD2B61192), UINT32_C(0x4E251346), + UINT32_C(0x6C25BFD4), UINT32_C(0x2E7169AB), UINT32_C(0x9C3684CB), + UINT32_C(0x44563D91), UINT32_C(0xD32F1F6E)}}, + {{UINT32_C(0x1B06F603), UINT32_C(0x542CC6EE), UINT32_C(0x08D99442), + UINT32_C(0x639699ED), UINT32_C(0xE0650C3A), UINT32_C(0x3E9BD04E), + UINT32_C(0x9E1454D5), UINT32_C(0x882E3BA1)}, + {UINT32_C(0xFCBEE463), UINT32_C(0x140A8911), UINT32_C(0x5027A6A3), + UINT32_C(0xF3DD8BF8), UINT32_C(0xD9BC64B7), UINT32_C(0xD78A2C36), + UINT32_C(0x699B4EF7), UINT32_C(0x1D84024C)}}, + {{UINT32_C(0x0DD84AD7), UINT32_C(0x2AE948C4), UINT32_C(0x906543F5), + UINT32_C(0x089E36DA), UINT32_C(0x8E063D82), UINT32_C(0x353CFC75), + UINT32_C(0x4F1290B8), UINT32_C(0x63C08533)}, + {UINT32_C(0x346A0166), UINT32_C(0xACD53165), UINT32_C(0x278522C8), + UINT32_C(0x7E16CE42), UINT32_C(0x56CE3DD5), UINT32_C(0x94CBE8A3), + UINT32_C(0x6E4A5A49), UINT32_C(0x3454C461)}}, + {{UINT32_C(0xE02D0F81), UINT32_C(0x9E30249A), UINT32_C(0x4714BB75), + UINT32_C(0xA4B5E0B4), UINT32_C(0xA4A7E91F), UINT32_C(0x97FD77B5), + UINT32_C(0xBA6BEE5C), UINT32_C(0xDE3FC9C6)}, + {UINT32_C(0xCBCD5591), UINT32_C(0x8841E605), UINT32_C(0xE1F7C4C8), + UINT32_C(0x1E55914C), UINT32_C(0x208C68AF), UINT32_C(0x8435358D), + UINT32_C(0xCD2A63EF), UINT32_C(0x6591DBE4)}}, + {{UINT32_C(0x0D446BF3), UINT32_C(0x5AF4A582), UINT32_C(0xD7FED553), + UINT32_C(0x772B7FE4), UINT32_C(0x927E6152), UINT32_C(0x7FCB944E), + UINT32_C(0x434D663A), UINT32_C(0x121D2455)}, + {UINT32_C(0xD335D051), UINT32_C(0x510A3C91), UINT32_C(0xC5AC34C3), + UINT32_C(0x500685E2), UINT32_C(0xAB79EABA), UINT32_C(0xF5884686), + UINT32_C(0x93DB2EB9), UINT32_C(0xE0E0AC17)}}, + {{UINT32_C(0x9BBCF4AF), UINT32_C(0x449A30C3), UINT32_C(0x73F545D1), + UINT32_C(0xA351F4D8), UINT32_C(0x8D311661), UINT32_C(0x3FD90002), + UINT32_C(0x8B5C6A9B), UINT32_C(0x3D3185FC)}, + {UINT32_C(0x84CB12AE), UINT32_C(0x30DC70B4), UINT32_C(0xA2F07CFF), + UINT32_C(0x65E74A9D), UINT32_C(0x1B6DC753), UINT32_C(0x48FF46E9), + UINT32_C(0x976DF0A5), UINT32_C(0x6EA3C4B1)}}, + {{UINT32_C(0xF98C5FB0), UINT32_C(0xC44F2CBC), UINT32_C(0xF6409E74), + UINT32_C(0x5B2738FC), UINT32_C(0x083E8B52), UINT32_C(0x44002134), + UINT32_C(0x28D0924D), UINT32_C(0x920B6AC1)}, + {UINT32_C(0xD0E4320D), UINT32_C(0x6DCE3B60), UINT32_C(0xB95EE657), + UINT32_C(0x682005A0), UINT32_C(0xABCA92E7), UINT32_C(0xDE972287), + UINT32_C(0x1AE0D1F7), UINT32_C(0x4728414A)}}, + {{UINT32_C(0x3CEB5D8D), UINT32_C(0x7153DCC9), UINT32_C(0x63060A1E), + UINT32_C(0xBE92231A), UINT32_C(0x4F854FA2), UINT32_C(0x2DF4322A), + UINT32_C(0x11721651), UINT32_C(0x3615AA90)}, + {UINT32_C(0x07272E8B), UINT32_C(0x53174559), UINT32_C(0xCA817E64), + UINT32_C(0x2CFEF4C7), UINT32_C(0x49D1B9ED), UINT32_C(0x3AB30B80), + UINT32_C(0x143286C3), UINT32_C(0xF71202E8)}}, + {{UINT32_C(0x2AB4C4A9), UINT32_C(0x5A6123E6), UINT32_C(0xF2CF8B8E), + UINT32_C(0x20176A77), UINT32_C(0x49D8917C), UINT32_C(0x564783DF), + UINT32_C(0xF3E79212), UINT32_C(0xA38CBD47)}, + {UINT32_C(0x3D6A8DDB), UINT32_C(0x84787027), UINT32_C(0x11DF4F04), + UINT32_C(0x26AACCFC), UINT32_C(0x5D0457C7), UINT32_C(0x33BCEB50), + UINT32_C(0x053B19DE), UINT32_C(0x64446FD1)}}, + {{UINT32_C(0x3BDE901A), UINT32_C(0xC2377572), UINT32_C(0x5BAEA503), + UINT32_C(0xF87D4232), UINT32_C(0x1E6B702B), UINT32_C(0xF4C5ABBE), + UINT32_C(0x210552AC), UINT32_C(0xDDFFFB90)}, + {UINT32_C(0x71AADFB7), UINT32_C(0x0EB95430), UINT32_C(0x7AA6979E), + UINT32_C(0xEC0AEF02), UINT32_C(0xF538BE05), UINT32_C(0x652149F1), + UINT32_C(0x0CBF52F0), UINT32_C(0x38371DC8)}}, + {{UINT32_C(0x8A0F98DA), UINT32_C(0x88FE482A), UINT32_C(0xCCF4146D), + UINT32_C(0xA29BFE04), UINT32_C(0x3C7B0FD6), UINT32_C(0xB87E0093), + UINT32_C(0x510E1D15), UINT32_C(0x37119556)}, + {UINT32_C(0xCC64EC7E), UINT32_C(0x556C51D6), UINT32_C(0x82BC053C), + UINT32_C(0x2DD0D9E1), UINT32_C(0x74471C85), UINT32_C(0x1EA11FEF), + UINT32_C(0x2E35DC13), UINT32_C(0xE152AAE2)}}, + {{UINT32_C(0x2B3852E5), UINT32_C(0xE4EDD530), UINT32_C(0xB1A5753A), + UINT32_C(0x44EC6C0C), UINT32_C(0x1EE345D9), UINT32_C(0x610B9895), + UINT32_C(0xD7DB0E28), UINT32_C(0x3F09D39A)}, + {UINT32_C(0xAF486DDA), UINT32_C(0x624B69E8), UINT32_C(0x4290BEBD), + UINT32_C(0x52B38B6B), UINT32_C(0xF0BF9060), UINT32_C(0xD46A52E1), + UINT32_C(0x0CF051F5), UINT32_C(0x7A593065)}}, + {{UINT32_C(0x4C94F4C4), UINT32_C(0xCEB4D27E), UINT32_C(0x9E129A90), + UINT32_C(0xCF95A4C8), UINT32_C(0xECDF87CC), UINT32_C(0x748D454D), + UINT32_C(0x7A38BEDC), UINT32_C(0xA5582909)}, + {UINT32_C(0xDBF83328), UINT32_C(0x533F5750), UINT32_C(0x746B8AC2), + UINT32_C(0x4DF3E030), UINT32_C(0x32CCDABD), UINT32_C(0x6AA0948D), + UINT32_C(0x9C914D38), UINT32_C(0x52C1F70B)}}, + }, + { + {{UINT32_C(0x49B34898), UINT32_C(0x66F8AB1F), UINT32_C(0x639542C2), + UINT32_C(0x8ABCDB14), UINT32_C(0x69F1D26F), UINT32_C(0x2BB1C7D3), + UINT32_C(0xB38A33DF), UINT32_C(0x5F81D57E)}, + {UINT32_C(0xB93B7F35), UINT32_C(0x09AC2FE3), UINT32_C(0x0495E23A), + UINT32_C(0x04FB8AA5), UINT32_C(0x827C7E3F), UINT32_C(0x1EEE24AA), + UINT32_C(0x64764E0F), UINT32_C(0x7ABEA152)}}, + {{UINT32_C(0x4823DBF0), UINT32_C(0x4DB17F2A), UINT32_C(0x2B5F5BCD), + UINT32_C(0xE9BC82F5), UINT32_C(0x6BADBB25), UINT32_C(0xAED89750), + UINT32_C(0x7DEEE5AD), UINT32_C(0x6CEDFF2D)}, + {UINT32_C(0x4D7752CE), UINT32_C(0x1EF06EB6), UINT32_C(0x556AE461), + UINT32_C(0x2E4239E8), UINT32_C(0x1349FDF3), UINT32_C(0xEEE4F80E), + UINT32_C(0xA9607518), UINT32_C(0x73E89C3D)}}, + {{UINT32_C(0xCDBDFBC4), UINT32_C(0x0D26BE42), UINT32_C(0x64FBEF92), + UINT32_C(0x5E163B13), UINT32_C(0x55C795DA), UINT32_C(0x17AFDAC7), + UINT32_C(0xBC47029C), UINT32_C(0x12383DDD)}, + {UINT32_C(0xAF064843), UINT32_C(0x02E1BD3C), UINT32_C(0x0316C320), + UINT32_C(0x3EBBC13B), UINT32_C(0x5BAC1D34), UINT32_C(0x9BAC1DEF), + UINT32_C(0x11B9912E), UINT32_C(0xF1CD1CA6)}}, + {{UINT32_C(0xD2707EF1), UINT32_C(0xA87C4C9F), UINT32_C(0x0D7467AA), + UINT32_C(0x4BF536D1), UINT32_C(0x3A266104), UINT32_C(0x201AAE56), + UINT32_C(0x085F4C7D), UINT32_C(0x2AAF44F1)}, + {UINT32_C(0x29E9E621), UINT32_C(0xE1A36E3D), UINT32_C(0xDD7AB915), + UINT32_C(0x95D0C47B), UINT32_C(0x783A2957), UINT32_C(0xC0CC48FF), + UINT32_C(0x03DB2DD9), UINT32_C(0x25967160)}}, + {{UINT32_C(0x05A1F998), UINT32_C(0x9DBFCB03), UINT32_C(0x6E97F3A9), + UINT32_C(0xFC254016), UINT32_C(0x5B951AF6), UINT32_C(0xBB38F5CD), + UINT32_C(0x9BFB2B45), UINT32_C(0xDDB0003E)}, + {UINT32_C(0x5F47A756), UINT32_C(0x067D970C), UINT32_C(0x8A750D2E), + UINT32_C(0xA22D808A), UINT32_C(0x70C32863), UINT32_C(0x29D1F359), + UINT32_C(0x4253EE85), UINT32_C(0x3811E6D3)}}, + {{UINT32_C(0x8AE4BC85), UINT32_C(0x7F42B79B), UINT32_C(0xC841CD7C), + UINT32_C(0x2081C966), UINT32_C(0x8A2CE9C5), UINT32_C(0x3A317513), + UINT32_C(0xBF7BC5F5), UINT32_C(0x9C9200AD)}, + {UINT32_C(0x5BDA104D), UINT32_C(0xF008697C), UINT32_C(0xFE22C17C), + UINT32_C(0x0D9DF621), UINT32_C(0xF0F1779B), UINT32_C(0x390753EC), + UINT32_C(0x2FAF183D), UINT32_C(0xB9D32AA5)}}, + {{UINT32_C(0xC91511FE), UINT32_C(0xEA2E107B), UINT32_C(0x6736634B), + UINT32_C(0x2B62D5B3), UINT32_C(0x2A8DC042), UINT32_C(0x4249D04A), + UINT32_C(0x81D12613), UINT32_C(0x3C5381FA)}, + {UINT32_C(0x1A3A6139), UINT32_C(0x52111382), UINT32_C(0x6C220480), + UINT32_C(0x041673F2), UINT32_C(0xA279108A), UINT32_C(0xE60C1374), + UINT32_C(0xD823CE13), UINT32_C(0xE5B6883A)}}, + {{UINT32_C(0xF10D3E23), UINT32_C(0x2018FB21), UINT32_C(0x472C577E), + UINT32_C(0x740617E9), UINT32_C(0xFB2BEF3D), UINT32_C(0x516817C1), + UINT32_C(0x80DBF605), UINT32_C(0xD3B0BCBD)}, + {UINT32_C(0x930412DC), UINT32_C(0xC4AE5435), UINT32_C(0xB32FAED5), + UINT32_C(0x7680C410), UINT32_C(0x4CCE032A), UINT32_C(0xEE7FC612), + UINT32_C(0x2A1B2DE1), UINT32_C(0x78FE72AC)}}, + {{UINT32_C(0x9ECE7432), UINT32_C(0x7F6ABF78), UINT32_C(0x7463BEFA), + UINT32_C(0xC0C93B99), UINT32_C(0x906623C3), UINT32_C(0xE7BF1FE3), + UINT32_C(0x6E8663B1), UINT32_C(0x17A07323)}, + {UINT32_C(0xEA8D0833), UINT32_C(0x2500BF81), UINT32_C(0x3BFFB9BE), + UINT32_C(0xC33D8FA4), UINT32_C(0x11C19237), UINT32_C(0x2125DE64), + UINT32_C(0xDC1540A5), UINT32_C(0x5228A0CF)}}, + {{UINT32_C(0x27260AB3), UINT32_C(0x28F5D393), UINT32_C(0xABA4D4BE), + UINT32_C(0x91DB0E80), UINT32_C(0xD115AF4F), UINT32_C(0x3A59FD26), + UINT32_C(0x106E89AB), UINT32_C(0x84C5CD3E)}, + {UINT32_C(0x35E21615), UINT32_C(0x1F2F8CA4), UINT32_C(0xA0C5B9C5), + UINT32_C(0xFD6EECF6), UINT32_C(0xE9EA6606), UINT32_C(0x618160D7), + UINT32_C(0xB0BDB055), UINT32_C(0xC3E1FAE6)}}, + {{UINT32_C(0x63FAD863), UINT32_C(0x814219AC), UINT32_C(0xEB4DEB74), + UINT32_C(0xC9CFC5D6), UINT32_C(0x98529A06), UINT32_C(0x757AADE6), + UINT32_C(0xD8314984), UINT32_C(0xF6A00C4E)}, + {UINT32_C(0x0A6C6B62), UINT32_C(0xA3250829), UINT32_C(0xD737FB84), + UINT32_C(0x87B8E1AE), UINT32_C(0xABFAF28B), UINT32_C(0xAE12680F), + UINT32_C(0xCBE25EAE), UINT32_C(0xE61C223E)}}, + {{UINT32_C(0x8F06D6A7), UINT32_C(0x431A2C28), UINT32_C(0xB32DD450), + UINT32_C(0x0EAB1B62), UINT32_C(0x133F6396), UINT32_C(0xE8E4CFEB), + UINT32_C(0x116E5F94), UINT32_C(0x7065C9CA)}, + {UINT32_C(0x69C4A684), UINT32_C(0xD35C4459), UINT32_C(0xFE0E5B68), + UINT32_C(0x3F2F9535), UINT32_C(0xDC1A2B11), UINT32_C(0x1059E7BB), + UINT32_C(0xB6D255F0), UINT32_C(0x0F2899F6)}}, + {{UINT32_C(0x59C88D6F), UINT32_C(0x20042BDE), UINT32_C(0xA5C414E6), + UINT32_C(0xBB3C7F5C), UINT32_C(0x028BA468), UINT32_C(0x1836F262), + UINT32_C(0x76E69F14), UINT32_C(0x9B278851)}, + {UINT32_C(0x55033478), UINT32_C(0x43FABC14), UINT32_C(0x752B768E), + UINT32_C(0x20AE7F21), UINT32_C(0x36D0DC3C), UINT32_C(0x21D22D87), + UINT32_C(0x6FDAAE5E), UINT32_C(0xFC5A5414)}}, + {{UINT32_C(0x77665332), UINT32_C(0xD292C78E), UINT32_C(0x15B51280), + UINT32_C(0xD929C2DE), UINT32_C(0x6AD007FC), UINT32_C(0xB88C3BE8), + UINT32_C(0xFE1E8903), UINT32_C(0xD5146B18)}, + {UINT32_C(0x46521C2D), UINT32_C(0x302F5ADE), UINT32_C(0x114CD824), + UINT32_C(0xD968DD88), UINT32_C(0x0AE73043), UINT32_C(0xB7ACDCF6), + UINT32_C(0x1710B41D), UINT32_C(0xF185B856)}}, + {{UINT32_C(0x5B0D71CA), UINT32_C(0x831CDF57), UINT32_C(0xC96DFA07), + UINT32_C(0x8B1626FB), UINT32_C(0x9659A13E), UINT32_C(0xD9124C55), + UINT32_C(0x1E7D7F95), UINT32_C(0x36ADFA2E)}, + {UINT32_C(0xBD0E1914), UINT32_C(0xADCC82B0), UINT32_C(0xB7DEC54A), + UINT32_C(0xAC4C9A2E), UINT32_C(0x6837C321), UINT32_C(0xD5CA8881), + UINT32_C(0x534EA944), UINT32_C(0xA4102F0D)}}, + {{UINT32_C(0xBDBF158D), UINT32_C(0xA8C3378D), UINT32_C(0x4CD1CAC0), + UINT32_C(0x3B7C68A8), UINT32_C(0x7B309CA0), UINT32_C(0x9EAB5661), + UINT32_C(0x27CED737), UINT32_C(0xD927A556)}, + {UINT32_C(0xB5EB2DFA), UINT32_C(0x68CC9E84), UINT32_C(0x7079A2AD), + UINT32_C(0xA230CCC2), UINT32_C(0xCE203091), UINT32_C(0xCA2D74A4), + UINT32_C(0xA0D8D97E), UINT32_C(0x3DFA5881)}}, + }, + { + {{UINT32_C(0x788DDFA9), UINT32_C(0xB37B0A32), UINT32_C(0x22DE8830), + UINT32_C(0x195E96FF), UINT32_C(0xE9970A54), UINT32_C(0x6746A7A8), + UINT32_C(0x32C3B8E3), UINT32_C(0xF8310204)}, + {UINT32_C(0x69D78B56), UINT32_C(0x8F88C4E5), UINT32_C(0x32E19CB5), + UINT32_C(0x552D9699), UINT32_C(0x75856ADB), UINT32_C(0x09922345), + UINT32_C(0x7F98D51E), UINT32_C(0x8D8E9C90)}}, + {{UINT32_C(0x2E08DA84), UINT32_C(0x9D690034), UINT32_C(0x5910338B), + UINT32_C(0xF5B19B0F), UINT32_C(0x1FA0BC39), UINT32_C(0x3FC4466E), + UINT32_C(0xF1112F63), UINT32_C(0xCA53DC42)}, + {UINT32_C(0x63A3DC0A), UINT32_C(0x92ACA6D6), UINT32_C(0x9419064C), + UINT32_C(0x8DCEDB90), UINT32_C(0x3A91D432), UINT32_C(0xF9FA275D), + UINT32_C(0xEAA0D1D8), UINT32_C(0x7E0A58C7)}}, + {{UINT32_C(0x8B8E24E8), UINT32_C(0x0AD17671), UINT32_C(0x02B1CEA8), + UINT32_C(0xE32D77D0), UINT32_C(0x60BD4D38), UINT32_C(0xE0D299E1), + UINT32_C(0x6C91EC2E), UINT32_C(0x1BFBA2BA)}, + {UINT32_C(0x70D20A36), UINT32_C(0xC088DD8B), UINT32_C(0x1229F50B), + UINT32_C(0xFDBF6F48), UINT32_C(0xBE6C6296), UINT32_C(0x92C76498), + UINT32_C(0x9DC37F91), UINT32_C(0xE683842B)}}, + {{UINT32_C(0x557C6F06), UINT32_C(0xD22F6193), UINT32_C(0x35632C35), + UINT32_C(0x1E63AAB1), UINT32_C(0x1937F1C0), UINT32_C(0xE29BF305), + UINT32_C(0x7A50026A), UINT32_C(0x0B466363)}, + {UINT32_C(0x17981C5A), UINT32_C(0x366F11B2), UINT32_C(0x519754DC), + UINT32_C(0xD6EE7B2F), UINT32_C(0x307D0E67), UINT32_C(0x5A97284A), + UINT32_C(0x64B277A0), UINT32_C(0xA557AD44)}}, + {{UINT32_C(0xCDDA4E80), UINT32_C(0x46BD9FA7), UINT32_C(0xCBC0F2A4), + UINT32_C(0x70370D7D), UINT32_C(0xEB29A60C), UINT32_C(0x3973FB1C), + UINT32_C(0x6231D5C7), UINT32_C(0x7981116C)}, + {UINT32_C(0xD602AFB6), UINT32_C(0x85103428), UINT32_C(0x5CD4AC6C), + UINT32_C(0x81F0C208), UINT32_C(0x15C1B416), UINT32_C(0x4F8B17D3), + UINT32_C(0xAB6F98D9), UINT32_C(0x44B41162)}}, + {{UINT32_C(0xD07A0E64), UINT32_C(0x2453A284), UINT32_C(0x2CFDC2EF), + UINT32_C(0x9213658C), UINT32_C(0x9D01AD31), UINT32_C(0x9A244F4A), + UINT32_C(0xC8B15211), UINT32_C(0xC425BB80)}, + {UINT32_C(0x4FA2620B), UINT32_C(0x9B8002CC), UINT32_C(0xC7507557), + UINT32_C(0x28BBF261), UINT32_C(0x5C049D63), UINT32_C(0x0073DBD3), + UINT32_C(0x48D8B4F1), UINT32_C(0x3AB8E2B8)}}, + {{UINT32_C(0xE7159CF5), UINT32_C(0xCD4EA6EF), UINT32_C(0xDDA7E74A), + UINT32_C(0xC905C7D3), UINT32_C(0x9F7845C9), UINT32_C(0x404F325C), + UINT32_C(0x045D2825), UINT32_C(0xDD3F6793)}, + {UINT32_C(0xF3B8412E), UINT32_C(0xA169AECA), UINT32_C(0xD9B038DC), + UINT32_C(0xDC57CAA3), UINT32_C(0x0BA059D8), UINT32_C(0xAC53FE9D), + UINT32_C(0x2D5104E5), UINT32_C(0x417DB31D)}}, + {{UINT32_C(0x53D02DEC), UINT32_C(0x106CA521), UINT32_C(0x981875AA), + UINT32_C(0xCC64E77F), UINT32_C(0xA7DD017F), UINT32_C(0x9EEBC562), + UINT32_C(0xE6B5A1B0), UINT32_C(0x4995637F)}, + {UINT32_C(0x0A4CA9CD), UINT32_C(0xB9443E49), UINT32_C(0x17946D86), + UINT32_C(0x0C2CB41C), UINT32_C(0x29C7ECD1), UINT32_C(0xD5C01D64), + UINT32_C(0x02F0168C), UINT32_C(0x9B983170)}}, + {{UINT32_C(0xAAD33D37), UINT32_C(0xD425E60C), UINT32_C(0x5A545F6B), + UINT32_C(0x34BFA0CB), UINT32_C(0xE6535512), UINT32_C(0x70A943BD), + UINT32_C(0x21121F6D), UINT32_C(0x18952C76)}, + {UINT32_C(0xEE465696), UINT32_C(0xE6682A52), UINT32_C(0xE0EB00BD), + UINT32_C(0x8D0360C8), UINT32_C(0x4A5941A8), UINT32_C(0x63F1453C), + UINT32_C(0x4AF638FD), UINT32_C(0x01E29963)}}, + {{UINT32_C(0x5DCE9965), UINT32_C(0x53D8E1BE), UINT32_C(0xDBD38FCF), + UINT32_C(0xDB50B654), UINT32_C(0x49FC2935), UINT32_C(0x8B202385), + UINT32_C(0x377CBD77), UINT32_C(0x084EBA46)}, + {UINT32_C(0x8E09632D), UINT32_C(0x8454F7A6), UINT32_C(0xE5758347), + UINT32_C(0x80F3A428), UINT32_C(0xA9CBFCB7), UINT32_C(0x4BB18F87), + UINT32_C(0xCA7C980E), UINT32_C(0xEDF2FFDC)}}, + {{UINT32_C(0x7DA1D450), UINT32_C(0x958562EF), UINT32_C(0x22DE90D0), + UINT32_C(0x3169FCFD), UINT32_C(0x77EC2951), UINT32_C(0xA1E3434C), + UINT32_C(0xE1BD8D64), UINT32_C(0xF39A9A6B)}, + {UINT32_C(0xE04F79B5), UINT32_C(0xC920CB6A), UINT32_C(0x60FF8EDF), + UINT32_C(0x762E6FB9), UINT32_C(0x929A95A7), UINT32_C(0x83DC8BFE), + UINT32_C(0x36B6CE1E), UINT32_C(0x49B513DA)}}, + {{UINT32_C(0xB8A345AC), UINT32_C(0x1920558F), UINT32_C(0x2C1DBB9D), + UINT32_C(0x54694F51), UINT32_C(0x3D0A5A7B), UINT32_C(0x18C9C4D3), + UINT32_C(0xBF750F4B), UINT32_C(0xA1FDBDF4)}, + {UINT32_C(0xC21A6881), UINT32_C(0xD5BD6686), UINT32_C(0xF3993386), + UINT32_C(0xB7B0A8D9), UINT32_C(0x97190F76), UINT32_C(0xD6E893DB), + UINT32_C(0x45616120), UINT32_C(0x4EB35724)}}, + {{UINT32_C(0x44585129), UINT32_C(0xB9418A31), UINT32_C(0x44CB598D), + UINT32_C(0x1323C7D5), UINT32_C(0xB70A073A), UINT32_C(0xC8FC3C4D), + UINT32_C(0xBB93F56C), UINT32_C(0x9C4CA7D3)}, + {UINT32_C(0xABC63C83), UINT32_C(0xE7CBE861), UINT32_C(0x0D0A169E), + UINT32_C(0x818FE43F), UINT32_C(0xC09A418C), UINT32_C(0xE94DF57D), + UINT32_C(0xF676897A), UINT32_C(0xA008A9B1)}}, + {{UINT32_C(0x935FA41B), UINT32_C(0x346428A4), UINT32_C(0xF8AEC139), + UINT32_C(0xC018CA23), UINT32_C(0x8BE1BE1F), UINT32_C(0x93A6F894), + UINT32_C(0x713C9374), UINT32_C(0xBBA1D4BE)}, + {UINT32_C(0x29775FEB), UINT32_C(0xE8DFED99), UINT32_C(0xEA7A5F66), + UINT32_C(0x1420D105), UINT32_C(0x94CE6E57), UINT32_C(0x7AAF838A), + UINT32_C(0x31BAE62C), UINT32_C(0x36BC1745)}}, + {{UINT32_C(0x96FD9F4B), UINT32_C(0x0B1573BE), UINT32_C(0x66A9D440), + UINT32_C(0x6A12D630), UINT32_C(0x5D85253D), UINT32_C(0xC196F2E3), + UINT32_C(0xF54C7E5C), UINT32_C(0x462984EB)}, + {UINT32_C(0x1D537418), UINT32_C(0x035AC614), UINT32_C(0xC1C6B59A), + UINT32_C(0x450380BD), UINT32_C(0x82379084), UINT32_C(0x7DD661B3), + UINT32_C(0xCD0C5A31), UINT32_C(0x4EB1FA9E)}}, + {{UINT32_C(0xCD13CF78), UINT32_C(0x6A43358D), UINT32_C(0xC239DDD9), + UINT32_C(0xCA0F888B), UINT32_C(0xFA0B00EE), UINT32_C(0x3A7D6291), + UINT32_C(0xBC7D9FF1), UINT32_C(0xB1CE7548)}, + {UINT32_C(0xF2A721D5), UINT32_C(0xA53E4309), UINT32_C(0x8F9CDC30), + UINT32_C(0xC7DB97B5), UINT32_C(0xC41F17DC), UINT32_C(0xAACE5A7E), + UINT32_C(0xF88931D1), UINT32_C(0xF1512053)}}, + }, + { + {{UINT32_C(0x33FA7CC4), UINT32_C(0x4DED7EEA), UINT32_C(0x4878A57E), + UINT32_C(0x46D34338), UINT32_C(0x3CA03752), UINT32_C(0x3886E71D), + UINT32_C(0xFB64FD08), UINT32_C(0x89B88F81)}, + {UINT32_C(0xD01CFCC7), UINT32_C(0x63B59D57), UINT32_C(0x92395B98), + UINT32_C(0x59B5489F), UINT32_C(0x85F9B49C), UINT32_C(0xFAC77233), + UINT32_C(0x5278F731), UINT32_C(0xFAFC41AA)}}, + {{UINT32_C(0x949A818A), UINT32_C(0x7A082DAB), UINT32_C(0xDF117A78), + UINT32_C(0xABEAE732), UINT32_C(0x125CF9D5), UINT32_C(0xAAD6B6A4), + UINT32_C(0x64782727), UINT32_C(0x6F2239AA)}, + {UINT32_C(0x085F79E7), UINT32_C(0x713D2218), UINT32_C(0xAC131FAC), + UINT32_C(0xD41F57FF), UINT32_C(0xB3AE0E8A), UINT32_C(0x284F357A), + UINT32_C(0x38DCC8D4), UINT32_C(0xC0D1EDAF)}}, + {{UINT32_C(0x188ED232), UINT32_C(0x18F3DA5C), UINT32_C(0xFF7FD9E3), + UINT32_C(0xB29166B9), UINT32_C(0x32779105), UINT32_C(0x8E8FA01C), + UINT32_C(0xB914002E), UINT32_C(0x9658E013)}, + {UINT32_C(0x7D257E24), UINT32_C(0xAA168701), UINT32_C(0x7779BCC9), + UINT32_C(0x6479EFB4), UINT32_C(0xA82A8F7C), UINT32_C(0x3EF8F20A), + UINT32_C(0x3EF2D040), UINT32_C(0xFAEDCFF4)}}, + {{UINT32_C(0xB47EDF91), UINT32_C(0x3702BF4C), UINT32_C(0x027A8CE4), + UINT32_C(0x6FC20945), UINT32_C(0xE76DB1F6), UINT32_C(0xE91F4E6D), + UINT32_C(0xE0D006ED), UINT32_C(0x6763CCFF)}, + {UINT32_C(0x7A176CF6), UINT32_C(0x363D1244), UINT32_C(0x139A15B2), + UINT32_C(0x6A18918E), UINT32_C(0x3740BD53), UINT32_C(0x07D24843), + UINT32_C(0x10AEC68F), UINT32_C(0xF46CAD7D)}}, + {{UINT32_C(0x6A913C0A), UINT32_C(0x8E8DAE4C), UINT32_C(0x324E5B39), + UINT32_C(0x387539ED), UINT32_C(0xE7EDC102), UINT32_C(0x1560B84B), + UINT32_C(0xEC252B86), UINT32_C(0x1A6215A9)}, + {UINT32_C(0x2F7E23C4), UINT32_C(0x797115A6), UINT32_C(0x46E24DA2), + UINT32_C(0x88928A89), UINT32_C(0xFB9BC591), UINT32_C(0xDFA13273), + UINT32_C(0x56E32561), UINT32_C(0x800B6950)}}, + {{UINT32_C(0xFDF8694F), UINT32_C(0xB77C8A95), UINT32_C(0x5A995282), + UINT32_C(0xAD110D2E), UINT32_C(0xBC415511), UINT32_C(0xFAF4C6F9), + UINT32_C(0x2675FA98), UINT32_C(0x1A220C94)}, + {UINT32_C(0x54B7754C), UINT32_C(0xE9CB1C63), UINT32_C(0xEF991A9B), + UINT32_C(0xCEF19642), UINT32_C(0x06DC63BB), UINT32_C(0xDAEAE2EC), + UINT32_C(0x5CF25E85), UINT32_C(0x8ACF18A0)}}, + {{UINT32_C(0xFFEB8918), UINT32_C(0xE80F87C8), UINT32_C(0x9B589283), + UINT32_C(0x5862CE59), UINT32_C(0x5E4952C6), UINT32_C(0x9B270461), + UINT32_C(0x05AB0853), UINT32_C(0xB69055EF)}, + {UINT32_C(0x2A5887C8), UINT32_C(0x3972459B), UINT32_C(0xDC0E50C7), + UINT32_C(0xE4AF5ED8), UINT32_C(0x5B95CA6F), UINT32_C(0x17E44D39), + UINT32_C(0xCEB23724), UINT32_C(0x1E4F9EAA)}}, + {{UINT32_C(0xA4330F18), UINT32_C(0x69B2198E), UINT32_C(0x5394E5B5), + UINT32_C(0x61F38C01), UINT32_C(0xD3A4D10D), UINT32_C(0x62CF25BE), + UINT32_C(0xD4BB6F61), UINT32_C(0x2E8BEE45)}, + {UINT32_C(0xA0B6DA1C), UINT32_C(0xB5C6B137), UINT32_C(0xE423AFDA), + UINT32_C(0x5695722A), UINT32_C(0xCA94A75D), UINT32_C(0xA94F7B52), + UINT32_C(0xA1A084B6), UINT32_C(0x66C739E4)}}, + {{UINT32_C(0xB99B98C4), UINT32_C(0x21CF6FD8), UINT32_C(0xF91A9C50), + UINT32_C(0x8864BDE5), UINT32_C(0xF8A81C5E), UINT32_C(0xFE8FBBDF), + UINT32_C(0x6D250BDD), UINT32_C(0x67D3D417)}, + {UINT32_C(0xC9A86CB2), UINT32_C(0xFF0B4C73), UINT32_C(0x9A81720A), + UINT32_C(0x9C01341A), UINT32_C(0xB14A52E9), UINT32_C(0x5CC5DFF1), + UINT32_C(0x2E81D8C1), UINT32_C(0x2624C4F4)}}, + {{UINT32_C(0xA8F231C9), UINT32_C(0x918998D3), UINT32_C(0x5CEE8015), + UINT32_C(0x964FEB53), UINT32_C(0xB36CFDDB), UINT32_C(0xF59DDDFF), + UINT32_C(0xAC457ED3), UINT32_C(0x41EC3DBA)}, + {UINT32_C(0x3B92357D), UINT32_C(0x81B0708F), UINT32_C(0xA8F69D94), + UINT32_C(0xE3AA9A6B), UINT32_C(0xF1B5D866), UINT32_C(0x3D644741), + UINT32_C(0x557419AB), UINT32_C(0x95EFBBBC)}}, + {{UINT32_C(0x6C96935D), UINT32_C(0x7A1CDC9F), UINT32_C(0xA59AC625), + UINT32_C(0x9052B7F5), UINT32_C(0xFB94812A), UINT32_C(0x4E577CD0), + UINT32_C(0x3253CDC6), UINT32_C(0x6F81C37C)}, + {UINT32_C(0x7ED42DF3), UINT32_C(0xDD9D6E75), UINT32_C(0x21DE354B), + UINT32_C(0x29877B1C), UINT32_C(0xAD9B69E0), UINT32_C(0x9C48562B), + UINT32_C(0x909C8729), UINT32_C(0x6B5809E3)}}, + {{UINT32_C(0x3308B299), UINT32_C(0x6DE41B6B), UINT32_C(0xDD64B41E), + UINT32_C(0x011716BA), UINT32_C(0x4FD199ED), UINT32_C(0x7448EC93), + UINT32_C(0x89A5E174), UINT32_C(0xF92A73A8)}, + {UINT32_C(0x2A838869), UINT32_C(0x69CBE15B), UINT32_C(0x604F861D), + UINT32_C(0xD9D459A2), UINT32_C(0x61FA8614), UINT32_C(0xA975EBF3), + UINT32_C(0xC6174AF6), UINT32_C(0xE919FE9F)}}, + {{UINT32_C(0xC20EE256), UINT32_C(0xFA2EAFAC), UINT32_C(0x4C165773), + UINT32_C(0xD36E0E62), UINT32_C(0xED237EFC), UINT32_C(0x47A2BA6F), + UINT32_C(0x9AAFC2A1), UINT32_C(0xB1B33374)}, + {UINT32_C(0xB896E7E2), UINT32_C(0x40C329B3), UINT32_C(0xEC8258C1), + UINT32_C(0x8DBDC94E), UINT32_C(0x30C3B95C), UINT32_C(0xC584DDE8), + UINT32_C(0x601F14F3), UINT32_C(0xF778FDFE)}}, + {{UINT32_C(0x2A91ACC0), UINT32_C(0xBA978353), UINT32_C(0x45907A5E), + UINT32_C(0xCF343102), UINT32_C(0x010CC756), UINT32_C(0x714C3E9D), + UINT32_C(0xA8FE987E), UINT32_C(0x35B0C956)}, + {UINT32_C(0xC4517685), UINT32_C(0x32D66485), UINT32_C(0xD97BDDE6), + UINT32_C(0xE6BE583A), UINT32_C(0x1F7D9B96), UINT32_C(0xCF90C769), + UINT32_C(0x35E97010), UINT32_C(0x601AF0E9)}}, + {{UINT32_C(0xB33382FE), UINT32_C(0x4616E5A4), UINT32_C(0x42D94635), + UINT32_C(0xE16A1CFF), UINT32_C(0x5A188964), UINT32_C(0x4D271F62), + UINT32_C(0x03BC3D72), UINT32_C(0x145629F7)}, + {UINT32_C(0x8BF79E80), UINT32_C(0x2B27031C), UINT32_C(0xE0A6DEDF), + UINT32_C(0xEC11D604), UINT32_C(0xAFB21AD2), UINT32_C(0xC8787A78), + UINT32_C(0x5E318C3B), UINT32_C(0x0D0ED625)}}, + {{UINT32_C(0xB76250C2), UINT32_C(0xAD5F5B33), UINT32_C(0x1DA57313), + UINT32_C(0x1E319394), UINT32_C(0x8E8787B3), UINT32_C(0xA2664BA5), + UINT32_C(0xAF812EA6), UINT32_C(0xBBAC2F63)}, + {UINT32_C(0x13E77049), UINT32_C(0xB24A4798), UINT32_C(0xE738B6FE), + UINT32_C(0x6698858E), UINT32_C(0xAD8CB572), UINT32_C(0x1D1EE428), + UINT32_C(0x41FA28AB), UINT32_C(0x8D7CB097)}}, + }, + { + {{UINT32_C(0x6A975D8B), UINT32_C(0x196BE23C), UINT32_C(0xDE2AEF07), + UINT32_C(0x6D7848F8), UINT32_C(0x88971BDF), UINT32_C(0x880E9C1B), + UINT32_C(0x9617507C), UINT32_C(0xA0B61EBF)}, + {UINT32_C(0xB558D193), UINT32_C(0x7881E1CC), UINT32_C(0x27EFE5DB), + UINT32_C(0x8E3EB39E), UINT32_C(0xA94FBC74), UINT32_C(0x78BC5008), + UINT32_C(0x05B737B4), UINT32_C(0x1A4B3DB7)}}, + {{UINT32_C(0xFA650F2E), UINT32_C(0xF131A5B1), UINT32_C(0x20DA5A45), + UINT32_C(0x3CAA49A5), UINT32_C(0xC2438F2B), UINT32_C(0x24FED3B9), + UINT32_C(0xDA6B04EF), UINT32_C(0x2CC1DD26)}, + {UINT32_C(0xF4E712BA), UINT32_C(0x2A127B3B), UINT32_C(0x68312CB3), + UINT32_C(0x0B70938A), UINT32_C(0x7B0FBDEE), UINT32_C(0x6AD2EA01), + UINT32_C(0xBE454E4D), UINT32_C(0x3ACAD928)}}, + {{UINT32_C(0xFF55EE27), UINT32_C(0x439EE637), UINT32_C(0x4197B103), + UINT32_C(0x4582AF54), UINT32_C(0xA4F51DF0), UINT32_C(0x9EB0314A), + UINT32_C(0x8EA0AFF9), UINT32_C(0xC36D2248)}, + {UINT32_C(0x2FB634DB), UINT32_C(0xCED23286), UINT32_C(0x717DE21D), + UINT32_C(0x7E6DC894), UINT32_C(0xBDDEAA23), UINT32_C(0x26790435), + UINT32_C(0xC60F5F3D), UINT32_C(0x85E9B4C1)}}, + {{UINT32_C(0xD5636AB2), UINT32_C(0xA711EF88), UINT32_C(0x29744971), + UINT32_C(0xFFB5A3A8), UINT32_C(0x7367F41D), UINT32_C(0x771631A0), + UINT32_C(0x6406B576), UINT32_C(0xBFB67BFA)}, + {UINT32_C(0x27651342), UINT32_C(0x131D1159), UINT32_C(0x46E3F66A), + UINT32_C(0xAC7E214A), UINT32_C(0x3EB4550E), UINT32_C(0x0AAC82C6), + UINT32_C(0x223B5174), UINT32_C(0x8559E605)}}, + {{UINT32_C(0x6752E22D), UINT32_C(0x2AAB71E0), UINT32_C(0x8D49ECE1), + UINT32_C(0x4D5F1957), UINT32_C(0x6BEE4AAD), UINT32_C(0x0AA0EC0F), + UINT32_C(0x5F7CD806), UINT32_C(0x39370E73)}, + {UINT32_C(0x632CFCDD), UINT32_C(0x58FD71FC), UINT32_C(0xBA368B2B), + UINT32_C(0x3D4620C7), UINT32_C(0x0D8CFEC7), UINT32_C(0x04F4292A), + UINT32_C(0x3958AF0F), UINT32_C(0x63655048)}}, + {{UINT32_C(0xF61E86B5), UINT32_C(0x962C22EE), UINT32_C(0x8D14B7AB), + UINT32_C(0x374A3D0A), UINT32_C(0xCC9088B5), UINT32_C(0x474D0C8A), + UINT32_C(0x9410EF17), UINT32_C(0x860D7276)}, + {UINT32_C(0x189A1251), UINT32_C(0x3ECBF75E), UINT32_C(0xE8B9B799), + UINT32_C(0xE84818ED), UINT32_C(0xB53ECA19), UINT32_C(0xAB271286), + UINT32_C(0x3A839B17), UINT32_C(0x027357EC)}}, + {{UINT32_C(0xCD174988), UINT32_C(0xF53ADE08), UINT32_C(0x07BE5624), + UINT32_C(0x31B0CF0A), UINT32_C(0xED030FA9), UINT32_C(0xB6B01FAC), + UINT32_C(0x33788DFB), UINT32_C(0x1F5BE6BE)}, + {UINT32_C(0x149E8BCC), UINT32_C(0x422F2D64), UINT32_C(0x756EBBB8), + UINT32_C(0x547566E3), UINT32_C(0xF6901E1E), UINT32_C(0x3DB92D1B), + UINT32_C(0x6A0D05BC), UINT32_C(0xCB4F2933)}}, + {{UINT32_C(0xD88D80BA), UINT32_C(0xCEC6FE54), UINT32_C(0xF46BD447), + UINT32_C(0xF72B99A2), UINT32_C(0x01395763), UINT32_C(0x92576701), + UINT32_C(0xFCF5CB52), UINT32_C(0x222E4583)}, + {UINT32_C(0xB7A7A29C), UINT32_C(0xE9BE9305), UINT32_C(0x2DE6AC68), + UINT32_C(0x851409F0), UINT32_C(0xF623BF59), UINT32_C(0x356A9D64), + UINT32_C(0xF17991C6), UINT32_C(0x728C1B45)}}, + {{UINT32_C(0x76D1EE14), UINT32_C(0xD7178EAE), UINT32_C(0xF7355B21), + UINT32_C(0x97D88A40), UINT32_C(0xD8FD191B), UINT32_C(0x26EC5D87), + UINT32_C(0x49918B3A), UINT32_C(0xD03E01EC)}, + {UINT32_C(0x4C0BAB43), UINT32_C(0xF5A8C77C), UINT32_C(0xFC2F3545), + UINT32_C(0xE3B79537), UINT32_C(0xC8EC71B9), UINT32_C(0xC27E762D), + UINT32_C(0xF590D16B), UINT32_C(0x1A9CB95E)}}, + {{UINT32_C(0x3FE54A2A), UINT32_C(0xEDC8E4DE), UINT32_C(0x688FB8F5), + UINT32_C(0x6D700BE4), UINT32_C(0xC2EE31AD), UINT32_C(0x7CB13770), + UINT32_C(0xFCFF3124), UINT32_C(0x2C397D86)}, + {UINT32_C(0xA8727AA5), UINT32_C(0xD776CE7D), UINT32_C(0xBE4750B0), + UINT32_C(0x0A2AEF64), UINT32_C(0x99D9D493), UINT32_C(0x8DD77987), + UINT32_C(0x1B59A777), UINT32_C(0x87E6A8AE)}}, + {{UINT32_C(0xA8B7688A), UINT32_C(0xA330F53D), UINT32_C(0x55FC1FBB), + UINT32_C(0x7791F82D), UINT32_C(0xE64E0212), UINT32_C(0x4DADF4AE), + UINT32_C(0xD1276F1A), UINT32_C(0x35CF0460)}, + {UINT32_C(0x5A3A0AA3), UINT32_C(0x30DD755B), UINT32_C(0xBB71A09F), + UINT32_C(0x19F1E322), UINT32_C(0x5F519D1D), UINT32_C(0xE4C403BE), + UINT32_C(0x02FBF0A6), UINT32_C(0x37BEABA5)}}, + {{UINT32_C(0xFE51AC2A), UINT32_C(0x2213F75C), UINT32_C(0x378BD527), + UINT32_C(0xB606DBDE), UINT32_C(0x6A141A9F), UINT32_C(0xF620FEE0), + UINT32_C(0x315DEC75), UINT32_C(0xABC98F30)}, + {UINT32_C(0x7886593E), UINT32_C(0x4319D321), UINT32_C(0x300FD9F7), + UINT32_C(0x079C9A51), UINT32_C(0x803D9A1A), UINT32_C(0x31AA1F50), + UINT32_C(0x8AFC5A81), UINT32_C(0x5FD61247)}}, + {{UINT32_C(0x5A7B338C), UINT32_C(0x286CAD1D), UINT32_C(0x3CACA86D), + UINT32_C(0x02749FB9), UINT32_C(0xBBD73DCC), UINT32_C(0xD22930DE), + UINT32_C(0x9457DD3B), UINT32_C(0x7CD84A01)}, + {UINT32_C(0x6D2AE68C), UINT32_C(0xAD12ECFE), UINT32_C(0x25AC2BF6), + UINT32_C(0x7261B6F2), UINT32_C(0xAFCD9F79), UINT32_C(0x436737C0), + UINT32_C(0x19FD2468), UINT32_C(0x7197970B)}}, + {{UINT32_C(0x4BCD5BE5), UINT32_C(0x21D8EE08), UINT32_C(0x1BBB4AE6), + UINT32_C(0xDB783F9E), UINT32_C(0x4590DB53), UINT32_C(0x88A04207), + UINT32_C(0x684FC043), UINT32_C(0x34D40BAA)}, + {UINT32_C(0x9F4E1D9C), UINT32_C(0x597267FC), UINT32_C(0x28C384DA), + UINT32_C(0x9AAD1E1D), UINT32_C(0xB9959E1E), UINT32_C(0x8A3A23E5), + UINT32_C(0x196A21E9), UINT32_C(0x53F744FE)}}, + {{UINT32_C(0x369A2386), UINT32_C(0x07468891), UINT32_C(0x20008208), + UINT32_C(0xB080B9B5), UINT32_C(0x5BE5A264), UINT32_C(0xD0980B3D), + UINT32_C(0x962CC2F1), UINT32_C(0x5A2C8B0A)}, + {UINT32_C(0x3AA93D10), UINT32_C(0x81D30E71), UINT32_C(0xD109EE0D), + UINT32_C(0xFAD2A511), UINT32_C(0x2F2A4AD7), UINT32_C(0x5092615F), + UINT32_C(0x5D4B605E), UINT32_C(0x05F4A36A)}}, + {{UINT32_C(0xDD235E1E), UINT32_C(0x322C8CB1), UINT32_C(0xC8173E52), + UINT32_C(0x3B14C68E), UINT32_C(0x574904E4), UINT32_C(0x33636551), + UINT32_C(0xD7C2DC2D), UINT32_C(0xB4B65763)}, + {UINT32_C(0xB181A4D6), UINT32_C(0x8B3ED18A), UINT32_C(0xBD32168E), + UINT32_C(0x985DDA9C), UINT32_C(0x3C87D509), UINT32_C(0xA51C68AA), + UINT32_C(0x151E919F), UINT32_C(0xFC9F2925)}}, + }, + { + {{UINT32_C(0xC9740C53), UINT32_C(0xF3282B6A), UINT32_C(0x41DBE39F), + UINT32_C(0x03EACC2D), UINT32_C(0x67A8EFCD), UINT32_C(0xE8B03A50), + UINT32_C(0x5AE21E0C), UINT32_C(0xFFBD4DB7)}, + {UINT32_C(0x44D0D734), UINT32_C(0x54CF603D), UINT32_C(0x6CB67A47), + UINT32_C(0x0F18661E), UINT32_C(0x7B5EE4A9), UINT32_C(0x2C0FAB45), + UINT32_C(0x39E2058D), UINT32_C(0x6B1E81DB)}}, + {{UINT32_C(0x6DD39C2F), UINT32_C(0x6B4B3C04), UINT32_C(0x855CD4DE), + UINT32_C(0xFD4F3AF2), UINT32_C(0xE5A53210), UINT32_C(0xA36566B3), + UINT32_C(0x6A98E15E), UINT32_C(0x6C067309)}, + {UINT32_C(0xEE980506), UINT32_C(0x081BAAA6), UINT32_C(0x0C6A1B26), + UINT32_C(0x9A07BD11), UINT32_C(0x79B09922), UINT32_C(0xD456C89E), + UINT32_C(0xB09F5BA1), UINT32_C(0x9B5FAB01)}}, + {{UINT32_C(0xE4F0A0BD), UINT32_C(0xDB8ADA43), UINT32_C(0x3341B0BF), + UINT32_C(0x9F6AE901), UINT32_C(0x3152A32F), UINT32_C(0x097F8BD0), + UINT32_C(0xEEE86B2C), UINT32_C(0xCE9B738C)}, + {UINT32_C(0x6A823435), UINT32_C(0x64A9D62F), UINT32_C(0xF55DFA6D), + UINT32_C(0xB7B9B5AC), UINT32_C(0x83F5AF85), UINT32_C(0xB8C64EE2), + UINT32_C(0xC53C946C), UINT32_C(0x7013963B)}}, + {{UINT32_C(0xB0204D46), UINT32_C(0x72C4F2C7), UINT32_C(0x3B84BEE4), + UINT32_C(0x01911854), UINT32_C(0x898A4242), UINT32_C(0x4EDE3A9B), + UINT32_C(0x87443AA4), UINT32_C(0x0A1364B0)}, + {UINT32_C(0xDA496B1C), UINT32_C(0x09FAB15E), UINT32_C(0x886E4CE8), + UINT32_C(0x3566CD75), UINT32_C(0x8C69ECFA), UINT32_C(0x74773EE8), + UINT32_C(0x9063032E), UINT32_C(0x0C86FB14)}}, + {{UINT32_C(0x84DA5F49), UINT32_C(0x596E1E97), UINT32_C(0xF512A6C1), + UINT32_C(0xBD067C91), UINT32_C(0x689E184C), UINT32_C(0x4ED9FC16), + UINT32_C(0x0F0033D2), UINT32_C(0xAE33935B)}, + {UINT32_C(0xAFF6163B), UINT32_C(0xEF46C76C), UINT32_C(0x54F2F14D), + UINT32_C(0x89DAECE2), UINT32_C(0x59BE0CA1), UINT32_C(0x6C368DE5), + UINT32_C(0xAF653502), UINT32_C(0xC96802B0)}}, + {{UINT32_C(0xE06D0BC2), UINT32_C(0x59B05C7E), UINT32_C(0x554C1BB8), + UINT32_C(0x4259B65A), UINT32_C(0xAB9123FF), UINT32_C(0xC77E5958), + UINT32_C(0x1118396B), UINT32_C(0x042A023B)}, + {UINT32_C(0x596C9E61), UINT32_C(0xAAFC16A2), UINT32_C(0x08E0DDCE), + UINT32_C(0x825B3A5C), UINT32_C(0x13C56C3F), UINT32_C(0x6D492C0D), + UINT32_C(0x30903D53), UINT32_C(0xA01B0E41)}}, + {{UINT32_C(0x74509164), UINT32_C(0x265DE726), UINT32_C(0x209F9B7E), + UINT32_C(0x47BD6323), UINT32_C(0xE3F2D8F5), UINT32_C(0x4448718B), + UINT32_C(0x296C5422), UINT32_C(0xF11AA6C9)}, + {UINT32_C(0x60950C0C), UINT32_C(0x7E188D4D), UINT32_C(0x66FD3FD7), + UINT32_C(0xFDAFC74F), UINT32_C(0x56CE8E07), UINT32_C(0x2B50D5F4), + UINT32_C(0xF565D9DC), UINT32_C(0x2FA53226)}}, + {{UINT32_C(0x64F0F519), UINT32_C(0x0FAF6F56), UINT32_C(0xE34E3DDA), + UINT32_C(0x88F80D33), UINT32_C(0xD74CF0F8), UINT32_C(0x9EF7AFBB), + UINT32_C(0x79306489), UINT32_C(0x060C1EE1)}, + {UINT32_C(0xA7C588A7), UINT32_C(0x7CE7C34F), UINT32_C(0xFBF60D92), + UINT32_C(0x94A18D6E), UINT32_C(0x22D2DEC5), UINT32_C(0xD67CEFDC), + UINT32_C(0xA25C4F0C), UINT32_C(0x48421B35)}}, + {{UINT32_C(0x7F7E1D5C), UINT32_C(0x91025C93), UINT32_C(0xF030099B), + UINT32_C(0x8F6EFE67), UINT32_C(0x7C4C442E), UINT32_C(0x7A360F1C), + UINT32_C(0xFA52F273), UINT32_C(0xAC6B90FF)}, + {UINT32_C(0x667D95EA), UINT32_C(0xADEC831E), UINT32_C(0x73603FB1), + UINT32_C(0x29DED36C), UINT32_C(0x853BB106), UINT32_C(0x538FE859), + UINT32_C(0xFA2EC509), UINT32_C(0x74524D8A)}}, + {{UINT32_C(0x45925E45), UINT32_C(0xB0945F39), UINT32_C(0x93F17FCB), + UINT32_C(0x5DECE13D), UINT32_C(0x0AB7B02F), UINT32_C(0x59A4346A), + UINT32_C(0xA2E0C98D), UINT32_C(0x6E470D8D)}, + {UINT32_C(0x8E92CC1E), UINT32_C(0x8DE38B51), UINT32_C(0x7CD7D795), + UINT32_C(0x5366CDC4), UINT32_C(0x982B363F), UINT32_C(0xE6F089FE), + UINT32_C(0x9A6947F4), UINT32_C(0xBFFB066F)}}, + {{UINT32_C(0x3578E862), UINT32_C(0x6D0C7B99), UINT32_C(0xE29CAC22), + UINT32_C(0x7FE464A5), UINT32_C(0x8DE63C1A), UINT32_C(0x7C4E323F), + UINT32_C(0xCE013027), UINT32_C(0xC39E5F1D)}, + {UINT32_C(0xE2A7EE81), UINT32_C(0x680BF3EB), UINT32_C(0x4B00806B), + UINT32_C(0xD8AC0119), UINT32_C(0x6D530B42), UINT32_C(0x88E1C932), + UINT32_C(0xDEDEEE21), UINT32_C(0x027392E8)}}, + {{UINT32_C(0x4658BDD2), UINT32_C(0x223A01C7), UINT32_C(0xCC0B0CDE), + UINT32_C(0x78257A90), UINT32_C(0xFBA816F6), UINT32_C(0x542D429C), + UINT32_C(0xDBA885FF), UINT32_C(0x1A89D1AF)}, + {UINT32_C(0x84CDF649), UINT32_C(0x23E49B03), UINT32_C(0xB37CBF07), + UINT32_C(0x46434EF3), UINT32_C(0x80E368E9), UINT32_C(0x6033213F), + UINT32_C(0xA99062E3), UINT32_C(0x2A6ABF71)}}, + {{UINT32_C(0x3284CBD6), UINT32_C(0x0EB5F18A), UINT32_C(0x6E82E3A4), + UINT32_C(0xDE3CB9F1), UINT32_C(0xF2C11BC6), UINT32_C(0x7120C85D), + UINT32_C(0xEB4B1180), UINT32_C(0xE80C497E)}, + {UINT32_C(0xF1BE002B), UINT32_C(0x8748EF50), UINT32_C(0x5637198E), + UINT32_C(0x625C11CE), UINT32_C(0x73C57DF7), UINT32_C(0x00A11D38), + UINT32_C(0xC32F91AA), UINT32_C(0xD56A2129)}}, + {{UINT32_C(0x7C33925A), UINT32_C(0x7B3B197F), UINT32_C(0xF25ADCFE), + UINT32_C(0x74ED66DA), UINT32_C(0xE01B9050), UINT32_C(0x4502A03F), + UINT32_C(0x9EB8FF43), UINT32_C(0x1AC895BA)}, + {UINT32_C(0xB1CDB86B), UINT32_C(0x4276D6DE), UINT32_C(0x1B4FF068), + UINT32_C(0xEBBED54D), UINT32_C(0x749F2E4D), UINT32_C(0xD65E4097), + UINT32_C(0xFBD04F87), UINT32_C(0x96661A7B)}}, + {{UINT32_C(0x68358FC9), UINT32_C(0xC505AE87), UINT32_C(0x23A92299), + UINT32_C(0xA9EE67DF), UINT32_C(0x4844E0BD), UINT32_C(0x488D6056), + UINT32_C(0x0D6D2D87), UINT32_C(0x31EC3CEE)}, + {UINT32_C(0xBF0EEBAF), UINT32_C(0x9AC30A03), UINT32_C(0x7FAB562C), + UINT32_C(0x7069C739), UINT32_C(0x91037E54), UINT32_C(0x9C8BA57F), + UINT32_C(0xDF2301A0), UINT32_C(0x598D3F5E)}}, + {{UINT32_C(0xB5803441), UINT32_C(0xCA456B28), UINT32_C(0x5F1AF025), + UINT32_C(0x9DBF6392), UINT32_C(0x03B66AFA), UINT32_C(0x003984FA), + UINT32_C(0x005A634D), UINT32_C(0xA5268F77)}, + {UINT32_C(0x21DCE747), UINT32_C(0xC36FC8C5), UINT32_C(0x63D1D105), + UINT32_C(0xD9CDDD62), UINT32_C(0xDB78FC65), UINT32_C(0xF7D46E50), + UINT32_C(0x00EC2A7F), UINT32_C(0x45E8091E)}}, + }, + { + {{UINT32_C(0x1A89F319), UINT32_C(0xC75F9DF6), UINT32_C(0x8DB72E5B), + UINT32_C(0x07FDF045), UINT32_C(0x23496830), UINT32_C(0xC1545DEB), + UINT32_C(0x74F901C9), UINT32_C(0x803233B4)}, + {UINT32_C(0x0384551A), UINT32_C(0xB2F97BE8), UINT32_C(0x6B2116A1), + UINT32_C(0x39BC7F2B), UINT32_C(0x9421E72F), UINT32_C(0xF7F04C19), + UINT32_C(0xEB78BEA3), UINT32_C(0x76B396B1)}}, + {{UINT32_C(0x54A54506), UINT32_C(0xDBEED2EE), UINT32_C(0xED654872), + UINT32_C(0x1CC37B4A), UINT32_C(0x05725001), UINT32_C(0xCABDE41C), + UINT32_C(0x8E15FF9D), UINT32_C(0x07998D88)}, + {UINT32_C(0x4C8EA30F), UINT32_C(0x4A7EE1B5), UINT32_C(0xC81206A0), + UINT32_C(0x35B50E88), UINT32_C(0x48D21BB4), UINT32_C(0xC8D752C1), + UINT32_C(0x054153BF), UINT32_C(0xE2DD8EBB)}}, + {{UINT32_C(0x1A6E9ECB), UINT32_C(0x3FDA8BF8), UINT32_C(0x8C8AFEB4), + UINT32_C(0xE8B7627B), UINT32_C(0x352045AB), UINT32_C(0x4F3738BD), + UINT32_C(0x883837AF), UINT32_C(0xBA146059)}, + {UINT32_C(0x8A65C868), UINT32_C(0xCCA60154), UINT32_C(0x5C236043), + UINT32_C(0x98AA1B1C), UINT32_C(0x1753BE75), UINT32_C(0xE86B595E), + UINT32_C(0xDF64426A), UINT32_C(0x17860787)}}, + {{UINT32_C(0x7BB4C52F), UINT32_C(0x5DA07C15), UINT32_C(0x0970789B), + UINT32_C(0x1F3C6752), UINT32_C(0x99D8F959), UINT32_C(0x18E074BF), + UINT32_C(0xFCCAAC3E), UINT32_C(0x93C81FA3)}, + {UINT32_C(0x9503412A), UINT32_C(0xF9A197DA), UINT32_C(0x01155A83), + UINT32_C(0x62455A76), UINT32_C(0x994227B2), UINT32_C(0x9392808B), + UINT32_C(0x8301D617), UINT32_C(0x1E9928DB)}}, + {{UINT32_C(0x7B2D98BB), UINT32_C(0xCEFE1407), UINT32_C(0x1CFE8F0C), + UINT32_C(0x00E0E4B0), UINT32_C(0x65C29E1E), UINT32_C(0x66442EF7), + UINT32_C(0xF80D6E95), UINT32_C(0x75C83934)}, + {UINT32_C(0x7AD1E682), UINT32_C(0x68DAD116), UINT32_C(0x0FBD8665), + UINT32_C(0xCF2FF195), UINT32_C(0xC17AAAC5), UINT32_C(0x1CB46859), + UINT32_C(0x4EC1B813), UINT32_C(0xCEA040F6)}}, + {{UINT32_C(0x9F74F401), UINT32_C(0x90AD76B9), UINT32_C(0x018A2A87), + UINT32_C(0x068EB7B6), UINT32_C(0xEA441683), UINT32_C(0xB306DF7A), + UINT32_C(0xFA440F23), UINT32_C(0x898F94FF)}, + {UINT32_C(0x0B95C15A), UINT32_C(0xB44B6AD2), UINT32_C(0xA6723374), + UINT32_C(0xD2EF1F05), UINT32_C(0xBC2F82CF), UINT32_C(0xCA8437B8), + UINT32_C(0x4587BEBA), UINT32_C(0x83E41595)}}, + {{UINT32_C(0xD300E8A6), UINT32_C(0x97F97295), UINT32_C(0xE37011A7), + UINT32_C(0x284693B1), UINT32_C(0xC40D4060), UINT32_C(0x0B6BC62E), + UINT32_C(0x8CDBE471), UINT32_C(0x9D63CA23)}, + {UINT32_C(0x9C012014), UINT32_C(0x88205EE2), UINT32_C(0x8CC90A4D), + UINT32_C(0xA1D12730), UINT32_C(0x5B20ACB8), UINT32_C(0xF00D1068), + UINT32_C(0x6BC43C57), UINT32_C(0x12042EEC)}}, + {{UINT32_C(0xFAE1979A), UINT32_C(0xADECFE9A), UINT32_C(0x62B16C81), + UINT32_C(0xA29C402D), UINT32_C(0xDA57B92E), UINT32_C(0xEEDCC83D), + UINT32_C(0x650FE00D), UINT32_C(0x33A0ECA5)}, + {UINT32_C(0x494A141A), UINT32_C(0x64CE5337), UINT32_C(0x89A596E4), + UINT32_C(0xCD127AF4), UINT32_C(0x46FBD62A), UINT32_C(0x6C2CE6D8), + UINT32_C(0x94C1012B), UINT32_C(0x72859DAA)}}, + {{UINT32_C(0x300867C3), UINT32_C(0x6C1CC682), UINT32_C(0xE87D1615), + UINT32_C(0x46504A32), UINT32_C(0x4D83DEC3), UINT32_C(0x9E98E43E), + UINT32_C(0xE6266560), UINT32_C(0x54DA927B)}, + {UINT32_C(0x0F7772FB), UINT32_C(0x0F9AD885), UINT32_C(0xA2BECB7B), + UINT32_C(0x8D1CCF81), UINT32_C(0xBB2E1BFA), UINT32_C(0x01F37FD6), + UINT32_C(0x7D74C205), UINT32_C(0xE6760BBE)}}, + {{UINT32_C(0x8A192792), UINT32_C(0x5517CBEA), UINT32_C(0x33273AFA), + UINT32_C(0xFBF3C6D7), UINT32_C(0x227D96E4), UINT32_C(0xC38039D7), + UINT32_C(0x13B739F8), UINT32_C(0x6B3D1A9F)}, + {UINT32_C(0xDBE84961), UINT32_C(0x61D95C7E), UINT32_C(0x747DDE9E), + UINT32_C(0x2D7E3A58), UINT32_C(0xF914F81D), UINT32_C(0x96B99A0F), + UINT32_C(0x907B3729), UINT32_C(0xB0A87440)}}, + {{UINT32_C(0x48FE346C), UINT32_C(0x78C6727A), UINT32_C(0xD94CF310), + UINT32_C(0xBEE3EC2F), UINT32_C(0xE69AD258), UINT32_C(0x5DE8E89B), + UINT32_C(0xFE898C26), UINT32_C(0x4389160A)}, + {UINT32_C(0x8B5BD153), UINT32_C(0xB0A1DFCB), UINT32_C(0x1FC605E6), + UINT32_C(0x67DD64E9), UINT32_C(0x3AD3136F), UINT32_C(0x5511E440), + UINT32_C(0x35D39A12), UINT32_C(0xD257345D)}}, + {{UINT32_C(0xC04E4811), UINT32_C(0x6181A1CE), UINT32_C(0x097F8928), + UINT32_C(0x941D1B04), UINT32_C(0x7A96B1A6), UINT32_C(0x58B1C5E3), + UINT32_C(0xD4FBBAD0), UINT32_C(0xAD94582F)}, + {UINT32_C(0xE3AEB124), UINT32_C(0x7FD2F309), UINT32_C(0xCEA9E4A7), + UINT32_C(0xE203A55D), UINT32_C(0x4C56FF29), UINT32_C(0x66C92003), + UINT32_C(0x1547355C), UINT32_C(0x1861906D)}}, + {{UINT32_C(0x506A1CE0), UINT32_C(0xCD57FAB1), UINT32_C(0x83A57E67), + UINT32_C(0xBD704DDC), UINT32_C(0xDF9EDFD2), UINT32_C(0x9822FD56), + UINT32_C(0x3EBCBFF8), UINT32_C(0x644B126B)}, + {UINT32_C(0x19767FD0), UINT32_C(0x19009A89), UINT32_C(0x9254AD9B), + UINT32_C(0xB18223B0), UINT32_C(0x6CAA9857), UINT32_C(0x4D500CA2), + UINT32_C(0xFC569217), UINT32_C(0x6A71F10F)}}, + {{UINT32_C(0xEBD43FD8), UINT32_C(0x30401E62), UINT32_C(0x2483A619), + UINT32_C(0xF5237201), UINT32_C(0xFEA606B1), UINT32_C(0x58CC6CD1), + UINT32_C(0xECABE66B), UINT32_C(0xB68CA5B4)}, + {UINT32_C(0xE3BCD3B9), UINT32_C(0xFD0DDAB5), UINT32_C(0xF52E352C), + UINT32_C(0x21549FF1), UINT32_C(0x8729D91B), UINT32_C(0x836210CC), + UINT32_C(0xD50CCE7C), UINT32_C(0x7DD631E6)}}, + {{UINT32_C(0xC5777E0A), UINT32_C(0x04A04A93), UINT32_C(0x6BA31B9F), + UINT32_C(0x72789D96), UINT32_C(0xC745FC04), UINT32_C(0x5E180A04), + UINT32_C(0x8042A5AB), UINT32_C(0x6345425E)}, + {UINT32_C(0x1FCEFDC7), UINT32_C(0xF9387C15), UINT32_C(0x44F9BEE7), + UINT32_C(0xADC85A6D), UINT32_C(0x2A370E54), UINT32_C(0x2C52C515), + UINT32_C(0xCCBA3B50), UINT32_C(0x9AB0CE96)}}, + {{UINT32_C(0x8DDB0823), UINT32_C(0x49FA64B9), UINT32_C(0xC8EEA5D8), + UINT32_C(0x766A17D1), UINT32_C(0xF886F4E0), UINT32_C(0xB6C8DCDB), + UINT32_C(0x8E997669), UINT32_C(0x02FAFE37)}, + {UINT32_C(0x1AD443EF), UINT32_C(0x1C47F978), UINT32_C(0x1852F5DC), + UINT32_C(0x74560B80), UINT32_C(0xF84CB4A4), UINT32_C(0x3FB410A9), + UINT32_C(0xBA9AA688), UINT32_C(0x9B12FAD7)}}, + }, + { + {{UINT32_C(0x053928D8), UINT32_C(0x816A7516), UINT32_C(0x42AE7264), + UINT32_C(0x7E94F136), UINT32_C(0xCE07CE23), UINT32_C(0x23232C2F), + UINT32_C(0x4817D6EC), UINT32_C(0x01E4A0F2)}, + {UINT32_C(0xCC20AD14), UINT32_C(0x441A9B63), UINT32_C(0x0D21ECEE), + UINT32_C(0xFB48322F), UINT32_C(0xE18282F9), UINT32_C(0x3731DA85), + UINT32_C(0xBEBAC026), UINT32_C(0xC8B9BCE3)}}, + {{UINT32_C(0x864C3071), UINT32_C(0x02504FE7), UINT32_C(0x605CFDA0), + UINT32_C(0x36F81F1A), UINT32_C(0xBC696D66), UINT32_C(0x24E29169), + UINT32_C(0xCAE8BFE3), UINT32_C(0xA5825793)}, + {UINT32_C(0x11284998), UINT32_C(0xA83C1431), UINT32_C(0x664B7288), + UINT32_C(0x65C63D28), UINT32_C(0xF3D9324B), UINT32_C(0x27886C93), + UINT32_C(0x543E57E3), UINT32_C(0xC1113DF3)}}, + {{UINT32_C(0x7C6BCD50), UINT32_C(0x67D17CB6), UINT32_C(0xD22AFA9D), + UINT32_C(0x53D2035E), UINT32_C(0xAD10C93F), UINT32_C(0xE090F72F), + UINT32_C(0xFF7177C5), UINT32_C(0x3FE3363E)}, + {UINT32_C(0xC9EABC39), UINT32_C(0x4BCA027B), UINT32_C(0x3772AA3B), + UINT32_C(0x6CD8125D), UINT32_C(0x33BEB0CC), UINT32_C(0xDDECB4FF), + UINT32_C(0x48DBCA34), UINT32_C(0x93106DBB)}}, + {{UINT32_C(0x03333E51), UINT32_C(0x5D4AD42D), UINT32_C(0x18AC0012), + UINT32_C(0x91AE8BFF), UINT32_C(0x2547848D), UINT32_C(0x372A1896), + UINT32_C(0xF66137E4), UINT32_C(0x9674B667)}, + {UINT32_C(0x99DA2E79), UINT32_C(0xEB990770), UINT32_C(0x30AEC97A), + UINT32_C(0x895B9A52), UINT32_C(0x12360E0B), UINT32_C(0x0AAB007D), + UINT32_C(0x65466CC1), UINT32_C(0x4BB34E4A)}}, + {{UINT32_C(0x358F2214), UINT32_C(0x6355232F), UINT32_C(0x7A68B1AF), + UINT32_C(0x4D2E16E8), UINT32_C(0x36FCA6BB), UINT32_C(0xFA1C0EE4), + UINT32_C(0x3F86774C), UINT32_C(0xC72D46C0)}, + {UINT32_C(0xF43B746E), UINT32_C(0x1A7C248E), UINT32_C(0x8CE45BC2), + UINT32_C(0x9E6BDA4C), UINT32_C(0x5F1B337E), UINT32_C(0x5D034C38), + UINT32_C(0x839736DE), UINT32_C(0xE409C5B3)}}, + {{UINT32_C(0x45CBF3CD), UINT32_C(0xC2DFE29D), UINT32_C(0xEF2D2092), + UINT32_C(0xA89376E9), UINT32_C(0x0C966D8C), UINT32_C(0x383BFEE1), + UINT32_C(0xC007FB2F), UINT32_C(0xC0565256)}, + {UINT32_C(0x5FE005A0), UINT32_C(0xD301E371), UINT32_C(0xB1E72BEE), + UINT32_C(0x964EF9AB), UINT32_C(0xCF2D4524), UINT32_C(0xC94ED7D4), + UINT32_C(0x76F3EAB9), UINT32_C(0xB06A72DC)}}, + {{UINT32_C(0x76D1CDC3), UINT32_C(0x4A3982DE), UINT32_C(0xB2B7C677), + UINT32_C(0x0229EC30), UINT32_C(0xEABDA9E6), UINT32_C(0x5BAE8379), + UINT32_C(0x3CA82336), UINT32_C(0x8C2E812D)}, + {UINT32_C(0x2141B693), UINT32_C(0xA545EB61), UINT32_C(0x250B6C43), + UINT32_C(0x499D3300), UINT32_C(0x448E4754), UINT32_C(0x92E773D3), + UINT32_C(0x865B3E06), UINT32_C(0x92B8B5F0)}}, + {{UINT32_C(0x38815ECE), UINT32_C(0x2574779D), UINT32_C(0x51C44C46), + UINT32_C(0xCB2740A8), UINT32_C(0xED7A76FF), UINT32_C(0xBA413FE7), + UINT32_C(0xBF0AE035), UINT32_C(0xB9EAB0D8)}, + {UINT32_C(0x32BDF3A4), UINT32_C(0xA811CED0), UINT32_C(0x74CFAFA7), + UINT32_C(0x6AD5D116), UINT32_C(0xBDEB82AA), UINT32_C(0x880F52A6), + UINT32_C(0xEC63B3AD), UINT32_C(0x1231D57B)}}, + {{UINT32_C(0xBB91BA25), UINT32_C(0x6583C596), UINT32_C(0x14E678E0), + UINT32_C(0x269ED1FC), UINT32_C(0xA8904C0A), UINT32_C(0x214E210E), + UINT32_C(0x6AD1F785), UINT32_C(0xBE23E116)}, + {UINT32_C(0xAB28376F), UINT32_C(0x8143EF6F), UINT32_C(0x11C07B30), + UINT32_C(0x743853FC), UINT32_C(0x05BCB66B), UINT32_C(0x0727BA05), + UINT32_C(0xFA2E3FE3), UINT32_C(0xFE0967AE)}}, + {{UINT32_C(0xEE85640C), UINT32_C(0x826239CC), UINT32_C(0x6A040D08), + UINT32_C(0xABA664E5), UINT32_C(0xDF4B45E3), UINT32_C(0xDA0802DB), + UINT32_C(0xF7D6F8A5), UINT32_C(0x017AD4C2)}, + {UINT32_C(0x2BEE4F1F), UINT32_C(0x03C76842), UINT32_C(0x66990EBA), + UINT32_C(0xF931B274), UINT32_C(0x5492C621), UINT32_C(0xBD8E479B), + UINT32_C(0xD6D6724D), UINT32_C(0x8441E24E)}}, + {{UINT32_C(0xBAF86242), UINT32_C(0x7F959A76), UINT32_C(0x02C116BC), + UINT32_C(0x11C9C2DA), UINT32_C(0x53D9EAFA), UINT32_C(0x423EF58B), + UINT32_C(0xB6CF05E8), UINT32_C(0x4E44134E)}, + {UINT32_C(0xC2BDD9B5), UINT32_C(0xB4361DB0), UINT32_C(0x8A96C7C3), + UINT32_C(0x8A4C39AB), UINT32_C(0xB8CC028C), UINT32_C(0x15F01C4C), + UINT32_C(0x028EDEED), UINT32_C(0xA88E5E23)}}, + {{UINT32_C(0x99CD2B22), UINT32_C(0x933765CB), UINT32_C(0x7E1C3D02), + UINT32_C(0x4BD2D11C), UINT32_C(0x305F9FEE), UINT32_C(0x0EF8454F), + UINT32_C(0xC96C8F5D), UINT32_C(0x21AAA582)}, + {UINT32_C(0x301A9C6F), UINT32_C(0x7F08CB99), UINT32_C(0x88BEDA03), + UINT32_C(0xAF17D6A0), UINT32_C(0x64C1B3A7), UINT32_C(0x91F0C236), + UINT32_C(0x70417706), UINT32_C(0x684D9909)}}, + {{UINT32_C(0x34EF4348), UINT32_C(0x265DB2AB), UINT32_C(0x97E2A4B7), + UINT32_C(0x58E62449), UINT32_C(0x0CFEB464), UINT32_C(0xBA525AF5), + UINT32_C(0xFB1D7EA5), UINT32_C(0xDE18E1B8)}, + {UINT32_C(0xD7F49C81), UINT32_C(0x4DF8E48B), UINT32_C(0xA69B1527), + UINT32_C(0x8B6B5966), UINT32_C(0x0E6DCE29), UINT32_C(0x5B836D25), + UINT32_C(0x71653514), UINT32_C(0x751C064A)}}, + {{UINT32_C(0x5A1F5F71), UINT32_C(0xA9999D36), UINT32_C(0x5313814D), + UINT32_C(0x82F5FB2D), UINT32_C(0x381F39C0), UINT32_C(0x466E8A0A), + UINT32_C(0x654C305A), UINT32_C(0x69E74F5C)}, + {UINT32_C(0x293B7B3E), UINT32_C(0x59E6B68D), UINT32_C(0x0009EF15), + UINT32_C(0xC7F44D23), UINT32_C(0xC8780FE7), UINT32_C(0xC02830CC), + UINT32_C(0xF007EC91), UINT32_C(0xDC292106)}}, + {{UINT32_C(0x9C05E45F), UINT32_C(0x955F5DE7), UINT32_C(0x68123DBF), + UINT32_C(0xEA59D59B), UINT32_C(0xF52733AF), UINT32_C(0x3DC255C8), + UINT32_C(0x92A6D8D2), UINT32_C(0xF7A68E09)}, + {UINT32_C(0x2ABCDAFD), UINT32_C(0x758A4A06), UINT32_C(0xA0251632), + UINT32_C(0x5127D614), UINT32_C(0x4AAE66AD), UINT32_C(0x492910E8), + UINT32_C(0x4D284998), UINT32_C(0x733A3290)}}, + {{UINT32_C(0x64321A5C), UINT32_C(0x3449946A), UINT32_C(0x86A54655), + UINT32_C(0x793F0A49), UINT32_C(0xF100BEEB), UINT32_C(0x71A6DDEF), + UINT32_C(0x30BEAEB1), UINT32_C(0xDB34CD63)}, + {UINT32_C(0xCCA6D9AF), UINT32_C(0xB6039443), UINT32_C(0x67FF53B9), + UINT32_C(0xBFA8698D), UINT32_C(0xB6653DF0), UINT32_C(0xC94EC41B), + UINT32_C(0xEBB9B2A7), UINT32_C(0x6BE4B4E9)}}, + }, + { + {{UINT32_C(0xBE92A7B3), UINT32_C(0x4CE5F7DF), UINT32_C(0x73B3343E), + UINT32_C(0x47B3AE5B), UINT32_C(0x5B420387), UINT32_C(0x50F4F84E), + UINT32_C(0x88310928), UINT32_C(0x9F0AB1F2)}, + {UINT32_C(0xB12D1D1C), UINT32_C(0x74EBB140), UINT32_C(0x31AC2CBA), + UINT32_C(0x0AE6CEDD), UINT32_C(0xC21BDD1E), UINT32_C(0x32723384), + UINT32_C(0xD5C6C2CA), UINT32_C(0x6F96281A)}}, + {{UINT32_C(0xDCD19554), UINT32_C(0x6803BFA3), UINT32_C(0xBF57CDB0), + UINT32_C(0x4234C6C0), UINT32_C(0x997D12FE), UINT32_C(0xC945EC0C), + UINT32_C(0x9C54DA30), UINT32_C(0xA17EDB0E)}, + {UINT32_C(0xFC237636), UINT32_C(0x5CC6EF69), UINT32_C(0x36B02A53), + UINT32_C(0xE62BA958), UINT32_C(0x132E449A), UINT32_C(0x4432E65A), + UINT32_C(0x25C1D9FC), UINT32_C(0xECFF6FE0)}}, + {{UINT32_C(0xA340AF20), UINT32_C(0xE810F115), UINT32_C(0x89260E53), + UINT32_C(0x43BFBA7D), UINT32_C(0xE1E0F019), UINT32_C(0x0476496E), + UINT32_C(0xD2180FD0), UINT32_C(0xA348F9D5)}, + {UINT32_C(0xAAA7D4AC), UINT32_C(0x0DD877A0), UINT32_C(0xF2FDFF1B), + UINT32_C(0xD423CC00), UINT32_C(0x87FA9CA9), UINT32_C(0xE389D8F4), + UINT32_C(0x9B779EEB), UINT32_C(0xB7632E78)}}, + {{UINT32_C(0xC2BEEEAA), UINT32_C(0xFA966958), UINT32_C(0x7DCA9EAB), + UINT32_C(0x0C86AEBB), UINT32_C(0xDEC1E2ED), UINT32_C(0xF9FE0D01), + UINT32_C(0x64A2C031), UINT32_C(0x52B056F4)}, + {UINT32_C(0x3265FEF6), UINT32_C(0xEF9C4FCA), UINT32_C(0x399397BB), + UINT32_C(0x2B72B0CD), UINT32_C(0xBDF4F8DA), UINT32_C(0xAEBAB534), + UINT32_C(0xD912B515), UINT32_C(0xFE2FF212)}}, + {{UINT32_C(0xB490B135), UINT32_C(0x9ADB8E39), UINT32_C(0xD6225D98), + UINT32_C(0x3385307C), UINT32_C(0x2D072108), UINT32_C(0xF6321E23), + UINT32_C(0x58541EE0), UINT32_C(0xC601DCFA)}, + {UINT32_C(0xF3D24845), UINT32_C(0xA2C38FE7), UINT32_C(0xD9965A2A), + UINT32_C(0x4557C44D), UINT32_C(0x45EB8668), UINT32_C(0xFBD66B37), + UINT32_C(0x929B4677), UINT32_C(0x9D8EFD41)}}, + {{UINT32_C(0xE024336C), UINT32_C(0x979305E8), UINT32_C(0x972119E1), + UINT32_C(0xAC7AA44C), UINT32_C(0x45B83078), UINT32_C(0x8D836F49), + UINT32_C(0x4EDEFC45), UINT32_C(0x25A9109C)}, + {UINT32_C(0x2A833E9B), UINT32_C(0x3A257A86), UINT32_C(0x9A5ADEED), + UINT32_C(0x55C65B04), UINT32_C(0x1F0319D5), UINT32_C(0xDF61CB75), + UINT32_C(0x72226D0E), UINT32_C(0x1CC7716B)}}, + {{UINT32_C(0x04403982), UINT32_C(0x8AE22D43), UINT32_C(0xD536FAD4), + UINT32_C(0xFA823FF4), UINT32_C(0x900C62A8), UINT32_C(0xB48754F6), + UINT32_C(0xD83BEDF6), UINT32_C(0xDD769A75)}, + {UINT32_C(0xF594EB9F), UINT32_C(0x12C896B1), UINT32_C(0x501F6C2E), + UINT32_C(0xC4059242), UINT32_C(0x2B3B5866), UINT32_C(0xC7070600), + UINT32_C(0x61F47FDC), UINT32_C(0xB8816C0D)}}, + {{UINT32_C(0x15C01622), UINT32_C(0xD07BBC74), UINT32_C(0x700F7410), + UINT32_C(0x2A1B8C7E), UINT32_C(0x5E26F445), UINT32_C(0x03288C22), + UINT32_C(0x4C981A6C), UINT32_C(0x9F677C26)}, + {UINT32_C(0xDC6B7767), UINT32_C(0x529AD175), UINT32_C(0x0CB6A4DB), + UINT32_C(0x331B6FBB), UINT32_C(0x5518C5BB), UINT32_C(0x74759CEA), + UINT32_C(0x03FF7788), UINT32_C(0xF531DDCC)}}, + {{UINT32_C(0x23DB5B38), UINT32_C(0xC4D32F41), UINT32_C(0x6F71CBD5), + UINT32_C(0xD2FA5329), UINT32_C(0xDA2AC80F), UINT32_C(0x9611DCFB), + UINT32_C(0xC6CF8C94), UINT32_C(0x30A24F0C)}, + {UINT32_C(0xE9A95532), UINT32_C(0x8FD5FA0C), UINT32_C(0xA63B1B27), + UINT32_C(0xAA32B969), UINT32_C(0xFEAC9175), UINT32_C(0xF3851092), + UINT32_C(0xDA6E2F94), UINT32_C(0xA455A54C)}}, + {{UINT32_C(0x965A1AFF), UINT32_C(0xDBB4F9FB), UINT32_C(0xFF03B9E8), + UINT32_C(0x6E1B708E), UINT32_C(0x04EB7663), UINT32_C(0xE5F36ACF), + UINT32_C(0x1332DCFF), UINT32_C(0xD64A63B6)}, + {UINT32_C(0xC6F1A8AE), UINT32_C(0x52CCA410), UINT32_C(0x2D7676EE), + UINT32_C(0x5F45F0BC), UINT32_C(0xDF0282DF), UINT32_C(0xA6A792E9), + UINT32_C(0xB0E40316), UINT32_C(0x587B41DD)}}, + {{UINT32_C(0x9B222927), UINT32_C(0xED42BD64), UINT32_C(0x2C91203F), + UINT32_C(0x6E23C060), UINT32_C(0xC804758B), UINT32_C(0xA86A0916), + UINT32_C(0xDD6CADE2), UINT32_C(0x411CEE95)}, + {UINT32_C(0x6059064D), UINT32_C(0x79F9A76F), UINT32_C(0x4A07B3C2), + UINT32_C(0x516D7B8F), UINT32_C(0xCB58546F), UINT32_C(0xB7638FA1), + UINT32_C(0x34ECDE60), UINT32_C(0x6626B2D9)}}, + {{UINT32_C(0x9CEA2617), UINT32_C(0x55E9DAFC), UINT32_C(0x3C2AC4CE), + UINT32_C(0x82E8D71E), UINT32_C(0xEB9E419B), UINT32_C(0x8326671D), + UINT32_C(0xA62A48D2), UINT32_C(0x24AD6DD4)}, + {UINT32_C(0x3EA12497), UINT32_C(0xA3B2ED2F), UINT32_C(0xD04EDCD4), + UINT32_C(0x0159163C), UINT32_C(0x5DB42F26), UINT32_C(0xFAA67F4E), + UINT32_C(0x92CAEA4C), UINT32_C(0x17E1CB50)}}, + {{UINT32_C(0xC82FF816), UINT32_C(0x62177B8E), UINT32_C(0x2A2F7265), + UINT32_C(0x550111C0), UINT32_C(0x49D34F40), UINT32_C(0x25CF45BD), + UINT32_C(0x57832334), UINT32_C(0x1C1A0B4F)}, + {UINT32_C(0x90C2E339), UINT32_C(0xDEC3A3B3), UINT32_C(0x23C74EF6), + UINT32_C(0xCFC2903D), UINT32_C(0x03C85027), UINT32_C(0x7F078C9C), + UINT32_C(0x94AA3A80), UINT32_C(0x436F30B7)}}, + {{UINT32_C(0xE36F6ED3), UINT32_C(0x2B92532A), UINT32_C(0x87739ADD), + UINT32_C(0x14C9A3C8), UINT32_C(0x0F52D2AB), UINT32_C(0x6EED1574), + UINT32_C(0x312A8650), UINT32_C(0x45C0F627)}, + {UINT32_C(0x4D38BAC6), UINT32_C(0x70799C9A), UINT32_C(0x4F27AFF3), + UINT32_C(0x1BE85B45), UINT32_C(0xB10F8C5A), UINT32_C(0xB7924C27), + UINT32_C(0x09445274), UINT32_C(0x41B183BC)}}, + {{UINT32_C(0x47A7CEF9), UINT32_C(0xFB43861B), UINT32_C(0x815700C8), + UINT32_C(0x5CED698B), UINT32_C(0xD84843DF), UINT32_C(0x4BA42EFA), + UINT32_C(0x01E5B054), UINT32_C(0xB7A161DC)}, + {UINT32_C(0x769CB44E), UINT32_C(0x06E032BC), UINT32_C(0x8FE85B83), + UINT32_C(0xAB2A6C1C), UINT32_C(0x3ED6FEFD), UINT32_C(0x6E3F76D6), + UINT32_C(0xE3D9A9A6), UINT32_C(0x83BC5A77)}}, + {{UINT32_C(0x519B675E), UINT32_C(0x840A1A7C), UINT32_C(0x60114A86), + UINT32_C(0x1A23B1D0), UINT32_C(0xA6D35165), UINT32_C(0xA70D4CD9), + UINT32_C(0xDD15BC09), UINT32_C(0xB85A7A02)}, + {UINT32_C(0x2B90CBAE), UINT32_C(0xBB16DFAC), UINT32_C(0xD0B88998), + UINT32_C(0x0D79D662), UINT32_C(0x4C837446), UINT32_C(0x26031566), + UINT32_C(0xC676563A), UINT32_C(0x84F813BE)}}, + }, + { + {{UINT32_C(0x53187AA5), UINT32_C(0xB924C209), UINT32_C(0x71FEF056), + UINT32_C(0xF48B71BE), UINT32_C(0x64D96D4E), UINT32_C(0x6DBE2BB1), + UINT32_C(0xD6243D76), UINT32_C(0x39431F9D)}, + {UINT32_C(0x70B0FB54), UINT32_C(0xA16AD319), UINT32_C(0x24947691), + UINT32_C(0xE0DBFA7E), UINT32_C(0x26FA488C), UINT32_C(0x79F5E350), + UINT32_C(0xCB7BBFC3), UINT32_C(0x1D4BEF31)}}, + {{UINT32_C(0xBA302229), UINT32_C(0x98D1D434), UINT32_C(0x4752FC22), + UINT32_C(0xD69B84D5), UINT32_C(0xFC89B366), UINT32_C(0xDF64ABAB), + UINT32_C(0x1FFA5A86), UINT32_C(0xCAD34A78)}, + {UINT32_C(0x89FECF33), UINT32_C(0xCB182EF7), UINT32_C(0xFAD468FE), + UINT32_C(0xF584EAC7), UINT32_C(0x12192DF7), UINT32_C(0xBCE50A67), + UINT32_C(0x2C674C0A), UINT32_C(0xA0AF7E14)}}, + {{UINT32_C(0xE971F03A), UINT32_C(0x106F6C92), UINT32_C(0xA0AF9DE2), + UINT32_C(0x3EF76714), UINT32_C(0x8A56A600), UINT32_C(0xD7C94C18), + UINT32_C(0x113024CB), UINT32_C(0x148C3372)}, + {UINT32_C(0x4F1E0045), UINT32_C(0xC4414B8C), UINT32_C(0x3C5940E0), + UINT32_C(0x484368DF), UINT32_C(0x40059400), UINT32_C(0x4BE4C591), + UINT32_C(0x98567A3B), UINT32_C(0x08C18D1E)}}, + {{UINT32_C(0xF565667D), UINT32_C(0x9BAB9F99), UINT32_C(0xBA6012C9), + UINT32_C(0x8CB455F8), UINT32_C(0x8C99D3D3), UINT32_C(0x5893806F), + UINT32_C(0xC225BFA6), UINT32_C(0x86AC6780)}, + {UINT32_C(0x25EBC23B), UINT32_C(0xD2597A55), UINT32_C(0x67774D0D), + UINT32_C(0x0E4756CB), UINT32_C(0x324AC4F8), UINT32_C(0xD9ECE566), + UINT32_C(0x2D44D0C4), UINT32_C(0x7306D3FD)}}, + {{UINT32_C(0xE864ADB2), UINT32_C(0x0E4F08E3), UINT32_C(0x506E31AF), + UINT32_C(0x0CB289B7), UINT32_C(0x3064914D), UINT32_C(0x3156CE7D), + UINT32_C(0x4312B695), UINT32_C(0x19BC7516)}, + {UINT32_C(0xF3F92668), UINT32_C(0xA32FF9A5), UINT32_C(0xF7218000), + UINT32_C(0x27FACBE7), UINT32_C(0xF160AE6D), UINT32_C(0x94256A4E), + UINT32_C(0x2B29FDCF), UINT32_C(0x370001D8)}}, + {{UINT32_C(0xC741D5E4), UINT32_C(0x4C5F282C), UINT32_C(0x6DE92087), + UINT32_C(0x57FABB11), UINT32_C(0x454817CB), UINT32_C(0x700C9AE0), + UINT32_C(0xC89C9396), UINT32_C(0xFE69F411)}, + {UINT32_C(0xB5A7D681), UINT32_C(0x58E3C9A3), UINT32_C(0x46861C6D), + UINT32_C(0x470A7722), UINT32_C(0x09F109BF), UINT32_C(0xEC768AB3), + UINT32_C(0xC437ED33), UINT32_C(0x942C6E94)}}, + {{UINT32_C(0x66CC5844), UINT32_C(0xF1147AEB), UINT32_C(0xE98E6D2A), + UINT32_C(0x63613B08), UINT32_C(0x603AB32D), UINT32_C(0x116A90B2), + UINT32_C(0xC8BFE3F9), UINT32_C(0x4EC010B0)}, + {UINT32_C(0x6ADE25FE), UINT32_C(0x0C777B8F), UINT32_C(0x9CE22D89), + UINT32_C(0x001D4EAA), UINT32_C(0x44AC47C8), UINT32_C(0x6DB9CCB7), + UINT32_C(0x4EC30B46), UINT32_C(0x6F302A54)}}, + {{UINT32_C(0x45BD06FF), UINT32_C(0x0D3570F0), UINT32_C(0x31CD21E4), + UINT32_C(0x801DC949), UINT32_C(0x5415144F), UINT32_C(0xA41E2412), + UINT32_C(0xECE94C65), UINT32_C(0xBAE09CA9)}, + {UINT32_C(0x2F97570E), UINT32_C(0x4260198E), UINT32_C(0xF46490F6), + UINT32_C(0xA259AFD2), UINT32_C(0x3C4FB96C), UINT32_C(0x00F2ABC6), + UINT32_C(0x2EEF07BE), UINT32_C(0x0EFC09B0)}}, + {{UINT32_C(0x1B6FC753), UINT32_C(0xA4B6AA1E), UINT32_C(0x75730769), + UINT32_C(0x234F0CC6), UINT32_C(0x57A95F95), UINT32_C(0x0AFA2A7A), + UINT32_C(0x9B03EF9F), UINT32_C(0x890E1525)}, + {UINT32_C(0x63CFC138), UINT32_C(0xDC7175D6), UINT32_C(0x1160EB2F), + UINT32_C(0xABE382C2), UINT32_C(0x87543983), UINT32_C(0x4F1C814E), + UINT32_C(0x92141325), UINT32_C(0x6FE1CB1B)}}, + {{UINT32_C(0x3A0AAF9E), UINT32_C(0x8B3D3BED), UINT32_C(0x0BE4ACEB), + UINT32_C(0xBC96D843), UINT32_C(0xFA286283), UINT32_C(0x0B0FE631), + UINT32_C(0x4FB40200), UINT32_C(0x0F56D817)}, + {UINT32_C(0x9822D0DF), UINT32_C(0xB127B480), UINT32_C(0xA6EF4CEA), + UINT32_C(0x4371E41B), UINT32_C(0x7020B057), UINT32_C(0x137094FB), + UINT32_C(0x417D00D4), UINT32_C(0xCF389055)}}, + {{UINT32_C(0x74538FFF), UINT32_C(0x8523314F), UINT32_C(0xF6F98371), + UINT32_C(0x6EA73224), UINT32_C(0x5968F573), UINT32_C(0x63963B7A), + UINT32_C(0x566859A5), UINT32_C(0x6D164517)}, + {UINT32_C(0xC16D87EA), UINT32_C(0xDC821FF3), UINT32_C(0x212B5026), + UINT32_C(0xABE871CD), UINT32_C(0x0D22A44E), UINT32_C(0x21B5E538), + UINT32_C(0x61F867FC), UINT32_C(0xC9996395)}}, + {{UINT32_C(0xDF0EA29A), UINT32_C(0x1CCF304A), UINT32_C(0xB89980EA), + UINT32_C(0x8ACBE8E6), UINT32_C(0x1DA4A141), UINT32_C(0x3E0EA648), + UINT32_C(0x219E4744), UINT32_C(0x3EFDBA52)}, + {UINT32_C(0x7CEEB8F6), UINT32_C(0x66462315), UINT32_C(0xAB44289C), + UINT32_C(0x58B60B9A), UINT32_C(0x20358B74), UINT32_C(0x20E5CACA), + UINT32_C(0xE7B308D6), UINT32_C(0x127C38AF)}}, + {{UINT32_C(0x39AAF1DC), UINT32_C(0xC6DA108B), UINT32_C(0x6DCA2220), + UINT32_C(0x82102428), UINT32_C(0x145E622A), UINT32_C(0x14B458CE), + UINT32_C(0x3B180E3A), UINT32_C(0x3BBC3875)}, + {UINT32_C(0xACB7FD2F), UINT32_C(0x3AB22178), UINT32_C(0x3693D714), + UINT32_C(0x0E534530), UINT32_C(0xC7EC03E2), UINT32_C(0xC1FD929A), + UINT32_C(0x99A07EEB), UINT32_C(0xEB019C7F)}}, + {{UINT32_C(0x605BAC71), UINT32_C(0xADAF9A61), UINT32_C(0xB123EAAF), + UINT32_C(0xE0843223), UINT32_C(0xDDCFDE26), UINT32_C(0x30EC1468), + UINT32_C(0xFF6A1D88), UINT32_C(0x430D451A)}, + {UINT32_C(0x9ADC70DB), UINT32_C(0xBBDBE0F6), UINT32_C(0x1136BE03), + UINT32_C(0x9B46D033), UINT32_C(0x16BE0FE9), UINT32_C(0x52B6373C), + UINT32_C(0x61AE9043), UINT32_C(0xD33F05DC)}}, + {{UINT32_C(0x517FE3FE), UINT32_C(0xBE651548), UINT32_C(0xC6A5E772), + UINT32_C(0x05E62067), UINT32_C(0xC9485ED1), UINT32_C(0x2210D84D), + UINT32_C(0x8A6EEE11), UINT32_C(0x69FDE490)}, + {UINT32_C(0xA469DFB0), UINT32_C(0x17968DE0), UINT32_C(0x602D46DB), + UINT32_C(0xAC30D2F8), UINT32_C(0xEC069E78), UINT32_C(0xF657D86C), + UINT32_C(0xA31AEF88), UINT32_C(0x757DF3C5)}}, + {{UINT32_C(0xBF8603B5), UINT32_C(0x34A23983), UINT32_C(0x9D5F531B), + UINT32_C(0x94F00603), UINT32_C(0x67FD7EAE), UINT32_C(0x70E7A47E), + UINT32_C(0x8212C9E9), UINT32_C(0x6BB95327)}, + {UINT32_C(0x6F210F09), UINT32_C(0xC64BF6D6), UINT32_C(0x17E5C910), + UINT32_C(0xBCA4858E), UINT32_C(0x62AE32F9), UINT32_C(0x2A50C942), + UINT32_C(0x8CEFAD6A), UINT32_C(0x3EEBBC00)}}, + }, + { + {{UINT32_C(0x2F5FDC0D), UINT32_C(0xB173531F), UINT32_C(0x94545D45), + UINT32_C(0x8E20F422), UINT32_C(0xF89FEB01), UINT32_C(0x93670135), + UINT32_C(0x9AB69A17), UINT32_C(0xAF918DC6)}, + {UINT32_C(0x506FEFFF), UINT32_C(0xF51BC727), UINT32_C(0xA4265311), + UINT32_C(0x422F1DA2), UINT32_C(0xE7BC3D42), UINT32_C(0xE51DAAB5), + UINT32_C(0x18C5EFA9), UINT32_C(0xF84E403F)}}, + {{UINT32_C(0x8D74D480), UINT32_C(0x8FABB8B5), UINT32_C(0xA79780E4), + UINT32_C(0x5D5E811F), UINT32_C(0x1A913E41), UINT32_C(0xAB5D6056), + UINT32_C(0xC20FE5F7), UINT32_C(0x25752259)}, + {UINT32_C(0xCC886DF1), UINT32_C(0x90E0AE01), UINT32_C(0xA9B62A8C), + UINT32_C(0x6AE21693), UINT32_C(0x8EB63740), UINT32_C(0x8B091617), + UINT32_C(0xFA4582E1), UINT32_C(0xF606D236)}}, + {{UINT32_C(0x12A7274D), UINT32_C(0x76853711), UINT32_C(0x7D831725), + UINT32_C(0x5DD7D95C), UINT32_C(0xF83F65DA), UINT32_C(0xDBC498E2), + UINT32_C(0x32C7C02C), UINT32_C(0xE3233286)}, + {UINT32_C(0x663C0E96), UINT32_C(0x9DE9F6DF), UINT32_C(0x090A516E), + UINT32_C(0x1ADD83B5), UINT32_C(0x27746833), UINT32_C(0xA5E6F882), + UINT32_C(0x35C40F7E), UINT32_C(0x97EB65EF)}}, + {{UINT32_C(0xD8C7ACA5), UINT32_C(0xB86CFBFC), UINT32_C(0x6F3ACA13), + UINT32_C(0xCCBA7036), UINT32_C(0x773EDED2), UINT32_C(0x09270E7B), + UINT32_C(0x9A23BC52), UINT32_C(0x9C43B38F)}, + {UINT32_C(0x8521005C), UINT32_C(0x3E17E257), UINT32_C(0x90627F29), + UINT32_C(0xA42903E2), UINT32_C(0xD9399BCC), UINT32_C(0x507AF91E), + UINT32_C(0x4E4C7B9C), UINT32_C(0x01772018)}}, + {{UINT32_C(0xB3122C04), UINT32_C(0x45631565), UINT32_C(0xE01A0448), + UINT32_C(0x48EBF151), UINT32_C(0xA7C20146), UINT32_C(0x7A7C2CAE), + UINT32_C(0x16D538DE), UINT32_C(0xFABF60D7)}, + {UINT32_C(0x1C97AA24), UINT32_C(0xF9A06A3A), UINT32_C(0xAA8EE3BB), + UINT32_C(0xDC3A9E61), UINT32_C(0xF81D967D), UINT32_C(0xACED24DF), + UINT32_C(0xA06C9381), UINT32_C(0x1CFF0126)}}, + {{UINT32_C(0xAE9BB942), UINT32_C(0xD8B3E5EE), UINT32_C(0xE30B9A21), + UINT32_C(0xF7AB50D5), UINT32_C(0x94CC4EAE), UINT32_C(0x13338FC6), + UINT32_C(0xC30CB7DE), UINT32_C(0xABEFEBF9)}, + {UINT32_C(0x6FB3EB24), UINT32_C(0x72BFAD00), UINT32_C(0xEA140094), + UINT32_C(0x4B22DA33), UINT32_C(0x5F506970), UINT32_C(0x76F8ACC6), + UINT32_C(0x05756F3E), UINT32_C(0x2F120A74)}}, + {{UINT32_C(0xD869CAD0), UINT32_C(0xE6040F91), UINT32_C(0x177E259B), + UINT32_C(0x056E2D65), UINT32_C(0xF774D09F), UINT32_C(0x9505A12C), + UINT32_C(0x6A1BAB13), UINT32_C(0x7286E720)}, + {UINT32_C(0xFFAAD5BD), UINT32_C(0x7C5E2822), UINT32_C(0x9350F33D), + UINT32_C(0xE9AD2046), UINT32_C(0x112ED8A2), UINT32_C(0x74F184BF), + UINT32_C(0xCE5AEA10), UINT32_C(0xABC754C0)}}, + {{UINT32_C(0x9905D9A8), UINT32_C(0x75C8C1A9), UINT32_C(0xEC9A21E4), + UINT32_C(0x5CFEADBC), UINT32_C(0xC43A36E1), UINT32_C(0x227D7A65), + UINT32_C(0x3467E226), UINT32_C(0x3E808187)}, + {UINT32_C(0xB250B4FB), UINT32_C(0x223C5DAB), UINT32_C(0xB3ED6A96), + UINT32_C(0xA0B9AF8C), UINT32_C(0x60D1C260), UINT32_C(0x033055D4), + UINT32_C(0x546AF3D7), UINT32_C(0x5CB09441)}}, + {{UINT32_C(0x987046BA), UINT32_C(0x1EE8340B), UINT32_C(0x40CCB679), + UINT32_C(0x20A3A83A), UINT32_C(0xCEBC2086), UINT32_C(0xA7F30B4E), + UINT32_C(0xD6CE474D), UINT32_C(0x419E671D)}, + {UINT32_C(0x7BB9A8A5), UINT32_C(0xAC8EF20A), UINT32_C(0x7295C1D6), + UINT32_C(0xBD4DD76C), UINT32_C(0xA1CF415C), UINT32_C(0x7DF31235), + UINT32_C(0xC77351F8), UINT32_C(0x4D6C431D)}}, + {{UINT32_C(0x13FDB1B8), UINT32_C(0x8D092C1B), UINT32_C(0xA57C5626), + UINT32_C(0x24029C0A), UINT32_C(0xCC820507), UINT32_C(0xE0C627D6), + UINT32_C(0xE33149CC), UINT32_C(0x3733C834)}, + {UINT32_C(0xB02E95B9), UINT32_C(0x35297448), UINT32_C(0x656423C5), + UINT32_C(0xB64EB7D3), UINT32_C(0x96CE22AF), UINT32_C(0xD3A74EC9), + UINT32_C(0xC83963C6), UINT32_C(0xDC1A4C68)}}, + {{UINT32_C(0xFE1E8508), UINT32_C(0xC9C291AA), UINT32_C(0x6185C2FC), + UINT32_C(0xE8885B76), UINT32_C(0xF784F47D), UINT32_C(0x5E3C1419), + UINT32_C(0x3B6AC9A2), UINT32_C(0x42494E08)}, + {UINT32_C(0xDCFA84A9), UINT32_C(0x506F141F), UINT32_C(0x0B3D65A0), + UINT32_C(0xA15DE2B9), UINT32_C(0xC53C426E), UINT32_C(0xFD770E06), + UINT32_C(0x2DC15AC6), UINT32_C(0x05E0E509)}}, + {{UINT32_C(0xF72F03B5), UINT32_C(0x0FC75AD2), UINT32_C(0xCB7CD47D), + UINT32_C(0x04BEFB3D), UINT32_C(0x70D13D90), UINT32_C(0x2FF43133), + UINT32_C(0x165AF4A1), UINT32_C(0xDE47787F)}, + {UINT32_C(0xC7D54E2B), UINT32_C(0xD6C4D0F2), UINT32_C(0xF43F8509), + UINT32_C(0x0FA13F54), UINT32_C(0xA0BAC440), UINT32_C(0xDC53DD6B), + UINT32_C(0x39451ACD), UINT32_C(0xDA9C9603)}}, + {{UINT32_C(0x2D952C14), UINT32_C(0xA3AD73A1), UINT32_C(0x3826D25D), + UINT32_C(0x5BA6FD3B), UINT32_C(0x7CE389AA), UINT32_C(0x98282907), + UINT32_C(0x68C5CEC8), UINT32_C(0x7532CED4)}, + {UINT32_C(0x923B1DC4), UINT32_C(0x9465AB15), UINT32_C(0x62D775F6), + UINT32_C(0x54BCE723), UINT32_C(0x3B515D9E), UINT32_C(0x1E4ACF97), + UINT32_C(0xAFCAF39D), UINT32_C(0xF9106D8E)}}, + {{UINT32_C(0x8C255E98), UINT32_C(0x8D844B00), UINT32_C(0x43B8801D), + UINT32_C(0xB25B516E), UINT32_C(0x0701BAC5), UINT32_C(0x84E958AE), + UINT32_C(0x8AF32D55), UINT32_C(0x5B6066AE)}, + {UINT32_C(0x2F81F8FF), UINT32_C(0x38231BD4), UINT32_C(0xCCFB8DD8), + UINT32_C(0x953AD272), UINT32_C(0x87ECE886), UINT32_C(0xFA262333), + UINT32_C(0x6D71E44D), UINT32_C(0x94DC2ED2)}}, + {{UINT32_C(0x3F1611B3), UINT32_C(0x2A154716), UINT32_C(0x9A9CB3CE), + UINT32_C(0x7EB552D1), UINT32_C(0x7996B8E8), UINT32_C(0xA783C56D), + UINT32_C(0xE1B53F33), UINT32_C(0x82F1B2BB)}, + {UINT32_C(0x2EED1F97), UINT32_C(0x75C3C354), UINT32_C(0x55905BE1), + UINT32_C(0x4085DFA0), UINT32_C(0x27470475), UINT32_C(0x027445D7), + UINT32_C(0x4A395F43), UINT32_C(0xE8797CA6)}}, + {{UINT32_C(0x8D15FE2A), UINT32_C(0x8228175B), UINT32_C(0x22C5F3B8), + UINT32_C(0x201F53CE), UINT32_C(0xE027B3B4), UINT32_C(0xC2E45A58), + UINT32_C(0xCB14FCFD), UINT32_C(0x10EF9849)}, + {UINT32_C(0x175D09BC), UINT32_C(0x5B1B95BF), UINT32_C(0x01F2A90F), + UINT32_C(0xB6106AFB), UINT32_C(0x499C99A3), UINT32_C(0x9218C94F), + UINT32_C(0x9911D2E0), UINT32_C(0x71ABADB3)}}, + }, + { + {{UINT32_C(0x80CDC998), UINT32_C(0xDC325EB7), UINT32_C(0x451072D2), + UINT32_C(0xEAEB3EA4), UINT32_C(0x63F4814E), UINT32_C(0xFBE4A77A), + UINT32_C(0x5CF7300B), UINT32_C(0xAF719653)}, + {UINT32_C(0xAF79157B), UINT32_C(0xA5961C0C), UINT32_C(0xC1B1EFF8), + UINT32_C(0xD6BD64FA), UINT32_C(0x209C1192), UINT32_C(0xD53C7278), + UINT32_C(0x11867896), UINT32_C(0xD49A6EDF)}}, + {{UINT32_C(0xAB8F5570), UINT32_C(0x702DF5A9), UINT32_C(0xC4B1EF0B), + UINT32_C(0x8465E1B6), UINT32_C(0xC3F6DDEF), UINT32_C(0x2824394D), + UINT32_C(0xF9AF33E5), UINT32_C(0x8D94A8AF)}, + {UINT32_C(0x3598996C), UINT32_C(0xC80D4436), UINT32_C(0x03E27975), + UINT32_C(0x19843A6E), UINT32_C(0x8976FB0C), UINT32_C(0xF3B68AE9), + UINT32_C(0xF594FCED), UINT32_C(0x4BAABFBE)}}, + {{UINT32_C(0xDB5F2680), UINT32_C(0x5E774509), UINT32_C(0x94C14B10), + UINT32_C(0x3BD21DA3), UINT32_C(0x32BD63C9), UINT32_C(0x72B49B44), + UINT32_C(0x178414DA), UINT32_C(0xF420C1A3)}, + {UINT32_C(0x1668B9E2), UINT32_C(0xCC2D52BD), UINT32_C(0xEAE81242), + UINT32_C(0x53293FA4), UINT32_C(0x6F2165BA), UINT32_C(0x25DA0381), + UINT32_C(0xA05D275F), UINT32_C(0x20D877C0)}}, + {{UINT32_C(0xCF12FF20), UINT32_C(0x5DAD995E), UINT32_C(0x3CD20A95), + UINT32_C(0x219B1C14), UINT32_C(0x2FF2F4A4), UINT32_C(0x90F3022C), + UINT32_C(0x6C06B717), UINT32_C(0x4FC4DF0B)}, + {UINT32_C(0x8620DD16), UINT32_C(0xAAB7E518), UINT32_C(0xDA0E5568), + UINT32_C(0x0B84B91C), UINT32_C(0xD3892316), UINT32_C(0x47E5F136), + UINT32_C(0xADE1CB59), UINT32_C(0x3085B0F3)}}, + {{UINT32_C(0x6D022D4A), UINT32_C(0xC5AB3825), UINT32_C(0xA0ECC567), + UINT32_C(0x74093B16), UINT32_C(0x2ABD9BE8), UINT32_C(0x3DC28B8B), + UINT32_C(0xB1C505DA), UINT32_C(0xEC16D9A4)}, + {UINT32_C(0xBDD32FD2), UINT32_C(0xAF90003D), UINT32_C(0x9C865764), + UINT32_C(0xCF60567C), UINT32_C(0x1AC07EE1), UINT32_C(0x2D7ABA98), + UINT32_C(0xC043F883), UINT32_C(0xE743B7E3)}}, + {{UINT32_C(0x362AD50B), UINT32_C(0x031CB47B), UINT32_C(0x49176EF3), + UINT32_C(0x76498AED), UINT32_C(0x7BCE256B), UINT32_C(0x34EFBEB7), + UINT32_C(0x495A1BF4), UINT32_C(0xC1E699CC)}, + {UINT32_C(0xB2CE0814), UINT32_C(0x3B3145D0), UINT32_C(0x23A72021), + UINT32_C(0x697DA9BF), UINT32_C(0x38F9734C), UINT32_C(0x1C41EF07), + UINT32_C(0xDBC79075), UINT32_C(0x7CE22ED7)}}, + {{UINT32_C(0x5009F1BB), UINT32_C(0x063D4C36), UINT32_C(0x061052AC), + UINT32_C(0x43E60EDB), UINT32_C(0xAEC77DE3), UINT32_C(0x4C919093), + UINT32_C(0xDEB01A6E), UINT32_C(0x18D45E98)}, + {UINT32_C(0xC237CB96), UINT32_C(0x12DCB455), UINT32_C(0x7E5ECB32), + UINT32_C(0xEBB1BC83), UINT32_C(0xB26D22B4), UINT32_C(0xD7B215CD), + UINT32_C(0x7317DE40), UINT32_C(0x444DD4BF)}}, + {{UINT32_C(0xA1175405), UINT32_C(0x05E49964), UINT32_C(0xB6048479), + UINT32_C(0x639DA398), UINT32_C(0x7D7F6FC9), UINT32_C(0x8A97CE53), + UINT32_C(0x9D2DE749), UINT32_C(0xA6D08585)}, + {UINT32_C(0xC83C3CA5), UINT32_C(0xF4502FA9), UINT32_C(0x272692BA), + UINT32_C(0x80E9D34B), UINT32_C(0x6847E384), UINT32_C(0x503BA60E), + UINT32_C(0x236CF53E), UINT32_C(0x5EA54ED6)}}, + {{UINT32_C(0xE9189E8A), UINT32_C(0x7D721A71), UINT32_C(0xF3F69EC2), + UINT32_C(0x7979776B), UINT32_C(0xD4286DED), UINT32_C(0x8800A4C1), + UINT32_C(0x7C8D89D4), UINT32_C(0xE71FF3E8)}, + {UINT32_C(0xF11DA2F7), UINT32_C(0x2215B363), UINT32_C(0xC6B5CC88), + UINT32_C(0x2B31B90E), UINT32_C(0x90CD9D4B), UINT32_C(0x8670711C), + UINT32_C(0xCAFF7330), UINT32_C(0xF3F9F486)}}, + {{UINT32_C(0x09315492), UINT32_C(0x253ED150), UINT32_C(0x9D099BD0), + UINT32_C(0x6D5F0D32), UINT32_C(0x5FEC6081), UINT32_C(0xC979EF86), + UINT32_C(0xF92FA2C8), UINT32_C(0x9EF7BD88)}, + {UINT32_C(0x21A7E802), UINT32_C(0xC4F127AE), UINT32_C(0x30FE9599), + UINT32_C(0xE1190118), UINT32_C(0xAF5C0C1E), UINT32_C(0xC7727ACD), + UINT32_C(0x8A734759), UINT32_C(0xBD2EA388)}}, + {{UINT32_C(0x07E34C9D), UINT32_C(0x9AB29AD6), UINT32_C(0x37E15A32), + UINT32_C(0x5E45E94C), UINT32_C(0xE436B8CE), UINT32_C(0x2B63DA06), + UINT32_C(0x4B845BD9), UINT32_C(0x8DD93735)}, + {UINT32_C(0xA4F1FD37), UINT32_C(0xADF9CE47), UINT32_C(0x5A926BE6), + UINT32_C(0xBE2B0843), UINT32_C(0x896A0E81), UINT32_C(0x54E97009), + UINT32_C(0x0ADD1B2F), UINT32_C(0x06FA991A)}}, + {{UINT32_C(0x8EC1E909), UINT32_C(0x62DD03A4), UINT32_C(0x14084578), + UINT32_C(0x7E16F498), UINT32_C(0xF80356FA), UINT32_C(0x895777F8), + UINT32_C(0x85299026), UINT32_C(0x4DAFF32D)}, + {UINT32_C(0x8BA547CA), UINT32_C(0xC17E6DF2), UINT32_C(0x038DE094), + UINT32_C(0xC885AA8B), UINT32_C(0xB715DAE2), UINT32_C(0x244A6756), + UINT32_C(0xD84D1340), UINT32_C(0x0FA31722)}}, + {{UINT32_C(0x87059FA8), UINT32_C(0x3051CBE7), UINT32_C(0xD34499C5), + UINT32_C(0xA2D043F8), UINT32_C(0x1FB740CD), UINT32_C(0x34431D14), + UINT32_C(0xFFE32D27), UINT32_C(0x7828F8EC)}, + {UINT32_C(0x613B329A), UINT32_C(0xFFEEA95A), UINT32_C(0x85A1711B), + UINT32_C(0xA3BAFEC3), UINT32_C(0x26D17299), UINT32_C(0x3527C435), + UINT32_C(0x12D76D5E), UINT32_C(0xD52037B4)}}, + {{UINT32_C(0x6E1A2133), UINT32_C(0x36187B58), UINT32_C(0xB81D026E), + UINT32_C(0xC2A0B8BF), UINT32_C(0x164FA62D), UINT32_C(0x0AAA95AD), + UINT32_C(0xBCA633E0), UINT32_C(0x06449D7D)}, + {UINT32_C(0xC2EA71E5), UINT32_C(0x8AA8C573), UINT32_C(0x0B3E113A), + UINT32_C(0x0ABF37C5), UINT32_C(0xBC9B1B1A), UINT32_C(0xE3A8C47E), + UINT32_C(0x371EBF26), UINT32_C(0x39A91F2B)}}, + {{UINT32_C(0x8225F3B3), UINT32_C(0x8EEFBBDC), UINT32_C(0x4AA48C64), + UINT32_C(0xED42D6BB), UINT32_C(0x845B95A0), UINT32_C(0xC2025C88), + UINT32_C(0x33AB3325), UINT32_C(0x505F80D5)}, + {UINT32_C(0xD673FC83), UINT32_C(0x673E8935), UINT32_C(0x97E7F0F7), + UINT32_C(0x2C0ED148), UINT32_C(0x5ACD0AD3), UINT32_C(0xFE43E830), + UINT32_C(0x26B99F5F), UINT32_C(0xFBD8507E)}}, + {{UINT32_C(0x1B616E6A), UINT32_C(0xA33E7115), UINT32_C(0xB3AE45E3), + UINT32_C(0xCF9D848C), UINT32_C(0xF4CFAC7F), UINT32_C(0xCAF518B9), + UINT32_C(0x4D40CF27), UINT32_C(0x9BECFF33)}, + {UINT32_C(0x2DBD58CA), UINT32_C(0xC4E5058C), UINT32_C(0x3C23A7A9), + UINT32_C(0x05041895), UINT32_C(0xA308CE6D), UINT32_C(0xEE357D2F), + UINT32_C(0x35A2A495), UINT32_C(0x85A23F64)}}, + }, + { + {{UINT32_C(0x362C4AEE), UINT32_C(0xFDBA1119), UINT32_C(0xD149E823), + UINT32_C(0x9475450F), UINT32_C(0x61E240DF), UINT32_C(0x03086510), + UINT32_C(0xB2797E52), UINT32_C(0xAC4C0D91)}, + {UINT32_C(0x94E2E738), UINT32_C(0x07A9F04E), UINT32_C(0x93DFAA57), + UINT32_C(0xC9F25009), UINT32_C(0x631BF262), UINT32_C(0xE28D8A1E), + UINT32_C(0xB6C3C6A3), UINT32_C(0x3A5E0C8D)}}, + {{UINT32_C(0xBAD34D69), UINT32_C(0x1F89310D), UINT32_C(0x2D46C9A7), + UINT32_C(0x90164C59), UINT32_C(0x90BEA726), UINT32_C(0x9DA649C2), + UINT32_C(0x712B3C99), UINT32_C(0xF9E3C93F)}, + {UINT32_C(0x9595FCBD), UINT32_C(0x56799720), UINT32_C(0x7FF73C8A), + UINT32_C(0x9DF889AF), UINT32_C(0x21D4B858), UINT32_C(0xB84AB588), + UINT32_C(0x75F8D5ED), UINT32_C(0xC4D8D792)}}, + {{UINT32_C(0x172273DD), UINT32_C(0x9EEC2896), UINT32_C(0x970C1D17), + UINT32_C(0xD9884CBA), UINT32_C(0x18301645), UINT32_C(0xE5C167DC), + UINT32_C(0x530E5772), UINT32_C(0xE5DDA586)}, + {UINT32_C(0x2DD0F27B), UINT32_C(0xDEEAF709), UINT32_C(0x41DFB251), + UINT32_C(0xC601F20A), UINT32_C(0x42217E9B), UINT32_C(0x5F480C1D), + UINT32_C(0xB337BFB1), UINT32_C(0x0D75797D)}}, + {{UINT32_C(0xAB76EF88), UINT32_C(0xACB8ABCA), UINT32_C(0x0D715487), + UINT32_C(0x34AB9AB6), UINT32_C(0x9FAD30D7), UINT32_C(0x75D466B0), + UINT32_C(0x70D43609), UINT32_C(0x626EB0D4)}, + {UINT32_C(0xCA4F4152), UINT32_C(0x5E7F91F7), UINT32_C(0x180B857B), + UINT32_C(0x0CD7BF19), UINT32_C(0x888784E5), UINT32_C(0x1F02DD96), + UINT32_C(0x179F78DA), UINT32_C(0xD814B697)}}, + {{UINT32_C(0xA224ED18), UINT32_C(0x350FD825), UINT32_C(0x20AED265), + UINT32_C(0xF9382059), UINT32_C(0x4F050462), UINT32_C(0x36A20A2F), + UINT32_C(0x8EF3AE9C), UINT32_C(0x2FDD04DF)}, + {UINT32_C(0xA5E419C1), UINT32_C(0x31D87F6B), UINT32_C(0xF10CBEC1), + UINT32_C(0xDAE49976), UINT32_C(0xE6B6030B), UINT32_C(0x15B93EB0), + UINT32_C(0xABB9ECBE), UINT32_C(0xB1C8AEAD)}}, + {{UINT32_C(0x5D63DA84), UINT32_C(0xF69E090A), UINT32_C(0xD238680B), + UINT32_C(0x62243127), UINT32_C(0x4F961216), UINT32_C(0x5ADE38EE), + UINT32_C(0xCA3A0D0F), UINT32_C(0x727798D0)}, + {UINT32_C(0x5C9ED783), UINT32_C(0x8E73B050), UINT32_C(0xFAC6A9CD), + UINT32_C(0x02EBEB13), UINT32_C(0x78A6A6C4), UINT32_C(0xC82AFD14), + UINT32_C(0x1475800A), UINT32_C(0x8F5DEA73)}}, + {{UINT32_C(0x7D0DFD06), UINT32_C(0xB9F1E646), UINT32_C(0x38302ACD), + UINT32_C(0xA6B2D783), UINT32_C(0xB80FE945), UINT32_C(0x242BAA32), + UINT32_C(0xD9E62215), UINT32_C(0x0D772C77)}, + {UINT32_C(0x0FE3501C), UINT32_C(0xDAE890C0), UINT32_C(0xF791A0B9), + UINT32_C(0x5860479A), UINT32_C(0x658E920C), UINT32_C(0xDEEC9228), + UINT32_C(0x9E665CCC), UINT32_C(0x47F18152)}}, + {{UINT32_C(0x22982870), UINT32_C(0x94E95E6D), UINT32_C(0x31B9B86F), + UINT32_C(0x80FF1758), UINT32_C(0x2FAF1581), UINT32_C(0x6295EBE5), + UINT32_C(0x970663FB), UINT32_C(0x025C90BF)}, + {UINT32_C(0x5FF2E753), UINT32_C(0xFBB6A13C), UINT32_C(0x8E2C5EB7), + UINT32_C(0x9817C6B7), UINT32_C(0x0B21C29C), UINT32_C(0xDA10C2DD), + UINT32_C(0xE1AB7C88), UINT32_C(0xD8BAB5AB)}}, + {{UINT32_C(0xABA924FF), UINT32_C(0x915F505B), UINT32_C(0x3B5D1F04), + UINT32_C(0x021E2838), UINT32_C(0x3782EB7C), UINT32_C(0x8EA6D2E3), + UINT32_C(0x98C40BAC), UINT32_C(0x00F160C7)}, + {UINT32_C(0xD53990A8), UINT32_C(0xF3EFA871), UINT32_C(0x567C8DA6), + UINT32_C(0xFEA6F6C4), UINT32_C(0xF177E5D2), UINT32_C(0x34D78F24), + UINT32_C(0x2A42612A), UINT32_C(0x384FE73B)}}, + {{UINT32_C(0x4552813D), UINT32_C(0x9C2D8296), UINT32_C(0x5F45A6D6), + UINT32_C(0x68D10E9C), UINT32_C(0x89C9A46B), UINT32_C(0x94878719), + UINT32_C(0xE9D43BA7), UINT32_C(0xE3AC5DD0)}, + {UINT32_C(0xCD024E6B), UINT32_C(0x0625BCDA), UINT32_C(0x0B5AD7A2), + UINT32_C(0x895E298C), UINT32_C(0xC1E20892), UINT32_C(0x8289869E), + UINT32_C(0x50AD2460), UINT32_C(0xC540A1B6)}}, + {{UINT32_C(0x9D50F7B6), UINT32_C(0xD6D4EDFF), UINT32_C(0x093754D5), + UINT32_C(0xF08A5C03), UINT32_C(0xE882AA97), UINT32_C(0x3F9D24A5), + UINT32_C(0x81D03072), UINT32_C(0x9E4B3687)}, + {UINT32_C(0x02BDE7A8), UINT32_C(0xC17FDD44), UINT32_C(0x18BD5636), + UINT32_C(0x591AEEE0), UINT32_C(0x4E360484), UINT32_C(0x94F8FD35), + UINT32_C(0x6791E2B7), UINT32_C(0x8F40D890)}}, + {{UINT32_C(0x20082F5B), UINT32_C(0x0830EF01), UINT32_C(0xA99569BD), + UINT32_C(0xA54DA9D2), UINT32_C(0xCA2D84F6), UINT32_C(0x6D2F34FE), + UINT32_C(0x000DE48F), UINT32_C(0x2507224E)}, + {UINT32_C(0x959E8782), UINT32_C(0x16116111), UINT32_C(0x458A520B), + UINT32_C(0xB345A914), UINT32_C(0x3327A114), UINT32_C(0x1965B51B), + UINT32_C(0x89E3068F), UINT32_C(0xF304DC00)}}, + {{UINT32_C(0x603E598D), UINT32_C(0x88F7D9AB), UINT32_C(0x38332F15), + UINT32_C(0xEC7CCD9D), UINT32_C(0xEE911F98), UINT32_C(0x62E27E79), + UINT32_C(0xA5416C7F), UINT32_C(0xBF08610A)}, + {UINT32_C(0x943A910B), UINT32_C(0x492D6F58), UINT32_C(0xF21E43BE), + UINT32_C(0xA367F6CC), UINT32_C(0x23DC9AFB), UINT32_C(0x0B6527B0), + UINT32_C(0xD158357C), UINT32_C(0x59EE094D)}}, + {{UINT32_C(0xCA4294C0), UINT32_C(0x2D39E618), UINT32_C(0xAE4E8829), + UINT32_C(0xF057BD41), UINT32_C(0x92D6F4A0), UINT32_C(0xF6777046), + UINT32_C(0x25401655), UINT32_C(0xF3AE39D9)}, + {UINT32_C(0x5751BBD0), UINT32_C(0x66DF02ED), UINT32_C(0xC59A685A), + UINT32_C(0x6B71E6F1), UINT32_C(0xBD6E98A1), UINT32_C(0xC2FCFC2C), + UINT32_C(0xCFF47262), UINT32_C(0xB14FEC9F)}}, + {{UINT32_C(0xB2398B71), UINT32_C(0x28B2C099), UINT32_C(0x31002307), + UINT32_C(0xFB025865), UINT32_C(0x5D9FA558), UINT32_C(0x3DB1342E), + UINT32_C(0x1EAF95F2), UINT32_C(0xEB050213)}, + {UINT32_C(0x6F54A78A), UINT32_C(0xC7F54D33), UINT32_C(0x087C2B97), + UINT32_C(0x78396B11), UINT32_C(0x736A5FE2), UINT32_C(0x06FDFA16), + UINT32_C(0x13094475), UINT32_C(0xD99376FE)}}, + {{UINT32_C(0x38613F93), UINT32_C(0x04D4B5AF), UINT32_C(0x618A1550), + UINT32_C(0x011351E1), UINT32_C(0xAB896C02), UINT32_C(0xE9992D4A), + UINT32_C(0x3E9AE8E9), UINT32_C(0x7E907A9D)}, + {UINT32_C(0x6B345D86), UINT32_C(0x00C91A68), UINT32_C(0x5A0F3B3C), + UINT32_C(0xFCF5C9AA), UINT32_C(0xE88714E9), UINT32_C(0xFFF3720E), + UINT32_C(0xBABFE992), UINT32_C(0x9E107637)}}, + }, + { + {{UINT32_C(0xB4D7985C), UINT32_C(0x31997616), UINT32_C(0xEC57C2A4), + UINT32_C(0x179CE767), UINT32_C(0x3F526D15), UINT32_C(0x5F0CF032), + UINT32_C(0xDB4BFA47), UINT32_C(0x264738DE)}, + {UINT32_C(0x9F8DED60), UINT32_C(0x25F639CD), UINT32_C(0xB5D53EF3), + UINT32_C(0xDF159B4B), UINT32_C(0xAF518A12), UINT32_C(0x03D62F07), + UINT32_C(0x31B4F561), UINT32_C(0x6555DC2E)}}, + {{UINT32_C(0xA16519B6), UINT32_C(0x9169BDAF), UINT32_C(0xB4A8C593), + UINT32_C(0xB931AB1E), UINT32_C(0x40411D0D), UINT32_C(0xCBEDADCB), + UINT32_C(0x7A97FB49), UINT32_C(0xA80BE855)}, + {UINT32_C(0xD3562DFF), UINT32_C(0xB5ECCA90), UINT32_C(0x6A8441C9), + UINT32_C(0xFD3B9C4C), UINT32_C(0x23D875C4), UINT32_C(0x089505F1), + UINT32_C(0xCBDE3C66), UINT32_C(0x642B253A)}}, + {{UINT32_C(0xE9EC283F), UINT32_C(0x7DCE9688), UINT32_C(0xBBD7D9D3), + UINT32_C(0x54E5E5A2), UINT32_C(0xF5F288C1), UINT32_C(0x3D8ECB7F), + UINT32_C(0x366659CD), UINT32_C(0x2E3158A1)}, + {UINT32_C(0xF54AF8FB), UINT32_C(0xCA2CB601), UINT32_C(0x7F8C5185), + UINT32_C(0x1285C704), UINT32_C(0x7161AF47), UINT32_C(0xE009269F), + UINT32_C(0x0AE88185), UINT32_C(0x5C5E6299)}}, + {{UINT32_C(0x90C6C034), UINT32_C(0x8BF35472), UINT32_C(0x3BBCBB19), + UINT32_C(0x6A5782B3), UINT32_C(0x151D7DDA), UINT32_C(0x8B8750D0), + UINT32_C(0x5CB146A7), UINT32_C(0x867DABC2)}, + {UINT32_C(0xDC60AEEE), UINT32_C(0xB0CF281D), UINT32_C(0xA22396FE), + UINT32_C(0x7C408598), UINT32_C(0x9F64E610), UINT32_C(0x0739BC35), + UINT32_C(0x270899AB), UINT32_C(0x0CAF076C)}}, + {{UINT32_C(0xC8809978), UINT32_C(0xDE4E9CFF), UINT32_C(0x78514FD5), + UINT32_C(0x93D0B901), UINT32_C(0x7F11899D), UINT32_C(0x200F4F83), + UINT32_C(0x108039F0), UINT32_C(0xE34084F7)}, + {UINT32_C(0x5E691A94), UINT32_C(0x77486464), UINT32_C(0xDE725BBA), + UINT32_C(0xB8189181), UINT32_C(0x9248DE6E), UINT32_C(0x96674449), + UINT32_C(0x8E76B07C), UINT32_C(0x174D13DD)}}, + {{UINT32_C(0xC5D6D48D), UINT32_C(0xBCC21C7E), UINT32_C(0xB03F7A28), + UINT32_C(0x53EA5CCE), UINT32_C(0x32D40BF3), UINT32_C(0x3EB4E877), + UINT32_C(0x459E999E), UINT32_C(0x8F7C629D)}, + {UINT32_C(0x760722ED), UINT32_C(0xF408FCD0), UINT32_C(0xB4BA1C1F), + UINT32_C(0xB29464E5), UINT32_C(0x324A4F8D), UINT32_C(0xADA459DA), + UINT32_C(0x433F8FCC), UINT32_C(0x282985DE)}}, + {{UINT32_C(0x4C2DE790), UINT32_C(0xBCB3B6DC), UINT32_C(0xCABFE6A8), + UINT32_C(0x0C1A0C73), UINT32_C(0x6E01D31F), UINT32_C(0xEA6CE3DD), + UINT32_C(0xD7BAE36D), UINT32_C(0xA3EAB6E3)}, + {UINT32_C(0x0191605C), UINT32_C(0xCB2C7F5D), UINT32_C(0xEF403029), + UINT32_C(0x631122B2), UINT32_C(0x83CA9F54), UINT32_C(0x801928B6), + UINT32_C(0x467E2AAC), UINT32_C(0x340CA229)}}, + {{UINT32_C(0x203A754B), UINT32_C(0x9331F03E), UINT32_C(0xB931213A), + UINT32_C(0x45355264), UINT32_C(0xD551B132), UINT32_C(0x1B27F856), + UINT32_C(0xF987B9D6), UINT32_C(0x9E765FAE)}, + {UINT32_C(0xA6D094E6), UINT32_C(0x09016F24), UINT32_C(0x0D712549), + UINT32_C(0xBB7C5D58), UINT32_C(0x96843E3B), UINT32_C(0xA4174E82), + UINT32_C(0x9AE35234), UINT32_C(0x956FCF0A)}}, + {{UINT32_C(0xFF9FD8B4), UINT32_C(0xE6AC1909), UINT32_C(0x02673FA4), + UINT32_C(0xF571894F), UINT32_C(0xFFBADE36), UINT32_C(0x96704C88), + UINT32_C(0x6E522D60), UINT32_C(0x0C0FCBA5)}, + {UINT32_C(0x3EB2213B), UINT32_C(0x3F22D5AD), UINT32_C(0x08AA7742), + UINT32_C(0x316D6C83), UINT32_C(0x7661E4CE), UINT32_C(0x720D67B5), + UINT32_C(0x6053F2C9), UINT32_C(0x60E39136)}}, + {{UINT32_C(0x7EE62DD7), UINT32_C(0xEBA45200), UINT32_C(0x916EC32C), + UINT32_C(0xBA0F4A9D), UINT32_C(0xC7A5F0E5), UINT32_C(0x3B3B3BF6), + UINT32_C(0xC29E78BB), UINT32_C(0xCB7FD1E5)}, + {UINT32_C(0x3B57F9CB), UINT32_C(0x06D55C5A), UINT32_C(0x1E77E898), + UINT32_C(0x58E0E72C), UINT32_C(0xADFA9277), UINT32_C(0xC83CC053), + UINT32_C(0xAF4DA403), UINT32_C(0x934EFD66)}}, + {{UINT32_C(0xA006BBA3), UINT32_C(0xF151F2C1), UINT32_C(0x9B777AF4), + UINT32_C(0xA131D12F), UINT32_C(0xD57544DE), UINT32_C(0xC1115DC5), + UINT32_C(0xF9F77F21), UINT32_C(0xAFAB301C)}, + {UINT32_C(0x3C316A92), UINT32_C(0x2361C9F0), UINT32_C(0xE83E8EA0), + UINT32_C(0xA76EC9F4), UINT32_C(0x2A463988), UINT32_C(0xF8B22E5B), + UINT32_C(0xC70892FA), UINT32_C(0xF84F7F27)}}, + {{UINT32_C(0x62E3F989), UINT32_C(0x3089E6E3), UINT32_C(0xBB528E9F), + UINT32_C(0xDDBE9E7C), UINT32_C(0xD093C766), UINT32_C(0x91E38B69), + UINT32_C(0x8A46C2B4), UINT32_C(0xD2C6563F)}, + {UINT32_C(0x56C884F0), UINT32_C(0x477EE716), UINT32_C(0xE1DED7B7), + UINT32_C(0x5AD3E27E), UINT32_C(0x26FDAC5E), UINT32_C(0x973C0C44), + UINT32_C(0x78B0BB8F), UINT32_C(0x46B62D7B)}}, + {{UINT32_C(0x7E700F97), UINT32_C(0x1B7E8CBD), UINT32_C(0xE383D0A4), + UINT32_C(0x42F15F55), UINT32_C(0x25D5C538), UINT32_C(0x74316CF4), + UINT32_C(0xED590AA8), UINT32_C(0x5CAA963D)}, + {UINT32_C(0xB05E7AD9), UINT32_C(0xDEEB3CEE), UINT32_C(0xCA0C9C09), + UINT32_C(0x74E7B064), UINT32_C(0xF02ED1FE), UINT32_C(0x08699576), + UINT32_C(0xB899F9BE), UINT32_C(0x7A84FF4E)}}, + {{UINT32_C(0x8E7799A5), UINT32_C(0x1E0F143F), UINT32_C(0x20E6D9B1), + UINT32_C(0xBC7F446D), UINT32_C(0xE178F931), UINT32_C(0xDB0F04D0), + UINT32_C(0xA5EDC88C), UINT32_C(0xB4AD04F0)}, + {UINT32_C(0x3FAFF5B8), UINT32_C(0x762ABA6E), UINT32_C(0xF2910580), + UINT32_C(0x352922C9), UINT32_C(0x8768AF3E), UINT32_C(0x1A49CEE9), + UINT32_C(0xB0A08A33), UINT32_C(0x89DC3150)}}, + {{UINT32_C(0x7C7F824B), UINT32_C(0x38472B6F), UINT32_C(0xBEAEF806), + UINT32_C(0x97354929), UINT32_C(0xFCA818FC), UINT32_C(0x6014F5E8), + UINT32_C(0x4D542B22), UINT32_C(0x996A624F)}, + {UINT32_C(0x6FEE8432), UINT32_C(0x0BF7E1B3), UINT32_C(0x755D16EE), + UINT32_C(0x24C0960A), UINT32_C(0x8B7D1362), UINT32_C(0x452FA32C), + UINT32_C(0xD3ED3D8F), UINT32_C(0xB09A7FA5)}}, + {{UINT32_C(0x79F99367), UINT32_C(0x9F1C2E35), UINT32_C(0x902A7D40), + UINT32_C(0x51A770F9), UINT32_C(0x772BEE18), UINT32_C(0x1B254A23), + UINT32_C(0x96114B2B), UINT32_C(0x00D5E1C2)}, + {UINT32_C(0xE44AD2CD), UINT32_C(0x29611530), UINT32_C(0x97E0644C), + UINT32_C(0x50D7A408), UINT32_C(0xC72FF462), UINT32_C(0x1AF10EA2), + UINT32_C(0x3D2501FF), UINT32_C(0xDB8CF724)}}, + }, + { + {{UINT32_C(0x58A8AECC), UINT32_C(0x2D63D363), UINT32_C(0x676A1840), + UINT32_C(0x393A5462), UINT32_C(0x4368AE8F), UINT32_C(0xA2F08A93), + UINT32_C(0xA611C3DD), UINT32_C(0x36C2BB30)}, + {UINT32_C(0xE44F6D6A), UINT32_C(0x701F8653), UINT32_C(0x0FA19833), + UINT32_C(0x846EC478), UINT32_C(0x1921B4A8), UINT32_C(0x54AB2B7E), + UINT32_C(0xA6B88446), UINT32_C(0x92D19021)}}, + {{UINT32_C(0xDBC895F4), UINT32_C(0x5551B17C), UINT32_C(0x8A21F081), + UINT32_C(0x7F5ECB2F), UINT32_C(0xE2B4F569), UINT32_C(0x520715FA), + UINT32_C(0xF7DCD9D2), UINT32_C(0xC7051B37)}, + {UINT32_C(0x27C8E319), UINT32_C(0x76181B88), UINT32_C(0xE4FC1A12), + UINT32_C(0xFB6BAAD8), UINT32_C(0x61CFCE76), UINT32_C(0x8F81106C), + UINT32_C(0x35008866), UINT32_C(0xA021837D)}}, + {{UINT32_C(0x302513DA), UINT32_C(0x1CDF62DF), UINT32_C(0xE4DC1668), + UINT32_C(0x64605506), UINT32_C(0x972BE654), UINT32_C(0xDEE53189), + UINT32_C(0x948AFBF7), UINT32_C(0x1519D30A)}, + {UINT32_C(0x423ACBE9), UINT32_C(0x5B6CB34A), UINT32_C(0x495866F3), + UINT32_C(0xCBD96D42), UINT32_C(0xB27A8C3F), UINT32_C(0x8AF8C97E), + UINT32_C(0x02405022), UINT32_C(0xF4B87065)}}, + {{UINT32_C(0x8E0376EC), UINT32_C(0x31E24810), UINT32_C(0xE5D7A816), + UINT32_C(0x3ABD9B67), UINT32_C(0x5E189D01), UINT32_C(0xA7FC938A), + UINT32_C(0x2FE13886), UINT32_C(0xEEE2E9F6)}, + {UINT32_C(0x4BC5B96C), UINT32_C(0x9D96C9E3), UINT32_C(0xA5B490D2), + UINT32_C(0x11B750F4), UINT32_C(0x3B718DE7), UINT32_C(0x63366B8B), + UINT32_C(0x7B2B7291), UINT32_C(0x3B2921B6)}}, + {{UINT32_C(0x233829CB), UINT32_C(0x8D04C59C), UINT32_C(0x5D690F43), + UINT32_C(0x2831D2BF), UINT32_C(0xF1B6C60E), UINT32_C(0xEC32E4C3), + UINT32_C(0x5F6578E5), UINT32_C(0x8726E101)}, + {UINT32_C(0x0D56E78E), UINT32_C(0xB23BE8EE), UINT32_C(0xD8E3987F), + UINT32_C(0xEC2542DD), UINT32_C(0x3980AD13), UINT32_C(0xE9BA8B16), + UINT32_C(0x8942D6FB), UINT32_C(0x1B37BA59)}}, + {{UINT32_C(0xF0F2C574), UINT32_C(0x24D786A1), UINT32_C(0xE189F236), + UINT32_C(0x6EC3D98C), UINT32_C(0x92DAA6DF), UINT32_C(0x4E8F0A00), + UINT32_C(0xA328CA87), UINT32_C(0x32F4BDD0)}, + {UINT32_C(0x647422F5), UINT32_C(0x2BA38AEF), UINT32_C(0xBC7D339C), + UINT32_C(0x442461A5), UINT32_C(0x8D5CDF0C), UINT32_C(0xD32855E2), + UINT32_C(0x575ACCB1), UINT32_C(0x8E226C9F)}}, + {{UINT32_C(0x7F550CFF), UINT32_C(0xEF3BD710), UINT32_C(0xF6716F3D), + UINT32_C(0xF90B7237), UINT32_C(0x32233CDB), UINT32_C(0x071FFF89), + UINT32_C(0x40D58724), UINT32_C(0x4C048CEA)}, + {UINT32_C(0x65E86924), UINT32_C(0x20BFB310), UINT32_C(0xC48DA998), + UINT32_C(0x94B7297B), UINT32_C(0x54F64297), UINT32_C(0xC983B5F1), + UINT32_C(0x4277EA8D), UINT32_C(0x0F21384D)}}, + {{UINT32_C(0x09A677DD), UINT32_C(0x1C32326C), UINT32_C(0xACF84219), + UINT32_C(0x04007199), UINT32_C(0x36E0128B), UINT32_C(0x927DF402), + UINT32_C(0x83459CF4), UINT32_C(0x86054B76)}, + {UINT32_C(0x48E0560B), UINT32_C(0x28DE82C1), UINT32_C(0x4BC4F69C), + UINT32_C(0x2CF5C21D), UINT32_C(0xE420C01A), UINT32_C(0x22C15353), + UINT32_C(0x4C1545FE), UINT32_C(0x34C2F7D3)}}, + {{UINT32_C(0x160D136D), UINT32_C(0xCE7B268D), UINT32_C(0x4554CA94), + UINT32_C(0x7F6093A0), UINT32_C(0x81E19640), UINT32_C(0xC849758B), + UINT32_C(0x95C4AB06), UINT32_C(0x5658D69E)}, + {UINT32_C(0x9DA8883D), UINT32_C(0x7319481B), UINT32_C(0x5E0BFB8B), + UINT32_C(0x742243E5), UINT32_C(0x46E1AEDE), UINT32_C(0x596835B5), + UINT32_C(0x107C0725), UINT32_C(0x70EFC105)}}, + {{UINT32_C(0x930F895B), UINT32_C(0x2EE68FCC), UINT32_C(0xC93CD312), + UINT32_C(0x43361CAF), UINT32_C(0x9F6867CC), UINT32_C(0x1BDA01F2), + UINT32_C(0x1C92228B), UINT32_C(0x052C0D9D)}, + {UINT32_C(0xCA86A4FF), UINT32_C(0xA6F897E3), UINT32_C(0x90B4171C), + UINT32_C(0xC48BA0CD), UINT32_C(0x11D93A03), UINT32_C(0x036534E0), + UINT32_C(0xB4961C8F), UINT32_C(0x00F7D663)}}, + {{UINT32_C(0x1419A80E), UINT32_C(0x4B766AC9), UINT32_C(0x21DC1C9D), + UINT32_C(0x83A70504), UINT32_C(0x2EB59C5D), UINT32_C(0xB2B7ADFB), + UINT32_C(0x24B42575), UINT32_C(0x179D0873)}, + {UINT32_C(0x3EEA138F), UINT32_C(0x9EC81682), UINT32_C(0xB8AEB010), + UINT32_C(0x347E917B), UINT32_C(0x5910CE07), UINT32_C(0xE021100C), + UINT32_C(0x70C44EB9), UINT32_C(0x301D6739)}}, + {{UINT32_C(0xD46BEE47), UINT32_C(0x76D4A125), UINT32_C(0x9839A415), + UINT32_C(0xD3B49654), UINT32_C(0x3901932F), UINT32_C(0xD5050ACC), + UINT32_C(0x2AD3CD2B), UINT32_C(0x0462A8F7)}, + {UINT32_C(0x6FC7199B), UINT32_C(0x0F87843B), UINT32_C(0xB386DC8E), + UINT32_C(0x0F63EB3C), UINT32_C(0x7A49CF77), UINT32_C(0xEF180965), + UINT32_C(0x4B95296B), UINT32_C(0xBBE812B3)}}, + {{UINT32_C(0x5C27EC25), UINT32_C(0xAAC122F9), UINT32_C(0x47105577), + UINT32_C(0xEFD1790B), UINT32_C(0x32B4DBF2), UINT32_C(0xBE4D4AF4), + UINT32_C(0xFD9F06F8), UINT32_C(0x35880AF9)}, + {UINT32_C(0x7B3DDFDA), UINT32_C(0xC99B1429), UINT32_C(0x6E4B030D), + UINT32_C(0xA3B80D8B), UINT32_C(0xDA18700D), UINT32_C(0xBF228F42), + UINT32_C(0xED386EEF), UINT32_C(0xEF7F91D9)}}, + {{UINT32_C(0x391CC8D0), UINT32_C(0x10C6C124), UINT32_C(0x27C3715A), + UINT32_C(0xD3A1E6B4), UINT32_C(0x8760A0C6), UINT32_C(0x12E0090B), + UINT32_C(0x8A2580BE), UINT32_C(0x20651290)}, + {UINT32_C(0x387235A2), UINT32_C(0xD5846CAB), UINT32_C(0xC6DA615A), + UINT32_C(0x8F75DC2F), UINT32_C(0x3A82B8F9), UINT32_C(0x8E160E86), + UINT32_C(0xAD451A41), UINT32_C(0x1654307A)}}, + {{UINT32_C(0xBBB9CABE), UINT32_C(0xADA0A2F5), UINT32_C(0x782EC480), + UINT32_C(0x486E6E20), UINT32_C(0x8ACC52DA), UINT32_C(0x34E67023), + UINT32_C(0x2B21818A), UINT32_C(0x68992DB4)}, + {UINT32_C(0x2DDACB59), UINT32_C(0x2E148D4F), UINT32_C(0x6977878C), + UINT32_C(0xCCFCBE9A), UINT32_C(0x03E1374B), UINT32_C(0x393E1116), + UINT32_C(0x37638129), UINT32_C(0x793827E3)}}, + {{UINT32_C(0x29F58D1F), UINT32_C(0xB6657FEA), UINT32_C(0x527BA98B), + UINT32_C(0x8BA31BFE), UINT32_C(0xA9D8C4AF), UINT32_C(0xD0E0B268), + UINT32_C(0x121F58B7), UINT32_C(0x9C1B9FE1)}, + {UINT32_C(0x6798AA06), UINT32_C(0x6CEEDC24), UINT32_C(0x5149899C), + UINT32_C(0x2F8911B4), UINT32_C(0xD9778F1D), UINT32_C(0x2197D06F), + UINT32_C(0x05F00C07), UINT32_C(0xFF145267)}}, + }, + { + {{UINT32_C(0xF441AC64), UINT32_C(0xA5CE7FE8), UINT32_C(0xF8CBE95B), + UINT32_C(0xCE4B9A6F), UINT32_C(0xB4CF46A4), UINT32_C(0x1A2BD334), + UINT32_C(0x1204CA96), UINT32_C(0x125EA717)}, + {UINT32_C(0x251C6124), UINT32_C(0x4B514210), UINT32_C(0x0639DEB7), + UINT32_C(0x60BC1CA4), UINT32_C(0xD4951A8A), UINT32_C(0x716C7EB1), + UINT32_C(0x46C9F47A), UINT32_C(0xF052592F)}}, + {{UINT32_C(0x77C8FEA4), UINT32_C(0x9C1B5E53), UINT32_C(0x678EC92A), + UINT32_C(0x0F5D3CC7), UINT32_C(0x864C4032), UINT32_C(0x203713CB), + UINT32_C(0xD405B6D4), UINT32_C(0x5B82C803)}, + {UINT32_C(0xE9464605), UINT32_C(0xFF7EC24F), UINT32_C(0xA5ECCB23), + UINT32_C(0xD71241D3), UINT32_C(0xAC2543F8), UINT32_C(0xEF890204), + UINT32_C(0x11C9801F), UINT32_C(0xE810D87B)}}, + {{UINT32_C(0x78D881D5), UINT32_C(0xED127528), UINT32_C(0xFCCFA102), + UINT32_C(0xEE5A48FB), UINT32_C(0xCDD3D7DB), UINT32_C(0x1A163AAB), + UINT32_C(0x2EB508C0), UINT32_C(0x7FAA79EA)}, + {UINT32_C(0xD2D35829), UINT32_C(0x7248AE86), UINT32_C(0x8C9A98BE), + UINT32_C(0xA5DEC687), UINT32_C(0x86C486DB), UINT32_C(0x88935802), + UINT32_C(0xEB27CADF), UINT32_C(0x3A9BB9C3)}}, + {{UINT32_C(0x51341F5F), UINT32_C(0x3526AF1F), UINT32_C(0x384D1B33), + UINT32_C(0xFC45C2E1), UINT32_C(0x41D5A8F0), UINT32_C(0x94B9E0DB), + UINT32_C(0xE702876D), UINT32_C(0xFD44C1C0)}, + {UINT32_C(0x3FD321E9), UINT32_C(0x67C3A4F7), UINT32_C(0xFAFB7530), + UINT32_C(0xA38BD2FE), UINT32_C(0x79442870), UINT32_C(0x2F037157), + UINT32_C(0xE081DCB7), UINT32_C(0x00487BF8)}}, + {{UINT32_C(0x26135B59), UINT32_C(0x7EE4D8B7), UINT32_C(0x00D7C94B), + UINT32_C(0xB53DC0AE), UINT32_C(0x4F98473B), UINT32_C(0xB2F59B8A), + UINT32_C(0x5ADF3FE8), UINT32_C(0xAFC012E2)}, + {UINT32_C(0x9E3F646A), UINT32_C(0x1ABD7A18), UINT32_C(0x60C52778), + UINT32_C(0x81D49A47), UINT32_C(0x62C39ACC), UINT32_C(0xB1C1184D), + UINT32_C(0x5F66FC65), UINT32_C(0xE8EB8A52)}}, + {{UINT32_C(0xC0F79061), UINT32_C(0x015EEC90), UINT32_C(0x58589E98), + UINT32_C(0xAFF38E8B), UINT32_C(0xC3F2FD7A), UINT32_C(0x6A041C32), + UINT32_C(0x6ED8E5C7), UINT32_C(0x976C5A58)}, + {UINT32_C(0xF52768DF), UINT32_C(0x5D7E2142), UINT32_C(0x3A5403DC), + UINT32_C(0x4AA0E46B), UINT32_C(0x53302DD1), UINT32_C(0xA62D5665), + UINT32_C(0xC7FFD6D5), UINT32_C(0x78622C4B)}}, + {{UINT32_C(0xF9352AE4), UINT32_C(0xD01103A5), UINT32_C(0xE1934E02), + UINT32_C(0x637ED15D), UINT32_C(0xA7B58CA7), UINT32_C(0xF7132C3B), + UINT32_C(0x4973F021), UINT32_C(0xBE295C4F)}, + {UINT32_C(0xF01617BF), UINT32_C(0x1401C3DD), UINT32_C(0xB56601B8), + UINT32_C(0x3C4B6F95), UINT32_C(0x1C85B1B1), UINT32_C(0x41C39C9E), + UINT32_C(0xCE76C842), UINT32_C(0xCC5025D4)}}, + {{UINT32_C(0x8776738E), UINT32_C(0xDF81CF67), UINT32_C(0x383BB026), + UINT32_C(0xF7072A25), UINT32_C(0xB49EDF2E), UINT32_C(0xF53CAAE7), + UINT32_C(0xDF74A7D9), UINT32_C(0x2F9DE44F)}, + {UINT32_C(0x880F0F21), UINT32_C(0xFA0A5800), UINT32_C(0x98978F74), + UINT32_C(0x77BF53F4), UINT32_C(0x1CD2F434), UINT32_C(0x81F6D3A1), + UINT32_C(0x5C7F3532), UINT32_C(0x27FA3CF8)}}, + {{UINT32_C(0x76582202), UINT32_C(0xD581CEEF), UINT32_C(0xFF2F0DEF), + UINT32_C(0xC16F828A), UINT32_C(0xE6C4F53B), UINT32_C(0xE76314C6), + UINT32_C(0xF7381BF8), UINT32_C(0xB640EB31)}, + {UINT32_C(0x36DD0C32), UINT32_C(0xE3B15EB6), UINT32_C(0x375393B2), + UINT32_C(0x125A821E), UINT32_C(0x3EC2BE1D), UINT32_C(0x1F589452), + UINT32_C(0xA1080F21), UINT32_C(0x2635873C)}}, + {{UINT32_C(0x3D6FCCD6), UINT32_C(0x6EBA81EB), UINT32_C(0xE01BDF6E), + UINT32_C(0xBD98B711), UINT32_C(0x771492A9), UINT32_C(0x29EDC6A5), + UINT32_C(0x2386FCA8), UINT32_C(0x55367FBE)}, + {UINT32_C(0xD4FB3C72), UINT32_C(0x791794BA), UINT32_C(0x3B85FAB0), + UINT32_C(0xFD0EBF31), UINT32_C(0x24905F3F), UINT32_C(0x0D6D7907), + UINT32_C(0x294AAFFF), UINT32_C(0xE029ABA1)}}, + {{UINT32_C(0xD5445163), UINT32_C(0xF39BC50A), UINT32_C(0xFFE91CA2), + UINT32_C(0xBC631CFD), UINT32_C(0x809EE2FA), UINT32_C(0x4A5D2FE4), + UINT32_C(0xE3A4A68B), UINT32_C(0x318B5EE0)}, + {UINT32_C(0xD5194980), UINT32_C(0x11063C4A), UINT32_C(0x504FFDD2), + UINT32_C(0x3CA5B7D8), UINT32_C(0xB9EAE9E9), UINT32_C(0x4A0671BA), + UINT32_C(0xBDC9B450), UINT32_C(0xA92B1BCD)}}, + {{UINT32_C(0x9EF58C99), UINT32_C(0x7408D2CB), UINT32_C(0x87A9FE6E), + UINT32_C(0x8B80A4CD), UINT32_C(0xD784D8D9), UINT32_C(0x5E9535BC), + UINT32_C(0x4982ACAB), UINT32_C(0xC68CFFC0)}, + {UINT32_C(0x3FFD77B2), UINT32_C(0x012E175B), UINT32_C(0xF65C99EB), + UINT32_C(0x75A96047), UINT32_C(0x8DF05C49), UINT32_C(0xB5646BDA), + UINT32_C(0xA9BFFA1D), UINT32_C(0x3A51049B)}}, + {{UINT32_C(0x4B366BED), UINT32_C(0x61FC4939), UINT32_C(0x0A21272D), + UINT32_C(0x83F71426), UINT32_C(0xC1F063A0), UINT32_C(0x6F851419), + UINT32_C(0xDA38C6A2), UINT32_C(0x49E985B3)}, + {UINT32_C(0x49E66A53), UINT32_C(0x8993B91B), UINT32_C(0xB46351F5), + UINT32_C(0x2B748159), UINT32_C(0x48CF7616), UINT32_C(0x75F5C92C), + UINT32_C(0x43BE076A), UINT32_C(0xB70159EC)}}, + {{UINT32_C(0xE79D8255), UINT32_C(0xF198B351), UINT32_C(0xF59FE019), + UINT32_C(0xBFC47724), UINT32_C(0x16B9E680), UINT32_C(0x09CDA15E), + UINT32_C(0x1CC2B9CD), UINT32_C(0xBDACE439)}, + {UINT32_C(0xA9204697), UINT32_C(0xCDC2EF1D), UINT32_C(0x89CB9A9E), + UINT32_C(0x662B331A), UINT32_C(0x9968F610), UINT32_C(0x38628A14), + UINT32_C(0x34D9F707), UINT32_C(0xC203DC72)}}, + {{UINT32_C(0xA8EC873D), UINT32_C(0xF9B59177), UINT32_C(0x3DCB22A3), + UINT32_C(0x06251EEA), UINT32_C(0xB923799E), UINT32_C(0xF2843915), + UINT32_C(0x1F58C6D6), UINT32_C(0x83D881CE)}, + {UINT32_C(0x74594A6B), UINT32_C(0x2CC84AF6), UINT32_C(0x143D665F), + UINT32_C(0x3BCA0706), UINT32_C(0xA6F0D6CD), UINT32_C(0x436A93B9), + UINT32_C(0x31D6E3A4), UINT32_C(0x10339104)}}, + {{UINT32_C(0x80E71165), UINT32_C(0xB8260962), UINT32_C(0x37CF05F9), + UINT32_C(0x9435A53A), UINT32_C(0x6BEF565C), UINT32_C(0xB515236A), + UINT32_C(0x6B1C69F8), UINT32_C(0x131B09AB)}, + {UINT32_C(0x15587108), UINT32_C(0x7D28A524), UINT32_C(0x372A0B9B), + UINT32_C(0x710B2297), UINT32_C(0xEB731907), UINT32_C(0x45B05AF6), + UINT32_C(0x1E60FE7A), UINT32_C(0x7327B80D)}}, + }, + { + {{UINT32_C(0x6A5F218A), UINT32_C(0x4F1BFE27), UINT32_C(0xF36B4CD7), + UINT32_C(0x9670C96E), UINT32_C(0x16BD6D68), UINT32_C(0xC1045301), + UINT32_C(0x3FCF028D), UINT32_C(0x860042B4)}, + {UINT32_C(0xA1C37CE3), UINT32_C(0x513468E4), UINT32_C(0xF54337C3), + UINT32_C(0xD32C00E3), UINT32_C(0xDCA44E58), UINT32_C(0x017A64EE), + UINT32_C(0x572A1432), UINT32_C(0x845B2CFD)}}, + {{UINT32_C(0x9A4B3A0D), UINT32_C(0x860E9CAA), UINT32_C(0x354094B1), + UINT32_C(0x33E1E718), UINT32_C(0xE8D3EF60), UINT32_C(0x32191B81), + UINT32_C(0xF46AED39), UINT32_C(0xC0E37532)}, + {UINT32_C(0x781ED738), UINT32_C(0xB8EF03B7), UINT32_C(0x42418A51), + UINT32_C(0x99B1302F), UINT32_C(0x3DEFDA42), UINT32_C(0xF0C36874), + UINT32_C(0xF0D5AC2F), UINT32_C(0x74E15756)}}, + {{UINT32_C(0x3E05D280), UINT32_C(0x927758A6), UINT32_C(0x46FE7051), + UINT32_C(0xBB49189E), UINT32_C(0x5DF82A4E), UINT32_C(0xD1DAC0CD), + UINT32_C(0x188E6E67), UINT32_C(0x59CEF00C)}, + {UINT32_C(0xDD031AF1), UINT32_C(0x782491DF), UINT32_C(0xDB8AD011), + UINT32_C(0xD82966F8), UINT32_C(0xB19A773A), UINT32_C(0x0B5AD2C6), + UINT32_C(0x02488CB1), UINT32_C(0x3D2651D9)}}, + {{UINT32_C(0x20E33212), UINT32_C(0xADDDB80E), UINT32_C(0x73429553), + UINT32_C(0x4169EE13), UINT32_C(0x43E75223), UINT32_C(0xB5B9EC03), + UINT32_C(0x627A8605), UINT32_C(0xB05874DE)}, + {UINT32_C(0xB013211E), UINT32_C(0xE21CFE17), UINT32_C(0x24D1770A), + UINT32_C(0x107A375E), UINT32_C(0x29AC869A), UINT32_C(0x424C5FC5), + UINT32_C(0x27D697ED), UINT32_C(0x218F36E9)}}, + {{UINT32_C(0xABFCCF26), UINT32_C(0xBDEAD1FF), UINT32_C(0x58B3B4BA), + UINT32_C(0x488980F3), UINT32_C(0xA104EF0D), UINT32_C(0x14D39E5D), + UINT32_C(0x4418F3F4), UINT32_C(0x215D3369)}, + {UINT32_C(0xE098F1C7), UINT32_C(0xFC72ABBA), UINT32_C(0x1E796EBB), + UINT32_C(0xB77FE8C5), UINT32_C(0x281779D5), UINT32_C(0x8E2BAFF6), + UINT32_C(0x8F5F3B8A), UINT32_C(0x4B4FABB1)}}, + {{UINT32_C(0xD8B01303), UINT32_C(0xF0437E7A), UINT32_C(0xDC2BB1D8), + UINT32_C(0xBA781CB4), UINT32_C(0x4A0ED188), UINT32_C(0x5D093C33), + UINT32_C(0xB62617E3), UINT32_C(0xAE3EBC9D)}, + {UINT32_C(0x5A3FC980), UINT32_C(0xDD968B8D), UINT32_C(0xEED9C68B), + UINT32_C(0xB98AC721), UINT32_C(0x3BC4BA5F), UINT32_C(0x7D1589DA), + UINT32_C(0xB164EF92), UINT32_C(0x1F70C41F)}}, + {{UINT32_C(0xFF9BE49F), UINT32_C(0x829356F1), UINT32_C(0x70E8CD8E), + UINT32_C(0xB4784FAF), UINT32_C(0x7C8137F0), UINT32_C(0x50FC7D19), + UINT32_C(0x66FFD563), UINT32_C(0x65302416)}, + {UINT32_C(0x608CC073), UINT32_C(0xDF4691AB), UINT32_C(0x1E721EA8), + UINT32_C(0x53E03124), UINT32_C(0xE21DB3EF), UINT32_C(0xA69C5F9E), + UINT32_C(0x4A40D5E8), UINT32_C(0xBA1EB568)}}, + {{UINT32_C(0x2238C55D), UINT32_C(0x05D6B7B0), UINT32_C(0xF1D12981), + UINT32_C(0x6FF6E9D4), UINT32_C(0xF6BFD816), UINT32_C(0xA7EE9598), + UINT32_C(0x950F2954), UINT32_C(0xD18D9944)}, + {UINT32_C(0xEFF2B2AE), UINT32_C(0xA7751A95), UINT32_C(0xA8EBFAC1), + UINT32_C(0x48C651BB), UINT32_C(0xAB09CB81), UINT32_C(0xB11642A3), + UINT32_C(0xF23F4F07), UINT32_C(0x38A06C96)}}, + {{UINT32_C(0xBFDD2FE5), UINT32_C(0x3A480AED), UINT32_C(0x507C3FD8), + UINT32_C(0x3DB4D9A4), UINT32_C(0x39A44883), UINT32_C(0xE6221059), + UINT32_C(0x268CAF69), UINT32_C(0x95897A95)}, + {UINT32_C(0x1BB281CC), UINT32_C(0x1D4E0147), UINT32_C(0x43632032), + UINT32_C(0xDAB91429), UINT32_C(0x0FF829D7), UINT32_C(0x6D91D12B), + UINT32_C(0x3C33143C), UINT32_C(0x5500D463)}}, + {{UINT32_C(0x1DE8E78C), UINT32_C(0xAA5C151A), UINT32_C(0x26A27FA7), + UINT32_C(0x84D9971E), UINT32_C(0xD6D2D794), UINT32_C(0xE1B970C4), + UINT32_C(0x76EAAD40), UINT32_C(0x60116AFC)}, + {UINT32_C(0xE1659332), UINT32_C(0x25FC7C02), UINT32_C(0xDFCA9480), + UINT32_C(0x8FBD58D2), UINT32_C(0x454F42ED), UINT32_C(0x97F12859), + UINT32_C(0x79A45FDE), UINT32_C(0xC5DA1AA2)}}, + {{UINT32_C(0xED995CF0), UINT32_C(0x2D76441E), UINT32_C(0x29CBA4C6), + UINT32_C(0x457710B7), UINT32_C(0xE5AB0DEB), UINT32_C(0xF4FAC58C), + UINT32_C(0x3E66C502), UINT32_C(0x7A1E2B5D)}, + {UINT32_C(0x85DC5610), UINT32_C(0xB2DB583C), UINT32_C(0x22686CC9), + UINT32_C(0xF5A4D278), UINT32_C(0xEEAAFF42), UINT32_C(0x3F48BE66), + UINT32_C(0x62325EE4), UINT32_C(0x6A78FA0D)}}, + {{UINT32_C(0x1174FFB6), UINT32_C(0xE39F2137), UINT32_C(0xD2E0DF58), + UINT32_C(0x802BE319), UINT32_C(0xA0E46CAC), UINT32_C(0x8758050B), + UINT32_C(0xC1505CFB), UINT32_C(0x0AC0435D)}, + {UINT32_C(0x16552F01), UINT32_C(0x19B5C82A), UINT32_C(0x14C66E12), + UINT32_C(0x3BCA0B01), UINT32_C(0xB2EAFE88), UINT32_C(0x6D740C67), + UINT32_C(0xB03447A4), UINT32_C(0xD0F37392)}}, + {{UINT32_C(0x969A14D4), UINT32_C(0xEF2F21F4), UINT32_C(0x64C6FA7C), + UINT32_C(0xEDEAAB98), UINT32_C(0x5E483758), UINT32_C(0xE842CC68), + UINT32_C(0xAE2D48D1), UINT32_C(0x7EE0C315)}, + {UINT32_C(0x21377294), UINT32_C(0x47B7547F), UINT32_C(0x4C64BDF6), + UINT32_C(0x9317BD4A), UINT32_C(0x03D5A12B), UINT32_C(0xDF4D8931), + UINT32_C(0xFD557EE9), UINT32_C(0x20F0DB38)}}, + {{UINT32_C(0xDE4DA7AF), UINT32_C(0xC2AA7A9A), UINT32_C(0xD0BFCEBB), + UINT32_C(0xA5029C69), UINT32_C(0xB300B2AC), UINT32_C(0x28E1A892), + UINT32_C(0x1667CC45), UINT32_C(0xAFD30327)}, + {UINT32_C(0x06179176), UINT32_C(0x2C1F1186), UINT32_C(0x93D8938D), + UINT32_C(0x96714AB4), UINT32_C(0x8FA8647A), UINT32_C(0x2E2A1C3E), + UINT32_C(0x4B40FE42), UINT32_C(0x1D5C1B58)}}, + {{UINT32_C(0xD69C0B65), UINT32_C(0x21A94497), UINT32_C(0x4C382C0C), + UINT32_C(0x29B7B274), UINT32_C(0x7EB0577B), UINT32_C(0x0A1B4AA2), + UINT32_C(0xDFF741C9), UINT32_C(0x2802315D)}, + {UINT32_C(0x73A46493), UINT32_C(0x8106EB96), UINT32_C(0x5EA04126), + UINT32_C(0xC330FEA5), UINT32_C(0xCE5AFC0C), UINT32_C(0x75543E9E), + UINT32_C(0x7E800130), UINT32_C(0x4793CCF7)}}, + {{UINT32_C(0x706250D1), UINT32_C(0xA0087FBB), UINT32_C(0x29A3419B), + UINT32_C(0x579C4409), UINT32_C(0xDE27D5AB), UINT32_C(0x17846712), + UINT32_C(0xD0029993), UINT32_C(0x43041A06)}, + {UINT32_C(0x8801EF53), UINT32_C(0x282FDC44), UINT32_C(0xE580E842), + UINT32_C(0xF2D4B09F), UINT32_C(0x4594B462), UINT32_C(0x1AE6DDFA), + UINT32_C(0x809765A9), UINT32_C(0x33EDA377)}}, + }}; + +#endif /* __SIZEOF_INT128__ */ + +/*- + * Finite field inversion. + * Computed with Bernstein-Yang algorithm. + * https://tches.iacr.org/index.php/TCHES/article/view/8298 + * Based on https://github.com/mit-plv/fiat-crypto/tree/master/inversion/c + * NB: this is not a real fiat-crypto function, just named that way for consistency. + */ +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_inv(fe_t output, const fe_t t1) { + int i; + fe_t v1, r1, v2; + limb_t *r2 = output; + limb_t f1[LIMB_CNT + 1], g1[LIMB_CNT + 1], f2[LIMB_CNT + 1], + g2[LIMB_CNT + 1]; + limb_t d2, d1 = 1; + + fe_copy(g1, t1); + g1[LIMB_CNT] = 0; + fe_copy(f1, const_psat); + f1[LIMB_CNT] = 0; + fe_copy(r1, const_one); + fe_set_zero(v1); + + /* 741 divstep iterations */ + for (i = 0; i < 370; i++) { + fiat_secp256k1_divstep(&d2, f2, g2, v2, r2, d1, f1, g1, v1, r1); + fiat_secp256k1_divstep(&d1, f1, g1, v1, r1, d2, f2, g2, v2, r2); + } + + fiat_secp256k1_divstep(&d2, f2, g2, v2, r2, d1, f1, g1, v1, r1); + fiat_secp256k1_opp(output, v2); + fiat_secp256k1_selectznz(output, f2[LIMB_CNT] >> (LIMB_BITS - 1), v2, + output); + fiat_secp256k1_mul(output, output, const_divstep); +} + +static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_scalar_inv(fe_t output, const fe_t t1) { + int i; + fe_t v1, r1, v2; + limb_t *r2 = output; + limb_t f1[LIMB_CNT + 1], g1[LIMB_CNT + 1], f2[LIMB_CNT + 1], + g2[LIMB_CNT + 1]; + limb_t d2, d1 = 1; + + fe_copy(g1, t1); + g1[LIMB_CNT] = 0; + fiat_secp256k1_scalar_msat(f1); + f1[LIMB_CNT] = 0; + fiat_secp256k1_scalar_set_one(r1); + fe_set_zero(v1); + + /* 741 divstep iterations */ + for (i = 0; i < 370; i++) { + fiat_secp256k1_scalar_divstep(&d2, f2, g2, v2, r2, d1, f1, g1, v1, r1); + fiat_secp256k1_scalar_divstep(&d1, f1, g1, v1, r1, d2, f2, g2, v2, r2); + } + + fiat_secp256k1_scalar_divstep(&d2, f2, g2, v2, r2, d1, f1, g1, v1, r1); + fiat_secp256k1_scalar_opp(output, v2); + fiat_secp256k1_scalar_selectznz(output, f2[LIMB_CNT] >> (LIMB_BITS - 1), v2, + output); + fiat_secp256k1_scalar_divstep_precomp(v2); + fiat_secp256k1_scalar_mul(output, output, v2); +} + +/*- + * Q := 2P, both projective, Q and P same pointers OK + * Autogenerated: op3/dbl_proj_zero.op3 + * https://eprint.iacr.org/2015/1060 Alg 9 + * ASSERT: a = 0 + */ +static FIAT_SECP256K1_FIAT_INLINE void point_double(pt_prj_t *Q, const pt_prj_t *P) { + /* temporary variables */ + fe_t t0, t1, t2, t3, t4; + /* constants */ + const limb_t *b3 = const_b3; + /* set pointers for legacy curve arith */ + const limb_t *X = P->X; + const limb_t *Y = P->Y; + const limb_t *Z = P->Z; + limb_t *X3 = Q->X; + limb_t *Y3 = Q->Y; + limb_t *Z3 = Q->Z; + + /* the curve arith formula */ + fiat_secp256k1_square(t0, Y); + fiat_secp256k1_mul(t4, X, Y); + fiat_secp256k1_add(t3, t0, t0); + fiat_secp256k1_add(t3, t3, t3); + fiat_secp256k1_add(t3, t3, t3); + fiat_secp256k1_mul(t1, Y, Z); + fiat_secp256k1_square(t2, Z); + fiat_secp256k1_mul(t2, b3, t2); + fiat_secp256k1_mul(X3, t2, t3); + fiat_secp256k1_add(Y3, t0, t2); + fiat_secp256k1_mul(Z3, t1, t3); + fiat_secp256k1_add(t1, t2, t2); + fiat_secp256k1_add(t2, t1, t2); + fiat_secp256k1_sub(t0, t0, t2); + fiat_secp256k1_mul(Y3, t0, Y3); + fiat_secp256k1_add(Y3, X3, Y3); + fiat_secp256k1_mul(X3, t0, t4); + fiat_secp256k1_add(X3, X3, X3); +} + +/*- + * R := Q + P where R and Q are projective, P affine. + * R and Q same pointers OK + * R and P same pointers not OK + * Autogenerated: op3/add_mixed_zero.op3 + * https://eprint.iacr.org/2015/1060 Alg 8 + * ASSERT: a = 0 + */ +static FIAT_SECP256K1_FIAT_INLINE void point_add_mixed(pt_prj_t *R, const pt_prj_t *Q, const pt_aff_t *P) { + /* temporary variables */ + fe_t t0, t1, t2, t3, t4; + /* constants */ + const limb_t *b3 = const_b3; + /* set pointers for legacy curve arith */ + const limb_t *X1 = Q->X; + const limb_t *Y1 = Q->Y; + const limb_t *Z1 = Q->Z; + const limb_t *X2 = P->X; + const limb_t *Y2 = P->Y; + fe_t X3; + fe_t Y3; + fe_t Z3; + limb_t nz; + + /* check P for affine inf */ + fiat_secp256k1_nonzero(&nz, P->Y); + + /* the curve arith formula */ + fiat_secp256k1_mul(t0, X1, X2); + fiat_secp256k1_mul(t1, Y1, Y2); + fiat_secp256k1_add(t3, X2, Y2); + fiat_secp256k1_add(t4, X1, Y1); + fiat_secp256k1_mul(t3, t3, t4); + fiat_secp256k1_add(t4, t0, t1); + fiat_secp256k1_sub(t3, t3, t4); + fiat_secp256k1_mul(t4, Y2, Z1); + fiat_secp256k1_add(t4, t4, Y1); + fiat_secp256k1_mul(Y3, X2, Z1); + fiat_secp256k1_add(Y3, Y3, X1); + fiat_secp256k1_add(X3, t0, t0); + fiat_secp256k1_add(t0, X3, t0); + fiat_secp256k1_mul(t2, b3, Z1); + fiat_secp256k1_add(Z3, t1, t2); + fiat_secp256k1_sub(t1, t1, t2); + fiat_secp256k1_mul(Y3, b3, Y3); + fiat_secp256k1_mul(X3, t4, Y3); + fiat_secp256k1_mul(t2, t3, t1); + fiat_secp256k1_sub(X3, t2, X3); + fiat_secp256k1_mul(Y3, Y3, t0); + fiat_secp256k1_mul(t1, t1, Z3); + fiat_secp256k1_add(Y3, t1, Y3); + fiat_secp256k1_mul(t0, t0, t3); + fiat_secp256k1_mul(Z3, Z3, t4); + fiat_secp256k1_add(Z3, Z3, t0); + + /* if P is inf, throw all that away and take Q */ + fiat_secp256k1_selectznz(R->X, nz, Q->X, X3); + fiat_secp256k1_selectznz(R->Y, nz, Q->Y, Y3); + fiat_secp256k1_selectznz(R->Z, nz, Q->Z, Z3); +} + +/*- + * R := Q + P all projective. + * R and Q same pointers OK + * R and P same pointers not OK + * Autogenerated: op3/add_proj_zero.op3 + * https://eprint.iacr.org/2015/1060 Alg 7 + * ASSERT: a = 0 + */ +static FIAT_SECP256K1_FIAT_INLINE void point_add_proj(pt_prj_t *R, const pt_prj_t *Q, const pt_prj_t *P) { + /* temporary variables */ + fe_t t0, t1, t2, t3, t4, t5; + /* constants */ + const limb_t *b3 = const_b3; + /* set pointers for legacy curve arith */ + const limb_t *X1 = Q->X; + const limb_t *Y1 = Q->Y; + const limb_t *Z1 = Q->Z; + const limb_t *X2 = P->X; + const limb_t *Y2 = P->Y; + const limb_t *Z2 = P->Z; + limb_t *X3 = R->X; + limb_t *Y3 = R->Y; + limb_t *Z3 = R->Z; + + /* the curve arith formula */ + fiat_secp256k1_mul(t0, X1, X2); + fiat_secp256k1_mul(t1, Y1, Y2); + fiat_secp256k1_mul(t2, Z1, Z2); + fiat_secp256k1_add(t3, X1, Y1); + fiat_secp256k1_add(t4, X2, Y2); + fiat_secp256k1_mul(t3, t3, t4); + fiat_secp256k1_add(t4, t0, t1); + fiat_secp256k1_sub(t3, t3, t4); + fiat_secp256k1_add(t4, Y1, Z1); + fiat_secp256k1_add(t5, Y2, Z2); + fiat_secp256k1_mul(t4, t4, t5); + fiat_secp256k1_add(t5, t1, t2); + fiat_secp256k1_sub(t4, t4, t5); + fiat_secp256k1_add(X3, X1, Z1); + fiat_secp256k1_add(Y3, X2, Z2); + fiat_secp256k1_mul(X3, X3, Y3); + fiat_secp256k1_add(Y3, t0, t2); + fiat_secp256k1_sub(Y3, X3, Y3); + fiat_secp256k1_add(X3, t0, t0); + fiat_secp256k1_add(t0, X3, t0); + fiat_secp256k1_mul(t2, b3, t2); + fiat_secp256k1_add(Z3, t1, t2); + fiat_secp256k1_sub(t1, t1, t2); + fiat_secp256k1_mul(Y3, b3, Y3); + fiat_secp256k1_mul(X3, t4, Y3); + fiat_secp256k1_mul(t2, t3, t1); + fiat_secp256k1_sub(X3, t2, X3); + fiat_secp256k1_mul(Y3, Y3, t0); + fiat_secp256k1_mul(t1, t1, Z3); + fiat_secp256k1_add(Y3, t1, Y3); + fiat_secp256k1_mul(t0, t0, t3); + fiat_secp256k1_mul(Z3, Z3, t4); + fiat_secp256k1_add(Z3, Z3, t0); +} + +/* constants */ +#define RADIX 5 +#define DRADIX (1 << RADIX) +#define DRADIX_WNAF ((DRADIX) << 1) + +/*- + * precomp for wnaf scalar multiplication: + * precomp[0] = 1P + * precomp[1] = 3P + * precomp[2] = 5P + * precomp[3] = 7P + * precomp[4] = 9P + * ... + */ +static FIAT_SECP256K1_FIAT_INLINE void precomp_wnaf(pt_prj_t precomp[DRADIX / 2], const pt_aff_t *P) { + int i; + + fe_copy(precomp[0].X, P->X); + fe_copy(precomp[0].Y, P->Y); + fe_copy(precomp[0].Z, const_one); + point_double(&precomp[DRADIX / 2 - 1], &precomp[0]); + + for (i = 1; i < DRADIX / 2; i++) + point_add_proj(&precomp[i], &precomp[DRADIX / 2 - 1], &precomp[i - 1]); +} + +/* fetch a scalar bit */ +static FIAT_SECP256K1_FIAT_INLINE int scalar_get_bit(const unsigned char in[32], int idx) { + int widx, rshift; + + widx = idx >> 3; + rshift = idx & 0x7; + + if (idx < 0 || widx >= 32) return 0; + + return (in[widx] >> rshift) & 0x1; +} + +/*- + * Compute "regular" wnaf representation of a scalar. + * See "Exponent Recoding and Regular Exponentiation Algorithms", + * Tunstall et al., AfricaCrypt 2009, Alg 6. + * It forces an odd scalar and outputs digits in + * {\pm 1, \pm 3, \pm 5, \pm 7, \pm 9, ...} + * i.e. signed odd digits with _no zeroes_ -- that makes it "regular". + */ +static FIAT_SECP256K1_FIAT_INLINE void scalar_rwnaf(int8_t out[52], const unsigned char in[32]) { + int i; + int8_t window, d; + + window = (in[0] & (DRADIX_WNAF - 1)) | 1; + for (i = 0; i < 51; i++) { + d = (window & (DRADIX_WNAF - 1)) - DRADIX; + out[i] = d; + window = (window - d) >> RADIX; + window += scalar_get_bit(in, (i + 1) * RADIX + 1) << 1; + window += scalar_get_bit(in, (i + 1) * RADIX + 2) << 2; + window += scalar_get_bit(in, (i + 1) * RADIX + 3) << 3; + window += scalar_get_bit(in, (i + 1) * RADIX + 4) << 4; + window += scalar_get_bit(in, (i + 1) * RADIX + 5) << 5; + } + out[i] = window; +} + +/*- + * Compute "textbook" wnaf representation of a scalar. + * NB: not constant time + */ +static FIAT_SECP256K1_FIAT_INLINE void scalar_wnaf(int8_t out[257], const unsigned char in[32]) { + int i; + int8_t window, d; + + window = in[0] & (DRADIX_WNAF - 1); + for (i = 0; i < 257; i++) { + d = 0; + if ((window & 1) && ((d = window & (DRADIX_WNAF - 1)) & DRADIX)) + d -= DRADIX_WNAF; + out[i] = d; + window = (window - d) >> 1; + window += scalar_get_bit(in, i + 1 + RADIX) << RADIX; + } +} + +/*- + * Simultaneous scalar multiplication: interleaved "textbook" wnaf. + * NB: not constant time + */ +static FIAT_SECP256K1_FIAT_INLINE void var_smul_wnaf_two(pt_aff_t *out, const unsigned char a[32], + const unsigned char b[32], const pt_aff_t *P) { + int i, d, is_neg, is_inf = 1, flipped = 0; + int8_t anaf[257] = {0}; + int8_t bnaf[257] = {0}; + pt_prj_t Q = {{0}, {0}, {0}}; + pt_prj_t precomp[DRADIX / 2]; + + precomp_wnaf(precomp, P); + scalar_wnaf(anaf, a); + scalar_wnaf(bnaf, b); + + for (i = 256; i >= 0; i--) { + if (!is_inf) point_double(&Q, &Q); + if ((d = bnaf[i])) { + if ((is_neg = d < 0) != flipped) { + fiat_secp256k1_opp(Q.Y, Q.Y); + flipped ^= 1; + } + d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; + if (is_inf) { + /* initialize accumulator */ + fe_copy(Q.X, &precomp[d].X); + fe_copy(Q.Y, &precomp[d].Y); + fe_copy(Q.Z, &precomp[d].Z); + is_inf = 0; + } else + point_add_proj(&Q, &Q, &precomp[d]); + } + if ((d = anaf[i])) { + if ((is_neg = d < 0) != flipped) { + fiat_secp256k1_opp(Q.Y, Q.Y); + flipped ^= 1; + } + d = (is_neg) ? (-d - 1) >> 1 : (d - 1) >> 1; + if (is_inf) { + /* initialize accumulator */ + fe_copy(Q.X, &lut_cmb[0][d].X); + fe_copy(Q.Y, &lut_cmb[0][d].Y); + fe_copy(Q.Z, const_one); + is_inf = 0; + } else + point_add_mixed(&Q, &Q, &lut_cmb[0][d]); + } + } + + if (is_inf) { + /* initialize accumulator to inf: all-zero scalars */ + fe_set_zero(Q.X); + fe_copy(Q.Y, const_one); + fe_set_zero(Q.Z); + } + + if (flipped) { + /* correct sign */ + fiat_secp256k1_opp(Q.Y, Q.Y); + } + + /* convert to affine -- NB depends on coordinate system */ + fiat_secp256k1_inv(Q.Z, Q.Z); + fiat_secp256k1_mul(out->X, Q.X, Q.Z); + fiat_secp256k1_mul(out->Y, Q.Y, Q.Z); +} + +/*- + * Variable point scalar multiplication with "regular" wnaf. + * Here "regular" means _no zeroes_, so the sequence of + * EC arithmetic ops is fixed. + */ +static FIAT_SECP256K1_FIAT_INLINE void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32], + const pt_aff_t *P) { + int i, j, d, diff, is_neg; + int8_t rnaf[52] = {0}; + pt_prj_t Q = {{0}, {0}, {0}}, lut = {{0}, {0}, {0}}; + pt_prj_t precomp[DRADIX / 2]; + + precomp_wnaf(precomp, P); + scalar_rwnaf(rnaf, scalar); + +#if defined(_MSC_VER) + /* result still unsigned: yes we know */ +#pragma warning(push) +#pragma warning(disable : 4146) +#endif + + /* initialize accumulator to high digit */ + d = (rnaf[51] - 1) >> 1; + for (j = 0; j < DRADIX / 2; j++) { + diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; + fiat_secp256k1_selectznz(Q.X, diff, Q.X, precomp[j].X); + fiat_secp256k1_selectznz(Q.Y, diff, Q.Y, precomp[j].Y); + fiat_secp256k1_selectznz(Q.Z, diff, Q.Z, precomp[j].Z); + } + + for (i = 50; i >= 0; i--) { + for (j = 0; j < RADIX; j++) point_double(&Q, &Q); + d = rnaf[i]; + /* is_neg = (d < 0) ? 1 : 0 */ + is_neg = (d >> (8 * sizeof(int) - 1)) & 1; + /* d = abs(d) */ + d = (d ^ -is_neg) + is_neg; + d = (d - 1) >> 1; + for (j = 0; j < DRADIX / 2; j++) { + diff = (1 - (-(d ^ j) >> (8 * sizeof(int) - 1))) & 1; + fiat_secp256k1_selectznz(lut.X, diff, lut.X, precomp[j].X); + fiat_secp256k1_selectznz(lut.Y, diff, lut.Y, precomp[j].Y); + fiat_secp256k1_selectznz(lut.Z, diff, lut.Z, precomp[j].Z); + } + /* negate lut point if digit is negative */ + fiat_secp256k1_opp(out->Y, lut.Y); + fiat_secp256k1_selectznz(lut.Y, is_neg, lut.Y, out->Y); + point_add_proj(&Q, &Q, &lut); + } + +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + + /* conditionally subtract P if the scalar was even */ + fe_copy(lut.X, precomp[0].X); + fiat_secp256k1_opp(lut.Y, precomp[0].Y); + fe_copy(lut.Z, precomp[0].Z); + point_add_proj(&lut, &lut, &Q); + fiat_secp256k1_selectznz(Q.X, scalar[0] & 1, lut.X, Q.X); + fiat_secp256k1_selectznz(Q.Y, scalar[0] & 1, lut.Y, Q.Y); + fiat_secp256k1_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + + /* convert to affine -- NB depends on coordinate system */ + fiat_secp256k1_inv(Q.Z, Q.Z); + fiat_secp256k1_mul(out->X, Q.X, Q.Z); + fiat_secp256k1_mul(out->Y, Q.Y, Q.Z); +} + +/*- + * Fixed scalar multiplication: comb with interleaving. + */ +static FIAT_SECP256K1_FIAT_INLINE void fixed_smul_cmb(pt_aff_t *out, const unsigned char scalar[32]) { + int i, j, k, d, diff, is_neg = 0; + int8_t rnaf[52] = {0}; + pt_prj_t Q = {{0}, {0}, {0}}, R = {{0}, {0}, {0}}; + pt_aff_t lut = {{0}, {0}}; + + scalar_rwnaf(rnaf, scalar); + + /* initalize accumulator to inf */ + fe_set_zero(Q.X); + fe_copy(Q.Y, const_one); + fe_set_zero(Q.Z); + +#if defined(_MSC_VER) + /* result still unsigned: yes we know */ +#pragma warning(push) +#pragma warning(disable : 4146) +#endif + + for (i = 1; i >= 0; i--) { + for (j = 0; i != 1 && j < RADIX; j++) point_double(&Q, &Q); + for (j = 0; j < 27; j++) { + if (j * 2 + i > 51) continue; + d = rnaf[j * 2 + i]; + /* is_neg = (d < 0) ? 1 : 0 */ + is_neg = (d >> (8 * sizeof(int) - 1)) & 1; + /* d = abs(d) */ + d = (d ^ -is_neg) + is_neg; + d = (d - 1) >> 1; + for (k = 0; k < DRADIX / 2; k++) { + diff = (1 - (-(d ^ k) >> (8 * sizeof(int) - 1))) & 1; + fiat_secp256k1_selectznz(lut.X, diff, lut.X, lut_cmb[j][k].X); + fiat_secp256k1_selectznz(lut.Y, diff, lut.Y, lut_cmb[j][k].Y); + } + /* negate lut point if digit is negative */ + fiat_secp256k1_opp(out->Y, lut.Y); + fiat_secp256k1_selectznz(lut.Y, is_neg, lut.Y, out->Y); + point_add_mixed(&Q, &Q, &lut); + } + } + +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + + /* conditionally subtract P if the scalar was even */ + fe_copy(lut.X, lut_cmb[0][0].X); + fiat_secp256k1_opp(lut.Y, lut_cmb[0][0].Y); + point_add_mixed(&R, &Q, &lut); + fiat_secp256k1_selectznz(Q.X, scalar[0] & 1, R.X, Q.X); + fiat_secp256k1_selectznz(Q.Y, scalar[0] & 1, R.Y, Q.Y); + fiat_secp256k1_selectznz(Q.Z, scalar[0] & 1, R.Z, Q.Z); + + /* convert to affine -- NB depends on coordinate system */ + fiat_secp256k1_inv(Q.Z, Q.Z); + fiat_secp256k1_mul(out->X, Q.X, Q.Z); + fiat_secp256k1_mul(out->Y, Q.Y, Q.Z); +} + +/*- + * Wrapper: simultaneous scalar mutiplication. + * outx, outy := a * G + b * P + * where P = (inx, iny). + * Everything is LE byte ordering. + */ +static FIAT_SECP256K1_FIAT_INLINE + void + point_mul_two_secp256k1(unsigned char outx[32], unsigned char outy[32], + const unsigned char a[32], + const unsigned char b[32], + const unsigned char inx[32], + const unsigned char iny[32]) { + pt_aff_t P; + + fiat_secp256k1_from_bytes(P.X, inx); + fiat_secp256k1_from_bytes(P.Y, iny); + fiat_secp256k1_to_montgomery(P.X, P.X); + fiat_secp256k1_to_montgomery(P.Y, P.Y); + /* simultaneous scalar multiplication */ + var_smul_wnaf_two(&P, a, b, &P); + + fiat_secp256k1_from_montgomery(P.X, P.X); + fiat_secp256k1_from_montgomery(P.Y, P.Y); + fiat_secp256k1_to_bytes(outx, P.X); + fiat_secp256k1_to_bytes(outy, P.Y); +} + +/*- + * Wrapper: fixed scalar mutiplication. + * outx, outy := scalar * G + * Everything is LE byte ordering. + */ +static FIAT_SECP256K1_FIAT_INLINE + void + point_mul_g_secp256k1(unsigned char outx[32], unsigned char outy[32], + const unsigned char scalar[32]) { + pt_aff_t P; + + /* fixed scmul function */ + fixed_smul_cmb(&P, scalar); + fiat_secp256k1_from_montgomery(P.X, P.X); + fiat_secp256k1_from_montgomery(P.Y, P.Y); + fiat_secp256k1_to_bytes(outx, P.X); + fiat_secp256k1_to_bytes(outy, P.Y); +} + +/*- + * Wrapper: variable point scalar mutiplication. + * outx, outy := scalar * P + * where P = (inx, iny). + * Everything is LE byte ordering. + */ +static FIAT_SECP256K1_FIAT_INLINE + void + point_mul_secp256k1(unsigned char outx[32], unsigned char outy[32], + const unsigned char scalar[32], + const unsigned char inx[32], + const unsigned char iny[32]) { + pt_aff_t P; + + fiat_secp256k1_from_bytes(P.X, inx); + fiat_secp256k1_from_bytes(P.Y, iny); + fiat_secp256k1_to_montgomery(P.X, P.X); + fiat_secp256k1_to_montgomery(P.Y, P.Y); + /* var scmul function */ + var_smul_rwnaf(&P, scalar, &P); + fiat_secp256k1_from_montgomery(P.X, P.X); + fiat_secp256k1_from_montgomery(P.Y, P.Y); + fiat_secp256k1_to_bytes(outx, P.X); + fiat_secp256k1_to_bytes(outy, P.Y); +} diff --git a/tests/dune b/tests/dune index 18892a3e..5d9c7b0d 100644 --- a/tests/dune +++ b/tests/dune @@ -51,7 +51,8 @@ ecdsa_secp256r1_sha512_test.json ecdh_secp384r1_test.json ecdsa_secp384r1_sha384_test.json ecdsa_secp384r1_sha512_test.json ecdh_secp521r1_test.json ecdsa_secp521r1_sha512_test.json - x25519_test.json eddsa_test.json) + x25519_test.json eddsa_test.json ecdsa_secp256k1_sha256_test.json + ecdh_secp256k1_test.json) (libraries alcotest mirage-crypto-ec wycheproof digestif asn1-combinators) (package mirage-crypto-ec)) diff --git a/tests/ecdh_secp256k1_test.json b/tests/ecdh_secp256k1_test.json new file mode 100644 index 00000000..17130217 --- /dev/null +++ b/tests/ecdh_secp256k1_test.json @@ -0,0 +1,4698 @@ +{ + "algorithm" : "ECDH", + "generatorVersion" : "0.8rc34", + "numberOfTests" : 460, + "header" : [ + "Test vectors of type EcdhTest are intended for", + "testing an ECDH implementations using X509 encoded", + "public keys and integers for private keys.", + "Test vectors of this format are useful for testing", + "Java providers." + ], + "notes" : { + "AddSubChain" : "The private key has a special value. Implementations using addition subtraction chains for the point multiplication may get the point at infinity as an intermediate result. See CVE_2017_10176", + "CompressedPoint" : "The point in the public key is compressed. Not every library supports points in compressed format.", + "InvalidAsn" : "The public key in this test uses an invalid ASN encoding. Some cases where the ASN parser is not strictly checking the ASN format are benign as long as the ECDH computation still returns the correct shared value.", + "InvalidPublic" : "The public key has been modified and is invalid. An implementation should always check whether the public key is valid and on the same curve as the private key. The test vector includes the shared secret computed with the original public key if the public point is on the curve of the private key. Generating a shared secret other than the one with the original key likely indicates that the bug is exploitable.", + "LargeCofactor" : "The cofactor is larger than the limits specified in FIPS-PUB 186-4 table 1, p.36.", + "ModifiedPrime" : "The modulus of the public key has been modified. The public point of the public key has been chosen so that it is both a point on both the curve of the modified public key and the private key.", + "NegativeCofactor" : "The cofactor is negative.", + "UnnamedCurve" : "The public key does not use a named curve. RFC 3279 allows to encode such curves by explicitly encoding, the parameters of the curve equation, modulus, generator, order and cofactor. However, many crypto libraries only support named curves. Modifying some of the EC parameters and encoding the corresponding public key as an unnamed curve is a potential attack vector.", + "UnusedParam" : "A parameter that is typically not used for ECDH has been modified. Sometimes libraries ignore small differences between public and private key. For example, a library might ignore an incorrect cofactor in the public key. We consider ignoring such changes as acceptable as long as these differences do not change the outcome of the ECDH computation, i.e. as long as the computation is done on the curve from the private key.", + "WeakPublicKey" : "The vector contains a weak public key. The curve is not a named curve, the public key point has order 3 and has been chosen to be on the same curve as the private key. This test vector is used to check ECC implementations for missing steps in the verification of the public key.", + "WrongOrder" : "The order of the public key has been modified. If this order is used in a cryptographic primitive instead of the correct order then private keys may leak. E.g. ECDHC in BC 1.52 suffered from this." + }, + "schema" : "ecdh_test_schema.json", + "testGroups" : [ + { + "curve" : "secp256k1", + "encoding" : "asn", + "type" : "EcdhTest", + "tests" : [ + { + "tcId" : 1, + "comment" : "normal case", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d8096af8a11e0b80037e1ee68246b5dcbb0aeb1cf1244fd767db80f3fa27da2b396812ea1686e7472e9692eaf3e958e50e9500d3b4c77243db1f2acd67ba9cc4", + "private" : "00f4b7ff7cccc98813a69fae3df222bfe3f4e28f764bf91b4a10d8096ce446b254", + "shared" : "544dfae22af6af939042b1d85b71a1e49e9a5614123c4d6ad0c8af65baf87d65", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "compressed public key", + "public" : "3036301006072a8648ce3d020106052b8104000a03220002d8096af8a11e0b80037e1ee68246b5dcbb0aeb1cf1244fd767db80f3fa27da2b", + "private" : "00f4b7ff7cccc98813a69fae3df222bfe3f4e28f764bf91b4a10d8096ce446b254", + "shared" : "544dfae22af6af939042b1d85b71a1e49e9a5614123c4d6ad0c8af65baf87d65", + "result" : "acceptable", + "flags" : [ + "CompressedPoint" + ] + }, + { + "tcId" : 3, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004965ff42d654e058ee7317cced7caf093fbb180d8d3a74b0dcd9d8cd47a39d5cb9c2aa4daac01a4be37c20467ede964662f12983e0b5272a47a5f2785685d8087", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000000001", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000406c4b87ba76c6dcb101f54a050a086aa2cb0722f03137df5a922472f1bdc11b982e3c735c4b6c481d09269559f080ad08632f370a054af12c1fd1eced2ea9211", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000000002", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 5, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bba30eef7967a2f2f08a2ffadac0e41fd4db12a93cef0b045b5706f2853821e6d50b2bf8cbf530e619869e07c021ef16f693cfc0a4b0d4ed5a8f464692bf3d6e", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000000003", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 6, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004166aed3bc281705444f933913f670957a118f8da2c71bd301a90929743e2ca583514a7972e33d6fea1e377ef4184937f67b37e41ef3099c228a88f5bfb67e5b9", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "00000000000000000000000000000000ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000436e1e76ffdbe8577520b0716eb88c18ea72a49e5a4e5680a7d290093f841cb6e7310728b59c7572c4b35fb6c29c36ebabfc53553c06ecf747fcfbefcf6114e1c", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004728e15d578212bc42287c0118c82c84b126f97d549223c10ad07f4e98af912385d23b1a6e716925855a247b16effe92773315241ac951cdfefdfac0ed16467f6", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ca03ff8e99e269576cf7564545c89268eb415ff45778732529fa5997cc2b230950d6b84b729bc07f9b2d92754281cdc0d289d2453385aef77e4bdc69bf155c5f", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "000003ffffff0000003ffffff0000003ffffff0000003ffffff0000004000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 10, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000451be66137e39bbf35a91c6db5ba6919ff471d885ca94462eaaa65b1eac366baa5910de70b6e09e97aa00621ef18f2801719b199b3e7769fdab2bd909b2f340d7", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010002", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 11, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000423556564850c50fba51f1e64ef98378ef5c22feafa29499ca27600c473cace889d5679e917daa7f4c7899517d37826284f031de01a60bc813696414d04531a21", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "210c790573632359b1edb4302c117d8a132654692c3feeb7de3a86ac3f3b53f7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 12, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ddbf807e22c56a19cf6c472829150350781034a5eddec365694d4bd5c865ead14e674127028c91d3394cac37293a866055d10f0f40a3706ad16b64fc9d5998bd", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 13, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004595e46ee7c2d7183ff2ea760ffd8472fb834ec89c08b6ef48ff92b44a13a6e1ae563e23953c97c26441323d2500c84e8cee04c15d4d5d2cc458703d1f2d02d31", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "7fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 14, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e426e2f5108333117587975f18d8cc078d41e56b7d6b82f585d75b0d73479ffd75800fd41236a56034bed9abc55d82cf059a14d63c07cd0750931714731a1ca1", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000000000000000000000000000000000000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 15, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e1c7076caf26010b1767f1a9c4156b5b4236368d5d90dece3441b734e8684ee6b3534c3c54e614e594dce6ca438b87c424c8e80f8fae226bbdf50e4906c13f6b", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000001", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 16, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004663cea1063c9916b75e85fc815d8a2370ec0a02aceef3db022e395db8b03bf3f188787f4047dc106807526502c7ae880e471c929b92e2384489c8070b5bcc109", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ff00000001fffffffc00000007fffffff00000001fffffffc000000080000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000424175c078e305d3139e5dab727a6ab8587b26daa470a529a23c10585cb56c038bf1f2b937ae074ff94b15f5cb5e60eb5d32afba2077539db794294bcaab71a81", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "edge case for shared secret", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004008d71c712dd95881cd1400dbe7683acbd8e269d25261b08f1f491b45e3b5621778182a24198b0f23502d06e24c45122e1f420af48dc1e17b1ea923386a33062", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffffffff00000000000000ffffffffffffff0000000000000100000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "y-coordinate of the public key has many trailing 1's", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000456baf1d72606c7af5a5fa108620b0839e2c7dd40b832ef847e5b64c86efe1aa563e586a667a65bbb5692500df1ff8403736838b30ea9791d9d390e3dc6689e2c", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "800000000000000000000000009fa2f1ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "y-coordinate of the public key is small", + "public" : "3056301006072a8648ce3d020106052b8104000a034200045e4c2cf1320ec84ef8920867b409a9a91d2dd008216a282e36bd84e884726fa05a5e4af11cf63ceaaa42a6dc9e4ccb394852cf84284e8d2627572fbf22c0ba88", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "80000000000000000000000000a3037effffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "y-coordinate of the public key is small", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000402a30c2fabc87e6730625dec2f0d03894387b7f743ce69c47351ebe5ee98a48307eb78d38770fea1a44f4da72c26f85b17f3501a4f9394fe29856ccbf15fd284", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000000000000000000000000124dcb0ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "y-coordinate of the public key is large", + "public" : "3056301006072a8648ce3d020106052b8104000a034200045e4c2cf1320ec84ef8920867b409a9a91d2dd008216a282e36bd84e884726fa0a5a1b50ee309c31555bd592361b334c6b7ad307bd7b172d9d8a8d03fdd3f41a7", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "80000000000000000000000000a3037effffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "y-coordinate of the public key is large", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000402a30c2fabc87e6730625dec2f0d03894387b7f743ce69c47351ebe5ee98a483f814872c788f015e5bb0b258d3d907a4e80cafe5b06c6b01d67a93330ea029ab", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000000000000000000000000124dcb0ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 24, + "comment" : "y-coordinate of the public key has many trailing 0's", + "public" : "3056301006072a8648ce3d020106052b8104000a034200045450cace04386adc54a14350793e83bdc5f265d6c29287ecd07f791ad2784c4cebd3c24451322334d8d51033e9d34b6bb592b1995d07867863d1044bd59d7501", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "80000000000000000000000001126b54ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 25, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000014218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "12c2ad36a59fda5ac4f7e97ff611728d0748ac359fca9b12f6d4f43519516487", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 26, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000000000000000000000000000000000000000000000000000000000000000266fbe727b2ba09e09f5a98d70a5efce8424c5fa425bbda1c511f860657b8535e", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "45aa9666757815e9974140d1b57191c92c588f6e5681131e0df9b3d241831ad4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 27, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000032f233395c8b07a3834a0e59bda43944b5df378852e560ebc0f22877e9f49bb4b", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "b90964c05e464c23acb747a4c83511e93007f7499b065c8e8eccec955d8731f4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 28, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000ffffffffffffffffffffffffffffffff3db772ad92db8699ceac1a3c30e126b866c4fefe292cf0c1790e55cee8414f18", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "8163c9dce8356f1df72b698f2f04a14db0263a8402905eee87941b00d8d677f5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 29, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000ffffffffffffffff0000000000000000ffffffffffffffff31cf13671b574e313c35217566f18bd2c5f758c140d24e94e6a4fda7f4c7b12b", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1a32749dcf047a7e06194ccb34d7c9538a16ddabeeede74bea5f7ef04979f7f7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 30, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff73b0886496aed70db371e2e49db640abba547e5e0c2763b73a0a42f84348a6b1", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "ab43917a64c1b010159643c18e2eb06d25eedae5b78d02fa9b3debacbf31b777", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 31, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000003ffffff0000003ffffff0000003ffffff0000003ffffff00000040000000f4d81575c8e328285633ccfd8623f04dd4ed61e187b3a6d7eac553aede7f850", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1648321c706651adf06643fc4ae06041dce64a82632ad44128061216cc9827ff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 32, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0001000242217b7059b3ddebc68e95443f6c109369e1f9323dd24852ac7612996b6e5601", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "fb866b2e4b1f9ed6b37847fc80a19a52e1e91b75d713b0d4f6b995d2d3c75cfe", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 33, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004210c790573632359b1edb4302c117d8a132654692c3feeb7de3a86ac3f3b53f75f450dbbf718a4f6582d7af83953170b3037fb81a450a5ca5acbec74ad6cac89", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1908ae936f53b9a8a2d09707ae414084090b175365401425479b10b8c3e8d1ba", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 34, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200044218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee37269a64bbcf3a3f227631c7a8ce532c77245a1c0db4343f16aa1d339fd2591a", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5e13b3dc04e33f18d1286c606cb0191785f694e82e17796145c9e7b49bc2af58", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 35, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200047fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff4b66003c7482d0f2fd7b1cb2b0b7078cd199f2208fc37eb2ef286ccb2f1224e7", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "3135a6283b97e7537a8bc208a355c2a854b8ee6e4227206730e6d725da044dee", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004800000000000000000000000000000000000000000000000000000000000000069d3cd0c70f1484d4b3bbbd680679ef477a22a07df085634f117c41c08bf1230", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "62959089a7ed477c22cb4f1c7787327318fccca25e5aa3e44688a282931ab049", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000003ffffff0000007fffffe000000ffffffc000001ffffff800000400000130f69b6e95a3303214a73ad982a1f3ee169d7ecf958de7b0bca8a9ffa3b8e8b3", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "04fda5c00a396fad6b809a8843de573e86b0403d644995c83313da51fb1f5880", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ff00000001fffffffc00000007fffffff00000001fffffffc00000008000000056951ead861aa8ec7a314fcd54f905bd92c910786375eb7ee5f3a55f8aa87884", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "bbd9937bb51d27f94ecaea29717df789afeac4414e3ef27bb2e6fa7259182e59", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff63a88b2e0c8987c6310cf81d0c935f00213f98a3dad2f43c8128fa313a90d55b", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "bbd9d305b99ff3db56f77fea9e89f32260ee7326040067ce05dd15e0dcc13ed8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 40, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffffffff00000000000000ffffffffffffff000000000000010000000000000066a4456ca6d4054d13b209f6d262e6057ad712566f46e9e238e894deebe3d3aa", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "4ffb2c7962e32d5365f98f66be6286724d40d5f0333ba4fc943c0f0f06cdbb1f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 41, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004800000000000000000000000009fa2f1ffffffffffffffffffffffffffffffff07ed353c9f1039edcc9cc5336c034dc131a4087692c2e56bc1dd1904e3ffffff", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "7c07b199b6a62e7ac646c7e1dee94aca55de1a97251ddf92fcd4fe0145b40f12", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 42, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480000000000000000000000000a3037effffffffffffffffffffffffffffffff0000031a6bf344b86730ac5c54a7751aefdba135759b9d535ca64111f298a38d", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5206c3de46949b9da160295ee0aa142fe3e6629cc25e2d671e582e30ff875082", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 43, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480000000000000000000000000a3037efffffffffffffffffffffffffffffffffffffce5940cbb4798cf53a3ab588ae510245eca8a6462aca359beed0d6758a2", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5206c3de46949b9da160295ee0aa142fe3e6629cc25e2d671e582e30ff875082", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 44, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480000000000000000000000001126b54ffffffffffffffffffffffffffffffff4106a369068d454ea4b9c3ac6177f87fc8fd3aa240b2ccb4882bdccbd4000000", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "e59ddc7646e4aef0623c71c486f24d5d32f7257ef3dab8fa524b394eae19ebe1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 45, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000000000000000000000000124dcb0ffffffffffffffffffffffffffffffff0000013bc6f08431e729ed2863f2f4ac8a30279695c8109c340a39fa86f451cd", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "8a8c18b78e1b1fcfd22ee18b4a3a9f391a3fdf15408fb7f8c1dba33c271dbd2f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "edge cases for ephemeral key", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000000000000000000000000124dcb0fffffffffffffffffffffffffffffffffffffec4390f7bce18d612d79c0d0b5375cfd8696a37ef63cbf5c604790baa62", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "8a8c18b78e1b1fcfd22ee18b4a3a9f391a3fdf15408fb7f8c1dba33c271dbd2f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "point with coordinate x = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000014218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "f362289d3a803d568a0a42767070d793bd70891fb5e03b01413b6d3f1eb52ff8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "point with coordinate x = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000422b961ed14f6368903feeb42d63d37bd11302893e8ff64c1a8e7fd0731439bb6981a712063bfba34d177412bb284c4361953decf29bbde0185a58bd02f3be430", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "bae229e6d001fd47741aeee860048a855432076fe270f632f46d1301022b6452", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "point with coordinate x = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042f9245bac6fa959b4f02773e21411f48b74f9806fe4d32e36bdf9ab02814f3535745da334d06bafe2d83c235f0c7a29f8f042722ec34e53aa96d97a331a733ef", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "e90b9e81bd013d349f70fde1b51bad04c581011c68f0c2053ac91dc8187abb9a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200041e396a2525bc3fb00af898b06bb87c1d674fc0662b867ffac08eb0dba2146c21a8b8429f11803649be34ae515c173a43ba74f13ebbd0e261011c162e573599b4", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "de7cde6b5806a325da845e9a191e18377868636e5ef1f5fa08e756c02d6fd4de", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 51, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004452158303b37ff9bebca720ea1085efaa4f859db950a99fccd9d2d179273abb108a9083f8075005943bd68c566ec1f2f067664da9212ec1833799bba881d8e8b", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "96328fa84038a63c817ef7cd13b79794a2db467dd3bd8769df782adace3c82eb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 52, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200045a2a401666e0f1978c6f30aec53fee58b4c4f75e7c1a00156a36ad27c0a5a295658577e657223b8c20c826243b5ae2ca0f6148c2529ec6d60ec260916641d8fa", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "b6699fe9a18c2d0d14e95405133e000b167dc2e5451dcdf09ade49ba0db213eb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 53, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b2cd039500bcf460e24fd80383b60eb81a56f467077e768231553a0fa0dafcc81d4a1b8fd88b3b23f2d503285c9d72bba448c15bc016c620f707599a129546ae", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "7a23aee5b0fed16638f0e2eb05fba1fd44167d496ebeb274db218593b4ea201c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 54, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000403cf500d838c9fcb97d8ddba2466ec6e474498315d6c2a43110308f22459d49b07875aaed2edabed842fb1608ca706bd39d6021a60bc270947c12053c9dbafa1", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "d8aef4c5c8b60886d7f33cdd2390c21311e69f606dc777dc41c43a461995c315", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 55, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040b6f2cb62954f994564e1419cf9d5982ec6511e7fa7e17f9685e019949906df2fb429b0554a25a4a0c510270d3cc73e6cfec9bc2e63cbd2b7aa0db98e1f330cd", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "4c0892bacd983ec0013f477d94d8fb850585eff2197b53d566a9926bd898d948", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 56, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200043025b046f4a70e06330f3b14c4fa3ec1e04fe19ed8c90352dc6ff5627ca7b3b3a264d5ad9f06d8487430f654f7dd8f6735fc836ef48d6d4d4996a9c20af320ee", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "6e2119935a5c2521182a701d5a13215a7dfb8a1f001b3887e8ae51bf259b180b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 57, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200047d3b8428c80299a4ff1d96ed75a5a44629fd0313c097c478e55f2fa0ae45b691bb4963b5cc095abe5dcfe98399317fd5ad59f3674c07063a9123a2aa24814585", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "2b8b0d4eee83d1c4b1f2a67144fef78e7faa86e6d5d6a8b72b359c4f373adb71", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 58, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fb77841884d30fa5b73ad21d0a5ae40c53a9faa5d325699436338cee4ba213697bd732d47c86dcd63691097b1999c9f0a660a9c3d613671039cf1763467d8140", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "58dbf6ad5e791956e8635427252cf5e518bd10ed2a936a1f3747ba4ea7983274", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200049aef51383a556cf317fe68bea6a85a254825ec5b3f1358aea209a43ca38c66351aee1a91aeb2a4dcad739722f44c437dfd32731f0862dd751b80bd88d0969bd6", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "123b494058dec32fb74fdeb1aa9a4d52bfddf2d90b9b46edbcf4cc95ea736251", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042769df335132f2025e64104804678737860ee66e07e675f720e7d4ef5c38a2c281f80c3b6d47db0a412e6edd3c5bf48accac1497b59e13b15dfc2cd15e6ae47a", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "af4b79efc450630b8c027697e2376f14842babad81bd68592c37279a9fc41ab6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000461b8c48750735a6b5cc45b691906e5cc292d5969bb1d6ff90ff446d94811ce7c2853977419cba2b92cc574abce030473eb008350566d7eaa24cb9daad70710ed", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "08b4326b42d817e2f8bc09f26f49b720afcede10236d0a25e7e9518eac96e3bd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000416eeabc802e3409b7c7b3e7607b7166243fc1746294948fc8123b399cfb89962fcbf0bf8a5191ce958dd5ea3ab633c090d1259fbd9a977fde0cc212d5b3b9858", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "52505bfea9d066f0aa9008e8382382c7d48460d76f2962e509482b6eb56e0ac5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000463b1d99491b46cee7e186a243bce1cc386297571850a10d9a2962d769a411c616345e28532cac39960a2f12bbd03205b77464a80a0416446e6ff85851a009f64", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "1e6464f78fbedecd821a4fa04d7e8f1364d324be24d12212994683fc2b6bb1a2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000475c78ae9c94613dd051eed7dd7df66a081cd0ac27cf65e4ef0ea826276c5efcfa92ed1c4ffbb84301f5bb1c6bc9e14c6e6dad1e04a287826528478f9ae1609c2", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "b4fcb72d1f81db211dd94039a1368c2c4effd1efe832f1a1db2dae5253c27303", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004072838e4f972d4a65d258dbc32a530fde2e873537b5a4aa707cf81cecc0f7ff12e4b608b9e321c9db72cf4d9ba4b3c2c13756040d77af6bd251bc24cf18676f1", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "f4f4926b6f64e47abeadbdc5a8a67706a42e00774e1cc5afda7d57ced6423b39", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200044301f54b3592d1ea2a40989c94261d2b1d1fe297ed6ed64125ee241de05d004bc79014f156e9b7bfb36b8ad2d66d55f3a753829a9ddb86055bb9166dd3aff457", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "fdc15a26abbade3416e1201a6d737128a2f897f0d88108645453a1b3ddd05688", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000436b0f66bf5f9fd4b2df9cdae2af873a075c55497d7fec4737a7c9643c2c76fe5da9f7287b3cd4e5f05b9a1a4f64e8a8d96c316e452594d02a4592a2107ece90b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e36348e3a464bc518384806c548e156edd994cb6946473c265a24914d5559f1c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000482abb58afb62d261878bdee12664df1499b824f1d60fb02811642cb02f4aff5d30719835d96f32dc03c49d815ffa21285733137f507ce316cec65ca562ce2ad0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7d65684bdce4ac95db002fba350dc89d0d0fc9e12260d01868543f2a6c8c5b8d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 69, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200047de7b7cf5c5ff4240daf31a50ac6cf6b169aad07d2c5936c73b83ee3987e22a1940c1bd78e4be6692585c99dc92b47671e2ccbcf12a9a9854c6607f98213c108", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6ec6ba2374ab0a9ae663f3f73671158aaabac3ac689d6c2702ebdf4186597a85", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 70, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000406fa93527294c8533aa401ce4e6c8aeb05a6921bc48798a8e20a0f84a5085af4ec4828f8394d22de43043117b8595fb113245f7285cb35439389e8547a105039", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6d6e87787d0a947ecfbf7962142fde8ff9b590e472c0c46bbc5d39020e4f78a7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 71, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048a4f625210b448dc846ad2399b31cd1bc3f1788c7bed69cc1cb7aac8ab28d5393007c6f11f3e248de651c6622de308ee5576be84ef1ed8ed91fd244f14fc2053", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "56ea4382f8e1abfcb211989f500676449abcebfe2cd2204dd8923deb530a6c7b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 72, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004885e452cbb0e4b2a9768b7596c153198a922dabbb8d0ca1dc3faf4f097f09113be9aaa630918d5056053ecf7388f448b912d9ccfbed80d7ca23c0e7991a34901", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2c362c27b3107ea8a042c05cc50c4a8ddaae8cdc33d058492951a03f8d8f8194", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e226df1fcf7c137a41c920ff74d6204faa2093eeffc4a9ee0a23fb2e994041c3457107442cc4b3af631c4dfb5f53e2c5608bed04ff6653b771f7cd4670f81034", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0188da289ce8974a4f44520960fae8b353750aca789272e9f90d1215bacdd870", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f53ead9575eebba3b0eb0d033acb7e99388e8590b4ad2db5ea4f6bd9bde16995b5f3ab15f973ca9e3aa9dfe2914eebbd2e11010b455513907908800396fb9d1a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f78bd7ff899c81b866be17c0a94bec592838d78d1f0c0cf532829b6c464c28ac", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004882773ec7e10605c8f9e2e3b8700943be26bcc4c9d1fedf2bdcfb36994f23c7f8e5d05b2fdd2954b6188736ebe3f5646602a58d978b716b5304ea56777691db3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "99f6151fba28067eac73354920fcc1fa17fea63225a583323cb6c3d4054ecaca", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 76, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a60b6458256b38d4644451b490bd357feade7bb6b8453c1fc89794d5a45f768d81eee90548a59e5d2cecd72d4b0b5e6574d65a9d837c7c590d1d125ee37c4d51", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "68ca39de0cec2297529f56876bc3de7be370f300e87c2b09cdbb5120382d6977", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cbb0deab125754f1fdb2038b0434ed9cb3fb53ab735391129994a535d925f6730000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "af306c993dee0dcfc441ebe53360b569e21f186052db8197f4a124fa77b98148", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000424800deac3fe4c765b6dec80ea299d771ada4f30e4e156b3acb720dba37394715fe4c64bb0648e26d05cb9cc98ac86d4e97b8bf12f92b9b2fdc3aecd8ea6648b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "aa7fc9fe60445eac2451ec24c1a44909842fa14025f2a1d3dd7f31019f962be5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048f33652f5bda2c32953ebf2d2eca95e05b17c8ab7d99601bee445df844d46a369cf5ac007711bdbe5c0333dc0c0636a64823ee48019464940d1f27e05c4208de", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "082a43a8417782a795c8d4c70f43edcabbc245a8820ac01be90c1acf0343ba91", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004146d3b65add9f54ccca28533c88e2cbc63f7443e1658783ab41f8ef97c2a10b50000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "70810b4780a63c860427d3a0269f6c9d3c2ea33494c50e58a20b9480034bc7a0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b0344418a4504c07e7921ed9f00714b5d390e5cb5e793bb1465f73174f6c26fe5fe4c64bb0648e26d05cb9cc98ac86d4e97b8bf12f92b9b2fdc3aecd8ea6648b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a7d34ee25fbb354f8638d31850dab41e4b086886f7ed3f2d6e035bceb8cab8a0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048a98c1bc6be75c5796be4b29dd885c3485e75e37b4ccac9b37251e67175ff0d69cf5ac007711bdbe5c0333dc0c0636a64823ee48019464940d1f27e05c4208de", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3f09cbc12ed1701f59dd5aa83daef5e6676adf7fd235c53f69aeb5d5b67799e0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a034200041fe1e5ef3fceb5c135ab7741333ce5a6e80d68167653f6b2b24bcbcfaaaff5070000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e04e881f416bb5aa3796407aa5ffddf8e1b2446b185f700f6953468384faaf76", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042b4badfc97b16781bcfff4a525cf4dd31194cb03bca56d9b0ce96c0c0d2040c05fe4c64bb0648e26d05cb9cc98ac86d4e97b8bf12f92b9b2fdc3aecd8ea6648b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "adace71f40006c04557540c2ed8102d830c7f638e2201efeb47d732da79f13d9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "point with coordinate y = 1", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e633d914383e7775d402f5a8f3ad0deb1f00d91ccd99f348da96839ea3cb9d529cf5ac007711bdbe5c0333dc0c0636a64823ee48019464940d1f27e05c4208de", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b8cbf0968fb70d391059d090b30d1c4edcd2dad7abbf7aa4ad452f5a4644a7be", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d1c1b509c9ddb76221a066a22a3c333fee5e1d2d1a4babde4a1d33ec247a7ea30162f954534eadb1b4ea95c57d40a10214e5b746ee6aa4194ed2b2012b72f97d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "07257245da4bc26696e245531c7a97c2b529f1ca2d8c051626520e6b83d7faf2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004755d8845e7b4fd270353f6999e97242224015527bf3f94cc2c693d1b6ba12298604f8174e3605b8f18bed3742b6871a8cffce006db31b8d7d836f50cfcda7d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d6aa401b9ce17ecf7dd7b0861dfeb36bb1749d12533991e66c0d942281ae13ab", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c6f9fc8644ba5c9ea9beb12ce2cb911c5487e8b1be91d5a168318f4ae44d66807bc337a1c82e3c5f7a2927987b8fae13627237d220fafb4013123bfbd95f0ba5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f43bfe4eccc24ebf6e36c5bcaca47b770c17bcb59ea788b15c74ae6c9dd055a1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d3179fce5781d0c49ce8480a811f6f08e3f123d9f6010fbf619b5d868a8ea833ddf9a666bf0015b20e4912f70f655ef21b82087596aa1e2f1e2865350d159185", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "009bc3abb3cf0aca214f0e8db5088d520b3d4aadb1d44c4a2be7f031461c9420", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200049e098095463c91ac7107a920ccb276d45e1f7240ef2b93b957ee09393d32e001503af4a2e3b26279564fed8e772a043e75630e4e3859976ede88ffcf16f5ca71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8bcb07a3d0fa82af60c88a8d67810ebca0ea27548384e96d3483310212219312", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bf3034a9935182da362570315011544ac2ce8a9c22777c2fc767ac9c5c0daeebcf333562f3e018892374353674de8490fc9d30426598eb600779154baf2aec17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a09ddc7cfe023acd9571ef0754010289c804678c043f900f2691dd801b942ed4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004709c7179c2bb27ce3985ba42feb870f069dacead9294c80557be882fb57790481e6fe2c1a715163efaf86ea8b1e55ea5742d6b042e6cbf8acc69c99f8271a902", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "da98054d51ac9615e9d4f5ceda1f1bad40302ac11603431efec13ab50e32fcf2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004264c00a2d92514a6dbe655de3c71a5740cec4fcb251aa48ca6745dbea6f5f7cfc1d5ee9fc3ce49fd4509d33c4dcfcc1a20a660529fa9ebd6e6afc3d5c84c72bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d60795d8f310b155726534b8be3d0b8a7bc2ced468c6e64c8b9ae087b33ee00b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a12124606bcbbb33cecec7fc8d78b3897192ca851560c539e47dd276c63bd3c2f20a0ca618ba0131a2e373f31f73b3f55e9188d46fddbc6387e32aefb9f3ba12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "675fef8f5680bf76220e91362613944099046b0ba07e5824e93f3e3cc2cc2758", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004244b7afe7f31289f9d6aaeb7f70d29a7b49a228c7bb202764aba94daaaa3332270c60975748f0c749a8b0f8fc1e222ddcbd3384f6d68f0b6b6ff679b435cdcb1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "76b439f8ea7b42f11cd59e6d91b2d2a72577c185386b6af6639be8e3864a7f27", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 96, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042ac29db2ebc4fa9473b42bd335a60226579cc186b2c676a3b01bc60e589616165aa9c0d1b240e6dd4211e3235425634b278ad88fede0337d5acf3136587d8413", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "56e63fa788121d5efa0ce3caf4605af18d48c631496cdfa862c43ecf5e5fc127", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 97, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e62aee5205a8063e3ae401d53e9343001e55eb5f4e4d6b70e2b84159cf3157e64ba2e420cabc43b6e8e86590fc2383d17827dd99a60c211f190a74269100c141", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "cff3b5e19ed67e5111dd76e310a1f11d7f99a93fbe9cc5c6f3384086cacd1142", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000431dce6de741f10267f2e8f3d572a4f49be5fe52ff7bff3c3b4646f38076c06752702a515a9a50db1d86fd42aea0834daeb62be03d0cd9033f84b9c4b56a19f12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e29483884a74fb84f4601654885a0f574691394f064ea6937a846175ef081fc5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200046518cd66b1d841e689d5dc6674c7cc7d964574d1490fff7906bd373494791599104277170692fa6bf2270580d56d1bc81b54f477d8ab6c3f5842650ac7176d71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9c6a4bcb2fc086aca8726d850fa79920214af4c151acea0fcf12a769ad1f3574", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004952a88ce31ad4cb086978e6c5621c3d8023b2c11418d6fd0dcef8de72123efc15d367688fde5e082f097855a0c0adc305dd6cf46f50ca75859bb243b70249605", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "34b7abc3f3e36e37e2d5728a870a293a16403146ca67ff91cbabeee2bb2e038b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042a43f33573b619719099cf54f6cccb28d16df3992239fadf79c7acb9c64f7af0f4d1d22af7187c8de1b992a4046c419b801cde57d638d30f2e1ac49353117a20", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9bd1284f1bcb1934d483834cae41a77db28cd9553869384755b6983f4f3848a0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200041b1b0c75408785e84727b0e55e4ba20d0f2599c4ed08482dc1f3b5df545691380162f954534eadb1b4ea95c57d40a10214e5b746ee6aa4194ed2b2012b72f97d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "167e3db6a912ac6117644525911fc8872ed33b8e0bbd50073dd3c17a744e61e0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200044dd1283bccd36cc3402f3a81e2e9b0d6a2b2b1debbbd44ffc1f179bd49cf0a7e604f8174e3605b8f18bed3742b6871a8cffce006db31b8d7d836f50cfcda7d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7c3020e279cb5af14184b4653cc87c1ddd7f49cd31cd371ae813681dd6617d0e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a499dbf732e438be0eb084b9e6ad879dd7a2904bbb004b40027969a171f2d4267bc337a1c82e3c5f7a2927987b8fae13627237d220fafb4013123bfbd95f0ba5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "acfdff566b8b55318869fa646f789f8036d40b90f0fc520ae2a5a27544f962c0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 105, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004adcf0ffba9cb6ef0c8031c4291a434b18d78f42e45e62ba01fbe91f9273f0ad1ddf9a666bf0015b20e4912f70f655ef21b82087596aa1e2f1e2865350d159185", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5c6b01cff4e6ce81a630238b5db3662e77fb88bffdde61443a7d8554ba001ef2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 106, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000421712725d9806acf54d3a6c82bf93c0fe249268ca9f42eceac19e93a5eab8056503af4a2e3b26279564fed8e772a043e75630e4e3859976ede88ffcf16f5ca71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e7281d12b74b06eecb273ec3e0d8fe663e9ec1d5a50c2b6c68ec8b3693f23c4c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 107, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200041e02176824bd31eabdce03a9403c7d3c2ac631f9b0e88d9a924701c1b2f29b85cf333562f3e018892374353674de8490fc9d30426598eb600779154baf2aec17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "80643ed8b9052a2e746a26d9178fe2ccff35edbb81f60cd78004fb8d5f143aae", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 108, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000463e7a1af36d6b540a49276aac3fec9cb45ed6bab167c06b0419a77b91399f6181e6fe2c1a715163efaf86ea8b1e55ea5742d6b042e6cbf8acc69c99f8271a902", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "75873ac544ad69d3ddc5c9cffe384d275e9da2949d6982da4b990f8bf2b76474", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 109, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200041e265ab5b7f7199470e532653d2a7b9a8b728970b838137c9692ed0692897b2ac1d5ee9fc3ce49fd4509d33c4dcfcc1a20a660529fa9ebd6e6afc3d5c84c72bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "355c9faca29cf7cc968853ee29ffe62d1127fcc1dc57e9ddaf0e0f447146064e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 110, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000454d2a4394c109fcbd3cb9886fec3add51ba4d2e44e1d5676e4b98f0c13655fc5f20a0ca618ba0131a2e373f31f73b3f55e9188d46fddbc6387e32aefb9f3ba12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "fc175a5ef18595b69e45be2cda8ae00d9c8bdbefbcf7f692f91cefdc560e4722", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 111, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000493f1459207fb09c6f0a88c398ac80d1052a4cd33e7eef5687da99ab97c6024b770c60975748f0c749a8b0f8fc1e222ddcbd3384f6d68f0b6b6ff679b435cdcb1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "46559146a93aae904dbcaaaa07e6cd1bb450f1b37c83929a994b45792333d5f6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 112, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200041fa049a1892b679857c6dff08af19db70cbc99b6f2d7bc51a341fe79d1647f4a5aa9c0d1b240e6dd4211e3235425634b278ad88fede0337d5acf3136587d8413", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c64b07119054a37961c0a177158256081b38b0087b307e0cad7e30d790ceb0ce", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 113, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000484e0b192d60abf531e828e887d366d869e1033a16e9c7f1167458c8134c10fba4ba2e420cabc43b6e8e86590fc2383d17827dd99a60c211f190a74269100c141", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bea8cfc0bee8571ccf0c525654ef26d1fc782bb22deccf67ea4ea0803dc15daf", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 114, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042f9707c67118724111efbbbbf06b623ab2ffd9259ddc354fcaaf81ba01f6fa7b2702a515a9a50db1d86fd42aea0834daeb62be03d0cd9033f84b9c4b56a19f12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "60451da4adfe5bb393109069efdc84415ec8a2c429955cbf22a4340f8fc48936", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 115, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ac1fbbe42293a9f9ae104ee2da0b0a9b3464d5d8b1e854df19d3c4456af8f9a6104277170692fa6bf2270580d56d1bc81b54f477d8ab6c3f5842650ac7176d71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d68e746f3d43feac5fd4898de943dc38205af7e2631ed732079bbfc8ab52511c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 116, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bae10cf93ff7b72d6ed98519602e9f03aa40303fa0674fb3ddee7d2db1c92bb25d367688fde5e082f097855a0c0adc305dd6cf46f50ca75859bb243b70249605", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "28daeaadc609386d770dff4c7120b2a87cab3e21fdb8a6e4dc1240a51d12e55c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 117, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004edb4288cf5567673d50a1cd9e6bea45317823f30383f60d9bc3b9ee42ac29871f4d1d22af7187c8de1b992a4046c419b801cde57d638d30f2e1ac49353117a20", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bb4110b734c8ef8a08bb6011acb35cbda9ae8e2ef6c4d0862576a68792667bb9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 118, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000413233e80f59ac2b59737e87877782ab3027c490df8ac0bf3f3ef1633872eec540162f954534eadb1b4ea95c57d40a10214e5b746ee6aa4194ed2b2012b72f97d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e25c50037ca1913851b9758752659fb61c02d2a7c6b6aae29bda301907d99f5d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 119, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200043cd14f7e4b779615bc7ccee47e7f2b07394bf8f98503263411a549264a8fcf19604f8174e3605b8f18bed3742b6871a8cffce006db31b8d7d836f50cfcda7d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ad259f01e953263f40a39b14a538d076710c19207af936feabdf03bda7f067a5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 120, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004946c278288616aa34790ca193686e745d3d58702866ddf1e95550711a9bfbdb87bc337a1c82e3c5f7a2927987b8fae13627237d220fafb4013123bfbd95f0ba5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5ec6025ac7b25c0f095f3fdee3e2e508bd1437b9705c2543c0e5af1c1d363ffd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 121, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200047f195035feb2c04a9b149bb2ed3c5c458e95e7f7c418c4a07ea6107e4e32455addf9a666bf0015b20e4912f70f655ef21b82087596aa1e2f1e2865350d159185", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a2f93a84574a26b43880cde6ed440c7f7cc72c92504d5271999a8a78ffe3491d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 122, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000440855844e04303843a24b01707544d1bbf97673266e03d77fbf80d8b64219bd8503af4a2e3b26279564fed8e772a043e75630e4e3859976ede88ffcf16f5ca71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8d0cdb4977ba7661d41036aeb7a5f2dd207716d5d76eeb26629043c559ec2900", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 123, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000422cdb3ee47f14b3b0c0c8c256fb22e79126b436a2c9ff635a65151a0f0ffb1bfcf333562f3e018892374353674de8490fc9d30426598eb600779154baf2aec17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "defde4aa48f89b03f623ea1f946f1aa938c5aab879ca6319596926f085578edc", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 124, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042b7becd7066e22f121e7cf123d48c5445037c5a756ef314a66a7001636ee75cf1e6fe2c1a715163efaf86ea8b1e55ea5742d6b042e6cbf8acc69c99f8271a902", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "afe0bfed69a600163865406127a8972b613232aa4c933a06b5a5b5bcff1596f8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bb8da4a76ee3d1c4b33477bc8663def167a126c422ad47f6c2f8b539c6808936c1d5ee9fc3ce49fd4509d33c4dcfcc1a20a660529fa9ebd6e6afc3d5c84c72bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f49bca7a6a5256ddf712775917c30e4873153469bae12fd5c5571031db7b1205", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 126, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040a0c37664823a5005d659f7c73c39ea172c862969c81e44f36c89e7c265ec8a8f20a0ca618ba0131a2e373f31f73b3f55e9188d46fddbc6387e32aefb9f3ba12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9c88b611b7f9aad33fabb09cff618bb1ca6fb904a289b1481da3d1e4e72589e4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 127, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000447c33f6f78d3cd9971ecc50e7e2ac947f8c1103f9c5f0821379bd06ad8fca45670c60975748f0c749a8b0f8fc1e222ddcbd3384f6d68f0b6b6ff679b435cdcb1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "42f634c06c4a0e7e956db6e86666603d26374cc74b11026f0318d1a25681a712", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 128, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b59d18ab8b0f9dd33484f43c3f6860229ba6a4c25a61cd0aaca23b76d60566cf5aa9c0d1b240e6dd4211e3235425634b278ad88fede0337d5acf3136587d8413", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e2ceb946e7993f27a4327abdf61d4f06577e89c63b62a24aefbd905710d18669", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 129, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000494f4601b244d3a6ea6996fa244364f794399e0ff4316157db6023222fc0d90be4ba2e420cabc43b6e8e86590fc2383d17827dd99a60c211f190a74269100c141", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "71637a5da2412a921f1636c69a6ee81083ee2b0e13766ad122791ef6f771896d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 130, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200049e8c115b1ac87d986ee1b506b86a4e7b8ea041aa6a63d6ec80ec0f0cf69cfb3f2702a515a9a50db1d86fd42aea0834daeb62be03d0cd9033f84b9c4b56a19f12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bd265ed3078ca8c7788f594187c96c675aa623ecd01bfcad62d76a7881334f63", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 131, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004eec776b52b94141fc819d4b6b12d28e73555b5560507aba7df6f0484008de91f104277170692fa6bf2270580d56d1bc81b54f477d8ab6c3f5842650ac7176d71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8d073fc592fb7aa6f7b908ed07148aa7be5a135c4b343ebe295198cba78e71ce", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 132, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aff46a388e5afc220a8eec7a49af9d245384a3af1e0b407b4521f4e92d12dceb5d367688fde5e082f097855a0c0adc305dd6cf46f50ca75859bb243b70249605", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a26d698e4613595aa61c8e2907d5241d6d14909737df59895841d07727bf1348", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 133, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e807e43d96f3701a9a5c13d122749084170fcd36a586a446c9fcb4600eede4fdf4d1d22af7187c8de1b992a4046c419b801cde57d638d30f2e1ac49353117a20", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a8edc6f9af6bf74122c11ca1a50afbc4a3c4987bd0d1f73284d2c1371e613405", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 134, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004798868a56916d341e7d6f96359ae3658836e221459f4f7b7b63694de18a5e9247713fdb03a8de8c6d29ca38a9fbaa82e5e02bead2f9eec69b6444b7adb05333b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "17963de078996eb8503c7cc3e1a2d5147d7f0bfb251a020b4392033063587c8d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ff419909d8a8ce0a9416051f4e256208c1dc035581a53312d566137e22104e9877421ab01e00e83841b946dae5bb5a23973daa98fe1a8172883abcbedced7021", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "062799a19545d31b3ed72253bcde59762aa6104a88ac5e2fb68926b0f7146698", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 136, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200048b48119d7089d3b95cd2eaf8c85584fa8f5e56c4c4ccee7037d74cdbf88e571714c1aac5f0bf1b48a4abcf1d9291b9a8776a004380546a5a1c1f294690f61969", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9f42dd8fce13f8103b3b2bc15e61242e6820fe1325a20ef460fe64d9eb12b231", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 137, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e2888119379b5b2151bd788505def1d6bd786329431caf39705d9cbf96a42ea43bb7328839d2aecac64b1cdb182f08adccaac327ed008987a10edc9732413ced", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d1b204e52d1fac6d504132c76ca233c87e377dcc79c893c970ddbb9f87b27fa0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 138, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200046dcc3971bd20913d59a91f20d912f56d07e7f014206bef4a653ddfe5d12842c39b51b17b76ea6cc137eebd93c811e636d8ae26c70d064650f7205a865d01a6ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c8d6bd28c1e65ae7c7a5debe67a7dfaf92b429ede368efc9da7d578a539b7054", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 139, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200047ebea45854569a1f7ea6b95b82d6befefbf6296ebc87c810b6cba93c0c1220b23f1874fa08a693b086643ef21eb59d75562da9422d13d9a39b0b17e241b04d32", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0d1f905cc74720bde67ae84f582728588c75444c273dae4106fa20d1d6946430", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 140, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ceab5937900d34fa88378d371f4acaa7c6a2028b6143213413f16ba2dc7147877713fdb03a8de8c6d29ca38a9fbaa82e5e02bead2f9eec69b6444b7adb05333b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3f014e309192588fa83e47d4ac9685d2041204e2eaf633a1312812e51ae74cbd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 141, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a4ffea5e25f75e4f689c81084a35c1220e8e6b914c482f4a2e8f93cffca6964777421ab01e00e83841b946dae5bb5a23973daa98fe1a8172883abcbedced7021", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "68b404d556c82004c6c4bba4518ec00b1d4f1161cafe6c89aeb8494a9ba09db5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 142, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004de8809ea0ecce1d24a0431429510383a6f6e5a1c51cea32d830c6c353042603e14c1aac5f0bf1b48a4abcf1d9291b9a8776a004380546a5a1c1f294690f61969", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c331ade7a457df7f12a2f5c43d7ea9486c1563b81cd8a0f23f923c1a9fa612e3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 143, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004566209f174d6bf79720b70edb27e51350beeb2b0bcd083bbae7214f71cf824d43bb7328839d2aecac64b1cdb182f08adccaac327ed008987a10edc9732413ced", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "17b5c7a311eea9d2ab7571f8b9f848d4705997cf3eaf9bdcbe0e34a670f81f45", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 144, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cc3181c0127137536ceec94fd45996657df72e0f97c44b9dad14763ce506e9dc9b51b17b76ea6cc137eebd93c811e636d8ae26c70d064650f7205a865d01a6ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2f0e4eccbc4518ace558e06604f9bff4787f5b019437b52195ecb6b82191a6ae", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 145, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d7052a1eeafc0e78d79e7f26003aa0a409287cf476007df28d281b142be1a0e23f1874fa08a693b086643ef21eb59d75562da9422d13d9a39b0b17e241b04d32", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7494d864cb6ea9c5d982d40a5f103700d02dc982637753cfc7d8afe1beafff70", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 146, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b7cc3e2306dbf7c38ff179658706feffb5efdb6044c7e71435d7ff7d0ae8c7b37713fdb03a8de8c6d29ca38a9fbaa82e5e02bead2f9eec69b6444b7adb05333b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a96873eef5d438b807853b6771c6a5197e6eef21efefca538b45e9e981c032e5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 147, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200045bbe7c98015fd3a6034d79d867a4dcd52f95911932129da2fc0a58afe149137f77421ab01e00e83841b946dae5bb5a23973daa98fe1a8172883abcbedced7021", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9124618913f20cdffa642207f192e67eb80ade53ac5535469abe90036d4af7e2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 148, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004962fe47880a94a745928e3c4a29a42cb01334f1ee9646e62451c46ecd72f410914c1aac5f0bf1b48a4abcf1d9291b9a8776a004380546a5a1c1f294690f61969", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9d8b74888d942870b221de7a642032892bc99e34bd8550195f6f5f097547334a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 149, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c71574f5538de5653c37168d47a2bcf43698ea260012cd0ae1304e474c63a4e63bb7328839d2aecac64b1cdb182f08adccaac327ed008987a10edc9732413ced", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "16983377c0f1a9c004495b3fd9658363116eea644787d059d1140fb907555d4a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 150, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c60244ce306e376f3968178f5293742d7a20e1dc47cfc517edada9db49d0cbbf9b51b17b76ea6cc137eebd93c811e636d8ae26c70d064650f7205a865d01a6ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "081af40a81d48c6b530140db935e605bf4cc7b10885f5b148f95f1bc8ad2e52d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 151, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aa3c3188c0ad5767a9bac77e7ceea05cfae1599ccd77b9fcbc0c3badc80c36ca3f1874fa08a693b086643ef21eb59d75562da9422d13d9a39b0b17e241b04d32", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7e4b973e6d4a357c400243a648c8a0a6a35cf231754afdef312d2f4b6abb988f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 152, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200042cce8ddfe4827dc030ddf38f998b3f2ed5e0621d0b3805666daf48c8c31e75e5198d9ef4e973b6bdebe119a35faae86191acd758c1ed8accaf1e706ad55d83d7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0f0235da2a06c8d408c27151f3f15342ed8c1945aaf84ed14993786d6ac5f570", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 153, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000414bfc3e5a46b69881a9a346d95894418614ed91476a1ddce48676b7cbab9ba02f334d64f2caf561b063bc1f7889e937302a455ff685d8ae57cb2444a17dad068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5622c2fbe8af5ad6cef72a01be186e554847576106f8979772fa56114d1160ab", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 154, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bd442fa5a2a8d72e13e44fd2222c85a006f03375e0211b272f555052b03db750be345737f7c6b5e70e97d9fe9dc4ca94fb185f4b9d2a00e086c1d47273b33602", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bb95e0d0fbaad86c5bd87b95946c77ff1d65322a175ccf16419102c0a17f5a72", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 155, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040d7a3ff49bda6a587ed07691450425aa02d253ba573a16ad86c61af412dd3c770b6d3b9e570ba004877c9a69e481fe215de03a70126305a452826e66d9b5583e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "4510683c7bfa251f0cb56bba7e0ab74d90f5e2ca01e91e7ca99312ccff2d90b6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 156, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bdea5d2a3adde7df2e839ff63f62534b3f27cb191bb54dfa1d39cbff713ba9ed307d8f1d02c6f07146655e6383b0ef3035bee7067c336fdb91365e197a97b616", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "025485142ca1ced752289f772130fc10c75a4508c46bffdef9290ad3e7baf9ca", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 157, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d4c063e3c036f47c92f6f5470a26a835e1a24505b14d1b29279062a16cf6f489198d9ef4e973b6bdebe119a35faae86191acd758c1ed8accaf1e706ad55d83d7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9067932150724965aa479c1ef1be55544bed9fa94500a3b67887ed91ae3b81e5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 158, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a034200043cb9f07997756859e9b9a85b681fa50ee20357f535c1b311c4637d16b76b9ebff334d64f2caf561b063bc1f7889e937302a455ff685d8ae57cb2444a17dad068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f8084a89adccdc3aef89e5091a0f07d6160a66cb9575241100c1d39bf0549ae2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 159, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004793412ff636c08a2d0f6d60cc608e9a9098349a2501f91c95f692010bc1238b2be345737f7c6b5e70e97d9fe9dc4ca94fb185f4b9d2a00e086c1d47273b33602", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "4462558c89902117051cb2c599ad66f00887b54cae3da9c04d317a5b2afb463b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 160, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bd1eb0849e2e6a13d54b76518f11ba8775c2d7634d85152534bc7c3af4161efa0b6d3b9e570ba004877c9a69e481fe215de03a70126305a452826e66d9b5583e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "30b4741a64f87d28ec0029bd196b5a74555f2c9a976a46d628572474466a631d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 161, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004624b3b4ba993a8b938125689f6cf757392ee390d14a90fea6db944b5a8deb8d0307d8f1d02c6f07146655e6383b0ef3035bee7067c336fdb91365e197a97b616", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3afc04ac92117e50b0913b09dbbb4e6c780c051500201fad512b79080bff39e2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 162, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fe710e3c5b468dc33c2b17295c4e189b487d58dd437adf706ac05493cfea8df0198d9ef4e973b6bdebe119a35faae86191acd758c1ed8accaf1e706ad55d83d7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "609637048586edc64cf5f28f1a505768c686471110070d783de499ffe6fe84da", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 163, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ae864ba0c41f2e1dfbac2337025716d8bcadcef6539c6f1ff335176b8ddaa36ef334d64f2caf561b063bc1f7889e937302a455ff685d8ae57cb2444a17dad068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b1d4f27a6983c8ee417ef0f527d889d4a1ae41d3639244578c43d650c299fcd1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 164, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c987bd5af9eb202f1b24da2117ca90b6ef8c82e7cfbf530f71418f9a93b0085cbe345737f7c6b5e70e97d9fe9dc4ca94fb185f4b9d2a00e086c1d47273b33602", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0007c9a27ac5067c9f0ad1a4d1e62110da1318893a658729713d82e333855b82", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 165, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000435670f86c5f72b93abe4131d2bea1fce876ad4e25b40d42d447d68cff90ca0be0b6d3b9e570ba004877c9a69e481fe215de03a70126305a452826e66d9b5583e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8a3b23a91f0d5db8074a6a886889ee3e19aaf09b66ac9aad2e15c8bdba68085c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 166, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004dfca678a1b8e6f67996a097fc9ce37412de9fbd9cfa1a21b750cef48e5e595a1307d8f1d02c6f07146655e6383b0ef3035bee7067c336fdb91365e197a97b616", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c2af763f414cb2d7fd46257f0313b582c099b5e23b73e073b5ab7c230c45c883", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 167, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "03", + "shared" : "34005694e3cac09332aa42807e3afdc3b3b3bc7c7be887d1f98d76778c55cfd7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 168, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "shared" : "5841acd3cff2d62861bbe11084738006d68ccf35acae615ee9524726e93d0da5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 169, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "0100000000000000000000000000000000000000000000000000000000000000", + "shared" : "4348e4cba371ead03982018abc9aacecaebfd636dda82e609fd298947f907de8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 170, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "shared" : "e56221c2b0dc33b98b90dfd3239a2c0cb1e4ad0399a3aaef3f9d47fb103daef0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 171, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "008000000000000000000000000000000000000000000000000000000000000000", + "shared" : "5b34a29b1c4ddcb2101162d34bed9f0702361fe5af505df315eff7befd0e4719", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 172, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03abfd25e8cd0364141", + "shared" : "cece521b8b5a32bbee38936ba7d645824f238e561701a386fb888e010db54b2f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 173, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfc25e8cd0364141", + "shared" : "829521b79d71f5011e079756b851a0d5c83557866189a6258c1e78a1700c6904", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 174, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfca5e8cd0364141", + "shared" : "8c5934793505a6a1f84d41283341680c4923f1f4d562989a11cc626fea5eda5a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 175, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8bd0364141", + "shared" : "356caee7e7eee031a15e54c3a5c4e72f9c74bb287ce601619ef85eb96c289452", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 176, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03640c3", + "shared" : "09c7337df6c2b35edf3a21382511cc5add1a71a84cbf8d3396a5be548d92fa67", + "result" : "valid", + "flags" : [ + "AddSubChain" + ] + }, + { + "tcId" : 177, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364103", + "shared" : "d16caedd25793666f9e26f5331382106f54095b3d20d40c745b68ca76c0e6983", + "result" : "valid", + "flags" : [ + "AddSubChain" + ] + }, + { + "tcId" : 178, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364123", + "shared" : "b8ae1e21d8b34ce4caffed7167a26868ec80a7d4a6a98b639d4d05cd226504de", + "result" : "valid", + "flags" : [ + "AddSubChain" + ] + }, + { + "tcId" : 179, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364133", + "shared" : "02776315fe147a36a4b0987492b6503acdea60f926450e5eddb9f88fc82178d3", + "result" : "valid", + "flags" : [ + "AddSubChain" + ] + }, + { + "tcId" : 180, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413b", + "shared" : "3988c9c7050a28794934e5bd67629b556d97a4858d22812835f4a37dca351943", + "result" : "valid", + "flags" : [ + "AddSubChain" + ] + }, + { + "tcId" : 181, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "shared" : "34005694e3cac09332aa42807e3afdc3b3b3bc7c7be887d1f98d76778c55cfd7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 182, + "comment" : "edge case private key", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f", + "shared" : "4b52257d8b3ba387797fdf7a752f195ddc4f7d76263de61d0d52a5ec14a36cbf", + "result" : "valid", + "flags" : [ + "AddSubChain" + ] + }, + { + "tcId" : 183, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 184, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 185, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 186, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 187, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 188, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 189, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 190, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 191, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e0000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 192, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e0000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 193, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2efffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 194, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2efffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 195, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 196, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 197, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 198, + "comment" : "point is not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 199, + "comment" : "public key has invalid point of order 2 on secp256r1. The point of the public key is a valid on secp256k1.", + "public" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000ffffffffffffffffffffffff32d98e0d77dd0e543770ec994c0ae837e7bb36eb1d910b58a14a2a08dc182f83", + "private" : "3b25129f3410ec89cc6dc539fd7601873ba6abf72a6d023f1aa9041765430ee6", + "shared" : "1d3fc2b2e48b3e96c6323380fadb467825e69f5b9078a9e02173b477bc232cc1", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 200, + "comment" : "public key has invalid point of order 2 on FRP256v1. The point of the public key is a valid on secp256k1.", + "public" : "305b301506072a8648ce3d0201060a2a817a01815f6582000103420004f1fd178c0b3ad58f10126de8ce42435b3961adbcabc8ca6de8fcf353d86e9c03247e9edb2a633201dfc68fbd34556690db38ef76732f8a9052ee40d84e2ec35b", + "private" : "485dea32cd245db99d88e1852587c161b81abeabb151ad3fc1e4dd2f591e9936", + "shared" : "0a373d77057a50e3aad60b1e51bc017523dc2bdfef1c07cf4ed8393839224d0a", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 201, + "comment" : "", + "public" : "3015301006072a8648ce3d020106052b8104000a030100", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 202, + "comment" : "public point not on curve", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e4", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid", + "flags" : [ + "InvalidPublic" + ] + }, + { + "tcId" : 203, + "comment" : "public point = (0,0)", + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid", + "flags" : [ + "InvalidPublic" + ] + }, + { + "tcId" : 204, + "comment" : "order = -115792089237316195423570985008687907852837564279074904382605163141518161494337", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b80221ff000000000000000000000000000000014551231950b75fc4402da1732fc9bebf0201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid", + "flags" : [ + "WrongOrder", + "InvalidPublic", + "UnnamedCurve" + ] + }, + { + "tcId" : 205, + "comment" : "order = 0", + "public" : "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b80201000201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid", + "flags" : [ + "WrongOrder", + "InvalidPublic", + "UnnamedCurve" + ] + }, + { + "tcId" : 206, + "comment" : "order = 1", + "public" : "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b80201010201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "WrongOrder", + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 207, + "comment" : "order = 26959946667150639794667015087019630673536463705607434823784316690060", + "public" : "3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8021d00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8c0201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "WrongOrder", + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 208, + "comment" : "generator = (0,0)", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 209, + "comment" : "generator not on curve", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4ba022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 210, + "comment" : "cofactor = -1", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201ff0342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid", + "flags" : [ + "NegativeCofactor", + "InvalidPublic", + "UnnamedCurve" + ] + }, + { + "tcId" : 211, + "comment" : "cofactor = 0", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201000342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid", + "flags" : [ + "NegativeCofactor", + "InvalidPublic", + "UnnamedCurve" + ] + }, + { + "tcId" : 212, + "comment" : "cofactor = 2", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201020342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 213, + "comment" : "cofactor = 115792089237316195423570985008687907852837564279074904382605163141518161494337", + "public" : "308201553082010d06072a8648ce3d020130820100020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "LargeCofactor", + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 214, + "comment" : "cofactor = None", + "public" : "308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 215, + "comment" : "modified prime", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fb524ac7055bebf603a4e216abaa6a9ef8eb2bbea2cd820e59d46d8501f6268b304404200000000000000000000000000000000000000000000000000000000000000000042000000000000000000000000000000000000000000000000000000000000000070441040000000000000000000006597fa94f5b8380000000000000000000000000000f229ba06e5c03dbcba0eec01b4bcca549cda86e507e8813b5bb2b42df88f12f47022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020101034200040000000000000000000006597fa94f5b8380000000000000000000000000000f229ba06e5c03dbcba0eec01b4bcca549cda86e507e8813b5bb2b42df88f12f47", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "c5956b8cf7244e3c0457658a214210b358205cab12374d523ecf57895cecfeb0", + "result" : "invalid", + "flags" : [ + "ModifiedPrime", + "InvalidPublic", + "UnnamedCurve" + ] + }, + { + "tcId" : 216, + "comment" : "using secp224r1", + "public" : "304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid", + "flags" : [ + "InvalidPublic" + ] + }, + { + "tcId" : 217, + "comment" : "using secp256r1", + "public" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid", + "flags" : [ + "InvalidPublic" + ] + }, + { + "tcId" : 218, + "comment" : "a = 0", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable", + "flags" : [ + "UnusedParam", + "UnnamedCurve" + ] + }, + { + "tcId" : 219, + "comment" : "public key of order 3", + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042073043cb8cdc610a8de4dcf57a3b4590bef57e1de452e83b064ffe9a85cdd37a504204a66efbd68566769c436844436fef4a5018a345a82689c14519559fccbb9a21f04410470d7b8ee9e2424d0ddd39d5a3c308cf26c1c3f09a9708f81cb0f982121b4123dbd2d4cfd4fcce2c2a1b9f0891eb5d190f48f560124e8bef8363ae2f19fa2628c022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000470d7b8ee9e2424d0ddd39d5a3c308cf26c1c3f09a9708f81cb0f982121b4123d42d2b302b0331d3d5e460f76e14a2e6f0b70a9fedb174107c9c51d0d605d99a3", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid", + "flags" : [ + "WeakPublicKey", + "InvalidPublic", + "UnnamedCurve" + ] + }, + { + "tcId" : 220, + "comment" : "Public key uses wrong curve: secp224r1", + "public" : "304e301006072a8648ce3d020106052b81040021033a000450eb062b54940a455719d523e1ec106525dda34c2fd95ace62b9b16d315d323f089173d10c45dceff155942431750c00ca36f463828e9fab", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 221, + "comment" : "Public key uses wrong curve: secp256r1", + "public" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000406372852584037722a7f9bfaad5661acb623162d45f70a552c617f4080e873aa43609275dff6dcaaa122a745d0f154681f9c7726867b43e7523b7f5ab5ea963e", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 222, + "comment" : "Public key uses wrong curve: secp384r1", + "public" : "3076301006072a8648ce3d020106052b81040022036200040ef5804731d918f037506ee00b8602b877c7d509ffa2c0847a86e7a2d358ba7c981c2a74b22401ac615307a6deb275402fa6c8218c3374f8a91752d2eff6bd14ad8cae596d2f37dae8aeec085760edf4fda9a7cf70253898a54183469072a561", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 223, + "comment" : "Public key uses wrong curve: secp521r1", + "public" : "30819b301006072a8648ce3d020106052b81040023038186000400921da57110db26c7838a69d574fc98588c5c07a792cb379f46664cc773c1e1f6fa16148667748ede232d1a1f1cea7f152c5d586172acbeaa48416bcbd70bb27f0f01b4477e1ae74bf4f093184a9f26f103712ccf6ceb45a0505b191606d897edaf872b37f0f90a933000a80fc3207048323c16883a3d67a90aa78bcc9c5e58d784b9b9", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 224, + "comment" : "Public key uses wrong curve: secp224k1", + "public" : "304e301006072a8648ce3d020106052b81040020033a000456dd09f8a8c19039286b6aa79d099ff3e35ff74400437d2072fd9faa7f2901db79d793f55268980f7d395055330a91b46bf4a62c3a528230", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 225, + "comment" : "Public key uses wrong curve: brainpoolP224r1", + "public" : "3052301406072a8648ce3d020106092b2403030208010105033a00042c9fdd1914cacdb28e39e6fc24b4c3c666cc0d438acc4529a6cc297a2d0fdecb3028d9e4d84c711db352379c080c78659969bdc5d3218901", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 226, + "comment" : "Public key uses wrong curve: brainpoolP256r1", + "public" : "305a301406072a8648ce3d020106092b240303020801010703420004120e4db849e5d960741c7d221aa80fe6e4fcd578191b7f845a68a6fcb8647719a6fffb6165d8ec39389eecc530839c321b2e9040027fba5d9cb9311df7cd3d4d", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 227, + "comment" : "Public key uses wrong curve: brainpoolP320r1", + "public" : "306a301406072a8648ce3d020106092b2403030208010109035200040efb1c104938f59a931fe6bf69f7ead4036d2336075a708e66b020e1bc5bb6d9cdc86d4e8fa181d7c7ea1af28353044e8cec12eec75a6dd87a5dc902024d93f8c8d9bf43b453fd919151f9bd7bb955c7", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 228, + "comment" : "Public key uses wrong curve: brainpoolP384r1", + "public" : "307a301406072a8648ce3d020106092b240303020801010b036200043e96d75b79214e69a4550e25375478bdc9c2a9d0178a77b5700bd5f12e3ce142f50c93dc1ee7268456d7eae2d44b718d6f159e896ae14fbe3aba397801a95e2bb6a9a761e865b289dd9db64aa07c794cedf77328543b94c9b54ce0cf04c60ac8", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 229, + "comment" : "Public key uses wrong curve: brainpoolP512r1", + "public" : "30819b301406072a8648ce3d020106092b240303020801010d03818200044f191130740f1b75ae13402960eb22ea801db80ed51a461e06a7b3ba60c9bddd132a6465bbee8afd70cfb4495efbda4f1567b958e6e305bfcb4ac8f05172688e0f2f175aa12425be3ab7271b42f258639e868677d1163c12e641229f1e6427761c9e294de51db564151b21a051d2f7a13661852799557a556a5f3c51d36d083a", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 230, + "comment" : "Public key uses wrong curve: brainpoolP224t1", + "public" : "3052301406072a8648ce3d020106092b2403030208010106033a00044964b948cefa39cd769e3480d4840a3c58e966161be80df02d9aab33b4a318a32f30130224edcefe0dd64342404e594aa334995b179f641f", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 231, + "comment" : "Public key uses wrong curve: brainpoolP256t1", + "public" : "305a301406072a8648ce3d020106092b24030302080101080342000411157979c08bcd175d34572209a85f3f5d602e35bdc3b553b0f19307672b31ba69d0556bce48c43e2e7e6177055221a4c4b7eb17ee9708f49216de76d6e92ab8", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 232, + "comment" : "Public key uses wrong curve: brainpoolP320t1", + "public" : "306a301406072a8648ce3d020106092b240303020801010a035200048bb517e198930eba57293419876a8793f711de37c27f200e6fb2c2b13e9fabd4fbc42ad61751ca583031ba76cbc6d745d115addc74eab63bf415c4fa20dbbecae98ac3c3da1a041705cf8959e2ccf453", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 233, + "comment" : "Public key uses wrong curve: brainpoolP384t1", + "public" : "307a301406072a8648ce3d020106092b240303020801010c036200045eb38d0261b744b03abef4ae7c17bc886b5b426bd910958f8a49ef62053048f869541b7a05d244315fc9cd74271ec3d518d94114b6006017f4ed5e3c06322baa1c75809a1057ba6fa46d1e1a9927a262e627940d5da538b5a3d1d794d9c866a4", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 234, + "comment" : "Public key uses wrong curve: brainpoolP512t1", + "public" : "30819b301406072a8648ce3d020106092b240303020801010e0381820004035fc238e57d980beae0215fb89108f9c6c4afda5d920f9d0583ee7d65f8778ecfff24a31d4f32deb6ea5f7e3adb6affb9327a5e62e09cba07c88b119fd104a83b7811e958e393971a5c9417412070b9f18b03be37e81e0bca5d3ff0873ed1f3113ed0fc57a0344321fb4d6c43f2f6e630a3d3883efe4c21df3e0f0b1208226b", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 235, + "comment" : "Public key uses wrong curve: FRP256v1", + "public" : "305b301506072a8648ce3d0201060a2a817a01815f6582000103420004375e9438d4ab14e298a75eab1e2d51a9248c8ee0bbb24397cbd4651517faedd26d4ded568d2348a473aa5a7570107dc6fc60a2ce0c4143446b5b09ab3fcc7bb4", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 236, + "comment" : "invalid public key", + "public" : "3036301006072a8648ce3d020106052b8104000a03220002977cb7fb9a0ec5b208e811d6a0795eb78d7642e3cac42a801bcc8fc0f06472d4", + "private" : "00d09182a4d0c94ba85f82eff9fc1bddb0b07d3f2af8632fc1c73a3604e8f0b335", + "shared" : "", + "result" : "invalid", + "flags" : [ + "CompressedPoint" + ] + }, + { + "tcId" : 237, + "comment" : "public key is a low order point on twist", + "public" : "3036301006072a8648ce3d020106052b8104000a032200020000000000000000000000000000000000000000000000000000000000000000", + "private" : "0098b5c223cf9cc0920a5145ba1fd2f6afee7e1f66d0120b8536685fdf05ebb300", + "shared" : "", + "result" : "invalid", + "flags" : [ + "CompressedPoint" + ] + }, + { + "tcId" : 238, + "comment" : "public key is a low order point on twist", + "public" : "3036301006072a8648ce3d020106052b8104000a032200030000000000000000000000000000000000000000000000000000000000000000", + "private" : "0098b5c223cf9cc0920a5145ba1fd2f6afee7e1f66d0120b8536685fdf05ebb2ff", + "shared" : "", + "result" : "invalid", + "flags" : [ + "CompressedPoint" + ] + }, + { + "tcId" : 239, + "comment" : "long form encoding of length of sequence", + "public" : "308156301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 240, + "comment" : "long form encoding of length of sequence", + "public" : "305730811006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 241, + "comment" : "length of sequence contains leading 0", + "public" : "30820056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 242, + "comment" : "length of sequence contains leading 0", + "public" : "30583082001006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 243, + "comment" : "wrong length of sequence", + "public" : "3057301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 244, + "comment" : "wrong length of sequence", + "public" : "3055301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 245, + "comment" : "wrong length of sequence", + "public" : "3056301106072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 246, + "comment" : "wrong length of sequence", + "public" : "3056300f06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 247, + "comment" : "uint32 overflow in length of sequence", + "public" : "30850100000056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 248, + "comment" : "uint32 overflow in length of sequence", + "public" : "305b3085010000001006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 249, + "comment" : "uint64 overflow in length of sequence", + "public" : "3089010000000000000056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 250, + "comment" : "uint64 overflow in length of sequence", + "public" : "305f308901000000000000001006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 251, + "comment" : "length of sequence = 2**31 - 1", + "public" : "30847fffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 252, + "comment" : "length of sequence = 2**31 - 1", + "public" : "305a30847fffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 253, + "comment" : "length of sequence = 2**32 - 1", + "public" : "3084ffffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 254, + "comment" : "length of sequence = 2**32 - 1", + "public" : "305a3084ffffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 255, + "comment" : "length of sequence = 2**40 - 1", + "public" : "3085ffffffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 256, + "comment" : "length of sequence = 2**40 - 1", + "public" : "305b3085ffffffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 257, + "comment" : "length of sequence = 2**64 - 1", + "public" : "3088ffffffffffffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 258, + "comment" : "length of sequence = 2**64 - 1", + "public" : "305e3088ffffffffffffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 259, + "comment" : "incorrect length of sequence", + "public" : "30ff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 260, + "comment" : "incorrect length of sequence", + "public" : "305630ff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 261, + "comment" : "indefinite length without termination", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 262, + "comment" : "indefinite length without termination", + "public" : "3056308006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 263, + "comment" : "indefinite length without termination", + "public" : "3056301006802a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 264, + "comment" : "indefinite length without termination", + "public" : "3056301006072a8648ce3d020106802b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 265, + "comment" : "indefinite length without termination", + "public" : "3056301006072a8648ce3d020106052b8104000a03800004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 266, + "comment" : "removing sequence", + "public" : "", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 267, + "comment" : "removing sequence", + "public" : "304403420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 268, + "comment" : "lonely sequence tag", + "public" : "30", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 269, + "comment" : "lonely sequence tag", + "public" : "30453003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 270, + "comment" : "appending 0's to sequence", + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 271, + "comment" : "appending 0's to sequence", + "public" : "3058301206072a8648ce3d020106052b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 272, + "comment" : "prepending 0's to sequence", + "public" : "30580000301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 273, + "comment" : "prepending 0's to sequence", + "public" : "30583012000006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 274, + "comment" : "appending unused 0's to sequence", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 275, + "comment" : "appending unused 0's to sequence", + "public" : "3058301006072a8648ce3d020106052b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 276, + "comment" : "appending null value to sequence", + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 277, + "comment" : "appending null value to sequence", + "public" : "3058301206072a8648ce3d020106052b8104000a050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 278, + "comment" : "including garbage", + "public" : "305b4981773056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 279, + "comment" : "including garbage", + "public" : "305a25003056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 280, + "comment" : "including garbage", + "public" : "30583056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670004deadbeef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 281, + "comment" : "including garbage", + "public" : "305b3015498177301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 282, + "comment" : "including garbage", + "public" : "305a30142500301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 283, + "comment" : "including garbage", + "public" : "305e3012301006072a8648ce3d020106052b8104000a0004deadbeef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 284, + "comment" : "including garbage", + "public" : "305b3015260c49817706072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 285, + "comment" : "including garbage", + "public" : "305a3014260b250006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 286, + "comment" : "including garbage", + "public" : "305e3018260906072a8648ce3d02010004deadbeef06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 287, + "comment" : "including garbage", + "public" : "305b301506072a8648ce3d0201260a49817706052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 288, + "comment" : "including garbage", + "public" : "305a301406072a8648ce3d02012609250006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 289, + "comment" : "including garbage", + "public" : "305e301806072a8648ce3d0201260706052b8104000a0004deadbeef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 290, + "comment" : "including garbage", + "public" : "305b301006072a8648ce3d020106052b8104000a234749817703420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 291, + "comment" : "including garbage", + "public" : "305a301006072a8648ce3d020106052b8104000a2346250003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 292, + "comment" : "including garbage", + "public" : "305e301006072a8648ce3d020106052b8104000a234403420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670004deadbeef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 293, + "comment" : "including undefined tags", + "public" : "305eaa00bb00cd003056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 294, + "comment" : "including undefined tags", + "public" : "305caa02aabb3056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 295, + "comment" : "including undefined tags", + "public" : "305e3018aa00bb00cd00301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 296, + "comment" : "including undefined tags", + "public" : "305c3016aa02aabb301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 297, + "comment" : "including undefined tags", + "public" : "305e3018260faa00bb00cd0006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 298, + "comment" : "including undefined tags", + "public" : "305c3016260daa02aabb06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 299, + "comment" : "including undefined tags", + "public" : "305e301806072a8648ce3d0201260daa00bb00cd0006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 300, + "comment" : "including undefined tags", + "public" : "305c301606072a8648ce3d0201260baa02aabb06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 301, + "comment" : "including undefined tags", + "public" : "305e301006072a8648ce3d020106052b8104000a234aaa00bb00cd0003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 302, + "comment" : "including undefined tags", + "public" : "305c301006072a8648ce3d020106052b8104000a2348aa02aabb03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 303, + "comment" : "truncated length of sequence", + "public" : "3081", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 304, + "comment" : "truncated length of sequence", + "public" : "3046308103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 305, + "comment" : "Replacing sequence with NULL", + "public" : "0500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 306, + "comment" : "Replacing sequence with NULL", + "public" : "3046050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 307, + "comment" : "changing tag value of sequence", + "public" : "2e56301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 308, + "comment" : "changing tag value of sequence", + "public" : "2f56301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 309, + "comment" : "changing tag value of sequence", + "public" : "3156301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 310, + "comment" : "changing tag value of sequence", + "public" : "3256301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 311, + "comment" : "changing tag value of sequence", + "public" : "ff56301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 312, + "comment" : "changing tag value of sequence", + "public" : "30562e1006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 313, + "comment" : "changing tag value of sequence", + "public" : "30562f1006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 314, + "comment" : "changing tag value of sequence", + "public" : "3056311006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 315, + "comment" : "changing tag value of sequence", + "public" : "3056321006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 316, + "comment" : "changing tag value of sequence", + "public" : "3056ff1006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 317, + "comment" : "dropping value of sequence", + "public" : "3000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 318, + "comment" : "dropping value of sequence", + "public" : "3046300003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 319, + "comment" : "truncated sequence", + "public" : "3055301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 320, + "comment" : "truncated sequence", + "public" : "30551006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 321, + "comment" : "truncated sequence", + "public" : "3055300f06072a8648ce3d020106052b81040003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 322, + "comment" : "truncated sequence", + "public" : "3055300f072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 323, + "comment" : "sequence of size 4183 to check for overflows", + "public" : "30821057301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 324, + "comment" : "indefinite length", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 325, + "comment" : "indefinite length", + "public" : "3058308006072a8648ce3d020106052b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 326, + "comment" : "indefinite length with truncated delimiter", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326700", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 327, + "comment" : "indefinite length with truncated delimiter", + "public" : "3057308006072a8648ce3d020106052b8104000a0003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 328, + "comment" : "indefinite length with additional element", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326705000000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 329, + "comment" : "indefinite length with additional element", + "public" : "305a308006072a8648ce3d020106052b8104000a0500000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 330, + "comment" : "indefinite length with truncated element", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267060811220000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 331, + "comment" : "indefinite length with truncated element", + "public" : "305c308006072a8648ce3d020106052b8104000a06081122000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 332, + "comment" : "indefinite length with garbage", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000fe02beef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 333, + "comment" : "indefinite length with garbage", + "public" : "305c308006072a8648ce3d020106052b8104000a0000fe02beef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 334, + "comment" : "indefinite length with nonempty EOC", + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670002beef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 335, + "comment" : "indefinite length with nonempty EOC", + "public" : "305a308006072a8648ce3d020106052b8104000a0002beef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 336, + "comment" : "prepend empty sequence", + "public" : "30583000301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 337, + "comment" : "prepend empty sequence", + "public" : "30583012300006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 338, + "comment" : "append empty sequence", + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32673000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 339, + "comment" : "append empty sequence", + "public" : "3058301206072a8648ce3d020106052b8104000a300003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 340, + "comment" : "append garbage with high tag number", + "public" : "3059301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267bf7f00", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 341, + "comment" : "append garbage with high tag number", + "public" : "3059301306072a8648ce3d020106052b8104000abf7f0003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 342, + "comment" : "append null with explicit tag", + "public" : "305a301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267a0020500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 343, + "comment" : "append null with explicit tag", + "public" : "305a301406072a8648ce3d020106052b8104000aa002050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 344, + "comment" : "append null with implicit tag", + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267a000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 345, + "comment" : "append null with implicit tag", + "public" : "3058301206072a8648ce3d020106052b8104000aa00003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 346, + "comment" : "sequence of sequence", + "public" : "30583056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 347, + "comment" : "sequence of sequence", + "public" : "30583012301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 348, + "comment" : "truncated sequence: removed last 1 elements", + "public" : "3012301006072a8648ce3d020106052b8104000a", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 349, + "comment" : "truncated sequence: removed last 1 elements", + "public" : "304f300906072a8648ce3d020103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 350, + "comment" : "repeating element in sequence", + "public" : "30819a301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326703420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 351, + "comment" : "repeating element in sequence", + "public" : "305d301706072a8648ce3d020106052b8104000a06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 352, + "comment" : "sequence of size 4113 to check for overflows", + "public" : "308210593082101106072a8648ce3d020106052b8104000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 353, + "comment" : "long form encoding of length of oid", + "public" : "305730110681072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 354, + "comment" : "long form encoding of length of oid", + "public" : "3057301106072a8648ce3d02010681052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 355, + "comment" : "length of oid contains leading 0", + "public" : "30583012068200072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 356, + "comment" : "length of oid contains leading 0", + "public" : "3058301206072a8648ce3d0201068200052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 357, + "comment" : "wrong length of oid", + "public" : "3056301006082a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 358, + "comment" : "wrong length of oid", + "public" : "3056301006062a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 359, + "comment" : "wrong length of oid", + "public" : "3056301006072a8648ce3d020106062b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 360, + "comment" : "wrong length of oid", + "public" : "3056301006072a8648ce3d020106042b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 361, + "comment" : "uint32 overflow in length of oid", + "public" : "305b3015068501000000072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 362, + "comment" : "uint32 overflow in length of oid", + "public" : "305b301506072a8648ce3d0201068501000000052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 363, + "comment" : "uint64 overflow in length of oid", + "public" : "305f301906890100000000000000072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 364, + "comment" : "uint64 overflow in length of oid", + "public" : "305f301906072a8648ce3d020106890100000000000000052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 365, + "comment" : "length of oid = 2**31 - 1", + "public" : "305a301406847fffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 366, + "comment" : "length of oid = 2**31 - 1", + "public" : "305a301406072a8648ce3d020106847fffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 367, + "comment" : "length of oid = 2**32 - 1", + "public" : "305a30140684ffffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 368, + "comment" : "length of oid = 2**32 - 1", + "public" : "305a301406072a8648ce3d02010684ffffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 369, + "comment" : "length of oid = 2**40 - 1", + "public" : "305b30150685ffffffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 370, + "comment" : "length of oid = 2**40 - 1", + "public" : "305b301506072a8648ce3d02010685ffffffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 371, + "comment" : "length of oid = 2**64 - 1", + "public" : "305e30180688ffffffffffffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 372, + "comment" : "length of oid = 2**64 - 1", + "public" : "305e301806072a8648ce3d02010688ffffffffffffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 373, + "comment" : "incorrect length of oid", + "public" : "3056301006ff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 374, + "comment" : "incorrect length of oid", + "public" : "3056301006072a8648ce3d020106ff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 375, + "comment" : "removing oid", + "public" : "304d300706052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 376, + "comment" : "lonely oid tag", + "public" : "304e30080606052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 377, + "comment" : "lonely oid tag", + "public" : "3050300a06072a8648ce3d02010603420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 378, + "comment" : "appending 0's to oid", + "public" : "3058301206092a8648ce3d0201000006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 379, + "comment" : "appending 0's to oid", + "public" : "3058301206072a8648ce3d020106072b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 380, + "comment" : "prepending 0's to oid", + "public" : "30583012060900002a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 381, + "comment" : "prepending 0's to oid", + "public" : "3058301206072a8648ce3d0201060700002b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 382, + "comment" : "appending unused 0's to oid", + "public" : "3058301206072a8648ce3d0201000006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 383, + "comment" : "appending null value to oid", + "public" : "3058301206092a8648ce3d0201050006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 384, + "comment" : "appending null value to oid", + "public" : "3058301206072a8648ce3d020106072b8104000a050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 385, + "comment" : "truncated length of oid", + "public" : "304f3009068106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 386, + "comment" : "truncated length of oid", + "public" : "3051300b06072a8648ce3d0201068103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 387, + "comment" : "Replacing oid with NULL", + "public" : "304f3009050006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 388, + "comment" : "Replacing oid with NULL", + "public" : "3051300b06072a8648ce3d0201050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 389, + "comment" : "changing tag value of oid", + "public" : "3056301004072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 390, + "comment" : "changing tag value of oid", + "public" : "3056301005072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 391, + "comment" : "changing tag value of oid", + "public" : "3056301007072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 392, + "comment" : "changing tag value of oid", + "public" : "3056301008072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 393, + "comment" : "changing tag value of oid", + "public" : "30563010ff072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 394, + "comment" : "changing tag value of oid", + "public" : "3056301006072a8648ce3d020104052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 395, + "comment" : "changing tag value of oid", + "public" : "3056301006072a8648ce3d020105052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 396, + "comment" : "changing tag value of oid", + "public" : "3056301006072a8648ce3d020107052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 397, + "comment" : "changing tag value of oid", + "public" : "3056301006072a8648ce3d020108052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 398, + "comment" : "changing tag value of oid", + "public" : "3056301006072a8648ce3d0201ff052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 399, + "comment" : "dropping value of oid", + "public" : "304f3009060006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 400, + "comment" : "dropping value of oid", + "public" : "3051300b06072a8648ce3d0201060003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 401, + "comment" : "modifying first byte of oid", + "public" : "305630100607288648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 402, + "comment" : "modifying first byte of oid", + "public" : "3056301006072a8648ce3d02010605298104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 403, + "comment" : "modifying last byte of oid", + "public" : "3056301006072a8648ce3d028106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 404, + "comment" : "modifying last byte of oid", + "public" : "3056301006072a8648ce3d020106052b8104008a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 405, + "comment" : "truncated oid", + "public" : "3055300f06062a8648ce3d0206052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 406, + "comment" : "truncated oid", + "public" : "3055300f06068648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 407, + "comment" : "truncated oid", + "public" : "3055300f06072a8648ce3d020106042b81040003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 408, + "comment" : "truncated oid", + "public" : "3055300f06072a8648ce3d020106048104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 409, + "comment" : "oid of size 4104 to check for overflows", + "public" : "3082105b30821013068210082a8648ce3d0201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 410, + "comment" : "wrong oid", + "public" : "3054300e06052b0e03021a06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 411, + "comment" : "wrong oid", + "public" : "30583012060960864801650304020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 412, + "comment" : "wrong oid", + "public" : "3056301006072a8648ce3d020106052b0e03021a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 413, + "comment" : "wrong oid", + "public" : "305a301406072a8648ce3d0201060960864801650304020103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 414, + "comment" : "longer oid", + "public" : "3057301106082a8648ce3d02010106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 415, + "comment" : "longer oid", + "public" : "3057301106072a8648ce3d020106062b8104000a0103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 416, + "comment" : "oid with modified node", + "public" : "3056301006072a8648ce3d021106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 417, + "comment" : "oid with modified node", + "public" : "305a3014060b2a8648ce3d02888080800106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 418, + "comment" : "oid with modified node", + "public" : "3056301006072a8648ce3d020106052b8104001a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 419, + "comment" : "oid with modified node", + "public" : "305a301406072a8648ce3d020106092b810400888080800a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 420, + "comment" : "large integer in oid", + "public" : "305f301906102a8648ce3d028280808080808080800106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 421, + "comment" : "large integer in oid", + "public" : "305f301906072a8648ce3d0201060e2b8104008280808080808080800a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 422, + "comment" : "oid with invalid node", + "public" : "3057301106082a8648ce3d0201e006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 423, + "comment" : "oid with invalid node", + "public" : "3057301106082a808648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 424, + "comment" : "oid with invalid node", + "public" : "3057301106072a8648ce3d020106062b8104000ae003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 425, + "comment" : "oid with invalid node", + "public" : "3057301106072a8648ce3d020106062b808104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 426, + "comment" : "oid with 263 nodes", + "public" : "3082015b30820113068201082a8648ce3d0201010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 427, + "comment" : "oid of size 4102 to check for overflows", + "public" : "3082105b3082101306072a8648ce3d0201068210062b8104000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 428, + "comment" : "oid with 262 nodes", + "public" : "3082015b3082011306072a8648ce3d0201068201062b8104000a010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 429, + "comment" : "long form encoding of length of bit string", + "public" : "3057301006072a8648ce3d020106052b8104000a0381420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 430, + "comment" : "length of bit string contains leading 0", + "public" : "3058301006072a8648ce3d020106052b8104000a038200420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 431, + "comment" : "wrong length of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a03430004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 432, + "comment" : "wrong length of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a03410004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 433, + "comment" : "uint32 overflow in length of bit string", + "public" : "305b301006072a8648ce3d020106052b8104000a038501000000420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 434, + "comment" : "uint64 overflow in length of bit string", + "public" : "305f301006072a8648ce3d020106052b8104000a03890100000000000000420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 435, + "comment" : "length of bit string = 2**31 - 1", + "public" : "305a301006072a8648ce3d020106052b8104000a03847fffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 436, + "comment" : "length of bit string = 2**32 - 1", + "public" : "305a301006072a8648ce3d020106052b8104000a0384ffffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 437, + "comment" : "length of bit string = 2**40 - 1", + "public" : "305b301006072a8648ce3d020106052b8104000a0385ffffffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 438, + "comment" : "length of bit string = 2**64 - 1", + "public" : "305e301006072a8648ce3d020106052b8104000a0388ffffffffffffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 439, + "comment" : "incorrect length of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a03ff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 440, + "comment" : "lonely bit string tag", + "public" : "3013301006072a8648ce3d020106052b8104000a03", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 441, + "comment" : "appending 0's to bit string", + "public" : "3058301006072a8648ce3d020106052b8104000a03440004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 442, + "comment" : "prepending 0's to bit string", + "public" : "3058301006072a8648ce3d020106052b8104000a034400000004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 443, + "comment" : "appending null value to bit string", + "public" : "3058301006072a8648ce3d020106052b8104000a03440004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 444, + "comment" : "truncated length of bit string", + "public" : "3014301006072a8648ce3d020106052b8104000a0381", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 445, + "comment" : "Replacing bit string with NULL", + "public" : "3014301006072a8648ce3d020106052b8104000a0500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 446, + "comment" : "changing tag value of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a01420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 447, + "comment" : "changing tag value of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a02420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 448, + "comment" : "changing tag value of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a04420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 449, + "comment" : "changing tag value of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a05420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 450, + "comment" : "changing tag value of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000aff420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 451, + "comment" : "dropping value of bit string", + "public" : "3014301006072a8648ce3d020106052b8104000a0300", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 452, + "comment" : "modifying first byte of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a03420204e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 453, + "comment" : "modifying last byte of bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32e7", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 454, + "comment" : "truncated bit string", + "public" : "3055301006072a8648ce3d020106052b8104000a03410004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 455, + "comment" : "truncated bit string", + "public" : "3055301006072a8648ce3d020106052b8104000a034104e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 456, + "comment" : "bit string of size 4163 to check for overflows", + "public" : "30821059301006072a8648ce3d020106052b8104000a038210430004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 457, + "comment" : "declaring bits as unused in bit string", + "public" : "3056301006072a8648ce3d020106052b8104000a03420104e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 458, + "comment" : "unused bits in bit string", + "public" : "305a301006072a8648ce3d020106052b8104000a03462004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326701020304", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 459, + "comment" : "unused bits in empty bit-string", + "public" : "3015301006072a8648ce3d020106052b8104000a030103", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + }, + { + "tcId" : 460, + "comment" : "128 unused bits", + "public" : "3056301006072a8648ce3d020106052b8104000a03428004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable", + "flags" : [ + "InvalidAsn" + ] + } + ] + } + ] +} diff --git a/tests/ecdsa_secp256k1_sha256_test.json b/tests/ecdsa_secp256k1_sha256_test.json new file mode 100644 index 00000000..24dfc322 --- /dev/null +++ b/tests/ecdsa_secp256k1_sha256_test.json @@ -0,0 +1,4482 @@ +{ + "algorithm" : "ECDSA", + "generatorVersion" : "0.8r12", + "numberOfTests" : 380, + "header" : [ + "Test vectors of type EcdsaVerify are meant for the verification", + "of ASN encoded ECDSA signatures." + ], + "notes" : { + "BER" : "This is a signature with correct values for (r, s) but using some alternative BER encoding instead of DER encoding. Implementations should not accept such signatures to limit signature malleability.", + "EdgeCase" : "Edge case values such as r=1 and s=0 can lead to forgeries if the ECDSA implementation does not check boundaries and computes s^(-1)==0.", + "MissingZero" : "Some implementations of ECDSA and DSA incorrectly encode r and s by not including leading zeros in the ASN encoding of integers when necessary. Hence, some implementations (e.g. jdk) allow signatures with incorrect ASN encodings assuming that the signature is otherwise valid.", + "PointDuplication" : "Some implementations of ECDSA do not handle duplication and points at infinity correctly. This is a test vector that has been specially crafted to check for such an omission." + }, + "schema" : "ecdsa_verify_schema.json", + "testGroups" : [ + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6ff0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9", + "wx" : "00b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6f", + "wy" : "00f0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6ff0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEuDj/ROW8F3vyEYnQdmCC/J2EMiaIf8l2\nA3EQC37iCm/wyddb+6ezGmvKGXRJbutW3jVwcZVdg8Sxutqgshgy6Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 0, + "comment" : "valid", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 1, + "comment" : "signature malleability", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365022100900e75ad233fcc908509dbff5922647db37c21f4afd3203ae8dc4ae7794b0f87", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "Legacy:ASN encoding of r misses leading 0", + "msg" : "313233343030", + "sig" : "30440220813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "acceptable", + "flags" : [ + "MissingZero" + ] + }, + { + "tcId" : 3, + "comment" : "valid", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "long form encoding of length of sequence", + "msg" : "313233343030", + "sig" : "308145022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 5, + "comment" : "length of sequence contains leading 0", + "msg" : "313233343030", + "sig" : "30820045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 6, + "comment" : "wrong length of sequence", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "wrong length of sequence", + "msg" : "313233343030", + "sig" : "3044022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "uint32 overflow in length of sequence", + "msg" : "313233343030", + "sig" : "30850100000045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "uint64 overflow in length of sequence", + "msg" : "313233343030", + "sig" : "3089010000000000000045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 10, + "comment" : "length of sequence = 2**31 - 1", + "msg" : "313233343030", + "sig" : "30847fffffff022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 11, + "comment" : "length of sequence = 2**32 - 1", + "msg" : "313233343030", + "sig" : "3084ffffffff022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 12, + "comment" : "length of sequence = 2**40 - 1", + "msg" : "313233343030", + "sig" : "3085ffffffffff022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 13, + "comment" : "length of sequence = 2**64 - 1", + "msg" : "313233343030", + "sig" : "3088ffffffffffffffff022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 14, + "comment" : "incorrect length of sequence", + "msg" : "313233343030", + "sig" : "30ff022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 15, + "comment" : "indefinite length without termination", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 16, + "comment" : "indefinite length without termination", + "msg" : "313233343030", + "sig" : "3045028000813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "indefinite length without termination", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502806ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "removing sequence", + "msg" : "313233343030", + "sig" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "lonely sequence tag", + "msg" : "313233343030", + "sig" : "30", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "appending 0's to sequence", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "prepending 0's to sequence", + "msg" : "313233343030", + "sig" : "30470000022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "appending unused 0's to sequence", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "appending null value to sequence", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 24, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304a4981773045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 25, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304925003045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 26, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "30473045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0004deadbeef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 27, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304a2226498177022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 28, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304922252500022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 29, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304d2223022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650004deadbeef02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 30, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304a022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365222549817702206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 31, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "3049022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323652224250002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 32, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304d022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365222202206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0004deadbeef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 33, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304daa00bb00cd003045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 34, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304baa02aabb3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 35, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304d2229aa00bb00cd00022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304b2227aa02aabb022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304d022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323652228aa00bb00cd0002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304b022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323652226aa02aabb02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "truncated length of sequence", + "msg" : "313233343030", + "sig" : "3081", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 40, + "comment" : "using composition with indefinite length", + "msg" : "313233343030", + "sig" : "30803045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 41, + "comment" : "using composition with indefinite length", + "msg" : "313233343030", + "sig" : "30492280022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365000002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 42, + "comment" : "using composition with indefinite length", + "msg" : "313233343030", + "sig" : "3049022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365228002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 43, + "comment" : "using composition with wrong tag", + "msg" : "313233343030", + "sig" : "30803145022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 44, + "comment" : "using composition with wrong tag", + "msg" : "313233343030", + "sig" : "30492280032100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365000002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 45, + "comment" : "using composition with wrong tag", + "msg" : "313233343030", + "sig" : "3049022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365228003206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "Replacing sequence with NULL", + "msg" : "313233343030", + "sig" : "0500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "2e45022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "2f45022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "3145022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "3245022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 51, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "ff45022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 52, + "comment" : "dropping value of sequence", + "msg" : "313233343030", + "sig" : "3000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 53, + "comment" : "using composition for sequence", + "msg" : "313233343030", + "sig" : "304930010230442100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 54, + "comment" : "truncated sequence", + "msg" : "313233343030", + "sig" : "3044022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 55, + "comment" : "truncated sequence", + "msg" : "313233343030", + "sig" : "30442100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 56, + "comment" : "indefinite length", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 57, + "comment" : "indefinite length with truncated delimiter", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba00", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 58, + "comment" : "indefinite length with additional element", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba05000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "indefinite length with truncated element", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba060811220000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "indefinite length with garbage", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000fe02beef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "indefinite length with nonempty EOC", + "msg" : "313233343030", + "sig" : "3080022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0002beef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "prepend empty sequence", + "msg" : "313233343030", + "sig" : "30473000022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "append empty sequence", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba3000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "append garbage with high tag number", + "msg" : "313233343030", + "sig" : "3048022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31babf7f00", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "sequence of sequence", + "msg" : "313233343030", + "sig" : "30473045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "truncated sequence: removed last 1 elements", + "msg" : "313233343030", + "sig" : "3023022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "repeating element in sequence", + "msg" : "313233343030", + "sig" : "3067022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "long form encoding of length of integer", + "msg" : "313233343030", + "sig" : "304602812100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 69, + "comment" : "long form encoding of length of integer", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650281206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 70, + "comment" : "length of integer contains leading 0", + "msg" : "313233343030", + "sig" : "30470282002100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 71, + "comment" : "length of integer contains leading 0", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365028200206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 72, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "3045022200813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "3045022000813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502216ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365021f6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 76, + "comment" : "uint32 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304a0285010000002100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "uint32 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304a022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365028501000000206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "uint64 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304e028901000000000000002100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "uint64 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304e022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502890100000000000000206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "length of integer = 2**31 - 1", + "msg" : "313233343030", + "sig" : "304902847fffffff00813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "length of integer = 2**31 - 1", + "msg" : "313233343030", + "sig" : "3049022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502847fffffff6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "length of integer = 2**32 - 1", + "msg" : "313233343030", + "sig" : "30490284ffffffff00813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "length of integer = 2**32 - 1", + "msg" : "313233343030", + "sig" : "3049022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650284ffffffff6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "length of integer = 2**40 - 1", + "msg" : "313233343030", + "sig" : "304a0285ffffffffff00813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "length of integer = 2**40 - 1", + "msg" : "313233343030", + "sig" : "304a022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650285ffffffffff6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "length of integer = 2**64 - 1", + "msg" : "313233343030", + "sig" : "304d0288ffffffffffffffff00813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "length of integer = 2**64 - 1", + "msg" : "313233343030", + "sig" : "304d022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650288ffffffffffffffff6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "incorrect length of integer", + "msg" : "313233343030", + "sig" : "304502ff00813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "incorrect length of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502ff6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "removing integer", + "msg" : "313233343030", + "sig" : "302202206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "lonely integer tag", + "msg" : "313233343030", + "sig" : "30230202206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "lonely integer tag", + "msg" : "313233343030", + "sig" : "3024022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "appending 0's to integer", + "msg" : "313233343030", + "sig" : "3047022300813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365000002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "appending 0's to integer", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502226ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "prepending 0's to integer", + "msg" : "313233343030", + "sig" : "30470223000000813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 96, + "comment" : "prepending 0's to integer", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365022200006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 97, + "comment" : "appending unused 0's to integer", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365000002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "appending null value to integer", + "msg" : "313233343030", + "sig" : "3047022300813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365050002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "appending null value to integer", + "msg" : "313233343030", + "sig" : "3047022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502226ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "truncated length of integer", + "msg" : "313233343030", + "sig" : "3024028102206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "truncated length of integer", + "msg" : "313233343030", + "sig" : "3025022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650281", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "Replacing integer with NULL", + "msg" : "313233343030", + "sig" : "3024050002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "Replacing integer with NULL", + "msg" : "313233343030", + "sig" : "3025022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045002100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 105, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045012100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 106, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045032100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 107, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045042100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 108, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045ff2100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 109, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236500206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 110, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236501206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 111, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236503206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 112, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236504206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 113, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365ff206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 114, + "comment" : "dropping value of integer", + "msg" : "313233343030", + "sig" : "3024020002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 115, + "comment" : "dropping value of integer", + "msg" : "313233343030", + "sig" : "3025022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650200", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 116, + "comment" : "using composition for integer", + "msg" : "313233343030", + "sig" : "304922250201000220813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 117, + "comment" : "using composition for integer", + "msg" : "313233343030", + "sig" : "3049022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365222402016f021ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 118, + "comment" : "modify first byte of integer", + "msg" : "313233343030", + "sig" : "3045022102813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 119, + "comment" : "modify first byte of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206df18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 120, + "comment" : "modify last byte of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323e502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 121, + "comment" : "modify last byte of integer", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb313a", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 122, + "comment" : "truncated integer", + "msg" : "313233343030", + "sig" : "3044022000813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832302206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 123, + "comment" : "truncated integer", + "msg" : "313233343030", + "sig" : "3044022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365021f6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 124, + "comment" : "truncated integer", + "msg" : "313233343030", + "sig" : "3044022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365021ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "leading ff in integer", + "msg" : "313233343030", + "sig" : "30460222ff00813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 126, + "comment" : "leading ff in integer", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650221ff6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 127, + "comment" : "replaced integer by infinity", + "msg" : "313233343030", + "sig" : "302509018002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 128, + "comment" : "replaced integer by infinity", + "msg" : "313233343030", + "sig" : "3026022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365090180", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 129, + "comment" : "replacing integer with zero", + "msg" : "313233343030", + "sig" : "302502010002206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 130, + "comment" : "replacing integer with zero", + "msg" : "313233343030", + "sig" : "3026022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365020100", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 131, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3045022101813ef79ccefa9a56f7ba805f0e478583b90deabca4b05c4574e49b5899b964a602206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 132, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30440220813ef79ccefa9a56f7ba805f0e47858643b030ef461f1bcdf53fde3ef94ce22402206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 133, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30450221ff7ec10863310565a908457fa0f1b87a7b01a0f22a0a9843f64aedc334367cdc9b02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 134, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304402207ec10863310565a908457fa0f1b87a79bc4fcf10b9e0e4320ac021c106b31ddc02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30450221fe7ec10863310565a908457fa0f1b87a7c46f215435b4fa3ba8b1b64a766469b5a02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 136, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3045022101813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 137, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304402207ec10863310565a908457fa0f1b87a7b01a0f22a0a9843f64aedc334367cdc9b02206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 138, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650221016ff18a52dcc0336f7af62400a6dd9b7fc1e197d8aebe203c96c87232272172fb", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 139, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650221ff6ff18a52dcc0336f7af62400a6dd9b824c83de0b502cdfc51723b51886b4f079", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 140, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3045022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650220900e75ad233fcc908509dbff5922647ef8cd450e008a7fff2909ec5aa914ce46", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 141, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650221fe900e75ad233fcc908509dbff592264803e1e68275141dfc369378dcdd8de8d05", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 142, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650221016ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 143, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365022100900e75ad233fcc908509dbff5922647ef8cd450e008a7fff2909ec5aa914ce46", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 144, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020100020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 145, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020100020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 146, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201000201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 147, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 148, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 149, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 150, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 151, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 152, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3008020100090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 153, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020100090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 154, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020101020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 155, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020101020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 156, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201010201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 157, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 158, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 159, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 160, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 161, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 162, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3008020101090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 163, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020101090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 164, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 165, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 166, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff0201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 167, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 168, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 169, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 170, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 171, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 172, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30080201ff090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 173, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 174, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 175, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 176, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 177, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 178, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 179, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 180, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 181, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 182, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 183, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 184, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 185, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 186, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641400201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 187, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 188, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 189, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 190, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 191, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 192, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 193, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 194, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 195, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 196, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641420201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 197, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 198, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 199, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 200, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 201, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 202, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 203, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 204, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 205, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 206, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 207, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 208, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 209, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 210, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 211, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 212, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 213, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 214, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 215, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 216, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc300201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 217, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 218, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 219, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 220, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 221, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 222, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 223, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 224, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30060201010c0130", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 225, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30050201010c00", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 226, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30090c0225730c03732573", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 227, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30080201013003020100", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 228, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "3003020101", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 229, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "3006020101010100", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 230, + "comment" : "Edge case for Shamir multiplication", + "msg" : "3235353835", + "sig" : "3045022100dd1b7d09a7bd8218961034a39a87fecf5314f00c4d25eb58a07ac85e85eab516022035138c401ef8d3493d65c9002fe62b43aee568731b744548358996d9cc427e06", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 231, + "comment" : "special case hash", + "msg" : "343236343739373234", + "sig" : "304502210095c29267d972a043d955224546222bba343fc1d4db0fec262a33ac61305696ae02206edfe96713aed56f8a28a6653f57e0b829712e5eddc67f34682b24f0676b2640", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 232, + "comment" : "special case hash", + "msg" : "37313338363834383931", + "sig" : "3045022028f94a894e92024699e345fe66971e3edcd050023386135ab3939d550898fb25022100cd69c1a42be05a6ee1270c821479251e134c21858d800bda6f4e98b37196238e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 233, + "comment" : "special case hash", + "msg" : "3130333539333331363638", + "sig" : "3046022100be26b18f9549f89f411a9b52536b15aa270b84548d0e859a1952a27af1a77ac60221008f3e2b05632fc33715572af9124681113f2b84325b80154c044a544dc1a8fa12", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 234, + "comment" : "special case hash", + "msg" : "33393439343031323135", + "sig" : "3046022100b1a4b1478e65cc3eafdf225d1298b43f2da19e4bcff7eacc0a2e98cd4b74b114022100e8655ce1cfb33ebd30af8ce8e8ae4d6f7b50cd3e22af51bf69e0a2851760d52b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 235, + "comment" : "special case hash", + "msg" : "31333434323933303739", + "sig" : "30440220325332021261f1bd18f2712aa1e2252da23796da8a4b1ff6ea18cafec7e171f2022040b4f5e287ee61fc3c804186982360891eaa35c75f05a43ecd48b35d984a6648", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 236, + "comment" : "special case hash", + "msg" : "33373036323131373132", + "sig" : "3046022100a23ad18d8fc66d81af0903890cbd453a554cb04cdc1a8ca7f7f78e5367ed88a0022100dc1c14d31e3fb158b73c764268c8b55579734a7e2a2c9b5ee5d9d0144ef652eb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 237, + "comment" : "special case hash", + "msg" : "333433363838373132", + "sig" : "304502202bdea41cda63a2d14bf47353bd20880a690901de7cd6e3cc6d8ed5ba0cdb1091022100c31599433036064073835b1e3eba8335a650c8fd786f94fe235ad7d41dc94c7a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 238, + "comment" : "special case hash", + "msg" : "31333531353330333730", + "sig" : "3046022100d7cd76ec01c1b1079eba9e2aa2a397243c4758c98a1ba0b7404a340b9b00ced6022100ca8affe1e626dd192174c2937b15bc48f77b5bdfe01f073a8aeaf7f24dc6c85b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 239, + "comment" : "special case hash", + "msg" : "36353533323033313236", + "sig" : "3045022100a872c744d936db21a10c361dd5c9063355f84902219652f6fc56dc95a7139d960220400df7575d9756210e9ccc77162c6b593c7746cfb48ac263c42750b421ef4bb9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 240, + "comment" : "special case hash", + "msg" : "31353634333436363033", + "sig" : "30460221009fa9afe07752da10b36d3afcd0fe44bfc40244d75203599cf8f5047fa3453854022100af1f583fec4040ae7e68c968d2bb4b494eec3a33edc7c0ccf95f7f75bc2569c7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 241, + "comment" : "special case hash", + "msg" : "34343239353339313137", + "sig" : "3045022100885640384d0d910efb177b46be6c3dc5cac81f0b88c3190bb6b5f99c2641f2050220738ed9bff116306d9caa0f8fc608be243e0b567779d8dab03e8e19d553f1dc8e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 242, + "comment" : "special case hash", + "msg" : "3130393533323631333531", + "sig" : "304502202d051f91c5a9d440c5676985710483bc4f1a6c611b10c95a2ff0363d90c2a45802210092206b19045a41a797cc2f3ac30de9518165e96d5b86341ecb3bcff231b3fd65", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 243, + "comment" : "special case hash", + "msg" : "35393837333530303431", + "sig" : "3045022100f3ac2523967482f53d508522712d583f4379cd824101ff635ea0935117baa54f022027f10812227397e02cea96fb0e680761636dab2b080d1fc5d11685cbe8500cfe", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 244, + "comment" : "special case hash", + "msg" : "33343633303036383738", + "sig" : "304602210096447cf68c3ab7266ed7447de3ac52fed7cc08cbdfea391c18a9b8ab370bc913022100f0a1878b2c53f16e70fe377a5e9c6e86f18ae480a22bb499f5b32e7109c07385", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 245, + "comment" : "special case hash", + "msg" : "39383137333230323837", + "sig" : "30450220530a0832b691da0b5619a0b11de6877f3c0971baaa68ed122758c29caaf46b7202210093761bb0a14ccf9f15b4b9ce73c6ec700bd015b8cb1cfac56837f4463f53074e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 246, + "comment" : "special case hash", + "msg" : "33323232303431303436", + "sig" : "30460221009c54c25500bde0b92d72d6ec483dc2482f3654294ca74de796b681255ed58a77022100988bac394a90ad89ce360984c0c149dcbd2684bb64498ace90bcf6b6af1c170e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 247, + "comment" : "special case hash", + "msg" : "36363636333037313034", + "sig" : "3045022100e7909d41439e2f6af29136c7348ca2641a2b070d5b64f91ea9da7070c7a2618b022042d782f132fa1d36c2c88ba27c3d678d80184a5d1eccac7501f0b47e3d205008", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 248, + "comment" : "special case hash", + "msg" : "31303335393531383938", + "sig" : "304502205924873209593135a4c3da7bb381227f8a4b6aa9f34fe5bb7f8fbc131a039ffe022100e0e44ee4bbe370155bf0bbdec265bf9fe31c0746faab446de62e3631eacd111f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 249, + "comment" : "special case hash", + "msg" : "31383436353937313935", + "sig" : "3045022100eeb692c9b262969b231c38b5a7f60649e0c875cd64df88f33aa571fa3d29ab0e0220218b3a1eb06379c2c18cf51b06430786d1c64cd2d24c9b232b23e5bac7989acd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 250, + "comment" : "special case hash", + "msg" : "33313336303436313839", + "sig" : "3045022100a40034177f36091c2b653684a0e3eb5d4bff18e4d09f664c2800e7cafda1daf802203a3ec29853704e52031c58927a800a968353adc3d973beba9172cbbeab4dd149", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 251, + "comment" : "special case hash", + "msg" : "32363633373834323534", + "sig" : "3046022100b5d795cc75cea5c434fa4185180cd6bd21223f3d5a86da6670d71d95680dadbf022100ab1b277ef5ffe134460835e3d1402461ba104cb50b16f397fdc7a9abfefef280", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 252, + "comment" : "special case hash", + "msg" : "31363532313030353234", + "sig" : "3044022007dc2478d43c1232a4595608c64426c35510051a631ae6a5a6eb1161e57e42e102204a59ea0fdb72d12165cea3bf1ca86ba97517bd188db3dbd21a5a157850021984", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 253, + "comment" : "special case hash", + "msg" : "35373438303831363936", + "sig" : "3046022100ddd20c4a05596ca868b558839fce9f6511ddd83d1ccb53f82e5269d559a01552022100a46e8cb8d626cf6c00ddedc3b5da7e613ac376445ee260743f06f79054c7d42a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 254, + "comment" : "special case hash", + "msg" : "36333433393133343638", + "sig" : "30450221009cde6e0ede0a003f02fda0a01b59facfe5dec063318f279ce2de7a9b1062f7b702202886a5b8c679bdf8224c66f908fd6205492cb70b0068d46ae4f33a4149b12a52", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 255, + "comment" : "special case hash", + "msg" : "31353431313033353938", + "sig" : "3046022100c5771016d0dd6357143c89f684cd740423502554c0c59aa8c99584f1ff38f609022100ab4bfa0bb88ab99791b9b3ab9c4b02bd2a57ae8dde50b9064063fcf85315cfe5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 256, + "comment" : "special case hash", + "msg" : "3130343738353830313238", + "sig" : "3045022100a24ebc0ec224bd67ae397cbe6fa37b3125adbd34891abe2d7c7356921916dfe6022034f6eb6374731bbbafc4924fb8b0bdcdda49456d724cdae6178d87014cb53d8c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 257, + "comment" : "special case hash", + "msg" : "3130353336323835353638", + "sig" : "304502202557d64a7aee2e0931c012e4fea1cd3a2c334edae68cdeb7158caf21b68e5a2402210080f93244956ffdc568c77d12684f7f004fa92da7e60ae94a1b98c422e23eda34", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 258, + "comment" : "special case hash", + "msg" : "393533393034313035", + "sig" : "3046022100c4f2eccbb6a24350c8466450b9d61b207ee359e037b3dcedb42a3f2e6dd6aeb5022100cd9c394a65d0aa322e391eb76b2a1a687f8620a88adef3a01eb8e4fb05b6477a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 259, + "comment" : "special case hash", + "msg" : "393738383438303339", + "sig" : "3046022100eff04781c9cbcd162d0a25a6e2ebcca43506c523385cb515d49ea38a1b12fcad022100ea5328ce6b36e56ab87acb0dcfea498bcec1bba86a065268f6eff3c41c4b0c9c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 260, + "comment" : "special case hash", + "msg" : "33363130363732343432", + "sig" : "3046022100f58b4e3110a64bf1b5db97639ee0e5a9c8dfa49dc59b679891f520fdf0584c87022100d32701ae777511624c1f8abbf02b248b04e7a9eb27938f524f3e8828ba40164a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 261, + "comment" : "special case hash", + "msg" : "31303534323430373035", + "sig" : "3045022100f8abecaa4f0c502de4bf5903d48417f786bf92e8ad72fec0bd7fcb7800c0bbe302204c7f9e231076a30b7ae36b0cebe69ccef1cd194f7cce93a5588fd6814f437c0e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 262, + "comment" : "special case hash", + "msg" : "35313734343438313937", + "sig" : "304402205d5b38bd37ad498b2227a633268a8cca879a5c7c94a4e416bd0a614d09e606d2022012b8d664ea9991062ecbb834e58400e25c46007af84f6007d7f1685443269afe", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 263, + "comment" : "special case hash", + "msg" : "31393637353631323531", + "sig" : "304402200c1cd9fe4034f086a2b52d65b9d3834d72aebe7f33dfe8f976da82648177d8e3022013105782e3d0cfe85c2778dec1a848b27ac0ae071aa6da341a9553a946b41e59", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 264, + "comment" : "special case hash", + "msg" : "33343437323533333433", + "sig" : "3045022100ae7935fb96ff246b7b5d5662870d1ba587b03d6e1360baf47988b5c02ccc1a5b02205f00c323272083782d4a59f2dfd65e49de0693627016900ef7e61428056664b3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 265, + "comment" : "special case hash", + "msg" : "333638323634333138", + "sig" : "3045022000a134b5c6ccbcefd4c882b945baeb4933444172795fa6796aae149067547098022100a991b9efa2db276feae1c115c140770901839d87e60e7ec45a2b81cf3b437be6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 266, + "comment" : "special case hash", + "msg" : "33323631313938363038", + "sig" : "304502202e4721363ad3992c139e5a1c26395d2c2d777824aa24fde075e0d7381171309d0221008bf083b6bbe71ecff22baed087d5a77eaeaf726bf14ace2c03fd6e37ba6c26f2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 267, + "comment" : "special case hash", + "msg" : "39363738373831303934", + "sig" : "304502206852e9d3cd9fe373c2d504877967d365ab1456707b6817a042864694e1960ccf022100f9b4d815ebd4cf77847b37952334d05b2045cb398d4c21ba207922a7a4714d84", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 268, + "comment" : "special case hash", + "msg" : "34393538383233383233", + "sig" : "30440220188a8c5648dc79eace158cf886c62b5468f05fd95f03a7635c5b4c31f09af4c5022036361a0b571a00c6cd5e686ccbfcfa703c4f97e48938346d0c103fdc76dc5867", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 269, + "comment" : "special case hash", + "msg" : "383234363337383337", + "sig" : "3045022100a74f1fb9a8263f62fc4416a5b7d584f4206f3996bb91f6fc8e73b9e92bad0e1302206815032e8c7d76c3ab06a86f33249ce9940148cb36d1f417c2e992e801afa3fa", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 270, + "comment" : "special case hash", + "msg" : "3131303230383333373736", + "sig" : "3045022007244865b72ff37e62e3146f0dc14682badd7197799135f0b00ade7671742bfe022100f27f3ddc7124b1b58579573a835650e7a8bad5eeb96e9da215cd7bf9a2a039ed", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 271, + "comment" : "special case hash", + "msg" : "313333383731363438", + "sig" : "3045022100da7fdd05b5badabd619d805c4ee7d9a84f84ddd5cf9c5bf4d4338140d689ef08022028f1cf4fa1c3c5862cfa149c0013cf5fe6cf5076cae000511063e7de25bb38e5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 272, + "comment" : "special case hash", + "msg" : "333232313434313632", + "sig" : "3046022100d3027c656f6d4fdfd8ede22093e3c303b0133c340d615e7756f6253aea927238022100f6510f9f371b31068d68bfeeaa720eb9bbdc8040145fcf88d4e0b58de0777d2a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 273, + "comment" : "special case hash", + "msg" : "3130363836363535353436", + "sig" : "304402200bf6c0188dc9571cd0e21eecac5fbb19d2434988e9cc10244593ef3a98099f6902204864a562661f9221ec88e3dd0bc2f6e27ac128c30cc1a80f79ec670a22b042ee", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 274, + "comment" : "special case hash", + "msg" : "3632313535323436", + "sig" : "3045022100ae459640d5d1179be47a47fa538e16d94ddea5585e7a244804a51742c686443a02206c8e30e530a634fae80b3ceb062978b39edbe19777e0a24553b68886181fd897", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 275, + "comment" : "special case hash", + "msg" : "37303330383138373734", + "sig" : "304402201cf3517ba3bf2ab8b9ead4ebb6e866cb88a1deacb6a785d3b63b483ca02ac4950220249a798b73606f55f5f1c70de67cb1a0cff95d7dc50b3a617df861bad3c6b1c9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 276, + "comment" : "special case hash", + "msg" : "35393234353233373434", + "sig" : "3045022100e69b5238265ea35d77e4dd172288d8cea19810a10292617d5976519dc5757cb802204b03c5bc47e826bdb27328abd38d3056d77476b2130f3df6ec4891af08ba1e29", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 277, + "comment" : "special case hash", + "msg" : "31343935353836363231", + "sig" : "304402205f9d7d7c870d085fc1d49fff69e4a275812800d2cf8973e7325866cb40fa2b6f02206d1f5491d9f717a597a15fd540406486d76a44697b3f0d9d6dcef6669f8a0a56", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 278, + "comment" : "special case hash", + "msg" : "34303035333134343036", + "sig" : "304402200a7d5b1959f71df9f817146ee49bd5c89b431e7993e2fdecab6858957da685ae02200f8aad2d254690bdc13f34a4fec44a02fd745a422df05ccbb54635a8b86b9609", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 279, + "comment" : "special case hash", + "msg" : "33303936343537353132", + "sig" : "3044022079e88bf576b74bc07ca142395fda28f03d3d5e640b0b4ff0752c6d94cd553408022032cea05bd2d706c8f6036a507e2ab7766004f0904e2e5c5862749c0073245d6a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 280, + "comment" : "special case hash", + "msg" : "32373834303235363230", + "sig" : "30450221009d54e037a00212b377bc8874798b8da080564bbdf7e07591b861285809d01488022018b4e557667a82bd95965f0706f81a29243fbdd86968a7ebeb43069db3b18c7f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 281, + "comment" : "special case hash", + "msg" : "32363138373837343138", + "sig" : "304402202664f1ffa982fedbcc7cab1b8bc6e2cb420218d2a6077ad08e591ba9feab33bd022049f5c7cb515e83872a3d41b4cdb85f242ad9d61a5bfc01debfbb52c6c84ba728", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 282, + "comment" : "special case hash", + "msg" : "31363432363235323632", + "sig" : "304502205827518344844fd6a7de73cbb0a6befdea7b13d2dee4475317f0f18ffc81524b022100b0a334b1f4b774a5a289f553224d286d239ef8a90929ed2d91423e024eb7fa66", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 283, + "comment" : "special case hash", + "msg" : "36383234313839343336", + "sig" : "304602210097ab19bd139cac319325869218b1bce111875d63fb12098a04b0cd59b6fdd3a3022100bce26315c5dbc7b8cfc31425a9b89bccea7aa9477d711a4d377f833dcc28f820", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 284, + "comment" : "special case hash", + "msg" : "343834323435343235", + "sig" : "3044022052c683144e44119ae2013749d4964ef67509278f6d38ba869adcfa69970e123d02203479910167408f45bda420a626ec9c4ec711c1274be092198b4187c018b562ca", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0407310f90a9eae149a08402f54194a0f7b4ac427bf8d9bd6c7681071dc47dc36226a6d37ac46d61fd600c0bf1bff87689ed117dda6b0e59318ae010a197a26ca0", + "wx" : "07310f90a9eae149a08402f54194a0f7b4ac427bf8d9bd6c7681071dc47dc362", + "wy" : "26a6d37ac46d61fd600c0bf1bff87689ed117dda6b0e59318ae010a197a26ca0" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000407310f90a9eae149a08402f54194a0f7b4ac427bf8d9bd6c7681071dc47dc36226a6d37ac46d61fd600c0bf1bff87689ed117dda6b0e59318ae010a197a26ca0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEBzEPkKnq4UmghAL1QZSg97SsQnv42b1s\ndoEHHcR9w2ImptN6xG1h/WAMC/G/+HaJ7RF92msOWTGK4BChl6JsoA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 285, + "comment" : "k*G has a large x-coordinate", + "msg" : "313233343030", + "sig" : "30360211014551231950b75fc4402da1722fc9baeb022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 286, + "comment" : "r too large", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2c022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bc97e7585eecad48e16683bc4091708e1a930c683fc47001d4b383594f2c4e22705989cf69daeadd4e4e4b8151ed888dfec20fb01728d89d56b3f38f2ae9c8c5", + "wx" : "00bc97e7585eecad48e16683bc4091708e1a930c683fc47001d4b383594f2c4e22", + "wy" : "705989cf69daeadd4e4e4b8151ed888dfec20fb01728d89d56b3f38f2ae9c8c5" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004bc97e7585eecad48e16683bc4091708e1a930c683fc47001d4b383594f2c4e22705989cf69daeadd4e4e4b8151ed888dfec20fb01728d89d56b3f38f2ae9c8c5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEvJfnWF7srUjhZoO8QJFwjhqTDGg/xHAB\n1LODWU8sTiJwWYnPadrq3U5OS4FR7YiN/sIPsBco2J1Ws/OPKunIxQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 287, + "comment" : "r,s are large", + "msg" : "313233343030", + "sig" : "3046022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0444ad339afbc21e9abf7b602a5ca535ea378135b6d10d81310bdd8293d1df3252b63ff7d0774770f8fe1d1722fa83acd02f434e4fc110a0cc8f6dddd37d56c463", + "wx" : "44ad339afbc21e9abf7b602a5ca535ea378135b6d10d81310bdd8293d1df3252", + "wy" : "00b63ff7d0774770f8fe1d1722fa83acd02f434e4fc110a0cc8f6dddd37d56c463" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000444ad339afbc21e9abf7b602a5ca535ea378135b6d10d81310bdd8293d1df3252b63ff7d0774770f8fe1d1722fa83acd02f434e4fc110a0cc8f6dddd37d56c463", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERK0zmvvCHpq/e2AqXKU16jeBNbbRDYEx\nC92Ck9HfMlK2P/fQd0dw+P4dFyL6g6zQL0NOT8EQoMyPbd3TfVbEYw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 288, + "comment" : "r and s^-1 have a large Hamming weight", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02203e9a7582886089c62fb840cf3b83061cd1cff3ae4341808bb5bdee6191174177", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041260c2122c9e244e1af5151bede0c3ae23b54d7c596881d3eebad21f37dd878c5c9a0c1a9ade76737a8811bd6a7f9287c978ee396aa89c11e47229d2ccb552f0", + "wx" : "1260c2122c9e244e1af5151bede0c3ae23b54d7c596881d3eebad21f37dd878c", + "wy" : "5c9a0c1a9ade76737a8811bd6a7f9287c978ee396aa89c11e47229d2ccb552f0" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200041260c2122c9e244e1af5151bede0c3ae23b54d7c596881d3eebad21f37dd878c5c9a0c1a9ade76737a8811bd6a7f9287c978ee396aa89c11e47229d2ccb552f0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEEmDCEiyeJE4a9RUb7eDDriO1TXxZaIHT\n7rrSHzfdh4xcmgwamt52c3qIEb1qf5KHyXjuOWqonBHkcinSzLVS8A==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 289, + "comment" : "r and s^-1 have a large Hamming weight", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022024238e70b431b1a64efdf9032669939d4b77f249503fc6905feb7540dea3e6d2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041877045be25d34a1d0600f9d5c00d0645a2a54379b6ceefad2e6bf5c2a3352ce821a532cc1751ee1d36d41c3d6ab4e9b143e44ec46d73478ea6a79a5c0e54159", + "wx" : "1877045be25d34a1d0600f9d5c00d0645a2a54379b6ceefad2e6bf5c2a3352ce", + "wy" : "00821a532cc1751ee1d36d41c3d6ab4e9b143e44ec46d73478ea6a79a5c0e54159" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200041877045be25d34a1d0600f9d5c00d0645a2a54379b6ceefad2e6bf5c2a3352ce821a532cc1751ee1d36d41c3d6ab4e9b143e44ec46d73478ea6a79a5c0e54159", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEGHcEW+JdNKHQYA+dXADQZFoqVDebbO76\n0ua/XCozUs6CGlMswXUe4dNtQcPWq06bFD5E7EbXNHjqanmlwOVBWQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 290, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020101020101", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04455439fcc3d2deeceddeaece60e7bd17304f36ebb602adf5a22e0b8f1db46a50aec38fb2baf221e9a8d1887c7bf6222dd1834634e77263315af6d23609d04f77", + "wx" : "455439fcc3d2deeceddeaece60e7bd17304f36ebb602adf5a22e0b8f1db46a50", + "wy" : "00aec38fb2baf221e9a8d1887c7bf6222dd1834634e77263315af6d23609d04f77" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004455439fcc3d2deeceddeaece60e7bd17304f36ebb602adf5a22e0b8f1db46a50aec38fb2baf221e9a8d1887c7bf6222dd1834634e77263315af6d23609d04f77", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERVQ5/MPS3uzt3q7OYOe9FzBPNuu2Aq31\noi4Ljx20alCuw4+yuvIh6ajRiHx79iIt0YNGNOdyYzFa9tI2CdBPdw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 291, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020101020102", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042e1f466b024c0c3ace2437de09127fed04b706f94b19a21bb1c2acf35cece7180449ae3523d72534e964972cfd3b38af0bddd9619e5af223e4d1a40f34cf9f1d", + "wx" : "2e1f466b024c0c3ace2437de09127fed04b706f94b19a21bb1c2acf35cece718", + "wy" : "0449ae3523d72534e964972cfd3b38af0bddd9619e5af223e4d1a40f34cf9f1d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200042e1f466b024c0c3ace2437de09127fed04b706f94b19a21bb1c2acf35cece7180449ae3523d72534e964972cfd3b38af0bddd9619e5af223e4d1a40f34cf9f1d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELh9GawJMDDrOJDfeCRJ/7QS3BvlLGaIb\nscKs81zs5xgESa41I9clNOlklyz9OzivC93ZYZ5a8iPk0aQPNM+fHQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 292, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020101020103", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 293, + "comment" : "r is larger than n", + "msg" : "313233343030", + "sig" : "3026022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142020103", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dda95d7b0698de5d2d0b4f0034dbe35b50f978fcc518a84abf9c99efd96a25305adc08d6a63dbe831ab99cd9146e3c4c45492ad19521612542256d6af60e7888", + "wx" : "00dda95d7b0698de5d2d0b4f0034dbe35b50f978fcc518a84abf9c99efd96a2530", + "wy" : "5adc08d6a63dbe831ab99cd9146e3c4c45492ad19521612542256d6af60e7888" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004dda95d7b0698de5d2d0b4f0034dbe35b50f978fcc518a84abf9c99efd96a25305adc08d6a63dbe831ab99cd9146e3c4c45492ad19521612542256d6af60e7888", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE3aldewaY3l0tC08ANNvjW1D5ePzFGKhK\nv5yZ79lqJTBa3AjWpj2+gxq5nNkUbjxMRUkq0ZUhYSVCJW1q9g54iA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 294, + "comment" : "s is larger than n", + "msg" : "313233343030", + "sig" : "3026020101022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd04917c8", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0402ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee777eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866", + "wx" : "02ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee77", + "wy" : "7eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000402ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee777eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEAu9NbWz9WpTx13hCJuPipsCkNsVYOWGf\nOPtEcrX57nd+tKzU7r2lzXKHX/0qLyYinC3GtGUAkZpDLIZznzroZg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 295, + "comment" : "small r and s^-1", + "msg" : "313233343030", + "sig" : "302702020101022100c58b162c58b162c58b162c58b162c58a1b242973853e16db75c8a1a71da4d39d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04464f4ff715729cae5072ca3bd801d3195b67aec65e9b01aad20a2943dcbcb584b1afd29d31a39a11d570aa1597439b3b2d1971bf2f1abf15432d0207b10d1d08", + "wx" : "464f4ff715729cae5072ca3bd801d3195b67aec65e9b01aad20a2943dcbcb584", + "wy" : "00b1afd29d31a39a11d570aa1597439b3b2d1971bf2f1abf15432d0207b10d1d08" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004464f4ff715729cae5072ca3bd801d3195b67aec65e9b01aad20a2943dcbcb584b1afd29d31a39a11d570aa1597439b3b2d1971bf2f1abf15432d0207b10d1d08", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERk9P9xVynK5Qcso72AHTGVtnrsZemwGq\n0gopQ9y8tYSxr9KdMaOaEdVwqhWXQ5s7LRlxvy8avxVDLQIHsQ0dCA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 296, + "comment" : "smallish r and s^-1", + "msg" : "313233343030", + "sig" : "302c02072d9b4d347952cc022100fcbc5103d0da267477d1791461cf2aa44bf9d43198f79507bd8779d69a13108e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04157f8fddf373eb5f49cfcf10d8b853cf91cbcd7d665c3522ba7dd738ddb79a4cdeadf1a5c448ea3c9f4191a8999abfcc757ac6d64567ef072c47fec613443b8f", + "wx" : "157f8fddf373eb5f49cfcf10d8b853cf91cbcd7d665c3522ba7dd738ddb79a4c", + "wy" : "00deadf1a5c448ea3c9f4191a8999abfcc757ac6d64567ef072c47fec613443b8f" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004157f8fddf373eb5f49cfcf10d8b853cf91cbcd7d665c3522ba7dd738ddb79a4cdeadf1a5c448ea3c9f4191a8999abfcc757ac6d64567ef072c47fec613443b8f", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEFX+P3fNz619Jz88Q2LhTz5HLzX1mXDUi\nun3XON23mkzerfGlxEjqPJ9BkaiZmr/MdXrG1kVn7wcsR/7GE0Q7jw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 297, + "comment" : "100-bit r and small s^-1", + "msg" : "313233343030", + "sig" : "3032020d1033e67e37b32b445580bf4efc022100906f906f906f906f906f906f906f906ed8e426f7b1968c35a204236a579723d2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040934a537466c07430e2c48feb990bb19fb78cecc9cee424ea4d130291aa237f0d4f92d23b462804b5b68c52558c01c9996dbf727fccabbeedb9621a400535afa", + "wx" : "0934a537466c07430e2c48feb990bb19fb78cecc9cee424ea4d130291aa237f0", + "wy" : "00d4f92d23b462804b5b68c52558c01c9996dbf727fccabbeedb9621a400535afa" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200040934a537466c07430e2c48feb990bb19fb78cecc9cee424ea4d130291aa237f0d4f92d23b462804b5b68c52558c01c9996dbf727fccabbeedb9621a400535afa", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAECTSlN0ZsB0MOLEj+uZC7Gft4zsyc7kJO\npNEwKRqiN/DU+S0jtGKAS1toxSVYwByZltv3J/zKu+7bliGkAFNa+g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 298, + "comment" : "small r and 100 bit s^-1", + "msg" : "313233343030", + "sig" : "3026020201010220783266e90f43dafe5cd9b3b0be86de22f9de83677d0f50713a468ec72fcf5d57", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c654a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265", + "wx" : "00d6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c65", + "wy" : "4a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004d6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c654a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1u8gvmbIk/dBqb+Q2bdGddHCoxKWOXrL\nPvF0/QswDGVKDJVHjKADmRYtfw8tyJ79wrKKMPur4oWFcpWksMTiZQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 299, + "comment" : "100-bit r and s^-1", + "msg" : "313233343030", + "sig" : "3031020d062522bbd3ecbe7c39e93e7c260220783266e90f43dafe5cd9b3b0be86de22f9de83677d0f50713a468ec72fcf5d57", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04b7291d1404e0c0c07dab9372189f4bd58d2ceaa8d15ede544d9514545ba9ee0629c9a63d5e308769cc30ec276a410e6464a27eeafd9e599db10f053a4fe4a829", + "wx" : "00b7291d1404e0c0c07dab9372189f4bd58d2ceaa8d15ede544d9514545ba9ee06", + "wy" : "29c9a63d5e308769cc30ec276a410e6464a27eeafd9e599db10f053a4fe4a829" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004b7291d1404e0c0c07dab9372189f4bd58d2ceaa8d15ede544d9514545ba9ee0629c9a63d5e308769cc30ec276a410e6464a27eeafd9e599db10f053a4fe4a829", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEtykdFATgwMB9q5NyGJ9L1Y0s6qjRXt5U\nTZUUVFup7gYpyaY9XjCHacww7CdqQQ5kZKJ+6v2eWZ2xDwU6T+SoKQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 300, + "comment" : "r and s^-1 are close to n", + "msg" : "313233343030", + "sig" : "3045022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03640c1022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bb79f61857f743bfa1b6e7111ce4094377256969e4e15159123d9548acc3be6c1f9d9f8860dcffd3eb36dd6c31ff2e7226c2009c4c94d8d7d2b5686bf7abd677", + "wx" : "00bb79f61857f743bfa1b6e7111ce4094377256969e4e15159123d9548acc3be6c", + "wy" : "1f9d9f8860dcffd3eb36dd6c31ff2e7226c2009c4c94d8d7d2b5686bf7abd677" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004bb79f61857f743bfa1b6e7111ce4094377256969e4e15159123d9548acc3be6c1f9d9f8860dcffd3eb36dd6c31ff2e7226c2009c4c94d8d7d2b5686bf7abd677", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEu3n2GFf3Q7+htucRHOQJQ3claWnk4VFZ\nEj2VSKzDvmwfnZ+IYNz/0+s23Wwx/y5yJsIAnEyU2NfStWhr96vWdw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 301, + "comment" : "s == 1", + "msg" : "313233343030", + "sig" : "3025022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c1020101", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 302, + "comment" : "s == 0", + "msg" : "313233343030", + "sig" : "3025022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c1020100", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d533b789a4af890fa7a82a1fae58c404f9a62a50b49adafab349c513b415087401b4171b803e76b34a9861e10f7bc289a066fd01bd29f84c987a10a5fb18c2d4", + "wx" : "00d533b789a4af890fa7a82a1fae58c404f9a62a50b49adafab349c513b4150874", + "wy" : "01b4171b803e76b34a9861e10f7bc289a066fd01bd29f84c987a10a5fb18c2d4" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004d533b789a4af890fa7a82a1fae58c404f9a62a50b49adafab349c513b415087401b4171b803e76b34a9861e10f7bc289a066fd01bd29f84c987a10a5fb18c2d4", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1TO3iaSviQ+nqCofrljEBPmmKlC0mtr6\ns0nFE7QVCHQBtBcbgD52s0qYYeEPe8KJoGb9Ab0p+EyYehCl+xjC1A==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 303, + "comment" : "point at infinity during verify", + "msg" : "313233343030", + "sig" : "304402207fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043a3150798c8af69d1e6e981f3a45402ba1d732f4be8330c5164f49e10ec555b4221bd842bc5e4d97eff37165f60e3998a424d72a450cf95ea477c78287d0343a", + "wx" : "3a3150798c8af69d1e6e981f3a45402ba1d732f4be8330c5164f49e10ec555b4", + "wy" : "221bd842bc5e4d97eff37165f60e3998a424d72a450cf95ea477c78287d0343a" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200043a3150798c8af69d1e6e981f3a45402ba1d732f4be8330c5164f49e10ec555b4221bd842bc5e4d97eff37165f60e3998a424d72a450cf95ea477c78287d0343a", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEOjFQeYyK9p0ebpgfOkVAK6HXMvS+gzDF\nFk9J4Q7FVbQiG9hCvF5Nl+/zcWX2DjmYpCTXKkUM+V6kd8eCh9A0Og==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 304, + "comment" : "edge case for signature malleability", + "msg" : "313233343030", + "sig" : "304402207fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a002207fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043b37df5fb347c69a0f17d85c0c7ca83736883a825e13143d0fcfc8101e851e800de3c090b6ca21ba543517330c04b12f948c6badf14a63abffdf4ef8c7537026", + "wx" : "3b37df5fb347c69a0f17d85c0c7ca83736883a825e13143d0fcfc8101e851e80", + "wy" : "0de3c090b6ca21ba543517330c04b12f948c6badf14a63abffdf4ef8c7537026" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200043b37df5fb347c69a0f17d85c0c7ca83736883a825e13143d0fcfc8101e851e800de3c090b6ca21ba543517330c04b12f948c6badf14a63abffdf4ef8c7537026", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEOzffX7NHxpoPF9hcDHyoNzaIOoJeExQ9\nD8/IEB6FHoAN48CQtsohulQ1FzMMBLEvlIxrrfFKY6v/3074x1NwJg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 305, + "comment" : "edge case for signature malleability", + "msg" : "313233343030", + "sig" : "304402207fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a002207fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04feb5163b0ece30ff3e03c7d55c4380fa2fa81ee2c0354942ff6f08c99d0cd82ce87de05ee1bda089d3e4e248fa0f721102acfffdf50e654be281433999df897e", + "wx" : "00feb5163b0ece30ff3e03c7d55c4380fa2fa81ee2c0354942ff6f08c99d0cd82c", + "wy" : "00e87de05ee1bda089d3e4e248fa0f721102acfffdf50e654be281433999df897e" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004feb5163b0ece30ff3e03c7d55c4380fa2fa81ee2c0354942ff6f08c99d0cd82ce87de05ee1bda089d3e4e248fa0f721102acfffdf50e654be281433999df897e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE/rUWOw7OMP8+A8fVXEOA+i+oHuLANUlC\n/28IyZ0M2CzofeBe4b2gidPk4kj6D3IRAqz//fUOZUvigUM5md+Jfg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 306, + "comment" : "u1 == 1", + "msg" : "313233343030", + "sig" : "3045022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8022100bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04238ced001cf22b8853e02edc89cbeca5050ba7e042a7a77f9382cd414922897640683d3094643840f295890aa4c18aa39b41d77dd0fb3bb2700e4f9ec284ffc2", + "wx" : "238ced001cf22b8853e02edc89cbeca5050ba7e042a7a77f9382cd4149228976", + "wy" : "40683d3094643840f295890aa4c18aa39b41d77dd0fb3bb2700e4f9ec284ffc2" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004238ced001cf22b8853e02edc89cbeca5050ba7e042a7a77f9382cd414922897640683d3094643840f295890aa4c18aa39b41d77dd0fb3bb2700e4f9ec284ffc2", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEI4ztABzyK4hT4C7cicvspQULp+BCp6d/\nk4LNQUkiiXZAaD0wlGQ4QPKViQqkwYqjm0HXfdD7O7JwDk+ewoT/wg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 307, + "comment" : "u1 == n - 1", + "msg" : "313233343030", + "sig" : "3044022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8022044a5ad0bd0636d9e12bc9e0a6bdd5e1bba77f523842193b3b82e448e05d5f11e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04961cf64817c06c0e51b3c2736c922fde18bd8c4906fcd7f5ef66c4678508f35ed2c5d18168cfbe70f2f123bd7419232bb92dd69113e2941061889481c5a027bf", + "wx" : "00961cf64817c06c0e51b3c2736c922fde18bd8c4906fcd7f5ef66c4678508f35e", + "wy" : "00d2c5d18168cfbe70f2f123bd7419232bb92dd69113e2941061889481c5a027bf" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004961cf64817c06c0e51b3c2736c922fde18bd8c4906fcd7f5ef66c4678508f35ed2c5d18168cfbe70f2f123bd7419232bb92dd69113e2941061889481c5a027bf", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAElhz2SBfAbA5Rs8JzbJIv3hi9jEkG/Nf1\n72bEZ4UI817SxdGBaM++cPLxI710GSMruS3WkRPilBBhiJSBxaAnvw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 308, + "comment" : "u2 == 1", + "msg" : "313233343030", + "sig" : "3044022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0413681eae168cd4ea7cf2e2a45d052742d10a9f64e796867dbdcb829fe0b1028816528760d177376c09df79de39557c329cc1753517acffe8fa2ec298026b8384", + "wx" : "13681eae168cd4ea7cf2e2a45d052742d10a9f64e796867dbdcb829fe0b10288", + "wy" : "16528760d177376c09df79de39557c329cc1753517acffe8fa2ec298026b8384" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000413681eae168cd4ea7cf2e2a45d052742d10a9f64e796867dbdcb829fe0b1028816528760d177376c09df79de39557c329cc1753517acffe8fa2ec298026b8384", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE2gerhaM1Op88uKkXQUnQtEKn2TnloZ9\nvcuCn+CxAogWUodg0Xc3bAnfed45VXwynMF1NRes/+j6LsKYAmuDhA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 309, + "comment" : "u2 == n - 1", + "msg" : "313233343030", + "sig" : "3045022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8022100aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9d1c9e899ca306ad27fe1945de0242b89", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045aa7abfdb6b4086d543325e5d79c6e95ce42f866d2bb84909633a04bb1aa31c291c80088794905e1da33336d874e2f91ccf45cc59185bede5dd6f3f7acaae18b", + "wx" : "5aa7abfdb6b4086d543325e5d79c6e95ce42f866d2bb84909633a04bb1aa31c2", + "wy" : "0091c80088794905e1da33336d874e2f91ccf45cc59185bede5dd6f3f7acaae18b" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200045aa7abfdb6b4086d543325e5d79c6e95ce42f866d2bb84909633a04bb1aa31c291c80088794905e1da33336d874e2f91ccf45cc59185bede5dd6f3f7acaae18b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEWqer/ba0CG1UMyXl15xulc5C+GbSu4SQ\nljOgS7GqMcKRyACIeUkF4dozM22HTi+RzPRcxZGFvt5d1vP3rKrhiw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 310, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100e91e1ba6ba898620a46bcb51dc0b8b4ad1dc35dad892c4552d1847b2ce444637", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0400277791b305a45b2b39590b2f05d3392a6c8182cef4eb540120e0f5c206c3e464108233fb0b8c3ac892d79ef8e0fbf92ed133addb4554270132584dc52eef41", + "wx" : "277791b305a45b2b39590b2f05d3392a6c8182cef4eb540120e0f5c206c3e4", + "wy" : "64108233fb0b8c3ac892d79ef8e0fbf92ed133addb4554270132584dc52eef41" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000400277791b305a45b2b39590b2f05d3392a6c8182cef4eb540120e0f5c206c3e464108233fb0b8c3ac892d79ef8e0fbf92ed133addb4554270132584dc52eef41", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEACd3kbMFpFsrOVkLLwXTOSpsgYLO9OtU\nASDg9cIGw+RkEIIz+wuMOsiS15744Pv5LtEzrdtFVCcBMlhNxS7vQQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 311, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100e36bf0cec06d9b841da81332812f74f30bbaec9f202319206c6f0b8a0a400ff7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046efa092b68de9460f0bcc919005a5f6e80e19de98968be3cd2c770a9949bfb1ac75e6e5087d6550d5f9beb1e79e5029307bc255235e2d5dc99241ac3ab886c49", + "wx" : "6efa092b68de9460f0bcc919005a5f6e80e19de98968be3cd2c770a9949bfb1a", + "wy" : "00c75e6e5087d6550d5f9beb1e79e5029307bc255235e2d5dc99241ac3ab886c49" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200046efa092b68de9460f0bcc919005a5f6e80e19de98968be3cd2c770a9949bfb1ac75e6e5087d6550d5f9beb1e79e5029307bc255235e2d5dc99241ac3ab886c49", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbvoJK2jelGDwvMkZAFpfboDhnemJaL48\n0sdwqZSb+xrHXm5Qh9ZVDV+b6x555QKTB7wlUjXi1dyZJBrDq4hsSQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 312, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100ea26b57af884b6c06e348efe139c1e4e9ec9518d60c340f6bac7d278ca08d8a6", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0472d4a19c4f9d2cf5848ea40445b70d4696b5f02d632c0c654cc7d7eeb0c6d058e8c4cd9943e459174c7ac01fa742198e47e6c19a6bdb0c4f6c237831c1b3f942", + "wx" : "72d4a19c4f9d2cf5848ea40445b70d4696b5f02d632c0c654cc7d7eeb0c6d058", + "wy" : "00e8c4cd9943e459174c7ac01fa742198e47e6c19a6bdb0c4f6c237831c1b3f942" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000472d4a19c4f9d2cf5848ea40445b70d4696b5f02d632c0c654cc7d7eeb0c6d058e8c4cd9943e459174c7ac01fa742198e47e6c19a6bdb0c4f6c237831c1b3f942", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEctShnE+dLPWEjqQERbcNRpa18C1jLAxl\nTMfX7rDG0FjoxM2ZQ+RZF0x6wB+nQhmOR+bBmmvbDE9sI3gxwbP5Qg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 313, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02205b1d27a7694c146244a5ad0bd0636d9d9ef3b9fb58385418d9c982105077d1b7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042a8ea2f50dcced0c217575bdfa7cd47d1c6f100041ec0e35512794c1be7e740258f8c17122ed303fda7143eb58bede70295b653266013b0b0ebd3f053137f6ec", + "wx" : "2a8ea2f50dcced0c217575bdfa7cd47d1c6f100041ec0e35512794c1be7e7402", + "wy" : "58f8c17122ed303fda7143eb58bede70295b653266013b0b0ebd3f053137f6ec" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200042a8ea2f50dcced0c217575bdfa7cd47d1c6f100041ec0e35512794c1be7e740258f8c17122ed303fda7143eb58bede70295b653266013b0b0ebd3f053137f6ec", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEKo6i9Q3M7QwhdXW9+nzUfRxvEABB7A41\nUSeUwb5+dAJY+MFxIu0wP9pxQ+tYvt5wKVtlMmYBOwsOvT8FMTf27A==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 314, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100d27a7694c146244a5ad0bd0636d9e12abe687897e8e9998ddbd4e59a78520d0f", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0488de689ce9af1e94be6a2089c8a8b1253ffdbb6c8e9c86249ba220001a4ad3b80c4998e54842f413b9edb1825acbb6335e81e4d184b2b01c8bebdc85d1f28946", + "wx" : "0088de689ce9af1e94be6a2089c8a8b1253ffdbb6c8e9c86249ba220001a4ad3b8", + "wy" : "0c4998e54842f413b9edb1825acbb6335e81e4d184b2b01c8bebdc85d1f28946" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000488de689ce9af1e94be6a2089c8a8b1253ffdbb6c8e9c86249ba220001a4ad3b80c4998e54842f413b9edb1825acbb6335e81e4d184b2b01c8bebdc85d1f28946", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEiN5onOmvHpS+aiCJyKixJT/9u2yOnIYk\nm6IgABpK07gMSZjlSEL0E7ntsYJay7YzXoHk0YSysByL69yF0fKJRg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 315, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100a4f4ed29828c4894b5a17a0c6db3c256c2221449228a92dff7d76ca8206dd8dd", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04fea2d31f70f90d5fb3e00e186ac42ab3c1615cee714e0b4e1131b3d4d8225bf7b037a18df2ac15343f30f74067ddf29e817d5f77f8dce05714da59c094f0cda9", + "wx" : "00fea2d31f70f90d5fb3e00e186ac42ab3c1615cee714e0b4e1131b3d4d8225bf7", + "wy" : "00b037a18df2ac15343f30f74067ddf29e817d5f77f8dce05714da59c094f0cda9" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004fea2d31f70f90d5fb3e00e186ac42ab3c1615cee714e0b4e1131b3d4d8225bf7b037a18df2ac15343f30f74067ddf29e817d5f77f8dce05714da59c094f0cda9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE/qLTH3D5DV+z4A4YasQqs8FhXO5xTgtO\nETGz1NgiW/ewN6GN8qwVND8w90Bn3fKegX1fd/jc4FcU2lnAlPDNqQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 316, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc0220694c146244a5ad0bd0636d9e12bc9e09e60e68b90d0b5e6c5dddd0cb694d8799", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "047258911e3d423349166479dbe0b8341af7fbd03d0a7e10edccb36b6ceea5a3db17ac2b8992791128fa3b96dc2fbd4ca3bfa782ef2832fc6656943db18e7346b0", + "wx" : "7258911e3d423349166479dbe0b8341af7fbd03d0a7e10edccb36b6ceea5a3db", + "wy" : "17ac2b8992791128fa3b96dc2fbd4ca3bfa782ef2832fc6656943db18e7346b0" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200047258911e3d423349166479dbe0b8341af7fbd03d0a7e10edccb36b6ceea5a3db17ac2b8992791128fa3b96dc2fbd4ca3bfa782ef2832fc6656943db18e7346b0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEcliRHj1CM0kWZHnb4Lg0Gvf70D0KfhDt\nzLNrbO6lo9sXrCuJknkRKPo7ltwvvUyjv6eC7ygy/GZWlD2xjnNGsA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 317, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02203d7f487c07bfc5f30846938a3dcef696444707cf9677254a92b06c63ab867d22", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044f28461dea64474d6bb34d1499c97d37b9e95633df1ceeeaacd45016c98b3914c8818810b8cc06ddb40e8a1261c528faa589455d5a6df93b77bc5e0e493c7470", + "wx" : "4f28461dea64474d6bb34d1499c97d37b9e95633df1ceeeaacd45016c98b3914", + "wy" : "00c8818810b8cc06ddb40e8a1261c528faa589455d5a6df93b77bc5e0e493c7470" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200044f28461dea64474d6bb34d1499c97d37b9e95633df1ceeeaacd45016c98b3914c8818810b8cc06ddb40e8a1261c528faa589455d5a6df93b77bc5e0e493c7470", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAETyhGHepkR01rs00Umcl9N7npVjPfHO7q\nrNRQFsmLORTIgYgQuMwG3bQOihJhxSj6pYlFXVpt+Tt3vF4OSTx0cA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 318, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02206c7648fc0fbf8a06adb8b839f97b4ff7a800f11b1e37c593b261394599792ba4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0474f2a814fb5d8eca91a69b5e60712732b3937de32829be974ed7b68c5c2f5d66eff0f07c56f987a657f42196205f588c0f1d96fd8a63a5f238b48f478788fe3b", + "wx" : "74f2a814fb5d8eca91a69b5e60712732b3937de32829be974ed7b68c5c2f5d66", + "wy" : "00eff0f07c56f987a657f42196205f588c0f1d96fd8a63a5f238b48f478788fe3b" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000474f2a814fb5d8eca91a69b5e60712732b3937de32829be974ed7b68c5c2f5d66eff0f07c56f987a657f42196205f588c0f1d96fd8a63a5f238b48f478788fe3b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEdPKoFPtdjsqRppteYHEnMrOTfeMoKb6X\nTte2jFwvXWbv8PB8VvmHplf0IZYgX1iMDx2W/YpjpfI4tI9Hh4j+Ow==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 319, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc0221009be363a286f23f6322c205449d320baad417953ecb70f6214e90d49d7d1f26a8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04195b51a7cc4a21b8274a70a90de779814c3c8ca358328208c09a29f336b82d6ab2416b7c92fffdc29c3b1282dd2a77a4d04df7f7452047393d849989c5cee9ad", + "wx" : "195b51a7cc4a21b8274a70a90de779814c3c8ca358328208c09a29f336b82d6a", + "wy" : "00b2416b7c92fffdc29c3b1282dd2a77a4d04df7f7452047393d849989c5cee9ad" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004195b51a7cc4a21b8274a70a90de779814c3c8ca358328208c09a29f336b82d6ab2416b7c92fffdc29c3b1282dd2a77a4d04df7f7452047393d849989c5cee9ad", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEGVtRp8xKIbgnSnCpDed5gUw8jKNYMoII\nwJop8za4LWqyQWt8kv/9wpw7EoLdKnek0E3390UgRzk9hJmJxc7prQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 320, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022029798c5c45bdf58b4a7b2fdc2c46ab4af1218c7eeb9f0f27a88f1267674de3b0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04622fc74732034bec2ddf3bc16d34b3d1f7a327dd2a8c19bab4bb4fe3a24b58aa736b2f2fae76f4dfaecc9096333b01328d51eb3fda9c9227e90d0b449983c4f0", + "wx" : "622fc74732034bec2ddf3bc16d34b3d1f7a327dd2a8c19bab4bb4fe3a24b58aa", + "wy" : "736b2f2fae76f4dfaecc9096333b01328d51eb3fda9c9227e90d0b449983c4f0" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004622fc74732034bec2ddf3bc16d34b3d1f7a327dd2a8c19bab4bb4fe3a24b58aa736b2f2fae76f4dfaecc9096333b01328d51eb3fda9c9227e90d0b449983c4f0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYi/HRzIDS+wt3zvBbTSz0fejJ90qjBm6\ntLtP46JLWKpzay8vrnb0367MkJYzOwEyjVHrP9qckifpDQtEmYPE8A==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 321, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02200b70f22ca2bb3cefadca1a5711fa3a59f4695385eb5aedf3495d0b6d00f8fd85", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041f7f85caf2d7550e7af9b65023ebb4dce3450311692309db269969b834b611c70827f45b78020ecbbaf484fdd5bfaae6870f1184c21581baf6ef82bd7b530f93", + "wx" : "1f7f85caf2d7550e7af9b65023ebb4dce3450311692309db269969b834b611c7", + "wy" : "0827f45b78020ecbbaf484fdd5bfaae6870f1184c21581baf6ef82bd7b530f93" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200041f7f85caf2d7550e7af9b65023ebb4dce3450311692309db269969b834b611c70827f45b78020ecbbaf484fdd5bfaae6870f1184c21581baf6ef82bd7b530f93", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEH3+FyvLXVQ56+bZQI+u03ONFAxFpIwnb\nJplpuDS2EccIJ/RbeAIOy7r0hP3Vv6rmhw8RhMIVgbr274K9e1MPkw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 322, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022016e1e459457679df5b9434ae23f474b3e8d2a70bd6b5dbe692ba16da01f1fb0a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0449c197dc80ad1da47a4342b93893e8e1fb0bb94fc33a83e783c00b24c781377aefc20da92bac762951f72474becc734d4cc22ba81b895e282fdac4df7af0f37d", + "wx" : "49c197dc80ad1da47a4342b93893e8e1fb0bb94fc33a83e783c00b24c781377a", + "wy" : "00efc20da92bac762951f72474becc734d4cc22ba81b895e282fdac4df7af0f37d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000449c197dc80ad1da47a4342b93893e8e1fb0bb94fc33a83e783c00b24c781377aefc20da92bac762951f72474becc734d4cc22ba81b895e282fdac4df7af0f37d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEScGX3ICtHaR6Q0K5OJPo4fsLuU/DOoPn\ng8ALJMeBN3rvwg2pK6x2KVH3JHS+zHNNTMIrqBuJXigv2sTfevDzfQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 323, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02202252d685e831b6cf095e4f0535eeaf0ddd3bfa91c210c9d9dc17224702eaf88f", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d8cb68517b616a56400aa3868635e54b6f699598a2f6167757654980baf6acbe7ec8cf449c849aa03461a30efada41453c57c6e6fbc93bbc6fa49ada6dc0555c", + "wx" : "00d8cb68517b616a56400aa3868635e54b6f699598a2f6167757654980baf6acbe", + "wy" : "7ec8cf449c849aa03461a30efada41453c57c6e6fbc93bbc6fa49ada6dc0555c" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004d8cb68517b616a56400aa3868635e54b6f699598a2f6167757654980baf6acbe7ec8cf449c849aa03461a30efada41453c57c6e6fbc93bbc6fa49ada6dc0555c", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2MtoUXthalZACqOGhjXlS29plZii9hZ3\nV2VJgLr2rL5+yM9EnISaoDRhow762kFFPFfG5vvJO7xvpJrabcBVXA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 324, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022075135abd7c425b60371a477f09ce0f274f64a8c6b061a07b5d63e93c65046c53", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04030713fb63f2aa6fe2cadf1b20efc259c77445dafa87dac398b84065ca347df3b227818de1a39b589cb071d83e5317cccdc2338e51e312fe31d8dc34a4801750", + "wx" : "030713fb63f2aa6fe2cadf1b20efc259c77445dafa87dac398b84065ca347df3", + "wy" : "00b227818de1a39b589cb071d83e5317cccdc2338e51e312fe31d8dc34a4801750" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004030713fb63f2aa6fe2cadf1b20efc259c77445dafa87dac398b84065ca347df3b227818de1a39b589cb071d83e5317cccdc2338e51e312fe31d8dc34a4801750", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEAwcT+2Pyqm/iyt8bIO/CWcd0Rdr6h9rD\nmLhAZco0ffOyJ4GN4aObWJywcdg+UxfMzcIzjlHjEv4x2Nw0pIAXUA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 325, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100d55555555555555555555555555555547c74934474db157d2a8c3f088aced62a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04babb3677b0955802d8e929a41355640eaf1ea1353f8a771331c4946e3480afa7252f196c87ed3d2a59d3b1b559137fed0013fecefc19fb5a92682b9bca51b950", + "wx" : "00babb3677b0955802d8e929a41355640eaf1ea1353f8a771331c4946e3480afa7", + "wy" : "252f196c87ed3d2a59d3b1b559137fed0013fecefc19fb5a92682b9bca51b950" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004babb3677b0955802d8e929a41355640eaf1ea1353f8a771331c4946e3480afa7252f196c87ed3d2a59d3b1b559137fed0013fecefc19fb5a92682b9bca51b950", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEurs2d7CVWALY6SmkE1VkDq8eoTU/incT\nMcSUbjSAr6clLxlsh+09KlnTsbVZE3/tABP+zvwZ+1qSaCubylG5UA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 326, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100c1777c8853938e536213c02464a936000ba1e21c0fc62075d46c624e23b52f31", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041aab2018793471111a8a0e9b143fde02fc95920796d3a63de329b424396fba60bbe4130705174792441b318d3aa31dfe8577821e9b446ec573d272e036c4ebe9", + "wx" : "1aab2018793471111a8a0e9b143fde02fc95920796d3a63de329b424396fba60", + "wy" : "00bbe4130705174792441b318d3aa31dfe8577821e9b446ec573d272e036c4ebe9" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200041aab2018793471111a8a0e9b143fde02fc95920796d3a63de329b424396fba60bbe4130705174792441b318d3aa31dfe8577821e9b446ec573d272e036c4ebe9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEGqsgGHk0cREaig6bFD/eAvyVkgeW06Y9\n4ym0JDlvumC75BMHBRdHkkQbMY06ox3+hXeCHptEbsVz0nLgNsTr6Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 327, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022030bbb794db588363b40679f6c182a50d3ce9679acdd3ffbe36d7813dacbdc818", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048cb0b909499c83ea806cd885b1dd467a0119f06a88a0276eb0cfda274535a8ff47b5428833bc3f2c8bf9d9041158cf33718a69961cd01729bc0011d1e586ab75", + "wx" : "008cb0b909499c83ea806cd885b1dd467a0119f06a88a0276eb0cfda274535a8ff", + "wy" : "47b5428833bc3f2c8bf9d9041158cf33718a69961cd01729bc0011d1e586ab75" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200048cb0b909499c83ea806cd885b1dd467a0119f06a88a0276eb0cfda274535a8ff47b5428833bc3f2c8bf9d9041158cf33718a69961cd01729bc0011d1e586ab75", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEjLC5CUmcg+qAbNiFsd1GegEZ8GqIoCdu\nsM/aJ0U1qP9HtUKIM7w/LIv52QQRWM8zcYpplhzQFym8ABHR5YardQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 328, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02202c37fd995622c4fb7fffffffffffffffc7cee745110cb45ab558ed7c90c15a2f", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048f03cf1a42272bb1532723093f72e6feeac85e1700e9fbe9a6a2dd642d74bf5d3b89a7189dad8cf75fc22f6f158aa27f9c2ca00daca785be3358f2bda3862ca0", + "wx" : "008f03cf1a42272bb1532723093f72e6feeac85e1700e9fbe9a6a2dd642d74bf5d", + "wy" : "3b89a7189dad8cf75fc22f6f158aa27f9c2ca00daca785be3358f2bda3862ca0" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200048f03cf1a42272bb1532723093f72e6feeac85e1700e9fbe9a6a2dd642d74bf5d3b89a7189dad8cf75fc22f6f158aa27f9c2ca00daca785be3358f2bda3862ca0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEjwPPGkInK7FTJyMJP3Lm/urIXhcA6fvp\npqLdZC10v107iacYna2M91/CL28ViqJ/nCygDaynhb4zWPK9o4YsoA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 329, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02207fd995622c4fb7ffffffffffffffffff5d883ffab5b32652ccdcaa290fccb97d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0444de3b9c7a57a8c9e820952753421e7d987bb3d79f71f013805c897e018f8acea2460758c8f98d3fdce121a943659e372c326fff2e5fc2ae7fa3f79daae13c12", + "wx" : "44de3b9c7a57a8c9e820952753421e7d987bb3d79f71f013805c897e018f8ace", + "wy" : "00a2460758c8f98d3fdce121a943659e372c326fff2e5fc2ae7fa3f79daae13c12" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000444de3b9c7a57a8c9e820952753421e7d987bb3d79f71f013805c897e018f8acea2460758c8f98d3fdce121a943659e372c326fff2e5fc2ae7fa3f79daae13c12", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERN47nHpXqMnoIJUnU0IefZh7s9efcfAT\ngFyJfgGPis6iRgdYyPmNP9zhIalDZZ43LDJv/y5fwq5/o/edquE8Eg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 330, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100ffb32ac4589f6ffffffffffffffffffebb107ff56b664ca599b954521f9972fa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046fb8b2b48e33031268ad6a517484dc8839ea90f6669ea0c7ac3233e2ac31394a0ac8bbe7f73c2ff4df9978727ac1dfc2fd58647d20f31f99105316b64671f204", + "wx" : "6fb8b2b48e33031268ad6a517484dc8839ea90f6669ea0c7ac3233e2ac31394a", + "wy" : "0ac8bbe7f73c2ff4df9978727ac1dfc2fd58647d20f31f99105316b64671f204" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200046fb8b2b48e33031268ad6a517484dc8839ea90f6669ea0c7ac3233e2ac31394a0ac8bbe7f73c2ff4df9978727ac1dfc2fd58647d20f31f99105316b64671f204", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEb7iytI4zAxJorWpRdITciDnqkPZmnqDH\nrDIz4qwxOUoKyLvn9zwv9N+ZeHJ6wd/C/VhkfSDzH5kQUxa2RnHyBA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 331, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02205622c4fb7fffffffffffffffffffffff928a8f1c7ac7bec1808b9f61c01ec327", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bea71122a048693e905ff602b3cf9dd18af69b9fc9d8431d2b1dd26b942c95e6f43c7b8b95eb62082c12db9dbda7fe38e45cbe4a4886907fb81bdb0c5ea9246c", + "wx" : "00bea71122a048693e905ff602b3cf9dd18af69b9fc9d8431d2b1dd26b942c95e6", + "wy" : "00f43c7b8b95eb62082c12db9dbda7fe38e45cbe4a4886907fb81bdb0c5ea9246c" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004bea71122a048693e905ff602b3cf9dd18af69b9fc9d8431d2b1dd26b942c95e6f43c7b8b95eb62082c12db9dbda7fe38e45cbe4a4886907fb81bdb0c5ea9246c", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEvqcRIqBIaT6QX/YCs8+d0Yr2m5/J2EMd\nKx3Sa5Qsleb0PHuLletiCCwS2529p/445Fy+SkiGkH+4G9sMXqkkbA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 332, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022044104104104104104104104104104103b87853fd3b7d3f8e175125b4382f25ed", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04da918c731ba06a20cb94ef33b778e981a404a305f1941fe33666b45b03353156e2bb2694f575b45183be78e5c9b5210bf3bf488fd4c8294516d89572ca4f5391", + "wx" : "00da918c731ba06a20cb94ef33b778e981a404a305f1941fe33666b45b03353156", + "wy" : "00e2bb2694f575b45183be78e5c9b5210bf3bf488fd4c8294516d89572ca4f5391" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004da918c731ba06a20cb94ef33b778e981a404a305f1941fe33666b45b03353156e2bb2694f575b45183be78e5c9b5210bf3bf488fd4c8294516d89572ca4f5391", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2pGMcxugaiDLlO8zt3jpgaQEowXxlB/j\nNma0WwM1MVbiuyaU9XW0UYO+eOXJtSEL879Ij9TIKUUW2JVyyk9TkQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 333, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02202739ce739ce739ce739ce739ce739ce705560298d1f2f08dc419ac273a5b54d9", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043007e92c3937dade7964dfa35b0eff031f7eb02aed0a0314411106cdeb70fe3d5a7546fc0552997b20e3d6f413e75e2cb66e116322697114b79bac734bfc4dc5", + "wx" : "3007e92c3937dade7964dfa35b0eff031f7eb02aed0a0314411106cdeb70fe3d", + "wy" : "5a7546fc0552997b20e3d6f413e75e2cb66e116322697114b79bac734bfc4dc5" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200043007e92c3937dade7964dfa35b0eff031f7eb02aed0a0314411106cdeb70fe3d5a7546fc0552997b20e3d6f413e75e2cb66e116322697114b79bac734bfc4dc5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEMAfpLDk32t55ZN+jWw7/Ax9+sCrtCgMU\nQREGzetw/j1adUb8BVKZeyDj1vQT514stm4RYyJpcRS3m6xzS/xNxQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 334, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100b777777777777777777777777777777688e6a1fe808a97a348671222ff16b863", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0460e734ef5624d3cbf0ddd375011bd663d6d6aebc644eb599fdf98dbdcd18ce9bd2d90b3ac31f139af832cccf6ccbbb2c6ea11fa97370dc9906da474d7d8a7567", + "wx" : "60e734ef5624d3cbf0ddd375011bd663d6d6aebc644eb599fdf98dbdcd18ce9b", + "wy" : "00d2d90b3ac31f139af832cccf6ccbbb2c6ea11fa97370dc9906da474d7d8a7567" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000460e734ef5624d3cbf0ddd375011bd663d6d6aebc644eb599fdf98dbdcd18ce9bd2d90b3ac31f139af832cccf6ccbbb2c6ea11fa97370dc9906da474d7d8a7567", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYOc071Yk08vw3dN1ARvWY9bWrrxkTrWZ\n/fmNvc0YzpvS2Qs6wx8TmvgyzM9sy7ssbqEfqXNw3JkG2kdNfYp1Zw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 335, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02206492492492492492492492492492492406dd3a19b8d5fb875235963c593bd2d3", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0485a900e97858f693c0b7dfa261e380dad6ea046d1f65ddeeedd5f7d8af0ba33769744d15add4f6c0bc3b0da2aec93b34cb8c65f9340ddf74e7b0009eeeccce3c", + "wx" : "0085a900e97858f693c0b7dfa261e380dad6ea046d1f65ddeeedd5f7d8af0ba337", + "wy" : "69744d15add4f6c0bc3b0da2aec93b34cb8c65f9340ddf74e7b0009eeeccce3c" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000485a900e97858f693c0b7dfa261e380dad6ea046d1f65ddeeedd5f7d8af0ba33769744d15add4f6c0bc3b0da2aec93b34cb8c65f9340ddf74e7b0009eeeccce3c", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEhakA6XhY9pPAt9+iYeOA2tbqBG0fZd3u\n7dX32K8LozdpdE0VrdT2wLw7DaKuyTs0y4xl+TQN33TnsACe7szOPA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 336, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100955555555555555555555555555555547c74934474db157d2a8c3f088aced62c", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0438066f75d88efc4c93de36f49e037b234cc18b1de5608750a62cab0345401046a3e84bed8cfcb819ef4d550444f2ce4b651766b69e2e2901f88836ff90034fed", + "wx" : "38066f75d88efc4c93de36f49e037b234cc18b1de5608750a62cab0345401046", + "wy" : "00a3e84bed8cfcb819ef4d550444f2ce4b651766b69e2e2901f88836ff90034fed" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000438066f75d88efc4c93de36f49e037b234cc18b1de5608750a62cab0345401046a3e84bed8cfcb819ef4d550444f2ce4b651766b69e2e2901f88836ff90034fed", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEOAZvddiO/EyT3jb0ngN7I0zBix3lYIdQ\npiyrA0VAEEaj6EvtjPy4Ge9NVQRE8s5LZRdmtp4uKQH4iDb/kANP7Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 337, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc02202aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3e3a49a23a6d8abe95461f8445676b17", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0498f68177dc95c1b4cbfa5245488ca523a7d5629470d035d621a443c72f39aabfa33d29546fa1c648f2c7d5ccf70cf1ce4ab79b5db1ac059dbecd068dbdff1b89", + "wx" : "0098f68177dc95c1b4cbfa5245488ca523a7d5629470d035d621a443c72f39aabf", + "wy" : "00a33d29546fa1c648f2c7d5ccf70cf1ce4ab79b5db1ac059dbecd068dbdff1b89" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000498f68177dc95c1b4cbfa5245488ca523a7d5629470d035d621a443c72f39aabfa33d29546fa1c648f2c7d5ccf70cf1ce4ab79b5db1ac059dbecd068dbdff1b89", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEmPaBd9yVwbTL+lJFSIylI6fVYpRw0DXW\nIaRDxy85qr+jPSlUb6HGSPLH1cz3DPHOSrebXbGsBZ2+zQaNvf8biQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 338, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc022100bffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364143", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045c2bbfa23c9b9ad07f038aa89b4930bf267d9401e4255de9e8da0a5078ec8277e3e882a31d5e6a379e0793983ccded39b95c4353ab2ff01ea5369ba47b0c3191", + "wx" : "5c2bbfa23c9b9ad07f038aa89b4930bf267d9401e4255de9e8da0a5078ec8277", + "wy" : "00e3e882a31d5e6a379e0793983ccded39b95c4353ab2ff01ea5369ba47b0c3191" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200045c2bbfa23c9b9ad07f038aa89b4930bf267d9401e4255de9e8da0a5078ec8277e3e882a31d5e6a379e0793983ccded39b95c4353ab2ff01ea5369ba47b0c3191", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEXCu/ojybmtB/A4qom0kwvyZ9lAHkJV3p\n6NoKUHjsgnfj6IKjHV5qN54Hk5g8ze05uVxDU6sv8B6lNpukewwxkQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 339, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc0220185ddbca6dac41b1da033cfb60c152869e74b3cd66e9ffdf1b6bc09ed65ee40c", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a3853547808298448edb5e701ade84cd5fb1ac9567ba5e8fb68a6b933ec4b5cc84cc", + "wx" : "2ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385", + "wy" : "3547808298448edb5e701ade84cd5fb1ac9567ba5e8fb68a6b933ec4b5cc84cc" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a3853547808298448edb5e701ade84cd5fb1ac9567ba5e8fb68a6b933ec4b5cc84cc", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELqcTNDIznGnSf5smcoG9Ld1fGdYzjUAK\nBc02R7FXo4U1R4CCmESO215wGt6EzV+xrJVnul6Ptoprkz7EtcyEzA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 340, + "comment" : "point duplication during verification", + "msg" : "313233343030", + "sig" : "3045022032b0d10d8d0e04bc8d4d064d270699e87cffc9b49c5c20730e1c26f6105ddcda022100d612c2984c2afa416aa7f2882a486d4a8426cb6cfc91ed5b737278f9fca8be68", + "result" : "valid", + "flags" : [ + "PointDuplication" + ] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385cab87f7d67bb7124a18fe5217b32a04e536a9845a1704975946cc13a4a337763", + "wx" : "2ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385", + "wy" : "00cab87f7d67bb7124a18fe5217b32a04e536a9845a1704975946cc13a4a337763" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385cab87f7d67bb7124a18fe5217b32a04e536a9845a1704975946cc13a4a337763", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELqcTNDIznGnSf5smcoG9Ld1fGdYzjUAK\nBc02R7FXo4XKuH99Z7txJKGP5SF7MqBOU2qYRaFwSXWUbME6SjN3Yw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 341, + "comment" : "duplication bug", + "msg" : "313233343030", + "sig" : "3045022032b0d10d8d0e04bc8d4d064d270699e87cffc9b49c5c20730e1c26f6105ddcda022100d612c2984c2afa416aa7f2882a486d4a8426cb6cfc91ed5b737278f9fca8be68", + "result" : "invalid", + "flags" : [ + "PointDuplication" + ] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048aa2c64fa9c6437563abfbcbd00b2048d48c18c152a2a6f49036de7647ebe82e1ce64387995c68a060fa3bc0399b05cc06eec7d598f75041a4917e692b7f51ff", + "wx" : "008aa2c64fa9c6437563abfbcbd00b2048d48c18c152a2a6f49036de7647ebe82e", + "wy" : "1ce64387995c68a060fa3bc0399b05cc06eec7d598f75041a4917e692b7f51ff" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200048aa2c64fa9c6437563abfbcbd00b2048d48c18c152a2a6f49036de7647ebe82e1ce64387995c68a060fa3bc0399b05cc06eec7d598f75041a4917e692b7f51ff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEiqLGT6nGQ3Vjq/vL0AsgSNSMGMFSoqb0\nkDbedkfr6C4c5kOHmVxooGD6O8A5mwXMBu7H1Zj3UEGkkX5pK39R/w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 342, + "comment" : "comparison with point at infinity ", + "msg" : "313233343030", + "sig" : "3044022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0022033333333333333333333333333333332f222f8faefdb533f265d461c29a47373", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04391427ff7ee78013c14aec7d96a8a062209298a783835e94fd6549d502fff71fdd6624ec343ad9fcf4d9872181e59f842f9ba4cccae09a6c0972fb6ac6b4c6bd", + "wx" : "391427ff7ee78013c14aec7d96a8a062209298a783835e94fd6549d502fff71f", + "wy" : "00dd6624ec343ad9fcf4d9872181e59f842f9ba4cccae09a6c0972fb6ac6b4c6bd" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004391427ff7ee78013c14aec7d96a8a062209298a783835e94fd6549d502fff71fdd6624ec343ad9fcf4d9872181e59f842f9ba4cccae09a6c0972fb6ac6b4c6bd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEORQn/37ngBPBSux9lqigYiCSmKeDg16U\n/WVJ1QL/9x/dZiTsNDrZ/PTZhyGB5Z+EL5ukzMrgmmwJcvtqxrTGvQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 343, + "comment" : "extreme value for k and edgecase s", + "msg" : "313233343030", + "sig" : "3045022100c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04e762b8a219b4f180219cc7a9059245e4961bd191c03899789c7a34b89e8c138ec1533ef0419bb7376e0bfde9319d10a06968791d9ea0eed9c1ce6345aed9759e", + "wx" : "00e762b8a219b4f180219cc7a9059245e4961bd191c03899789c7a34b89e8c138e", + "wy" : "00c1533ef0419bb7376e0bfde9319d10a06968791d9ea0eed9c1ce6345aed9759e" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004e762b8a219b4f180219cc7a9059245e4961bd191c03899789c7a34b89e8c138ec1533ef0419bb7376e0bfde9319d10a06968791d9ea0eed9c1ce6345aed9759e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE52K4ohm08YAhnMepBZJF5JYb0ZHAOJl4\nnHo0uJ6ME47BUz7wQZu3N24L/ekxnRCgaWh5HZ6g7tnBzmNFrtl1ng==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 344, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3046022100c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5022100b6db6db6db6db6db6db6db6db6db6db5f30f30127d33e02aad96438927022e9c", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "049aedb0d281db164e130000c5697fae0f305ef848be6fffb43ac593fbb950e952fa6f633359bdcd82b56b0b9f965b037789d46b9a8141b791b2aefa713f96c175", + "wx" : "009aedb0d281db164e130000c5697fae0f305ef848be6fffb43ac593fbb950e952", + "wy" : "00fa6f633359bdcd82b56b0b9f965b037789d46b9a8141b791b2aefa713f96c175" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200049aedb0d281db164e130000c5697fae0f305ef848be6fffb43ac593fbb950e952fa6f633359bdcd82b56b0b9f965b037789d46b9a8141b791b2aefa713f96c175", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEmu2w0oHbFk4TAADFaX+uDzBe+Ei+b/+0\nOsWT+7lQ6VL6b2MzWb3NgrVrC5+WWwN3idRrmoFBt5GyrvpxP5bBdQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 345, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3046022100c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee502210099999999999999999999999999999998d668eaf0cf91f9bd7317d2547ced5a5a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048ad445db62816260e4e687fd1884e48b9fc0636d031547d63315e792e19bfaee1de64f99d5f1cd8b6ec9cb0f787a654ae86993ba3db1008ef43cff0684cb22bd", + "wx" : "008ad445db62816260e4e687fd1884e48b9fc0636d031547d63315e792e19bfaee", + "wy" : "1de64f99d5f1cd8b6ec9cb0f787a654ae86993ba3db1008ef43cff0684cb22bd" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200048ad445db62816260e4e687fd1884e48b9fc0636d031547d63315e792e19bfaee1de64f99d5f1cd8b6ec9cb0f787a654ae86993ba3db1008ef43cff0684cb22bd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEitRF22KBYmDk5of9GITki5/AY20DFUfW\nMxXnkuGb+u4d5k+Z1fHNi27Jyw94emVK6GmTuj2xAI70PP8GhMsivQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 346, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3045022100c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5022066666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041f5799c95be89063b24f26e40cb928c1a868a76fb0094607e8043db409c91c32e75724e813a4191e3a839007f08e2e897388b06d4a00de6de60e536d91fab566", + "wx" : "1f5799c95be89063b24f26e40cb928c1a868a76fb0094607e8043db409c91c32", + "wy" : "00e75724e813a4191e3a839007f08e2e897388b06d4a00de6de60e536d91fab566" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200041f5799c95be89063b24f26e40cb928c1a868a76fb0094607e8043db409c91c32e75724e813a4191e3a839007f08e2e897388b06d4a00de6de60e536d91fab566", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEH1eZyVvokGOyTybkDLkowahop2+wCUYH\n6AQ9tAnJHDLnVyToE6QZHjqDkAfwji6Jc4iwbUoA3m3mDlNtkfq1Zg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 347, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3045022100c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5022049249249249249249249249249249248c79facd43214c011123c1b03a93412a5", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a3331a4e1b4223ec2c027edd482c928a14ed358d93f1d4217d39abf69fcb5ccc28d684d2aaabcd6383775caa6239de26d4c6937bb603ecb4196082f4cffd509d", + "wx" : "00a3331a4e1b4223ec2c027edd482c928a14ed358d93f1d4217d39abf69fcb5ccc", + "wy" : "28d684d2aaabcd6383775caa6239de26d4c6937bb603ecb4196082f4cffd509d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004a3331a4e1b4223ec2c027edd482c928a14ed358d93f1d4217d39abf69fcb5ccc28d684d2aaabcd6383775caa6239de26d4c6937bb603ecb4196082f4cffd509d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEozMaThtCI+wsAn7dSCySihTtNY2T8dQh\nfTmr9p/LXMwo1oTSqqvNY4N3XKpiOd4m1MaTe7YD7LQZYIL0z/1QnQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 348, + "comment" : "extreme value for k", + "msg" : "313233343030", + "sig" : "3045022100c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee502200eb10e5ab95f2f275348d82ad2e4d7949c8193800d8c9c75df58e343f0ebba7b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043f3952199774c7cf39b38b66cb1042a6260d8680803845e4d433adba3bb248185ea495b68cbc7ed4173ee63c9042dc502625c7eb7e21fb02ca9a9114e0a3a18d", + "wx" : "3f3952199774c7cf39b38b66cb1042a6260d8680803845e4d433adba3bb24818", + "wy" : "5ea495b68cbc7ed4173ee63c9042dc502625c7eb7e21fb02ca9a9114e0a3a18d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200043f3952199774c7cf39b38b66cb1042a6260d8680803845e4d433adba3bb248185ea495b68cbc7ed4173ee63c9042dc502625c7eb7e21fb02ca9a9114e0a3a18d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEPzlSGZd0x885s4tmyxBCpiYNhoCAOEXk\n1DOtujuySBhepJW2jLx+1Bc+5jyQQtxQJiXH634h+wLKmpEU4KOhjQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 349, + "comment" : "extreme value for k and edgecase s", + "msg" : "313233343030", + "sig" : "3044022079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798022055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04cdfb8c0f422e144e137c2412c86c171f5fe3fa3f5bbb544e9076288f3ced786e054fd0721b77c11c79beacb3c94211b0a19bda08652efeaf92513a3b0a163698", + "wx" : "00cdfb8c0f422e144e137c2412c86c171f5fe3fa3f5bbb544e9076288f3ced786e", + "wy" : "054fd0721b77c11c79beacb3c94211b0a19bda08652efeaf92513a3b0a163698" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004cdfb8c0f422e144e137c2412c86c171f5fe3fa3f5bbb544e9076288f3ced786e054fd0721b77c11c79beacb3c94211b0a19bda08652efeaf92513a3b0a163698", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEzfuMD0IuFE4TfCQSyGwXH1/j+j9bu1RO\nkHYojzzteG4FT9ByG3fBHHm+rLPJQhGwoZvaCGUu/q+SUTo7ChY2mA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 350, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3045022079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798022100b6db6db6db6db6db6db6db6db6db6db5f30f30127d33e02aad96438927022e9c", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0473598a6a1c68278fa6bfd0ce4064e68235bc1c0f6b20a928108be336730f87e3cbae612519b5032ecc85aed811271a95fe7939d5d3460140ba318f4d14aba31d", + "wx" : "73598a6a1c68278fa6bfd0ce4064e68235bc1c0f6b20a928108be336730f87e3", + "wy" : "00cbae612519b5032ecc85aed811271a95fe7939d5d3460140ba318f4d14aba31d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000473598a6a1c68278fa6bfd0ce4064e68235bc1c0f6b20a928108be336730f87e3cbae612519b5032ecc85aed811271a95fe7939d5d3460140ba318f4d14aba31d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEc1mKahxoJ4+mv9DOQGTmgjW8HA9rIKko\nEIvjNnMPh+PLrmElGbUDLsyFrtgRJxqV/nk51dNGAUC6MY9NFKujHQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 351, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3045022079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f8179802210099999999999999999999999999999998d668eaf0cf91f9bd7317d2547ced5a5a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0458debd9a7ee2c9d59132478a5440ae4d5d7ed437308369f92ea86c82183f10a16773e76f5edbf4da0e4f1bdffac0f57257e1dfa465842931309a24245fda6a5d", + "wx" : "58debd9a7ee2c9d59132478a5440ae4d5d7ed437308369f92ea86c82183f10a1", + "wy" : "6773e76f5edbf4da0e4f1bdffac0f57257e1dfa465842931309a24245fda6a5d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000458debd9a7ee2c9d59132478a5440ae4d5d7ed437308369f92ea86c82183f10a16773e76f5edbf4da0e4f1bdffac0f57257e1dfa465842931309a24245fda6a5d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEWN69mn7iydWRMkeKVECuTV1+1Dcwg2n5\nLqhsghg/EKFnc+dvXtv02g5PG9/6wPVyV+HfpGWEKTEwmiQkX9pqXQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 352, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3044022079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798022066666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048b904de47967340c5f8c3572a720924ef7578637feab1949acb241a5a6ac3f5b950904496f9824b1d63f3313bae21b89fae89afdfc811b5ece03fd5aa301864f", + "wx" : "008b904de47967340c5f8c3572a720924ef7578637feab1949acb241a5a6ac3f5b", + "wy" : "00950904496f9824b1d63f3313bae21b89fae89afdfc811b5ece03fd5aa301864f" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200048b904de47967340c5f8c3572a720924ef7578637feab1949acb241a5a6ac3f5b950904496f9824b1d63f3313bae21b89fae89afdfc811b5ece03fd5aa301864f", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEi5BN5HlnNAxfjDVypyCSTvdXhjf+qxlJ\nrLJBpaasP1uVCQRJb5gksdY/MxO64huJ+uia/fyBG17OA/1aowGGTw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 353, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "3044022079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798022049249249249249249249249249249248c79facd43214c011123c1b03a93412a5", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f4892b6d525c771e035f2a252708f3784e48238604b4f94dc56eaa1e546d941a346b1aa0bce68b1c50e5b52f509fb5522e5c25e028bc8f863402edb7bcad8b1b", + "wx" : "00f4892b6d525c771e035f2a252708f3784e48238604b4f94dc56eaa1e546d941a", + "wy" : "346b1aa0bce68b1c50e5b52f509fb5522e5c25e028bc8f863402edb7bcad8b1b" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004f4892b6d525c771e035f2a252708f3784e48238604b4f94dc56eaa1e546d941a346b1aa0bce68b1c50e5b52f509fb5522e5c25e028bc8f863402edb7bcad8b1b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE9IkrbVJcdx4DXyolJwjzeE5II4YEtPlN\nxW6qHlRtlBo0axqgvOaLHFDltS9Qn7VSLlwl4Ci8j4Y0Au23vK2LGw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 354, + "comment" : "extreme value for k", + "msg" : "313233343030", + "sig" : "3044022079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f8179802200eb10e5ab95f2f275348d82ad2e4d7949c8193800d8c9c75df58e343f0ebba7b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", + "wx" : "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", + "wy" : "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeb5mfvncu6xVoGKVzocLBwKb/NstzijZ\nWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 355, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3045022100bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca60502302202492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 356, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3044022044a5ad0bd0636d9e12bc9e0a6bdd5e1bba77f523842193b3b82e448e05d5f11e02202492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777", + "wx" : "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", + "wy" : "00b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeb5mfvncu6xVoGKVzocLBwKb/NstzijZ\nWfKBWxb4F5i3xSWI2Vw7mqJbBAPx7vdXAuhLt1l6q+ZjuC9vBO8ndw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 357, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3045022100bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca60502302202492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 358, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3044022044a5ad0bd0636d9e12bc9e0a6bdd5e1bba77f523842193b3b82e448e05d5f11e02202492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04782c8ed17e3b2a783b5464f33b09652a71c678e05ec51e84e2bcfc663a3de963af9acb4280b8c7f7c42f4ef9aba6245ec1ec1712fd38a0fa96418d8cd6aa6152", + "wx" : "782c8ed17e3b2a783b5464f33b09652a71c678e05ec51e84e2bcfc663a3de963", + "wy" : "00af9acb4280b8c7f7c42f4ef9aba6245ec1ec1712fd38a0fa96418d8cd6aa6152" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004782c8ed17e3b2a783b5464f33b09652a71c678e05ec51e84e2bcfc663a3de963af9acb4280b8c7f7c42f4ef9aba6245ec1ec1712fd38a0fa96418d8cd6aa6152", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeCyO0X47Kng7VGTzOwllKnHGeOBexR6E\n4rz8Zjo96WOvmstCgLjH98QvTvmrpiRewewXEv04oPqWQY2M1qphUg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 359, + "comment" : "pseudorandom signature", + "msg" : "", + "sig" : "3046022100f80ae4f96cdbc9d853f83d47aae225bf407d51c56b7776cd67d0dc195d99a9dc022100b303e26be1f73465315221f0b331528807a1a9b6eb068ede6eebeaaa49af8a36", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 360, + "comment" : "pseudorandom signature", + "msg" : "4d7367", + "sig" : "30450220109cd8ae0374358984a8249c0a843628f2835ffad1df1a9a69aa2fe72355545c022100ac6f00daf53bd8b1e34da329359b6e08019c5b037fed79ee383ae39f85a159c6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 361, + "comment" : "pseudorandom signature", + "msg" : "313233343030", + "sig" : "3045022100d035ee1f17fdb0b2681b163e33c359932659990af77dca632012b30b27a057b302201939d9f3b2858bc13e3474cb50e6a82be44faa71940f876c1cba4c3e989202b6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 362, + "comment" : "pseudorandom signature", + "msg" : "0000000000000000000000000000000000000000", + "sig" : "304402204f053f563ad34b74fd8c9934ce59e79c2eb8e6eca0fef5b323ca67d5ac7ed23802204d4b05daa0719e773d8617dce5631c5fd6f59c9bdc748e4b55c970040af01be5", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff00000001060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1", + "wx" : "6e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff", + "wy" : "01060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff00000001060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEboI1VUUpFAmRgsaywdbwtdKNUMzQBa8s\n4bulQapAyv8AAAABBgSS1aVnPg8l2NUPt+WMSdhtRtQhaVXgqj1A4Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 363, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "304402206d6a4f556ccce154e7fb9f19e76c3deca13d59cc2aeb4ecad968aab2ded45965022053b9fa74803ede0fc4441bf683d56c564d3e274e09ccf47390badd1471c05fb7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 364, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3046022100aad503de9b9fd66b948e9acf596f0a0e65e700b28b26ec56e6e45e846489b3c4022100fff223c5d0765447e8447a3f9d31fd0696e89d244422022ff61a110b2a8c2f04", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 365, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "30460221009182cebd3bb8ab572e167174397209ef4b1d439af3b200cdf003620089e43225022100abb88367d15fe62d1efffb6803da03109ee22e90bc9c78e8b4ed23630b82ea9d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40cafffffffffef9fb6d2a5a98c1f0da272af0481a73b62792b92bde96aa1e55c2bb4e", + "wx" : "6e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff", + "wy" : "00fffffffef9fb6d2a5a98c1f0da272af0481a73b62792b92bde96aa1e55c2bb4e" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40cafffffffffef9fb6d2a5a98c1f0da272af0481a73b62792b92bde96aa1e55c2bb4e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEboI1VUUpFAmRgsaywdbwtdKNUMzQBa8s\n4bulQapAyv/////++fttKlqYwfDaJyrwSBpztieSuSvelqoeVcK7Tg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 366, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "304502203854a3998aebdf2dbc28adac4181462ccac7873907ab7f212c42db0e69b56ed8022100c12c09475c772fd0c1b2060d5163e42bf71d727e4ae7c03eeba954bf50b43bb3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 367, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "3046022100e94dbdc38795fe5c904d8f16d969d3b587f0a25d2de90b6d8c5c53ff887e3607022100856b8c963e9b68dade44750bf97ec4d11b1a0a3804f4cb79aa27bdea78ac14e4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 368, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "3044022049fc102a08ca47b60e0858cd0284d22cddd7233f94aaffbb2db1dd2cf08425e102205b16fca5a12cdb39701697ad8e39ffd6bdec0024298afaa2326aea09200b14d6", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04000000013fd22248d64d95f73c29b48ab48631850be503fd00f8468b5f0f70e0f6ee7aa43bc2c6fd25b1d8269241cbdd9dbb0dac96dc96231f430705f838717d", + "wx" : "013fd22248d64d95f73c29b48ab48631850be503fd00f8468b5f0f70e0", + "wy" : "00f6ee7aa43bc2c6fd25b1d8269241cbdd9dbb0dac96dc96231f430705f838717d" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004000000013fd22248d64d95f73c29b48ab48631850be503fd00f8468b5f0f70e0f6ee7aa43bc2c6fd25b1d8269241cbdd9dbb0dac96dc96231f430705f838717d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEAAAAAT/SIkjWTZX3PCm0irSGMYUL5QP9\nAPhGi18PcOD27nqkO8LG/SWx2CaSQcvdnbsNrJbcliMfQwcF+DhxfQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 369, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3045022041efa7d3f05a0010675fcb918a45c693da4b348df21a59d6f9cd73e0d831d67a022100bbab52596c1a1d9484296cdc92cbf07e665259a13791a8fe8845e2c07cf3fc67", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 370, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3046022100b615698c358b35920dd883eca625a6c5f7563970cdfc378f8fe0cee17092144c022100da0b84cd94a41e049ef477aeac157b2a9bfa6b7ac8de06ed3858c5eede6ddd6d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 371, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "304602210087cf8c0eb82d44f69c60a2ff5457d3aaa322e7ec61ae5aecfd678ae1c1932b0e022100c522c4eea7eafb82914cbf5c1ff76760109f55ddddcf58274d41c9bc4311e06e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0425afd689acabaed67c1f296de59406f8c550f57146a0b4ec2c97876dfffffffffa46a76e520322dfbc491ec4f0cc197420fc4ea5883d8f6dd53c354bc4f67c35", + "wx" : "25afd689acabaed67c1f296de59406f8c550f57146a0b4ec2c97876dffffffff", + "wy" : "00fa46a76e520322dfbc491ec4f0cc197420fc4ea5883d8f6dd53c354bc4f67c35" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a0342000425afd689acabaed67c1f296de59406f8c550f57146a0b4ec2c97876dfffffffffa46a76e520322dfbc491ec4f0cc197420fc4ea5883d8f6dd53c354bc4f67c35", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEJa/WiayrrtZ8Hylt5ZQG+MVQ9XFGoLTs\nLJeHbf/////6RqduUgMi37xJHsTwzBl0IPxOpYg9j23VPDVLxPZ8NQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 372, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3045022062f48ef71ace27bf5a01834de1f7e3f948b9dce1ca1e911d5e13d3b104471d82022100a1570cc0f388768d3ba7df7f212564caa256ff825df997f21f72f5280d53011f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 373, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3046022100f6b0e2f6fe020cf7c0c20137434344ed7add6c4be51861e2d14cbda472a6ffb40221009be93722c1a3ad7d4cf91723700cb5486de5479d8c1b38ae4e8e5ba1638e9732", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 374, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3045022100db09d8460f05eff23bc7e436b67da563fa4b4edb58ac24ce201fa8a358125057022046da116754602940c8999c8d665f786c50f5772c0a3cdbda075e77eabc64df16", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d12e6c66b67734c3c84d2601cf5d35dc097e27637f0aca4a4fdb74b6aadd3bb93f5bdff88bd5736df898e699006ed750f11cf07c5866cd7ad70c7121ffffffff", + "wx" : "00d12e6c66b67734c3c84d2601cf5d35dc097e27637f0aca4a4fdb74b6aadd3bb9", + "wy" : "3f5bdff88bd5736df898e699006ed750f11cf07c5866cd7ad70c7121ffffffff" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a03420004d12e6c66b67734c3c84d2601cf5d35dc097e27637f0aca4a4fdb74b6aadd3bb93f5bdff88bd5736df898e699006ed750f11cf07c5866cd7ad70c7121ffffffff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE0S5sZrZ3NMPITSYBz1013Al+J2N/CspK\nT9t0tqrdO7k/W9/4i9VzbfiY5pkAbtdQ8RzwfFhmzXrXDHEh/////w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 375, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "30450220592c41e16517f12fcabd98267674f974b588e9f35d35406c1a7bb2ed1d19b7b8022100c19a5f942607c3551484ff0dc97281f0cdc82bc48e2205a0645c0cf3d7f59da0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 376, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3046022100be0d70887d5e40821a61b68047de4ea03debfdf51cdf4d4b195558b959a032b20221008266b4d270e24414ecacb14c091a233134b918d37320c6557d60ad0a63544ac4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 377, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3046022100fae92dfcb2ee392d270af3a5739faa26d4f97bfd39ed3cbee4d29e26af3b206a02210093645c80605595e02c09a0dc4b17ac2a51846a728b3e8d60442ed6449fd3342b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256k1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046d4a7f60d4774a4f0aa8bbdedb953c7eea7909407e3164755664bc2800000000e659d34e4df38d9e8c9eaadfba36612c769195be86c77aac3f36e78b538680fb", + "wx" : "6d4a7f60d4774a4f0aa8bbdedb953c7eea7909407e3164755664bc2800000000", + "wy" : "00e659d34e4df38d9e8c9eaadfba36612c769195be86c77aac3f36e78b538680fb" + }, + "keyDer" : "3056301006072a8648ce3d020106052b8104000a034200046d4a7f60d4774a4f0aa8bbdedb953c7eea7909407e3164755664bc2800000000e659d34e4df38d9e8c9eaadfba36612c769195be86c77aac3f36e78b538680fb", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbUp/YNR3Sk8KqLve25U8fup5CUB+MWR1\nVmS8KAAAAADmWdNOTfONnoyeqt+6NmEsdpGVvobHeqw/NueLU4aA+w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 378, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "30450220176a2557566ffa518b11226694eb9802ed2098bfe278e5570fe1d5d7af18a943022100ed6e2095f12a03f2eaf6718f430ec5fe2829fd1646ab648701656fd31221b97d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 379, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "3045022060be20c3dbc162dd34d26780621c104bbe5dace630171b2daef0d826409ee5c2022100bd8081b27762ab6e8f425956bf604e332fa066a99b59f87e27dc1198b26f5caa", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 380, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "3046022100edf03cf63f658883289a1a593d1007895b9f236d27c9c1f1313089aaed6b16ae022100e5b22903f7eb23adc2e01057e39b0408d495f694c83f306f1216c9bf87506074", + "result" : "valid", + "flags" : [] + } + ] + } + ] +} diff --git a/tests/test_ec.ml b/tests/test_ec.ml index eb359906..271e9407 100644 --- a/tests/test_ec.ml +++ b/tests/test_ec.ml @@ -216,6 +216,105 @@ let ecdsa = [ "ECDSA verify", `Quick, ecdsa_verify ; ] + +let secp256k1_ecdsa_gen () = + let d = of_hex "42202a98374f6dca439c0af88140e41f8eced3062682ec7f9fc8ac9ea83c7cb2" in + let p = match + P256k1.Dsa.pub_of_octets + (of_hex {|04 + 131ca4e5811267fa90fc631d6298c2d7a4ecccc45cc60d378e0660b61f82fe8d + cf5acf8ed3e0bbf735308cc415604bd34ab8f7fc8b4a22741117a7fbc72a7949|}) + with + | Ok a -> a + | Error _ -> assert false + in + let pub = match P256k1.Dsa.priv_of_octets d with + | Ok p -> P256k1.Dsa.pub_of_priv p + | Error _ -> Alcotest.fail "couldn't decode private key" + in + let pub_eq a b = + String.equal (P256k1.Dsa.pub_to_octets a) (P256k1.Dsa.pub_to_octets b) + in + Alcotest.(check bool __LOC__ true (pub_eq pub p)) + +let secp256k1_ecdsa_verify () = + let key = + match P256k1.Dsa.pub_of_octets + (of_hex {|04 + 779dd197a5df977ed2cf6cb31d82d43328b790dc6b3b7d4437a427bd5847dfcd + e94b724a555b6d017bb7607c3e3281daf5b1699d6ef4124975c9237b917d426f|}) + with + | Ok a -> a + | Error _ -> assert false + and e = of_hex "4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a" + and r = of_hex "241097efbf8b63bf145c8961dbdf10c310efbb3b2676bbc0f8b08505c9e2f795" + and s = of_hex "021006b7838609339e8b415a7f9acb1b661828131aef1ecbc7955dfb01f3ca0e" + in + Alcotest.(check bool __LOC__ true (P256k1.Dsa.verify ~key (r, s) e)) + +let secp256k1_ecdsa = [ + "ECDSA gen", `Quick, secp256k1_ecdsa_gen ; + "ECDSA verify", `Quick, secp256k1_ecdsa_verify ; +] + +let secp256k1_ecdsa_sign = + let case ?k ~h ~d ~r ~s () = + let msg = of_hex h in + let key = match P256k1.Dsa.priv_of_octets (of_hex d) with + | Ok p -> p + | Error _ -> Alcotest.fail "couldn't decode private key" + in + let k = Option.map (fun x -> of_hex x) k in + let (r', s') = P256k1.Dsa.sign ~key ?k msg in + Alcotest.(check string "r correct" (of_hex r) r'); + Alcotest.(check string "s correct" (of_hex s) s') + in + let cases = [ + case + ~d:"ebb2c082fd7727890a28ac82f6bdf97bad8de9f5d7c9028692de1a255cad3e0f" + ~h:"4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a" + ~k:"49a0d7b786ec9cde0d0721d72804befd06571c974b191efb42ecf322ba9ddd9a" + ~r:"241097efbf8b63bf145c8961dbdf10c310efbb3b2676bbc0f8b08505c9e2f795" + ~s:"021006b7838609339e8b415a7f9acb1b661828131aef1ecbc7955dfb01f3ca0e" ; + case + ~d:"0000000000000000000000000000000000000000000000000000000000000001" + ~h:"0000000000000000000000000000000000000000000000000000000000000001" + ~r:"6673FFAD2147741F04772B6F921F0BA6AF0C1E77FC439E65C36DEDF4092E8898" + ~s:"B3E568E9AD1F52577FEDF107FDA18F5EBB8E5C220BADF23532BF6FBCC67FB4B8" ; + case + ~d:"D30519BCAE8D180DBFCC94FE0B8383DC310185B0BE97B4365083EBCECCD75759" + ~h:"3F891FDA3704F0368DAB65FA81EBE616F4AA2A0854995DA4DC0B59D2CADBD64F" + ~k:"DC87789C4C1A09C97FF4DE72C0D0351F261F10A2B9009C80AEE70DDEC77201A0" + ~r:"A5C7B7756D34D8AAF6AA68F0B71644F0BEF90D8BFD126CE951B6060498345089" + ~s:"BC9644F1625AF13841E589FD00653AE8C763309184EA0DE481E8F06709E5D1CB" ; + case + ~d:"292efd39a4e53efb580ba4ba3e5bb47d6e7463cddab04335aa061d554c74bcc8" + ~h:"db72ce6fea09d442b4f31535df0a97f6c21d42be23e48b6bd088018cce75c3dd" + ~k:"654035b5acae79fff464d77b114f93b1b84caec325fdf7f3f050cc659245bfaa" + ~r:"9ae57e4e4eca88939152ee38a07860ae03cff51d84708eeceabc70d615b7d31b" + ~s:"808cddd65562c77c81a1c8d45e229f53edf19864069f8d62c3c3fa1f8c8c3c66" ; + case + ~d:"0deea9b194ea6d4f1b5de6b5468a80e0478ae0f03f4fce59bafe51e35763388e" + ~h:"a6442404392a831b481845c49d6009957ebd611bd366f4dd15f7578daef21678" + ~k:"e3253150b94868a179e34f819ec42cf14eb367d1685ee528e51f1dd031eabb29" + ~r:"5c5ab3fc0063da962440285f0df3a2cf031947920c990ff97b8a210a531d39a0" + ~s:"b45a4aff7d60bbaa1602a81d5c2f09d3d651344cc6c08723fd40ffaf79ba1c6a" ; + case + ~d:"634ccc8392372f66e9086c540f868a9ce93d5452aa1e0e1a5448ed15f4252c85" + ~h:"22a634e0114561e05c6e333e5bab22fbfe77e1691305fceae6697278a665447c" + ~k:"4a49d24c7b41392f8fd90ec5b49bdb949048ee0f55ccb35753ea8a38c4a942fb" + ~r:"c7700bcd35c0f82ca14c1c3d5a3b3b444a187593ebafcd5ec401f8a49b024553" + ~s:"3dbd18cf865697dfa6733dd0676063b769a1fd94f2d2a3b92e2680d4291c6128" ; + case + ~d:"576314d4c6ad800d5726b0cdd0e6e9429568ff96ffbd83aea38f6c9a3e6409d3" + ~h:"a168c68532a902215d7b3551bb1c39cf79df84d6bdc469b833bf72d4803d25d7" + ~k:"2e6511edb60aa7966007b383fa6ad9d0e6a54620182f0269509116d3e5e8f5af" + ~r:"41ee804ccacefd441972ca8d92c72c4b361c39eee5cb1f474de7f09d4b83f212" + ~s:"1614e19bab04de9ef3658bf6702d599bb518f598a122e1df92160bd5584dd42b" ; + + ] in + List.mapi (fun i c -> "ECDSA sign " ^ string_of_int i, `Quick, c) cases + let ecdsa_rfc6979_p256 = (* A.2.5 - P 256 *) let priv, pub = @@ -874,5 +973,7 @@ let () = ("ECDSA RFC 6979 P521", ecdsa_rfc6979_p521); ("X25519", [ "RFC 7748", `Quick, x25519 ]); ("ED25519", ed25519); - ("ECDSA P521 regression", [ "regreesion1", `Quick, p521_regression ]); + ("ECDSA P521 regression", [ "regression1", `Quick, p521_regression ]); + ("secp256k1 ECDSA", secp256k1_ecdsa); + ("secp256k1 ECDSA sign", secp256k1_ecdsa_sign); ] diff --git a/tests/test_ec_wycheproof.ml b/tests/test_ec_wycheproof.ml index 49d43afa..057cfbb7 100644 --- a/tests/test_ec_wycheproof.ml +++ b/tests/test_ec_wycheproof.ml @@ -15,6 +15,7 @@ module Asn = struct | "secp256r1" -> Asn.OID.(base 1 2 <|| [ 840; 10045; 3; 1; 7 ]) | "secp384r1" -> Asn.OID.(base 1 3 <|| [ 132; 0; 34 ]) | "secp521r1" -> Asn.OID.(base 1 3 <|| [ 132; 0; 35 ]) + | "secp256k1" -> Asn.OID.(base 1 3 <|| [ 132; 0; 10 ]) | _ -> assert false in match Asn.decode (Asn.codec Asn.ber term) s with @@ -59,7 +60,7 @@ let pad ~total_len buf = Ok (String.make pad_len '\000' ^ buf) let len = function - | "secp256r1" -> 32 + | "secp256r1" | "secp256k1" -> 32 | "secp384r1" -> 48 | "secp521r1" -> 66 | _ -> assert false @@ -92,6 +93,11 @@ let perform_key_exchange curve ~public_key ~raw_private_key = | Ok (p, _) -> P521.Dh.key_exchange p public_key | Error _ -> assert false end + | "secp256k1" -> + begin match P256k1.Dh.secret_of_octets raw_private_key with + | Ok (p, _) -> P256k1.Dh.key_exchange p public_key + | Error _ -> assert false + end | _ -> assert false) let interpret_test ~tcId curve { public_key; raw_private_key; expected } () = @@ -182,6 +188,11 @@ let make_ecdsa_test curve key hash (tst : dsa_test) = | Ok key -> P521.Dsa.verify ~key (r, s) msg | Error _ -> assert false end + | "secp256k1" -> + begin match P256k1.Dsa.pub_of_octets key with + | Ok key -> P256k1.Dsa.verify ~key (r, s) msg + | Error _ -> assert false + end | _ -> assert false in match tst.result with @@ -309,6 +320,9 @@ let () = ("ECDH P521 test vectors", ecdh_tests "ecdh_secp521r1_test.json") ; ("ECDSA P521 test vectors (SHA512)", ecdsa_tests "ecdsa_secp521r1_sha512_test.json") ; + ("ECDH P256k1 test vectors", ecdh_tests "ecdh_secp256k1_test.json") ; + ("ECDSA P256k1 test vectors (SHA256)", + ecdsa_tests "ecdsa_secp256k1_sha256_test.json") ; ("X25519 test vectors", x25519_tests) ; ("ED25519 test vectors", ed25519_tests) ; ]